mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 16:06:56 +00:00
970c255765
* feat: validate CELPolicyExceptions Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * chore: add cel-policy-exceptions tests in the CI Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
31 lines
872 B
Go
31 lines
872 B
Go
package exception
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/go-logr/logr"
|
|
)
|
|
|
|
const (
|
|
namespacesDontMatch = "PolicyException resource namespace must match the defined namespace."
|
|
disabledPolex = "PolicyException resources would not be processed until it is enabled."
|
|
polexNamespaceFlag = "The exceptionNamespace flag is not set"
|
|
)
|
|
|
|
type ValidationOptions struct {
|
|
Enabled bool
|
|
Namespace string
|
|
}
|
|
|
|
// Validate checks policy exception is valid
|
|
func ValidateNamespace(ctx context.Context, logger logr.Logger, polexNs string, opts ValidationOptions) []string {
|
|
var warnings []string
|
|
if !opts.Enabled {
|
|
warnings = append(warnings, disabledPolex)
|
|
} else if opts.Namespace == "" {
|
|
warnings = append(warnings, polexNamespaceFlag)
|
|
} else if opts.Namespace != "*" && opts.Namespace != polexNs {
|
|
warnings = append(warnings, namespacesDontMatch)
|
|
}
|
|
return warnings
|
|
}
|