Block scalars for value files (#2380)

* Block scalars for value files Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Handle non-block values Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Unit tests for block scalars Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>
2025-03-29 02:45:06 +00:00 · 2021-09-13 16:33:30 +05:30 · 2021-09-13 16:33:30 +05:30 · f6933bb439
commit f6933bb439
parent 5fcd9b83d9
5 changed files with 78 additions and 0 deletions
--- a/pkg/engine/jsonContext.go
+++ b/pkg/engine/jsonContext.go
@ -33,7 +33,15 @@ func LoadContext(logger logr.Logger, contextEntries []kyverno.ContextEntry, resC
 		variables := rule.Values

 		for key, value := range variables {
+			if trimmedTypedValue := strings.Trim(value, "\n"); strings.Contains(trimmedTypedValue, "\n") {
+				tmp := map[string]interface{}{key: value}
+				tmp = parseMultilineBlockBody(tmp)
+				new_val, _ := json.Marshal(tmp[key])
+				value = string(new_val)
+			}
+
 			jsonData := pkgcommon.VariableToJSON(key, value)
+
 			if err := ctx.JSONContext.AddJSON(jsonData); err != nil {
 				return err
 			}
--- a/test/cli/test/variables/cm-blk-scalar-example.yaml
+++ b/test/cli/test/variables/cm-blk-scalar-example.yaml
@ -0,0 +1,25 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: cm-blk-scalar-example
+spec:
+  validationFailureAction: enforce
+  background: false
+  rules:
+  - name: validate-blk-role-annotation
+    context:
+      - name: roles-dictionary
+        configMap:
+          name: roles-dictionary
+          namespace: default
+    match:
+      resources:
+        kinds:
+        - Pod
+    validate:
+      message: "The role {{ request.object.metadata.annotations.role }} is not in the allowed list of roles: {{ \"roles-dictionary\".data.\"allowed-roles\" }}."
+      deny:
+        conditions:
+        - key: "{{ request.object.metadata.annotations.role }}"
+          operator: NotIn
+          value:  "{{ \"roles-dictionary\".data.\"allowed-roles\" }}"
--- a/test/cli/test/variables/resources.yaml
+++ b/test/cli/test/variables/resources.yaml
@ -41,3 +41,25 @@ spec:
  containers:
  - name: nginx
    image: nginx:1.12
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-blk-web
+  annotations:
+    role: web
+spec:
+  containers:
+  - name: nginx
+    image: nginx:latest
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-blk-app
+  annotations:
+    role: app
+spec:
+  containers:
+  - name: nginx
+    image: nginx:1.12
--- a/test/cli/test/variables/test.yaml
+++ b/test/cli/test/variables/test.yaml
@ -2,6 +2,7 @@ name: test-variables
 policies:
  - cm-variable-example.yaml
  - cm-array-example.yaml
+  - cm-blk-scalar-example.yaml
 resources:
  - resources.yaml
 variables: variables.yaml
@ -22,3 +23,11 @@ results:
    rule: validate-role-annotation
    resource: test-app
    result: pass
+  - policy: cm-blk-scalar-example
+    rule: validate-blk-role-annotation
+    resource: test-blk-web
+    result: fail
+  - policy: cm-blk-scalar-example
+    rule: validate-blk-role-annotation
+    resource: test-blk-app
+    result: pass
--- a/test/cli/test/variables/variables.yaml
+++ b/test/cli/test/variables/variables.yaml
@ -23,3 +23,17 @@ policies:
      - name: test-app
        values:
          request.object.metadata.annotations.role: app
+  - name: cm-blk-scalar-example
+    rules:
+      - name: validate-blk-role-annotation
+        values:
+          roles-dictionary.data.allowed-roles: |-
+            app
+            test
+    resources:
+      - name: test-blk-web
+        values:
+          request.object.metadata.annotations.role: web
+      - name: test-blk-app
+        values:
+          request.object.metadata.annotations.role: app