mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-10 09:56:55 +00:00
fc694bc24c
* feat: add kyverno json support to validation rule Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * v2beta1 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * engine handler Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * bindings Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * context functions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * better bindings Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
48 lines
1.1 KiB
YAML
48 lines
1.1 KiB
YAML
apiVersion: kyverno.io/v1
|
|
kind: ClusterPolicy
|
|
metadata:
|
|
name: check-old-object
|
|
spec:
|
|
background: false
|
|
rules:
|
|
- name: require-labels
|
|
match:
|
|
all:
|
|
- resources:
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
kinds:
|
|
- Namespace
|
|
context:
|
|
- name: small
|
|
variable:
|
|
value: small
|
|
- name: medium
|
|
variable:
|
|
value: medium
|
|
- name: large
|
|
variable:
|
|
value: large
|
|
validate:
|
|
validationFailureAction: Enforce
|
|
message: "The label `size` is required"
|
|
assert:
|
|
object:
|
|
metadata:
|
|
labels:
|
|
size:
|
|
(@ == $small || @ == $medium || @ == $large): true
|
|
- name: check-old-object
|
|
match:
|
|
all:
|
|
- resources:
|
|
operations:
|
|
- UPDATE
|
|
kinds:
|
|
- Namespace
|
|
validate:
|
|
validationFailureAction: Enforce
|
|
message: "request.oldObject cannot be null for update requests"
|
|
assert:
|
|
oldObject: {}
|