Relax JMESPath variable validation (#3826)

pkg/policy/validate.go

@@ -868,18 +868,6 @@ func validateRuleContext(rule kyverno.Rule) error {
 			return err
 		}
 	}
-
-	ruleBytes, _ := json.Marshal(rule)
-	for _, contextName := range contextNames {
-		contextRegex, err := regexp.Compile(fmt.Sprintf(`{{.*\b%s\b.*}}`, contextName))
-		if err != nil {
-			return fmt.Errorf("unable to validate context variable `%s`, %w", contextName, err)
-		}
-		if !contextRegex.Match(ruleBytes) {
-			return fmt.Errorf("context variable `%s` is not used in the policy", contextName)
-		}
-	}
-
 	return nil
 }
 

test/cli/test/context-entries/kyverno-test.yaml

@@ -54,3 +54,8 @@ results:
     resource: example
     kind: Pod
     result: pass
+  - policy: example
+    rule:  unused-var
+    resource: example
+    kind: Pod
+    result: pass

test/cli/test/context-entries/policies.yaml

@@ -188,3 +188,30 @@ spec:
           - key: "{{ obj }}"
             operator: NotEqual
             value: "{{ expected }}"
+  - name: unused-var
+    context:
+    - name: obj
+      variable:
+        value:
+          a: 1
+          b: 2
+    - name: modifiedObj
+      variable:
+        jmesPath: items(obj, 'key', 'value')
+    - name: expected
+      variable:
+        value:
+          - key: a
+            value: 1
+          - key: b
+            value: 2
+    match:
+      resources:
+        kinds:
+        - Pod
+    validate:
+      deny:
+        conditions:
+          - key: "{{ modifiedObj }}"
+            operator: NotEqual
+            value: "{{ expected }}"