From d4d190bbb149c7fc4872ce87eb5697d5938444f3 Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Fri, 21 Jul 2023 05:03:39 +0100
Subject: [PATCH] policy validation: fix assignment to entry in nil map (#7874)

Signed-off-by: AdamKorcz <adam@adalogics.com>
Co-authored-by: shuting <shuting@nirmata.com>
---
 pkg/validation/policy/validate.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/validation/policy/validate.go b/pkg/validation/policy/validate.go
index d16a87785d..6390a141df 100644
--- a/pkg/validation/policy/validate.go
+++ b/pkg/validation/policy/validate.go
@@ -1262,6 +1262,9 @@ func validateNamespaces(s *kyvernov1.Spec, path *field.Path) error {
 	}
 
 	for i, vfa := range s.ValidationFailureActionOverrides {
+		if !vfa.Action.IsValid() {
+			return fmt.Errorf("invalid action")
+		}
 		patternList, nsList := wildcard.SeperateWildcards(vfa.Namespaces)
 
 		if vfa.Action.Audit() {