mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-28 02:18:15 +00:00
Fix: [Bug] The default field in a context variable does not replace nil results (#7251)
* fixed the bug Signed-off-by: Ved Ratan <vedratan8@gmail.com> * added tests Signed-off-by: Ved Ratan <vedratan8@gmail.com> * added assertion Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fixed tests Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * removed redundant code Signed-off-by: Ved Ratan <vedratan8@gmail.com> * added assert Signed-off-by: Ved Ratan <vedratan8@gmail.com> --------- Signed-off-by: Ved Ratan <vedratan8@gmail.com>
This commit is contained in:
Ved Ratan
GitHub
parent
4d5f832d01
commit
cf28c6480f
8 changed files with 87 additions and 1 deletions
|
|
@ -27,6 +27,7 @@ func LoadVariable(logger logr.Logger, jp jmespath.Interface, entry kyvernov1.Con
|
|||
logger.V(4).Info("evaluated jmespath", "variable name", entry.Name, "jmespath", path)
|
||||
}
|
||||
var defaultValue interface{} = nil
|
||||
|
||||
if entry.Variable.Default != nil {
|
||||
value, err := variables.DocumentToUntyped(entry.Variable.Default)
|
||||
if err != nil {
|
||||
|
|
@ -58,7 +59,9 @@ func LoadVariable(logger logr.Logger, jp jmespath.Interface, entry kyvernov1.Con
|
|||
} else {
|
||||
if path != "" {
|
||||
if variable, err := ctx.Query(path); err == nil {
|
||||
output = variable
|
||||
if variable != nil {
|
||||
output = variable
|
||||
}
|
||||
} else if defaultValue == nil {
|
||||
return fmt.Errorf("failed to apply jmespath %s to variable %v", path, err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: kuttl.dev/v1beta1
|
||||
kind: TestStep
|
||||
apply:
|
||||
- policy.yaml
|
||||
assert:
|
||||
- policy-assert.yaml
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
apiVersion: kuttl.dev/v1beta1
|
||||
kind: TestStep
|
||||
apply:
|
||||
- file: pod.yaml
|
||||
shouldFail: false
|
||||
assert:
|
||||
- pod-assert.yaml
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
## Description
|
||||
|
||||
This test checks that the `default` field in a context variable should replace nil results in mutateExisting policies.
|
||||
|
||||
## Expected Behavior
|
||||
|
||||
With the mutateExisting policy, the context variable `podName` will assume the value of `empty` since there is no pod whose name is starting with `good-`, and the pod should get created as preconditions matching as the value of the variable is set to default which is `empty` is equal to `empty`.
|
||||
|
||||
## Reference Issue(s)
|
||||
|
||||
https://github.com/kyverno/kyverno/issues/7148
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: 'bad-box'
|
||||
labels:
|
||||
foo: bar
|
||||
spec:
|
||||
automountServiceAccountToken: false
|
||||
containers:
|
||||
- name: busybox
|
||||
image: busybox:latest
|
||||
command: ["sleep", "9999"]
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: 'bad-box'
|
||||
spec:
|
||||
automountServiceAccountToken: false
|
||||
containers:
|
||||
- name: busybox
|
||||
image: busybox:latest
|
||||
command: ["sleep", "9999"]
|
||||
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
apiVersion: kyverno.io/v1
|
||||
kind: ClusterPolicy
|
||||
metadata:
|
||||
name: pod-add-labels
|
||||
status:
|
||||
conditions:
|
||||
- reason: Succeeded
|
||||
status: "True"
|
||||
type: Ready
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
apiVersion: kyverno.io/v1
|
||||
kind: ClusterPolicy
|
||||
metadata:
|
||||
name: pod-add-labels
|
||||
spec:
|
||||
rules:
|
||||
- name: foo
|
||||
match:
|
||||
any:
|
||||
- resources:
|
||||
kinds:
|
||||
- Pod
|
||||
context:
|
||||
- name: podName
|
||||
variable:
|
||||
jmesPath: request.object.metadata.name[?starts_with(@, 'good-')] | [0]
|
||||
default: empty
|
||||
preconditions:
|
||||
all:
|
||||
- key: "{{podName}}"
|
||||
operator: Equals
|
||||
value: empty
|
||||
mutate:
|
||||
patchStrategicMerge:
|
||||
metadata:
|
||||
labels:
|
||||
+(foo): bar
|
||||
Loading…
Add table
Reference in a new issue