Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] add validation for generate loops #1941

Closed
JimBugwadia opened this issue Jun 1, 2021 · 0 comments · Fixed by #2275
Closed

[BUG] add validation for generate loops #1941

JimBugwadia opened this issue Jun 1, 2021 · 0 comments · Fixed by #2275
Assignees
@vyankyGH
Labels
bug Something isn't working generation Issues pertaining to the generate ability.
Milestone
Kyverno Release 1...

Comments

@JimBugwadia
Copy link
Member

Software version numbers

  • Kubernetes version: all
  • Kyverno version: 1.3.6

Describe the bug

A generate policy can be written to match and generate the same resource type.

To Reproduce

Create a policy with a generate rule that matches a Deployment and generates a Deployment.

Expected behavior

Kyverno should not allow a creation of a generate policy where the matched kind is the same as the generated kind, and no other filters are provided. This can be added to the policy validation checks.

The same check should also be done when a pod is the matched kind and a pod controller is created, or a pod controller is the matched kind and a pod is created, and no other filters are provided.

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context

See: https://twitter.com/noelgeorgi/status/1392002713521516544 and #1905.
@JimBugwadia JimBugwadia added the bug Something isn't working label Jun 1, 2021
@JimBugwadia JimBugwadia changed the title [BUG] prevent generate loops [BUG] add validation for generate loops Jun 1, 2021
@chipzoller chipzoller added the generation Issues pertaining to the generate ability. label Jul 15, 2021
@vyankyGH vyankyGH self-assigned this Aug 17, 2021
@vyankyGH vyankyGH added this to the Kyverno Release 1.5.0 milestone Aug 18, 2021
@vyankyGH vyankyGH mentioned this issue Aug 20, 2021
Merged
4 tasks
@chipzoller chipzoller mentioned this issue Jan 17, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vyankyGH vyankyGH

Labels
bug Something isn't working generation Issues pertaining to the generate ability.
Projects
None yet
Milestone
Kyverno Release 1.4.3
Development

Successfully merging a pull request may close this issue.

Validation for generate loops and support ClusterPolicy/Policy in match block vyankyGH/kyverno
4 participants
@JimBugwadia @vyankyGH @realshuting @chipzoller