375 handle json numbers resubmit

[shivdudhani]

we parse the resource and configuration in policy using a custom parser. When using numbers if quotes '' are not specified we lose the type information, and we did not handle scenarios of variables with value numbers(int, float) but of type string.

• Added support to compare string vs numbers. Based on the expected type in the pattern, we check if the string contains the value of the same type.
• Generate used a helper function to identify if a configuration is a subset of resource but after the rewrite of validation pattern in Proposal to change validation condition & existence anchor behavior #356. We can use the validate with the default resource handler to check for subsets.
• Update existing policies that had this limitation.

fixes #375

[realshuting]

If I set memory limit in policy to "1Gi", and the resource has the limit set to "1024Mi", would this work? Same for the cpu "200m" vs "0.2" ?

[shivdudhani]

@realshuting

• first, value 1Gi will not be compared in validateValueWithIntPattern as its an alphanumeric and will be a string comparison. This check if for numbers types only.
• second, here we parsing through each node and comparing the values based on types( custom parser, which is independent of the value string contains). The logic to compare Gi and Mi is kubernetes specific and will be handheld by the server. So if we cannot to Gi and Mi comparison here. If it is required, u'll need to create specifically handle these scenarios.

[realshuting]

Ok, if this pr is to fix numbers only, we should be good.

The logic to compare Gi and Mi is kubernetes specific and will be handheld by the server.

As Kyverno is doing the validation checks in webhook, it seems like we have to handle this before k8s, created an issue to tack #428.