Merge branch 'master' into 671_cleanUp_generate

definitions/install.yaml

@@ -30,6 +30,8 @@ spec:
               enum: 
               - enforce # blocks the resorce api-reques if a rule fails.
               - audit # allows resource creation and reports the failed validation rules as violations. Default
+            background:
+              type: boolean
             rules:
               type: array
               items:

definitions/install_debug.yaml

@@ -30,6 +30,8 @@ spec:
               enum: 
               - enforce # blocks the resorce api-reques if a rule fails.
               - audit # allows resource creation and reports the failed validation rules as violations. Default
+            background:
+              type: boolean
               rules:
               type: array
               items:

pkg/policy/validate.go

@@ -32,7 +32,7 @@ func Validate(p kyverno.ClusterPolicy) error {
 			// policy.spec.background -> "true"
 			// - cannot use variables with request.userInfo
 			// - cannot define userInfo(roles, cluserRoles, subjects) for filtering (match & exclude)
-			return fmt.Errorf("userInfo not allowed in background policy mode. %v", err)
+			return fmt.Errorf("userInfo is not allowed in match or exclude when backgroud policy mode is true. Set spec.background=false to disable background mode for this policy rule. %s ", err)
 		}
 	}