diff --git a/pkg/engine/jsonContext.go b/pkg/engine/jsonContext.go index a83629fef8..4dd3e2b080 100644 --- a/pkg/engine/jsonContext.go +++ b/pkg/engine/jsonContext.go @@ -12,6 +12,7 @@ import ( "github.com/kyverno/kyverno/pkg/resourcecache" "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/dynamic/dynamiclister" + "strings" ) // LoadContext - Fetches and adds external data to the Context. @@ -183,6 +184,9 @@ func fetchConfigMap(entry kyverno.ContextEntry, lister dynamiclister.Lister) ([] return nil, fmt.Errorf("failed to convert configmap %s/%s: %v", namespace, name, err) } + // update the unstructuredObj["data"] to delimit and split the string value (containing "\n") with "\n" + unstructuredObj["data"] = parseMultilineBlockBody(unstructuredObj["data"].(map[string]interface{})) + // extract configmap data contextData["data"] = unstructuredObj["data"] contextData["metadata"] = unstructuredObj["metadata"] @@ -195,3 +199,25 @@ func fetchConfigMap(entry kyverno.ContextEntry, lister dynamiclister.Lister) ([] return data, nil } + +// parseMultilineBlockBody recursively iterates through a map and updates its values in the following way +// whenever it encounters a string value containing "\n", +// it converts it into a []string by splitting it by "\n" +func parseMultilineBlockBody(m map[string]interface{}) map[string]interface{} { + for k, v := range m { + switch typedValue := v.(type) { + case string: + trimmedTypedValue := strings.Trim(typedValue, "\n") + if strings.Contains(trimmedTypedValue, "\n") { + m[k] = strings.Split(trimmedTypedValue, "\n") + } else { + m[k] = trimmedTypedValue // trimming a str if it has trailing newline characters + } + case map[string]interface{}: + m[k] = parseMultilineBlockBody(typedValue) + default: + continue + } + } + return m +} diff --git a/pkg/engine/jsonContext_test.go b/pkg/engine/jsonContext_test.go new file mode 100644 index 0000000000..0bb4c65455 --- /dev/null +++ b/pkg/engine/jsonContext_test.go @@ -0,0 +1,71 @@ +package engine + +import ( + "bytes" + "encoding/json" + "gotest.tools/assert" + "testing" +) + +func Test_parseMultilineBlockBody(t *testing.T) { + tcs := []struct { + multilineBlockRaw []byte + expectedMultilineBlockRaw []byte + expectedErr bool + }{ + { + multilineBlockRaw: []byte(`{ + "key1": "value", + "key2": "value2", + "key3": "word1\nword2\nword3", + "key4": "word4\n" + }`), + expectedMultilineBlockRaw: []byte(`{"key1":"value","key2":"value2","key3":["word1","word2","word3"],"key4":"word4"}`), + expectedErr: false, + }, + { + multilineBlockRaw: []byte(`{ + "key1": "value", + "key2": "value2", + "key3": "word1\nword2\nword3", + "key4": "word4" + }`), + expectedMultilineBlockRaw: []byte(`{"key1":"value","key2":"value2","key3":["word1","word2","word3"],"key4":"word4"}`), + expectedErr: false, + }, + { + multilineBlockRaw: []byte(`{ + "key1": "value1", + "key2": "value2\n", + "key3": "word1", + "key4": "word2" + }`), + expectedMultilineBlockRaw: []byte(`{"key1":"value1","key2":["value2",""]}`), + expectedErr: true, + }, + { + multilineBlockRaw: []byte(`{ + "key1": "value1", + "key2": "[\"cluster-admin\", \"cluster-operator\", \"tenant-admin\"]" + }`), + expectedMultilineBlockRaw: []byte(`{"key1":"value1","key2":"[\"cluster-admin\", \"cluster-operator\", \"tenant-admin\"]"}`), + expectedErr: false, + }, + } + + for _, tc := range tcs { + var multilineBlock map[string]interface{} + err := json.Unmarshal(tc.multilineBlockRaw, &multilineBlock) + assert.NilError(t, err) + + parsedMultilineBlock := parseMultilineBlockBody(multilineBlock) + parsedMultilineBlockRaw, err := json.Marshal(parsedMultilineBlock) + assert.NilError(t, err) + + if tc.expectedErr { + assert.Assert(t, bytes.Compare(parsedMultilineBlockRaw, tc.expectedMultilineBlockRaw) != 0) + } else { + assert.Assert(t, bytes.Compare(parsedMultilineBlockRaw, tc.expectedMultilineBlockRaw) == 0) + } + } +}