Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Add schema validation to {{ request.operation }} statements #1468

Closed
chipzoller opened this issue Jan 10, 2021 · 4 comments · Fixed by #1510
Closed

Feature: Add schema validation to {{ request.operation }} statements #1468

chipzoller opened this issue Jan 10, 2021 · 4 comments · Fixed by #1510
Assignees
@yashvardhan-kukreja
Labels
enhancement New feature or request good first issue Good for newcomers
Milestone
Kyverno Release 1...

Comments

@chipzoller
Copy link
Contributor

Is your feature request related to a problem? Please describe.
When writing a policy which validates operations from AdmissionReview data, Kyverno does not validate that the provided operations are valid. This results in the possibility of writing a policy which doesn't work as intended.

For example, when writing a deny statement which looks at {{ request.operation }}, a user could put FOO as an operation yet there is no Kubernetes operation called FOO.

Describe the solution you'd like
Perform policy schema validations of the list of operations, which are any of CREATE, UPDATE, DELETE, or CONNECT. Ensure the spelling of each is precise. Fail policy creation if any strings are not among these values.

Additional context
A follow-on idea from #1337
@chipzoller chipzoller added the enhancement New feature or request label Jan 10, 2021
@chipzoller
Copy link
Contributor Author

@realshuting this should be easy to implement.

@realshuting realshuting added this to the Kyverno Release 1.3.2 milestone Jan 20, 2021
@realshuting realshuting added the good first issue Good for newcomers label Jan 20, 2021
@yashvardhan-kukreja
Copy link
Contributor

Hi @chipzoller @realshuting . I'd like to work on this issue. If it's fine, please assign it to me.
Thanks :)

@yashvardhan-kukreja yashvardhan-kukreja mentioned this issue Jan 30, 2021
Merged
3 tasks
@yashvardhan-kukreja
Copy link
Contributor

yashvardhan-kukreja commented Jan 31, 2021
edited
Loading

@chipzoller @realshuting I have added the required validation for preconditions field as well, whenever it faces a condition with key: {{request.operation}}

@realshuting
Copy link
Member

Closing in favor of #1510.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yashvardhan-kukreja yashvardhan-kukreja

Labels
enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Milestone
Kyverno Release 1.3.2
3 participants
@realshuting @yashvardhan-kukreja @chipzoller