mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-07 00:17:13 +00:00
Code Activity

Merge branch '414_mutate_safe-to-evict_emptydir' of https://github.com/nirmata/kyverno into 414_mutate_safe-to-evict_emptydir

Browse source
This commit is contained in:
Jim Bugwadia 2019-11-05 16:45:46 -08:00
commit c63a2b75db
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
pkg/engine/overlay.go
View file

@ -17,6 +17,10 @@ import (
"github.com/nirmata/kyverno/pkg/engine/anchor" "github.com/nirmata/kyverno/pkg/engine/anchor"
) )
// conditionalFieldEmpty is the message to indicate the conditional key
// is not present in the resource, the rule is skipped and is considered as successs
const conditionalFieldEmpty = "resource field is not present"
// processOverlay processes validation patterns on the resource // processOverlay processes validation patterns on the resource
func processOverlay(rule kyverno.Rule, resource unstructured.Unstructured) (response RuleResponse, patchedResource unstructured.Unstructured) { func processOverlay(rule kyverno.Rule, resource unstructured.Unstructured) (response RuleResponse, patchedResource unstructured.Unstructured) {
startTime := time.Now() startTime := time.Now()
@ -33,7 +37,7 @@ func processOverlay(rule kyverno.Rule, resource unstructured.Unstructured) (resp
if err != nil { if err != nil {
// condition key is not present in the resource, don't apply this rule // condition key is not present in the resource, don't apply this rule
// consider as success // consider as success
if strings.Contains(err.Error(), "policy not applied") { if strings.Contains(err.Error(), conditionalFieldEmpty) {
response.Success = true response.Success = true
response.Message = fmt.Sprintf("Resource %s/%s/%s: %v.", resource.GetKind(), resource.GetNamespace(), resource.GetName(), err) response.Message = fmt.Sprintf("Resource %s/%s/%s: %v.", resource.GetKind(), resource.GetNamespace(), resource.GetName(), err)
return response, resource return response, resource
@ -92,7 +96,7 @@ func processOverlay(rule kyverno.Rule, resource unstructured.Unstructured) (resp
func processOverlayPatches(resource, overlay interface{}) ([][]byte, error) { func processOverlayPatches(resource, overlay interface{}) ([][]byte, error) {
if path, err := meetConditions(resource, overlay); err != nil { if path, err := meetConditions(resource, overlay); err != nil {
// anchor key does not exist in the resource, skip applying policy // anchor key does not exist in the resource, skip applying policy
if strings.Contains(err.Error(), "resource field is not present") { if strings.Contains(err.Error(), conditionalFieldEmpty) {
glog.V(4).Infof("Mutate rule: policy not applied: %v at %s", err, path) glog.V(4).Infof("Mutate rule: policy not applied: %v at %s", err, path)
return nil, fmt.Errorf("policy not applied: %v at %s", err, path) return nil, fmt.Errorf("policy not applied: %v at %s", err, path)
} }