mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
3510998d4f
* feat: support CEL expression warnings Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: allow the policy creation but return warnings to the API server Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: ShutingZhao <shuting@nirmata.com>
30 lines
1.2 KiB
Go
30 lines
1.2 KiB
Go
package validatingadmissionpolicy
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/kyverno/kyverno/pkg/auth/checker"
|
|
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
)
|
|
|
|
func hasPermissions(resource schema.GroupVersionResource, s checker.AuthChecker) bool {
|
|
can, err := checker.Check(context.TODO(), s, resource.Group, resource.Version, resource.Resource, "", "", "create", "update", "list", "delete")
|
|
if err != nil {
|
|
return false
|
|
}
|
|
return can
|
|
}
|
|
|
|
// HasValidatingAdmissionPolicyPermission check if the admission controller has the required permissions to generate
|
|
// Kubernetes ValidatingAdmissionPolicy
|
|
func HasValidatingAdmissionPolicyPermission(s checker.AuthChecker) bool {
|
|
gvr := schema.GroupVersionResource{Group: "admissionregistration.k8s.io", Version: "v1alpha1", Resource: "validatingadmissionpolicies"}
|
|
return hasPermissions(gvr, s)
|
|
}
|
|
|
|
// HasValidatingAdmissionPolicyBindingPermission check if the admission controller has the required permissions to generate
|
|
// Kubernetes ValidatingAdmissionPolicyBinding
|
|
func HasValidatingAdmissionPolicyBindingPermission(s checker.AuthChecker) bool {
|
|
gvr := schema.GroupVersionResource{Group: "admissionregistration.k8s.io", Version: "v1alpha1", Resource: "validatingadmissionpolicybindings"}
|
|
return hasPermissions(gvr, s)
|
|
}
|