mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

fix: defer ur update until validation passes (#4540)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
This commit is contained in:
Charles-Edouard Brétéché 2022-09-08 14:53:08 +02:00 committed by GitHub
parent ed31fb0326
commit 8fb0a9e8c7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
pkg/webhooks/resource/handlers.go
View file

@ -101,9 +101,6 @@ func NewHandlers(
}
func (h *handlers) Validate(logger logr.Logger, request *admissionv1.AdmissionRequest, startTime time.Time) *admissionv1.AdmissionResponse {
if request.Operation == admissionv1.Delete {
h.handleDelete(logger, request)
}
if webhookutils.ExcludeKyvernoResources(request.Kind.Kind) {
return admissionutils.ResponseSuccess()
}
@ -149,6 +146,7 @@ func (h *handlers) Validate(logger logr.Logger, request *admissionv1.AdmissionRe
logger.Info("admission request denied")
return admissionutils.ResponseFailure(msg)
}
defer func() { h.handleDelete(logger, request) }()
h.auditHandler.Add(request.DeepCopy())
go h.createUpdateRequests(logger, request, policyContext, generatePolicies, mutatePolicies, startTime)
@ -391,23 +389,25 @@ func isResourceDeleted(policyContext *engine.PolicyContext) bool {
}
func (h *handlers) handleDelete(logger logr.Logger, request *admissionv1.AdmissionRequest) {
resource, err := engineutils2.ConvertToUnstructured(request.OldObject.Raw)
if err != nil {
logger.Error(err, "failed to convert object resource to unstructured format")
}
resLabels := resource.GetLabels()
if resLabels["app.kubernetes.io/managed-by"] == "kyverno" && request.Operation == admissionv1.Delete {
urName := resLabels["policy.kyverno.io/gr-name"]
ur, err := h.urLister.Get(urName)
if request.Operation == admissionv1.Delete {
resource, err := engineutils2.ConvertToUnstructured(request.OldObject.Raw)
if err != nil {
logger.Error(err, "failed to get update request", "name", urName)
return
logger.Error(err, "failed to convert object resource to unstructured format")
}
if ur.Spec.Type == kyvernov1beta1.Mutate {
return
resLabels := resource.GetLabels()
if resLabels["app.kubernetes.io/managed-by"] == "kyverno" {
urName := resLabels["policy.kyverno.io/gr-name"]
ur, err := h.urLister.Get(urName)
if err != nil {
logger.Error(err, "failed to get update request", "name", urName)
return
}
if ur.Spec.Type == kyvernov1beta1.Mutate {
return
}
h.urUpdater.UpdateAnnotation(logger, ur.GetName())
}
h.urUpdater.UpdateAnnotation(logger, ur.GetName())
}
}