mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00
Code Activity

fix policy report reconciliation on resource/policy deletion (#2610)

Browse source
This commit is contained in:
shuting 2021-10-27 22:59:59 -07:00 committed by GitHub
parent e6240f3d79
commit 4835157cc4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
pkg/policyreport/builder.go
View file

@ -128,7 +128,7 @@ func (builder *requestBuilder) build(info Info) (req *unstructured.Unstructured,
set(req, info)
}
if !setRequestLabels(req, info) {
if !setRequestDeletionLabels(req, info) {
if len(results) == 0 {
// return nil on empty result without a deletion
return nil, nil
@ -189,7 +189,7 @@ func set(obj *unstructured.Unstructured, info Info) {
})
}
func setRequestLabels(req *unstructured.Unstructured, info Info) bool {
func setRequestDeletionLabels(req *unstructured.Unstructured, info Info) bool {
switch {
case isResourceDeletion(info):
req.SetAnnotations(map[string]string{
@ -197,26 +197,28 @@ func setRequestLabels(req *unstructured.Unstructured, info Info) bool {
deletedAnnotationResourceKind: info.Results[0].Resource.Kind,
})
req.SetLabels(map[string]string{
resourceLabelNamespace: info.Results[0].Resource.Namespace,
})
labels := req.GetLabels()
labels[resourceLabelNamespace] = info.Results[0].Resource.Namespace
req.SetLabels(labels)
return true
case isPolicyDeletion(info):
req.SetKind("ReportChangeRequest")
req.SetGenerateName("rcr-")
req.SetLabels(map[string]string{
deletedLabelPolicy: info.PolicyName},
)
labels := req.GetLabels()
labels[deletedLabelPolicy] = info.PolicyName
req.SetLabels(labels)
return true
case isRuleDeletion(info):
req.SetKind("ReportChangeRequest")
req.SetGenerateName("rcr-")
req.SetLabels(map[string]string{
deletedLabelPolicy: info.PolicyName,
deletedLabelRule: info.Results[0].Rules[0].Name},
)
labels := req.GetLabels()
labels[deletedLabelPolicy] = info.PolicyName
labels[deletedLabelRule] = info.Results[0].Rules[0].Name
req.SetLabels(labels)
return true
}

5
pkg/policyreport/reportcontroller.go
View file

@ -319,6 +319,7 @@ func (g *ReportGenerator) syncHandler(key string) (aggregatedRequests interface{
g.log.V(4).Info("syncing policy report", "key", key)
if policy, rule, ok := isDeletedPolicyKey(key); ok {
g.log.V(4).Info("sync policy report on policy deletion")
return g.removePolicyEntryFromReport(policy, rule)
}
@ -332,7 +333,9 @@ func (g *ReportGenerator) syncHandler(key string) (aggregatedRequests interface{
if old, err = g.createReportIfNotPresent(namespace, new, aggregatedRequests); err != nil {
return aggregatedRequests, err
}
if old == nil {
g.log.V(4).Info("no existing policy report is found, clean up related report change requests")
g.cleanupReportRequests(aggregatedRequests)
return nil, nil
}
@ -629,6 +632,7 @@ func (g *ReportGenerator) updateReport(old interface{}, new *unstructured.Unstru
g.log.V(4).Info("empty report to update")
return nil
}
g.log.V(4).Info("reconcile policy report")
oldUnstructured := make(map[string]interface{})
@ -655,6 +659,7 @@ func (g *ReportGenerator) updateReport(old interface{}, new *unstructured.Unstru
new.SetResourceVersion(oldTyped.GetResourceVersion())
}
g.log.V(4).Info("update results entries")
obj, _, err := updateResults(oldUnstructured, new.UnstructuredContent(), aggregatedRequests)
if err != nil {
return fmt.Errorf("failed to update results entry: %v", err)