mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-31 03:45:17 +00:00
Fixed combining of results in Mutate function
This commit is contained in:
Denis Belyshev
parent
3add83c1fc
commit
8c7ea8d741
3 changed files with 28 additions and 32 deletions
|
|
@ -23,36 +23,33 @@ func Mutate(policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVersio
|
|||
ok := ResourceMeetsDescription(rawResource, rule.ResourceDescription, gvk)
|
||||
if !ok {
|
||||
ruleApplicationResult.AddMessagef("Rule %s is not applicable to resource\n", rule.Name)
|
||||
policyResult = result.Append(policyResult, &ruleApplicationResult)
|
||||
continue
|
||||
}
|
||||
} else {
|
||||
// Process Overlay
|
||||
if rule.Mutation.Overlay != nil {
|
||||
overlayPatches, ruleResult := ProcessOverlay(rule.Mutation.Overlay, rawResource, gvk)
|
||||
if result.Success != ruleResult.GetReason() {
|
||||
ruleApplicationResult.MergeWith(&ruleResult)
|
||||
ruleApplicationResult.AddMessagef("Overlay application has failed for rule %s in policy %s\n", rule.Name, policy.ObjectMeta.Name)
|
||||
} else {
|
||||
ruleApplicationResult.AddMessagef("Success")
|
||||
allPatches = append(allPatches, overlayPatches...)
|
||||
}
|
||||
}
|
||||
|
||||
// Process Overlay
|
||||
// Process Patches
|
||||
if rule.Mutation.Patches != nil {
|
||||
rulePatches, ruleResult := ProcessPatches(rule.Mutation.Patches, patchedDocument)
|
||||
|
||||
if rule.Mutation.Overlay != nil {
|
||||
overlayPatches, ruleResult := ProcessOverlay(rule.Mutation.Overlay, rawResource, gvk)
|
||||
if result.Success != ruleResult.GetReason() {
|
||||
ruleApplicationResult.MergeWith(&ruleResult)
|
||||
ruleApplicationResult.AddMessagef("Overlay application has failed for rule %s in policy %s\n", rule.Name, policy.ObjectMeta.Name)
|
||||
} else {
|
||||
ruleApplicationResult.AddMessagef("Success")
|
||||
allPatches = append(allPatches, overlayPatches...)
|
||||
}
|
||||
}
|
||||
|
||||
// Process Patches
|
||||
|
||||
if rule.Mutation.Patches != nil {
|
||||
rulePatches, ruleResult := ProcessPatches(rule.Mutation.Patches, patchedDocument)
|
||||
|
||||
if result.Success != ruleResult.GetReason() {
|
||||
ruleApplicationResult.MergeWith(&ruleResult)
|
||||
ruleApplicationResult.AddMessagef("Patches application has failed for rule %s in policy %s\n", rule.Name, policy.ObjectMeta.Name)
|
||||
} else {
|
||||
ruleApplicationResult.AddMessagef("Success")
|
||||
allPatches = append(allPatches, rulePatches...)
|
||||
if result.Success != ruleResult.GetReason() {
|
||||
ruleApplicationResult.MergeWith(&ruleResult)
|
||||
ruleApplicationResult.AddMessagef("Patches application has failed for rule %s in policy %s\n", rule.Name, policy.ObjectMeta.Name)
|
||||
} else {
|
||||
ruleApplicationResult.AddMessagef("Success")
|
||||
allPatches = append(allPatches, rulePatches...)
|
||||
}
|
||||
}
|
||||
}
|
||||
policyResult = result.Append(policyResult, &ruleApplicationResult)
|
||||
}
|
||||
|
||||
return allPatches, policyResult
|
||||
|
|
|
|||
|
|
@ -213,7 +213,7 @@ func processSubtree(overlay interface{}, path string, op string, res *result.Rul
|
|||
// check the patch
|
||||
_, err := jsonpatch.DecodePatch([]byte("[" + patchStr + "]"))
|
||||
if err != nil {
|
||||
res.FailWithMessagef("Failed to make '%s' patch from an overlay for path %s", op, path)
|
||||
res.FailWithMessagef("Failed to make '%s' patch from an overlay '%s' for path %s", op, value, path)
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -51,7 +51,6 @@ func NewCmdApply(in io.Reader, out, errout io.Writer) *cobra.Command {
|
|||
}
|
||||
|
||||
func complete(kubeconfig string, args []string) (*kubepolicy.Policy, []*resourceInfo) {
|
||||
|
||||
policyDir, resourceDir, err := validateDir(args)
|
||||
if err != nil {
|
||||
glog.Errorf("Failed to parse file path, err: %v\n", err)
|
||||
|
|
@ -61,14 +60,14 @@ func complete(kubeconfig string, args []string) (*kubepolicy.Policy, []*resource
|
|||
// extract policy
|
||||
policy, err := extractPolicy(policyDir)
|
||||
if err != nil {
|
||||
glog.Errorf("failed to extract policy: %v\n", err)
|
||||
glog.Errorf("Failed to extract policy: %v\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
// extract rawResource
|
||||
resources, err := extractResource(resourceDir, kubeconfig)
|
||||
if err != nil {
|
||||
glog.Errorf("failed to parse resource: %v", err)
|
||||
glog.Errorf("Failed to parse resource: %v", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
|
|
@ -98,8 +97,8 @@ func applyPolicyOnRaw(policy *kubepolicy.Policy, rawResource []byte, gvk *metav1
|
|||
patches, result := engine.Mutate(*policy, rawResource, *gvk)
|
||||
|
||||
err := result.ToError()
|
||||
var patchedResource []byte
|
||||
if err == nil {
|
||||
patchedResource := rawResource
|
||||
if err != nil && len(patches) != 0 {
|
||||
patchedResource, err = engine.ApplyPatches(rawResource, patches)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Unable to apply mutation patches:\n%v", err)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue