You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Software version numbers
State the version numbers of applications involved in the bug.
Kubernetes version: 1.21.3
Kyverno version: v1.4.3
Describe the bug kubectl apply -f /path/to/policy.yaml fails on introducing custom JMESPath function in engine/jmespath/functions.go (patch available here).
Error Seen
Error from server: error when creating "policy.yaml": admission webhook "validate-policy.kyverno.svc"
denied the request: policy contains invalid variables: Rule "variablethis" has forbidden variables.
Allowed variables are: {{request.*}}, {{serviceAccountName}}, {{serviceAccountNamespace}}, {{@}}
and ones defined by the context
Sometimes the issue doesn't occur if the policy variablethis is already present in the cluster. Then deleting and reapplying, shows it.
The issue might be with the regex parsing of variables. I tried to check the output for line 248 and 249 in kyverno/common/common.go with the above policy:
Software version numbers
State the version numbers of applications involved in the bug.
Describe the bug
kubectl apply -f /path/to/policy.yaml
fails on introducing custom JMESPath function inengine/jmespath/functions.go
(patch available here).Error Seen
To Reproduce
Steps to reproduce the behavior:
$ kubectl apply -f /path/to/policy.yaml
Expected behavior
Policy applied successfully.
Additional context
variablethis
is already present in the cluster. Then deleting and reapplying, shows it.[[{{ @ }}] [{{ @ }}] [{{ to_lower('M') }}] [{{ divide(`10`, `2`) }}]]
[[{{ @ }}] [{{ @ }}] [{{ to_lower('M') }}]
The text was updated successfully, but these errors were encountered: