(chore): Ignore request originated from terminal when allowed all ori…

…gin serviceAccount is set (#30) Signed-off-by: Shubham Chaudhary <[email protected]>
litmuschaos · Aug 13, 2024 · 3a96a14 · 3a96a14
1 parent 8daf11f
commit 3a96a14
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/internal/pods/restrict.go b/internal/pods/restrict.go
@@ -28,7 +28,7 @@ func validateOriginServiceAccount(serviceAccount string) (bool, string) {
 
 	serviceAccountList := strings.Split(serviceAccount, ":")
 	if len(serviceAccountList) != 4 {
-		return false, fmt.Sprintf("%v serviceAccount is not in a valid format 'system:serviceaccount:<ns><name>'")
+		return false, fmt.Sprintf("%v serviceAccount is not in a valid format 'system:serviceaccount:<ns><name>'", serviceAccount)
 	}
 
 	for _, v := range utils.WebHookFilters.AllowedOriginServiceAccount.AllowedList {
@@ -79,6 +79,9 @@ func validateOriginPodImage(namespace string, extras map[string]v1.ExtraValue, c
 }
 
 func originFromTerminal(serviceAccount string) bool {
+	if utils.WebHookFilters.AllowedOriginServiceAccount.AllowedAll {
+		return true
+	}
 	if strings.Contains(serviceAccount, "system:serviceaccount") {
 		return false
 	}