mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 07:57:07 +00:00
Code Activity

Merge pull request #2224 from NoSkillGirl/2223/cli_set_flag_panic

Browse source 
Fix for - CLI panics when variables are passed using `set` flag
This commit is contained in:
Pooja Singh 2021-08-02 19:24:25 +05:30 committed by GitHub
commit c54e166310
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 43 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
pkg/kyverno/apply/apply_command.go
View file

@ -138,6 +138,7 @@ func Command() *cobra.Command {
cmd.Flags().StringArrayVarP(&resourcePaths, "resource", "r", []string{}, "Path to resource files") cmd.Flags().StringArrayVarP(&resourcePaths, "resource", "r", []string{}, "Path to resource files")
cmd.Flags().BoolVarP(&cluster, "cluster", "c", false, "Checks if policies should be applied to cluster in the current context") cmd.Flags().BoolVarP(&cluster, "cluster", "c", false, "Checks if policies should be applied to cluster in the current context")
cmd.Flags().StringVarP(&mutateLogPath, "output", "o", "", "Prints the mutated resources in provided file/directory") cmd.Flags().StringVarP(&mutateLogPath, "output", "o", "", "Prints the mutated resources in provided file/directory")
// currently `set` flag supports variable for single policy applied on single resource
cmd.Flags().StringVarP(&variablesString, "set", "s", "", "Variables that are required") cmd.Flags().StringVarP(&variablesString, "set", "s", "", "Variables that are required")
cmd.Flags().StringVarP(&valuesFile, "values-file", "f", "", "File containing values for policy variables") cmd.Flags().StringVarP(&valuesFile, "values-file", "f", "", "File containing values for policy variables")
cmd.Flags().BoolVarP(&policyReport, "policy-report", "", false, "Generates policy report when passed (default policyviolation r") cmd.Flags().BoolVarP(&policyReport, "policy-report", "", false, "Generates policy report when passed (default policyviolation r")
@ -234,6 +235,14 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool,
os.Exit(1) os.Exit(1)
} }
if (len(resources) > 1 || len(mutatedPolicies) > 1) && variablesString != "" {
return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError("currently `set` flag supports variable for single policy applied on single resource ", nil)
}
if variablesString != "" {
variables = setInStoreContext(mutatedPolicies, variables)
}
msgPolicies := "1 policy" msgPolicies := "1 policy"
if len(mutatedPolicies) > 1 { if len(mutatedPolicies) > 1 {
msgPolicies = fmt.Sprintf("%d policies", len(policies)) msgPolicies = fmt.Sprintf("%d policies", len(policies))
@ -411,3 +420,37 @@ func createFileOrFolder(mutateLogPath string, mutateLogPathIsDir bool) error {
return nil return nil
} }
func setInStoreContext(mutatedPolicies []*v1.ClusterPolicy, variables map[string]string) map[string]string {
storePolices := make([]store.Policy, 0)
for _, policy := range mutatedPolicies {
storeRules := make([]store.Rule, 0)
for _, rule := range policy.Spec.Rules {
contextVal := make(map[string]string)
if len(rule.Context) != 0 {
for _, contextVar := range rule.Context {
for k, v := range variables {
if strings.HasPrefix(k, contextVar.Name) {
contextVal[k] = v
delete(variables, k)
}
}
}
storeRules = append(storeRules, store.Rule{
Name: rule.Name,
Values: contextVal,
})
}
}
storePolices = append(storePolices, store.Policy{
Name: policy.Name,
Rules: storeRules,
})
}
store.SetContext(store.Context{
Policies: storePolices,
})
return variables
}