updates with case insensitivity guarantee (#4954)

* updates with case insensitivity guarantee Signed-off-by: Chip Zoller <chipzoller@gmail.com> * fix syntax Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2025-03-31 03:45:17 +00:00 · 2022-10-17 03:43:12 -04:00 · 2022-10-17 03:43:12 -04:00 · b522274d74
commit b522274d74
parent 3ebb6284cc
2 changed files with 4 additions and 2 deletions
--- a/charts/kyverno-policies/Chart.yaml
+++ b/charts/kyverno-policies/Chart.yaml
@ -39,3 +39,5 @@ annotations:
      description: Added ability to get additional policies from restricted
    - kind: fixed
      description: Applied fix in preconditions for background mode
    - kind: added
      description: Added case insensitivity guarantees to disallow-capabilities-strict
--- a/charts/kyverno-policies/templates/restricted/disallow-capabilities-strict.yaml
+++ b/charts/kyverno-policies/templates/restricted/disallow-capabilities-strict.yaml
@ -71,7 +71,7 @@ spec:
                all:
                - key: ALL
                  operator: AnyNotIn
-                  value: "{{`{{ element.securityContext.capabilities.drop || '' }}`}}"
+                  value: "{{`{{`}} element.securityContext.capabilities.drop[].to_upper(@) || `[]` {{`}}`}}"
    - name: adding-capabilities-strict
      match:
        any:
@ -111,7 +111,7 @@ spec:
            deny:
              conditions:
                all:
-                - key: "{{`{{ element.securityContext.capabilities.add[] || '' }}`}}"
+                - key: "{{`{{`}} element.securityContext.capabilities.add[].to_upper(@) || `[]` {{`}}`}}"
                  operator: AnyNotIn
                  value:
                  - NET_BIND_SERVICE