mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

fix linter issues

Browse source 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
This commit is contained in:
Jim Bugwadia 2021-10-03 23:07:40 -07:00
parent 529a3509d5
commit ee6aafa7bb
2 changed files with 7 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
pkg/engine/utils.go
View file

@ -256,15 +256,15 @@ func matchSubjects(ruleSubjects []rbacv1.Subject, userInfo authenticationv1.User
}
//MatchesResourceDescription checks if the resource matches resource description of the rule or not
func MatchesResourceDescription(resourceRef unstructured.Unstructured, ruleRef kyverno.Rule, admissionInfoRef kyverno.RequestInfo, dynamicConfig []string, namespaceLabels map[string]string) error {
func MatchesResourceDescription(resourceRef unstructured.Unstructured, ruleRef *kyverno.Rule, admissionInfoRef kyverno.RequestInfo, dynamicConfig []string, namespaceLabels map[string]string) error {
rule := *ruleRef.DeepCopy()
rule := ruleRef.DeepCopy()
resource := *resourceRef.DeepCopy()
admissionInfo := *admissionInfoRef.DeepCopy()
var reasonsForFailure []error
if len(rule.MatchResources.Any) > 0 {
// inlcude object if ANY of the criterias match
// include object if ANY of the criteria match
// so if one matches then break from loop
oneMatched := false
for _, rmr := range rule.MatchResources.Any {

7
pkg/engine/validation.go
View file

@ -92,7 +92,8 @@ func validateResource(log logr.Logger, ctx *PolicyContext) *response.EngineRespo
ctx.JSONContext.Checkpoint()
defer ctx.JSONContext.Restore()
for _, rule := range ctx.Policy.Spec.Rules {
for i := range ctx.Policy.Spec.Rules {
rule := &ctx.Policy.Spec.Rules[i]
if !rule.HasValidate() {
continue
}
@ -106,7 +107,7 @@ func validateResource(log logr.Logger, ctx *PolicyContext) *response.EngineRespo
ctx.JSONContext.Reset()
startTime := time.Now()
ruleResp := processValidationRule(log, ctx, &rule)
ruleResp := processValidationRule(log, ctx, rule)
if ruleResp != nil {
addRuleResponse(log, resp, ruleResp, startTime)
}
@ -417,7 +418,7 @@ func isEmptyUnstructured(u *unstructured.Unstructured) bool {
}
// matches checks if either the new or old resource satisfies the filter conditions defined in the rule
func matches(logger logr.Logger, rule kyverno.Rule, ctx *PolicyContext) bool {
func matches(logger logr.Logger, rule *kyverno.Rule, ctx *PolicyContext) bool {
err := MatchesResourceDescription(ctx.NewResource, rule, ctx.AdmissionInfo, ctx.ExcludeGroupRole, ctx.NamespaceLabels)
if err == nil {
return true