Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove contains function #2346

Merged
merged 2 commits into from
Sep 8, 2021
Merged

Remove contains function #2346

merged 2 commits into from
Sep 8, 2021

Conversation

kacejot
Copy link
Contributor

@kacejot kacejot commented Aug 31, 2021
edited

Signed-off-by: Maxim Goncharenko goncharenko.maxim@apriorit.com

Related issue

#2260
Fixes #2345

What type of PR is this

/kind bug

Proposed Changes

Removed contains function duplicate because it is already defined in the upstream go-jmespath.

Proof Manifests

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: drop-cap-net-raw
spec:
  validationFailureAction: enforce
  background: false
  rules:
  - name: drop-cap-net-raw
    match:
      resources:
        kinds:
        - Pod
    validate:
      deny:
        conditions:
          any:
          - key: "{{ request.object.spec.containers[].securityContext.capabilities.drop[] | contains(@, 'NET_RAW') }}"
            operator: Equals
            value: false
                                                                                                         
apiVersion: v1
kind: Pod
metadata:
  name: test
spec:
  initContainers:
  - name: jimmy
    image: defdasdabian:923
    command: ["/bin/sh", "-c", "sleep infinity"]
    securityContext:
      capabilities:
        drop:
        - XXXNET_RAWYYY
        - SETUID
  containers:
  - name: test
    image: defdasdabian:923
    command: ["/bin/sh", "-c", "sleep infinity"]
    securityContext:
      capabilities:
        drop:
        - XXXNET_RAWYYY
        - SETUID
        - CAP_FOO_BAR
  - name: asdf
    image: defdasdabian:923
    command: ["/bin/sh", "-c", "sleep infinity"]
    securityContext:
      capabilities:
        drop:
        - CAP_SOMETHING

Checklist

  • I have read the contributing guidelines.
  • I have added tests that prove my fix is effective or that my feature works.
  • My PR contains new or altered behavior to Kyverno and
    • I have added or changed the documentation myself in an existing PR and the link is:
    • I have raised an issue in kyverno/website to track the doc update and the link is:
    • I have read the PR documentation guide and followed the process including adding proof manifests to this PR.

@kacejot
remove contains function
a98dcc1 
Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>
realshuting
realshuting requested changes Aug 31, 2021
View reviewed changes
Copy link
Member

@realshuting realshuting left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kacejot - please provide the test result in the PR description and cover that in the tests.

@realshuting realshuting self-assigned this Aug 31, 2021
@kacejot
added test for contains issue case
acaca4e 
Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>
realshuting
realshuting approved these changes Sep 8, 2021
View reviewed changes
Copy link
Member

@realshuting realshuting left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @kacejot !

@realshuting realshuting merged commit 2a375fa into kyverno:main Sep 8, 2021
@chipzoller chipzoller mentioned this pull request Sep 12, 2021
Closed
@anushkamittal20 anushkamittal20 mentioned this pull request Sep 16, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@realshuting realshuting realshuting approved these changes

Assignees

@realshuting realshuting

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

JMESPath contains function behavior not consistent in Kyverno vs upstream
2 participants
@kacejot @realshuting