Bug fix | CLI panic | Context policy validation

[NoSkillGirl]

Signed-off-by: NoSkillGirl singhpooja240393@gmail.com

Related issue

closes #2289

Milestone of this PR

/milestone 1.4.3.

What type of PR is this

/kind bug

Proposed Changes

Currently, Kyverno CLI panics when context is added to rule, but not actually used in the rule.
I have added a validation check for the above case.

With the chenges:

• policy will fail in webhook
• policy will be not valid when tried with Kyverno CLI validate command
• policy will be skipped when tried with Kyverno CLI apply command

Proof Manifests

Try the following policy:

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: enforce-pod-name
spec:
  validationFailureAction: enforce
  background: true
  rules:
    - name: validate-name
      context:
      - name: test
        configMap:
          name: game-demo
          namespace: default
      match:
        resources:
          kinds:
            - Pod
      validate:
        message: "The Pod must end with -nginx"
        pattern:
          metadata:
            name: "*-nginx"

$ kyverno validate policy.yaml
----------------------------------------------------------------------
Policy enforce-pod-name is invalid.
Error: invalid policy.
Cause: path: spec.rules[0]: context variable `test` is not used in the policy

exit status 1

Checklist

• I have read the contributing guidelines.
• [] I have added tests that prove my fix is effective or that my feature works.
• [] My PR contains new or altered behavior to Kyverno and
  • [] I have added or changed the documentation myself in an existing PR and the link is:
  • [] I have raised an issue in kyverno/website to track the doc update and the link is:
  • [] I have read the PR documentation guide and followed the process including adding proof manifests to this PR.