Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: added details regarding match.resources #1654

Merged
merged 3 commits into from
Mar 3, 2021
Merged

fix: added details regarding match.resources #1654

merged 3 commits into from
Mar 3, 2021

Conversation

RinkiyaKeDad
Copy link
Contributor

Signed-off-by: Arsh Sharma arshsharma461@gmail.com

Related issue

Fixes #1394

What type of PR is this

/kind bug

Proposed changes

Checklist

Further comments

@RinkiyaKeDad
fix: added details regarding match.resources
2304d67 
Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>
realshuting
realshuting requested changes Mar 2, 2021
View reviewed changes
pkg/api/kyverno/v1/policy_types.go Outdated
@@ -209,6 +211,8 @@ type ExcludeResources struct {
UserInfo `json:",omitempty" yaml:",omitempty"`

// ResourceDescription contains information about the resource being created or modified.
// Requires at least one resource to be specified when under MatchResources, if not,
// then ExcludeResources should be present instead.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Requires at least one resource ... " this does not apply to exclude.resources.

pkg/api/kyverno/v1/policy_types.go Outdated
@@ -198,6 +198,8 @@ type MatchResources struct {
UserInfo `json:",omitempty" yaml:",omitempty"`

// ResourceDescription contains information about the resource being created or modified.
// Requires at least one resource to be specified when under MatchResources, if not,
// then ExcludeResources should be present instead.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we change to "Requires at least one tag to be ..."

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@RinkiyaKeDad From this validation, it seems that match is required in the rule definition:

kyverno/pkg/policy/validate.go

Lines 477 to 480 in 10c714d

// matched resources
if path, err := validateMatchedResourceDescription(rule.MatchResources.ResourceDescription); err != nil {
return fmt.Sprintf("match.resources.%s", path), err
}

So we need to remove "if not, then ExcludeResources should be present instead.".

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@realshuting - Made the edit, please review.

@RinkiyaKeDad
fix: made revisions
225dca4 
Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>
@RinkiyaKeDad
fix: removed if not statement
dd68e9f 
Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>
@realshuting realshuting merged commit ccfe8c4 into kyverno:main Mar 3, 2021
@RinkiyaKeDad RinkiyaKeDad deleted the 1394_match_resources branch April 13, 2021 06:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@realshuting realshuting realshuting approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[BUG] match.resources is required
2 participants
@RinkiyaKeDad @realshuting