fix: fix mapping of validation action for synchronized bindings

kubeshop · Jan 4, 2024 · ea3c92e · ea3c92e
1 parent 541babd
commit ea3c92e
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/admission-controller/synchronizer/src/utils/policy-updater.ts b/admission-controller/synchronizer/src/utils/policy-updater.ts
@@ -216,7 +216,7 @@ export class PolicyUpdater {
 
     return {
       policyName: binding.policy.id,
-      validationActions: ['Warn'],
+      validationActions: [this.mapValidationAction(binding.action)],
       matchResources: {
         namespaceSelector: {
           matchExpressions: [{
@@ -239,4 +239,18 @@ export class PolicyUpdater {
 
     return _.isEqual(binding1Copy, binding2Copy);
   }
+
+  protected mapValidationAction(action: string) {
+    const actionNormalized = action.toLowerCase().trim();
+
+    switch (actionNormalized) {
+      case 'warn':
+        return 'Warn';
+      case 'deny':
+        return 'Deny';
+      default:
+        this._logger.error({ msg: 'Unknown validation action', action });
+        return 'Warn';
+    }
+  }
 }
diff --git a/admission-controller/synchronizer/src/utils/queries.ts b/admission-controller/synchronizer/src/utils/queries.ts
@@ -10,6 +10,7 @@ export type ClusterQueryResponseBindingPolicy = {
 export type ClusterQueryResponseBinding = {
   id: string
   mode: 'ALLOW_LIST' | 'BLOCK_LIST'
+  action: 'warn' | 'deny'
   namespaces: string[]
   policy: ClusterQueryResponseBindingPolicy
 };
@@ -53,6 +54,7 @@ export const getClusterQuery = `
       bindings {
         id
         mode
+        action
         namespaces
         policy {
           id