diff --git a/api/kyverno/v1/resource_spec_types.go b/api/kyverno/v1/resource_spec_types.go
index fde4889b98..b3e701673c 100644
--- a/api/kyverno/v1/resource_spec_types.go
+++ b/api/kyverno/v1/resource_spec_types.go
@@ -6,6 +6,7 @@ import (
"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
+ "k8s.io/apimachinery/pkg/types"
)
type ResourceSpec struct {
@@ -20,12 +21,16 @@ type ResourceSpec struct {
// Name specifies the resource name.
// +optional
Name string `json:"name,omitempty" yaml:"name,omitempty"`
+ // UID specifies the resource uid.
+ // +optional
+ UID types.UID `json:"uid,omitempty" yaml:"uid,omitempty"`
}
func (s ResourceSpec) GetName() string { return s.Name }
func (s ResourceSpec) GetNamespace() string { return s.Namespace }
func (s ResourceSpec) GetKind() string { return s.Kind }
func (s ResourceSpec) GetAPIVersion() string { return s.APIVersion }
+func (s ResourceSpec) GetUID() types.UID { return s.UID }
func (s ResourceSpec) GetGroupVersion() (schema.GroupVersion, error) {
return schema.ParseGroupVersion(s.APIVersion)
}
diff --git a/api/kyverno/v1beta1/constants.go b/api/kyverno/v1beta1/constants.go
index 9ebf23fdd9..599cf3360b 100644
--- a/api/kyverno/v1beta1/constants.go
+++ b/api/kyverno/v1beta1/constants.go
@@ -11,6 +11,7 @@ const (
// URGeneratePolicyLabel adds the policy name to URs for generate policies
URGeneratePolicyLabel = "generate.kyverno.io/policy-name"
URGenerateResourceNameLabel = "generate.kyverno.io/resource-name"
+ URGenerateResourceUIDLabel = "generate.kyverno.io/resource-uid"
URGenerateResourceNSLabel = "generate.kyverno.io/resource-namespace"
URGenerateResourceKindLabel = "generate.kyverno.io/resource-kind"
URGenerateRetryCountAnnotation = "generate.kyverno.io/retry-count"
diff --git a/charts/kyverno/charts/crds/templates/crds.yaml b/charts/kyverno/charts/crds/templates/crds.yaml
index 1b1e6f3536..f9b86b0114 100644
--- a/charts/kyverno/charts/crds/templates/crds.yaml
+++ b/charts/kyverno/charts/crds/templates/crds.yaml
@@ -7429,6 +7429,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -8694,6 +8697,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -11801,6 +11807,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -13122,6 +13131,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -16193,6 +16205,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -17245,6 +17260,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -20505,6 +20523,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -21826,6 +21847,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -25137,6 +25161,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -26402,6 +26429,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -29510,6 +29540,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -30831,6 +30864,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -33903,6 +33939,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -34955,6 +34994,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -38215,6 +38257,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -39536,6 +39581,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -43090,6 +43138,9 @@ spec:
namespace:
description: Namespace specifies resource namespace.
type: string
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
rule:
description: Rule is the associate rule name of the current UR.
@@ -43125,6 +43176,9 @@ spec:
namespace:
description: Namespace specifies resource namespace.
type: string
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
handler:
diff --git a/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_clusterpolicies.yaml b/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_clusterpolicies.yaml
index 2b6b88b169..13ed761c4d 100644
--- a/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_clusterpolicies.yaml
+++ b/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_clusterpolicies.yaml
@@ -1123,6 +1123,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -2388,6 +2391,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -5495,6 +5501,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -6816,6 +6825,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -9887,6 +9899,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -10939,6 +10954,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -14199,6 +14217,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -15520,6 +15541,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
diff --git a/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_policies.yaml b/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_policies.yaml
index f0c8222a15..656e9e423f 100644
--- a/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_policies.yaml
+++ b/cmd/cli/kubectl-kyverno/data/crds/kyverno.io_policies.yaml
@@ -1124,6 +1124,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -2389,6 +2392,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -5497,6 +5503,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -6818,6 +6827,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -9890,6 +9902,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -10942,6 +10957,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -14202,6 +14220,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -15523,6 +15544,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
diff --git a/config/crds/kyverno.io_clusterpolicies.yaml b/config/crds/kyverno.io_clusterpolicies.yaml
index 2b6b88b169..13ed761c4d 100644
--- a/config/crds/kyverno.io_clusterpolicies.yaml
+++ b/config/crds/kyverno.io_clusterpolicies.yaml
@@ -1123,6 +1123,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -2388,6 +2391,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -5495,6 +5501,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -6816,6 +6825,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -9887,6 +9899,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -10939,6 +10954,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -14199,6 +14217,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -15520,6 +15541,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
diff --git a/config/crds/kyverno.io_policies.yaml b/config/crds/kyverno.io_policies.yaml
index f0c8222a15..656e9e423f 100644
--- a/config/crds/kyverno.io_policies.yaml
+++ b/config/crds/kyverno.io_policies.yaml
@@ -1124,6 +1124,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -2389,6 +2392,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -5497,6 +5503,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -6818,6 +6827,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -9890,6 +9902,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -10942,6 +10957,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -14202,6 +14220,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -15523,6 +15544,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
diff --git a/config/crds/kyverno.io_updaterequests.yaml b/config/crds/kyverno.io_updaterequests.yaml
index ac68f9095a..f1ed657058 100644
--- a/config/crds/kyverno.io_updaterequests.yaml
+++ b/config/crds/kyverno.io_updaterequests.yaml
@@ -343,6 +343,9 @@ spec:
namespace:
description: Namespace specifies resource namespace.
type: string
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
rule:
description: Rule is the associate rule name of the current UR.
@@ -378,6 +381,9 @@ spec:
namespace:
description: Namespace specifies resource namespace.
type: string
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
handler:
diff --git a/config/install-latest-testing.yaml b/config/install-latest-testing.yaml
index 93a5574d3c..153018ac7b 100644
--- a/config/install-latest-testing.yaml
+++ b/config/install-latest-testing.yaml
@@ -7648,6 +7648,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -8913,6 +8916,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -12020,6 +12026,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -13341,6 +13350,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -16412,6 +16424,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -17464,6 +17479,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -20724,6 +20742,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -22045,6 +22066,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -25358,6 +25382,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -26623,6 +26650,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -29731,6 +29761,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -31052,6 +31085,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -34124,6 +34160,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -35176,6 +35215,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -38436,6 +38478,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
imageExtractors:
additionalProperties:
@@ -39757,6 +39802,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
type: object
@@ -43315,6 +43363,9 @@ spec:
namespace:
description: Namespace specifies resource namespace.
type: string
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
rule:
description: Rule is the associate rule name of the current UR.
@@ -43350,6 +43401,9 @@ spec:
namespace:
description: Namespace specifies resource namespace.
type: string
+ uid:
+ description: UID specifies the resource uid.
+ type: string
type: object
type: array
handler:
diff --git a/docs/user/crd/index.html b/docs/user/crd/index.html
index 15c7332081..44496d6a4a 100644
--- a/docs/user/crd/index.html
+++ b/docs/user/crd/index.html
@@ -3298,6 +3298,20 @@ string
Name specifies the resource name.
+
+
+uid
+
+
+k8s.io/apimachinery/pkg/types.UID
+
+
+ |
+
+(Optional)
+ UID specifies the resource uid.
+ |
+
diff --git a/pkg/background/common/constants.go b/pkg/background/common/constants.go
index b278419d6f..200a0b21b6 100644
--- a/pkg/background/common/constants.go
+++ b/pkg/background/common/constants.go
@@ -5,11 +5,13 @@ const (
GeneratePolicyNamespaceLabel = "generate.kyverno.io/policy-namespace"
GenerateRuleLabel = "generate.kyverno.io/rule-name"
GenerateTriggerNameLabel = "generate.kyverno.io/trigger-name"
+ GenerateTriggerUIDLabel = "generate.kyverno.io/trigger-uid"
GenerateTriggerNSLabel = "generate.kyverno.io/trigger-namespace"
GenerateTriggerKindLabel = "generate.kyverno.io/trigger-kind"
GenerateTriggerVersionLabel = "generate.kyverno.io/trigger-version"
GenerateTriggerGroupLabel = "generate.kyverno.io/trigger-group"
GenerateSourceNameLabel = "generate.kyverno.io/source-name"
+ GenerateSourceUIDLabel = "generate.kyverno.io/source-uid"
GenerateSourceNSLabel = "generate.kyverno.io/source-namespace"
GenerateSourceKindLabel = "generate.kyverno.io/source-kind"
GenerateSourceVersionLabel = "generate.kyverno.io/source-version"
diff --git a/pkg/background/common/labels.go b/pkg/background/common/labels.go
index 6bbfb8af91..416af7ee1e 100644
--- a/pkg/background/common/labels.go
+++ b/pkg/background/common/labels.go
@@ -11,6 +11,7 @@ import (
"github.com/kyverno/kyverno/pkg/logging"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
pkglabels "k8s.io/apimachinery/pkg/labels"
+ "k8s.io/apimachinery/pkg/types"
"k8s.io/client-go/tools/cache"
)
@@ -19,6 +20,7 @@ type Object interface {
GetNamespace() string
GetKind() string
GetAPIVersion() string
+ GetUID() types.UID
}
func ManageLabels(unstr *unstructured.Unstructured, triggerResource unstructured.Unstructured, policy kyvernov1.PolicyInterface, ruleName string) {
@@ -59,7 +61,7 @@ func GenerateLabelsSet(policyKey string, trigger Object) pkglabels.Set {
}
isNil := trigger == nil || (reflect.ValueOf(trigger).Kind() == reflect.Ptr && reflect.ValueOf(trigger).IsNil())
if !isNil {
- set[kyvernov1beta1.URGenerateResourceNameLabel] = trigger.GetName()
+ set[kyvernov1beta1.URGenerateResourceUIDLabel] = string(trigger.GetUID())
set[kyvernov1beta1.URGenerateResourceNSLabel] = trigger.GetNamespace()
set[kyvernov1beta1.URGenerateResourceKindLabel] = trigger.GetKind()
}
@@ -94,16 +96,9 @@ func TriggerInfo(labels map[string]string, obj unstructured.Unstructured) {
labels[GenerateTriggerGroupLabel] = obj.GroupVersionKind().Group
labels[GenerateTriggerKindLabel] = obj.GetKind()
labels[GenerateTriggerNSLabel] = obj.GetNamespace()
- labels[GenerateTriggerNameLabel] = trimByLength(obj.GetName(), 63)
+ labels[GenerateTriggerUIDLabel] = string(obj.GetUID())
}
func TagSource(labels map[string]string, obj Object) {
labels[GenerateTypeCloneSourceLabel] = ""
}
-
-func trimByLength(value string, character int) string {
- if len(value) > character {
- return value[0:character]
- }
- return value
-}
diff --git a/pkg/background/common/resource.go b/pkg/background/common/resource.go
index 4c252b5d63..ae6e8495ef 100644
--- a/pkg/background/common/resource.go
+++ b/pkg/background/common/resource.go
@@ -3,22 +3,31 @@ package common
import (
"context"
"fmt"
- "time"
"github.com/go-logr/logr"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
"github.com/kyverno/kyverno/pkg/clients/dclient"
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
- retryutils "github.com/kyverno/kyverno/pkg/utils/retry"
admissionv1 "k8s.io/api/admission/v1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)
-func GetResource(client dclient.Interface, urSpec kyvernov1beta1.UpdateRequestSpec, log logr.Logger) (*unstructured.Unstructured, error) {
+func GetResource(client dclient.Interface, urSpec kyvernov1beta1.UpdateRequestSpec, log logr.Logger) (resource *unstructured.Unstructured, err error) {
resourceSpec := urSpec.GetResource()
- get := func() (*unstructured.Unstructured, error) {
+ if urSpec.GetResource().GetUID() != "" {
+ triggers, err := client.ListResource(context.TODO(), resourceSpec.GetAPIVersion(), resourceSpec.GetKind(), resourceSpec.GetNamespace(), nil)
+ if err != nil {
+ return nil, fmt.Errorf("failed to list trigger resources: %v", err)
+ }
+
+ for _, trigger := range triggers.Items {
+ if resourceSpec.GetUID() == trigger.GetUID() {
+ return &trigger, nil
+ }
+ }
+ } else if urSpec.GetResource().GetName() != "" {
if resourceSpec.Kind == "Namespace" {
resourceSpec.Namespace = ""
}
@@ -35,18 +44,6 @@ func GetResource(client dclient.Interface, urSpec kyvernov1beta1.UpdateRequestSp
return resource, nil
}
- var resource *unstructured.Unstructured
- var err error
- retry := func(_ context.Context) error {
- resource, err = get()
- return err
- }
-
- f := retryutils.RetryFunc(context.TODO(), time.Second, 5*time.Second, log.WithName("getResource"), "failed to get resource", retry)
- if err := f(); err != nil {
- return nil, err
- }
-
if resource == nil && urSpec.Context.AdmissionRequestInfo.AdmissionRequest != nil {
request := urSpec.Context.AdmissionRequestInfo.AdmissionRequest
raw := request.Object.Raw
diff --git a/pkg/background/common/util.go b/pkg/background/common/util.go
index 65e3386d3b..2b5663791d 100644
--- a/pkg/background/common/util.go
+++ b/pkg/background/common/util.go
@@ -9,6 +9,7 @@ import (
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
kyvernov1beta1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1beta1"
+ "github.com/kyverno/kyverno/pkg/clients/dclient"
"github.com/kyverno/kyverno/pkg/config"
"github.com/kyverno/kyverno/pkg/logging"
errors "github.com/pkg/errors"
@@ -51,6 +52,7 @@ func ResourceSpecFromUnstructured(obj unstructured.Unstructured) kyvernov1.Resou
Kind: obj.GetKind(),
Namespace: obj.GetNamespace(),
Name: obj.GetName(),
+ UID: obj.GetUID(),
}
}
@@ -99,3 +101,8 @@ func UpdateRetryAnnotation(kyvernoClient versioned.Interface, ur *kyvernov1beta1
}
return nil
}
+
+func FindDownstream(client dclient.Interface, apiVersion, kind string, labels map[string]string) (*unstructured.UnstructuredList, error) {
+ selector := &metav1.LabelSelector{MatchLabels: labels}
+ return client.ListResource(context.TODO(), apiVersion, kind, "", selector)
+}
diff --git a/pkg/background/generate/cleanup.go b/pkg/background/generate/cleanup.go
index 1b806ff7b9..955b47474b 100644
--- a/pkg/background/generate/cleanup.go
+++ b/pkg/background/generate/cleanup.go
@@ -101,25 +101,51 @@ func (c *GenerateController) getDownstreams(rule kyvernov1.Rule, selector map[st
return nil, err
}
- selector[common.GenerateTriggerNameLabel] = ur.Spec.GetResource().GetName()
+ selector[common.GenerateTriggerUIDLabel] = string(ur.Spec.GetResource().GetUID())
selector[common.GenerateTriggerNSLabel] = ur.Spec.GetResource().GetNamespace()
selector[common.GenerateTriggerKindLabel] = ur.Spec.GetResource().GetKind()
selector[common.GenerateTriggerGroupLabel] = gv.Group
selector[common.GenerateTriggerVersionLabel] = gv.Version
if rule.Generation.GetKind() != "" {
- c.log.V(4).Info("fetching downstream resources", "APIVersion", rule.Generation.GetAPIVersion(), "kind", rule.Generation.GetKind(), "selector", selector)
- return FindDownstream(c.client, rule.Generation.GetAPIVersion(), rule.Generation.GetKind(), selector)
+ // Fetch downstream resources using trigger uid label
+ c.log.V(4).Info("fetching downstream resource by the UID", "APIVersion", rule.Generation.GetAPIVersion(), "kind", rule.Generation.GetKind(), "selector", selector)
+ downstreamList, err := common.FindDownstream(c.client, rule.Generation.GetAPIVersion(), rule.Generation.GetKind(), selector)
+ if err != nil {
+ return nil, err
+ }
+
+ if len(downstreamList.Items) == 0 {
+ // Fetch downstream resources using the trigger name label
+ delete(selector, common.GenerateTriggerUIDLabel)
+ selector[common.GenerateTriggerNameLabel] = ur.Spec.GetResource().GetName()
+ c.log.V(4).Info("fetching downstream resource by the name", "APIVersion", rule.Generation.GetAPIVersion(), "kind", rule.Generation.GetKind(), "selector", selector)
+ dsList, err := common.FindDownstream(c.client, rule.Generation.GetAPIVersion(), rule.Generation.GetKind(), selector)
+ if err != nil {
+ return nil, err
+ }
+ downstreamList.Items = append(downstreamList.Items, dsList.Items...)
+ }
+
+ return downstreamList, err
}
dsList := &unstructured.UnstructuredList{}
for _, kind := range rule.Generation.CloneList.Kinds {
apiVersion, kind := kubeutils.GetKindFromGVK(kind)
- c.log.V(4).Info("fetching downstream resources", "APIVersion", apiVersion, "kind", kind, "selector", selector)
- dsList, err = FindDownstream(c.client, apiVersion, kind, selector)
+ c.log.V(4).Info("fetching downstream cloneList resources by the UID", "APIVersion", apiVersion, "kind", kind, "selector", selector)
+ dsList, err = common.FindDownstream(c.client, apiVersion, kind, selector)
if err != nil {
return nil, err
- } else {
- dsList.Items = append(dsList.Items, dsList.Items...)
+ }
+
+ if len(dsList.Items) == 0 {
+ delete(selector, common.GenerateTriggerUIDLabel)
+ selector[common.GenerateTriggerNameLabel] = ur.Spec.GetResource().GetName()
+ c.log.V(4).Info("fetching downstream resource by the name", "APIVersion", rule.Generation.GetAPIVersion(), "kind", rule.Generation.GetKind(), "selector", selector)
+ dsList, err = common.FindDownstream(c.client, rule.Generation.GetAPIVersion(), rule.Generation.GetKind(), selector)
+ if err != nil {
+ return nil, err
+ }
}
}
return dsList, nil
diff --git a/pkg/background/generate/generate.go b/pkg/background/generate/generate.go
index b1753c8cfe..21b96f1ab0 100644
--- a/pkg/background/generate/generate.go
+++ b/pkg/background/generate/generate.go
@@ -34,6 +34,7 @@ import (
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/runtime/schema"
+ "k8s.io/apimachinery/pkg/selection"
corev1listers "k8s.io/client-go/listers/core/v1"
"k8s.io/client-go/tools/cache"
)
@@ -232,16 +233,36 @@ func (c *GenerateController) applyGenerate(resource unstructured.Unstructured, u
logger.V(4).Info("querying all update requests")
selector := labels.SelectorFromSet(labels.Set(map[string]string{
kyvernov1beta1.URGeneratePolicyLabel: engineResponse.Policy().GetName(),
- kyvernov1beta1.URGenerateResourceNameLabel: engineResponse.Resource.GetName(),
kyvernov1beta1.URGenerateResourceKindLabel: engineResponse.Resource.GetKind(),
kyvernov1beta1.URGenerateResourceNSLabel: engineResponse.Resource.GetNamespace(),
}))
- urList, err := c.urLister.List(selector)
+ // get update requests that have the resource UID label
+ requirement, err := labels.NewRequirement(kyvernov1beta1.URGenerateResourceUIDLabel, selection.Equals, []string{string(engineResponse.Resource.GetUID())})
+ if err != nil {
+ logger.Error(err, "failed to add the resource UID label")
+ }
+ selectorWithResUID := selector.Add(*requirement)
+ urList, err := c.urLister.List(selectorWithResUID)
if err != nil {
logger.Error(err, "failed to get update request for the resource", "kind", engineResponse.Resource.GetKind(), "name", engineResponse.Resource.GetName(), "namespace", engineResponse.Resource.GetNamespace())
continue
}
+ if len(urList) == 0 {
+ // get update requests that have the resource name label
+ requirement, err = labels.NewRequirement(kyvernov1beta1.URGenerateResourceNameLabel, selection.Equals, []string{engineResponse.Resource.GetName()})
+ if err != nil {
+ logger.Error(err, "failed to add the resource name label")
+ continue
+ }
+ selectorWithResName := selector.Add(*requirement)
+ urList, err = c.urLister.List(selectorWithResName)
+ if err != nil {
+ logger.Error(err, "failed to get update request for the resource", "kind", engineResponse.Resource.GetKind(), "name", engineResponse.Resource.GetName(), "namespace", engineResponse.Resource.GetNamespace())
+ continue
+ }
+ }
+
for _, v := range urList {
err := c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Delete(context.TODO(), v.GetName(), metav1.DeleteOptions{})
if err != nil {
diff --git a/pkg/background/generate/source.go b/pkg/background/generate/source.go
index 2ae97f8c13..f143bf2b50 100644
--- a/pkg/background/generate/source.go
+++ b/pkg/background/generate/source.go
@@ -30,6 +30,6 @@ func addSourceLabels(source *unstructured.Unstructured) {
labels[common.GenerateSourceVersionLabel] = source.GroupVersionKind().Version
labels[common.GenerateSourceKindLabel] = source.GetKind()
labels[common.GenerateSourceNSLabel] = source.GetNamespace()
- labels[common.GenerateSourceNameLabel] = source.GetName()
+ labels[common.GenerateSourceUIDLabel] = string(source.GetUID())
source.SetLabels(labels)
}
diff --git a/pkg/background/generate/utils.go b/pkg/background/generate/utils.go
index 87707fc2e6..78cf7a8379 100644
--- a/pkg/background/generate/utils.go
+++ b/pkg/background/generate/utils.go
@@ -1,14 +1,10 @@
package generate
import (
- "context"
-
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
"github.com/kyverno/kyverno/pkg/background/common"
- "github.com/kyverno/kyverno/pkg/clients/dclient"
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime/schema"
+ "k8s.io/apimachinery/pkg/types"
)
func newResourceSpec(genAPIVersion, genKind, genNamespace, genName string) kyvernov1.ResourceSpec {
@@ -29,11 +25,7 @@ func TriggerFromLabels(labels map[string]string) kyvernov1.ResourceSpec {
Kind: labels[common.GenerateTriggerKindLabel],
Namespace: labels[common.GenerateTriggerNSLabel],
Name: labels[common.GenerateTriggerNameLabel],
+ UID: types.UID(labels[common.GenerateTriggerUIDLabel]),
APIVersion: apiVersion.String(),
}
}
-
-func FindDownstream(client dclient.Interface, apiVersion, kind string, labels map[string]string) (*unstructured.UnstructuredList, error) {
- selector := &metav1.LabelSelector{MatchLabels: labels}
- return client.ListResource(context.TODO(), apiVersion, kind, "", selector)
-}
diff --git a/pkg/client/applyconfigurations/kyverno/v1/generation.go b/pkg/client/applyconfigurations/kyverno/v1/generation.go
index 329d1e81e0..6da532f2a9 100644
--- a/pkg/client/applyconfigurations/kyverno/v1/generation.go
+++ b/pkg/client/applyconfigurations/kyverno/v1/generation.go
@@ -20,6 +20,7 @@ package v1
import (
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+ types "k8s.io/apimachinery/pkg/types"
)
// GenerationApplyConfiguration represents an declarative configuration of the Generation type for use
@@ -74,6 +75,15 @@ func (b *GenerationApplyConfiguration) WithName(value string) *GenerationApplyCo
return b
}
+// WithUID sets the UID field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UID field is set to the value of the last call.
+func (b *GenerationApplyConfiguration) WithUID(value types.UID) *GenerationApplyConfiguration {
+ b.ensureResourceSpecApplyConfigurationExists()
+ b.UID = &value
+ return b
+}
+
func (b *GenerationApplyConfiguration) ensureResourceSpecApplyConfigurationExists() {
if b.ResourceSpecApplyConfiguration == nil {
b.ResourceSpecApplyConfiguration = &ResourceSpecApplyConfiguration{}
diff --git a/pkg/client/applyconfigurations/kyverno/v1/resourcespec.go b/pkg/client/applyconfigurations/kyverno/v1/resourcespec.go
index 5399a33774..19afae9940 100644
--- a/pkg/client/applyconfigurations/kyverno/v1/resourcespec.go
+++ b/pkg/client/applyconfigurations/kyverno/v1/resourcespec.go
@@ -18,13 +18,18 @@ limitations under the License.
package v1
+import (
+ types "k8s.io/apimachinery/pkg/types"
+)
+
// ResourceSpecApplyConfiguration represents an declarative configuration of the ResourceSpec type for use
// with apply.
type ResourceSpecApplyConfiguration struct {
- APIVersion *string `json:"apiVersion,omitempty"`
- Kind *string `json:"kind,omitempty"`
- Namespace *string `json:"namespace,omitempty"`
- Name *string `json:"name,omitempty"`
+ APIVersion *string `json:"apiVersion,omitempty"`
+ Kind *string `json:"kind,omitempty"`
+ Namespace *string `json:"namespace,omitempty"`
+ Name *string `json:"name,omitempty"`
+ UID *types.UID `json:"uid,omitempty"`
}
// ResourceSpecApplyConfiguration constructs an declarative configuration of the ResourceSpec type for use with
@@ -64,3 +69,11 @@ func (b *ResourceSpecApplyConfiguration) WithName(value string) *ResourceSpecApp
b.Name = &value
return b
}
+
+// WithUID sets the UID field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UID field is set to the value of the last call.
+func (b *ResourceSpecApplyConfiguration) WithUID(value types.UID) *ResourceSpecApplyConfiguration {
+ b.UID = &value
+ return b
+}
diff --git a/pkg/client/applyconfigurations/kyverno/v1/targetresourcespec.go b/pkg/client/applyconfigurations/kyverno/v1/targetresourcespec.go
index cbf94c2089..4b722ffb38 100644
--- a/pkg/client/applyconfigurations/kyverno/v1/targetresourcespec.go
+++ b/pkg/client/applyconfigurations/kyverno/v1/targetresourcespec.go
@@ -20,6 +20,7 @@ package v1
import (
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+ types "k8s.io/apimachinery/pkg/types"
)
// TargetResourceSpecApplyConfiguration represents an declarative configuration of the TargetResourceSpec type for use
@@ -72,6 +73,15 @@ func (b *TargetResourceSpecApplyConfiguration) WithName(value string) *TargetRes
return b
}
+// WithUID sets the UID field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UID field is set to the value of the last call.
+func (b *TargetResourceSpecApplyConfiguration) WithUID(value types.UID) *TargetResourceSpecApplyConfiguration {
+ b.ensureResourceSpecApplyConfigurationExists()
+ b.UID = &value
+ return b
+}
+
func (b *TargetResourceSpecApplyConfiguration) ensureResourceSpecApplyConfigurationExists() {
if b.ResourceSpecApplyConfiguration == nil {
b.ResourceSpecApplyConfiguration = &ResourceSpecApplyConfiguration{}
diff --git a/pkg/policy/generate.go b/pkg/policy/generate.go
index 18ff25cc81..f0a107c5f0 100644
--- a/pkg/policy/generate.go
+++ b/pkg/policy/generate.go
@@ -101,7 +101,7 @@ func (pc *policyController) syncDataRulechanges(policy kyvernov1.PolicyInterface
kyverno.LabelAppManagedBy: kyverno.ValueKyvernoApp,
}
- downstreams, err := generateutils.FindDownstream(pc.client, rule.Generation.GetAPIVersion(), rule.Generation.GetKind(), labels)
+ downstreams, err := common.FindDownstream(pc.client, rule.Generation.GetAPIVersion(), rule.Generation.GetKind(), labels)
if err != nil {
return err
}
diff --git a/pkg/policy/updaterequest.go b/pkg/policy/updaterequest.go
index 9f9cb89c35..a3ab54a4ba 100644
--- a/pkg/policy/updaterequest.go
+++ b/pkg/policy/updaterequest.go
@@ -45,6 +45,7 @@ func newUR(policy kyvernov1.PolicyInterface, trigger kyvernov1.ResourceSpec, rul
Namespace: trigger.GetNamespace(),
Name: trigger.GetName(),
APIVersion: trigger.GetAPIVersion(),
+ UID: trigger.GetUID(),
},
DeleteDownstream: deleteDownstream,
},
@@ -60,6 +61,7 @@ func newURStatus(downstream unstructured.Unstructured) kyvernov1beta1.UpdateRequ
Kind: downstream.GetKind(),
Namespace: downstream.GetNamespace(),
Name: downstream.GetName(),
+ UID: downstream.GetUID(),
},
},
}
diff --git a/pkg/webhooks/resource/generation/handler.go b/pkg/webhooks/resource/generation/handler.go
index 68bf7befa6..4442cadac4 100644
--- a/pkg/webhooks/resource/generation/handler.go
+++ b/pkg/webhooks/resource/generation/handler.go
@@ -160,6 +160,7 @@ func (h *generationHandler) applyGeneration(
Kind: trigger.GetKind(),
Namespace: trigger.GetNamespace(),
Name: trigger.GetName(),
+ UID: trigger.GetUID(),
}
rules := getAppliedRules(policy, appliedRules)
@@ -196,6 +197,7 @@ func (h *generationHandler) syncTriggerAction(
Kind: trigger.GetKind(),
Namespace: trigger.GetNamespace(),
Name: trigger.GetName(),
+ UID: trigger.GetUID(),
}
rules := getAppliedRules(policy, failedRules)
@@ -246,6 +248,7 @@ func (h *generationHandler) processRequest(ctx context.Context, policyContext *e
// clone source deletion
deleteDownstream = true
}
+ // fetch targets that have the source name label
targetSelector := map[string]string{
common.GenerateSourceGroupLabel: old.GroupVersionKind().Group,
common.GenerateSourceVersionLabel: old.GroupVersionKind().Version,
@@ -253,7 +256,25 @@ func (h *generationHandler) processRequest(ctx context.Context, policyContext *e
common.GenerateSourceNSLabel: old.GetNamespace(),
common.GenerateSourceNameLabel: old.GetName(),
}
- targets, err := generateutils.FindDownstream(h.client, old.GetAPIVersion(), old.GetKind(), targetSelector)
+ targets, err := common.FindDownstream(h.client, old.GetAPIVersion(), old.GetKind(), targetSelector)
+ if err != nil {
+ return fmt.Errorf("failed to list targets resources: %v", err)
+ }
+
+ for i := range targets.Items {
+ l := targets.Items[i].GetLabels()
+ labelsList = append(labelsList, l)
+ }
+
+ // fetch targets that have the source UID label
+ targetSelector = map[string]string{
+ common.GenerateSourceGroupLabel: old.GroupVersionKind().Group,
+ common.GenerateSourceVersionLabel: old.GroupVersionKind().Version,
+ common.GenerateSourceKindLabel: old.GetKind(),
+ common.GenerateSourceNSLabel: old.GetNamespace(),
+ common.GenerateSourceUIDLabel: string(old.GetUID()),
+ }
+ targets, err = common.FindDownstream(h.client, old.GetAPIVersion(), old.GetKind(), targetSelector)
if err != nil {
return fmt.Errorf("failed to list targets resources: %v", err)
}
diff --git a/pkg/webhooks/resource/utils.go b/pkg/webhooks/resource/utils.go
index 3c1b451f00..cdcedd0e63 100644
--- a/pkg/webhooks/resource/utils.go
+++ b/pkg/webhooks/resource/utils.go
@@ -88,6 +88,7 @@ func transform(admissionRequestInfo kyvernov1beta1.AdmissionRequestInfoObject, u
Namespace: er.Resource.GetNamespace(),
Name: er.Resource.GetName(),
APIVersion: er.Resource.GetAPIVersion(),
+ UID: er.Resource.GetUID(),
},
Context: kyvernov1beta1.UpdateRequestSpecContext{
UserRequestInfo: userRequestInfo,
diff --git a/test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/01-crd.yaml b/test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/01-crd.yaml
similarity index 100%
rename from test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/01-crd.yaml
rename to test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/01-crd.yaml
diff --git a/test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/02-policy.yaml b/test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/02-policy.yaml
similarity index 100%
rename from test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/02-policy.yaml
rename to test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/02-policy.yaml
diff --git a/test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/03-resource.yaml b/test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/03-resource.yaml
similarity index 100%
rename from test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/03-resource.yaml
rename to test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/03-resource.yaml
diff --git a/test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/04-sleep.yaml b/test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/04-sleep.yaml
new file mode 100644
index 0000000000..fe3b8abbcb
--- /dev/null
+++ b/test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/04-sleep.yaml
@@ -0,0 +1,5 @@
+# A command can only run a single command, not a pipeline and not a script. The program called must exist on the system where the test is run.
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+ - command: sleep 3
\ No newline at end of file
diff --git a/test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/04-event.yaml b/test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/05-event.yaml
similarity index 88%
rename from test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/04-event.yaml
rename to test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/05-event.yaml
index 2524584a1b..67809a2297 100644
--- a/test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/04-event.yaml
+++ b/test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/05-event.yaml
@@ -1,5 +1,5 @@
apiVersion: kuttl.dev/v1beta1
kind: TestStep
-error:
+assert:
- event.yaml
diff --git a/test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/README.md b/test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/README.md
new file mode 100644
index 0000000000..38ae3c7ef8
--- /dev/null
+++ b/test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/README.md
@@ -0,0 +1,15 @@
+## Description
+
+This test creates a generate policy, and a resource. A `PolicyError` event should be created upon the failure.
+
+## Steps
+
+1. - Create a policy
+ - Assert the policy becomes ready
+1. - Create a resource
+1. - Asset a `PolicyError` event is created
+
+## Reference Issue(s)
+
+https://github.com/kyverno/kyverno/pull/8466
+https://github.com/kyverno/kyverno/pull/1413
diff --git a/test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/crd-assert.yaml b/test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/crd-assert.yaml
similarity index 100%
rename from test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/crd-assert.yaml
rename to test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/crd-assert.yaml
diff --git a/test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/crd.yaml b/test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/crd.yaml
similarity index 100%
rename from test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/crd.yaml
rename to test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/crd.yaml
diff --git a/test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/event.yaml b/test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/event.yaml
similarity index 90%
rename from test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/event.yaml
rename to test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/event.yaml
index ed6626f244..cbb6f6ae86 100644
--- a/test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/event.yaml
+++ b/test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/event.yaml
@@ -6,4 +6,5 @@ involvedObject:
apiVersion: kyverno.io/v1
kind: ClusterPolicy
name: rbac-policy
+reason: PolicyError
reportingComponent: kyverno-generate
diff --git a/test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/policy-assert.yaml b/test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/policy-assert.yaml
similarity index 100%
rename from test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/policy-assert.yaml
rename to test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/policy-assert.yaml
diff --git a/test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/policy.yaml b/test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/policy.yaml
similarity index 93%
rename from test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/policy.yaml
rename to test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/policy.yaml
index 9e40b8eafb..a3ae4a2f8c 100644
--- a/test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/policy.yaml
+++ b/test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/policy.yaml
@@ -23,3 +23,5 @@ spec:
- resources:
kinds:
- Namespace
+ names:
+ - ns-2
diff --git a/test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/resource.yaml b/test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/resource.yaml
similarity index 100%
rename from test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/resource.yaml
rename to test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/resource.yaml
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/01-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/01-assert.yaml
new file mode 100644
index 0000000000..f5149079e2
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/01-assert.yaml
@@ -0,0 +1,9 @@
+apiVersion: kyverno.io/v2beta1
+kind: ClusterPolicy
+metadata:
+ name: generate-secret
+status:
+ conditions:
+ - reason: Succeeded
+ status: "True"
+ type: Ready
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/01-manifests.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/01-manifests.yaml
new file mode 100644
index 0000000000..0368e40c23
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/01-manifests.yaml
@@ -0,0 +1,30 @@
+apiVersion: v1
+data:
+ foo: YmFy
+kind: Secret
+metadata:
+ name: regcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcred
+ namespace: default
+type: Opaque
+---
+apiVersion: kyverno.io/v2beta1
+kind: ClusterPolicy
+metadata:
+ name: generate-secret
+spec:
+ rules:
+ - name: clone-secret
+ match:
+ any:
+ - resources:
+ kinds:
+ - Namespace
+ generate:
+ apiVersion: v1
+ kind: Secret
+ name: regcred
+ namespace: "{{request.object.metadata.name}}"
+ synchronize: true
+ clone:
+ namespace: default
+ name: regcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcred
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/02-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/02-assert.yaml
new file mode 100644
index 0000000000..077577523f
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/02-assert.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: regcred
+ namespace: production
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/02-ns.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/02-ns.yaml
new file mode 100644
index 0000000000..9b8854c142
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/02-ns.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: production
\ No newline at end of file
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/03-sleep.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/03-sleep.yaml
new file mode 100644
index 0000000000..e330721f44
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/03-sleep.yaml
@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+ - command: sleep 3
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/04-delete-source.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/04-delete-source.yaml
new file mode 100644
index 0000000000..de2a8b0020
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/04-delete-source.yaml
@@ -0,0 +1,7 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+delete:
+- apiVersion: v1
+ kind: Secret
+ name: regcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcred
+ namespace: default
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/05-sleep.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/05-sleep.yaml
new file mode 100644
index 0000000000..e330721f44
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/05-sleep.yaml
@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+ - command: sleep 3
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/06-error.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/06-error.yaml
new file mode 100644
index 0000000000..5ef7a20dfd
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/06-error.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+data:
+ foo: YmFy
+kind: Secret
+metadata:
+ name: regcred
+ namespace: production
+type: Opaque
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/README.md b/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/README.md
new file mode 100644
index 0000000000..3675634183
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/README.md
@@ -0,0 +1,11 @@
+## Description
+
+This test ensures that the secret is cloned from a source resource name exceeds 63 characters limit.
+
+## Expected Behavior
+
+If the downstream resource is created, the test passes. If it is not created, the test fails.
+
+## Reference Issue(s)
+
+https://github.com/kyverno/kyverno/issues/8447
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/05-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/05-assert.yaml
index d30d0fdd71..916104ef50 100644
--- a/test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/05-assert.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/05-assert.yaml
@@ -14,7 +14,6 @@ metadata:
generate.kyverno.io/trigger-version: v1
generate.kyverno.io/trigger-group: ""
generate.kyverno.io/trigger-kind: ConfigMap
- generate.kyverno.io/trigger-name: generate-event-on-edit-configmap
generate.kyverno.io/trigger-namespace: generate-event-on-edit-ns
namespace: generate-event-on-edit-ns
source:
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/07-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/07-assert.yaml
index 172a6c7a72..17e10b0970 100644
--- a/test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/07-assert.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/07-assert.yaml
@@ -14,7 +14,6 @@ metadata:
generate.kyverno.io/trigger-version: v1
generate.kyverno.io/trigger-group: ""
generate.kyverno.io/trigger-kind: ConfigMap
- generate.kyverno.io/trigger-name: generate-event-on-edit-configmap
generate.kyverno.io/trigger-namespace: generate-event-on-edit-ns
namespace: generate-event-on-edit-ns
source:
@@ -36,7 +35,6 @@ metadata:
generate.kyverno.io/trigger-version: v1
generate.kyverno.io/trigger-group: ""
generate.kyverno.io/trigger-kind: ConfigMap
- generate.kyverno.io/trigger-name: generate-event-on-edit-configmap
generate.kyverno.io/trigger-namespace: generate-event-on-edit-ns
namespace: generate-event-on-edit-ns
source:
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/01-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/01-assert.yaml
new file mode 100644
index 0000000000..53931268ae
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/01-assert.yaml
@@ -0,0 +1,9 @@
+apiVersion: kyverno.io/v2beta1
+kind: ClusterPolicy
+metadata:
+ name: generate-network-policy
+status:
+ conditions:
+ - reason: Succeeded
+ status: "True"
+ type: Ready
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/01-policy.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/01-policy.yaml
new file mode 100644
index 0000000000..2e14db07b4
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/01-policy.yaml
@@ -0,0 +1,26 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+ name: generate-network-policy
+spec:
+ rules:
+ - name: default-deny
+ match:
+ any:
+ - resources:
+ kinds:
+ - ConfigMap
+ names:
+ - my-configmapmy-configmapmy-configmapmy-configmapmy-configmapmy-configmap
+ generate:
+ apiVersion: networking.k8s.io/v1
+ kind: NetworkPolicy
+ name: default-deny
+ namespace: "{{request.object.metadata.namespace}}"
+ synchronize: true
+ data:
+ spec:
+ podSelector: {}
+ policyTypes:
+ - Ingress
+ - Egress
\ No newline at end of file
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/02-trigger.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/02-trigger.yaml
new file mode 100644
index 0000000000..b212d08087
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/02-trigger.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: trigger-resource-name-exceeds-63-characters-ns
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: my-configmapmy-configmapmy-configmapmy-configmapmy-configmapmy-configmap
+ namespace: trigger-resource-name-exceeds-63-characters-ns
+data:
+ color: blue
\ No newline at end of file
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/03-downstream-created.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/03-downstream-created.yaml
new file mode 100644
index 0000000000..80d6968ae4
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/03-downstream-created.yaml
@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+assert:
+- downstream.yaml
\ No newline at end of file
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/04-delete.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/04-delete.yaml
new file mode 100644
index 0000000000..7aba32542c
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/04-delete.yaml
@@ -0,0 +1,7 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+delete:
+- apiVersion: v1
+ kind: ConfigMap
+ name: my-configmapmy-configmapmy-configmapmy-configmapmy-configmapmy-configmap
+ namespace: trigger-resource-name-exceeds-63-characters-ns
\ No newline at end of file
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/05-sleep.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/05-sleep.yaml
new file mode 100644
index 0000000000..e330721f44
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/05-sleep.yaml
@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+ - command: sleep 3
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/06-check.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/06-check.yaml
new file mode 100644
index 0000000000..dc7f696c87
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/06-check.yaml
@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+error:
+- downstream.yaml
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/README.md b/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/README.md
new file mode 100644
index 0000000000..f1b1cb2c96
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/README.md
@@ -0,0 +1,11 @@
+## Description
+
+This test checks to ensure that generation of the downstream when the trigger resource name exceeds 63 characters limit.
+
+## Expected Behavior
+
+If the downstream resource is generated, the test passes.
+
+## Reference Issue(s)
+
+https://github.com/kyverno/kyverno/issues/4675
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/downstream.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/downstream.yaml
new file mode 100644
index 0000000000..ed9066c270
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/downstream.yaml
@@ -0,0 +1,9 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: default-deny
+ namespace: trigger-resource-name-exceeds-63-characters-ns
+spec:
+ policyTypes:
+ - Ingress
+ - Egress
\ No newline at end of file
diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/01-manifests.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/01-manifests.yaml
index 71f5c772e5..982bbac9e6 100644
--- a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/01-manifests.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/01-manifests.yaml
@@ -24,6 +24,8 @@ spec:
- resources:
kinds:
- ConfigMap
+ names:
+ - test-org
generate:
apiVersion: v1
kind: Secret
diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/03-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/03-assert.yaml
index 646832cc35..8078877234 100644
--- a/test/conformance/kuttl/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/03-assert.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/03-assert.yaml
@@ -12,7 +12,6 @@ metadata:
generate.kyverno.io/trigger-version: v1
generate.kyverno.io/trigger-group: ""
generate.kyverno.io/trigger-kind: PodExecOptions
- generate.kyverno.io/trigger-name: ""
generate.kyverno.io/trigger-namespace: test-generate-exec
somekey: somevalue
name: zk-kafka-address