1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00

Fix | GenerateRequests Status Failed, but resource is created! (#2566)

* compare generated resource before updating

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* create resource if not found during update

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
This commit is contained in:
Pooja Singh 2021-10-26 04:58:11 +05:30 committed by GitHub
parent a1f21c747f
commit 9252470d47
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -419,42 +419,47 @@ func applyRule(log logr.Logger, client *dclient.Client, rule kyverno.Rule, resou
logger.V(2).Info("created generate target resource")
} else if mode == Update {
// if synchronize is true - update the label and generated resource with generate policy data
if rule.Generation.Synchronize {
logger.V(4).Info("updating existing resource")
label["policy.kyverno.io/synchronize"] = "enable"
newResource.SetLabels(label)
_, err := client.UpdateResource(genAPIVersion, genKind, genNamespace, newResource, false)
generatedObj, err := client.GetResource(genAPIVersion, genKind, genNamespace, genName)
if err != nil {
logger.Error(err, fmt.Sprintf("generated resource not found name:%v namespace:%v kind:%v", genName, genNamespace, genKind))
logger.V(2).Info(fmt.Sprintf("creating generate resource name:name:%v namespace:%v kind:%v", genName, genNamespace, genKind))
_, err = client.CreateResource(genAPIVersion, genKind, genNamespace, newResource, false)
if err != nil {
logger.Error(err, "failed to update resource")
return noGenResource, err
}
} else {
// if synchronize is false - update the label in already generated resource,
// without comparing it with the generate policy data
generatedObj, err := client.GetResource(genAPIVersion, genKind, genNamespace, genName)
if err != nil {
logger.Error(err, fmt.Sprintf("generated resource not found name:%v namespace:%v kind:%v", genName, genNamespace, genKind))
return newGenResource, err
}
// if synchronize is true - update the label and generated resource with generate policy data
if rule.Generation.Synchronize {
logger.V(4).Info("updating existing resource")
label["policy.kyverno.io/synchronize"] = "enable"
newResource.SetLabels(label)
currentGeneratedResourcelabel := generatedObj.GetLabels()
currentSynclabel := currentGeneratedResourcelabel["policy.kyverno.io/synchronize"]
if _, err := ValidateResourceWithPattern(logger, generatedObj.Object, rdata); err != nil {
_, err = client.UpdateResource(genAPIVersion, genKind, genNamespace, newResource, false)
if err != nil {
logger.Error(err, "failed to update resource")
return noGenResource, err
}
}
} else {
currentGeneratedResourcelabel := generatedObj.GetLabels()
currentSynclabel := currentGeneratedResourcelabel["policy.kyverno.io/synchronize"]
// update only if the labels mismatches
if (!rule.Generation.Synchronize && currentSynclabel == "enable") ||
(rule.Generation.Synchronize && currentSynclabel == "disable") {
logger.V(4).Info("updating label in existing resource")
currentGeneratedResourcelabel["policy.kyverno.io/synchronize"] = "disable"
generatedObj.SetLabels(currentGeneratedResourcelabel)
// update only if the labels mismatches
if (!rule.Generation.Synchronize && currentSynclabel == "enable") ||
(rule.Generation.Synchronize && currentSynclabel == "disable") {
logger.V(4).Info("updating label in existing resource")
currentGeneratedResourcelabel["policy.kyverno.io/synchronize"] = "disable"
generatedObj.SetLabels(currentGeneratedResourcelabel)
_, err = client.UpdateResource(genAPIVersion, genKind, genNamespace, generatedObj, false)
if err != nil {
logger.Error(err, "failed to update label in existing resource")
return noGenResource, err
_, err = client.UpdateResource(genAPIVersion, genKind, genNamespace, generatedObj, false)
if err != nil {
logger.Error(err, "failed to update label in existing resource")
return noGenResource, err
}
}
}
}
logger.V(2).Info("updated generate target resource")