mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-10 18:06:55 +00:00
943c3a1929
* use failurePolicy to block or allow requests, on policy errors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add warnings Signed-off-by: Jim Bugwadia <jim@nirmata.com> * codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add unit tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle network errors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix title conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix path in generated file Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix fake metrics Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for klog flag initialization Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for flag reinitialization Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for flag reinitialization Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix spelling Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix flag init Signed-off-by: Jim Bugwadia <jim@nirmata.com>
31 lines
862 B
Go
31 lines
862 B
Go
package engine
|
|
|
|
import (
|
|
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
|
"github.com/kyverno/kyverno/pkg/engine/response"
|
|
)
|
|
|
|
// IsResponseSuccessful return true if all responses are successful
|
|
func IsResponseSuccessful(engineReponses []*response.EngineResponse) bool {
|
|
for _, er := range engineReponses {
|
|
if !er.IsSuccessful() {
|
|
return false
|
|
}
|
|
}
|
|
return true
|
|
}
|
|
|
|
// BlockRequest returns true when:
|
|
// 1. a policy fails (i.e. creates a violation) and validationFailureAction is set to 'enforce'
|
|
// 2. a policy has a processing error and failurePolicy is set to 'Fail`
|
|
func BlockRequest(er *response.EngineResponse, failurePolicy kyvernov1.FailurePolicyType) bool {
|
|
if er.IsFailed() && er.GetValidationFailureAction() == kyvernov1.Enforce {
|
|
return true
|
|
}
|
|
|
|
if er.IsError() && failurePolicy == kyvernov1.Fail {
|
|
return true
|
|
}
|
|
|
|
return false
|
|
}
|