mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-04-08 10:04:25 +00:00
Code Activity

matching resources should be updated separate for mutate and validate rules

Browse source 
Signed-off-by: ShutingZhao <shutting06@gmail.com>
This commit is contained in:
ShutingZhao 2021-10-06 20:43:19 -07:00
parent 05a0737184
commit 08d75245a2
1 changed files with 13 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
pkg/webhookconfig/configmanager.go
View file

@ -469,17 +469,17 @@ func (m *webhookConfigManager) buildWebhooks(namespace string) (res []*webhook,
for _, p := range policies {
if p.HasValidate() || p.HasGenerate() {
if p.Spec.FailurePolicy != nil && *p.Spec.FailurePolicy == kyverno.Ignore {
m.mergeWebhook(validateIgnore, p)
m.mergeWebhook(validateIgnore, p, true)
} else {
m.mergeWebhook(validateFail, p)
m.mergeWebhook(validateFail, p, true)
}
}
if p.HasMutate() || p.HasGenerate() {
if p.Spec.FailurePolicy != nil && *p.Spec.FailurePolicy == kyverno.Ignore {
m.mergeWebhook(mutateIgnore, p)
m.mergeWebhook(mutateIgnore, p, false)
} else {
m.mergeWebhook(mutateFail, p)
m.mergeWebhook(mutateFail, p, false)
}
}
}
@ -648,12 +648,19 @@ func (m *webhookConfigManager) updateStatus(policy *kyverno.ClusterPolicy) error
}
// mergeWebhook merges the matching kinds of the policy to webhook.rule
func (m *webhookConfigManager) mergeWebhook(dst *webhook, policy *kyverno.ClusterPolicy) {
func (m *webhookConfigManager) mergeWebhook(dst *webhook, policy *kyverno.ClusterPolicy, updateValidate bool) {
matchedGVK := make([]string, 0)
for _, rule := range policy.Spec.Rules {
matchedGVK = append(matchedGVK, rule.MatchKinds()...)
// matching kinds in generate policies need to be added to both webhook
if rule.HasGenerate() {
matchedGVK = append(matchedGVK, rule.MatchKinds()...)
matchedGVK = append(matchedGVK, rule.Generation.ResourceSpec.Kind)
continue
}
if (updateValidate && rule.HasValidate()) ||
(!updateValidate && rule.HasMutate()) {
matchedGVK = append(matchedGVK, rule.MatchKinds()...)
}
}