Block scalars for value files

[kumar-mallikarjuna]

Signed-off-by: Kumar Mallikarjuna kumarmallikarjuna1@gmail.com

Related issue

closes #2245

Milestone of this PR

What type of PR is this

/kind bug

Proposed Changes

Parses Multiline Blocks from value files, similar to the webhook as done by function fetchConfigMap() in pkg/engine/jsonContext.go

Proof Manifests

Policy

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: cm-array-example
spec:
  validationFailureAction: enforce
  background: false
  rules:
  - name: validate-role-annotation
    context:
      - name: roles-dictionary
        configMap:
          name: roles-dictionary
          namespace: default
    match:
      resources:
        kinds:
        - Deployment
    validate:
      message: "The role {{ request.object.metadata.annotations.role }} is not in the allowed list of roles: {{ \"roles-dictionary\".data.\"allowed-roles\" }}."
      deny:
        conditions:
        - key: "{{ request.object.metadata.annotations.role }}"
          operator: NotIn
          value:  "{{ \"roles-dictionary\".data.\"allowed-roles\" }}"

Values File

policies:
  - name: cm-array-example
    rules:
      - name: validate-role-annotation
        values:
          roles-dictionary.data.allowed-roles: |-
            cluster-admin
            cluster-operator
            tenant-admin

Deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  name: busybox
  annotations:
    role: super-user
  labels:
    app: busybox
spec:
  replicas: 1
  selector:
    matchLabels:
      app: busybox
  template:
    metadata:
      labels:
        app: busybox
    spec:
      containers:
        - image: busybox:1.28
          name: busybox
          command: ["sleep", "9999"]

Checklist

• I have read the contributing guidelines.
• [] I have added tests that prove my fix is effective or that my feature works.
• [] My PR contains new or altered behavior to Kyverno and
  • [] I have added or changed the documentation myself in an existing PR and the link is:
  • [] I have raised an issue in kyverno/website to track the doc update and the link is:
  • I have read the PR documentation guide and followed the process including adding proof manifests to this PR.

Further Comments

[MarcelMue]

Pleas also implement a unit test which shows that your change is reflected in validation:
https://github.com/kyverno/kyverno/blob/main/pkg/engine/validation_test.go

Alternatively you can also implement a proper unit test for LoadContext here (would be nicer but more effort).

[kumar-mallikarjuna]

Thanks, Marcel. I'll do that once I've managed the failing tests.

[NoSkillGirl]

The changes looks good to me. Please go forward and add the unit test cases.