From 77a6408f3095e3a33392ece17c0c338be8964f29 Mon Sep 17 00:00:00 2001 From: Shuting Zhao Date: Wed, 15 Jan 2020 18:15:48 -0800 Subject: [PATCH] pass in patchedResource inside the same mutation rule --- pkg/engine/mutation.go | 2 +- pkg/engine/utils/utils.go | 3 ++- pkg/webhooks/mutation.go | 2 ++ 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/pkg/engine/mutation.go b/pkg/engine/mutation.go index fe90631cb8..a8c36b7262 100644 --- a/pkg/engine/mutation.go +++ b/pkg/engine/mutation.go @@ -156,7 +156,7 @@ var podTemplateRule = kyverno.Rule{ "template": map[string]interface{}{ "metadata": map[string]interface{}{ "annotations": map[string]interface{}{ - "pod-policies.kyverno.io/autogen-applied": "true", + "+(pod-policies.kyverno.io/autogen-applied)": "true", }, }, }, diff --git a/pkg/engine/utils/utils.go b/pkg/engine/utils/utils.go index de103fe930..8dbb1bec26 100644 --- a/pkg/engine/utils/utils.go +++ b/pkg/engine/utils/utils.go @@ -25,11 +25,12 @@ func (ri RuleType) String() string { } // ApplyPatches patches given resource with given patches and returns patched document +// return origin resource if any error occurs func ApplyPatches(resource []byte, patches [][]byte) ([]byte, error) { joinedPatches := JoinPatches(patches) patch, err := jsonpatch.DecodePatch(joinedPatches) if err != nil { - return nil, err + return resource, err } patchedDocument, err := patch.Apply(resource) diff --git a/pkg/webhooks/mutation.go b/pkg/webhooks/mutation.go index 7193661630..f10289eced 100644 --- a/pkg/webhooks/mutation.go +++ b/pkg/webhooks/mutation.go @@ -91,6 +91,8 @@ func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest, resou // gather patches patches = append(patches, engineResponse.GetPatches()...) glog.V(4).Infof("Mutation from policy %s has applied succesfully to %s %s/%s", policy.Name, request.Kind.Kind, resource.GetNamespace(), resource.GetName()) + + policyContext.NewResource = engineResponse.PatchedResource } // generate annotations