fix: policy status reconciliation (#10032)

* fix: get latest policy object before updating status Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: remove debug code Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-12-15 17:51:20 +00:00 · 2024-04-12 15:08:15 +08:00 · 2024-04-12 15:08:15 +08:00 · 3e7a7ac244
commit 3e7a7ac244
parent 7c83ca189c
3 changed files with 22 additions and 8 deletions
--- a/pkg/controllers/webhook/controller.go
+++ b/pkg/controllers/webhook/controller.go
@ -487,9 +487,14 @@ func (c *controller) updatePolicyStatuses(ctx context.Context) error {
 	}
 	for _, policy := range policies {
 		if policy.GetNamespace() == "" {
-			_, err := controllerutils.UpdateStatus(
+			p, err := c.kyvernoClient.KyvernoV1().ClusterPolicies().Get(ctx, policy.GetName(), metav1.GetOptions{})
+			if err != nil {
+				logger.Error(err, "failed to get latest clusterpolicy for status reconciliation", "policy", policy.GetName())
+				continue
+			}
+			_, err = controllerutils.UpdateStatus(
 				ctx,
-				policy.(*kyvernov1.ClusterPolicy),
+				p,
 				c.kyvernoClient.KyvernoV1().ClusterPolicies(),
 				func(policy *kyvernov1.ClusterPolicy) error {
 					return updateStatusFunc(policy)
@ -499,9 +504,14 @@ func (c *controller) updatePolicyStatuses(ctx context.Context) error {
 				return err
 			}
 		} else {
-			_, err := controllerutils.UpdateStatus(
+			p, err := c.kyvernoClient.KyvernoV1().Policies(policy.GetNamespace()).Get(ctx, policy.GetName(), metav1.GetOptions{})
+			if err != nil {
+				logger.Error(err, "failed to get latest policy for status reconciliation", "namespace", policy.GetNamespace, "policy", policy.GetName())
+				continue
+			}
+			_, err = controllerutils.UpdateStatus(
 				ctx,
-				policy.(*kyvernov1.Policy),
+				p,
 				c.kyvernoClient.KyvernoV1().Policies(policy.GetNamespace()),
 				func(policy *kyvernov1.Policy) error {
 					return updateStatusFunc(policy)
--- a/pkg/engine/jmespath/functions_test.go
+++ b/pkg/engine/jmespath/functions_test.go
@ -1243,7 +1243,7 @@ ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn
 	// 	expectedResult: map[string]interface{}{},
 	// }
 	}
-	for i, tc := range testCases {
+	for _, tc := range testCases {
 		t.Run(tc.jmesPath, func(t *testing.T) {
 			jp, err := jmespathInterface.Query(tc.jmesPath)
 			assert.NilError(t, err)
@ -1255,7 +1255,6 @@ ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn

 			res, ok := result.(map[string]interface{})
 			assert.Assert(t, ok)
-			fmt.Println("======i", i)
 			assert.DeepEqual(t, res, tc.expectedResult)
 		})
 	}
--- a/pkg/utils/controller/utils.go
+++ b/pkg/utils/controller/utils.go
@ -149,9 +149,14 @@ func Update[T interface {
 func UpdateStatus[T interface {
 	metav1.Object
 	DeepCopy[T]
-}, S StatusClient[T]](ctx context.Context, obj T, setter S, build func(T) error,
+}, S ObjectStatusClient[T]](ctx context.Context, obj T, setter S, build func(T) error,
 ) (T, error) {
-	mutated := obj.DeepCopy()
+	var objNew T
+	objNew, err := setter.Get(ctx, obj.GetName(), metav1.GetOptions{})
+	if err != nil {
+		return objNew, err
+	}
+	mutated := objNew.DeepCopy()
 	if err := build(mutated); err != nil {
 		var d T
 		return d, err