mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

namespace lister to filter on namespace

Browse source
This commit is contained in:
shivkumar dudhani 2019-11-15 12:16:22 -08:00
parent f97406698d
commit 633484892d
2 changed files with 5 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pkg/policyviolation/namespacedpv.go
View file

@ -130,7 +130,7 @@ func createNamespacedPV(namespace string, dclient *dclient.Client, pvLister kyve
func getExistingNamespacedPVIfAny(nspvLister kyvernolister.NamespacedPolicyViolationLister, newPv kyverno.NamespacedPolicyViolation) (kyverno.NamespacedPolicyViolation, error) {
// TODO(shuting): list pvs by labels
pvs, err := nspvLister.List(labels.NewSelector())
pvs, err := nspvLister.NamespacedPolicyViolations(newPv.GetNamespace()).List(labels.NewSelector())
if err != nil {
return kyverno.NamespacedPolicyViolation{}, fmt.Errorf("failed to list namespaced policy violations err: %v", err)
}

16
pkg/policyviolation/namespacepvcontroller.go
View file

@ -209,15 +209,14 @@ func (pvc *NamespacedPolicyViolationController) syncPolicyViolation(key string)
// Deep-copy otherwise we are mutating our cache.
// TODO: Deep-copy only when needed.
pv := policyViolation.DeepCopy()
// TODO: Update Status to update ObserverdGeneration
// TODO: check if the policy violation refers to a resource thats active ? // done by policy controller
// TODO: remove the PV, if the corresponding policy is not present
// TODO: additional check on deleted webhook for a resource, to delete a policy violation it has a policy violation
// list the resource with label selectors, but this can be expensive for each delete request of a resource
if err := pvc.syncActiveResource(pv); err != nil {
glog.V(4).Infof("not syncing policy violation status")
return err
}
// cleanup pv with dependant
if err := pvc.syncBlockedResource(pv); err != nil {
return err
}
return pvc.syncStatusOnly(pv)
}
@ -243,13 +242,6 @@ func (pvc *NamespacedPolicyViolationController) syncActiveResource(curPv *kyvern
glog.V(4).Infof("error while retrieved resource %s/%s/%s: %v", rspec.Kind, curPv.Namespace, rspec.Name, err)
return err
}
// cleanup pv with dependant
if err := pvc.syncBlockedResource(curPv); err != nil {
return err
}
//TODO- if the policy is not present, remove the policy violation
return nil
}