fix: global context validation (#9643)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

api/kyverno/v2alpha1/global_context_entry_types.go

@@ -80,10 +80,10 @@ func (c *GlobalContextEntrySpec) IsResource() bool {
 // Validate implements programmatic validation
 func (c *GlobalContextEntrySpec) Validate(path *field.Path) (errs field.ErrorList) {
 	if c.IsResource() && c.IsAPICall() {
-		errs = append(errs, field.Forbidden(path.Child("kubernetesResource"), "A global context entry should be either have KubernetesResource or APICall"))
+		errs = append(errs, field.Forbidden(path.Child("kubernetesResource"), "A global context entry should either have KubernetesResource or APICall"))
 	}
 	if !c.IsResource() && !c.IsAPICall() {
-		errs = append(errs, field.Forbidden(path.Child("kubernetesResource"), "A global context entry should be either have KubernetesResource or APICall"))
+		errs = append(errs, field.Forbidden(path.Child("kubernetesResource"), "A global context entry should either have KubernetesResource or APICall"))
 	}
 	if c.IsResource() {
 		errs = append(errs, c.KubernetesResource.Validate(path.Child("resource"))...)

test/conformance/chainsaw/globalcontext/validate-crd/chainsaw-test.yaml

@@ -18,11 +18,13 @@ spec:
             file: multiple-resources.yaml
             expect:
               - check:
-                  ($error != null): true
+                  ($error): |-
+                    admission webhook "kyverno-svc.kyverno.svc" denied the request: spec.kubernetesResource: Forbidden: A global context entry should either have KubernetesResource or APICall
     - name: step-03
       try:
         - apply:
             file: no-resource.yaml
             expect:
               - check:
-                  ($error != null): true
+                  ($error): |-
+                    admission webhook "kyverno-svc.kyverno.svc" denied the request: spec.kubernetesResource: Forbidden: A global context entry should either have KubernetesResource or APICall