fixed policy validationa and patch strategic merge bug (#1136)

2025-03-31 03:45:17 +00:00 · 2020-09-19 00:48:13 +05:30 · 2020-09-19 00:48:13 +05:30 · a1081c8f82
commit a1081c8f82
parent 0814d9e799
3 changed files with 32 additions and 5 deletions
--- a/pkg/engine/mutate/strategicPreprocessing.go
+++ b/pkg/engine/mutate/strategicPreprocessing.go
@ -103,7 +103,7 @@ func walkMap(pattern, resource *yaml.RNode) error {
 			if ind == -1 {
 				continue
 			}
-             
+
 			// remove anchor tags from value
 			// A MappingNode contains keyNode and Value node
 			// keyNode contains it's key value in it's Value field, So remove anchor tags from Value field
@ -131,6 +131,17 @@ func walkMap(pattern, resource *yaml.RNode) error {
 					return err
 				}
 			}
+		} else {
+			// remove anchors from patterns where there is no specific key exists in resource.
+			// Ex :-
+			// pattern : {"annotations": {"+(add-annotation)":"true" }}
+			// resource : No "annotations" key
+			if hasAnchors(pattern) {
+				err := preProcessPattern(patternMapNode.Value, resource)
+				if err != nil {
+					return err
+				}
+			}
 		}
 	}
 	return nil
@ -484,7 +495,7 @@ func hasAnchors(pattern *yaml.RNode) bool {
 		}
 		for _, key := range fields {

-			if anchor.IsConditionAnchor(key) {
+			if anchor.IsConditionAnchor(key) || anchor.IsAddingAnchor(key) {
 				return true
 			}
 			patternMapNode := pattern.Field(key)
--- a/pkg/engine/mutate/strategicPreprocessing_test.go
+++ b/pkg/engine/mutate/strategicPreprocessing_test.go
@ -95,7 +95,6 @@ func Test_preProcessStrategicMergePatch_Deployment(t *testing.T) {
 	}
 }

-
 func Test_preProcessStrategicMergePatch_Annotation(t *testing.T) {
 	rawPolicy := []byte(`{"metadata":{"annotations":{"+(cluster-autoscaler.kubernetes.io/safe-to-evict)":true}},"spec":{"volumes":[{"(hostPath)":{"path":"*"}}]}}`)

@ -112,3 +111,20 @@ func Test_preProcessStrategicMergePatch_Annotation(t *testing.T) {
 		t.FailNow()
 	}
 }
+
+func Test_preProcessStrategicMergePatch_BlankAnnotation(t *testing.T) {
+	rawPolicy := []byte(`{"metadata":{"annotations":{"+(cluster-autoscaler.kubernetes.io/safe-to-evict)":true},"labels":{"+(add-labels)":"add"}},"spec":{"volumes":[{"(hostPath)":{"path":"*"}}]}}`)
+
+	rawResource := []byte(`{"kind":"Pod","apiVersion":"v1","metadata":{"name":"nginx"},"spec":{"containers":[{"name":"nginx","image":"nginx:latest","imagePullPolicy":"Never","volumeMounts":[{"mountPath":"/cache","name":"cache-volume"}]}],"volumes":[{"name":"cache-volume","hostPath":{"path":"/data","type":"Directory"}}]}}`)
+
+	expected := `{"metadata":{"annotations":{"cluster-autoscaler.kubernetes.io/safe-to-evict":true},"labels":{"add-labels":"add"}},"spec":{"volumes":[{"name":"cache-volume"}]}}`
+
+	preProcessedPolicy, err := preProcessStrategicMergePatch(string(rawPolicy), string(rawResource))
+	assert.NilError(t, err)
+	output, err := preProcessedPolicy.String()
+	assert.NilError(t, err)
+	re := regexp.MustCompile("\\n")
+	if !assertnew.Equal(t, strings.ReplaceAll(expected, " ", ""), strings.ReplaceAll(re.ReplaceAllString(output, ""), " ", "")) {
+		t.FailNow()
+	}
+}
--- a/pkg/policy/validate.go
+++ b/pkg/policy/validate.go
@ -70,8 +70,8 @@ func Validate(policyRaw []byte, client *dclient.Client, mock bool, openAPIContro
 			}
 			for _, resList := range res {
 				for _, r := range resList.APIResources {
-					if r.Namespaced == false {
-						if clusterResourcesMap[r.Kind] != nil {
+					if !r.Namespaced {
+						if _, ok := clusterResourcesMap[r.Kind]; !ok {
 							clusterResourcesMap[r.Kind] = &Empty
 						}
 					}