mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 16:06:56 +00:00
903963c26d
* add special variable substitution logic for preconditions Signed-off-by: Max Goncharenko <kacejot@fex.net> * handle NotFoundVariable error in proper way Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * remove excess log; fix grammar Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * removed isPrecondition flag; added test case for empty deny string; fixed related issue Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * fix test case Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * fix go lint Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * fix tests Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>
79 lines
2.1 KiB
Go
79 lines
2.1 KiB
Go
package operator
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/go-logr/logr"
|
|
"github.com/kyverno/kyverno/pkg/engine/context"
|
|
)
|
|
|
|
//NewNotInHandler returns handler to manage NotIn operations
|
|
func NewNotInHandler(log logr.Logger, ctx context.EvalInterface) OperatorHandler {
|
|
return NotInHandler{
|
|
ctx: ctx,
|
|
log: log,
|
|
}
|
|
}
|
|
|
|
//NotInHandler provides implementation to handle NotIn Operator
|
|
type NotInHandler struct {
|
|
ctx context.EvalInterface
|
|
log logr.Logger
|
|
}
|
|
|
|
//Evaluate evaluates expression with NotIn Operator
|
|
func (nin NotInHandler) Evaluate(key, value interface{}) bool {
|
|
switch typedKey := key.(type) {
|
|
case string:
|
|
return nin.validateValueWithStringPattern(typedKey, value)
|
|
case []interface{}:
|
|
var stringSlice []string
|
|
for _, v := range typedKey {
|
|
stringSlice = append(stringSlice, v.(string))
|
|
}
|
|
return nin.validateValueWithStringSetPattern(stringSlice, value)
|
|
default:
|
|
nin.log.Info("Unsupported type", "value", typedKey, "type", fmt.Sprintf("%T", typedKey))
|
|
return false
|
|
}
|
|
}
|
|
|
|
func (nin NotInHandler) validateValueWithStringPattern(key string, value interface{}) bool {
|
|
invalidType, keyExists := keyExistsInArray(key, value, nin.log)
|
|
if invalidType {
|
|
nin.log.Info("expected type []string", "value", value, "type", fmt.Sprintf("%T", value))
|
|
return false
|
|
}
|
|
|
|
return !keyExists
|
|
}
|
|
|
|
func (nin NotInHandler) validateValueWithStringSetPattern(key []string, value interface{}) bool {
|
|
invalidType, isNotIn := setExistsInArray(key, value, nin.log, true)
|
|
if invalidType {
|
|
nin.log.Info("expected type []string", "value", value, "type", fmt.Sprintf("%T", value))
|
|
return false
|
|
}
|
|
|
|
return isNotIn
|
|
}
|
|
|
|
func (nin NotInHandler) validateValueWithBoolPattern(_ bool, _ interface{}) bool {
|
|
return false
|
|
}
|
|
|
|
func (nin NotInHandler) validateValueWithIntPattern(_ int64, _ interface{}) bool {
|
|
return false
|
|
}
|
|
|
|
func (nin NotInHandler) validateValueWithFloatPattern(_ float64, _ interface{}) bool {
|
|
return false
|
|
}
|
|
|
|
func (nin NotInHandler) validateValueWithMapPattern(_ map[string]interface{}, _ interface{}) bool {
|
|
return false
|
|
}
|
|
|
|
func (nin NotInHandler) validateValueWithSlicePattern(_ []interface{}, _ interface{}) bool {
|
|
return false
|
|
}
|