add error handling when using not allowed multiple strategic-merge pa…

…tches

plugin/builtin/patchtransformer/PatchTransformer.go

@@ -52,9 +52,12 @@ func (p *plugin) Config(
 	}
 
 	patchesSM, errSM := h.ResmapFactory().RF().SliceFromBytes([]byte(p.Patch))
-	patchJson, errJson := jsonPatchFromBytes([]byte(p.Patch))
+	patchesJson, errJson := jsonPatchFromBytes([]byte(p.Patch))
+
+	// TODO(5049): In the case of multiple yaml documents, return error instead of ignoring all but first
+	// detail: https://github.com/kubernetes-sigs/kustomize/issues/5049#issuecomment-1440604403
 	if (errSM == nil && errJson == nil) ||
-		(patchesSM != nil && patchJson != nil) {
+		(patchesSM != nil && patchesJson != nil) {
 		return fmt.Errorf(
 			"illegally qualifies as both an SM and JSON patch: [%v]",
 			p.Patch)
@@ -74,14 +77,14 @@ func (p *plugin) Config(
 			}
 		}
 	} else {
-		p.jsonPatch = patchJson
+		p.jsonPatch = patchesJson
 	}
 	return nil
 }
 
 func (p *plugin) Transform(m resmap.ResMap) error {
 	if p.smPatches == nil {
-		return p.transformJson6902(m, p.jsonPatch)
+		return p.transformJson6902(m)
 	}
 	// The patch was a strategic merge patch
 	return p.transformStrategicMerge(m)
@@ -101,6 +104,9 @@ func (p *plugin) transformStrategicMerge(m resmap.ResMap) error {
 				return fmt.Errorf("%w", err)
 			}
 			continue
+		} else if len(p.smPatches) > 1 {
+			// detail: https://github.com/kubernetes-sigs/kustomize/issues/5049#issuecomment-1440604403
+			return fmt.Errorf("Multiple Strategic-Merge Patch in 'patches' is not allowed to set 'patches.target' field.")
 		}
 
 		selected, err := m.Select(*p.Target)
@@ -116,7 +122,7 @@ func (p *plugin) transformStrategicMerge(m resmap.ResMap) error {
 
 // transformJson6902 applies the provided json6902 patch
 // to all the resources in the ResMap that match the Target.
-func (p *plugin) transformJson6902(m resmap.ResMap, patch jsonpatch.Patch) error {
+func (p *plugin) transformJson6902(m resmap.ResMap) error {
 	if p.Target == nil {
 		return fmt.Errorf("must specify a target for patch %s", p.Patch)
 	}

plugin/builtin/patchtransformer/PatchTransformer_test.go

@@ -198,6 +198,69 @@ Patch: "something"
 	})
 }
 
+func TestPatchTransformerNotAllowedMultipleStrategicMergePatches(t *testing.T) {
+	th := kusttest_test.MakeEnhancedHarness(t).
+		PrepBuiltin("PatchTransformer")
+	defer th.Reset()
+
+	th.WriteF(`multiplepatches.yaml`, `
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: audit
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+      - image: AUDIT_IMAGE
+        name: manager
+        args:
+        - --port=8443
+        - --logtostderr
+        - --emit-admission-events
+        - --exempt-namespace=gatekeeper-system
+        - --operation=webhook
+        - --disable-opa-builtin=http.send
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+      - image: CONTROLLER_IMAGE
+        name: manager
+        args:
+        - --emit-audit-events
+        - --operation=audit
+        - --operation=status
+        - --logtostderr`)
+
+	th.RunTransformerAndCheckError(`
+apiVersion: builtin
+kind: PatchTransformer
+metadata:
+  name: notImportantHere
+Path: multiplepatches.yaml
+target:
+  name: .*Deploy
+  kind: Deployment
+`, someDeploymentResources, func(t *testing.T, err error) {
+		t.Helper()
+		if err == nil {
+			t.Fatalf("expected error")
+		}
+		if !strings.Contains(err.Error(),
+			"Multiple Strategic-Merge Patch in 'patches' is not allowed to set 'patches.target' field.") {
+			t.Fatalf("unexpected err: %v", err)
+		}
+	})
+}
+
 func TestPatchTransformerFromFiles(t *testing.T) {
 	th := kusttest_test.MakeEnhancedHarness(t).
 		PrepBuiltin("PatchTransformer")