-
Notifications
You must be signed in to change notification settings - Fork 776
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix: handled skip rule processing in anyPattern field #5191
Conversation
Codecov Report
@@ Coverage Diff @@
## main #5191 +/- ##
==========================================
+ Coverage 36.44% 36.53% +0.09%
==========================================
Files 171 172 +1
Lines 19082 19089 +7
==========================================
+ Hits 6955 6975 +20
+ Misses 11332 11319 -13
Partials 795 795
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
Thanks for the work @ansalamdaniel , the changes look good to me. @vyankyGH can you help verify the webhook behavior please? /assign @vyankyGH |
ad904ee
to
e23bb5e
Compare
We need to incorporate tests for this when merged. It seems kyverno/kyverno is probably best. |
e23bb5e
to
5a9b7ac
Compare
@chipzoller Could you please explain how to implement the tests you mentioned? |
Here we have CLI tests which can be used to place a test case to ensure, once this issue is fixed, it does not reappear: https://github.com/kyverno/kyverno/tree/main/test/cli |
5a9b7ac
to
7017086
Compare
Added the test cases. Please do let me know if anything needs to be added or modified. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for CLI tests! One very minor tweak.
7017086
to
18baf1f
Compare
@ansalamdaniel can you please rebase the branch? |
18baf1f
to
81b1e51
Compare
81b1e51
to
d5f5a4b
Compare
d5f5a4b
to
32ffaf4
Compare
0807e49
to
346b71c
Compare
346b71c
to
8add394
Compare
LGTM |
6a20ab6
to
a6a863b
Compare
@ansalamdaniel - the branch is out-to-date, can you rebase the main branch ? |
Signed-off-by: ansalamdaniel <ansalam.daniel@infracloud.io>
a6a863b
to
2ba5690
Compare
Signed-off-by: ansalamdaniel ansalam.daniel@infracloud.io
Explanation
Global anchor with
anyPattern
fails when none of the pattern matches. The global anchor generally skips when the criteria is not matched and when used in theanyPattern
it throws failure message. But here the generated skip error is not handled in theanyPattern
validation function.This PR aims to fix the global anchor functioning with the anyPattern field.
Related issue
Closes #4221
Milestone of this PR
What type of PR is this
/kind bug
Proposed Changes
Handling the skip error in in the anyPattern field.
Proof Manifests
Below attached test file grabbed from slack discussion. Before this fix, the last test must be skipped but it fails instead.
Before fix
policy.yaml
resources.yaml
test.yaml
Kyverno test output (After fix)
Running cli tests
For cli tests, used only anypattern related rule for testing.
Checklist
Further Comments