mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-13 19:28:55 +00:00
Code Activity

fix: get ns labels before creating a policy context (#10773)

Browse source 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
This commit is contained in:
Mariam Fahmy 2024-08-02 05:14:36 +03:00 committed by GitHub
parent e004d8ae8d
commit 6d732d28c7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 13 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
cmd/cli/kubectl-kyverno/processor/policy_processor.go
View file

@ -83,6 +83,9 @@ func (p *PolicyProcessor) ApplyPoliciesOnResource() ([]engineapi.EngineResponse,
exceptions.New(policyExceptionLister),
)
gvk, subresource := resource.GroupVersionKind(), ""
resourceKind := resource.GetKind()
resourceName := resource.GetName()
resourceNamespace := resource.GetNamespace()
// If --cluster flag is not set, then we need to find the top level resource GVK and subresource
if p.Client == nil {
for _, s := range p.Subresources {
@ -101,8 +104,17 @@ func (p *PolicyProcessor) ApplyPoliciesOnResource() ([]engineapi.EngineResponse,
subresource = parts[1]
}
}
} else {
if len(namespaceLabels) == 0 && resourceKind != "Namespace" && resourceNamespace != "" {
ns, err := p.Client.GetResource(context.TODO(), "v1", "Namespace", "", resourceNamespace)
if err != nil {
log.Log.Error(err, "failed to get the resource's namespace")
return nil, fmt.Errorf("failed to get the resource's namespace (%w)", err)
}
namespaceLabels = ns.GetLabels()
}
}
resPath := fmt.Sprintf("%s/%s/%s", resource.GetNamespace(), resource.GetKind(), resource.GetName())
resPath := fmt.Sprintf("%s/%s/%s", resourceNamespace, resourceKind, resourceName)
responses := make([]engineapi.EngineResponse, 0, len(p.Policies))
// mutate
for _, policy := range p.Policies {
@ -254,14 +266,6 @@ func (p *PolicyProcessor) makePolicyContext(
return nil, fmt.Errorf("failed to update old resource in json context (%w)", err)
}
}
if p.Client != nil && len(namespaceLabels) == 0 && resource.GetKind() != "Namespace" && resource.GetNamespace() != "" {
ns, err := p.Client.GetResource(context.TODO(), "v1", "Namespace", "", resource.GetNamespace())
if err != nil {
log.Log.Error(err, "failed to get the resource's namespace")
return nil, fmt.Errorf("failed to get the resource's namespace (%w)", err)
}
namespaceLabels = ns.GetLabels()
}
policyContext = policyContext.
WithPolicy(policy).
WithNamespaceLabels(namespaceLabels).