mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-09 17:37:12 +00:00
b574802c12
* feat: support conditions in PolicyException Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * fix matchesException func Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * add codegen-all files Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * fix after review Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * remove variable validation from PolicyException Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * fix after review Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * add kuttl tests Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * remove ValidateVariables() from tests Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * fix errors Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * remove check-variables kuttl test Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * fix after review Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> * add sleep step to kuttl Signed-off-by: Rakshit Gondwal <98955085+rakshitgondwal@users.noreply.github.com> * miinor fix Signed-off-by: Rakshit Gondwal <98955085+rakshitgondwal@users.noreply.github.com> * add readme for kuttl test Signed-off-by: Rakshit Gondwal <98955085+rakshitgondwal@users.noreply.github.com> --------- Signed-off-by: Rakshit Gondwal <rakshitgondwal3@gmail.com> Signed-off-by: Rakshit Gondwal <98955085+rakshitgondwal@users.noreply.github.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
46 lines
1.7 KiB
Go
46 lines
1.7 KiB
Go
package conditions
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/go-logr/logr"
|
|
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
|
kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
|
|
enginecontext "github.com/kyverno/kyverno/pkg/engine/context"
|
|
"github.com/kyverno/kyverno/pkg/engine/variables"
|
|
"github.com/kyverno/kyverno/pkg/engine/variables/operator"
|
|
)
|
|
|
|
func CheckAnyAllConditions(logger logr.Logger, ctx enginecontext.Interface, condition kyvernov2beta1.AnyAllConditions) (bool, error) {
|
|
for _, condition := range condition.AllConditions {
|
|
if passed, err := checkCondition(logger, ctx, condition); err != nil {
|
|
return false, err
|
|
} else if !passed {
|
|
return false, nil
|
|
}
|
|
}
|
|
for _, condition := range condition.AnyConditions {
|
|
if passed, err := checkCondition(logger, ctx, condition); err != nil {
|
|
return false, err
|
|
} else if passed {
|
|
return true, nil
|
|
}
|
|
}
|
|
return len(condition.AnyConditions) == 0, nil
|
|
}
|
|
|
|
func checkCondition(logger logr.Logger, ctx enginecontext.Interface, condition kyvernov2beta1.Condition) (bool, error) {
|
|
key, err := variables.SubstituteAllInPreconditions(logger, ctx, condition.GetKey())
|
|
if err != nil {
|
|
return false, fmt.Errorf("failed to substitute variables in condition key: %w", err)
|
|
}
|
|
value, err := variables.SubstituteAllInPreconditions(logger, ctx, condition.GetValue())
|
|
if err != nil {
|
|
return false, fmt.Errorf("failed to substitute variables in condition value: %w", err)
|
|
}
|
|
handler := operator.CreateOperatorHandler(logger, ctx, kyvernov1.ConditionOperator(condition.Operator))
|
|
if handler == nil {
|
|
return false, fmt.Errorf("failed to create handler for condition operator: %w", err)
|
|
}
|
|
return handler.Evaluate(key, value), nil
|
|
}
|