Fix handling empty validation messages

kyverno · Jun 8, 2021 · cd1d630 · cd1d630
1 parent 0d73831
commit cd1d630
Show file tree

Hide file tree

Showing 2 changed files with 74 additions and 11 deletions.
diff --git a/pkg/kubernetes/mapper.go b/pkg/kubernetes/mapper.go
@@ -97,7 +97,12 @@ func (m *mapper) mapRule(rule map[string]interface{}) kyverno.Rule {
 	r.Name = rule["name"].(string)
 	if validate, ok := rule["validate"]; ok {
 		r.Type = "validation"
-		r.ValidateMessage = validate.(map[string]interface{})["message"].(string)
+
+		message := validate.(map[string]interface{})["message"]
+		if m, ok := message.(string); ok {
+			r.ValidateMessage = m
+		}
+
 		return r
 	}
 	if generate, ok := rule["generate"]; ok {

diff --git a/pkg/kubernetes/mapper_test.go b/pkg/kubernetes/mapper_test.go
@@ -47,6 +47,30 @@ spec:
   validationFailureAction: audit
 `
 
+var minPolicy = `
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  creationTimestamp: "2021-03-31T13:42:01Z"
+  name: disallow-host-path
+  resourceVersion: "61655872"
+  uid: 953b1167-1ff5-4cf6-b636-3b7d0c0dd6c7
+spec:
+  background: true
+  rules:
+  - match:
+      resources:
+        kinds:
+        - Pod
+    name: host-path
+    validate:
+      message:
+      pattern:
+        spec:
+          =(volumes):
+          - X(hostPath): "null"
+`
+
 var genPolicy = `
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy
@@ -118,42 +142,76 @@ func Test_MapPolicy(t *testing.T) {
 	pol := mapper.MapPolicy(obj.Object)
 
 	if pol.Kind != "ClusterPolicy" {
-		t.Errorf("Expected Kind 'ClusterPolicy', go %s", pol.Kind)
+		t.Errorf("Expected Kind 'ClusterPolicy', got %s", pol.Kind)
 	}
 	if pol.Name != "disallow-host-path" {
-		t.Errorf("Expected Name 'disallow-host-path', go %s", pol.Name)
+		t.Errorf("Expected Name 'disallow-host-path', got %s", pol.Name)
 	}
 	if pol.Category != "Pod Security Standards (Default)" {
-		t.Errorf("Expected Category 'Pod Security Standards (Default)', go %s", pol.Category)
+		t.Errorf("Expected Category 'Pod Security Standards (Default)', got %s", pol.Category)
 	}
 	if pol.Severity != "medium" {
-		t.Errorf("Expected Severity 'medium', go %s", pol.Severity)
+		t.Errorf("Expected Severity 'medium', got %s", pol.Severity)
 	}
 	if len(pol.AutogenControllers) != 1 && pol.AutogenControllers[0] != "Deploymemt" {
-		t.Errorf("Expected 1 Autogen 'Deployment', go %s", strings.Join(pol.AutogenControllers, ", "))
+		t.Errorf("Expected 1 Autogen 'Deployment', got %s", strings.Join(pol.AutogenControllers, ", "))
 	}
 	if !pol.Background {
-		t.Errorf("Expected Background 'true', go false")
+		t.Errorf("Expected Background 'true', got false")
 	}
 	if pol.ValidationFailureAction != "audit" {
-		t.Errorf("Expected ValidationFailureAction 'audit', go %s", pol.ValidationFailureAction)
+		t.Errorf("Expected ValidationFailureAction 'audit', got %s", pol.ValidationFailureAction)
 	}
 	if pol.UID != "953b1167-1ff5-4cf6-b636-3b7d0c0dd6c7" {
-		t.Errorf("Expected UID '953b1167-1ff5-4cf6-b636-3b7d0c0dd6c7', go %s", pol.UID)
+		t.Errorf("Expected UID '953b1167-1ff5-4cf6-b636-3b7d0c0dd6c7', got %s", pol.UID)
 	}
 
 	rule := pol.Rules[0]
 	if rule.Type != "validation" {
-		t.Errorf("Expected Rule Type 'validation', go %s", rule.Type)
+		t.Errorf("Expected Rule Type 'validation', got %s", rule.Type)
 	}
 	if rule.Name != "host-path" {
-		t.Errorf("Expected Rule Name 'host-path', go %s", rule.Name)
+		t.Errorf("Expected Rule Name 'host-path', got %s", rule.Name)
 	}
 	if rule.ValidateMessage != "HostPath volumes are forbidden. The fields spec.volumes[*].hostPath must not be set." {
 		t.Errorf("Expected Rule Message 'HostPath volumes are forbidden. The fields spec.volumes[*].hostPath must not be set.', go %s", rule.ValidateMessage)
 	}
 }
 
+func Test_MapMinPolicy(t *testing.T) {
+	obj := &unstructured.Unstructured{}
+	dec := yaml.NewDecodingSerializer(unstructured.UnstructuredJSONScheme)
+	dec.Decode([]byte(minPolicy), nil, obj)
+
+	mapper := kubernetes.NewMapper()
+
+	pol := mapper.MapPolicy(obj.Object)
+
+	if pol.Kind != "ClusterPolicy" {
+		t.Errorf("Expected Kind 'ClusterPolicy', go %s", pol.Kind)
+	}
+	if pol.Name != "disallow-host-path" {
+		t.Errorf("Expected Name 'disallow-host-path', go %s", pol.Name)
+	}
+	if !pol.Background {
+		t.Errorf("Expected Background 'true', go false")
+	}
+	if pol.UID != "953b1167-1ff5-4cf6-b636-3b7d0c0dd6c7" {
+		t.Errorf("Expected UID '953b1167-1ff5-4cf6-b636-3b7d0c0dd6c7', go %s", pol.UID)
+	}
+
+	rule := pol.Rules[0]
+	if rule.Type != "validation" {
+		t.Errorf("Expected Rule Type 'validation', got %s", rule.Type)
+	}
+	if rule.Name != "host-path" {
+		t.Errorf("Expected Rule Name 'host-path', got %s", rule.Name)
+	}
+	if rule.ValidateMessage != "" {
+		t.Errorf("Expected empty Rule Message, got %s", rule.ValidateMessage)
+	}
+}
+
 func Test_MapGeneratePolicy(t *testing.T) {
 	obj := &unstructured.Unstructured{}
 	dec := yaml.NewDecodingSerializer(unstructured.UnstructuredJSONScheme)