diff --git a/plugin/pkg/admission/imagepolicy/config.go b/plugin/pkg/admission/imagepolicy/config.go index 558b290e862..df34a4906b4 100644 --- a/plugin/pkg/admission/imagepolicy/config.go +++ b/plugin/pkg/admission/imagepolicy/config.go @@ -86,7 +86,7 @@ func normalizeConfigDuration(name string, scale, value, min, max, defaultValue t value *= scale // check value is within range - if value <= min || value > max { + if value < min || value > max { return value, fmt.Errorf("valid value is between %v and %v, got %v", min, max, value) } return value, nil diff --git a/plugin/pkg/admission/imagepolicy/config_test.go b/plugin/pkg/admission/imagepolicy/config_test.go index 9f09d181448..8567011ce16 100644 --- a/plugin/pkg/admission/imagepolicy/config_test.go +++ b/plugin/pkg/admission/imagepolicy/config_test.go @@ -89,6 +89,34 @@ func TestConfigNormalization(t *testing.T) { }, wantErr: false, }, + { + test: "config within normal ranges for min values", + config: imagePolicyWebhookConfig{ + AllowTTL: minAllowTTL / time.Second, + DenyTTL: minDenyTTL / time.Second, + RetryBackoff: minRetryBackoff, + }, + normalizedConfig: imagePolicyWebhookConfig{ + AllowTTL: minAllowTTL, + DenyTTL: minDenyTTL, + RetryBackoff: minRetryBackoff * time.Millisecond, + }, + wantErr: false, + }, + { + test: "config within normal ranges for max values", + config: imagePolicyWebhookConfig{ + AllowTTL: maxAllowTTL / time.Second, + DenyTTL: maxDenyTTL / time.Second, + RetryBackoff: maxRetryBackoff / time.Millisecond, + }, + normalizedConfig: imagePolicyWebhookConfig{ + AllowTTL: maxAllowTTL, + DenyTTL: maxDenyTTL, + RetryBackoff: maxRetryBackoff, + }, + wantErr: false, + }, } for _, tt := range tests { err := normalizeWebhookConfig(&tt.config)