add request.namespace in the background process

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
2025-03-06 07:57:07 +00:00 · 2021-02-22 17:22:23 -08:00 · 2021-02-22 17:22:23 -08:00 · d770d6680b
commit d770d6680b
parent 17c72c1578
3 changed files with 31 additions and 2 deletions
--- a/pkg/engine/context/context.go
+++ b/pkg/engine/context/context.go
@ -28,6 +28,9 @@ type Interface interface {
 	// AddServiceAccount merges ServiceAccount types
 	AddServiceAccount(userName string) error

+	// AddNamespace merges resource json under request.namespace
+	AddNamespace(namespace string) error
+
 	EvalInterface
 }

@ -190,6 +193,27 @@ func (ctx *Context) AddServiceAccount(userName string) error {
 	return nil
 }

+// AddNamespace merges resource json under request.namespace
+func (ctx *Context) AddNamespace(namespace string) error {
+	modifiedResource := struct {
+		Request interface{} `json:"request"`
+	}{
+		Request: struct {
+			Namespace string `json:"namespace"`
+		}{
+			Namespace: namespace,
+		},
+	}
+
+	objRaw, err := json.Marshal(modifiedResource)
+	if err != nil {
+		ctx.log.Error(err, "failed to marshal the resource")
+		return err
+	}
+
+	return ctx.AddJSON(objRaw)
+}
+
 // Checkpoint creates a copy of the internal state.
 // Prior checkpoints will be overridden.
 func (ctx *Context) Checkpoint() {
--- a/pkg/policy/apply.go
+++ b/pkg/policy/apply.go
@ -42,7 +42,12 @@ func applyPolicy(policy kyverno.ClusterPolicy, resource unstructured.Unstructure
 	ctx := context.NewContext()
 	err = ctx.AddResource(transformResource(resource))
 	if err != nil {
-		logger.Error(err, "enable to add transform resource to ctx")
+		logger.Error(err, "failed to add transform resource to ctx")
+	}
+
+	err = ctx.AddNamespace(resource.GetNamespace())
+	if err != nil {
+		logger.Error(err, "failed to add namespace to ctx")
 	}

 	engineResponseMutation, err = mutation(policy, resource, logger, resCache, ctx, namespaceLabels)
--- a/pkg/policy/background.go
+++ b/pkg/policy/background.go
@ -21,7 +21,7 @@ func ContainsVariablesOtherThanObject(policy kyverno.ClusterPolicy) error {
 			return fmt.Errorf("invalid variable used at path: spec/rules[%d]/exclude/%s", idx, path)
 		}

-		filterVars := []string{"request.object"}
+		filterVars := []string{"request.object", "request.namespace"}
 		ctx := context.NewContext(filterVars...)

 		for contextIdx, contextEntry := range rule.Context {