diff --git a/pkg/utils/kube/kind.go b/pkg/utils/kube/kind.go index b2ed5fbf0d..c5f5e09161 100644 --- a/pkg/utils/kube/kind.go +++ b/pkg/utils/kube/kind.go @@ -29,6 +29,18 @@ func formatSubresource(s string) string { return strings.Replace(s, ".", "/", 1) } +// GetGroupFromGVK - get group GVK +func GetGroupFromGVK(str string) (group string) { + parts := strings.Split(str, "/") + count := len(parts) + if count == 3 { + if parts[1] == "*" { + return parts[0] + } + } + return "" +} + func SplitSubresource(s string) (kind string, subresource string) { normalized := strings.Replace(s, ".", "/", 1) parts := strings.Split(normalized, "/") diff --git a/pkg/webhookconfig/configmanager.go b/pkg/webhookconfig/configmanager.go index 2d54b36cbb..57217c2bc7 100644 --- a/pkg/webhookconfig/configmanager.go +++ b/pkg/webhookconfig/configmanager.go @@ -795,7 +795,8 @@ func (m *webhookConfigManager) mergeWebhook(dst *webhook, policy kyverno.PolicyI continue } if strings.Contains(gvk, "*") { - gvrList = append(gvrList, schema.GroupVersionResource{Group: gvr.Group, Version: "*", Resource: gvr.Resource}) + group := kubeutils.GetGroupFromGVK(gvk) + gvrList = append(gvrList, schema.GroupVersionResource{Group: group, Version: "*", Resource: gvr.Resource}) } else { m.log.V(4).Info("configuring webhook", "GVK", gvk, "GVR", gvr) gvrList = append(gvrList, gvr) diff --git a/test/cli/registry/kyverno-test.yaml b/test/cli/registry/kyverno-test.yaml index c93686bd75..91bf472e37 100644 --- a/test/cli/registry/kyverno-test.yaml +++ b/test/cli/registry/kyverno-test.yaml @@ -3,6 +3,7 @@ policies: - image-example.yaml resources: - resources.yaml +variables: values.yaml results: - policy: images rule: only-allow-trusted-images diff --git a/test/cli/registry/values.yaml b/test/cli/registry/values.yaml new file mode 100644 index 0000000000..3fd98d8ad8 --- /dev/null +++ b/test/cli/registry/values.yaml @@ -0,0 +1,6 @@ +policies: +- name: check-image-base + rules: + - name: check-image-base-rule + foreachValues: + mobysource: ["1"] \ No newline at end of file