mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

744 ignoring resources with deletionTimestamp

Browse source
This commit is contained in:
shravan 2020-05-07 23:04:15 +05:30
parent ba0de32454
commit 717e42dd0b
2 changed files with 9 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
pkg/engine/validation.go
View file

@ -97,11 +97,6 @@ func incrementAppliedCount(resp *response.EngineResponse) {
func isRequestDenied(log logr.Logger, ctx context.EvalInterface, policy kyverno.ClusterPolicy, resource unstructured.Unstructured, admissionInfo kyverno.RequestInfo) *response.EngineResponse {
resp := &response.EngineResponse{}
// deny logic will only be applied to requests from user - system related requests are ignored.
if admissionInfo.AdmissionUserInfo.Username != "kubernetes-admin" {
return resp
}
for _, rule := range policy.Spec.Rules {
if !rule.HasValidate() {
continue

9
pkg/webhooks/server.go
View file

@ -355,6 +355,15 @@ func (ws *WebhookServer) resourceValidation(request *v1beta1.AdmissionRequest) *
logger.Error(err, "failed to load service account in context")
}
if val, err := ctx.Query("request.object.metadata.deletionTimestamp"); val != nil && err == nil {
return &v1beta1.AdmissionResponse{
Allowed: true,
Result: &metav1.Status{
Status: "Success",
},
}
}
// VALIDATION
ok, msg := ws.HandleValidation(request, policies, nil, ctx, userRequestInfo)
if !ok {