mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-09 17:37:12 +00:00
Code Activity
kyverno/pkg/engine/handlers/validation/utils.go
gcp-cherry-pick-bot[bot] 7ee6137a73
feat: use pointer in rule (exclude field) (#11050) (#11071) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-10 11:50:49 +00:00

47 lines
1.2 KiB
Go
Raw Blame History

package validation
import (
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
"github.com/kyverno/kyverno/pkg/utils/match"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)
func matchResource(resource unstructured.Unstructured, rule kyvernov1.Rule) bool {
if rule.MatchResources.All != nil || rule.MatchResources.Any != nil {
matched := match.CheckMatchesResources(
resource,
kyvernov2beta1.MatchResources{
Any: rule.MatchResources.Any,
All: rule.MatchResources.All,
},
make(map[string]string),
kyvernov2.RequestInfo{},
resource.GroupVersionKind(),
"",
)
if matched != nil {
return false
}
}
if rule.ExcludeResources != nil {
if rule.ExcludeResources.All != nil || rule.ExcludeResources.Any != nil {
excluded := match.CheckMatchesResources(
resource,
kyvernov2beta1.MatchResources{
Any: rule.ExcludeResources.Any,
All: rule.ExcludeResources.All,
},
make(map[string]string),
kyvernov2.RequestInfo{},
resource.GroupVersionKind(),
"",
)
if excluded == nil {
return false
}
}
}
return true
}
View git blame Copy permalink