chore: cleanup generate codebase (#6598)

* add debug info Signed-off-by: ShutingZhao <shuting@nirmata.com> * cleanup code Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fix Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove unused labels Signed-off-by: ShutingZhao <shuting@nirmata.com> * rename ns Signed-off-by: ShutingZhao <shuting@nirmata.com> * reset resource version Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove ur updater Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * cleanup code Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove code to add labels to clone source #6583 Signed-off-by: ShutingZhao <shuting@nirmata.com> * rename ns Signed-off-by: ShutingZhao <shuting@nirmata.com> * remvove labels from test resource Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove generated by labels Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>
2025-03-28 02:18:15 +00:00 · 2023-03-17 16:36:06 +08:00 · 2023-03-17 16:36:06 +08:00 · 6f7f06f0d4
commit 6f7f06f0d4
parent 1a20cb09d4
25 changed files with 49 additions and 478 deletions
--- a/pkg/background/common/labels.go
+++ b/pkg/background/common/labels.go
@ -13,12 +13,6 @@ import (
 	"k8s.io/client-go/tools/cache"
 )

-const (
-	LabelKeyKind      = "kyverno.io/generated-by-kind"
-	LabelKeyNamespace = "kyverno.io/generated-by-namespace"
-	LabelKeyName      = "kyverno.io/generated-by-name"
-)
-
 type Object interface {
 	GetName() string
 	GetNamespace() string
@ -35,8 +29,6 @@ func ManageLabels(unstr *unstructured.Unstructured, triggerResource unstructured

 	// handle managedBy label
 	managedBy(labels)
-	// handle generatedBy label
-	generatedBy(labels, triggerResource)

 	PolicyInfo(labels, policy, ruleName)

@ -95,28 +87,6 @@ func managedBy(labels map[string]string) {
 	}
 }

-func generatedBy(labels map[string]string, triggerResource unstructured.Unstructured) {
-	checkGeneratedBy(labels, LabelKeyKind, triggerResource.GetKind())
-	checkGeneratedBy(labels, LabelKeyNamespace, triggerResource.GetNamespace())
-	checkGeneratedBy(labels, LabelKeyName, triggerResource.GetName())
-}
-
-func checkGeneratedBy(labels map[string]string, key, value string) {
-	value = trimByLength(value, 63)
-
-	val, ok := labels[key]
-	if ok {
-		if val != value {
-			logging.V(2).Info(fmt.Sprintf("kyverno wont over-ride the label %s", key))
-			return
-		}
-	}
-	if !ok {
-		// add label
-		labels[key] = value
-	}
-}
-
 func PolicyInfo(labels map[string]string, policy kyvernov1.PolicyInterface, ruleName string) {
 	labels[GeneratePolicyLabel] = policy.GetName()
 	labels[GeneratePolicyNamespaceLabel] = policy.GetNamespace()
--- a/pkg/background/generate/generate.go
+++ b/pkg/background/generate/generate.go
@ -409,25 +409,8 @@ func applyRule(log logr.Logger, client dclient.Interface, rule kyvernov1.Rule, t

 		newResource.SetAPIVersion(rdata.GenAPIVersion)
 		common.ManageLabels(newResource, trigger, policy, rule.Name)
-		// Add Synchronize label
-		label := newResource.GetLabels()
-
-		// Add background gen-rule label if generate rule applied on existing resource
-		if policy.GetSpec().IsGenerateExisting() {
-			label[LabelBackgroundGenRuleName] = rule.Name
-		}
-
-		label[LabelDataPolicyName] = policy.GetName()
-		label[LabelURName] = ur.Name
 		if rdata.Action == Create {
-			if rule.Generation.Synchronize {
-				label[LabelSynchronize] = "enable"
-			} else {
-				label[LabelSynchronize] = "disable"
-			}
-
 			newResource.SetResourceVersion("")
-			newResource.SetLabels(label)
 			_, err = client.CreateResource(context.TODO(), rdata.GenAPIVersion, rdata.GenKind, rdata.GenNamespace, newResource, false)
 			if err != nil {
 				if !apierrors.IsAlreadyExists(err) {
@ -452,9 +435,6 @@ func applyRule(log logr.Logger, client dclient.Interface, rule kyvernov1.Rule, t
 				// if synchronize is true - update the label and generated resource with generate policy data
 				if rule.Generation.Synchronize {
 					logger.V(4).Info("updating existing resource")
-					label[LabelSynchronize] = "enable"
-					newResource.SetLabels(label)
-
 					if rdata.GenAPIVersion == "" {
 						generatedResourceAPIVersion := generatedObj.GetAPIVersion()
 						newResource.SetAPIVersion(generatedResourceAPIVersion)
@ -471,24 +451,6 @@ func applyRule(log logr.Logger, client dclient.Interface, rule kyvernov1.Rule, t
 							return newGenResources, err
 						}
 					}
-				} else {
-					currentGeneratedResourcelabel := generatedObj.GetLabels()
-					currentSynclabel := currentGeneratedResourcelabel[LabelSynchronize]
-
-					// update only if the labels mismatches
-					if (!rule.Generation.Synchronize && currentSynclabel == "enable") ||
-						(rule.Generation.Synchronize && currentSynclabel == "disable") {
-						logger.V(4).Info("updating label in existing resource")
-						currentGeneratedResourcelabel[LabelSynchronize] = "disable"
-						generatedObj.SetLabels(currentGeneratedResourcelabel)
-
-						_, err = client.UpdateResource(context.TODO(), rdata.GenAPIVersion, rdata.GenKind, rdata.GenNamespace, generatedObj, false)
-						if err != nil {
-							logger.Error(err, "failed to update label in existing resource")
-							newGenResources = append(newGenResources, noGenResource)
-							return newGenResources, err
-						}
-					}
 				}
 			}
 			logger.V(3).Info("updated generate target resource")
--- a/pkg/background/generate/labels.go
+++ b/pkg/background/generate/labels.go
@ -1,11 +0,0 @@
-package generate
-
-const (
-	LabelURName                = "policy.kyverno.io/ur-name"
-	LabelDataPolicyName        = "policy.kyverno.io/policy-name"
-	LabelClonePolicyName       = "generate.kyverno.io/clone-policy-name"
-	LabelSynchronize           = "policy.kyverno.io/synchronize"
-	LabelBackgroundGenRuleName = "kyverno.io/background-gen-rule"
-
-	AnnotationUpdateTime = "generate.kyverno.io/update-time"
-)
--- a/pkg/engine/api/engineresponse.go
+++ b/pkg/engine/api/engineresponse.go
@ -1,6 +1,7 @@
 package api

 import (
+	"fmt"
 	"reflect"

 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
@ -116,6 +117,11 @@ func (er EngineResponse) GetFailedRules() []string {
 	return er.getRules(func(rule RuleResponse) bool { return rule.HasStatus(RuleStatusFail, RuleStatusError) })
 }

+// GetFailedRulesWithErrors returns failed rules with corresponding error messages
+func (er EngineResponse) GetFailedRulesWithErrors() []string {
+	return er.getRulesWithErrors(func(rule RuleResponse) bool { return rule.HasStatus(RuleStatusFail, RuleStatusError) })
+}
+
 // GetSuccessRules returns success rules
 func (er EngineResponse) GetSuccessRules() []string {
 	return er.getRules(func(rule RuleResponse) bool { return rule.HasStatus(RuleStatusPass) })
@ -142,6 +148,16 @@ func (er EngineResponse) getRules(predicate func(RuleResponse) bool) []string {
 	return rules
 }

+func (er EngineResponse) getRulesWithErrors(predicate func(RuleResponse) bool) []string {
+	var rules []string
+	for _, r := range er.PolicyResponse.Rules {
+		if predicate(r) {
+			rules = append(rules, fmt.Sprintf("%s: %s", r.Name, r.Message))
+		}
+	}
+	return rules
+}
+
 func (er *EngineResponse) GetValidationFailureAction() kyvernov1.ValidationFailureAction {
 	spec := er.Policy.GetSpec()
 	for _, v := range spec.ValidationFailureActionOverrides {
--- a/pkg/policy/validate.go
+++ b/pkg/policy/validate.go
@ -19,7 +19,6 @@ import (
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/common"
 	"github.com/kyverno/kyverno/pkg/autogen"
-	"github.com/kyverno/kyverno/pkg/background/generate"
 	"github.com/kyverno/kyverno/pkg/clients/dclient"
 	openapicontroller "github.com/kyverno/kyverno/pkg/controllers/openapi"
 	enginecontext "github.com/kyverno/kyverno/pkg/engine/context"
@ -33,7 +32,6 @@ import (
 	"golang.org/x/exp/slices"
 	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	"k8s.io/apimachinery/pkg/util/yaml"
@ -367,43 +365,6 @@ func Validate(policy, oldPolicy kyvernov1.PolicyInterface, client dclient.Interf
 			return warnings, fmt.Errorf("labels and annotations supports only string values, \"use double quotes around the non string values\"")
 		}

-		// add label to source mentioned in policy
-		if !mock && rule.Generation.Clone.Name != "" {
-			obj, err := client.GetResource(context.TODO(), "", rule.Generation.Kind, rule.Generation.Clone.Namespace, rule.Generation.Clone.Name)
-			if err != nil {
-				logging.Error(err, fmt.Sprintf("source resource %s/%s/%s not found.", rule.Generation.Kind, rule.Generation.Clone.Namespace, rule.Generation.Clone.Name))
-				continue
-			}
-			err = UpdateSourceResource(client, rule.Generation.Kind, rule.Generation.Clone.Namespace, policy.GetName(), obj)
-			if err != nil {
-				logging.Error(err, "failed to update source", "kind", obj.GetKind(), "name", obj.GetName(), "namespace", obj.GetNamespace())
-				continue
-			}
-			logging.V(4).Info("updated source", "kind", obj.GetKind(), "name", obj.GetName(), "namespace", obj.GetNamespace())
-		}
-		if !mock && len(rule.Generation.CloneList.Kinds) != 0 {
-			for _, kind := range rule.Generation.CloneList.Kinds {
-				apiVersion, kind := kubeutils.GetKindFromGVK(kind)
-				resources, err := client.ListResource(context.TODO(), apiVersion, kind, rule.Generation.CloneList.Namespace, rule.Generation.CloneList.Selector)
-				if err != nil {
-					logging.Error(err, fmt.Sprintf("failed to list resources %s/%s.", kind, rule.Generation.CloneList.Namespace))
-					continue
-				}
-				for _, rName := range resources.Items {
-					obj, err := client.GetResource(context.TODO(), apiVersion, kind, rule.Generation.CloneList.Namespace, rName.GetName())
-					if err != nil {
-						logging.Error(err, fmt.Sprintf("source resource %s/%s/%s not found.", kind, rule.Generation.Clone.Namespace, rule.Generation.Clone.Name))
-						continue
-					}
-					err = UpdateSourceResource(client, kind, rule.Generation.CloneList.Namespace, policy.GetName(), obj)
-					if err != nil {
-						logging.Error(err, "failed to update source", "kind", obj.GetKind(), "name", obj.GetName(), "namespace", obj.GetNamespace())
-						continue
-					}
-				}
-			}
-		}
-
 		matchKinds := match.GetKinds()
 		excludeKinds := exclude.GetKinds()
 		allKinds := make([]string, 0, len(matchKinds)+len(excludeKinds))
@ -439,42 +400,6 @@ func Validate(policy, oldPolicy kyvernov1.PolicyInterface, client dclient.Interf
 	return warnings, nil
 }

-func UpdateSourceResource(client dclient.Interface, kind, namespace string, policyName string, obj *unstructured.Unstructured) error {
-	updateSource := true
-	label := obj.GetLabels()
-
-	if len(label) == 0 {
-		label = make(map[string]string)
-		label[generate.LabelClonePolicyName] = policyName
-	} else {
-		if label[generate.LabelClonePolicyName] != "" {
-			policyNames := label[generate.LabelClonePolicyName]
-			if !strings.Contains(policyNames, policyName) {
-				policyNames = policyNames + "," + policyName
-				label[generate.LabelClonePolicyName] = policyNames
-			} else {
-				updateSource = false
-			}
-		} else {
-			label[generate.LabelClonePolicyName] = policyName
-		}
-	}
-
-	if updateSource {
-		logging.V(4).Info("updating existing clone source labels")
-		obj.SetLabels(label)
-		obj.SetResourceVersion("")
-
-		_, err := client.UpdateResource(context.TODO(), obj.GetAPIVersion(), kind, namespace, obj, false)
-		if err != nil {
-			logging.Error(err, "failed to update source", "kind", obj.GetKind(), "name", obj.GetName(), "namespace", obj.GetNamespace())
-			return err
-		}
-		logging.V(4).Info("updated source", "kind", obj.GetKind(), "name", obj.GetName(), "namespace", obj.GetNamespace())
-	}
-	return nil
-}
-
 func ValidateVariables(p kyvernov1.PolicyInterface, backgroundMode bool) error {
 	vars := hasVariables(p)
 	if backgroundMode {
--- a/pkg/webhooks/resource/fake.go
+++ b/pkg/webhooks/resource/fake.go
@ -54,7 +54,6 @@ func NewFakeHandlers(ctx context.Context, policyCache policycache.Cache) webhook
 		eventGen:       event.NewFake(),
 		openApiManager: openapi.NewFake(),
 		pcBuilder:      webhookutils.NewPolicyContextBuilder(configuration, dclient, rbLister, crbLister),
-		urUpdater:      webhookutils.NewUpdateRequestUpdater(kyvernoclient, urLister),
 		engine: engine.NewEngine(
 			configuration,
 			dclient,
--- a/pkg/webhooks/resource/generation/handler.go
+++ b/pkg/webhooks/resource/generation/handler.go
@ -40,7 +40,6 @@ func NewGenerationHandler(
 	cpolLister kyvernov1listers.ClusterPolicyLister,
 	polLister kyvernov1listers.PolicyLister,
 	urGenerator webhookgenerate.Generator,
-	urUpdater webhookutils.UpdateRequestUpdater,
 	eventGen event.Interface,
 	metrics metrics.MetricsConfigManager,
 ) GenerationHandler {
@ -54,7 +53,6 @@ func NewGenerationHandler(
 		cpolLister:    cpolLister,
 		polLister:     polLister,
 		urGenerator:   urGenerator,
-		urUpdater:     urUpdater,
 		eventGen:      eventGen,
 		metrics:       metrics,
 	}
@ -70,7 +68,6 @@ type generationHandler struct {
 	cpolLister    kyvernov1listers.ClusterPolicyLister
 	polLister     kyvernov1listers.PolicyLister
 	urGenerator   webhookgenerate.Generator
-	urUpdater     webhookutils.UpdateRequestUpdater
 	eventGen      event.Interface
 	metrics       metrics.MetricsConfigManager
 }
--- a/pkg/webhooks/resource/handlers.go
+++ b/pkg/webhooks/resource/handlers.go
@ -58,7 +58,6 @@ type handlers struct {
 	eventGen       event.Interface
 	openApiManager openapi.ValidateInterface
 	pcBuilder      webhookutils.PolicyContextBuilder
-	urUpdater      webhookutils.UpdateRequestUpdater

 	admissionReports bool
 }
@ -98,7 +97,6 @@ func NewHandlers(
 		eventGen:         eventGen,
 		openApiManager:   openApiManager,
 		pcBuilder:        webhookutils.NewPolicyContextBuilder(configuration, client, rbLister, crbLister),
-		urUpdater:        webhookutils.NewUpdateRequestUpdater(kyvernoClient, urLister),
 		admissionReports: admissionReports,
 	}
 }
--- a/pkg/webhooks/resource/mutation/mutation.go
+++ b/pkg/webhooks/resource/mutation/mutation.go
@ -160,7 +160,7 @@ func (h *mutationHandler) applyMutation(ctx context.Context, request *admissionv
 	policyPatches := engineResponse.GetPatches()

 	if !engineResponse.IsSuccessful() {
-		return nil, nil, fmt.Errorf("failed to apply policy %s rules %v", policyContext.Policy().GetName(), engineResponse.GetFailedRules())
+		return nil, nil, fmt.Errorf("failed to apply policy %s rules %v", policyContext.Policy().GetName(), engineResponse.GetFailedRulesWithErrors())
 	}

 	if policyContext.Policy().ValidateSchema() && engineResponse.PatchedResource.GetKind() != "*" {
--- a/pkg/webhooks/resource/updaterequest.go
+++ b/pkg/webhooks/resource/updaterequest.go
@ -78,6 +78,6 @@ func (h *handlers) handleMutateExisting(ctx context.Context, logger logr.Logger,
 }

 func (h *handlers) handleGenerate(ctx context.Context, logger logr.Logger, request *admissionv1.AdmissionRequest, generatePolicies []kyvernov1.PolicyInterface, policyContext *engine.PolicyContext, ts time.Time) {
-	gh := generation.NewGenerationHandler(logger, h.engine, h.client, h.kyvernoClient, h.nsLister, h.urLister, h.cpolLister, h.polLister, h.urGenerator, h.urUpdater, h.eventGen, h.metricsConfig)
+	gh := generation.NewGenerationHandler(logger, h.engine, h.client, h.kyvernoClient, h.nsLister, h.urLister, h.cpolLister, h.polLister, h.urGenerator, h.eventGen, h.metricsConfig)
 	go gh.Handle(ctx, request, generatePolicies, policyContext)
 }
--- a/pkg/webhooks/updaterequest/generator.go
+++ b/pkg/webhooks/updaterequest/generator.go
@ -69,50 +69,26 @@ func (g *generator) tryApplyResource(ctx context.Context, urSpec kyvernov1beta1.
 		queryLabels = common.GenerateLabelsSet(urSpec.Policy, urSpec.GetResource())
 	}

-	urList, err := g.urLister.List(labels.SelectorFromSet(queryLabels))
+	l.V(4).Info("creating new UpdateRequest")
+	ur := kyvernov1beta1.UpdateRequest{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace:    config.KyvernoNamespace(),
+			GenerateName: "ur-",
+			Labels:       queryLabels,
+		},
+		Spec: urSpec,
+	}
+	created, err := g.client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Create(ctx, &ur, metav1.CreateOptions{})
 	if err != nil {
-		l.Error(err, "failed to get update request for the resource", "resource", urSpec.GetResource().String())
+		l.V(4).Error(err, "failed to create UpdateRequest, retrying", "name", ur.GetGenerateName(), "namespace", ur.GetNamespace())
 		return err
 	}
-	for _, v := range urList {
-		l := l.WithValues("name", v.GetName())
-		l.V(4).Info("updating existing update request")
-		if _, err := common.Update(g.client, g.urLister, v.GetName(), func(ur *kyvernov1beta1.UpdateRequest) {
-			v.Spec = urSpec
-		}); err != nil {
-			l.V(4).Error(err, "failed to update UpdateRequest")
-			return err
-		} else {
-			l.V(4).Info("successfully updated UpdateRequest")
-		}
-		if _, err := common.UpdateStatus(g.client, g.urLister, v.GetName(), kyvernov1beta1.Pending, "", nil); err != nil {
-			l.V(4).Error(err, "failed to update UpdateRequest status")
-			return err
-		}
-	}
-
-	if len(urList) == 0 || urSpec.DeleteDownstream {
-		l.V(4).Info("creating new UpdateRequest")
-		ur := kyvernov1beta1.UpdateRequest{
-			ObjectMeta: metav1.ObjectMeta{
-				Namespace:    config.KyvernoNamespace(),
-				GenerateName: "ur-",
-				Labels:       queryLabels,
-			},
-			Spec: urSpec,
-		}
-		created, err := g.client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Create(ctx, &ur, metav1.CreateOptions{})
-		if err != nil {
-			l.V(4).Error(err, "failed to create UpdateRequest, retrying", "name", ur.GetGenerateName(), "namespace", ur.GetNamespace())
-			return err
-		}
-		updated := created.DeepCopy()
-		updated.Status.State = kyvernov1beta1.Pending
-		_, err = g.client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(context.TODO(), updated, metav1.UpdateOptions{})
-		if err != nil {
-			return err
-		}
-		l.V(4).Info("successfully created UpdateRequest", "name", updated.GetName(), "namespace", ur.GetNamespace())
+	updated := created.DeepCopy()
+	updated.Status.State = kyvernov1beta1.Pending
+	_, err = g.client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(context.TODO(), updated, metav1.UpdateOptions{})
+	if err != nil {
+		return err
 	}
+	l.V(4).Info("successfully created UpdateRequest", "name", updated.GetName(), "namespace", ur.GetNamespace())
 	return nil
 }
--- a/pkg/webhooks/utils/update_request_updater.go
+++ b/pkg/webhooks/utils/update_request_updater.go
@ -1,53 +0,0 @@
-package utils
-
-import (
-	"time"
-
-	"github.com/go-logr/logr"
-	kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
-	"github.com/kyverno/kyverno/pkg/background/common"
-	"github.com/kyverno/kyverno/pkg/background/generate"
-	"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
-	kyvernov1beta1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1beta1"
-)
-
-type UpdateRequestUpdater interface {
-	// UpdateAnnotation updates UR annotation, triggering reprocessing of UR and recreation/updation of generated resource
-	UpdateAnnotation(logger logr.Logger, name string)
-}
-
-type updateRequestUpdater struct {
-	client versioned.Interface
-	lister kyvernov1beta1listers.UpdateRequestNamespaceLister
-}
-
-func NewUpdateRequestUpdater(client versioned.Interface, lister kyvernov1beta1listers.UpdateRequestNamespaceLister) UpdateRequestUpdater {
-	return &updateRequestUpdater{
-		client: client,
-		lister: lister,
-	}
-}
-
-func (h *updateRequestUpdater) updateAnnotation(logger logr.Logger, name string) {
-	if _, err := common.Update(h.client, h.lister, name, func(ur *kyvernov1beta1.UpdateRequest) {
-		urAnnotations := ur.Annotations
-		if len(urAnnotations) == 0 {
-			urAnnotations = make(map[string]string)
-		}
-		urAnnotations[generate.AnnotationUpdateTime] = time.Now().String()
-		ur.SetAnnotations(urAnnotations)
-	}); err != nil {
-		logger.Error(err, "failed to update update request update-time annotations for the resource", "update request", name)
-	}
-}
-
-func (h *updateRequestUpdater) setPendingStatus(logger logr.Logger, name string) {
-	if _, err := common.UpdateStatus(h.client, h.lister, name, kyvernov1beta1.Pending, "", nil); err != nil {
-		logger.Error(err, "failed to set UpdateRequest state to Pending", "update request", name)
-	}
-}
-
-func (h *updateRequestUpdater) UpdateAnnotation(logger logr.Logger, name string) {
-	h.updateAnnotation(logger, name)
-	h.setPendingStatus(logger, name)
-}
--- a/pkg/webhooks/utils/update_request_updater_test.go
+++ b/pkg/webhooks/utils/update_request_updater_test.go
@ -1,173 +0,0 @@
-package utils
-
-import (
-	"context"
-	"testing"
-
-	"github.com/go-logr/logr"
-	kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
-	"github.com/kyverno/kyverno/pkg/background/generate"
-	"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
-	"github.com/kyverno/kyverno/pkg/client/clientset/versioned/fake"
-	kyvernoinformers "github.com/kyverno/kyverno/pkg/client/informers/externalversions"
-	kyvernov1beta1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1beta1"
-	"github.com/kyverno/kyverno/pkg/config"
-	"github.com/stretchr/testify/assert"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-)
-
-func TestNewUpdateRequestUpdater(t *testing.T) {
-	type args struct {
-		client versioned.Interface
-		lister kyvernov1beta1listers.UpdateRequestNamespaceLister
-	}
-	tests := []struct {
-		name string
-		args args
-		want UpdateRequestUpdater
-	}{{
-		name: "nil",
-		args: args{nil, nil},
-		want: &updateRequestUpdater{nil, nil},
-	}}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			got := NewUpdateRequestUpdater(tt.args.client, tt.args.lister)
-			assert.Equal(t, tt.want, got)
-		})
-	}
-}
-
-func Test_updateRequestUpdater_updateAnnotation(t *testing.T) {
-	type data struct {
-		objects []runtime.Object
-	}
-	tests := []struct {
-		name    string
-		data    data
-		urName  string
-		updated bool
-	}{{
-		name: "success",
-		data: data{
-			[]runtime.Object{
-				&kyvernov1beta1.UpdateRequest{
-					ObjectMeta: v1.ObjectMeta{
-						Name:      "test",
-						Namespace: config.KyvernoNamespace(),
-					},
-				},
-			},
-		},
-		urName:  "test",
-		updated: true,
-	}, {
-		name: "not found",
-		data: data{
-			[]runtime.Object{
-				&kyvernov1beta1.UpdateRequest{
-					ObjectMeta: v1.ObjectMeta{
-						Name:      "dummy",
-						Namespace: config.KyvernoNamespace(),
-					},
-				},
-			},
-		},
-		urName:  "dummy",
-		updated: false,
-	}}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			ctx, cancel := context.WithCancel(context.Background())
-			done := ctx.Done()
-			t.Cleanup(cancel)
-			client := fake.NewSimpleClientset(tt.data.objects...)
-			kyvernoInformers := kyvernoinformers.NewSharedInformerFactory(client, 0)
-			lister := kyvernoInformers.Kyverno().V1beta1().UpdateRequests().Lister().UpdateRequests(config.KyvernoNamespace())
-			kyvernoInformers.Start(done)
-			kyvernoInformers.WaitForCacheSync(done)
-			h := &updateRequestUpdater{
-				client: client,
-				lister: lister,
-			}
-			h.updateAnnotation(logr.Discard(), "test")
-			ur, err := client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Get(ctx, tt.urName, v1.GetOptions{})
-			assert.NoError(t, err)
-			assert.NotNil(t, ur)
-			if tt.updated {
-				annotations := ur.GetAnnotations()
-				assert.NotNil(t, annotations)
-				assert.NotNil(t, annotations[generate.AnnotationUpdateTime])
-			} else {
-				annotations := ur.GetAnnotations()
-				assert.Nil(t, annotations)
-			}
-		})
-	}
-}
-
-func Test_updateRequestUpdater_setPendingStatus(t *testing.T) {
-	type data struct {
-		objects []runtime.Object
-	}
-	tests := []struct {
-		name    string
-		data    data
-		urName  string
-		updated bool
-	}{{
-		name: "success",
-		data: data{
-			[]runtime.Object{
-				&kyvernov1beta1.UpdateRequest{
-					ObjectMeta: v1.ObjectMeta{
-						Name:      "test",
-						Namespace: config.KyvernoNamespace(),
-					},
-				},
-			},
-		},
-		urName:  "test",
-		updated: true,
-	}, {
-		name: "not found",
-		data: data{
-			[]runtime.Object{
-				&kyvernov1beta1.UpdateRequest{
-					ObjectMeta: v1.ObjectMeta{
-						Name:      "dummy",
-						Namespace: config.KyvernoNamespace(),
-					},
-				},
-			},
-		},
-		urName:  "dummy",
-		updated: false,
-	}}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			ctx, cancel := context.WithCancel(context.Background())
-			done := ctx.Done()
-			t.Cleanup(cancel)
-			client := fake.NewSimpleClientset(tt.data.objects...)
-			kyvernoInformers := kyvernoinformers.NewSharedInformerFactory(client, 0)
-			lister := kyvernoInformers.Kyverno().V1beta1().UpdateRequests().Lister().UpdateRequests(config.KyvernoNamespace())
-			kyvernoInformers.Start(done)
-			kyvernoInformers.WaitForCacheSync(done)
-			h := &updateRequestUpdater{
-				client: client,
-				lister: lister,
-			}
-			h.setPendingStatus(logr.Discard(), "test")
-			ur, err := client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Get(ctx, tt.urName, v1.GetOptions{})
-			assert.NoError(t, err)
-			assert.NotNil(t, ur)
-			if tt.updated {
-				assert.Equal(t, kyvernov1beta1.Pending, ur.Status.State)
-			} else {
-				assert.NotEqual(t, kyvernov1beta1.Pending, ur.Status.State)
-			}
-		})
-	}
-}
--- a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create/resource-assert.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create/resource-assert.yaml
@ -7,13 +7,6 @@ kind: Secret
 metadata:
  labels:
    allowedToBeCloned: "true"
-    app.kubernetes.io/managed-by: kyverno
-    generate.kyverno.io/clone-policy-name: sync-with-multi-clone
-    kyverno.io/generated-by-kind: Namespace
-    kyverno.io/generated-by-name: prod-1
-    kyverno.io/generated-by-namespace: ""
-    policy.kyverno.io/policy-name: sync-with-multi-clone
-    policy.kyverno.io/synchronize: enable
  name: image-secret
  namespace: prod-1
 type: kubernetes.io/basic-auth
@ -25,12 +18,5 @@ kind: ConfigMap
 metadata:
  labels:
    allowedToBeCloned: "true"
-    app.kubernetes.io/managed-by: kyverno
-    generate.kyverno.io/clone-policy-name: sync-with-multi-clone
-    kyverno.io/generated-by-kind: Namespace
-    kyverno.io/generated-by-name: prod-1
-    kyverno.io/generated-by-namespace: ""
-    policy.kyverno.io/policy-name: sync-with-multi-clone
-    policy.kyverno.io/synchronize: enable
  name: bootstrap-config
  namespace: prod-1
--- a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update/resource-assert.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update/resource-assert.yaml
@ -7,13 +7,6 @@ kind: Secret
 metadata:
  labels:
    allowedToBeCloned: "true"
-    app.kubernetes.io/managed-by: kyverno
-    generate.kyverno.io/clone-policy-name: sync-with-multi-clone-update
-    kyverno.io/generated-by-kind: Namespace
-    kyverno.io/generated-by-name: prod
-    kyverno.io/generated-by-namespace: ""
-    policy.kyverno.io/policy-name: sync-with-multi-clone-update
-    policy.kyverno.io/synchronize: enable
  name: image-secret
  namespace: prod
 type: kubernetes.io/basic-auth
@ -25,12 +18,5 @@ kind: ConfigMap
 metadata:
  labels:
    allowedToBeCloned: "true"
-    app.kubernetes.io/managed-by: kyverno
-    generate.kyverno.io/clone-policy-name: sync-with-multi-clone-update
-    kyverno.io/generated-by-kind: Namespace
-    kyverno.io/generated-by-name: prod
-    kyverno.io/generated-by-namespace: ""
-    policy.kyverno.io/policy-name: sync-with-multi-clone-update
-    policy.kyverno.io/synchronize: enable
  name: bootstrap-config
  namespace: prod
--- a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update/synchronized-target.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update/synchronized-target.yaml
@ -6,12 +6,5 @@ kind: ConfigMap
 metadata:
  labels:
    allowedToBeCloned: "true"
-    app.kubernetes.io/managed-by: kyverno
-    generate.kyverno.io/clone-policy-name: sync-with-multi-clone-update
-    kyverno.io/generated-by-kind: Namespace
-    kyverno.io/generated-by-name: prod
-    kyverno.io/generated-by-namespace: ""
-    policy.kyverno.io/policy-name: sync-with-multi-clone-update
-    policy.kyverno.io/synchronize: enable
  name: bootstrap-config
  namespace: prod
--- a/test/conformance/kuttl/mutate/clusterpolicy/standard/existing/namespaceselector/04-assert.yaml
+++ b/test/conformance/kuttl/mutate/clusterpolicy/standard/existing/namespaceselector/04-assert.yaml
@ -4,4 +4,4 @@ metadata:
  annotations:
    org: kyverno-test
  name: test-org
-  namespace: test
+  namespace: org-label-inheritance-existing-standard-ns
--- a/test/conformance/kuttl/mutate/clusterpolicy/standard/existing/namespaceselector/configmap.yaml
+++ b/test/conformance/kuttl/mutate/clusterpolicy/standard/existing/namespaceselector/configmap.yaml
@ -2,4 +2,4 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: test-org
-  namespace: test
+  namespace: org-label-inheritance-existing-standard-ns
--- a/test/conformance/kuttl/mutate/clusterpolicy/standard/existing/namespaceselector/pod.yaml
+++ b/test/conformance/kuttl/mutate/clusterpolicy/standard/existing/namespaceselector/pod.yaml
@ -2,7 +2,7 @@ apiVersion: v1
 kind: Pod
 metadata:
  name: test-org
-  namespace: test
+  namespace: org-label-inheritance-existing-standard-ns
 spec:
  containers:
  - image: nginx:latest
--- a/test/conformance/kuttl/mutate/clusterpolicy/standard/existing/namespaceselector/policy-assert.yaml
+++ b/test/conformance/kuttl/mutate/clusterpolicy/standard/existing/namespaceselector/policy-assert.yaml
@ -1,7 +1,7 @@
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
-  name: org-label-inheritance-existing
+  name: org-label-inheritance-existing-standard
 status:
  conditions:
  - reason: Succeeded
--- a/test/conformance/kuttl/mutate/clusterpolicy/standard/existing/namespaceselector/policy.yaml
+++ b/test/conformance/kuttl/mutate/clusterpolicy/standard/existing/namespaceselector/policy.yaml
@ -1,7 +1,7 @@
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
-  name: org-label-inheritance-existing
+  name: org-label-inheritance-existing-standard
  annotations:  
    pod-policies.kyverno.io/autogen-controllers: none
 spec:
@ -39,4 +39,4 @@ kind: Namespace
 metadata:
  labels:
    org: kyverno-test
-  name: test
+  name: org-label-inheritance-existing-standard-ns
--- a/test/conformance/kuttl/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/01-assert.yaml
+++ b/test/conformance/kuttl/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/01-assert.yaml
@ -3,19 +3,19 @@ kind: Namespace
 metadata:
  labels:
    org: kyverno-test
-  name: test
+  name: org-label-inheritance-existing-ns
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: test-org
-  namespace: test
+  namespace: org-label-inheritance-existing-ns
 ---
 apiVersion: v1
 kind: Pod
 metadata:
  name: test-org
-  namespace: test
+  namespace: org-label-inheritance-existing-ns
 spec:
  containers:
  - image: nginx:latest
--- a/test/conformance/kuttl/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/01-manifests.yaml
+++ b/test/conformance/kuttl/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/01-manifests.yaml
@ -3,19 +3,19 @@ kind: Namespace
 metadata:
  labels:
    org: kyverno-test
-  name: test
+  name: org-label-inheritance-existing-ns
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: test-org
-  namespace: test
+  namespace: org-label-inheritance-existing-ns
 ---
 apiVersion: v1
 kind: Pod
 metadata:
  name: test-org
-  namespace: test
+  namespace: org-label-inheritance-existing-ns
 spec:
  containers:
  - image: nginx:latest
--- a/test/conformance/kuttl/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/04-assert.yaml
+++ b/test/conformance/kuttl/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/04-assert.yaml
@ -4,4 +4,4 @@ metadata:
  annotations:
    org: kyverno-test
  name: test-org
-  namespace: test
+  namespace: org-label-inheritance-existing-ns
--- a/test/conformance/kuttl/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/README.md
+++ b/test/conformance/kuttl/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/README.md
@ -10,7 +10,7 @@ The pod is mutated with annotation `org: kyverno-test`.

 ### Test Steps

-1. Create a pod and a configmap in the `test` namespace labeled by `org: kyverno-test`.
+1. Create a pod and a configmap in the `org-label-inheritance-existing-ns` namespace labeled by `org: kyverno-test`.
 2. Create a `ClusterPolicy` that mutates existing pods.
 3. The pod should be mutated with the annotation `org: kyverno-test` present on the parent namespace.