fix: generate policy fails if triggered resource name exceeds 63 characters limit (#8466) (#8835)

* fix: generate label resource name character length issue



* add source label



* modify newUR function



* fix



* improve readability



* remove generate source name label



* Revert changes



* update ResourceSpec



* add URGenerateResourceUIDLabel



* make codegen crds all



* make codegen client all



* add GenerateSourceUIDLabel



* modify comment



* make codegen crds all



* make codegen-docs-all



* make codegen-all



* set trigger uid



* add uid in transform()



* add name label



* fix: use resource name labels along with its UID



* fix: use the resource name label only if its uid label isn't set



* fix



* add kuttl tests



* fix: delete the trigger resource in the test



* fix: delete the source in the kuttl test



* add generate trigger uid label



* modify TriggerInfo function



* populate uid field for new update requests



* populate new ur spec with uid



* handle downstream resources cleanup



* populate uid of ur status



* fetch triggers by the UID label



* label triggers



* fetch trigger by comparing UID



* fetch cloneList downstream resource by UID



* update test names



* remove trigger name label assertions from kuttl tests



* add unit name selector



* add sleep



* assert events on failures



* rename tests



---------

Signed-off-by: Chandan-DK <chandandk468@gmail.com>
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: shuting <shuting@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Chandan-DK <chandandk468@gmail.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>

api/kyverno/v1/resource_spec_types.go

@@ -6,6 +6,7 @@ import (
 	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
 	apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/types"
 )
 
 type ResourceSpec struct {
@@ -20,12 +21,16 @@ type ResourceSpec struct {
 	// Name specifies the resource name.
 	// +optional
 	Name string `json:"name,omitempty" yaml:"name,omitempty"`
+	// UID specifies the resource uid.
+	// +optional
+	UID types.UID `json:"uid,omitempty" yaml:"uid,omitempty"`
 }
 
 func (s ResourceSpec) GetName() string       { return s.Name }
 func (s ResourceSpec) GetNamespace() string  { return s.Namespace }
 func (s ResourceSpec) GetKind() string       { return s.Kind }
 func (s ResourceSpec) GetAPIVersion() string { return s.APIVersion }
+func (s ResourceSpec) GetUID() types.UID     { return s.UID }
 func (s ResourceSpec) GetGroupVersion() (schema.GroupVersion, error) {
 	return schema.ParseGroupVersion(s.APIVersion)
 }

api/kyverno/v1beta1/constants.go

@@ -11,6 +11,7 @@ const (
 	// URGeneratePolicyLabel adds the policy name to URs for generate policies
 	URGeneratePolicyLabel          = "generate.kyverno.io/policy-name"
 	URGenerateResourceNameLabel    = "generate.kyverno.io/resource-name"
+	URGenerateResourceUIDLabel     = "generate.kyverno.io/resource-uid"
 	URGenerateResourceNSLabel      = "generate.kyverno.io/resource-namespace"
 	URGenerateResourceKindLabel    = "generate.kyverno.io/resource-kind"
 	URGenerateRetryCountAnnotation = "generate.kyverno.io/retry-count"

charts/kyverno/charts/crds/templates/crds.yaml

@@ -7429,6 +7429,9 @@ spec:
                             resource specified in the Clone declaration. Optional.
                             Defaults to "false" if not specified.
                           type: boolean
+                        uid:
+                          description: UID specifies the resource uid.
+                          type: string
                       type: object
                     imageExtractors:
                       additionalProperties:
@@ -8694,6 +8697,9 @@ spec:
                                   is supported for backwards compatibility but will
                                   be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
                                 x-kubernetes-preserve-unknown-fields: true
+                              uid:
+                                description: UID specifies the resource uid.
+                                type: string
                             type: object
                           type: array
                       type: object
@@ -11801,6 +11807,9 @@ spec:
                                 Data or the resource specified in the Clone declaration.
                                 Optional. Defaults to "false" if not specified.
                               type: boolean
+                            uid:
+                              description: UID specifies the resource uid.
+                              type: string
                           type: object
                         imageExtractors:
                           additionalProperties:
@@ -13122,6 +13131,9 @@ spec:
                                       will be deprecated in the next major release.
                                       See: https://kyverno.io/docs/writing-policies/preconditions/'
                                     x-kubernetes-preserve-unknown-fields: true
+                                  uid:
+                                    description: UID specifies the resource uid.
+                                    type: string
                                 type: object
                               type: array
                           type: object
@@ -16193,6 +16205,9 @@ spec:
                             resource specified in the Clone declaration. Optional.
                             Defaults to "false" if not specified.
                           type: boolean
+                        uid:
+                          description: UID specifies the resource uid.
+                          type: string
                       type: object
                     imageExtractors:
                       additionalProperties:
@@ -17245,6 +17260,9 @@ spec:
                                   is supported for backwards compatibility but will
                                   be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
                                 x-kubernetes-preserve-unknown-fields: true
+                              uid:
+                                description: UID specifies the resource uid.
+                                type: string
                             type: object
                           type: array
                       type: object
@@ -20505,6 +20523,9 @@ spec:
                                 Data or the resource specified in the Clone declaration.
                                 Optional. Defaults to "false" if not specified.
                               type: boolean
+                            uid:
+                              description: UID specifies the resource uid.
+                              type: string
                           type: object
                         imageExtractors:
                           additionalProperties:
@@ -21826,6 +21847,9 @@ spec:
                                       will be deprecated in the next major release.
                                       See: https://kyverno.io/docs/writing-policies/preconditions/'
                                     x-kubernetes-preserve-unknown-fields: true
+                                  uid:
+                                    description: UID specifies the resource uid.
+                                    type: string
                                 type: object
                               type: array
                           type: object
@@ -25137,6 +25161,9 @@ spec:
                             resource specified in the Clone declaration. Optional.
                             Defaults to "false" if not specified.
                           type: boolean
+                        uid:
+                          description: UID specifies the resource uid.
+                          type: string
                       type: object
                     imageExtractors:
                       additionalProperties:
@@ -26402,6 +26429,9 @@ spec:
                                   is supported for backwards compatibility but will
                                   be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
                                 x-kubernetes-preserve-unknown-fields: true
+                              uid:
+                                description: UID specifies the resource uid.
+                                type: string
                             type: object
                           type: array
                       type: object
@@ -29510,6 +29540,9 @@ spec:
                                 Data or the resource specified in the Clone declaration.
                                 Optional. Defaults to "false" if not specified.
                               type: boolean
+                            uid:
+                              description: UID specifies the resource uid.
+                              type: string
                           type: object
                         imageExtractors:
                           additionalProperties:
@@ -30831,6 +30864,9 @@ spec:
                                       will be deprecated in the next major release.
                                       See: https://kyverno.io/docs/writing-policies/preconditions/'
                                     x-kubernetes-preserve-unknown-fields: true
+                                  uid:
+                                    description: UID specifies the resource uid.
+                                    type: string
                                 type: object
                               type: array
                           type: object
@@ -33903,6 +33939,9 @@ spec:
                             resource specified in the Clone declaration. Optional.
                             Defaults to "false" if not specified.
                           type: boolean
+                        uid:
+                          description: UID specifies the resource uid.
+                          type: string
                       type: object
                     imageExtractors:
                       additionalProperties:
@@ -34955,6 +34994,9 @@ spec:
                                   is supported for backwards compatibility but will
                                   be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
                                 x-kubernetes-preserve-unknown-fields: true
+                              uid:
+                                description: UID specifies the resource uid.
+                                type: string
                             type: object
                           type: array
                       type: object
@@ -38215,6 +38257,9 @@ spec:
                                 Data or the resource specified in the Clone declaration.
                                 Optional. Defaults to "false" if not specified.
                               type: boolean
+                            uid:
+                              description: UID specifies the resource uid.
+                              type: string
                           type: object
                         imageExtractors:
                           additionalProperties:
@@ -39536,6 +39581,9 @@ spec:
                                       will be deprecated in the next major release.
                                       See: https://kyverno.io/docs/writing-policies/preconditions/'
                                     x-kubernetes-preserve-unknown-fields: true
+                                  uid:
+                                    description: UID specifies the resource uid.
+                                    type: string
                                 type: object
                               type: array
                           type: object
@@ -43090,6 +43138,9 @@ spec:
                   namespace:
                     description: Namespace specifies resource namespace.
                     type: string
+                  uid:
+                    description: UID specifies the resource uid.
+                    type: string
                 type: object
               rule:
                 description: Rule is the associate rule name of the current UR.
@@ -43125,6 +43176,9 @@ spec:
                     namespace:
                       description: Namespace specifies resource namespace.
                       type: string
+                    uid:
+                      description: UID specifies the resource uid.
+                      type: string
                   type: object
                 type: array
               handler:

cmd/cli/kubectl-kyverno/data/crds/kyverno.io_clusterpolicies.yaml

@@ -1123,6 +1123,9 @@ spec:
                             resource specified in the Clone declaration. Optional.
                             Defaults to "false" if not specified.
                           type: boolean
+                        uid:
+                          description: UID specifies the resource uid.
+                          type: string
                       type: object
                     imageExtractors:
                       additionalProperties:
@@ -2388,6 +2391,9 @@ spec:
                                   is supported for backwards compatibility but will
                                   be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
                                 x-kubernetes-preserve-unknown-fields: true
+                              uid:
+                                description: UID specifies the resource uid.
+                                type: string
                             type: object
                           type: array
                       type: object
@@ -5495,6 +5501,9 @@ spec:
                                 Data or the resource specified in the Clone declaration.
                                 Optional. Defaults to "false" if not specified.
                               type: boolean
+                            uid:
+                              description: UID specifies the resource uid.
+                              type: string
                           type: object
                         imageExtractors:
                           additionalProperties:
@@ -6816,6 +6825,9 @@ spec:
                                       will be deprecated in the next major release.
                                       See: https://kyverno.io/docs/writing-policies/preconditions/'
                                     x-kubernetes-preserve-unknown-fields: true
+                                  uid:
+                                    description: UID specifies the resource uid.
+                                    type: string
                                 type: object
                               type: array
                           type: object
@@ -9887,6 +9899,9 @@ spec:
                             resource specified in the Clone declaration. Optional.
                             Defaults to "false" if not specified.
                           type: boolean
+                        uid:
+                          description: UID specifies the resource uid.
+                          type: string
                       type: object
                     imageExtractors:
                       additionalProperties:
@@ -10939,6 +10954,9 @@ spec:
                                   is supported for backwards compatibility but will
                                   be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
                                 x-kubernetes-preserve-unknown-fields: true
+                              uid:
+                                description: UID specifies the resource uid.
+                                type: string
                             type: object
                           type: array
                       type: object
@@ -14199,6 +14217,9 @@ spec:
                                 Data or the resource specified in the Clone declaration.
                                 Optional. Defaults to "false" if not specified.
                               type: boolean
+                            uid:
+                              description: UID specifies the resource uid.
+                              type: string
                           type: object
                         imageExtractors:
                           additionalProperties:
@@ -15520,6 +15541,9 @@ spec:
                                       will be deprecated in the next major release.
                                       See: https://kyverno.io/docs/writing-policies/preconditions/'
                                     x-kubernetes-preserve-unknown-fields: true
+                                  uid:
+                                    description: UID specifies the resource uid.
+                                    type: string
                                 type: object
                               type: array
                           type: object

cmd/cli/kubectl-kyverno/data/crds/kyverno.io_policies.yaml

@@ -1124,6 +1124,9 @@ spec:
                             resource specified in the Clone declaration. Optional.
                             Defaults to "false" if not specified.
                           type: boolean
+                        uid:
+                          description: UID specifies the resource uid.
+                          type: string
                       type: object
                     imageExtractors:
                       additionalProperties:
@@ -2389,6 +2392,9 @@ spec:
                                   is supported for backwards compatibility but will
                                   be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
                                 x-kubernetes-preserve-unknown-fields: true
+                              uid:
+                                description: UID specifies the resource uid.
+                                type: string
                             type: object
                           type: array
                       type: object
@@ -5497,6 +5503,9 @@ spec:
                                 Data or the resource specified in the Clone declaration.
                                 Optional. Defaults to "false" if not specified.
                               type: boolean
+                            uid:
+                              description: UID specifies the resource uid.
+                              type: string
                           type: object
                         imageExtractors:
                           additionalProperties:
@@ -6818,6 +6827,9 @@ spec:
                                       will be deprecated in the next major release.
                                       See: https://kyverno.io/docs/writing-policies/preconditions/'
                                     x-kubernetes-preserve-unknown-fields: true
+                                  uid:
+                                    description: UID specifies the resource uid.
+                                    type: string
                                 type: object
                               type: array
                           type: object
@@ -9890,6 +9902,9 @@ spec:
                             resource specified in the Clone declaration. Optional.
                             Defaults to "false" if not specified.
                           type: boolean
+                        uid:
+                          description: UID specifies the resource uid.
+                          type: string
                       type: object
                     imageExtractors:
                       additionalProperties:
@@ -10942,6 +10957,9 @@ spec:
                                   is supported for backwards compatibility but will
                                   be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
                                 x-kubernetes-preserve-unknown-fields: true
+                              uid:
+                                description: UID specifies the resource uid.
+                                type: string
                             type: object
                           type: array
                       type: object
@@ -14202,6 +14220,9 @@ spec:
                                 Data or the resource specified in the Clone declaration.
                                 Optional. Defaults to "false" if not specified.
                               type: boolean
+                            uid:
+                              description: UID specifies the resource uid.
+                              type: string
                           type: object
                         imageExtractors:
                           additionalProperties:
@@ -15523,6 +15544,9 @@ spec:
                                       will be deprecated in the next major release.
                                       See: https://kyverno.io/docs/writing-policies/preconditions/'
                                     x-kubernetes-preserve-unknown-fields: true
+                                  uid:
+                                    description: UID specifies the resource uid.
+                                    type: string
                                 type: object
                               type: array
                           type: object

config/crds/kyverno.io_clusterpolicies.yaml

@@ -1123,6 +1123,9 @@ spec:
                             resource specified in the Clone declaration. Optional.
                             Defaults to "false" if not specified.
                           type: boolean
+                        uid:
+                          description: UID specifies the resource uid.
+                          type: string
                       type: object
                     imageExtractors:
                       additionalProperties:
@@ -2388,6 +2391,9 @@ spec:
                                   is supported for backwards compatibility but will
                                   be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
                                 x-kubernetes-preserve-unknown-fields: true
+                              uid:
+                                description: UID specifies the resource uid.
+                                type: string
                             type: object
                           type: array
                       type: object
@@ -5495,6 +5501,9 @@ spec:
                                 Data or the resource specified in the Clone declaration.
                                 Optional. Defaults to "false" if not specified.
                               type: boolean
+                            uid:
+                              description: UID specifies the resource uid.
+                              type: string
                           type: object
                         imageExtractors:
                           additionalProperties:
@@ -6816,6 +6825,9 @@ spec:
                                       will be deprecated in the next major release.
                                       See: https://kyverno.io/docs/writing-policies/preconditions/'
                                     x-kubernetes-preserve-unknown-fields: true
+                                  uid:
+                                    description: UID specifies the resource uid.
+                                    type: string
                                 type: object
                               type: array
                           type: object
@@ -9887,6 +9899,9 @@ spec:
                             resource specified in the Clone declaration. Optional.
                             Defaults to "false" if not specified.
                           type: boolean
+                        uid:
+                          description: UID specifies the resource uid.
+                          type: string
                       type: object
                     imageExtractors:
                       additionalProperties:
@@ -10939,6 +10954,9 @@ spec:
                                   is supported for backwards compatibility but will
                                   be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
                                 x-kubernetes-preserve-unknown-fields: true
+                              uid:
+                                description: UID specifies the resource uid.
+                                type: string
                             type: object
                           type: array
                       type: object
@@ -14199,6 +14217,9 @@ spec:
                                 Data or the resource specified in the Clone declaration.
                                 Optional. Defaults to "false" if not specified.
                               type: boolean
+                            uid:
+                              description: UID specifies the resource uid.
+                              type: string
                           type: object
                         imageExtractors:
                           additionalProperties:
@@ -15520,6 +15541,9 @@ spec:
                                       will be deprecated in the next major release.
                                       See: https://kyverno.io/docs/writing-policies/preconditions/'
                                     x-kubernetes-preserve-unknown-fields: true
+                                  uid:
+                                    description: UID specifies the resource uid.
+                                    type: string
                                 type: object
                               type: array
                           type: object

config/crds/kyverno.io_policies.yaml

@@ -1124,6 +1124,9 @@ spec:
                             resource specified in the Clone declaration. Optional.
                             Defaults to "false" if not specified.
                           type: boolean
+                        uid:
+                          description: UID specifies the resource uid.
+                          type: string
                       type: object
                     imageExtractors:
                       additionalProperties:
@@ -2389,6 +2392,9 @@ spec:
                                   is supported for backwards compatibility but will
                                   be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
                                 x-kubernetes-preserve-unknown-fields: true
+                              uid:
+                                description: UID specifies the resource uid.
+                                type: string
                             type: object
                           type: array
                       type: object
@@ -5497,6 +5503,9 @@ spec:
                                 Data or the resource specified in the Clone declaration.
                                 Optional. Defaults to "false" if not specified.
                               type: boolean
+                            uid:
+                              description: UID specifies the resource uid.
+                              type: string
                           type: object
                         imageExtractors:
                           additionalProperties:
@@ -6818,6 +6827,9 @@ spec:
                                       will be deprecated in the next major release.
                                       See: https://kyverno.io/docs/writing-policies/preconditions/'
                                     x-kubernetes-preserve-unknown-fields: true
+                                  uid:
+                                    description: UID specifies the resource uid.
+                                    type: string
                                 type: object
                               type: array
                           type: object
@@ -9890,6 +9902,9 @@ spec:
                             resource specified in the Clone declaration. Optional.
                             Defaults to "false" if not specified.
                           type: boolean
+                        uid:
+                          description: UID specifies the resource uid.
+                          type: string
                       type: object
                     imageExtractors:
                       additionalProperties:
@@ -10942,6 +10957,9 @@ spec:
                                   is supported for backwards compatibility but will
                                   be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
                                 x-kubernetes-preserve-unknown-fields: true
+                              uid:
+                                description: UID specifies the resource uid.
+                                type: string
                             type: object
                           type: array
                       type: object
@@ -14202,6 +14220,9 @@ spec:
                                 Data or the resource specified in the Clone declaration.
                                 Optional. Defaults to "false" if not specified.
                               type: boolean
+                            uid:
+                              description: UID specifies the resource uid.
+                              type: string
                           type: object
                         imageExtractors:
                           additionalProperties:
@@ -15523,6 +15544,9 @@ spec:
                                       will be deprecated in the next major release.
                                       See: https://kyverno.io/docs/writing-policies/preconditions/'
                                     x-kubernetes-preserve-unknown-fields: true
+                                  uid:
+                                    description: UID specifies the resource uid.
+                                    type: string
                                 type: object
                               type: array
                           type: object

config/crds/kyverno.io_updaterequests.yaml

@@ -343,6 +343,9 @@ spec:
                   namespace:
                     description: Namespace specifies resource namespace.
                     type: string
+                  uid:
+                    description: UID specifies the resource uid.
+                    type: string
                 type: object
               rule:
                 description: Rule is the associate rule name of the current UR.
@@ -378,6 +381,9 @@ spec:
                     namespace:
                       description: Namespace specifies resource namespace.
                       type: string
+                    uid:
+                      description: UID specifies the resource uid.
+                      type: string
                   type: object
                 type: array
               handler:

config/install-latest-testing.yaml

@@ -7648,6 +7648,9 @@ spec:
                             resource specified in the Clone declaration. Optional.
                             Defaults to "false" if not specified.
                           type: boolean
+                        uid:
+                          description: UID specifies the resource uid.
+                          type: string
                       type: object
                     imageExtractors:
                       additionalProperties:
@@ -8913,6 +8916,9 @@ spec:
                                   is supported for backwards compatibility but will
                                   be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
                                 x-kubernetes-preserve-unknown-fields: true
+                              uid:
+                                description: UID specifies the resource uid.
+                                type: string
                             type: object
                           type: array
                       type: object
@@ -12020,6 +12026,9 @@ spec:
                                 Data or the resource specified in the Clone declaration.
                                 Optional. Defaults to "false" if not specified.
                               type: boolean
+                            uid:
+                              description: UID specifies the resource uid.
+                              type: string
                           type: object
                         imageExtractors:
                           additionalProperties:
@@ -13341,6 +13350,9 @@ spec:
                                       will be deprecated in the next major release.
                                       See: https://kyverno.io/docs/writing-policies/preconditions/'
                                     x-kubernetes-preserve-unknown-fields: true
+                                  uid:
+                                    description: UID specifies the resource uid.
+                                    type: string
                                 type: object
                               type: array
                           type: object
@@ -16412,6 +16424,9 @@ spec:
                             resource specified in the Clone declaration. Optional.
                             Defaults to "false" if not specified.
                           type: boolean
+                        uid:
+                          description: UID specifies the resource uid.
+                          type: string
                       type: object
                     imageExtractors:
                       additionalProperties:
@@ -17464,6 +17479,9 @@ spec:
                                   is supported for backwards compatibility but will
                                   be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
                                 x-kubernetes-preserve-unknown-fields: true
+                              uid:
+                                description: UID specifies the resource uid.
+                                type: string
                             type: object
                           type: array
                       type: object
@@ -20724,6 +20742,9 @@ spec:
                                 Data or the resource specified in the Clone declaration.
                                 Optional. Defaults to "false" if not specified.
                               type: boolean
+                            uid:
+                              description: UID specifies the resource uid.
+                              type: string
                           type: object
                         imageExtractors:
                           additionalProperties:
@@ -22045,6 +22066,9 @@ spec:
                                       will be deprecated in the next major release.
                                       See: https://kyverno.io/docs/writing-policies/preconditions/'
                                     x-kubernetes-preserve-unknown-fields: true
+                                  uid:
+                                    description: UID specifies the resource uid.
+                                    type: string
                                 type: object
                               type: array
                           type: object
@@ -25358,6 +25382,9 @@ spec:
                             resource specified in the Clone declaration. Optional.
                             Defaults to "false" if not specified.
                           type: boolean
+                        uid:
+                          description: UID specifies the resource uid.
+                          type: string
                       type: object
                     imageExtractors:
                       additionalProperties:
@@ -26623,6 +26650,9 @@ spec:
                                   is supported for backwards compatibility but will
                                   be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
                                 x-kubernetes-preserve-unknown-fields: true
+                              uid:
+                                description: UID specifies the resource uid.
+                                type: string
                             type: object
                           type: array
                       type: object
@@ -29731,6 +29761,9 @@ spec:
                                 Data or the resource specified in the Clone declaration.
                                 Optional. Defaults to "false" if not specified.
                               type: boolean
+                            uid:
+                              description: UID specifies the resource uid.
+                              type: string
                           type: object
                         imageExtractors:
                           additionalProperties:
@@ -31052,6 +31085,9 @@ spec:
                                       will be deprecated in the next major release.
                                       See: https://kyverno.io/docs/writing-policies/preconditions/'
                                     x-kubernetes-preserve-unknown-fields: true
+                                  uid:
+                                    description: UID specifies the resource uid.
+                                    type: string
                                 type: object
                               type: array
                           type: object
@@ -34124,6 +34160,9 @@ spec:
                             resource specified in the Clone declaration. Optional.
                             Defaults to "false" if not specified.
                           type: boolean
+                        uid:
+                          description: UID specifies the resource uid.
+                          type: string
                       type: object
                     imageExtractors:
                       additionalProperties:
@@ -35176,6 +35215,9 @@ spec:
                                   is supported for backwards compatibility but will
                                   be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
                                 x-kubernetes-preserve-unknown-fields: true
+                              uid:
+                                description: UID specifies the resource uid.
+                                type: string
                             type: object
                           type: array
                       type: object
@@ -38436,6 +38478,9 @@ spec:
                                 Data or the resource specified in the Clone declaration.
                                 Optional. Defaults to "false" if not specified.
                               type: boolean
+                            uid:
+                              description: UID specifies the resource uid.
+                              type: string
                           type: object
                         imageExtractors:
                           additionalProperties:
@@ -39757,6 +39802,9 @@ spec:
                                       will be deprecated in the next major release.
                                       See: https://kyverno.io/docs/writing-policies/preconditions/'
                                     x-kubernetes-preserve-unknown-fields: true
+                                  uid:
+                                    description: UID specifies the resource uid.
+                                    type: string
                                 type: object
                               type: array
                           type: object
@@ -43315,6 +43363,9 @@ spec:
                   namespace:
                     description: Namespace specifies resource namespace.
                     type: string
+                  uid:
+                    description: UID specifies the resource uid.
+                    type: string
                 type: object
               rule:
                 description: Rule is the associate rule name of the current UR.
@@ -43350,6 +43401,9 @@ spec:
                     namespace:
                       description: Namespace specifies resource namespace.
                       type: string
+                    uid:
+                      description: UID specifies the resource uid.
+                      type: string
                   type: object
                 type: array
               handler:

docs/user/crd/index.html

@@ -3298,6 +3298,20 @@ string
 <p>Name specifies the resource name.</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>uid</code><br/>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#uid-types-pkg">
+k8s.io/apimachinery/pkg/types.UID
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>UID specifies the resource uid.</p>
+</td>
+</tr>
 </tbody>
 </table>
 <hr />

pkg/background/common/constants.go

@@ -5,11 +5,13 @@ const (
 	GeneratePolicyNamespaceLabel = "generate.kyverno.io/policy-namespace"
 	GenerateRuleLabel            = "generate.kyverno.io/rule-name"
 	GenerateTriggerNameLabel     = "generate.kyverno.io/trigger-name"
+	GenerateTriggerUIDLabel      = "generate.kyverno.io/trigger-uid"
 	GenerateTriggerNSLabel       = "generate.kyverno.io/trigger-namespace"
 	GenerateTriggerKindLabel     = "generate.kyverno.io/trigger-kind"
 	GenerateTriggerVersionLabel  = "generate.kyverno.io/trigger-version"
 	GenerateTriggerGroupLabel    = "generate.kyverno.io/trigger-group"
 	GenerateSourceNameLabel      = "generate.kyverno.io/source-name"
+	GenerateSourceUIDLabel       = "generate.kyverno.io/source-uid"
 	GenerateSourceNSLabel        = "generate.kyverno.io/source-namespace"
 	GenerateSourceKindLabel      = "generate.kyverno.io/source-kind"
 	GenerateSourceVersionLabel   = "generate.kyverno.io/source-version"

pkg/background/common/labels.go

@@ -11,6 +11,7 @@ import (
 	"github.com/kyverno/kyverno/pkg/logging"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	pkglabels "k8s.io/apimachinery/pkg/labels"
+	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/tools/cache"
 )
 
@@ -19,6 +20,7 @@ type Object interface {
 	GetNamespace() string
 	GetKind() string
 	GetAPIVersion() string
+	GetUID() types.UID
 }
 
 func ManageLabels(unstr *unstructured.Unstructured, triggerResource unstructured.Unstructured, policy kyvernov1.PolicyInterface, ruleName string) {
@@ -59,7 +61,7 @@ func GenerateLabelsSet(policyKey string, trigger Object) pkglabels.Set {
 	}
 	isNil := trigger == nil || (reflect.ValueOf(trigger).Kind() == reflect.Ptr && reflect.ValueOf(trigger).IsNil())
 	if !isNil {
-		set[kyvernov1beta1.URGenerateResourceNameLabel] = trigger.GetName()
+		set[kyvernov1beta1.URGenerateResourceUIDLabel] = string(trigger.GetUID())
 		set[kyvernov1beta1.URGenerateResourceNSLabel] = trigger.GetNamespace()
 		set[kyvernov1beta1.URGenerateResourceKindLabel] = trigger.GetKind()
 	}
@@ -94,16 +96,9 @@ func TriggerInfo(labels map[string]string, obj unstructured.Unstructured) {
 	labels[GenerateTriggerGroupLabel] = obj.GroupVersionKind().Group
 	labels[GenerateTriggerKindLabel] = obj.GetKind()
 	labels[GenerateTriggerNSLabel] = obj.GetNamespace()
-	labels[GenerateTriggerNameLabel] = trimByLength(obj.GetName(), 63)
+	labels[GenerateTriggerUIDLabel] = string(obj.GetUID())
 }
 
 func TagSource(labels map[string]string, obj Object) {
 	labels[GenerateTypeCloneSourceLabel] = ""
 }
-
-func trimByLength(value string, character int) string {
-	if len(value) > character {
-		return value[0:character]
-	}
-	return value
-}

pkg/background/common/resource.go

@@ -3,22 +3,31 @@ package common
 import (
 	"context"
 	"fmt"
-	"time"
 
 	"github.com/go-logr/logr"
 	kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
 	"github.com/kyverno/kyverno/pkg/clients/dclient"
 	kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
-	retryutils "github.com/kyverno/kyverno/pkg/utils/retry"
 	admissionv1 "k8s.io/api/admission/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 )
 
-func GetResource(client dclient.Interface, urSpec kyvernov1beta1.UpdateRequestSpec, log logr.Logger) (*unstructured.Unstructured, error) {
+func GetResource(client dclient.Interface, urSpec kyvernov1beta1.UpdateRequestSpec, log logr.Logger) (resource *unstructured.Unstructured, err error) {
 	resourceSpec := urSpec.GetResource()
 
-	get := func() (*unstructured.Unstructured, error) {
+	if urSpec.GetResource().GetUID() != "" {
+		triggers, err := client.ListResource(context.TODO(), resourceSpec.GetAPIVersion(), resourceSpec.GetKind(), resourceSpec.GetNamespace(), nil)
+		if err != nil {
+			return nil, fmt.Errorf("failed to list trigger resources: %v", err)
+		}
+
+		for _, trigger := range triggers.Items {
+			if resourceSpec.GetUID() == trigger.GetUID() {
+				return &trigger, nil
+			}
+		}
+	} else if urSpec.GetResource().GetName() != "" {
 		if resourceSpec.Kind == "Namespace" {
 			resourceSpec.Namespace = ""
 		}
@@ -35,18 +44,6 @@ func GetResource(client dclient.Interface, urSpec kyvernov1beta1.UpdateRequestSp
 		return resource, nil
 	}
 
-	var resource *unstructured.Unstructured
-	var err error
-	retry := func(_ context.Context) error {
-		resource, err = get()
-		return err
-	}
-
-	f := retryutils.RetryFunc(context.TODO(), time.Second, 5*time.Second, log.WithName("getResource"), "failed to get resource", retry)
-	if err := f(); err != nil {
-		return nil, err
-	}
-
 	if resource == nil && urSpec.Context.AdmissionRequestInfo.AdmissionRequest != nil {
 		request := urSpec.Context.AdmissionRequestInfo.AdmissionRequest
 		raw := request.Object.Raw

pkg/background/common/util.go

@@ -9,6 +9,7 @@ import (
 	kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
 	"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
 	kyvernov1beta1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1beta1"
+	"github.com/kyverno/kyverno/pkg/clients/dclient"
 	"github.com/kyverno/kyverno/pkg/config"
 	"github.com/kyverno/kyverno/pkg/logging"
 	errors "github.com/pkg/errors"
@@ -51,6 +52,7 @@ func ResourceSpecFromUnstructured(obj unstructured.Unstructured) kyvernov1.Resou
 		Kind:       obj.GetKind(),
 		Namespace:  obj.GetNamespace(),
 		Name:       obj.GetName(),
+		UID:        obj.GetUID(),
 	}
 }
 
@@ -99,3 +101,8 @@ func UpdateRetryAnnotation(kyvernoClient versioned.Interface, ur *kyvernov1beta1
 	}
 	return nil
 }
+
+func FindDownstream(client dclient.Interface, apiVersion, kind string, labels map[string]string) (*unstructured.UnstructuredList, error) {
+	selector := &metav1.LabelSelector{MatchLabels: labels}
+	return client.ListResource(context.TODO(), apiVersion, kind, "", selector)
+}

pkg/background/generate/cleanup.go

@@ -101,25 +101,51 @@ func (c *GenerateController) getDownstreams(rule kyvernov1.Rule, selector map[st
 		return nil, err
 	}
 
-	selector[common.GenerateTriggerNameLabel] = ur.Spec.GetResource().GetName()
+	selector[common.GenerateTriggerUIDLabel] = string(ur.Spec.GetResource().GetUID())
 	selector[common.GenerateTriggerNSLabel] = ur.Spec.GetResource().GetNamespace()
 	selector[common.GenerateTriggerKindLabel] = ur.Spec.GetResource().GetKind()
 	selector[common.GenerateTriggerGroupLabel] = gv.Group
 	selector[common.GenerateTriggerVersionLabel] = gv.Version
 	if rule.Generation.GetKind() != "" {
-		c.log.V(4).Info("fetching downstream resources", "APIVersion", rule.Generation.GetAPIVersion(), "kind", rule.Generation.GetKind(), "selector", selector)
+		// Fetch downstream resources using trigger uid label
-		return FindDownstream(c.client, rule.Generation.GetAPIVersion(), rule.Generation.GetKind(), selector)
+		c.log.V(4).Info("fetching downstream resource by the UID", "APIVersion", rule.Generation.GetAPIVersion(), "kind", rule.Generation.GetKind(), "selector", selector)
+		downstreamList, err := common.FindDownstream(c.client, rule.Generation.GetAPIVersion(), rule.Generation.GetKind(), selector)
+		if err != nil {
+			return nil, err
+		}
+
+		if len(downstreamList.Items) == 0 {
+			// Fetch downstream resources using the trigger name label
+			delete(selector, common.GenerateTriggerUIDLabel)
+			selector[common.GenerateTriggerNameLabel] = ur.Spec.GetResource().GetName()
+			c.log.V(4).Info("fetching downstream resource by the name", "APIVersion", rule.Generation.GetAPIVersion(), "kind", rule.Generation.GetKind(), "selector", selector)
+			dsList, err := common.FindDownstream(c.client, rule.Generation.GetAPIVersion(), rule.Generation.GetKind(), selector)
+			if err != nil {
+				return nil, err
+			}
+			downstreamList.Items = append(downstreamList.Items, dsList.Items...)
+		}
+
+		return downstreamList, err
 	}
 
 	dsList := &unstructured.UnstructuredList{}
 	for _, kind := range rule.Generation.CloneList.Kinds {
 		apiVersion, kind := kubeutils.GetKindFromGVK(kind)
-		c.log.V(4).Info("fetching downstream resources", "APIVersion", apiVersion, "kind", kind, "selector", selector)
+		c.log.V(4).Info("fetching downstream cloneList resources by the UID", "APIVersion", apiVersion, "kind", kind, "selector", selector)
-		dsList, err = FindDownstream(c.client, apiVersion, kind, selector)
+		dsList, err = common.FindDownstream(c.client, apiVersion, kind, selector)
 		if err != nil {
 			return nil, err
-		} else {
+		}
-			dsList.Items = append(dsList.Items, dsList.Items...)
+
+		if len(dsList.Items) == 0 {
+			delete(selector, common.GenerateTriggerUIDLabel)
+			selector[common.GenerateTriggerNameLabel] = ur.Spec.GetResource().GetName()
+			c.log.V(4).Info("fetching downstream resource by the name", "APIVersion", rule.Generation.GetAPIVersion(), "kind", rule.Generation.GetKind(), "selector", selector)
+			dsList, err = common.FindDownstream(c.client, rule.Generation.GetAPIVersion(), rule.Generation.GetKind(), selector)
+			if err != nil {
+				return nil, err
+			}
 		}
 	}
 	return dsList, nil

pkg/background/generate/generate.go

@@ -34,6 +34,7 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/selection"
 	corev1listers "k8s.io/client-go/listers/core/v1"
 	"k8s.io/client-go/tools/cache"
 )
@@ -232,16 +233,36 @@ func (c *GenerateController) applyGenerate(resource unstructured.Unstructured, u
 			logger.V(4).Info("querying all update requests")
 			selector := labels.SelectorFromSet(labels.Set(map[string]string{
 				kyvernov1beta1.URGeneratePolicyLabel:       engineResponse.Policy().GetName(),
-				kyvernov1beta1.URGenerateResourceNameLabel: engineResponse.Resource.GetName(),
 				kyvernov1beta1.URGenerateResourceKindLabel: engineResponse.Resource.GetKind(),
 				kyvernov1beta1.URGenerateResourceNSLabel:   engineResponse.Resource.GetNamespace(),
 			}))
-			urList, err := c.urLister.List(selector)
+			// get update requests that have the resource UID label
+			requirement, err := labels.NewRequirement(kyvernov1beta1.URGenerateResourceUIDLabel, selection.Equals, []string{string(engineResponse.Resource.GetUID())})
+			if err != nil {
+				logger.Error(err, "failed to add the resource UID label")
+			}
+			selectorWithResUID := selector.Add(*requirement)
+			urList, err := c.urLister.List(selectorWithResUID)
 			if err != nil {
 				logger.Error(err, "failed to get update request for the resource", "kind", engineResponse.Resource.GetKind(), "name", engineResponse.Resource.GetName(), "namespace", engineResponse.Resource.GetNamespace())
 				continue
 			}
 
+			if len(urList) == 0 {
+				// get update requests that have the resource name label
+				requirement, err = labels.NewRequirement(kyvernov1beta1.URGenerateResourceNameLabel, selection.Equals, []string{engineResponse.Resource.GetName()})
+				if err != nil {
+					logger.Error(err, "failed to add the resource name label")
+					continue
+				}
+				selectorWithResName := selector.Add(*requirement)
+				urList, err = c.urLister.List(selectorWithResName)
+				if err != nil {
+					logger.Error(err, "failed to get update request for the resource", "kind", engineResponse.Resource.GetKind(), "name", engineResponse.Resource.GetName(), "namespace", engineResponse.Resource.GetNamespace())
+					continue
+				}
+			}
+
 			for _, v := range urList {
 				err := c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Delete(context.TODO(), v.GetName(), metav1.DeleteOptions{})
 				if err != nil {

pkg/background/generate/source.go

@@ -30,6 +30,6 @@ func addSourceLabels(source *unstructured.Unstructured) {
 	labels[common.GenerateSourceVersionLabel] = source.GroupVersionKind().Version
 	labels[common.GenerateSourceKindLabel] = source.GetKind()
 	labels[common.GenerateSourceNSLabel] = source.GetNamespace()
-	labels[common.GenerateSourceNameLabel] = source.GetName()
+	labels[common.GenerateSourceUIDLabel] = string(source.GetUID())
 	source.SetLabels(labels)
 }

pkg/background/generate/utils.go

@@ -1,14 +1,10 @@
 package generate
 
 import (
-	"context"
-
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/background/common"
-	"github.com/kyverno/kyverno/pkg/clients/dclient"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/types"
 )
 
 func newResourceSpec(genAPIVersion, genKind, genNamespace, genName string) kyvernov1.ResourceSpec {
@@ -29,11 +25,7 @@ func TriggerFromLabels(labels map[string]string) kyvernov1.ResourceSpec {
 		Kind:       labels[common.GenerateTriggerKindLabel],
 		Namespace:  labels[common.GenerateTriggerNSLabel],
 		Name:       labels[common.GenerateTriggerNameLabel],
+		UID:        types.UID(labels[common.GenerateTriggerUIDLabel]),
 		APIVersion: apiVersion.String(),
 	}
 }
-
-func FindDownstream(client dclient.Interface, apiVersion, kind string, labels map[string]string) (*unstructured.UnstructuredList, error) {
-	selector := &metav1.LabelSelector{MatchLabels: labels}
-	return client.ListResource(context.TODO(), apiVersion, kind, "", selector)
-}

pkg/client/applyconfigurations/kyverno/v1/generation.go

@@ -20,6 +20,7 @@ package v1
 
 import (
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	types "k8s.io/apimachinery/pkg/types"
 )
 
 // GenerationApplyConfiguration represents an declarative configuration of the Generation type for use
@@ -74,6 +75,15 @@ func (b *GenerationApplyConfiguration) WithName(value string) *GenerationApplyCo
 	return b
 }
 
+// WithUID sets the UID field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UID field is set to the value of the last call.
+func (b *GenerationApplyConfiguration) WithUID(value types.UID) *GenerationApplyConfiguration {
+	b.ensureResourceSpecApplyConfigurationExists()
+	b.UID = &value
+	return b
+}
+
 func (b *GenerationApplyConfiguration) ensureResourceSpecApplyConfigurationExists() {
 	if b.ResourceSpecApplyConfiguration == nil {
 		b.ResourceSpecApplyConfiguration = &ResourceSpecApplyConfiguration{}

pkg/client/applyconfigurations/kyverno/v1/resourcespec.go

@@ -18,13 +18,18 @@ limitations under the License.
 
 package v1
 
+import (
+	types "k8s.io/apimachinery/pkg/types"
+)
+
 // ResourceSpecApplyConfiguration represents an declarative configuration of the ResourceSpec type for use
 // with apply.
 type ResourceSpecApplyConfiguration struct {
-	APIVersion *string `json:"apiVersion,omitempty"`
+	APIVersion *string    `json:"apiVersion,omitempty"`
-	Kind       *string `json:"kind,omitempty"`
+	Kind       *string    `json:"kind,omitempty"`
-	Namespace  *string `json:"namespace,omitempty"`
+	Namespace  *string    `json:"namespace,omitempty"`
-	Name       *string `json:"name,omitempty"`
+	Name       *string    `json:"name,omitempty"`
+	UID        *types.UID `json:"uid,omitempty"`
 }
 
 // ResourceSpecApplyConfiguration constructs an declarative configuration of the ResourceSpec type for use with
@@ -64,3 +69,11 @@ func (b *ResourceSpecApplyConfiguration) WithName(value string) *ResourceSpecApp
 	b.Name = &value
 	return b
 }
+
+// WithUID sets the UID field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UID field is set to the value of the last call.
+func (b *ResourceSpecApplyConfiguration) WithUID(value types.UID) *ResourceSpecApplyConfiguration {
+	b.UID = &value
+	return b
+}

pkg/client/applyconfigurations/kyverno/v1/targetresourcespec.go

@@ -20,6 +20,7 @@ package v1
 
 import (
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	types "k8s.io/apimachinery/pkg/types"
 )
 
 // TargetResourceSpecApplyConfiguration represents an declarative configuration of the TargetResourceSpec type for use
@@ -72,6 +73,15 @@ func (b *TargetResourceSpecApplyConfiguration) WithName(value string) *TargetRes
 	return b
 }
 
+// WithUID sets the UID field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UID field is set to the value of the last call.
+func (b *TargetResourceSpecApplyConfiguration) WithUID(value types.UID) *TargetResourceSpecApplyConfiguration {
+	b.ensureResourceSpecApplyConfigurationExists()
+	b.UID = &value
+	return b
+}
+
 func (b *TargetResourceSpecApplyConfiguration) ensureResourceSpecApplyConfigurationExists() {
 	if b.ResourceSpecApplyConfiguration == nil {
 		b.ResourceSpecApplyConfiguration = &ResourceSpecApplyConfiguration{}

pkg/policy/generate.go

@@ -101,7 +101,7 @@ func (pc *policyController) syncDataRulechanges(policy kyvernov1.PolicyInterface
 		kyverno.LabelAppManagedBy:           kyverno.ValueKyvernoApp,
 	}
 
-	downstreams, err := generateutils.FindDownstream(pc.client, rule.Generation.GetAPIVersion(), rule.Generation.GetKind(), labels)
+	downstreams, err := common.FindDownstream(pc.client, rule.Generation.GetAPIVersion(), rule.Generation.GetKind(), labels)
 	if err != nil {
 		return err
 	}

pkg/policy/updaterequest.go

@@ -45,6 +45,7 @@ func newUR(policy kyvernov1.PolicyInterface, trigger kyvernov1.ResourceSpec, rul
 				Namespace:  trigger.GetNamespace(),
 				Name:       trigger.GetName(),
 				APIVersion: trigger.GetAPIVersion(),
+				UID:        trigger.GetUID(),
 			},
 			DeleteDownstream: deleteDownstream,
 		},
@@ -60,6 +61,7 @@ func newURStatus(downstream unstructured.Unstructured) kyvernov1beta1.UpdateRequ
 				Kind:       downstream.GetKind(),
 				Namespace:  downstream.GetNamespace(),
 				Name:       downstream.GetName(),
+				UID:        downstream.GetUID(),
 			},
 		},
 	}

pkg/webhooks/resource/generation/handler.go

@@ -160,6 +160,7 @@ func (h *generationHandler) applyGeneration(
 		Kind:       trigger.GetKind(),
 		Namespace:  trigger.GetNamespace(),
 		Name:       trigger.GetName(),
+		UID:        trigger.GetUID(),
 	}
 
 	rules := getAppliedRules(policy, appliedRules)
@@ -196,6 +197,7 @@ func (h *generationHandler) syncTriggerAction(
 		Kind:       trigger.GetKind(),
 		Namespace:  trigger.GetNamespace(),
 		Name:       trigger.GetName(),
+		UID:        trigger.GetUID(),
 	}
 
 	rules := getAppliedRules(policy, failedRules)
@@ -246,6 +248,7 @@ func (h *generationHandler) processRequest(ctx context.Context, policyContext *e
 			// clone source deletion
 			deleteDownstream = true
 		}
+		// fetch targets that have the source name label
 		targetSelector := map[string]string{
 			common.GenerateSourceGroupLabel:   old.GroupVersionKind().Group,
 			common.GenerateSourceVersionLabel: old.GroupVersionKind().Version,
@@ -253,7 +256,25 @@ func (h *generationHandler) processRequest(ctx context.Context, policyContext *e
 			common.GenerateSourceNSLabel:      old.GetNamespace(),
 			common.GenerateSourceNameLabel:    old.GetName(),
 		}
-		targets, err := generateutils.FindDownstream(h.client, old.GetAPIVersion(), old.GetKind(), targetSelector)
+		targets, err := common.FindDownstream(h.client, old.GetAPIVersion(), old.GetKind(), targetSelector)
+		if err != nil {
+			return fmt.Errorf("failed to list targets resources: %v", err)
+		}
+
+		for i := range targets.Items {
+			l := targets.Items[i].GetLabels()
+			labelsList = append(labelsList, l)
+		}
+
+		// fetch targets that have the source UID label
+		targetSelector = map[string]string{
+			common.GenerateSourceGroupLabel:   old.GroupVersionKind().Group,
+			common.GenerateSourceVersionLabel: old.GroupVersionKind().Version,
+			common.GenerateSourceKindLabel:    old.GetKind(),
+			common.GenerateSourceNSLabel:      old.GetNamespace(),
+			common.GenerateSourceUIDLabel:     string(old.GetUID()),
+		}
+		targets, err = common.FindDownstream(h.client, old.GetAPIVersion(), old.GetKind(), targetSelector)
 		if err != nil {
 			return fmt.Errorf("failed to list targets resources: %v", err)
 		}

pkg/webhooks/resource/utils.go

@@ -88,6 +88,7 @@ func transform(admissionRequestInfo kyvernov1beta1.AdmissionRequestInfoObject, u
 				Namespace:  er.Resource.GetNamespace(),
 				Name:       er.Resource.GetName(),
 				APIVersion: er.Resource.GetAPIVersion(),
+				UID:        er.Resource.GetUID(),
 			},
 			Context: kyvernov1beta1.UpdateRequestSpecContext{
 				UserRequestInfo:      userRequestInfo,

test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/04-sleep.yaml

@@ -0,0 +1,5 @@
+# A command can only run a single command, not a pipeline and not a script. The program called must exist on the system where the test is run.
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - command: sleep 3

test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/05-event.yaml

@@ -1,5 +1,5 @@
 apiVersion: kuttl.dev/v1beta1
 kind: TestStep
-error:
+assert:
 - event.yaml
 

test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/README.md

@@ -0,0 +1,15 @@
+## Description
+
+This test creates a generate policy, and a resource. A `PolicyError` event should be created upon the failure.
+
+## Steps
+
+1.  - Create a policy
+    - Assert the policy becomes ready
+1.  - Create a resource
+1.  - Asset a `PolicyError` event is created
+
+## Reference Issue(s)
+
+https://github.com/kyverno/kyverno/pull/8466
+https://github.com/kyverno/kyverno/pull/1413

test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/event.yaml

@@ -6,4 +6,5 @@ involvedObject:
   apiVersion: kyverno.io/v1
   kind: ClusterPolicy
   name: rbac-policy
+reason: PolicyError
 reportingComponent: kyverno-generate

test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/policy.yaml

@@ -23,3 +23,5 @@ spec:
         - resources:
             kinds:
             - Namespace
+            names:
+            - ns-2

test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/01-assert.yaml

@@ -0,0 +1,9 @@
+apiVersion: kyverno.io/v2beta1
+kind: ClusterPolicy
+metadata:
+  name: generate-secret
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready

test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/01-manifests.yaml

@@ -0,0 +1,30 @@
+apiVersion: v1
+data:
+  foo: YmFy
+kind: Secret
+metadata:
+  name: regcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcred
+  namespace: default
+type: Opaque
+---
+apiVersion: kyverno.io/v2beta1
+kind: ClusterPolicy
+metadata:
+  name: generate-secret
+spec:
+  rules:
+  - name: clone-secret
+    match:
+      any:
+      - resources:
+          kinds:
+          - Namespace
+    generate:
+      apiVersion: v1
+      kind: Secret
+      name: regcred
+      namespace: "{{request.object.metadata.name}}"
+      synchronize: true
+      clone:
+        namespace: default
+        name: regcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcred

test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/02-assert.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: regcred
+  namespace: production

test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/02-ns.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: production

test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/03-sleep.yaml

@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - command: sleep 3

test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/04-delete-source.yaml

@@ -0,0 +1,7 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+delete:
+- apiVersion: v1
+  kind: Secret
+  name: regcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcred
+  namespace: default

test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/05-sleep.yaml

@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - command: sleep 3

test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/06-error.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+data:
+  foo: YmFy
+kind: Secret
+metadata:
+  name: regcred
+  namespace: production
+type: Opaque

test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/README.md

@@ -0,0 +1,11 @@
+## Description
+
+This test ensures that the secret is cloned from a source resource name exceeds 63 characters limit.
+
+## Expected Behavior
+
+If the downstream resource is created, the test passes. If it is not created, the test fails.
+
+## Reference Issue(s)
+
+https://github.com/kyverno/kyverno/issues/8447

test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/05-assert.yaml

@@ -14,7 +14,6 @@ metadata:
     generate.kyverno.io/trigger-version: v1
     generate.kyverno.io/trigger-group: ""
     generate.kyverno.io/trigger-kind: ConfigMap
-    generate.kyverno.io/trigger-name: generate-event-on-edit-configmap
     generate.kyverno.io/trigger-namespace: generate-event-on-edit-ns
   namespace: generate-event-on-edit-ns
 source:

test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/07-assert.yaml

@@ -14,7 +14,6 @@ metadata:
     generate.kyverno.io/trigger-version: v1
     generate.kyverno.io/trigger-group: ""
     generate.kyverno.io/trigger-kind: ConfigMap
-    generate.kyverno.io/trigger-name: generate-event-on-edit-configmap
     generate.kyverno.io/trigger-namespace: generate-event-on-edit-ns
   namespace: generate-event-on-edit-ns
 source:
@@ -36,7 +35,6 @@ metadata:
     generate.kyverno.io/trigger-version: v1
     generate.kyverno.io/trigger-group: ""
     generate.kyverno.io/trigger-kind: ConfigMap
-    generate.kyverno.io/trigger-name: generate-event-on-edit-configmap
     generate.kyverno.io/trigger-namespace: generate-event-on-edit-ns
   namespace: generate-event-on-edit-ns
 source:

test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/01-assert.yaml

@@ -0,0 +1,9 @@
+apiVersion: kyverno.io/v2beta1
+kind: ClusterPolicy
+metadata:
+  name:  generate-network-policy
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready

test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/01-policy.yaml

@@ -0,0 +1,26 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name:  generate-network-policy
+spec:
+  rules:
+  - name: default-deny
+    match:
+      any:
+      - resources:
+          kinds:
+          - ConfigMap
+          names:
+          - my-configmapmy-configmapmy-configmapmy-configmapmy-configmapmy-configmap
+    generate:
+      apiVersion: networking.k8s.io/v1
+      kind: NetworkPolicy
+      name: default-deny
+      namespace: "{{request.object.metadata.namespace}}"
+      synchronize: true
+      data:
+        spec:
+          podSelector: {}
+          policyTypes:
+          - Ingress
+          - Egress

test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/02-trigger.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: trigger-resource-name-exceeds-63-characters-ns
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: my-configmapmy-configmapmy-configmapmy-configmapmy-configmapmy-configmap
+  namespace:  trigger-resource-name-exceeds-63-characters-ns
+data:
+  color: blue

test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/03-downstream-created.yaml

@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+assert:
+- downstream.yaml

test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/04-delete.yaml

@@ -0,0 +1,7 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+delete:
+- apiVersion: v1
+  kind: ConfigMap
+  name: my-configmapmy-configmapmy-configmapmy-configmapmy-configmapmy-configmap
+  namespace: trigger-resource-name-exceeds-63-characters-ns

test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/05-sleep.yaml

@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - command: sleep 3

test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/06-check.yaml

@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+error:
+- downstream.yaml

test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/README.md

@@ -0,0 +1,11 @@
+## Description
+
+This test checks to ensure that generation of the downstream when the trigger resource name exceeds 63 characters limit.
+
+## Expected Behavior
+
+If the downstream resource is generated, the test passes.
+
+## Reference Issue(s)
+
+https://github.com/kyverno/kyverno/issues/4675

test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/downstream.yaml

@@ -0,0 +1,9 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-deny
+  namespace: trigger-resource-name-exceeds-63-characters-ns
+spec:
+  policyTypes:
+  - Ingress
+  - Egress

test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/01-manifests.yaml

@@ -24,6 +24,8 @@ spec:
       - resources:
           kinds:
           - ConfigMap
+          names:
+          - test-org
     generate:
       apiVersion: v1
       kind: Secret

test/conformance/kuttl/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/03-assert.yaml

@@ -12,7 +12,6 @@ metadata:
     generate.kyverno.io/trigger-version: v1
     generate.kyverno.io/trigger-group: ""
     generate.kyverno.io/trigger-kind: PodExecOptions
-    generate.kyverno.io/trigger-name: ""
     generate.kyverno.io/trigger-namespace: test-generate-exec
     somekey: somevalue
   name: zk-kafka-address