mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

522 untested changes

Browse source
This commit is contained in:
shravan 2020-01-23 20:45:25 +05:30
parent be8527be47
commit af68f77b62
3 changed files with 28 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
pkg/engine/mutate/overlay.go
View file

@ -10,6 +10,8 @@ import (
"strings" "strings"
"time" "time"
"github.com/nirmata/kyverno/pkg/policy"
"github.com/golang/glog" "github.com/golang/glog"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@ -111,6 +113,14 @@ func ProcessOverlay(ctx context.EvalInterface, rule kyverno.Rule, resource unstr
return resp, resource return resp, resource
} }
err = policy.ValidateResource(patchedResource.UnstructuredContent(), patchedResource.GetKind())
if err != nil {
glog.V(4).Infoln(err)
resp.Success = false
resp.Message = fmt.Sprintf("failed to validate patchedResource: %v", err)
return resp, resource
}
// rule application succesfuly // rule application succesfuly
resp.Success = true resp.Success = true
resp.Message = fmt.Sprintf("successfully processed overlay") resp.Message = fmt.Sprintf("successfully processed overlay")

10
pkg/engine/mutate/patches.go
View file

@ -6,6 +6,8 @@ import (
"strings" "strings"
"time" "time"
"github.com/nirmata/kyverno/pkg/policy"
"github.com/golang/glog" "github.com/golang/glog"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1" kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"github.com/nirmata/kyverno/pkg/engine/response" "github.com/nirmata/kyverno/pkg/engine/response"
@ -82,6 +84,14 @@ func ProcessPatches(rule kyverno.Rule, resource unstructured.Unstructured) (resp
return resp, resource return resp, resource
} }
err = policy.ValidateResource(patchedResource.UnstructuredContent(), patchedResource.GetKind())
if err != nil {
glog.V(4).Infoln(err)
resp.Success = false
resp.Message = fmt.Sprintf("failed to validate patchedResource: %v", err)
return resp, resource
}
// JSON patches processed succesfully // JSON patches processed succesfully
resp.Success = true resp.Success = true
resp.Message = fmt.Sprintf("succesfully process JSON patches") resp.Message = fmt.Sprintf("succesfully process JSON patches")

8
pkg/engine/policy/validate.go
View file

@ -8,6 +8,8 @@ import (
"strconv" "strconv"
"strings" "strings"
"github.com/nirmata/kyverno/pkg/policy"
kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1" kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
"github.com/nirmata/kyverno/pkg/engine/anchor" "github.com/nirmata/kyverno/pkg/engine/anchor"
rbacv1 "k8s.io/api/rbac/v1" rbacv1 "k8s.io/api/rbac/v1"
@ -70,6 +72,12 @@ func Validate(p kyverno.ClusterPolicy) error {
} }
} }
} }
err := policy.ValidatePolicyMutation(p)
if err != nil {
return fmt.Errorf("Policy has invalid mutations : %v", err)
}
return nil return nil
} }