mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-31 03:45:17 +00:00
fix: process audit policies when admission reports are disabled (#6531)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché
GitHub
parent
48726dcd4a
commit
0810290f26
1 changed files with 17 additions and 17 deletions
|
|
@ -182,19 +182,17 @@ func (v *validationHandler) handleAudit(
|
||||||
namespaceLabels map[string]string,
|
namespaceLabels map[string]string,
|
||||||
engineResponses ...*engineapi.EngineResponse,
|
engineResponses ...*engineapi.EngineResponse,
|
||||||
) {
|
) {
|
||||||
if !v.admissionReports {
|
createReport := v.admissionReports
|
||||||
return
|
|
||||||
}
|
|
||||||
if request.DryRun != nil && *request.DryRun {
|
if request.DryRun != nil && *request.DryRun {
|
||||||
return
|
createReport = false
|
||||||
}
|
}
|
||||||
// we don't need reports for deletions
|
// we don't need reports for deletions
|
||||||
if request.Operation == admissionv1.Delete {
|
if request.Operation == admissionv1.Delete {
|
||||||
return
|
createReport = false
|
||||||
}
|
}
|
||||||
// check if the resource supports reporting
|
// check if the resource supports reporting
|
||||||
if !reportutils.IsGvkSupported(schema.GroupVersionKind(request.Kind)) {
|
if !reportutils.IsGvkSupported(schema.GroupVersionKind(request.Kind)) {
|
||||||
return
|
createReport = false
|
||||||
}
|
}
|
||||||
tracing.Span(
|
tracing.Span(
|
||||||
context.Background(),
|
context.Background(),
|
||||||
|
|
@ -207,17 +205,19 @@ func (v *validationHandler) handleAudit(
|
||||||
}
|
}
|
||||||
events := webhookutils.GenerateEvents(responses, false)
|
events := webhookutils.GenerateEvents(responses, false)
|
||||||
v.eventGen.Add(events...)
|
v.eventGen.Add(events...)
|
||||||
responses = append(responses, engineResponses...)
|
if createReport {
|
||||||
report := reportutils.BuildAdmissionReport(resource, request, request.Kind, responses...)
|
responses = append(responses, engineResponses...)
|
||||||
// if it's not a creation, the resource already exists, we can set the owner
|
report := reportutils.BuildAdmissionReport(resource, request, request.Kind, responses...)
|
||||||
if request.Operation != admissionv1.Create {
|
// if it's not a creation, the resource already exists, we can set the owner
|
||||||
gv := metav1.GroupVersion{Group: request.Kind.Group, Version: request.Kind.Version}
|
if request.Operation != admissionv1.Create {
|
||||||
controllerutils.SetOwner(report, gv.String(), request.Kind.Kind, resource.GetName(), resource.GetUID())
|
gv := metav1.GroupVersion{Group: request.Kind.Group, Version: request.Kind.Version}
|
||||||
}
|
controllerutils.SetOwner(report, gv.String(), request.Kind.Kind, resource.GetName(), resource.GetUID())
|
||||||
if len(report.GetResults()) > 0 {
|
}
|
||||||
_, err = reportutils.CreateReport(ctx, report, v.kyvernoClient)
|
if len(report.GetResults()) > 0 {
|
||||||
if err != nil {
|
_, err = reportutils.CreateReport(ctx, report, v.kyvernoClient)
|
||||||
v.log.Error(err, "failed to create report")
|
if err != nil {
|
||||||
|
v.log.Error(err, "failed to create report")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue