Merge branch 'master' into 671_cleanUp_generate

2024-12-14 11:57:48 +00:00 · 2020-02-18 15:00:59 -08:00 · 2020-02-18 15:00:59 -08:00 · d88b0bf2e4
commit d88b0bf2e4
parent 80c618bf98 2f1c8c688c
3 changed files with 6 additions and 2 deletions
--- a/definitions/install.yaml
+++ b/definitions/install.yaml
@ -30,6 +30,8 @@ spec:
              enum: 
              - enforce # blocks the resorce api-reques if a rule fails.
              - audit # allows resource creation and reports the failed validation rules as violations. Default
+            background:
+              type: boolean
            rules:
              type: array
              items:
--- a/definitions/install_debug.yaml
+++ b/definitions/install_debug.yaml
@ -30,6 +30,8 @@ spec:
              enum: 
              - enforce # blocks the resorce api-reques if a rule fails.
              - audit # allows resource creation and reports the failed validation rules as violations. Default
+            background:
+              type: boolean
              rules:
              type: array
              items:
--- a/pkg/policy/validate.go
+++ b/pkg/policy/validate.go
@ -32,7 +32,7 @@ func Validate(p kyverno.ClusterPolicy) error {
 			// policy.spec.background -> "true"
 			// - cannot use variables with request.userInfo
 			// - cannot define userInfo(roles, cluserRoles, subjects) for filtering (match & exclude)
-			return fmt.Errorf("userInfo not allowed in background policy mode. %v", err)
+			return fmt.Errorf("userInfo is not allowed in match or exclude when backgroud policy mode is true. Set spec.background=false to disable background mode for this policy rule. %s ", err)
 		}
 	}