1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-15 12:17:56 +00:00

fix: policy status updates not stabilising (#11236)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2024-09-25 15:44:39 +02:00 committed by GitHub
parent 1331209b19
commit 82f4ca9034
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -153,10 +153,11 @@ func generateRule(name string, rule *kyvernov1.Rule, tplKey, shift string, kinds
} }
if rule.Validation.Deny != nil { if rule.Validation.Deny != nil {
deny := &kyvernov1.Validation{ deny := &kyvernov1.Validation{
Message: variables.FindAndShiftReferences(logger, rule.Validation.Message, shift, "deny"), Message: variables.FindAndShiftReferences(logger, rule.Validation.Message, shift, "deny"),
Deny: rule.Validation.Deny, Deny: rule.Validation.Deny,
FailureAction: rule.Validation.FailureAction, FailureAction: rule.Validation.FailureAction,
FailureActionOverrides: rule.Validation.FailureActionOverrides, FailureActionOverrides: rule.Validation.FailureActionOverrides,
AllowExistingViolations: rule.Validation.AllowExistingViolations,
} }
rule.Validation = deny rule.Validation = deny
return rule return rule
@ -171,8 +172,9 @@ func generateRule(name string, rule *kyvernov1.Rule, tplKey, shift string, kinds
Version: rule.Validation.PodSecurity.Version, Version: rule.Validation.PodSecurity.Version,
Exclude: newExclude, Exclude: newExclude,
}, },
FailureAction: rule.Validation.FailureAction, FailureAction: rule.Validation.FailureAction,
FailureActionOverrides: rule.Validation.FailureActionOverrides, FailureActionOverrides: rule.Validation.FailureActionOverrides,
AllowExistingViolations: rule.Validation.AllowExistingViolations,
} }
rule.Validation = podSecurity rule.Validation = podSecurity
return rule return rule
@ -194,9 +196,10 @@ func generateRule(name string, rule *kyvernov1.Rule, tplKey, shift string, kinds
failureAction := rule.Validation.FailureAction failureAction := rule.Validation.FailureAction
failureActionOverrides := rule.Validation.FailureActionOverrides failureActionOverrides := rule.Validation.FailureActionOverrides
rule.Validation = &kyvernov1.Validation{ rule.Validation = &kyvernov1.Validation{
Message: variables.FindAndShiftReferences(logger, rule.Validation.Message, shift, "anyPattern"), Message: variables.FindAndShiftReferences(logger, rule.Validation.Message, shift, "anyPattern"),
FailureAction: failureAction, FailureAction: failureAction,
FailureActionOverrides: failureActionOverrides, FailureActionOverrides: failureActionOverrides,
AllowExistingViolations: rule.Validation.AllowExistingViolations,
} }
rule.Validation.SetAnyPattern(patterns) rule.Validation.SetAnyPattern(patterns)
return rule return rule
@ -207,10 +210,11 @@ func generateRule(name string, rule *kyvernov1.Rule, tplKey, shift string, kinds
failureAction := rule.Validation.FailureAction failureAction := rule.Validation.FailureAction
failureActionOverrides := rule.Validation.FailureActionOverrides failureActionOverrides := rule.Validation.FailureActionOverrides
rule.Validation = &kyvernov1.Validation{ rule.Validation = &kyvernov1.Validation{
Message: variables.FindAndShiftReferences(logger, rule.Validation.Message, shift, "pattern"), Message: variables.FindAndShiftReferences(logger, rule.Validation.Message, shift, "pattern"),
ForEachValidation: newForeachValidate, ForEachValidation: newForeachValidate,
FailureAction: failureAction, FailureAction: failureAction,
FailureActionOverrides: failureActionOverrides, FailureActionOverrides: failureActionOverrides,
AllowExistingViolations: rule.Validation.AllowExistingViolations,
} }
return rule return rule
} }