fix: correctly validate patterns for old and new objects (#10310)

* fix: correctly validate patterns for old and new objects Signed-off-by: ShutingZhao <shuting@nirmata.com> * test: add new scenario to the existing test Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: indention Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: chainsaw tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>
2024-12-14 11:57:48 +00:00 · 2024-06-25 22:11:34 +08:00 · 2024-06-25 22:11:34 +08:00 · 88ae60ea9d
commit 88ae60ea9d
parent 28db48573a
4 changed files with 37 additions and 3 deletions
--- a/pkg/background/generate/generate.go
+++ b/pkg/background/generate/generate.go
@ -475,10 +475,13 @@ func applyRule(log logr.Logger, client dclient.Interface, rule kyvernov1.Rule, t
 					logger.V(4).Info("synchronize disabled, skip syncing changes")
 					continue
 				}
-				if err := validate.MatchPattern(logger, generatedObj.Object, newResource.Object); err == nil {
-					logger.V(4).Info("patterns match, skipping updates")
-					continue
+				if err := validate.MatchPattern(logger, newResource.Object, generatedObj.Object); err == nil {
+					if err := validate.MatchPattern(logger, generatedObj.Object, newResource.Object); err == nil {
+						logger.V(4).Info("patterns match, skipping updates")
+						continue
+					}
 				}
+
 				logger.V(4).Info("updating existing resource")
 				if targetMeta.GetAPIVersion() == "" {
 					generatedResourceAPIVersion := generatedObj.GetAPIVersion()
--- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-06-apply-1-1.yaml
+++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-06-apply-1-1.yaml
@ -0,0 +1,9 @@
+apiVersion: v1
+data:
+  ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181
+kind: ConfigMap
+metadata:
+  labels:
+    somekey: somevalue
+  name: zk-kafka-address
+  namespace: trainer
--- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-08-assert-1-1.yaml
+++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-08-assert-1-1.yaml
@ -0,0 +1,10 @@
+apiVersion: v1
+data:
+  KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092
+  ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181
+kind: ConfigMap
+metadata:
+  labels:
+    somekey: somevalue
+  name: zk-kafka-address
+  namespace: trainer
--- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-test.yaml
+++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-test.yaml
@ -29,3 +29,15 @@ spec:
    try:
    - assert:
        file: chainsaw-step-05-assert-1-1.yaml
+  - name: step-06
+    try:
+    - apply:
+        file: chainsaw-step-06-apply-1-1.yaml
+  - name: step-07
+    try:
+    - sleep:
+        duration: 3s
+  - name: step-08
+    try:
+    - assert:
+        file: chainsaw-step-08-assert-1-1.yaml