Skip to content

[Bug] No way to set default value for apiCall.service.url response in case of error. #7607

New issue
New issue
Closed
Closed
[Bug] No way to set default value for apiCall.service.url response in case of error.#7607
Assignees
JimBugwadia
Labels
API CallUse case for API Server calls to fetch JSON databugSomething isn't workingend userThis label is used to track the issue that is raised by the end user.
@marverix

Description

@marverix
marverix
opened on Jun 20, 2023

Kyverno Version

1.10.0

Kubernetes Version

1.25.x

Kubernetes Platform

EKS

Kyverno Rule Type

Mutate

Description

Whenever mutation policy is using apiCall.service.url and the requests fails, there is no way to continue with mutation and do anything else in alternative.

Steps to reproduce

  1. Have a REST microservice in another namespace.
  2. Create namespace "test123".
  3. Create a policy in this namespace:
apiVersion: kyverno.io/v1
kind: Policy
metadata:
  name: add-owner-label
spec:
  failurePolicy: Ignore
  rules:
  - name: call-extension
    match:
      all:
      - resources:
          kinds:
          - Deployment  
    context:
    - name: response
      apiCall:
        method: GET
        service:
          url: "http://name-of-service.namespace.svc.cluster.local:8080/api-path/{{request.name}}"
    mutate:
      patchStrategicMerge:
        spec:
          template:
            metadata:
              labels:
                owner: "{{ response.owner || '' }}"
  1. Try to create a deployment in this policy in in case when microservice (service.url) will response in 200.
  2. Try to create a deployment in this policy in in case when microservice (service.url) will response in 404.

Expected behavior

There should be an easy way to instruct kyverno what to do when provided API call to service.url responses with >= 400. OR AT LEAST allow to use the JSON response from error.
Currently there is no way to do that. Each time I'm trying to execute any test on response I'm getting an error while creating the Deployment. Each time I'm getting error like:

Error from server: error when creating "echo.yaml": admission webhook "mutate.kyverno.svc-ignore" denied the request: mutation policy add-owner-label error: failed to apply policy add-owner-label rules [call-extension: variable substitution failed: failed to resolve response.owner || '' at path /mutate/patchStrategicMerge/spec/template/metadata/labels/owner: failed to execute APICall: HTTP 404 Not Found: {"detail":"Component with id `echo123` not found"}]

Screenshots

No response

Kyverno logs

No response

Slack discussion

https://kubernetes.slack.com/archives/CLGR9BJU9/p1687262575354459

Troubleshooting

  • I have read and followed the documentation AND the troubleshooting guide.
  • I have searched other issues in this repository and mine is not recorded.

Metadata

Metadata

Assignees

Labels

API CallUse case for API Server calls to fetch JSON databugSomething isn't workingend userThis label is used to track the issue that is raised by the end user.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions