From 74f5f30e3b4095cd1e1d9421e0853bbc67d1b004 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?=
 <charled.breteche@gmail.com>
Date: Tue, 24 May 2022 19:37:01 +0200
Subject: [PATCH] fix: bypass policy mutation if autogen internals enabled
 (#4007)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
---
 pkg/webhooks/policy/handlers.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/webhooks/policy/handlers.go b/pkg/webhooks/policy/handlers.go
index 9327c8675c..454a2e1b75 100644
--- a/pkg/webhooks/policy/handlers.go
+++ b/pkg/webhooks/policy/handlers.go
@@ -10,6 +10,7 @@ import (
 	"github.com/kyverno/kyverno/pkg/openapi"
 	policyvalidate "github.com/kyverno/kyverno/pkg/policy"
 	"github.com/kyverno/kyverno/pkg/policymutation"
+	"github.com/kyverno/kyverno/pkg/toggle"
 	admissionutils "github.com/kyverno/kyverno/pkg/utils/admission"
 	"github.com/kyverno/kyverno/pkg/webhooks"
 	admissionv1 "k8s.io/api/admission/v1"
@@ -52,6 +53,9 @@ func (h *handlers) Validate(logger logr.Logger, request *admissionv1.AdmissionRe
 }
 
 func (h *handlers) Mutate(logger logr.Logger, request *admissionv1.AdmissionRequest) *admissionv1.AdmissionResponse {
+	if toggle.AutogenInternals() {
+		return admissionutils.Response(true)
+	}
 	if request.SubResource != "" {
 		logger.V(4).Info("skip policy validation on status update")
 		return admissionutils.Response(true)