mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-29 02:45:06 +00:00
Code Activity

fix: CRD generation (#3334)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
This commit is contained in:
Charles-Edouard Brétéché 2022-03-06 20:07:51 +01:00 committed by GitHub
parent 1293ef4691
commit 90d0badda4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 803 additions and 711 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

125
api/kyverno/v1/policy_types.go
View file

@ -3,6 +3,7 @@ package v1
import (
rbacv1 "k8s.io/api/rbac/v1"
"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
@ -110,9 +111,8 @@ type Rule struct {
// of conditions (without `any` or `all` statements is supported for backwards compatibility but
// will be deprecated in the next major release.
// See: https://kyverno.io/docs/writing-policies/preconditions/
// +kubebuilder:validation:XPreserveUnknownFields
// +optional
AnyAllConditions apiextensions.JSON `json:"preconditions,omitempty" yaml:"preconditions,omitempty"`
RawAnyAllConditions *apiextv1.JSON `json:"preconditions,omitempty" yaml:"preconditions,omitempty"`
// Mutation is used to modify matching resources.
// +optional
@ -131,6 +131,14 @@ type Rule struct {
VerifyImages []*ImageVerification `json:"verifyImages,omitempty" yaml:"verifyImages,omitempty"`
}
func (base *Rule) GetAnyAllConditions() apiextensions.JSON {
return FromJSON(base.RawAnyAllConditions)
}
func (base *Rule) SetAnyAllConditions(in apiextensions.JSON) {
base.RawAnyAllConditions = ToJSON(in)
}
// FailurePolicyType specifies a failure policy that defines how unrecognized errors from the admission endpoint are handled.
// +kubebuilder:validation:Enum=Ignore;Fail
type FailurePolicyType string
@ -227,8 +235,7 @@ type APICall struct {
// Condition defines variable-based conditional criteria for rule execution.
type Condition struct {
// Key is the context entry (using JMESPath) for conditional rule evaluation.
// +kubebuilder:validation:XPreserveUnknownFields
Key apiextensions.JSON `json:"key,omitempty" yaml:"key,omitempty"`
RawKey *apiextv1.JSON `json:"key,omitempty" yaml:"key,omitempty"`
// Operator is the conditional operation to perform. Valid operators are:
// Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,
@ -238,9 +245,24 @@ type Condition struct {
// Value is the conditional value, or set of values. The values can be fixed set
// or can be variables declared using using JMESPath.
// +kubebuilder:validation:XPreserveUnknownFields
// +optional
Value apiextensions.JSON `json:"value,omitempty" yaml:"value,omitempty"`
RawValue *apiextv1.JSON `json:"value,omitempty" yaml:"value,omitempty"`
}
func (base *Condition) GetKey() apiextensions.JSON {
return FromJSON(base.RawKey)
}
func (base *Condition) SetKey(in apiextensions.JSON) {
base.RawKey = ToJSON(in)
}
func (base *Condition) GetValue() apiextensions.JSON {
return FromJSON(base.RawValue)
}
func (base *Condition) SetValue(in apiextensions.JSON) {
base.RawValue = ToJSON(in)
}
// ConditionOperator is the operation performed on condition key and value.
@ -411,13 +433,11 @@ type ResourceDescription struct {
// Mutation defines how resource are modified.
type Mutation struct {
// PatchStrategicMerge is a strategic merge patch used to modify resources.
// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/
// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/.
// +kubebuilder:validation:XPreserveUnknownFields
// +optional
PatchStrategicMerge apiextensions.JSON `json:"patchStrategicMerge,omitempty" yaml:"patchStrategicMerge,omitempty"`
RawPatchStrategicMerge *apiextv1.JSON `json:"patchStrategicMerge,omitempty" yaml:"patchStrategicMerge,omitempty"`
// PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.
// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/.
@ -429,9 +449,16 @@ type Mutation struct {
ForEachMutation []*ForEachMutation `json:"foreach,omitempty" yaml:"foreach,omitempty"`
}
func (base *Mutation) GetPatchStrategicMerge() apiextensions.JSON {
return FromJSON(base.RawPatchStrategicMerge)
}
func (base *Mutation) SetPatchStrategicMerge(in apiextensions.JSON) {
base.RawPatchStrategicMerge = ToJSON(in)
}
// ForEachMutation applies policy rule changes to nested elements.
type ForEachMutation struct {
// List specifies a JMESPath expression that results in one or more elements
// to which the validation logic is applied.
List string `json:"list,omitempty" yaml:"list,omitempty"`
@ -450,9 +477,8 @@ type ForEachMutation struct {
// PatchStrategicMerge is a strategic merge patch used to modify resources.
// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/
// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/.
// +kubebuilder:validation:XPreserveUnknownFields
// +optional
PatchStrategicMerge apiextensions.JSON `json:"patchStrategicMerge,omitempty" yaml:"patchStrategicMerge,omitempty"`
RawPatchStrategicMerge *apiextv1.JSON `json:"patchStrategicMerge,omitempty" yaml:"patchStrategicMerge,omitempty"`
// PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.
// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/.
@ -460,6 +486,14 @@ type ForEachMutation struct {
PatchesJSON6902 string `json:"patchesJson6902,omitempty" yaml:"patchesJson6902,omitempty"`
}
func (base *ForEachMutation) GetPatchStrategicMerge() apiextensions.JSON {
return FromJSON(base.RawPatchStrategicMerge)
}
func (base *ForEachMutation) SetPatchStrategicMerge(in apiextensions.JSON) {
base.RawPatchStrategicMerge = ToJSON(in)
}
// Validation defines checks to be performed on matching resources.
type Validation struct {
@ -472,29 +506,50 @@ type Validation struct {
ForEachValidation []*ForEachValidation `json:"foreach,omitempty" yaml:"foreach,omitempty"`
// Pattern specifies an overlay-style pattern used to check resources.
// +kubebuilder:validation:XPreserveUnknownFields
// +optional
Pattern apiextensions.JSON `json:"pattern,omitempty" yaml:"pattern,omitempty"`
RawPattern *apiextv1.JSON `json:"pattern,omitempty" yaml:"pattern,omitempty"`
// AnyPattern specifies list of validation patterns. At least one of the patterns
// must be satisfied for the validation rule to succeed.
// +kubebuilder:validation:XPreserveUnknownFields
// +optional
AnyPattern apiextensions.JSON `json:"anyPattern,omitempty" yaml:"anyPattern,omitempty"`
RawAnyPattern *apiextv1.JSON `json:"anyPattern,omitempty" yaml:"anyPattern,omitempty"`
// Deny defines conditions used to pass or fail a validation rule.
// +optional
Deny *Deny `json:"deny,omitempty" yaml:"deny,omitempty"`
}
func (base *Validation) GetPattern() apiextensions.JSON {
return FromJSON(base.RawPattern)
}
func (base *Validation) SetPattern(in apiextensions.JSON) {
base.RawPattern = ToJSON(in)
}
func (base *Validation) GetAnyPattern() apiextensions.JSON {
return FromJSON(base.RawAnyPattern)
}
func (base *Validation) SetAnyPattern(in apiextensions.JSON) {
base.RawAnyPattern = ToJSON(in)
}
// Deny specifies a list of conditions used to pass or fail a validation rule.
type Deny struct {
// Multiple conditions can be declared under an `any` or `all` statement. A direct list
// of conditions (without `any` or `all` statements) is also supported for backwards compatibility
// but will be deprecated in the next major release.
// See: https://kyverno.io/docs/writing-policies/validate/#deny-rules
// +kubebuilder:validation:XPreserveUnknownFields
AnyAllConditions apiextensions.JSON `json:"conditions,omitempty" yaml:"conditions,omitempty"`
RawAnyAllConditions *apiextv1.JSON `json:"conditions,omitempty" yaml:"conditions,omitempty"`
}
func (base *Deny) GetAnyAllConditions() apiextensions.JSON {
return FromJSON(base.RawAnyAllConditions)
}
func (base *Deny) SetAnyAllConditions(in apiextensions.JSON) {
base.RawAnyAllConditions = ToJSON(in)
}
// ForEachValidation applies policy rule checks to nested elements.
@ -522,21 +577,35 @@ type ForEachValidation struct {
AnyAllConditions *AnyAllConditions `json:"preconditions,omitempty" yaml:"preconditions,omitempty"`
// Pattern specifies an overlay-style pattern used to check resources.
// +kubebuilder:validation:XPreserveUnknownFields
// +optional
Pattern apiextensions.JSON `json:"pattern,omitempty" yaml:"pattern,omitempty"`
RawPattern *apiextv1.JSON `json:"pattern,omitempty" yaml:"pattern,omitempty"`
// AnyPattern specifies list of validation patterns. At least one of the patterns
// must be satisfied for the validation rule to succeed.
// +kubebuilder:validation:XPreserveUnknownFields
// +optional
AnyPattern apiextensions.JSON `json:"anyPattern,omitempty" yaml:"anyPattern,omitempty"`
RawAnyPattern *apiextv1.JSON `json:"anyPattern,omitempty" yaml:"anyPattern,omitempty"`
// Deny defines conditions used to pass or fail a validation rule.
// +optional
Deny *Deny `json:"deny,omitempty" yaml:"deny,omitempty"`
}
func (base *ForEachValidation) GetPattern() apiextensions.JSON {
return FromJSON(base.RawPattern)
}
func (base *ForEachValidation) SetPattern(in apiextensions.JSON) {
base.RawPattern = ToJSON(in)
}
func (base *ForEachValidation) GetAnyPattern() apiextensions.JSON {
return FromJSON(base.RawAnyPattern)
}
func (base *ForEachValidation) SetAnyPattern(in apiextensions.JSON) {
base.RawAnyPattern = ToJSON(in)
}
// ImageVerification validates that images that match the specified pattern
// are signed with the supplied public key. Once the image is verified it is
// mutated to include the SHA digest retrieved during the registration.
@ -589,7 +658,6 @@ type Attestation struct {
// Generation defines how new resources should be created and managed.
type Generation struct {
// ResourceSpec contains information to select the resource.
ResourceSpec `json:",omitempty" yaml:",omitempty"`
@ -603,9 +671,8 @@ type Generation struct {
// Data provides the resource declaration used to populate each generated resource.
// At most one of Data or Clone must be specified. If neither are provided, the generated
// resource will be created with default data only.
// +kubebuilder:pruning:PreserveUnknownFields
// +optional
Data apiextensions.JSON `json:"data,omitempty" yaml:"data,omitempty"`
RawData *apiextv1.JSON `json:"data,omitempty" yaml:"data,omitempty"`
// Clone specifies the source resource used to populate each generated resource.
// At most one of Data or Clone can be specified. If neither are provided, the generated
@ -614,6 +681,14 @@ type Generation struct {
Clone CloneFrom `json:"clone,omitempty" yaml:"clone,omitempty"`
}
func (base *Generation) GetData() apiextensions.JSON {
return FromJSON(base.RawData)
}
func (base *Generation) SetData(in apiextensions.JSON) {
base.RawData = ToJSON(in)
}
// CloneFrom provides the location of the source resource used to generate target resources.
// The resource kind is derived from the match criteria.
type CloneFrom struct {

229
api/kyverno/v1/utils.go
View file

@ -6,8 +6,29 @@ import (
"strings"
"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
log "sigs.k8s.io/controller-runtime/pkg/log"
)
func FromJSON(in *apiextv1.JSON) apiextensions.JSON {
var out apiextensions.JSON
if err := apiextv1.Convert_v1_JSON_To_apiextensions_JSON(in, &out, nil); err != nil {
log.Log.Error(err, "failed to convert JSON to interface")
}
return out
}
func ToJSON(in apiextensions.JSON) *apiextv1.JSON {
if in == nil {
return nil
}
var out apiextv1.JSON
if err := apiextv1.Convert_apiextensions_JSON_To_v1_JSON(&in, &out, nil); err != nil {
log.Log.Error(err, "failed to convert interface to JSON")
}
return &out
}
// HasAutoGenAnnotation checks if a policy has auto-gen annotation
func (p *ClusterPolicy) HasAutoGenAnnotation() bool {
annotations := p.GetAnnotations()
@ -129,10 +150,11 @@ func (r Rule) ExcludeKinds() []string {
// DeserializeAnyPattern deserialize apiextensions.JSON to []interface{}
func (in *Validation) DeserializeAnyPattern() ([]interface{}, error) {
if in.AnyPattern == nil {
anyPattern := in.GetAnyPattern()
if anyPattern == nil {
return nil, nil
}
res, nil := deserializePattern(in.AnyPattern)
res, nil := deserializePattern(anyPattern)
return res, nil
}
@ -149,209 +171,6 @@ func deserializePattern(pattern apiextensions.JSON) ([]interface{}, error) {
return res, nil
}
func jsonDeepCopy(in apiextensions.JSON) *apiextensions.JSON {
if in == nil {
return nil
}
out := new(apiextensions.JSON)
switch in := in.(type) {
case bool, int64, float64, string:
*out = in
case []interface{}:
out_tmp := make([]interface{}, len(in))
for i, v := range in {
if v != nil {
out_tmp[i] = *jsonDeepCopy(v)
} else {
out_tmp[i] = nil
}
}
*out = out_tmp
case map[string]interface{}:
out_tmp := make(map[string]interface{})
for k, v := range in {
if v != nil {
out_tmp[k] = *jsonDeepCopy(v)
} else {
out_tmp[k] = nil
}
}
*out = out_tmp
}
return out
}
// DeepCopyInto is declared because k8s:deepcopy-gen is
// not able to generate this method for interface{} member
func (in *Mutation) DeepCopyInto(out *Mutation) {
if out == nil {
return
}
*out = *in
if out.PatchStrategicMerge != nil {
out.PatchStrategicMerge = *jsonDeepCopy(in.PatchStrategicMerge)
}
if in.ForEachMutation != nil {
out.ForEachMutation = make([]*ForEachMutation, len(in.ForEachMutation))
for i, v := range in.ForEachMutation {
out.ForEachMutation[i] = v.DeepCopy()
}
}
}
// TODO - the DeepCopyInto methods are added here to work-around
// codegen issues with handling DeepCopy of the apiextensions.JSON
// type. We need to update to apiextensions/v1.JSON which works
// with DeepCopy and remove these methods, or re-write them to
// actually perform a deep copy.
// Also see: https://github.com/kyverno/kyverno/pull/2000
func (in *Validation) DeepCopyInto(out *Validation) {
if out == nil {
return
}
*out = *in
if in.ForEachValidation != nil {
out.ForEachValidation = make([]*ForEachValidation, len(in.ForEachValidation))
for i, v := range in.ForEachValidation {
out.ForEachValidation[i] = v.DeepCopy()
}
}
if in.Pattern != nil {
out.Pattern = *jsonDeepCopy(in.Pattern)
}
if in.AnyPattern != nil {
out.AnyPattern = *jsonDeepCopy(in.AnyPattern)
}
if in.Deny != nil {
out.Deny = in.Deny.DeepCopy()
}
}
func (in *ForEachValidation) DeepCopyInto(out *ForEachValidation) {
if out == nil {
return
}
*out = *in
if in.Context != nil {
in, out := &in.Context, &out.Context
*out = make([]ContextEntry, len(*in))
for i, v := range *in {
(*out)[i] = *v.DeepCopy()
}
}
if in.AnyAllConditions != nil {
out.AnyAllConditions = in.AnyAllConditions.DeepCopy()
}
if in.Pattern != nil {
out.Pattern = *jsonDeepCopy(in.Pattern)
}
if in.AnyPattern != nil {
out.AnyPattern = *jsonDeepCopy(in.AnyPattern)
}
if in.Deny != nil {
out.Deny = in.Deny.DeepCopy()
}
}
func (in *ForEachMutation) DeepCopyInto(out *ForEachMutation) {
if out == nil {
return
}
*out = *in
if in.Context != nil {
in, out := &in.Context, &out.Context
*out = make([]ContextEntry, len(*in))
for i, v := range *in {
(*out)[i] = *v.DeepCopy()
}
}
if in.AnyAllConditions != nil {
out.AnyAllConditions = in.AnyAllConditions.DeepCopy()
}
if in.PatchStrategicMerge != nil {
out.PatchStrategicMerge = *jsonDeepCopy(in.PatchStrategicMerge)
}
}
func (gen *Generation) DeepCopyInto(out *Generation) {
if out == nil {
return
}
*out = *gen
out.ResourceSpec = *gen.ResourceSpec.DeepCopy()
if out.Data != nil {
out.Data = *jsonDeepCopy(gen.Data)
}
}
func (cond *Condition) DeepCopyInto(out *Condition) {
if out == nil {
return
}
*out = *cond
if cond.Key != nil {
out.Key = *jsonDeepCopy(cond.Key)
}
if cond.Value != nil {
out.Value = *jsonDeepCopy(cond.Value)
}
}
func (in *Deny) DeepCopyInto(out *Deny) {
if out == nil {
return
}
*out = *in
if in.AnyAllConditions != nil {
out.AnyAllConditions = *jsonDeepCopy(in.AnyAllConditions)
}
}
func (in *Rule) DeepCopyInto(out *Rule) {
//deepcopy.Copy(in, out)
//*out = *in
temp, err := json.Marshal(in)
if err != nil {
// never should get here
return
}
err = json.Unmarshal(temp, out)
if err != nil {
// never should get here
return
}
}
// ToKey generates the key string used for adding label to polivy violation
func (rs ResourceSpec) ToKey() string {
return rs.Kind + "." + rs.Name
}
// ViolatedRule stores the information regarding the rule.
type ViolatedRule struct {
// Name specifies violated rule name.

182
api/kyverno/v1/zz_generated.deepcopy.go
View file

@ -21,6 +21,7 @@ package v1
import (
rbacv1 "k8s.io/api/rbac/v1"
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
)
@ -184,6 +185,21 @@ func (in *ClusterPolicyList) DeepCopyObject() runtime.Object {
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Condition) DeepCopyInto(out *Condition) {
*out = *in
if in.RawKey != nil {
in, out := &in.RawKey, &out.RawKey
*out = new(apiextensionsv1.JSON)
(*in).DeepCopyInto(*out)
}
if in.RawValue != nil {
in, out := &in.RawValue, &out.RawValue
*out = new(apiextensionsv1.JSON)
(*in).DeepCopyInto(*out)
}
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition.
func (in *Condition) DeepCopy() *Condition {
if in == nil {
@ -239,6 +255,16 @@ func (in *ContextEntry) DeepCopy() *ContextEntry {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Deny) DeepCopyInto(out *Deny) {
*out = *in
if in.RawAnyAllConditions != nil {
in, out := &in.RawAnyAllConditions, &out.RawAnyAllConditions
*out = new(apiextensionsv1.JSON)
(*in).DeepCopyInto(*out)
}
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Deny.
func (in *Deny) DeepCopy() *Deny {
if in == nil {
@ -280,6 +306,28 @@ func (in *ExcludeResources) DeepCopy() *ExcludeResources {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ForEachMutation) DeepCopyInto(out *ForEachMutation) {
*out = *in
if in.Context != nil {
in, out := &in.Context, &out.Context
*out = make([]ContextEntry, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.AnyAllConditions != nil {
in, out := &in.AnyAllConditions, &out.AnyAllConditions
*out = new(AnyAllConditions)
(*in).DeepCopyInto(*out)
}
if in.RawPatchStrategicMerge != nil {
in, out := &in.RawPatchStrategicMerge, &out.RawPatchStrategicMerge
*out = new(apiextensionsv1.JSON)
(*in).DeepCopyInto(*out)
}
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ForEachMutation.
func (in *ForEachMutation) DeepCopy() *ForEachMutation {
if in == nil {
@ -290,6 +338,43 @@ func (in *ForEachMutation) DeepCopy() *ForEachMutation {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ForEachValidation) DeepCopyInto(out *ForEachValidation) {
*out = *in
if in.ElementScope != nil {
in, out := &in.ElementScope, &out.ElementScope
*out = new(bool)
**out = **in
}
if in.Context != nil {
in, out := &in.Context, &out.Context
*out = make([]ContextEntry, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.AnyAllConditions != nil {
in, out := &in.AnyAllConditions, &out.AnyAllConditions
*out = new(AnyAllConditions)
(*in).DeepCopyInto(*out)
}
if in.RawPattern != nil {
in, out := &in.RawPattern, &out.RawPattern
*out = new(apiextensionsv1.JSON)
(*in).DeepCopyInto(*out)
}
if in.RawAnyPattern != nil {
in, out := &in.RawAnyPattern, &out.RawAnyPattern
*out = new(apiextensionsv1.JSON)
(*in).DeepCopyInto(*out)
}
if in.Deny != nil {
in, out := &in.Deny, &out.Deny
*out = new(Deny)
(*in).DeepCopyInto(*out)
}
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ForEachValidation.
func (in *ForEachValidation) DeepCopy() *ForEachValidation {
if in == nil {
@ -413,6 +498,18 @@ func (in *GenerateRequestStatus) DeepCopy() *GenerateRequestStatus {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Generation) DeepCopyInto(out *Generation) {
*out = *in
out.ResourceSpec = in.ResourceSpec
if in.RawData != nil {
in, out := &in.RawData, &out.RawData
*out = new(apiextensionsv1.JSON)
(*in).DeepCopyInto(*out)
}
out.Clone = in.Clone
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Generation.
func (in *Generation) DeepCopy() *Generation {
if in == nil {
@ -502,6 +599,27 @@ func (in *MatchResources) DeepCopy() *MatchResources {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Mutation) DeepCopyInto(out *Mutation) {
*out = *in
if in.RawPatchStrategicMerge != nil {
in, out := &in.RawPatchStrategicMerge, &out.RawPatchStrategicMerge
*out = new(apiextensionsv1.JSON)
(*in).DeepCopyInto(*out)
}
if in.ForEachMutation != nil {
in, out := &in.ForEachMutation, &out.ForEachMutation
*out = make([]*ForEachMutation, len(*in))
for i := range *in {
if (*in)[i] != nil {
in, out := &(*in)[i], &(*out)[i]
*out = new(ForEachMutation)
(*in).DeepCopyInto(*out)
}
}
}
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Mutation.
func (in *Mutation) DeepCopy() *Mutation {
if in == nil {
@ -712,6 +830,39 @@ func (in *ResourceSpec) DeepCopy() *ResourceSpec {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Rule) DeepCopyInto(out *Rule) {
*out = *in
if in.Context != nil {
in, out := &in.Context, &out.Context
*out = make([]ContextEntry, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
in.MatchResources.DeepCopyInto(&out.MatchResources)
in.ExcludeResources.DeepCopyInto(&out.ExcludeResources)
if in.RawAnyAllConditions != nil {
in, out := &in.RawAnyAllConditions, &out.RawAnyAllConditions
*out = new(apiextensionsv1.JSON)
(*in).DeepCopyInto(*out)
}
in.Mutation.DeepCopyInto(&out.Mutation)
in.Validation.DeepCopyInto(&out.Validation)
in.Generation.DeepCopyInto(&out.Generation)
if in.VerifyImages != nil {
in, out := &in.VerifyImages, &out.VerifyImages
*out = make([]*ImageVerification, len(*in))
for i := range *in {
if (*in)[i] != nil {
in, out := &(*in)[i], &(*out)[i]
*out = new(ImageVerification)
(*in).DeepCopyInto(*out)
}
}
}
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule.
func (in *Rule) DeepCopy() *Rule {
if in == nil {
@ -801,6 +952,37 @@ func (in *UserInfo) DeepCopy() *UserInfo {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Validation) DeepCopyInto(out *Validation) {
*out = *in
if in.ForEachValidation != nil {
in, out := &in.ForEachValidation, &out.ForEachValidation
*out = make([]*ForEachValidation, len(*in))
for i := range *in {
if (*in)[i] != nil {
in, out := &(*in)[i], &(*out)[i]
*out = new(ForEachValidation)
(*in).DeepCopyInto(*out)
}
}
}
if in.RawPattern != nil {
in, out := &in.RawPattern, &out.RawPattern
*out = new(apiextensionsv1.JSON)
(*in).DeepCopyInto(*out)
}
if in.RawAnyPattern != nil {
in, out := &in.RawAnyPattern, &out.RawAnyPattern
*out = new(apiextensionsv1.JSON)
(*in).DeepCopyInto(*out)
}
if in.Deny != nil {
in, out := &in.Deny, &out.Deny
*out = new(Deny)
(*in).DeepCopyInto(*out)
}
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Validation.
func (in *Validation) DeepCopy() *Validation {
if in == nil {

1
pkg/autogen/autogen_test.go
View file

@ -47,7 +47,6 @@ func Test_getControllers(t *testing.T) {
policy: []byte(`{"apiVersion":"kyverno.io/v1","kind":"ClusterPolicy","metadata":{"name":"test"},"spec":{"rules":[{"name":"require-network-policy","match":{"resources":{"kinds":["Pod"]}},"validate":{"message":"testpolicy","deny":{"conditions":[{"key":"{{request.object.metadata.labels.foo}}","operator":"Equals","value":"bar"}]}}}]}}`),
expectedControllers: engine.PodControllers,
},
{
name: "rule-with-match-mixed-kinds-pod-podcontrollers",
policy: []byte(`{"apiVersion":"kyverno.io/v1","kind":"ClusterPolicy","metadata":{"name":"set-service-labels-env"},"spec":{"background":false,"rules":[{"name":"set-service-label","match":{"resources":{"kinds":["Pod","Deployment"]}},"preconditions":{"any":[{"key":"{{request.operation}}","operator":"Equals","value":"CREATE"}]},"mutate":{"patchStrategicMerge":{"metadata":{"labels":{"+(service)":"{{request.object.spec.template.metadata.labels.app}}"}}}}}]}}`),

188
pkg/autogen/rule.go
View file

@ -11,7 +11,7 @@ import (
"github.com/kyverno/kyverno/pkg/engine"
"github.com/kyverno/kyverno/pkg/engine/variables"
"github.com/kyverno/kyverno/pkg/utils"
"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
)
// the kyvernoRule holds the temporary kyverno rule struct
@ -122,15 +122,15 @@ func generateRuleForControllers(rule kyverno.Rule, controllers string, log logr.
controllerRule.Context = &rule.DeepCopy().Context
}
kyvernoAnyAllConditions, _ := utils.ApiextensionsJsonToKyvernoConditions(rule.AnyAllConditions)
kyvernoAnyAllConditions, _ := utils.ApiextensionsJsonToKyvernoConditions(rule.GetAnyAllConditions())
switch typedAnyAllConditions := kyvernoAnyAllConditions.(type) {
case kyverno.AnyAllConditions:
if !reflect.DeepEqual(typedAnyAllConditions, kyverno.AnyAllConditions{}) {
controllerRule.AnyAllConditions = &rule.DeepCopy().AnyAllConditions
controllerRule.AnyAllConditions = rule.DeepCopy().RawAnyAllConditions
}
case []kyverno.Condition:
if len(typedAnyAllConditions) > 0 {
controllerRule.AnyAllConditions = &rule.DeepCopy().AnyAllConditions
controllerRule.AnyAllConditions = rule.DeepCopy().RawAnyAllConditions
}
}
@ -161,15 +161,15 @@ func generateRuleForControllers(rule kyverno.Rule, controllers string, log logr.
}
}
if rule.Mutation.PatchStrategicMerge != nil {
newMutation := &kyverno.Mutation{
PatchStrategicMerge: map[string]interface{}{
if target := rule.Mutation.GetPatchStrategicMerge(); target != nil {
newMutation := &kyverno.Mutation{}
newMutation.SetPatchStrategicMerge(
map[string]interface{}{
"spec": map[string]interface{}{
"template": rule.Mutation.PatchStrategicMerge,
"template": target,
},
},
}
)
controllerRule.Mutation = newMutation.DeepCopy()
return controllerRule
}
@ -177,16 +177,19 @@ func generateRuleForControllers(rule kyverno.Rule, controllers string, log logr.
if len(rule.Mutation.ForEachMutation) > 0 && rule.Mutation.ForEachMutation != nil {
var newForeachMutation []*kyverno.ForEachMutation
for _, foreach := range rule.Mutation.ForEachMutation {
newForeachMutation = append(newForeachMutation, &kyverno.ForEachMutation{
temp := &kyverno.ForEachMutation{
List: foreach.List,
Context: foreach.Context,
AnyAllConditions: foreach.AnyAllConditions,
PatchStrategicMerge: map[string]interface{}{
}
temp.SetPatchStrategicMerge(
map[string]interface{}{
"spec": map[string]interface{}{
"template": foreach.PatchStrategicMerge,
"template": foreach.GetPatchStrategicMerge(),
},
},
})
)
newForeachMutation = append(newForeachMutation, temp)
}
controllerRule.Mutation = &kyverno.Mutation{
ForEachMutation: newForeachMutation,
@ -194,15 +197,17 @@ func generateRuleForControllers(rule kyverno.Rule, controllers string, log logr.
return controllerRule
}
if rule.Validation.Pattern != nil {
if target := rule.Validation.GetPattern(); target != nil {
newValidate := &kyverno.Validation{
Message: variables.FindAndShiftReferences(log, rule.Validation.Message, "spec/template", "pattern"),
Pattern: map[string]interface{}{
}
newValidate.SetPattern(
map[string]interface{}{
"spec": map[string]interface{}{
"template": rule.Validation.Pattern,
"template": target,
},
},
}
)
controllerRule.Validation = newValidate.DeepCopy()
return controllerRule
}
@ -216,18 +221,16 @@ func generateRuleForControllers(rule kyverno.Rule, controllers string, log logr.
return controllerRule
}
if rule.Validation.AnyPattern != nil {
if rule.Validation.GetAnyPattern() != nil {
anyPatterns, err := rule.Validation.DeserializeAnyPattern()
if err != nil {
logger.Error(err, "failed to deserialize anyPattern, expect type array")
}
patterns := validateAnyPattern(anyPatterns)
controllerRule.Validation = &kyverno.Validation{
Message: variables.FindAndShiftReferences(log, rule.Validation.Message, "spec/template", "anyPattern"),
AnyPattern: patterns,
Message: variables.FindAndShiftReferences(log, rule.Validation.Message, "spec/template", "anyPattern"),
}
controllerRule.Validation.SetAnyPattern(patterns)
return controllerRule
}
@ -301,91 +304,96 @@ func generateCronJobRule(rule kyverno.Rule, controllers string, log logr.Logger)
}
}
if (jobRule.Mutation != nil) && (jobRule.Mutation.PatchStrategicMerge != nil) {
newMutation := &kyverno.Mutation{
PatchStrategicMerge: map[string]interface{}{
"spec": map[string]interface{}{
"jobTemplate": jobRule.Mutation.PatchStrategicMerge,
if jobRule.Mutation != nil {
if target := jobRule.Mutation.GetPatchStrategicMerge(); target != nil {
newMutation := &kyverno.Mutation{}
newMutation.SetPatchStrategicMerge(
map[string]interface{}{
"spec": map[string]interface{}{
"jobTemplate": target,
},
},
},
)
cronJobRule.Mutation = newMutation.DeepCopy()
return cronJobRule
}
cronJobRule.Mutation = newMutation.DeepCopy()
return cronJobRule
}
if (jobRule.Validation != nil) && (jobRule.Validation.Pattern != nil) {
newValidate := &kyverno.Validation{
Message: variables.FindAndShiftReferences(log, rule.Validation.Message, "spec/jobTemplate/spec/template", "pattern"),
Pattern: map[string]interface{}{
"spec": map[string]interface{}{
"jobTemplate": jobRule.Validation.Pattern,
},
},
}
cronJobRule.Validation = newValidate.DeepCopy()
return cronJobRule
}
if (jobRule.Validation != nil) && (jobRule.Validation.Deny != nil) {
newValidate := &kyverno.Validation{
Message: variables.FindAndShiftReferences(log, rule.Validation.Message, "spec/jobTemplate/spec/template", "pattern"),
Deny: jobRule.Validation.Deny,
}
cronJobRule.Validation = newValidate.DeepCopy()
return cronJobRule
}
if (jobRule.Validation != nil) && (jobRule.Validation.AnyPattern != nil) {
var patterns []interface{}
anyPatterns, err := jobRule.Validation.DeserializeAnyPattern()
if err != nil {
logger.Error(err, "failed to deserialize anyPattern, expect type array")
}
for _, pattern := range anyPatterns {
newPattern := map[string]interface{}{
"spec": map[string]interface{}{
"jobTemplate": pattern,
},
if jobRule.Validation != nil {
if target := jobRule.Validation.GetPattern(); target != nil {
newValidate := &kyverno.Validation{
Message: variables.FindAndShiftReferences(log, rule.Validation.Message, "spec/jobTemplate/spec/template", "pattern"),
}
patterns = append(patterns, newPattern)
newValidate.SetPattern(
map[string]interface{}{
"spec": map[string]interface{}{
"jobTemplate": target,
},
},
)
cronJobRule.Validation = newValidate.DeepCopy()
return cronJobRule
}
cronJobRule.Validation = &kyverno.Validation{
Message: variables.FindAndShiftReferences(log, rule.Validation.Message, "spec/jobTemplate/spec/template", "anyPattern"),
AnyPattern: patterns,
if jobRule.Validation.Deny != nil {
newValidate := &kyverno.Validation{
Message: variables.FindAndShiftReferences(log, rule.Validation.Message, "spec/jobTemplate/spec/template", "pattern"),
Deny: jobRule.Validation.Deny,
}
cronJobRule.Validation = newValidate.DeepCopy()
return cronJobRule
}
if target := jobRule.Validation.GetAnyPattern(); target != nil {
var patterns []interface{}
anyPatterns, err := jobRule.Validation.DeserializeAnyPattern()
if err != nil {
logger.Error(err, "failed to deserialize anyPattern, expect type array")
}
for _, pattern := range anyPatterns {
newPattern := map[string]interface{}{
"spec": map[string]interface{}{
"jobTemplate": pattern,
},
}
patterns = append(patterns, newPattern)
}
cronJobRule.Validation = &kyverno.Validation{
Message: variables.FindAndShiftReferences(log, rule.Validation.Message, "spec/jobTemplate/spec/template", "anyPattern"),
}
cronJobRule.Validation.SetAnyPattern(patterns)
return cronJobRule
}
if len(jobRule.Validation.ForEachValidation) > 0 && jobRule.Validation.ForEachValidation != nil {
newForeachValidate := make([]*kyverno.ForEachValidation, len(jobRule.Validation.ForEachValidation))
for i, foreach := range rule.Validation.ForEachValidation {
newForeachValidate[i] = foreach
}
cronJobRule.Validation = &kyverno.Validation{
Message: variables.FindAndShiftReferences(log, rule.Validation.Message, "spec/template", "pattern"),
ForEachValidation: newForeachValidate,
}
return cronJobRule
}
return cronJobRule
}
if (jobRule.Validation != nil) && len(jobRule.Validation.ForEachValidation) > 0 && jobRule.Validation.ForEachValidation != nil {
newForeachValidate := make([]*kyverno.ForEachValidation, len(jobRule.Validation.ForEachValidation))
for i, foreach := range rule.Validation.ForEachValidation {
newForeachValidate[i] = foreach
}
cronJobRule.Validation = &kyverno.Validation{
Message: variables.FindAndShiftReferences(log, rule.Validation.Message, "spec/template", "pattern"),
ForEachValidation: newForeachValidate,
}
return cronJobRule
}
if (jobRule.Mutation != nil) && len(jobRule.Mutation.ForEachMutation) > 0 && jobRule.Mutation.ForEachMutation != nil {
if jobRule.Mutation != nil && len(jobRule.Mutation.ForEachMutation) > 0 && jobRule.Mutation.ForEachMutation != nil {
var newForeachMutation []*kyverno.ForEachMutation
for _, foreach := range jobRule.Mutation.ForEachMutation {
newForeachMutation = append(newForeachMutation, &kyverno.ForEachMutation{
temp := &kyverno.ForEachMutation{
List: foreach.List,
Context: foreach.Context,
AnyAllConditions: foreach.AnyAllConditions,
PatchStrategicMerge: map[string]interface{}{
}
temp.SetPatchStrategicMerge(
map[string]interface{}{
"spec": map[string]interface{}{
"jobTemplate": foreach.PatchStrategicMerge,
"jobTemplate": foreach.GetPatchStrategicMerge(),
},
},
})
)
newForeachMutation = append(newForeachMutation, temp)
}
cronJobRule.Mutation = &kyverno.Mutation{
ForEachMutation: newForeachMutation,

8
pkg/engine/forceMutate.go
View file

@ -33,7 +33,7 @@ func ForceMutate(ctx *context.Context, policy kyverno.ClusterPolicy, resource un
if r.Mutation.ForEachMutation != nil {
for i, foreach := range r.Mutation.ForEachMutation {
patcher := mutate.NewPatcher(r.Name, foreach.PatchStrategicMerge, foreach.PatchesJSON6902, patchedResource, ctx, logger)
patcher := mutate.NewPatcher(r.Name, foreach.GetPatchStrategicMerge(), foreach.PatchesJSON6902, patchedResource, ctx, logger)
resp, mutatedResource := patcher.Patch()
if resp.Status != response.RuleStatusPass {
return patchedResource, fmt.Errorf("foreach mutate result %q at index %d: %s", resp.Status.String(), i, resp.Message)
@ -43,7 +43,7 @@ func ForceMutate(ctx *context.Context, policy kyverno.ClusterPolicy, resource un
}
} else {
m := r.Mutation
patcher := mutate.NewPatcher(r.Name, m.PatchStrategicMerge, m.PatchesJSON6902, patchedResource, ctx, logger)
patcher := mutate.NewPatcher(r.Name, m.GetPatchStrategicMerge(), m.PatchesJSON6902, patchedResource, ctx, logger)
resp, mutatedResource := patcher.Patch()
if resp.Status != response.RuleStatusPass {
return patchedResource, fmt.Errorf("mutate result %q: %s", resp.Status.String(), resp.Message)
@ -58,8 +58,8 @@ func ForceMutate(ctx *context.Context, policy kyverno.ClusterPolicy, resource un
// removeConditions mutates the rule to remove AnyAllConditions
func removeConditions(rule *kyverno.Rule) {
if rule.AnyAllConditions != nil {
rule.AnyAllConditions = nil
if rule.GetAnyAllConditions() != nil {
rule.SetAnyAllConditions(nil)
}
for i, fem := range rule.Mutation.ForEachMutation {

7
pkg/engine/generation.go
View file

@ -103,14 +103,15 @@ func filterRule(rule kyverno.Rule, policyContext *PolicyContext) *response.RuleR
}
ruleCopy := rule.DeepCopy()
ruleCopy.AnyAllConditions, err = variables.SubstituteAllInPreconditions(logger, ctx, ruleCopy.AnyAllConditions)
if err != nil {
if after, err := variables.SubstituteAllInPreconditions(logger, ctx, ruleCopy.GetAnyAllConditions()); err != nil {
logger.V(4).Info("failed to substitute vars in preconditions, skip current rule", "rule name", ruleCopy.Name)
return nil
} else {
ruleCopy.SetAnyAllConditions(after)
}
// operate on the copy of the conditions, as we perform variable substitution
copyConditions, err := common.TransformConditions(ruleCopy.AnyAllConditions)
copyConditions, err := common.TransformConditions(ruleCopy.GetAnyAllConditions())
if err != nil {
logger.V(4).Info("cannot copy AnyAllConditions", "reason", err.Error())
return nil

4
pkg/engine/mutate/mutation.go
View file

@ -43,7 +43,7 @@ func Mutate(rule *kyverno.Rule, ctx *context.Context, resource unstructured.Unst
}
m := updatedRule.Mutation
patcher := NewPatcher(updatedRule.Name, m.PatchStrategicMerge, m.PatchesJSON6902, resource, ctx, logger)
patcher := NewPatcher(updatedRule.Name, m.GetPatchStrategicMerge(), m.PatchesJSON6902, resource, ctx, logger)
if patcher == nil {
return newResponse(response.RuleStatusError, resource, nil, "empty mutate rule")
}
@ -70,7 +70,7 @@ func ForEach(name string, foreach *kyverno.ForEachMutation, ctx *context.Context
return newErrorResponse("variable substitution failed", err)
}
patcher := NewPatcher(name, fe.PatchStrategicMerge, fe.PatchesJSON6902, resource, ctx, logger)
patcher := NewPatcher(name, fe.GetPatchStrategicMerge(), fe.PatchesJSON6902, resource, ctx, logger)
if patcher == nil {
return newResponse(response.RuleStatusError, unstructured.Unstructured{}, nil, "no patches found")
}

2
pkg/engine/mutate/patch/strategicMergePatch_test.go
View file

@ -242,7 +242,7 @@ func Test_PolicyDeserilize(t *testing.T) {
err := json.Unmarshal(rawPolicy, &policy)
assert.NilError(t, err)
overlayPatches := policy.Spec.Rules[0].Mutation.PatchStrategicMerge
overlayPatches := policy.Spec.Rules[0].Mutation.GetPatchStrategicMerge()
patchString, err := json.Marshal(overlayPatches)
assert.NilError(t, err)

4
pkg/engine/mutation.go
View file

@ -118,7 +118,7 @@ func Mutate(policyContext *PolicyContext) (resp *response.EngineResponse) {
}
func mutateResource(rule *kyverno.Rule, ctx *PolicyContext, resource unstructured.Unstructured, logger logr.Logger) (*response.RuleResponse, unstructured.Unstructured) {
preconditionsPassed, err := checkPreconditions(logger, ctx, rule.AnyAllConditions)
preconditionsPassed, err := checkPreconditions(logger, ctx, rule.GetAnyAllConditions())
if err != nil {
return ruleError(rule, utils.Mutation, "failed to evaluate preconditions", err), resource
}
@ -148,7 +148,7 @@ func mutateForEach(rule *kyverno.Rule, ctx *PolicyContext, resource unstructured
return ruleError(rule, utils.Mutation, "failed to load context", err), resource
}
preconditionsPassed, err := checkPreconditions(logger, ctx, rule.AnyAllConditions)
preconditionsPassed, err := checkPreconditions(logger, ctx, rule.GetAnyAllConditions())
if err != nil {
return ruleError(rule, utils.Mutation, "failed to evaluate preconditions", err), resource
}

12
pkg/engine/validation.go
View file

@ -168,9 +168,9 @@ func newValidator(log logr.Logger, ctx *PolicyContext, rule *kyverno.Rule) *vali
rule: ruleCopy,
ctx: ctx,
contextEntries: ruleCopy.Context,
anyAllConditions: ruleCopy.AnyAllConditions,
pattern: ruleCopy.Validation.Pattern,
anyPattern: ruleCopy.Validation.AnyPattern,
anyAllConditions: ruleCopy.GetAnyAllConditions(),
pattern: ruleCopy.Validation.GetPattern(),
anyPattern: ruleCopy.Validation.GetAnyPattern(),
deny: ruleCopy.Validation.Deny,
}
}
@ -188,8 +188,8 @@ func newForeachValidator(foreach *kyverno.ForEachValidation, rule *kyverno.Rule,
rule: ruleCopy,
contextEntries: foreach.Context,
anyAllConditions: anyAllConditions,
pattern: foreach.Pattern,
anyPattern: foreach.AnyPattern,
pattern: foreach.GetPattern(),
anyPattern: foreach.GetAnyPattern(),
deny: foreach.Deny,
}
}
@ -354,7 +354,7 @@ func (v *validator) loadContext() error {
}
func (v *validator) validateDeny() *response.RuleResponse {
anyAllCond := v.deny.AnyAllConditions
anyAllCond := v.deny.GetAnyAllConditions()
anyAllCond, err := variables.SubstituteAll(v.log, v.ctx.JSONContext, anyAllCond)
if err != nil {
return ruleError(v.rule, utils.Validation, "failed to substitute variables in deny conditions", err)

2
pkg/engine/variables/evaluate.go
View file

@ -14,7 +14,7 @@ func Evaluate(log logr.Logger, ctx context.EvalInterface, condition kyverno.Cond
if handle == nil {
return false
}
return handle.Evaluate(condition.Key, condition.Value)
return handle.Evaluate(condition.GetKey(), condition.GetValue())
}
//EvaluateConditions evaluates all the conditions present in a slice, in a backwards compatible way

676
pkg/engine/variables/evaluate_test.go
View file

@ -16,362 +16,362 @@ func TestEvaluate(t *testing.T) {
Result bool
}{
// Equals
{kyverno.Condition{Key: "string", Operator: kyverno.ConditionOperators["Equals"], Value: "string"}, true},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["Equals"], Value: 1}, true},
{kyverno.Condition{Key: int64(1), Operator: kyverno.ConditionOperators["Equals"], Value: int64(1)}, true},
{kyverno.Condition{Key: int64(1), Operator: kyverno.ConditionOperators["Equals"], Value: 1}, true},
{kyverno.Condition{Key: 1.0, Operator: kyverno.ConditionOperators["Equals"], Value: 1.0}, true},
{kyverno.Condition{Key: true, Operator: kyverno.ConditionOperators["Equals"], Value: true}, true},
{kyverno.Condition{Key: false, Operator: kyverno.ConditionOperators["Equals"], Value: false}, true},
{kyverno.Condition{Key: "1024", Operator: kyverno.ConditionOperators["Equals"], Value: "1Ki"}, true},
{kyverno.Condition{Key: "1Ki", Operator: kyverno.ConditionOperators["Equals"], Value: "1024"}, true},
{kyverno.Condition{Key: "1Gi", Operator: kyverno.ConditionOperators["Equals"], Value: "1Gi"}, true},
{kyverno.Condition{Key: "1Gi", Operator: kyverno.ConditionOperators["Equals"], Value: "1024Mi"}, true},
{kyverno.Condition{Key: "1h", Operator: kyverno.ConditionOperators["Equals"], Value: "1h"}, true},
{kyverno.Condition{Key: "1h", Operator: kyverno.ConditionOperators["Equals"], Value: "60m"}, true},
{kyverno.Condition{Key: map[string]interface{}{"foo": "bar"}, Operator: kyverno.ConditionOperators["Equals"], Value: map[string]interface{}{"foo": "bar"}}, true},
{kyverno.Condition{Key: []interface{}{"foo", "bar"}, Operator: kyverno.ConditionOperators["Equals"], Value: []interface{}{"foo", "bar"}}, true},
{kyverno.Condition{Key: []interface{}{map[string]string{"foo": "bar"}}, Operator: kyverno.ConditionOperators["Equals"], Value: []interface{}{map[string]string{"foo": "bar"}}}, true},
{kyverno.Condition{Key: "string", Operator: kyverno.ConditionOperators["Equals"], Value: "not string"}, false},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["Equals"], Value: 2}, false},
{kyverno.Condition{Key: int64(1), Operator: kyverno.ConditionOperators["Equals"], Value: int64(2)}, false},
{kyverno.Condition{Key: int64(1), Operator: kyverno.ConditionOperators["Equals"], Value: 2}, false},
{kyverno.Condition{Key: 1.0, Operator: kyverno.ConditionOperators["Equals"], Value: 2.0}, false},
{kyverno.Condition{Key: true, Operator: kyverno.ConditionOperators["Equals"], Value: false}, false},
{kyverno.Condition{Key: false, Operator: kyverno.ConditionOperators["Equals"], Value: true}, false},
{kyverno.Condition{Key: "1Gi", Operator: kyverno.ConditionOperators["Equals"], Value: "10Gi"}, false},
{kyverno.Condition{Key: "10Gi", Operator: kyverno.ConditionOperators["Equals"], Value: "1024Mi"}, false},
{kyverno.Condition{Key: "1h", Operator: kyverno.ConditionOperators["Equals"], Value: "5h"}, false},
{kyverno.Condition{Key: "1h", Operator: kyverno.ConditionOperators["Equals"], Value: "30m"}, false},
{kyverno.Condition{Key: "string", Operator: kyverno.ConditionOperators["Equals"], Value: 1}, false},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["Equals"], Value: "2"}, false},
{kyverno.Condition{Key: 1.0, Operator: kyverno.ConditionOperators["Equals"], Value: "2.0"}, false},
{kyverno.Condition{Key: true, Operator: kyverno.ConditionOperators["Equals"], Value: "false"}, false},
{kyverno.Condition{Key: false, Operator: kyverno.ConditionOperators["Equals"], Value: "true"}, false},
{kyverno.Condition{Key: map[string]interface{}{"foo": "bar"}, Operator: kyverno.ConditionOperators["Equals"], Value: map[string]interface{}{"bar": "foo"}}, false},
{kyverno.Condition{Key: []interface{}{"foo", "bar"}, Operator: kyverno.ConditionOperators["Equals"], Value: []interface{}{"bar", "foo"}}, false},
{kyverno.Condition{Key: []interface{}{map[string]string{"foo": "bar"}}, Operator: kyverno.ConditionOperators["Equals"], Value: []interface{}{map[string]string{"bar": "foo"}}}, false},
{kyverno.Condition{Key: "1h", Operator: kyverno.ConditionOperators["Equals"], Value: 3600}, true},
{kyverno.Condition{Key: "2h", Operator: kyverno.ConditionOperators["Equals"], Value: 3600}, false},
{kyverno.Condition{Key: "1.5.2", Operator: kyverno.ConditionOperators["Equals"], Value: "1.5.2"}, true},
{kyverno.Condition{Key: "1.5.2", Operator: kyverno.ConditionOperators["Equals"], Value: "1.5.*"}, true},
{kyverno.Condition{Key: "1.5.0", Operator: kyverno.ConditionOperators["Equals"], Value: "1.5.5"}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("string"), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON("string")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON(1)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(1)), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON(int64(1))}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(1)), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON(1)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.0), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON(1.0)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(true), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON(true)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(false), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON(false)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1024"), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON("1Ki")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Ki"), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON("1024")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Gi"), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON("1Gi")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Gi"), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON("1024Mi")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1h"), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON("1h")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1h"), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON("60m")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(map[string]interface{}{"foo": "bar"}), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON(map[string]interface{}{"foo": "bar"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"foo", "bar"}), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON([]interface{}{"foo", "bar"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{map[string]string{"foo": "bar"}}), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON([]interface{}{map[string]string{"foo": "bar"}})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("string"), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON("not string")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON(2)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(1)), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON(int64(2))}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(1)), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON(2)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.0), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON(2.0)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(true), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON(false)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(false), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON(true)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Gi"), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON("10Gi")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("10Gi"), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON("1024Mi")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1h"), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON("5h")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1h"), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON("30m")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("string"), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON(1)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON("2")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.0), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON("2.0")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(true), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON("false")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(false), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON("true")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(map[string]interface{}{"foo": "bar"}), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON(map[string]interface{}{"bar": "foo"})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"foo", "bar"}), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON([]interface{}{"bar", "foo"})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{map[string]string{"foo": "bar"}}), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON([]interface{}{map[string]string{"bar": "foo"}})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1h"), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON(3600)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("2h"), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON(3600)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1.5.2"), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON("1.5.2")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1.5.2"), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON("1.5.*")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1.5.0"), Operator: kyverno.ConditionOperators["Equals"], RawValue: kyverno.ToJSON("1.5.5")}, false},
// Not Equals
{kyverno.Condition{Key: "string", Operator: kyverno.ConditionOperators["NotEquals"], Value: "string"}, false},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["NotEquals"], Value: 1}, false},
{kyverno.Condition{Key: int64(1), Operator: kyverno.ConditionOperators["NotEquals"], Value: int64(1)}, false},
{kyverno.Condition{Key: int64(1), Operator: kyverno.ConditionOperators["NotEquals"], Value: 1}, false},
{kyverno.Condition{Key: 1.0, Operator: kyverno.ConditionOperators["NotEquals"], Value: 1.0}, false},
{kyverno.Condition{Key: true, Operator: kyverno.ConditionOperators["NotEquals"], Value: false}, true},
{kyverno.Condition{Key: false, Operator: kyverno.ConditionOperators["NotEquals"], Value: false}, false},
{kyverno.Condition{Key: "1024", Operator: kyverno.ConditionOperators["NotEquals"], Value: "1Ki"}, false},
{kyverno.Condition{Key: "1Ki", Operator: kyverno.ConditionOperators["NotEquals"], Value: "1024"}, false},
{kyverno.Condition{Key: "1023", Operator: kyverno.ConditionOperators["NotEquals"], Value: "1Ki"}, true},
{kyverno.Condition{Key: "1Ki", Operator: kyverno.ConditionOperators["NotEquals"], Value: "1023"}, true},
{kyverno.Condition{Key: "1Gi", Operator: kyverno.ConditionOperators["NotEquals"], Value: "1Gi"}, false},
{kyverno.Condition{Key: "10Gi", Operator: kyverno.ConditionOperators["NotEquals"], Value: "1024Mi"}, true},
{kyverno.Condition{Key: "1h", Operator: kyverno.ConditionOperators["NotEquals"], Value: "1h"}, false},
{kyverno.Condition{Key: "1h", Operator: kyverno.ConditionOperators["NotEquals"], Value: "60m"}, false},
{kyverno.Condition{Key: map[string]interface{}{"foo": "bar"}, Operator: kyverno.ConditionOperators["NotEquals"], Value: map[string]interface{}{"foo": "bar"}}, false},
{kyverno.Condition{Key: []interface{}{"foo", "bar"}, Operator: kyverno.ConditionOperators["NotEquals"], Value: []interface{}{"foo", "bar"}}, false},
{kyverno.Condition{Key: []interface{}{map[string]string{"foo": "bar"}}, Operator: kyverno.ConditionOperators["NotEquals"], Value: []interface{}{map[string]string{"foo": "bar"}}}, false},
{kyverno.Condition{Key: "string", Operator: kyverno.ConditionOperators["NotEquals"], Value: "not string"}, true},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["NotEquals"], Value: 2}, true},
{kyverno.Condition{Key: int64(1), Operator: kyverno.ConditionOperators["NotEquals"], Value: int64(2)}, true},
{kyverno.Condition{Key: int64(1), Operator: kyverno.ConditionOperators["NotEquals"], Value: 2}, true},
{kyverno.Condition{Key: 1.0, Operator: kyverno.ConditionOperators["NotEquals"], Value: 2.0}, true},
{kyverno.Condition{Key: true, Operator: kyverno.ConditionOperators["NotEquals"], Value: true}, false},
{kyverno.Condition{Key: false, Operator: kyverno.ConditionOperators["NotEquals"], Value: true}, true},
{kyverno.Condition{Key: "1Gi", Operator: kyverno.ConditionOperators["NotEquals"], Value: "10Gi"}, true},
{kyverno.Condition{Key: "1Gi", Operator: kyverno.ConditionOperators["NotEquals"], Value: "1024Mi"}, false},
{kyverno.Condition{Key: "1h", Operator: kyverno.ConditionOperators["NotEquals"], Value: "5h"}, true},
{kyverno.Condition{Key: "1h", Operator: kyverno.ConditionOperators["NotEquals"], Value: "30m"}, true},
{kyverno.Condition{Key: "string", Operator: kyverno.ConditionOperators["NotEquals"], Value: 1}, true},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["NotEquals"], Value: "2"}, true},
{kyverno.Condition{Key: 1.0, Operator: kyverno.ConditionOperators["NotEquals"], Value: "2.0"}, true},
{kyverno.Condition{Key: true, Operator: kyverno.ConditionOperators["NotEquals"], Value: "false"}, true},
{kyverno.Condition{Key: false, Operator: kyverno.ConditionOperators["NotEquals"], Value: "true"}, true},
{kyverno.Condition{Key: map[string]interface{}{"foo": "bar"}, Operator: kyverno.ConditionOperators["NotEquals"], Value: map[string]interface{}{"bar": "foo"}}, true},
{kyverno.Condition{Key: []interface{}{"foo", "bar"}, Operator: kyverno.ConditionOperators["NotEquals"], Value: []interface{}{"bar", "foo"}}, true},
{kyverno.Condition{Key: []interface{}{map[string]string{"foo": "bar"}}, Operator: kyverno.ConditionOperators["NotEquals"], Value: []interface{}{map[string]string{"bar": "foo"}}}, true},
{kyverno.Condition{Key: "1h", Operator: kyverno.ConditionOperators["NotEquals"], Value: 3600}, false},
{kyverno.Condition{Key: "2h", Operator: kyverno.ConditionOperators["NotEquals"], Value: 3600}, true},
{kyverno.Condition{Key: "1.5.2", Operator: kyverno.ConditionOperators["NotEquals"], Value: "1.5.5"}, true},
{kyverno.Condition{Key: "1.5.2", Operator: kyverno.ConditionOperators["NotEquals"], Value: "1.5.*"}, false},
{kyverno.Condition{Key: "1.5.0", Operator: kyverno.ConditionOperators["NotEquals"], Value: "1.5.0"}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("string"), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON("string")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON(1)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(1)), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON(int64(1))}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(1)), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON(1)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.0), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON(1.0)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(true), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON(false)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(false), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON(false)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1024"), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON("1Ki")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Ki"), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON("1024")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1023"), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON("1Ki")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Ki"), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON("1023")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Gi"), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON("1Gi")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("10Gi"), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON("1024Mi")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1h"), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON("1h")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1h"), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON("60m")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(map[string]interface{}{"foo": "bar"}), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON(map[string]interface{}{"foo": "bar"})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"foo", "bar"}), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON([]interface{}{"foo", "bar"})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{map[string]string{"foo": "bar"}}), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON([]interface{}{map[string]string{"foo": "bar"}})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("string"), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON("not string")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON(2)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(1)), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON(int64(2))}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(1)), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON(2)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.0), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON(2.0)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(true), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON(true)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(false), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON(true)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Gi"), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON("10Gi")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Gi"), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON("1024Mi")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1h"), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON("5h")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1h"), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON("30m")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("string"), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON(1)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON("2")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.0), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON("2.0")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(true), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON("false")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(false), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON("true")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(map[string]interface{}{"foo": "bar"}), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON(map[string]interface{}{"bar": "foo"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"foo", "bar"}), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON([]interface{}{"bar", "foo"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{map[string]string{"foo": "bar"}}), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON([]interface{}{map[string]string{"bar": "foo"}})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1h"), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON(3600)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("2h"), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON(3600)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1.5.2"), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON("1.5.5")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1.5.2"), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON("1.5.*")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1.5.0"), Operator: kyverno.ConditionOperators["NotEquals"], RawValue: kyverno.ToJSON("1.5.0")}, false},
// Greater Than
{kyverno.Condition{Key: 10, Operator: kyverno.ConditionOperators["GreaterThan"], Value: 1}, true},
{kyverno.Condition{Key: 1.5, Operator: kyverno.ConditionOperators["GreaterThan"], Value: 1.0}, true},
{kyverno.Condition{Key: 1.5, Operator: kyverno.ConditionOperators["GreaterThan"], Value: 1}, true},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["GreaterThan"], Value: 10}, false},
{kyverno.Condition{Key: 1.0, Operator: kyverno.ConditionOperators["GreaterThan"], Value: 1.5}, false},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["GreaterThan"], Value: 1.5}, false},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["GreaterThan"], Value: 1}, false},
{kyverno.Condition{Key: 1.0, Operator: kyverno.ConditionOperators["GreaterThan"], Value: 1.0}, false},
{kyverno.Condition{Key: "1025", Operator: kyverno.ConditionOperators["GreaterThan"], Value: "1Ki"}, true},
{kyverno.Condition{Key: "1Ki", Operator: kyverno.ConditionOperators["GreaterThan"], Value: "1023"}, true},
{kyverno.Condition{Key: "10Gi", Operator: kyverno.ConditionOperators["GreaterThan"], Value: "1Gi"}, true},
{kyverno.Condition{Key: "1Gi", Operator: kyverno.ConditionOperators["GreaterThan"], Value: "1Mi"}, true},
{kyverno.Condition{Key: "1Gi", Operator: kyverno.ConditionOperators["GreaterThan"], Value: "10Gi"}, false},
{kyverno.Condition{Key: "10Mi", Operator: kyverno.ConditionOperators["GreaterThan"], Value: "10Mi"}, false},
{kyverno.Condition{Key: "10h", Operator: kyverno.ConditionOperators["GreaterThan"], Value: "1h"}, true},
{kyverno.Condition{Key: "1h", Operator: kyverno.ConditionOperators["GreaterThan"], Value: "30m"}, true},
{kyverno.Condition{Key: "1h", Operator: kyverno.ConditionOperators["GreaterThan"], Value: "1h"}, false},
{kyverno.Condition{Key: "1Gi", Operator: kyverno.ConditionOperators["GreaterThan"], Value: "1Gi"}, false},
{kyverno.Condition{Key: "10", Operator: kyverno.ConditionOperators["GreaterThan"], Value: 1}, true},
{kyverno.Condition{Key: 100, Operator: kyverno.ConditionOperators["GreaterThan"], Value: "10"}, true},
{kyverno.Condition{Key: "100", Operator: kyverno.ConditionOperators["GreaterThan"], Value: "10"}, true},
{kyverno.Condition{Key: "10", Operator: kyverno.ConditionOperators["GreaterThan"], Value: "10"}, false},
{kyverno.Condition{Key: "1", Operator: kyverno.ConditionOperators["GreaterThan"], Value: "10"}, false},
{kyverno.Condition{Key: "1", Operator: kyverno.ConditionOperators["GreaterThan"], Value: 10}, false},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["GreaterThan"], Value: "10"}, false},
{kyverno.Condition{Key: "1h", Operator: kyverno.ConditionOperators["GreaterThan"], Value: 3600}, false},
{kyverno.Condition{Key: "2h", Operator: kyverno.ConditionOperators["GreaterThan"], Value: 3600}, true},
{kyverno.Condition{Key: 3600, Operator: kyverno.ConditionOperators["GreaterThan"], Value: "1h"}, false},
{kyverno.Condition{Key: 3600, Operator: kyverno.ConditionOperators["GreaterThan"], Value: "30m"}, true},
{kyverno.Condition{Key: int64(1), Operator: kyverno.ConditionOperators["GreaterThan"], Value: int64(1)}, false},
{kyverno.Condition{Key: int64(10), Operator: kyverno.ConditionOperators["GreaterThan"], Value: int64(1)}, true},
{kyverno.Condition{Key: int64(1), Operator: kyverno.ConditionOperators["GreaterThan"], Value: int64(10)}, false},
{kyverno.Condition{Key: int64(1), Operator: kyverno.ConditionOperators["GreaterThan"], Value: 1}, false},
{kyverno.Condition{Key: int64(10), Operator: kyverno.ConditionOperators["GreaterThan"], Value: 1}, true},
{kyverno.Condition{Key: int64(1), Operator: kyverno.ConditionOperators["GreaterThan"], Value: 10}, false},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["GreaterThan"], Value: int64(1)}, false},
{kyverno.Condition{Key: 10, Operator: kyverno.ConditionOperators["GreaterThan"], Value: int64(1)}, true},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["GreaterThan"], Value: int64(10)}, false},
{kyverno.Condition{Key: -5, Operator: kyverno.ConditionOperators["GreaterThan"], Value: 1}, false},
{kyverno.Condition{Key: -5, Operator: kyverno.ConditionOperators["GreaterThan"], Value: -10}, true},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["GreaterThan"], Value: -10}, true},
{kyverno.Condition{Key: "1.5.5", Operator: kyverno.ConditionOperators["GreaterThan"], Value: "1.5.0"}, true},
{kyverno.Condition{Key: "1.5.0", Operator: kyverno.ConditionOperators["GreaterThan"], Value: "1.5.5"}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(10), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON(1)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.5), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON(1.0)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.5), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON(1)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON(10)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.0), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON(1.5)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON(1.5)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON(1)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.0), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON(1.0)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1025"), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON("1Ki")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Ki"), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON("1023")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("10Gi"), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON("1Gi")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Gi"), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON("1Mi")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Gi"), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON("10Gi")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("10Mi"), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON("10Mi")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("10h"), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON("1h")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1h"), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON("30m")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1h"), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON("1h")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Gi"), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON("1Gi")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("10"), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON(1)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(100), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON("10")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("100"), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON("10")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("10"), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON("10")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1"), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON("10")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1"), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON(10)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON("10")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1h"), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON(3600)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("2h"), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON(3600)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(3600), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON("1h")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(3600), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON("30m")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(1)), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON(int64(1))}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(10)), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON(int64(1))}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(1)), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON(int64(10))}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(1)), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON(1)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(10)), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON(1)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(1)), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON(10)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON(int64(1))}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(10), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON(int64(1))}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON(int64(10))}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(-5), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON(1)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(-5), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON(-10)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON(-10)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1.5.5"), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON("1.5.0")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1.5.0"), Operator: kyverno.ConditionOperators["GreaterThan"], RawValue: kyverno.ToJSON("1.5.5")}, false},
// Less Than
{kyverno.Condition{Key: 10, Operator: kyverno.ConditionOperators["LessThan"], Value: 1}, false},
{kyverno.Condition{Key: 1.5, Operator: kyverno.ConditionOperators["LessThan"], Value: 1.0}, false},
{kyverno.Condition{Key: 1.5, Operator: kyverno.ConditionOperators["LessThan"], Value: 1}, false},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["LessThan"], Value: 10}, true},
{kyverno.Condition{Key: 1.0, Operator: kyverno.ConditionOperators["LessThan"], Value: 1.5}, true},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["LessThan"], Value: 1.5}, true},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["LessThan"], Value: 1}, false},
{kyverno.Condition{Key: 1.0, Operator: kyverno.ConditionOperators["LessThan"], Value: 1.0}, false},
{kyverno.Condition{Key: "1023", Operator: kyverno.ConditionOperators["LessThan"], Value: "1Ki"}, true},
{kyverno.Condition{Key: "1Ki", Operator: kyverno.ConditionOperators["LessThan"], Value: "1025"}, true},
{kyverno.Condition{Key: "10Gi", Operator: kyverno.ConditionOperators["LessThan"], Value: "1Gi"}, false},
{kyverno.Condition{Key: "1Gi", Operator: kyverno.ConditionOperators["LessThan"], Value: "10Gi"}, true},
{kyverno.Condition{Key: "1Gi", Operator: kyverno.ConditionOperators["LessThan"], Value: "1Mi"}, false},
{kyverno.Condition{Key: "1Mi", Operator: kyverno.ConditionOperators["LessThan"], Value: "1Gi"}, true},
{kyverno.Condition{Key: "10h", Operator: kyverno.ConditionOperators["LessThan"], Value: "1h"}, false},
{kyverno.Condition{Key: "1h", Operator: kyverno.ConditionOperators["LessThan"], Value: "30m"}, false},
{kyverno.Condition{Key: "1h", Operator: kyverno.ConditionOperators["LessThan"], Value: "1h"}, false},
{kyverno.Condition{Key: "1Gi", Operator: kyverno.ConditionOperators["LessThan"], Value: "1Gi"}, false},
{kyverno.Condition{Key: "10", Operator: kyverno.ConditionOperators["LessThan"], Value: 1}, false},
{kyverno.Condition{Key: 100, Operator: kyverno.ConditionOperators["LessThan"], Value: "10"}, false},
{kyverno.Condition{Key: "100", Operator: kyverno.ConditionOperators["LessThan"], Value: "10"}, false},
{kyverno.Condition{Key: "10", Operator: kyverno.ConditionOperators["LessThan"], Value: "10"}, false},
{kyverno.Condition{Key: "1", Operator: kyverno.ConditionOperators["LessThan"], Value: "10"}, true},
{kyverno.Condition{Key: "1", Operator: kyverno.ConditionOperators["LessThan"], Value: 10}, true},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["LessThan"], Value: "10"}, true},
{kyverno.Condition{Key: "1h", Operator: kyverno.ConditionOperators["LessThan"], Value: 3600}, false},
{kyverno.Condition{Key: "30m", Operator: kyverno.ConditionOperators["LessThan"], Value: 3600}, true},
{kyverno.Condition{Key: 3600, Operator: kyverno.ConditionOperators["LessThan"], Value: "1h"}, false},
{kyverno.Condition{Key: 3600, Operator: kyverno.ConditionOperators["LessThan"], Value: "30m"}, false},
{kyverno.Condition{Key: int64(1), Operator: kyverno.ConditionOperators["LessThan"], Value: int64(1)}, false},
{kyverno.Condition{Key: int64(10), Operator: kyverno.ConditionOperators["LessThan"], Value: int64(1)}, false},
{kyverno.Condition{Key: int64(1), Operator: kyverno.ConditionOperators["LessThan"], Value: int64(10)}, true},
{kyverno.Condition{Key: int64(1), Operator: kyverno.ConditionOperators["LessThan"], Value: 1}, false},
{kyverno.Condition{Key: int64(10), Operator: kyverno.ConditionOperators["LessThan"], Value: 1}, false},
{kyverno.Condition{Key: int64(1), Operator: kyverno.ConditionOperators["LessThan"], Value: 10}, true},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["LessThan"], Value: int64(1)}, false},
{kyverno.Condition{Key: 10, Operator: kyverno.ConditionOperators["LessThan"], Value: int64(1)}, false},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["LessThan"], Value: int64(10)}, true},
{kyverno.Condition{Key: -5, Operator: kyverno.ConditionOperators["LessThan"], Value: 1}, true},
{kyverno.Condition{Key: -5, Operator: kyverno.ConditionOperators["LessThan"], Value: -10}, false},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["LessThan"], Value: -10}, false},
{kyverno.Condition{Key: "1.5.5", Operator: kyverno.ConditionOperators["LessThan"], Value: "1.5.0"}, false},
{kyverno.Condition{Key: "1.5.0", Operator: kyverno.ConditionOperators["LessThan"], Value: "1.5.5"}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(10), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON(1)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.5), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON(1.0)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.5), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON(1)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON(10)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.0), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON(1.5)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON(1.5)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON(1)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.0), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON(1.0)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1023"), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON("1Ki")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Ki"), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON("1025")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("10Gi"), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON("1Gi")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Gi"), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON("10Gi")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Gi"), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON("1Mi")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Mi"), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON("1Gi")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("10h"), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON("1h")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1h"), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON("30m")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1h"), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON("1h")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Gi"), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON("1Gi")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("10"), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON(1)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(100), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON("10")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("100"), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON("10")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("10"), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON("10")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1"), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON("10")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1"), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON(10)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON("10")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1h"), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON(3600)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("30m"), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON(3600)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(3600), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON("1h")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(3600), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON("30m")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(1)), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON(int64(1))}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(10)), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON(int64(1))}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(1)), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON(int64(10))}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(1)), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON(1)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(10)), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON(1)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(1)), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON(10)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON(int64(1))}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(10), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON(int64(1))}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON(int64(10))}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(-5), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON(1)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(-5), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON(-10)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON(-10)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1.5.5"), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON("1.5.0")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1.5.0"), Operator: kyverno.ConditionOperators["LessThan"], RawValue: kyverno.ToJSON("1.5.5")}, true},
// Greater Than or Equal
{kyverno.Condition{Key: 10, Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: 1}, true},
{kyverno.Condition{Key: 1.5, Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: 1.0}, true},
{kyverno.Condition{Key: 1.5, Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: 1}, true},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: 10}, false},
{kyverno.Condition{Key: 1.0, Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: 1.5}, false},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: 1.5}, false},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: 1}, true},
{kyverno.Condition{Key: 1.0, Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: 1.0}, true},
{kyverno.Condition{Key: 1.0, Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: 1}, true},
{kyverno.Condition{Key: "1025", Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: "1Ki"}, true},
{kyverno.Condition{Key: "1024", Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: "1Ki"}, true},
{kyverno.Condition{Key: "1Ki", Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: "1023"}, true},
{kyverno.Condition{Key: "1Ki", Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: "1024"}, true},
{kyverno.Condition{Key: "10Gi", Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: "1Gi"}, true},
{kyverno.Condition{Key: "1Gi", Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: "1Mi"}, true},
{kyverno.Condition{Key: "1Gi", Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: "10Gi"}, false},
{kyverno.Condition{Key: "10h", Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: "1h"}, true},
{kyverno.Condition{Key: "1h", Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: "30m"}, true},
{kyverno.Condition{Key: "1h", Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: "1h"}, true},
{kyverno.Condition{Key: "1Gi", Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: "1Gi"}, true},
{kyverno.Condition{Key: "10", Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: 1}, true},
{kyverno.Condition{Key: 100, Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: "10"}, true},
{kyverno.Condition{Key: "100", Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: "10"}, true},
{kyverno.Condition{Key: "10", Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: "10"}, true},
{kyverno.Condition{Key: "1", Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: "10"}, false},
{kyverno.Condition{Key: "1", Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: 10}, false},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: "10"}, false},
{kyverno.Condition{Key: "1h", Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: 3600}, true},
{kyverno.Condition{Key: "2h", Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: 3600}, true},
{kyverno.Condition{Key: int64(1), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: int64(1)}, true},
{kyverno.Condition{Key: int64(10), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: int64(1)}, true},
{kyverno.Condition{Key: int64(1), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: int64(10)}, false},
{kyverno.Condition{Key: int64(1), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: 1}, true},
{kyverno.Condition{Key: int64(10), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: 1}, true},
{kyverno.Condition{Key: int64(1), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: 10}, false},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: int64(1)}, true},
{kyverno.Condition{Key: 10, Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: int64(1)}, true},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: int64(10)}, false},
{kyverno.Condition{Key: "1.5.5", Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: "1.5.5"}, true},
{kyverno.Condition{Key: "1.5.5", Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: "1.5.0"}, true},
{kyverno.Condition{Key: "1.5.0", Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], Value: "1.5.5"}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(10), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON(1)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.5), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON(1.0)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.5), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON(1)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON(10)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.0), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON(1.5)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON(1.5)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON(1)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.0), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON(1.0)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.0), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON(1)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1025"), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON("1Ki")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1024"), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON("1Ki")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Ki"), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON("1023")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Ki"), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON("1024")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("10Gi"), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON("1Gi")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Gi"), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON("1Mi")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Gi"), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON("10Gi")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("10h"), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON("1h")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1h"), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON("30m")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1h"), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON("1h")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Gi"), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON("1Gi")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("10"), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON(1)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(100), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON("10")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("100"), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON("10")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("10"), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON("10")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1"), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON("10")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1"), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON(10)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON("10")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1h"), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON(3600)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("2h"), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON(3600)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(1)), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON(int64(1))}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(10)), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON(int64(1))}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(1)), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON(int64(10))}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(1)), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON(1)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(10)), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON(1)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(1)), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON(10)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON(int64(1))}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(10), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON(int64(1))}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON(int64(10))}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1.5.5"), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON("1.5.5")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1.5.5"), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON("1.5.0")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1.5.0"), Operator: kyverno.ConditionOperators["GreaterThanOrEquals"], RawValue: kyverno.ToJSON("1.5.5")}, false},
// Less Than or Equal
{kyverno.Condition{Key: 10, Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: 1}, false},
{kyverno.Condition{Key: 1.5, Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: 1.0}, false},
{kyverno.Condition{Key: 1.5, Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: 1}, false},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: 10}, true},
{kyverno.Condition{Key: 1.0, Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: 1.5}, true},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: 1.5}, true},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: 1}, true},
{kyverno.Condition{Key: 1.0, Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: 1.0}, true},
{kyverno.Condition{Key: "1Ki", Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: "1024"}, true},
{kyverno.Condition{Key: "1024", Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: "1Ki"}, true},
{kyverno.Condition{Key: "1Ki", Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: "1025"}, true},
{kyverno.Condition{Key: "1023", Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: "1Ki"}, true},
{kyverno.Condition{Key: "10Gi", Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: "1Gi"}, false},
{kyverno.Condition{Key: "1Gi", Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: "10Gi"}, true},
{kyverno.Condition{Key: "1Gi", Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: "1Mi"}, false},
{kyverno.Condition{Key: "1Mi", Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: "1Gi"}, true},
{kyverno.Condition{Key: "10h", Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: "1h"}, false},
{kyverno.Condition{Key: "1h", Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: "30m"}, false},
{kyverno.Condition{Key: "1h", Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: "1h"}, true},
{kyverno.Condition{Key: "1Gi", Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: "1Gi"}, true},
{kyverno.Condition{Key: "10", Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: 1}, false},
{kyverno.Condition{Key: 100, Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: "10"}, false},
{kyverno.Condition{Key: "100", Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: "10"}, false},
{kyverno.Condition{Key: "10", Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: "10"}, true},
{kyverno.Condition{Key: "1", Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: "10"}, true},
{kyverno.Condition{Key: "1", Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: 10}, true},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: "10"}, true},
{kyverno.Condition{Key: "1h", Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: 3600}, true},
{kyverno.Condition{Key: "2h", Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: 3600}, false},
{kyverno.Condition{Key: int64(1), Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: int64(1)}, true},
{kyverno.Condition{Key: int64(10), Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: int64(1)}, false},
{kyverno.Condition{Key: int64(1), Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: int64(10)}, true},
{kyverno.Condition{Key: int64(1), Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: 1}, true},
{kyverno.Condition{Key: int64(10), Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: 1}, false},
{kyverno.Condition{Key: int64(1), Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: 10}, true},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: int64(1)}, true},
{kyverno.Condition{Key: 10, Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: int64(1)}, false},
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: int64(10)}, true},
{kyverno.Condition{Key: "1.5.5", Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: "1.5.5"}, true},
{kyverno.Condition{Key: "1.5.0", Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: "1.5.5"}, true},
{kyverno.Condition{Key: "1.5.5", Operator: kyverno.ConditionOperators["LessThanOrEquals"], Value: "1.5.0"}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(10), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON(1)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.5), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON(1.0)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.5), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON(1)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON(10)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.0), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON(1.5)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON(1.5)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON(1)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.0), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON(1.0)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Ki"), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON("1024")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1024"), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON("1Ki")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Ki"), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON("1025")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1023"), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON("1Ki")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("10Gi"), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON("1Gi")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Gi"), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON("10Gi")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Gi"), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON("1Mi")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Mi"), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON("1Gi")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("10h"), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON("1h")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1h"), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON("30m")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1h"), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON("1h")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1Gi"), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON("1Gi")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("10"), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON(1)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(100), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON("10")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("100"), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON("10")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("10"), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON("10")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1"), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON("10")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1"), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON(10)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON("10")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1h"), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON(3600)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("2h"), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON(3600)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(1)), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON(int64(1))}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(10)), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON(int64(1))}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(1)), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON(int64(10))}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(1)), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON(1)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(10)), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON(1)}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(int64(1)), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON(10)}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON(int64(1))}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(10), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON(int64(1))}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON(int64(10))}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1.5.5"), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON("1.5.5")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1.5.0"), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON("1.5.5")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1.5.5"), Operator: kyverno.ConditionOperators["LessThanOrEquals"], RawValue: kyverno.ToJSON("1.5.0")}, false},
// In
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["In"], Value: []interface{}{1, 2, 3}}, true},
{kyverno.Condition{Key: 1.5, Operator: kyverno.ConditionOperators["In"], Value: []interface{}{1, 1.5, 2, 3}}, true},
{kyverno.Condition{Key: "1", Operator: kyverno.ConditionOperators["In"], Value: []interface{}{"1", "2", "3"}}, true},
{kyverno.Condition{Key: []interface{}{"1.1.1.1", "2.2.2.2"}, Operator: kyverno.ConditionOperators["In"], Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, true},
{kyverno.Condition{Key: 5, Operator: kyverno.ConditionOperators["In"], Value: []interface{}{1, 2, 3}}, false},
{kyverno.Condition{Key: 5.5, Operator: kyverno.ConditionOperators["In"], Value: []interface{}{1, 1.5, 2, 3}}, false},
{kyverno.Condition{Key: "5", Operator: kyverno.ConditionOperators["In"], Value: []interface{}{"1", "2", "3"}}, false},
{kyverno.Condition{Key: []interface{}{"1.1.1.1", "4.4.4.4"}, Operator: kyverno.ConditionOperators["In"], Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["In"], RawValue: kyverno.ToJSON([]interface{}{1, 2, 3})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.5), Operator: kyverno.ConditionOperators["In"], RawValue: kyverno.ToJSON([]interface{}{1, 1.5, 2, 3})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("1"), Operator: kyverno.ConditionOperators["In"], RawValue: kyverno.ToJSON([]interface{}{"1", "2", "3"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2"}), Operator: kyverno.ConditionOperators["In"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(5), Operator: kyverno.ConditionOperators["In"], RawValue: kyverno.ToJSON([]interface{}{1, 2, 3})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(5.5), Operator: kyverno.ConditionOperators["In"], RawValue: kyverno.ToJSON([]interface{}{1, 1.5, 2, 3})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("5"), Operator: kyverno.ConditionOperators["In"], RawValue: kyverno.ToJSON([]interface{}{"1", "2", "3"})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "4.4.4.4"}), Operator: kyverno.ConditionOperators["In"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"})}, false},
// Not In
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["NotIn"], Value: []interface{}{1, 2, 3}}, false},
{kyverno.Condition{Key: 1.5, Operator: kyverno.ConditionOperators["NotIn"], Value: []interface{}{1, 1.5, 2, 3}}, false},
{kyverno.Condition{Key: "1", Operator: kyverno.ConditionOperators["NotIn"], Value: []interface{}{"1", "2", "3"}}, false},
{kyverno.Condition{Key: []interface{}{"1.1.1.1", "2.2.2.2"}, Operator: kyverno.ConditionOperators["NotIn"], Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, false},
{kyverno.Condition{Key: 5, Operator: kyverno.ConditionOperators["NotIn"], Value: []interface{}{1, 2, 3}}, true},
{kyverno.Condition{Key: 5.5, Operator: kyverno.ConditionOperators["NotIn"], Value: []interface{}{1, 1.5, 2, 3}}, true},
{kyverno.Condition{Key: "5", Operator: kyverno.ConditionOperators["NotIn"], Value: []interface{}{"1", "2", "3"}}, true},
{kyverno.Condition{Key: []interface{}{"1.1.1.1", "4.4.4.4"}, Operator: kyverno.ConditionOperators["NotIn"], Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["NotIn"], RawValue: kyverno.ToJSON([]interface{}{1, 2, 3})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.5), Operator: kyverno.ConditionOperators["NotIn"], RawValue: kyverno.ToJSON([]interface{}{1, 1.5, 2, 3})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1"), Operator: kyverno.ConditionOperators["NotIn"], RawValue: kyverno.ToJSON([]interface{}{"1", "2", "3"})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2"}), Operator: kyverno.ConditionOperators["NotIn"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(5), Operator: kyverno.ConditionOperators["NotIn"], RawValue: kyverno.ToJSON([]interface{}{1, 2, 3})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(5.5), Operator: kyverno.ConditionOperators["NotIn"], RawValue: kyverno.ToJSON([]interface{}{1, 1.5, 2, 3})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("5"), Operator: kyverno.ConditionOperators["NotIn"], RawValue: kyverno.ToJSON([]interface{}{"1", "2", "3"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "4.4.4.4"}), Operator: kyverno.ConditionOperators["NotIn"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"})}, true},
// Any In
{kyverno.Condition{Key: []interface{}{"1.1.1.1", "5.5.5.5"}, Operator: kyverno.ConditionOperators["AnyIn"], Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, true},
{kyverno.Condition{Key: []interface{}{"1.1.1.1", "5.5.5.5"}, Operator: kyverno.ConditionOperators["AnyIn"], Value: "1.1.1.1"}, true},
{kyverno.Condition{Key: []interface{}{"4.4.4.4", "5.5.5.5"}, Operator: kyverno.ConditionOperators["AnyIn"], Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, false},
{kyverno.Condition{Key: []interface{}{"1.1.1.1", "5.5.5.5"}, Operator: kyverno.ConditionOperators["AnyIn"], Value: []interface{}{"1.1.1.1"}}, true},
{kyverno.Condition{Key: []interface{}{1, 2}, Operator: kyverno.ConditionOperators["AnyIn"], Value: []interface{}{1, 2, 3, 4}}, true},
{kyverno.Condition{Key: []interface{}{1, 5}, Operator: kyverno.ConditionOperators["AnyIn"], Value: []interface{}{1, 2, 3, 4}}, true},
{kyverno.Condition{Key: []interface{}{5}, Operator: kyverno.ConditionOperators["AnyIn"], Value: []interface{}{1, 2, 3, 4}}, false},
{kyverno.Condition{Key: []interface{}{"1*"}, Operator: kyverno.ConditionOperators["AnyIn"], Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, true},
{kyverno.Condition{Key: []interface{}{"5*"}, Operator: kyverno.ConditionOperators["AnyIn"], Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, false},
{kyverno.Condition{Key: []interface{}{"1.1.1.1", "2.2.2.2", "5.5.5.5"}, Operator: kyverno.ConditionOperators["AnyIn"], Value: []interface{}{"2*"}}, true},
{kyverno.Condition{Key: []interface{}{"1.1.1.1", "2.2.2.2", "5.5.5.5"}, Operator: kyverno.ConditionOperators["AnyIn"], Value: []interface{}{"4*"}}, false},
{kyverno.Condition{Key: []interface{}{"5"}, Operator: kyverno.ConditionOperators["AnyIn"], Value: "1-3"}, false},
{kyverno.Condition{Key: "5", Operator: kyverno.ConditionOperators["AnyIn"], Value: "1-10"}, true},
{kyverno.Condition{Key: 5, Operator: kyverno.ConditionOperators["AnyIn"], Value: "1-10"}, true},
{kyverno.Condition{Key: []interface{}{1, 5}, Operator: kyverno.ConditionOperators["AnyIn"], Value: "7-10"}, false},
{kyverno.Condition{Key: []interface{}{1, 5}, Operator: kyverno.ConditionOperators["AnyIn"], Value: "0-10"}, true},
{kyverno.Condition{Key: []interface{}{1.002, 1.222}, Operator: kyverno.ConditionOperators["AnyIn"], Value: "1.001-10"}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "5.5.5.5"}), Operator: kyverno.ConditionOperators["AnyIn"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "5.5.5.5"}), Operator: kyverno.ConditionOperators["AnyIn"], RawValue: kyverno.ToJSON("1.1.1.1")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"4.4.4.4", "5.5.5.5"}), Operator: kyverno.ConditionOperators["AnyIn"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "5.5.5.5"}), Operator: kyverno.ConditionOperators["AnyIn"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{1, 2}), Operator: kyverno.ConditionOperators["AnyIn"], RawValue: kyverno.ToJSON([]interface{}{1, 2, 3, 4})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{1, 5}), Operator: kyverno.ConditionOperators["AnyIn"], RawValue: kyverno.ToJSON([]interface{}{1, 2, 3, 4})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{5}), Operator: kyverno.ConditionOperators["AnyIn"], RawValue: kyverno.ToJSON([]interface{}{1, 2, 3, 4})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1*"}), Operator: kyverno.ConditionOperators["AnyIn"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"5*"}), Operator: kyverno.ConditionOperators["AnyIn"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "5.5.5.5"}), Operator: kyverno.ConditionOperators["AnyIn"], RawValue: kyverno.ToJSON([]interface{}{"2*"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "5.5.5.5"}), Operator: kyverno.ConditionOperators["AnyIn"], RawValue: kyverno.ToJSON([]interface{}{"4*"})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"5"}), Operator: kyverno.ConditionOperators["AnyIn"], RawValue: kyverno.ToJSON("1-3")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("5"), Operator: kyverno.ConditionOperators["AnyIn"], RawValue: kyverno.ToJSON("1-10")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(5), Operator: kyverno.ConditionOperators["AnyIn"], RawValue: kyverno.ToJSON("1-10")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{1, 5}), Operator: kyverno.ConditionOperators["AnyIn"], RawValue: kyverno.ToJSON("7-10")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{1, 5}), Operator: kyverno.ConditionOperators["AnyIn"], RawValue: kyverno.ToJSON("0-10")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{1.002, 1.222}), Operator: kyverno.ConditionOperators["AnyIn"], RawValue: kyverno.ToJSON("1.001-10")}, true},
// All In
{kyverno.Condition{Key: []interface{}{"1.1.1.1", "2.2.2.2"}, Operator: kyverno.ConditionOperators["AllIn"], Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, true},
{kyverno.Condition{Key: []interface{}{"1.1.1.1", "5.5.5.5"}, Operator: kyverno.ConditionOperators["AllIn"], Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, false},
{kyverno.Condition{Key: []interface{}{"4.4.4.4", "5.5.5.5"}, Operator: kyverno.ConditionOperators["AllIn"], Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, false},
{kyverno.Condition{Key: []interface{}{"1.1.1.1", "5.5.5.5"}, Operator: kyverno.ConditionOperators["AllIn"], Value: []interface{}{"1.1.1.1"}}, false},
{kyverno.Condition{Key: []interface{}{1, 2}, Operator: kyverno.ConditionOperators["AllIn"], Value: []interface{}{1, 2, 3, 4}}, true},
{kyverno.Condition{Key: []interface{}{1, 5}, Operator: kyverno.ConditionOperators["AllIn"], Value: []interface{}{1, 2, 3, 4}}, false},
{kyverno.Condition{Key: []interface{}{5}, Operator: kyverno.ConditionOperators["AllIn"], Value: []interface{}{1, 2, 3, 4}}, false},
{kyverno.Condition{Key: []interface{}{"1*"}, Operator: kyverno.ConditionOperators["AllIn"], Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, true},
{kyverno.Condition{Key: []interface{}{"5*"}, Operator: kyverno.ConditionOperators["AllIn"], Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, false},
{kyverno.Condition{Key: []interface{}{"2.1.1.1", "2.2.2.2", "2.5.5.5"}, Operator: kyverno.ConditionOperators["AllIn"], Value: []interface{}{"2*"}}, true},
{kyverno.Condition{Key: []interface{}{"1.1.1.1", "2.2.2.2", "5.5.5.5"}, Operator: kyverno.ConditionOperators["AllIn"], Value: []interface{}{"4*"}}, false},
{kyverno.Condition{Key: []interface{}{"1.1.1.1", "5.5.5.5"}, Operator: kyverno.ConditionOperators["AllIn"], Value: "5.5.5.5"}, false},
{kyverno.Condition{Key: 5, Operator: kyverno.ConditionOperators["AllIn"], Value: "1-10"}, true},
{kyverno.Condition{Key: []interface{}{3, 2}, Operator: kyverno.ConditionOperators["AllIn"], Value: "1-10"}, true},
{kyverno.Condition{Key: []interface{}{3, 2}, Operator: kyverno.ConditionOperators["AllIn"], Value: "5-10"}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2"}), Operator: kyverno.ConditionOperators["AllIn"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "5.5.5.5"}), Operator: kyverno.ConditionOperators["AllIn"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"4.4.4.4", "5.5.5.5"}), Operator: kyverno.ConditionOperators["AllIn"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "5.5.5.5"}), Operator: kyverno.ConditionOperators["AllIn"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1"})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{1, 2}), Operator: kyverno.ConditionOperators["AllIn"], RawValue: kyverno.ToJSON([]interface{}{1, 2, 3, 4})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{1, 5}), Operator: kyverno.ConditionOperators["AllIn"], RawValue: kyverno.ToJSON([]interface{}{1, 2, 3, 4})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{5}), Operator: kyverno.ConditionOperators["AllIn"], RawValue: kyverno.ToJSON([]interface{}{1, 2, 3, 4})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1*"}), Operator: kyverno.ConditionOperators["AllIn"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"5*"}), Operator: kyverno.ConditionOperators["AllIn"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"2.1.1.1", "2.2.2.2", "2.5.5.5"}), Operator: kyverno.ConditionOperators["AllIn"], RawValue: kyverno.ToJSON([]interface{}{"2*"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "5.5.5.5"}), Operator: kyverno.ConditionOperators["AllIn"], RawValue: kyverno.ToJSON([]interface{}{"4*"})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "5.5.5.5"}), Operator: kyverno.ConditionOperators["AllIn"], RawValue: kyverno.ToJSON("5.5.5.5")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(5), Operator: kyverno.ConditionOperators["AllIn"], RawValue: kyverno.ToJSON("1-10")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{3, 2}), Operator: kyverno.ConditionOperators["AllIn"], RawValue: kyverno.ToJSON("1-10")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{3, 2}), Operator: kyverno.ConditionOperators["AllIn"], RawValue: kyverno.ToJSON("5-10")}, false},
// All Not In
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["AllNotIn"], Value: []interface{}{1, 2, 3}}, false},
{kyverno.Condition{Key: 1.5, Operator: kyverno.ConditionOperators["AllNotIn"], Value: []interface{}{1, 1.5, 2, 3}}, false},
{kyverno.Condition{Key: "1", Operator: kyverno.ConditionOperators["AllNotIn"], Value: []interface{}{"1", "2", "3"}}, false},
{kyverno.Condition{Key: []interface{}{"1.1.1.1", "2.2.2.2"}, Operator: kyverno.ConditionOperators["AllNotIn"], Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, false},
{kyverno.Condition{Key: 5, Operator: kyverno.ConditionOperators["AllNotIn"], Value: []interface{}{1, 2, 3}}, true},
{kyverno.Condition{Key: 5.5, Operator: kyverno.ConditionOperators["AllNotIn"], Value: []interface{}{1, 1.5, 2, 3}}, true},
{kyverno.Condition{Key: "5", Operator: kyverno.ConditionOperators["AllNotIn"], Value: []interface{}{"1", "2", "3"}}, true},
{kyverno.Condition{Key: []interface{}{"1.1.1.1", "4.4.4.4"}, Operator: kyverno.ConditionOperators["AllNotIn"], Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, true},
{kyverno.Condition{Key: []interface{}{"1.1.1.1", "4.4.4.4"}, Operator: kyverno.ConditionOperators["AllNotIn"], Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3", "1.1.1.1"}}, true},
{kyverno.Condition{Key: []interface{}{"1.1.1.1", "4.4.4.4", "1.1.1.1"}, Operator: kyverno.ConditionOperators["AllNotIn"], Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3", "1.1.1.1", "4.4.4.4"}}, false},
{kyverno.Condition{Key: []interface{}{"5.5.5.5", "4.4.4.4"}, Operator: kyverno.ConditionOperators["AllNotIn"], Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, true},
{kyverno.Condition{Key: []interface{}{"7*", "6*", "5*"}, Operator: kyverno.ConditionOperators["AllNotIn"], Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, true},
{kyverno.Condition{Key: []interface{}{"1*", "2*"}, Operator: kyverno.ConditionOperators["AllNotIn"], Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, false},
{kyverno.Condition{Key: []interface{}{"1.1.1.1", "3.3.3.3", "5.5.5.5"}, Operator: kyverno.ConditionOperators["AllNotIn"], Value: []interface{}{"2*"}}, true},
{kyverno.Condition{Key: []interface{}{"4.1.1.1", "4.2.2.2", "4.5.5.5"}, Operator: kyverno.ConditionOperators["AllNotIn"], Value: []interface{}{"4*"}}, false},
{kyverno.Condition{Key: []interface{}{"1.1.1.1", "4.4.4.4"}, Operator: kyverno.ConditionOperators["AllNotIn"], Value: "2.2.2.2"}, true},
{kyverno.Condition{Key: 5.5, Operator: kyverno.ConditionOperators["AllNotIn"], Value: "6-10"}, true},
{kyverno.Condition{Key: "5", Operator: kyverno.ConditionOperators["AllNotIn"], Value: "1-6"}, false},
{kyverno.Condition{Key: []interface{}{3, 2}, Operator: kyverno.ConditionOperators["AllNotIn"], Value: "5-10"}, true},
{kyverno.Condition{Key: []interface{}{2, 6}, Operator: kyverno.ConditionOperators["AllNotIn"], Value: "5-10"}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["AllNotIn"], RawValue: kyverno.ToJSON([]interface{}{1, 2, 3})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.5), Operator: kyverno.ConditionOperators["AllNotIn"], RawValue: kyverno.ToJSON([]interface{}{1, 1.5, 2, 3})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1"), Operator: kyverno.ConditionOperators["AllNotIn"], RawValue: kyverno.ToJSON([]interface{}{"1", "2", "3"})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2"}), Operator: kyverno.ConditionOperators["AllNotIn"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(5), Operator: kyverno.ConditionOperators["AllNotIn"], RawValue: kyverno.ToJSON([]interface{}{1, 2, 3})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(5.5), Operator: kyverno.ConditionOperators["AllNotIn"], RawValue: kyverno.ToJSON([]interface{}{1, 1.5, 2, 3})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("5"), Operator: kyverno.ConditionOperators["AllNotIn"], RawValue: kyverno.ToJSON([]interface{}{"1", "2", "3"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "4.4.4.4"}), Operator: kyverno.ConditionOperators["AllNotIn"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "4.4.4.4"}), Operator: kyverno.ConditionOperators["AllNotIn"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3", "1.1.1.1"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "4.4.4.4", "1.1.1.1"}), Operator: kyverno.ConditionOperators["AllNotIn"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3", "1.1.1.1", "4.4.4.4"})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"5.5.5.5", "4.4.4.4"}), Operator: kyverno.ConditionOperators["AllNotIn"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"7*", "6*", "5*"}), Operator: kyverno.ConditionOperators["AllNotIn"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1*", "2*"}), Operator: kyverno.ConditionOperators["AllNotIn"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "3.3.3.3", "5.5.5.5"}), Operator: kyverno.ConditionOperators["AllNotIn"], RawValue: kyverno.ToJSON([]interface{}{"2*"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"4.1.1.1", "4.2.2.2", "4.5.5.5"}), Operator: kyverno.ConditionOperators["AllNotIn"], RawValue: kyverno.ToJSON([]interface{}{"4*"})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "4.4.4.4"}), Operator: kyverno.ConditionOperators["AllNotIn"], RawValue: kyverno.ToJSON("2.2.2.2")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(5.5), Operator: kyverno.ConditionOperators["AllNotIn"], RawValue: kyverno.ToJSON("6-10")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("5"), Operator: kyverno.ConditionOperators["AllNotIn"], RawValue: kyverno.ToJSON("1-6")}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{3, 2}), Operator: kyverno.ConditionOperators["AllNotIn"], RawValue: kyverno.ToJSON("5-10")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{2, 6}), Operator: kyverno.ConditionOperators["AllNotIn"], RawValue: kyverno.ToJSON("5-10")}, false},
// Any Not In
{kyverno.Condition{Key: 1, Operator: kyverno.ConditionOperators["AnyNotIn"], Value: []interface{}{1, 2, 3}}, false},
{kyverno.Condition{Key: 1.5, Operator: kyverno.ConditionOperators["AnyNotIn"], Value: []interface{}{1, 1.5, 2, 3}}, false},
{kyverno.Condition{Key: "1", Operator: kyverno.ConditionOperators["AnyNotIn"], Value: []interface{}{"1", "2", "3"}}, false},
{kyverno.Condition{Key: []interface{}{"1.1.1.1", "2.2.2.2"}, Operator: kyverno.ConditionOperators["AnyNotIn"], Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, false},
{kyverno.Condition{Key: 5, Operator: kyverno.ConditionOperators["AnyNotIn"], Value: []interface{}{1, 2, 3}}, true},
{kyverno.Condition{Key: 5.5, Operator: kyverno.ConditionOperators["AnyNotIn"], Value: []interface{}{1, 1.5, 2, 3}}, true},
{kyverno.Condition{Key: "5", Operator: kyverno.ConditionOperators["AnyNotIn"], Value: []interface{}{"1", "2", "3"}}, true},
{kyverno.Condition{Key: []interface{}{"1.1.1.1", "4.4.4.4"}, Operator: kyverno.ConditionOperators["AnyNotIn"], Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, true},
{kyverno.Condition{Key: []interface{}{"5.5.5.5", "4.4.4.4"}, Operator: kyverno.ConditionOperators["AnyNotIn"], Value: "4.4.4.4"}, true},
{kyverno.Condition{Key: []interface{}{"5.5.5.5", "4.4.4.4"}, Operator: kyverno.ConditionOperators["AnyNotIn"], Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, true},
{kyverno.Condition{Key: []interface{}{"1*", "3*", "5*"}, Operator: kyverno.ConditionOperators["AnyNotIn"], Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, true},
{kyverno.Condition{Key: []interface{}{"1.1.1.1", "2.2.2.2", "5.5.5.5"}, Operator: kyverno.ConditionOperators["AnyNotIn"], Value: []interface{}{"2*"}}, true},
{kyverno.Condition{Key: []interface{}{"2.2*"}, Operator: kyverno.ConditionOperators["AnyNotIn"], Value: []interface{}{"2.2.2.2"}}, false},
{kyverno.Condition{Key: "5", Operator: kyverno.ConditionOperators["AnyNotIn"], Value: "1-3"}, true},
{kyverno.Condition{Key: []interface{}{1, 5, 11}, Operator: kyverno.ConditionOperators["AnyNotIn"], Value: "0-10"}, true},
{kyverno.Condition{Key: []interface{}{1, 5, 7}, Operator: kyverno.ConditionOperators["AnyNotIn"], Value: "0-10"}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1), Operator: kyverno.ConditionOperators["AnyNotIn"], RawValue: kyverno.ToJSON([]interface{}{1, 2, 3})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(1.5), Operator: kyverno.ConditionOperators["AnyNotIn"], RawValue: kyverno.ToJSON([]interface{}{1, 1.5, 2, 3})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("1"), Operator: kyverno.ConditionOperators["AnyNotIn"], RawValue: kyverno.ToJSON([]interface{}{"1", "2", "3"})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2"}), Operator: kyverno.ConditionOperators["AnyNotIn"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON(5), Operator: kyverno.ConditionOperators["AnyNotIn"], RawValue: kyverno.ToJSON([]interface{}{1, 2, 3})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON(5.5), Operator: kyverno.ConditionOperators["AnyNotIn"], RawValue: kyverno.ToJSON([]interface{}{1, 1.5, 2, 3})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON("5"), Operator: kyverno.ConditionOperators["AnyNotIn"], RawValue: kyverno.ToJSON([]interface{}{"1", "2", "3"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "4.4.4.4"}), Operator: kyverno.ConditionOperators["AnyNotIn"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"5.5.5.5", "4.4.4.4"}), Operator: kyverno.ConditionOperators["AnyNotIn"], RawValue: kyverno.ToJSON("4.4.4.4")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"5.5.5.5", "4.4.4.4"}), Operator: kyverno.ConditionOperators["AnyNotIn"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1*", "3*", "5*"}), Operator: kyverno.ConditionOperators["AnyNotIn"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "5.5.5.5"}), Operator: kyverno.ConditionOperators["AnyNotIn"], RawValue: kyverno.ToJSON([]interface{}{"2*"})}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"2.2*"}), Operator: kyverno.ConditionOperators["AnyNotIn"], RawValue: kyverno.ToJSON([]interface{}{"2.2.2.2"})}, false},
{kyverno.Condition{RawKey: kyverno.ToJSON("5"), Operator: kyverno.ConditionOperators["AnyNotIn"], RawValue: kyverno.ToJSON("1-3")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{1, 5, 11}), Operator: kyverno.ConditionOperators["AnyNotIn"], RawValue: kyverno.ToJSON("0-10")}, true},
{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{1, 5, 7}), Operator: kyverno.ConditionOperators["AnyNotIn"], RawValue: kyverno.ToJSON("0-10")}, false},
}
ctx := context.NewContext()
@ -405,9 +405,9 @@ func Test_Eval_Equal_Var_Pass(t *testing.T) {
t.Error(err)
}
condition := kyverno.Condition{
Key: "{{request.object.metadata.name}}",
RawKey: kyverno.ToJSON("{{request.object.metadata.name}}"),
Operator: kyverno.ConditionOperators["Equal"],
Value: "temp",
RawValue: kyverno.ToJSON("temp"),
}
conditionJSON, err := json.Marshal(condition)
@ -447,9 +447,9 @@ func Test_Eval_Equal_Var_Fail(t *testing.T) {
t.Error(err)
}
condition := kyverno.Condition{
Key: "{{request.object.metadata.name}}",
RawKey: kyverno.ToJSON("{{request.object.metadata.name}}"),
Operator: kyverno.ConditionOperators["Equal"],
Value: "temp1",
RawValue: kyverno.ToJSON("temp1"),
}
if Evaluate(log.Log, ctx, condition) {

6
pkg/policy/generate/validate.go
View file

@ -37,7 +37,7 @@ func NewGenerateFactory(client *dclient.Client, rule kyverno.Generation, log log
//Validate validates the 'generate' rule
func (g *Generate) Validate() (string, error) {
rule := g.rule
if rule.Data != nil && rule.Clone != (kyverno.CloneFrom{}) {
if rule.GetData() != nil && rule.Clone != (kyverno.CloneFrom{}) {
return "", fmt.Errorf("only one of data or clone can be specified")
}
@ -56,10 +56,10 @@ func (g *Generate) Validate() (string, error) {
return fmt.Sprintf("clone.%s", path), err
}
}
if rule.Data != nil {
if target := rule.GetData(); target != nil {
//TODO: is this required ?? as anchors can only be on pattern and not resource
// we can add this check by not sure if its needed here
if path, err := common.ValidatePattern(rule.Data, "/", []commonAnchors.IsAnchor{}); err != nil {
if path, err := common.ValidatePattern(target, "/", []commonAnchors.IsAnchor{}); err != nil {
return fmt.Sprintf("data.%s", path), fmt.Errorf("anchors not supported on generate resources: %v", err)
}
}

5
pkg/policy/mutate/validate.go
View file

@ -37,7 +37,8 @@ func (m *Mutate) validateForEach() (string, error) {
}
for i, fe := range m.mutation.ForEachMutation {
if (fe.PatchesJSON6902 == "" && fe.PatchStrategicMerge == nil) || (fe.PatchesJSON6902 != "" && fe.PatchStrategicMerge != nil) {
psm := fe.GetPatchStrategicMerge()
if (fe.PatchesJSON6902 == "" && psm == nil) || (fe.PatchesJSON6902 != "" && psm != nil) {
return fmt.Sprintf("foreach[%d]", i), fmt.Errorf("only one of `patchStrategicMerge` or `patchesJson6902` is allowed")
}
}
@ -50,7 +51,7 @@ func (m *Mutate) hasForEach() bool {
}
func (m *Mutate) hasPatchStrategicMerge() bool {
return m.mutation.PatchStrategicMerge != nil
return m.mutation.GetPatchStrategicMerge() != nil
}
func (m *Mutate) hasPatchesJSON6902() bool {

47
pkg/policy/validate.go
View file

@ -213,7 +213,7 @@ func Validate(policy *kyverno.ClusterPolicy, client *dclient.Client, mock bool,
if rule.HasValidate() {
if rule.Validation.Pattern != nil || rule.Validation.AnyPattern != nil {
if rule.Validation.GetPattern() != nil || rule.Validation.GetAnyPattern() != nil {
if !ruleOnlyDealsWithResourceMetaData(rule) {
return fmt.Errorf("policy can only deal with the metadata field of the resource if" +
" the rule does not match any kind")
@ -221,11 +221,12 @@ func Validate(policy *kyverno.ClusterPolicy, client *dclient.Client, mock bool,
}
if rule.Validation.Deny != nil {
kyvernoConditions, _ := utils.ApiextensionsJsonToKyvernoConditions(rule.Validation.Deny.AnyAllConditions)
kyvernoConditions, _ := utils.ApiextensionsJsonToKyvernoConditions(rule.Validation.Deny.GetAnyAllConditions())
switch typedConditions := kyvernoConditions.(type) {
case []kyverno.Condition: // backwards compatibility
for _, condition := range typedConditions {
if !strings.Contains(condition.Key.(string), "request.object.metadata.") && (!wildCardAllowedVariables.MatchString(condition.Key.(string)) || strings.Contains(condition.Key.(string), "request.object.spec")) {
key := condition.GetKey()
if !strings.Contains(key.(string), "request.object.metadata.") && (!wildCardAllowedVariables.MatchString(key.(string)) || strings.Contains(key.(string), "request.object.spec")) {
return fmt.Errorf("policy can only deal with the metadata field of the resource if" +
" the rule does not match any kind")
}
@ -804,10 +805,10 @@ func isLabelAndAnnotationsString(rule kyverno.Rule) bool {
return true
}
patternMap, ok := rule.Validation.Pattern.(map[string]interface{})
patternMap, ok := rule.Validation.GetPattern().(map[string]interface{})
if ok {
return checkMetadata(patternMap)
} else if rule.Validation.AnyPattern != nil {
} else if rule.Validation.GetAnyPattern() != nil {
anyPatterns, err := rule.Validation.DeserializeAnyPattern()
if err != nil {
log.Log.Error(err, "failed to deserialize anyPattern, expect type array")
@ -828,7 +829,7 @@ func isLabelAndAnnotationsString(rule kyverno.Rule) bool {
}
func ruleOnlyDealsWithResourceMetaData(rule kyverno.Rule) bool {
patches, _ := rule.Mutation.PatchStrategicMerge.(map[string]interface{})
patches, _ := rule.Mutation.GetPatchStrategicMerge().(map[string]interface{})
for k := range patches {
if k != "metadata" {
return false
@ -846,7 +847,7 @@ func ruleOnlyDealsWithResourceMetaData(rule kyverno.Rule) bool {
}
}
patternMap, _ := rule.Validation.Pattern.(map[string]interface{})
patternMap, _ := rule.Validation.GetPattern().(map[string]interface{})
for k := range patternMap {
if k != "metadata" {
return false
@ -936,15 +937,17 @@ func validateResources(rule kyverno.Rule) (string, error) {
}
//validating the values present under validate.preconditions, if they exist
if rule.AnyAllConditions != nil {
if path, err := validateConditions(rule.AnyAllConditions, "preconditions"); err != nil {
if target := rule.GetAnyAllConditions(); target != nil {
if path, err := validateConditions(target, "preconditions"); err != nil {
return fmt.Sprintf("validate.%s", path), err
}
}
//validating the values present under validate.conditions, if they exist
if rule.Validation.Deny != nil && rule.Validation.Deny.AnyAllConditions != nil {
if path, err := validateConditions(rule.Validation.Deny.AnyAllConditions, "conditions"); err != nil {
return fmt.Sprintf("validate.deny.%s", path), err
if rule.Validation.Deny != nil {
if target := rule.Validation.Deny.GetAnyAllConditions(); target != nil {
if path, err := validateConditions(target, "conditions"); err != nil {
return fmt.Sprintf("validate.deny.%s", path), err
}
}
}
return "", nil
@ -1000,10 +1003,12 @@ func validateConditions(conditions apiextensions.JSON, schemaKey string) (string
// validateConditionValues validates whether all the values under the 'value' field of a 'conditions' field
// are apt with respect to the provided 'condition.key'
func validateConditionValues(c kyverno.Condition) (string, error) {
if c.Key == nil || c.Value == nil || c.Operator == "" {
k := c.GetKey()
v := c.GetValue()
if k == nil || v == nil || c.Operator == "" {
return "", fmt.Errorf("entered value of `key`, `value` or `operator` is missing or misspelled")
}
switch reflect.TypeOf(c.Key).Kind() {
switch reflect.TypeOf(k).Kind() {
case reflect.String:
value, err := validateValuesKeyRequest(c)
return value, err
@ -1013,7 +1018,8 @@ func validateConditionValues(c kyverno.Condition) (string, error) {
}
func validateValuesKeyRequest(c kyverno.Condition) (string, error) {
switch strings.ReplaceAll(c.Key.(string), " ", "") {
k := c.GetKey()
switch strings.ReplaceAll(k.(string), " ", "") {
case "{{request.operation}}":
return validateConditionValuesKeyRequestOperation(c)
default:
@ -1030,19 +1036,20 @@ func validateConditionValuesKeyRequestOperation(c kyverno.Condition) (string, er
"DELETE": true,
"CONNECT": true,
}
switch reflect.TypeOf(c.Value).Kind() {
v := c.GetValue()
switch reflect.TypeOf(v).Kind() {
case reflect.String:
valueStr := c.Value.(string)
valueStr := v.(string)
// allow templatized values like {{ config-map.data.sample-key }}
// because they might be actually pointing to a rightful value in the provided config-map
if len(valueStr) >= 4 && valueStr[:2] == "{{" && valueStr[len(valueStr)-2:] == "}}" {
return "", nil
}
if !valuesAllowed[valueStr] {
return fmt.Sprintf("value: %s", c.Value.(string)), fmt.Errorf("unknown value '%s' found under the 'value' field. Only the following values are allowed: [CREATE, UPDATE, DELETE, CONNECT]", c.Value.(string))
return fmt.Sprintf("value: %s", v.(string)), fmt.Errorf("unknown value '%s' found under the 'value' field. Only the following values are allowed: [CREATE, UPDATE, DELETE, CONNECT]", v.(string))
}
case reflect.Slice:
values := reflect.ValueOf(c.Value)
values := reflect.ValueOf(v)
for i := 0; i < values.Len(); i++ {
value := values.Index(i).Interface().(string)
if !valuesAllowed[value] {
@ -1050,7 +1057,7 @@ func validateConditionValuesKeyRequestOperation(c kyverno.Condition) (string, er
}
}
default:
return "value", fmt.Errorf("'value' field found to be of the type %v. The provided value/values are expected to be either in the form of a string or list", reflect.TypeOf(c.Value).Kind())
return "value", fmt.Errorf("'value' field found to be of the type %v. The provided value/values are expected to be either in the form of a string or list", reflect.TypeOf(v).Kind())
}
return "", nil
}

14
pkg/policy/validate/validate.go
View file

@ -31,13 +31,13 @@ func (v *Validate) Validate() (string, error) {
return "", err
}
if v.rule.Pattern != nil {
if path, err := common.ValidatePattern(v.rule.Pattern, "/", []commonAnchors.IsAnchor{commonAnchors.IsConditionAnchor, commonAnchors.IsExistenceAnchor, commonAnchors.IsEqualityAnchor, commonAnchors.IsNegationAnchor, commonAnchors.IsGlobalAnchor}); err != nil {
if target := v.rule.GetPattern(); target != nil {
if path, err := common.ValidatePattern(target, "/", []commonAnchors.IsAnchor{commonAnchors.IsConditionAnchor, commonAnchors.IsExistenceAnchor, commonAnchors.IsEqualityAnchor, commonAnchors.IsNegationAnchor, commonAnchors.IsGlobalAnchor}); err != nil {
return fmt.Sprintf("pattern.%s", path), err
}
}
if v.rule.AnyPattern != nil {
if target := v.rule.GetAnyPattern(); target != nil {
anyPattern, err := v.rule.DeserializeAnyPattern()
if err != nil {
return "anyPattern", fmt.Errorf("failed to deserialize anyPattern, expect array: %v", err)
@ -79,11 +79,11 @@ func validationElemCount(v *kyverno.Validation) int {
}
count := 0
if v.Pattern != nil {
if v.GetPattern() != nil {
count++
}
if v.AnyPattern != nil {
if v.GetAnyPattern() != nil {
count++
}
@ -125,11 +125,11 @@ func foreachElemCount(foreach *kyverno.ForEachValidation) int {
}
count := 0
if foreach.Pattern != nil {
if foreach.GetPattern() != nil {
count++
}
if foreach.AnyPattern != nil {
if foreach.GetAnyPattern() != nil {
count++
}

2
pkg/webhooks/generation.go
View file

@ -240,7 +240,7 @@ func (ws *WebhookServer) handleUpdateGenerateTargetResource(request *v1beta1.Adm
if err != nil {
logger.V(4).Info("skipping generate policy and resource pattern validaton", "error", err)
} else {
data := updatedRule.Generation.DeepCopy().Data
data := updatedRule.Generation.DeepCopy().GetData()
if data != nil {
if _, err := gen.ValidateResourceWithPattern(logger, newRes.Object, data); err != nil {
enqueueBool = true