mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-07 00:17:13 +00:00
970c255765
* feat: validate CELPolicyExceptions Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * chore: add cel-policy-exceptions tests in the CI Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
33 lines
1.2 KiB
Go
33 lines
1.2 KiB
Go
package celexception
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"github.com/go-logr/logr"
|
|
admissionutils "github.com/kyverno/kyverno/pkg/utils/admission"
|
|
validation "github.com/kyverno/kyverno/pkg/validation/exception"
|
|
"github.com/kyverno/kyverno/pkg/webhooks/handlers"
|
|
)
|
|
|
|
type celExceptionHandlers struct {
|
|
validationOptions validation.ValidationOptions
|
|
}
|
|
|
|
func NewHandlers(validationOptions validation.ValidationOptions) *celExceptionHandlers {
|
|
return &celExceptionHandlers{
|
|
validationOptions: validationOptions,
|
|
}
|
|
}
|
|
|
|
// Validate performs the validation check on CELPolicyException resources
|
|
func (h *celExceptionHandlers) Validate(ctx context.Context, logger logr.Logger, request handlers.AdmissionRequest, _ string, startTime time.Time) handlers.AdmissionResponse {
|
|
polex, _, err := admissionutils.GetCELPolicyExceptions(request.AdmissionRequest)
|
|
if err != nil {
|
|
logger.Error(err, "failed to unmarshal CELPolicyExceptions from admission request")
|
|
return admissionutils.Response(request.UID, err)
|
|
}
|
|
warnings := validation.ValidateNamespace(ctx, logger, polex.GetNamespace(), h.validationOptions)
|
|
errs := polex.Validate()
|
|
return admissionutils.Response(request.UID, errs.ToAggregate(), warnings...)
|
|
}
|