don't generate policy report on managed pod/job (#2889)

Signed-off-by: ShutingZhao <shuting@nirmata.com>

pkg/engine/response/response.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"time"
 
+	kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 )
 
@@ -11,6 +12,10 @@ import (
 type EngineResponse struct {
 	// Resource patched with the engine action changes
 	PatchedResource unstructured.Unstructured
+
+	// Original policy
+	Policy *kyverno.ClusterPolicy
+
 	// Policy Response
 	PolicyResponse PolicyResponse
 }

pkg/engine/utils.go

@@ -377,7 +377,7 @@ func copyAnyAllConditions(original kyverno.AnyAllConditions) kyverno.AnyAllCondi
 
 // backwards compatibility
 func copyOldConditions(original []kyverno.Condition) []kyverno.Condition {
-	if original == nil || len(original) == 0 {
+	if len(original) == 0 {
 		return []kyverno.Condition{}
 	}
 

pkg/engine/validation.go

@@ -64,6 +64,7 @@ func buildResponse(ctx *PolicyContext, resp *response.EngineResponse, startTime
 		resp.PatchedResource = resource
 	}
 
+	resp.Policy = &ctx.Policy
 	resp.PolicyResponse.Policy.Name = ctx.Policy.GetName()
 	resp.PolicyResponse.Policy.Namespace = ctx.Policy.GetNamespace()
 	resp.PolicyResponse.Resource.Name = resp.PatchedResource.GetName()

pkg/policyreport/builder.go

@@ -12,6 +12,7 @@ import (
 	report "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
 	kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/config"
+	"github.com/kyverno/kyverno/pkg/engine"
 	"github.com/kyverno/kyverno/pkg/engine/response"
 	"github.com/kyverno/kyverno/pkg/engine/utils"
 	"github.com/kyverno/kyverno/pkg/version"
@@ -66,6 +67,10 @@ func GeneratePRsFromEngineResponse(ers []*response.EngineResponse, log logr.Logg
 			continue
 		}
 
+		if er.Policy != nil && engine.ManagedPodResource(*er.Policy, er.PatchedResource) {
+			continue
+		}
+
 		// build policy violation info
 		pvInfos = append(pvInfos, buildPVInfo(er))
 	}