mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

policy group change

Browse source
This commit is contained in:
evalsocket 2020-07-15 17:19:20 -07:00
parent 37e3c08476
commit 629267c40a
2 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
pkg/generate/generate.go
View file

@ -48,7 +48,7 @@ func (c *Controller) applyGenerate(resource unstructured.Unstructured, gr kyvern
if err != nil {
if apierrors.IsNotFound(err) {
labels := resource.GetLabels()
if labels["app.kubernetes.io/synchronize"] == "enable" {
if labels["policy.kyverno.io/synchronize"] == "enable" {
if err := c.client.DeleteResource(gr.Spec.Resource.Kind, gr.Spec.Resource.Namespace, gr.Spec.Resource.Name, false); err != nil {
logger.V(4).Info("Generated resource is deleted")
return nil, err
@ -274,11 +274,11 @@ func applyRule(log logr.Logger, client *dclient.Client, rule kyverno.Rule, resou
// Add Synchronize label
label := newResource.GetLabels()
if rule.Generation.Synchronize {
label["app.kubernetes.io/synchronize"] = "enable"
label["policy.kyverno.io/synchronize"] = "enable"
} else {
label["app.kubernetes.io/synchronize"] = "disable"
label["policy.kyverno.io/synchronize"] = "disable"
}
label["app.kubernetes.io/policy-name"] = policy
label["policy.kyverno.io/policy-name"] = policy
newResource.SetLabels(label)
if mode == Create {

4
pkg/webhooks/server.go
View file

@ -576,14 +576,14 @@ func (ws *WebhookServer) excludeKyvernoResources(request *v1beta1.AdmissionReque
if isManagedResourceCheck {
labels := resource.GetLabels()
if labels != nil {
if labels["app.kubernetes.io/managed-by"] == "kyverno" && labels["app.kubernetes.io/synchronize"] == "enable" {
if labels["app.kubernetes.io/managed-by"] == "kyverno" && labels["policy.kyverno.io/synchronize"] == "enable" {
isAuthorized, err := userinfo.IsRoleAuthorize(ws.rbLister, ws.crbLister, ws.rLister, ws.crLister, request)
if err != nil {
return fmt.Errorf("failed to get RBAC infromation for request %v", err)
}
if !isAuthorized {
// convert RAW to unstructured
return fmt.Errorf("Resource is managed by a Kyverno policy and cannot be update manually. You can edit the policy %s to update this resource.",labels["app.kubernetes.io/policy-name"])
return fmt.Errorf("Resource is managed by a Kyverno policy and cannot be update manually. You can edit the policy %s to update this resource.",labels["policy.kyverno.io/policy-name"])
}
}
}