mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

Merge pull request #705 from shravanshetty1/702_validate_policy_mutation

Browse source 
#702 - Validate policy mutation does not properly account for match/exclude block
This commit is contained in:
Shravan Shetty 2020-02-16 07:56:59 +05:30 committed by GitHub
commit c65136c4d7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
pkg/openapi/validation.go
View file

@ -77,8 +77,14 @@ func ValidatePolicyMutation(policy v1.ClusterPolicy) error {
var kindToRules = make(map[string][]v1.Rule)
for _, rule := range policy.Spec.Rules {
rule.MatchResources.Selector = nil
if rule.HasMutate() {
rule.MatchResources = v1.MatchResources{
UserInfo: v1.UserInfo{},
ResourceDescription: v1.ResourceDescription{
Kinds: rule.MatchResources.Kinds,
},
}
rule.ExcludeResources = v1.ExcludeResources{}
for _, kind := range rule.MatchResources.Kinds {
kindToRules[kind] = append(kindToRules[kind], rule)
}