mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-04-09 10:42:22 +00:00
Code Activity

Fixed issue when number comes from resource as string and does not being validated

Browse source
This commit is contained in:
Denis Belyshev 2019-05-28 14:25:29 +03:00
parent cde2f2b0a0
commit f57422ef79
3 changed files with 18 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
pkg/engine/pattern.go
View file

@ -165,11 +165,6 @@ func validateString(value interface{}, pattern string, operator Operator) bool {
}
func validateNumberWithStr(value interface{}, patternNumber, patternStr string, operator Operator) bool {
patternParsedNumber, err := parseNumber(patternNumber)
if err != nil {
return false
}
if "" != patternStr {
typedValue, ok := value.(string)
if !ok {
@ -188,16 +183,22 @@ func validateNumberWithStr(value interface{}, patternNumber, patternStr string,
return false
}
return validateNumber(valueParsedNumber, patternParsedNumber, operator)
return validateNumber(valueParsedNumber, patternNumber, operator)
}
return validateNumber(value, patternParsedNumber, operator)
return validateNumber(value, patternNumber, operator)
}
func validateNumber(value, pattern interface{}, operator Operator) bool {
var floatPattern, floatValue float64
switch typed := value.(type) {
case string:
var err error
floatValue, err = strconv.ParseFloat(typed, 64)
if err != nil {
return false
}
case float64:
floatValue = typed
case int64:
@ -209,6 +210,12 @@ func validateNumber(value, pattern interface{}, operator Operator) bool {
}
switch typed := pattern.(type) {
case string:
var err error
floatPattern, err = strconv.ParseFloat(typed, 64)
if err != nil {
return false
}
case float64:
floatPattern = typed
case int64:

4
pkg/engine/validation.go
View file

@ -100,7 +100,7 @@ func validateArray(resourcePart, patternPart interface{}) error {
default:
for _, value := range resourceArray {
if !ValidateValueWithPattern(value, patternArray[0]) {
return fmt.Errorf("Failed validate %v wit %v", value, patternArray[0])
return fmt.Errorf("Failed validate %v with %v", value, patternArray[0])
}
}
}
@ -126,7 +126,7 @@ func validateMapElement(resourcePart, patternPart interface{}) error {
return validateArray(array, pattern)
case string, float64, int, int64, bool:
if !ValidateValueWithPattern(resourcePart, patternPart) {
return fmt.Errorf("Failed validate %v wit %v", resourcePart, patternPart)
return fmt.Errorf("Failed validate %v with %v", resourcePart, patternPart)
}
default:
return fmt.Errorf("validating error: unknown type in map: %T", patternPart)

4
pkg/engine/validation_test.go
View file

@ -159,8 +159,8 @@ func TestGetAnchorsFromMap_ThereAreNoAnchors(t *testing.T) {
}
func TestValidateMap(t *testing.T) {
rawPattern := []byte(`{ "spec": { "template": { "spec": { "containers": [ { "name": "?*", "resources": { "requests": { "cpu": "5" } } } ] } } } }`)
rawMap := []byte(`{ "apiVersion": "apps/v1", "kind": "Deployment", "metadata": { "name": "nginx-deployment", "labels": { "app": "nginx" } }, "spec": { "replicas": 3, "selector": { "matchLabels": { "app": "nginx" } }, "template": { "metadata": { "labels": { "app": "nginx" } }, "spec": { "securityContext": { "runAsNonRoot": true }, "containers": [ { "name": "nginx", "image": "https://nirmata/nginx:latest", "imagePullPolicy": "Always", "readinessProbe": { "exec": { "command": [ "cat", "/tmp/healthy" ] }, "initialDelaySeconds": 5, "periodSeconds": 10 }, "livenessProbe": { "tcpSocket": { "port": 8080 }, "initialDelaySeconds": 15, "periodSeconds": 11 }, "resources": { "limits": { "memory": "2Gi", "cpu": 8 }, "requests": { "memory": "512Mi", "cpu": 6 } }, "ports": [ { "containerPort": 80 } ] } ] } } } }`)
rawPattern := []byte(`{ "spec": { "template": { "spec": { "containers": [ { "name": "?*", "resources": { "requests": { "cpu": "<4|8" } } } ] } } } }`)
rawMap := []byte(`{ "apiVersion": "apps/v1", "kind": "Deployment", "metadata": { "name": "nginx-deployment", "labels": { "app": "nginx" } }, "spec": { "replicas": 3, "selector": { "matchLabels": { "app": "nginx" } }, "template": { "metadata": { "labels": { "app": "nginx" } }, "spec": { "securityContext": { "runAsNonRoot": true }, "containers": [ { "name": "nginx", "image": "https://nirmata/nginx:latest", "imagePullPolicy": "Always", "readinessProbe": { "exec": { "command": [ "cat", "/tmp/healthy" ] }, "initialDelaySeconds": 5, "periodSeconds": 10 }, "livenessProbe": { "tcpSocket": { "port": 8080 }, "initialDelaySeconds": 15, "periodSeconds": 11 }, "resources": { "limits": { "memory": "2Gi", "cpu": 8 }, "requests": { "memory": "512Mi", "cpu": "8" } }, "ports": [ { "containerPort": 80 } ] } ] } } } }`)
var pattern, resource interface{}
json.Unmarshal(rawPattern, &pattern)