fix variable substitution

realshuting · Nov 25, 2020 · 125faaf · 125faaf
1 parent 75bd8e2
commit 125faaf
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 52 deletions.
diff --git a/pkg/engine/validation.go b/pkg/engine/validation.go
@@ -96,7 +96,7 @@ func startResultResponse(resp *response.EngineResponse, policy kyverno.ClusterPo
 
 func endResultResponse(log logr.Logger, resp *response.EngineResponse, startTime time.Time) {
 	resp.PolicyResponse.ProcessingTime = time.Since(startTime)
-	log.V(4).Info("finshed processing", "processingTime", resp.PolicyResponse.ProcessingTime.String(), "validationRulesApplied", resp.PolicyResponse.RulesAppliedCount)
+	log.V(4).Info("finished processing", "processingTime", resp.PolicyResponse.ProcessingTime.String(), "validationRulesApplied", resp.PolicyResponse.RulesAppliedCount)
 }
 
 func incrementAppliedCount(resp *response.EngineResponse) {

diff --git a/pkg/engine/variables/common.go b/pkg/engine/variables/common.go
diff --git a/pkg/engine/variables/vars.go b/pkg/engine/variables/vars.go
@@ -10,9 +10,13 @@ import (
 	"github.com/kyverno/kyverno/pkg/engine/context"
 )
 
-const (
-	variableRegex = `\{\{([^{}]*)\}\}`
-)
+var regexVariables = regexp.MustCompile(`\{\{[^{}]*\}\}`)
+
+//IsVariable returns true if the element contains a 'valid' variable {{}}
+func IsVariable(element string) bool {
+	groups := regexVariables.FindAllStringSubmatch(element, -1)
+	return len(groups) != 0
+}
 
 //SubstituteVars replaces the variables with the values defined in the context
 // - if any variable is invalid or has nil value, it is considered as a failed variable substitution
@@ -31,15 +35,16 @@ func subVars(log logr.Logger, ctx context.EvalInterface, pattern interface{}, pa
 		for k, v := range typedPattern {
 			mapCopy[k] = v
 		}
-
 		return subMap(log, ctx, mapCopy, path)
+
 	case []interface{}:
 		sliceCopy := make([]interface{}, len(typedPattern))
 		copy(sliceCopy, typedPattern)
-
 		return subArray(log, ctx, sliceCopy, path)
+
 	case string:
-		return subValR(ctx, typedPattern, path)
+		return subValR(log, ctx, typedPattern, path)
+
 	default:
 		return pattern, nil
 	}
@@ -81,39 +86,36 @@ func (n NotFoundVariableErr) Error() string {
 }
 
 // subValR resolves the variables if defined
-func subValR(ctx context.EvalInterface, valuePattern string, path string) (interface{}, error) {
+func subValR(log logr.Logger, ctx context.EvalInterface, valuePattern string, path string) (interface{}, error) {
 	originalPattern := valuePattern
+	vars := regexVariables.FindAllString(valuePattern, -1)
+	for _, v := range vars {
+		variable := strings.ReplaceAll(v, "{{", "")
+		variable = strings.ReplaceAll(variable, "}}", "")
+		variable = strings.TrimSpace(variable)
+		substitutedVar, err := ctx.Query(variable)
+		if err != nil {
+			return nil, fmt.Errorf("failed to resolve %v at path %s", variable, path)
+		}
+
+		log.V(3).Info("variable substituted", "variable", v, "value", substitutedVar, "path", path)
+
+		if val, ok := substitutedVar.(string); ok {
+			valuePattern = strings.Replace(valuePattern, v, val, -1)
+			continue
+		}
 
-	regex := regexp.MustCompile(`\{\{([^{}]*)\}\}`)
-	for {
-		if vars := regex.FindAllString(valuePattern, -1); len(vars) > 0 {
-			for _, v := range vars {
-				variable := v
-				variable = strings.ReplaceAll(variable, "{{", "")
-				variable = strings.ReplaceAll(variable, "}}", "")
-				variable = strings.TrimSpace(variable)
-
-				substitutedVar, err := ctx.Query(variable)
-				if err != nil {
-					return nil, fmt.Errorf("failed to resolve %v at path %s", variable, path)
-				}
-				if val, ok := substitutedVar.(string); ok {
-					valuePattern = strings.Replace(valuePattern, variable, val, -1)
-				} else {
-					if substitutedVar != nil {
-						if originalPattern == variable {
-							return substitutedVar, nil
-						}
-						return nil, fmt.Errorf("failed to resolve %v at path %s", variable, path)
-					}
-					return nil, NotFoundVariableErr{
-						variable: variable,
-						path:     path,
-					}
-				}
+		if substitutedVar != nil {
+			if originalPattern == variable {
+				return substitutedVar, nil
 			}
-		} else {
-			break
+
+			return nil, fmt.Errorf("failed to resolve %v at path %s", variable, path)
+		}
+
+		return nil, NotFoundVariableErr{
+			variable: variable,
+			path:     path,
 		}
 	}
 

diff --git a/pkg/policy/validate/validate.go b/pkg/policy/validate/validate.go
@@ -37,8 +37,6 @@ func (v *Validate) Validate() (string, error) {
 	}
 
 	if rule.AnyPattern != nil {
-		// validation := &kyverno.Validation{}
-		// rule.DeepCopyInto(validation)
 		anyPattern, err := rule.DeserializeAnyPattern()
 		if err != nil {
 			return "anyPattern", fmt.Errorf("failed to deserialze anyPattern, expect array: %v", err)

diff --git a/pkg/webhooks/common.go b/pkg/webhooks/common.go
@@ -34,7 +34,7 @@ func toBlockResource(engineReponses []response.EngineResponse, log logr.Logger)
 			return true
 		}
 	}
-	log.V(4).Info("sepc.ValidationFailureAction set to audit for all applicable policies, won't block resource operation")
+	log.V(4).Info("spec.ValidationFailureAction set to audit for all applicable policies, won't block resource operation")
 	return false
 }