mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-30 19:35:06 +00:00
Code Activity

fix: global context validation (#9643)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2024-02-05 14:56:44 +01:00 committed by GitHub
parent 8a0d2a598a
commit f529ff9b85
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
api/kyverno/v2alpha1/global_context_entry_types.go
View file

@ -80,10 +80,10 @@ func (c *GlobalContextEntrySpec) IsResource() bool {
// Validate implements programmatic validation // Validate implements programmatic validation
func (c *GlobalContextEntrySpec) Validate(path *field.Path) (errs field.ErrorList) { func (c *GlobalContextEntrySpec) Validate(path *field.Path) (errs field.ErrorList) {
if c.IsResource() && c.IsAPICall() { if c.IsResource() && c.IsAPICall() {
errs = append(errs, field.Forbidden(path.Child("kubernetesResource"), "A global context entry should be either have KubernetesResource or APICall")) errs = append(errs, field.Forbidden(path.Child("kubernetesResource"), "A global context entry should either have KubernetesResource or APICall"))
} }
if !c.IsResource() && !c.IsAPICall() { if !c.IsResource() && !c.IsAPICall() {
errs = append(errs, field.Forbidden(path.Child("kubernetesResource"), "A global context entry should be either have KubernetesResource or APICall")) errs = append(errs, field.Forbidden(path.Child("kubernetesResource"), "A global context entry should either have KubernetesResource or APICall"))
} }
if c.IsResource() { if c.IsResource() {
errs = append(errs, c.KubernetesResource.Validate(path.Child("resource"))...) errs = append(errs, c.KubernetesResource.Validate(path.Child("resource"))...)

6
test/conformance/chainsaw/globalcontext/validate-crd/chainsaw-test.yaml
View file

@ -18,11 +18,13 @@ spec:
file: multiple-resources.yaml file: multiple-resources.yaml
expect: expect:
- check: - check:
($error != null): true ($error): |-
admission webhook "kyverno-svc.kyverno.svc" denied the request: spec.kubernetesResource: Forbidden: A global context entry should either have KubernetesResource or APICall
- name: step-03 - name: step-03
try: try:
- apply: - apply:
file: no-resource.yaml file: no-resource.yaml
expect: expect:
- check: - check:
($error != null): true ($error): |-
admission webhook "kyverno-svc.kyverno.svc" denied the request: spec.kubernetesResource: Forbidden: A global context entry should either have KubernetesResource or APICall