-
Notifications
You must be signed in to change notification settings - Fork 784
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nested foreach #5589
Nested foreach #5589
Conversation
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Codecov Report
@@ Coverage Diff @@
## main #5589 +/- ##
==========================================
+ Coverage 36.06% 36.13% +0.06%
==========================================
Files 177 178 +1
Lines 19848 19900 +52
==========================================
+ Hits 7159 7191 +32
- Misses 11896 11916 +20
Partials 793 793
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
… into nested_foreach
Logged a doc issue kyverno/website#719. |
return patchedResource, nil | ||
} | ||
|
||
func applyForeachMutate(name string, foreach []kyvernov1.ForEachMutation, resource unstructured.Unstructured, ctx context.Interface, logger logr.Logger) (patchedResource unstructured.Unstructured, err error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
func applyForeachMutate(name string, foreach []kyvernov1.ForEachMutation, resource unstructured.Unstructured, ctx context.Interface, logger logr.Logger) (patchedResource unstructured.Unstructured, err error) { | |
func applyForEachMutate(name string, foreach []kyvernov1.ForEachMutation, resource unstructured.Unstructured, ctx context.Interface, logger logr.Logger) (patchedResource unstructured.Unstructured, err error) { |
Can we stick with ForEach
-> we capitalize it everywhere else.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense! Will create a new PR for that.
rclient registryclient.Client | ||
nesting int |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is nesting actually used for? It seems to just be in the context - so only in logs? Or am I missing something
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @MarcelMue - the nesting count is used to calculate elementIndex
in the context. This way an expression like /spec/tls/{{elementIndex0}}/hosts/{{elementIndex1}}
can be resolved.
* updated foreach logic and added tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * uncomment tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix vars and unit tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix vars and unit tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix some tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix more tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * linter Signed-off-by: Jim Bugwadia <jim@nirmata.com> * cleanup Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issue Signed-off-by: Jim Bugwadia <jim@nirmata.com> * revert local launch Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Jim Bugwadia <jim@nirmata.com> * uncomment tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix propagation of registry client Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: Md Sahil <Mohdssahil1@gmail.com>
@JimBugwadia it looks like nested loops are getting blocked when used in a validate rule:
Or are these not intended to work in a validate rule? It's being returned when describing the schema: $ k explain clusterpolicy.spec.rules.validate.foreach
KIND: ClusterPolicy
VERSION: kyverno.io/v1
RESOURCE: foreach <[]Object>
DESCRIPTION:
ForEach applies validate rules to a list of sub-elements by creating a
context for each entry in the list and looping over it to apply the
specified logic.
ForEach applies validate rules to a list of sub-elements by creating a
context for each entry in the list and looping over it to apply the
specified logic.
FIELDS:
anyPattern <>
AnyPattern specifies list of validation patterns. At least one of the
patterns must be satisfied for the validation rule to succeed.
context <[]Object>
Context defines variables and data sources that can be used during rule
execution.
deny <Object>
Deny defines conditions used to pass or fail a validation rule.
elementScope <boolean>
ElementScope specifies whether to use the current list element as the scope
for validation. Defaults to "true" if not specified. When set to "false",
"request.object" is used as the validation scope within the foreach block
to allow referencing other elements in the subtree.
foreach <>
Foreach declares a nested foreach iterator
list <string>
List specifies a JMESPath expression that results in one or more elements
to which the validation logic is applied.
pattern <>
Pattern specifies an overlay-style pattern used to check resources.
preconditions <>
AnyAllConditions are used to determine if a policy rule should be applied
by evaluating a set of conditions. The declaration can contain nested `any`
or `all` statements. See:
https://kyverno.io/docs/writing-policies/preconditions/ |
* updated foreach logic and added tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * uncomment tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix vars and unit tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix vars and unit tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix some tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix more tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * linter Signed-off-by: Jim Bugwadia <jim@nirmata.com> * cleanup Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issue Signed-off-by: Jim Bugwadia <jim@nirmata.com> * revert local launch Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Jim Bugwadia <jim@nirmata.com> * uncomment tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix propagation of registry client Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* updated foreach logic and added tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * uncomment tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix vars and unit tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix vars and unit tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix some tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix more tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * linter Signed-off-by: Jim Bugwadia <jim@nirmata.com> * cleanup Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issue Signed-off-by: Jim Bugwadia <jim@nirmata.com> * revert local launch Signed-off-by: Jim Bugwadia <jim@nirmata.com> * propagate context Signed-off-by: Jim Bugwadia <jim@nirmata.com> * uncomment tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix propagation of registry client Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
Explanation
Support nested foreach
Related issue
Closes #5451
Milestone of this PR
1.9
What type of PR is this
/kind feature
Proposed Changes
Support nested foreach in validate and mutate rules
Proof Manifests
Resource:
Checklist
Further Comments