mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

fix: webhooks are not configured correctly (#3660)

Browse source 
* Fix webhook rules equality when internal is empty

The current implementation of the 'webhookRulesEqual' didn't check for
the corner case were both the internal representation and the API have
length of one, but the internal representation has 1 rule with no
selectors.
In this case the 'webhookRulesEqual' should return false, as the 2
configurations are not the same.

Signed-off-by: Ioannis Bouloumpasis <buluba@arrikto.com>

* Fix tests

Add a small time delay when checking if a Policy is ready in tests to
ensure that the Policy is actually ready.

Signed-off-by: Ioannis Bouloumpasis <buluba@arrikto.com>
This commit is contained in:
Ioannis Bouloumpasis 2022-04-25 18:19:39 +03:00 committed by GitHub
parent 2c4ca04e25
commit a205bc3e2e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
pkg/webhookconfig/configmanager.go
View file

@ -551,6 +551,14 @@ func webhookRulesEqual(apiRules []interface{}, internalRules []interface{}) (boo
}
}
// Handle edge case when internal is empty but API has one rule.
// internal representation is one rule but with no selectors.
if len(apiRules) == 1 && len(internalRules) == 1 {
if len(internalRules[0].(map[string]interface{})) == 0 {
return false, nil
}
}
// Both *should* be length 1, but as long
// as they are equal the next loop works.
if len(apiRules) != len(internalRules) {

3
pkg/webhookconfig/configmanager_test.go
View file

@ -117,6 +117,9 @@ func TestRulesEqual(t *testing.T) {
// Both rules select secrets and configmaps (reversed compared to previous). Should be equal.
{"secrets-cm-equal", secretsConfigmapsInternalRules, secretsConfigmapsAPIRules, true, false},
// Internal empty, API has one rule. Not equal.
{"internal-empty-api-single", emptyInternalRules, configmapsSecretsAPIRules, false, false},
// Internal is updated from nothing to configmaps. Not equal.
{"add-configmaps", configmapsInternalRules, emptyAPIRules, false, false},

2
test/e2e/common/common.go
View file

@ -95,6 +95,8 @@ func checkPolicyCreated(policyName string) func() error {
return fmt.Errorf("policy not created: %v", err)
}
// Wait to make sure that the Policy is ready.
time.Sleep(2 * time.Second)
return nil
}
}