From 2c9319ea87f2d28168f8bae065038e2f4b887136 Mon Sep 17 00:00:00 2001
From: shuting <shutting06@gmail.com>
Date: Thu, 30 Dec 2021 00:34:43 +0800
Subject: [PATCH] don't generate policy report on managed pod/job (#2889)

Signed-off-by: ShutingZhao <shuting@nirmata.com>
---
 pkg/engine/response/response.go | 5 +++++
 pkg/engine/utils.go             | 2 +-
 pkg/engine/validation.go        | 1 +
 pkg/policyreport/builder.go     | 5 +++++
 4 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/pkg/engine/response/response.go b/pkg/engine/response/response.go
index 1ef04f8a79..24aa4864a9 100644
--- a/pkg/engine/response/response.go
+++ b/pkg/engine/response/response.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"time"
 
+	kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 )
 
@@ -11,6 +12,10 @@ import (
 type EngineResponse struct {
 	// Resource patched with the engine action changes
 	PatchedResource unstructured.Unstructured
+
+	// Original policy
+	Policy *kyverno.ClusterPolicy
+
 	// Policy Response
 	PolicyResponse PolicyResponse
 }
diff --git a/pkg/engine/utils.go b/pkg/engine/utils.go
index ff743b75a4..03b0c211b8 100644
--- a/pkg/engine/utils.go
+++ b/pkg/engine/utils.go
@@ -377,7 +377,7 @@ func copyAnyAllConditions(original kyverno.AnyAllConditions) kyverno.AnyAllCondi
 
 // backwards compatibility
 func copyOldConditions(original []kyverno.Condition) []kyverno.Condition {
-	if original == nil || len(original) == 0 {
+	if len(original) == 0 {
 		return []kyverno.Condition{}
 	}
 
diff --git a/pkg/engine/validation.go b/pkg/engine/validation.go
index b64376c25b..cf477d5ba7 100644
--- a/pkg/engine/validation.go
+++ b/pkg/engine/validation.go
@@ -64,6 +64,7 @@ func buildResponse(ctx *PolicyContext, resp *response.EngineResponse, startTime
 		resp.PatchedResource = resource
 	}
 
+	resp.Policy = &ctx.Policy
 	resp.PolicyResponse.Policy.Name = ctx.Policy.GetName()
 	resp.PolicyResponse.Policy.Namespace = ctx.Policy.GetNamespace()
 	resp.PolicyResponse.Resource.Name = resp.PatchedResource.GetName()
diff --git a/pkg/policyreport/builder.go b/pkg/policyreport/builder.go
index fd8139d5e2..78af522a76 100755
--- a/pkg/policyreport/builder.go
+++ b/pkg/policyreport/builder.go
@@ -12,6 +12,7 @@ import (
 	report "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
 	kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/config"
+	"github.com/kyverno/kyverno/pkg/engine"
 	"github.com/kyverno/kyverno/pkg/engine/response"
 	"github.com/kyverno/kyverno/pkg/engine/utils"
 	"github.com/kyverno/kyverno/pkg/version"
@@ -66,6 +67,10 @@ func GeneratePRsFromEngineResponse(ers []*response.EngineResponse, log logr.Logg
 			continue
 		}
 
+		if er.Policy != nil && engine.ManagedPodResource(*er.Policy, er.PatchedResource) {
+			continue
+		}
+
 		// build policy violation info
 		pvInfos = append(pvInfos, buildPVInfo(er))
 	}