[Bug]: Volumes aren't converted properly

[clijsters]

What happened?

While converting a PSP with any spec.volumes in it, the generated kyverno policy doesn't use the given volumes list, but a hard coded one from kyverno.ts#111, so the output is:

conditions:
            all:
              - key: "{{ request.object.spec.volumes[].keys(@)[] }}"
                operator: AnyNotIn
                value:
                  - name
                  - projected
                  - emptyDir

Regardless of the input object.

My wild guess is that the hard coded list should be replaced with smth like exactly done in the capabilities section at kyverno.ts#190

How to reproduce:

$ echo "foobarYouCanTypeAnything" | ./psp-migration-linux-x64 -e kyverno
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: psp-volumes-27205
spec:
  rules:
    - preconditions:
        all:
          - key: "{{ request.object.spec.volumes[].keys(@)[] | length(@) }}"
            operator: GreaterThan
            value: 0
      validate:
        deny:
          conditions:
            all:
              - key: "{{ request.object.spec.volumes[].keys(@)[] }}"
                operator: AnyNotIn
                value:
                  - name
                  - projected
                  - emptyDir
        message: Rejected by psp-volumes-0 rule
      match:
        resources:
          kinds:
            - Pod
      name: psp-volumes-0
  validationFailureAction: enforce

What policy engine were you generating policy for

Kynvero

Relevant log output

No response