Fix Background Scan issue (#2381)

2025-03-31 03:45:17 +00:00 · 2021-09-14 00:06:23 +05:30 · 2021-09-14 00:06:23 +05:30 · bfd651cbe6
commit bfd651cbe6
parent a0ff8bbd0b
1 changed files with 46 additions and 28 deletions
--- a/pkg/policy/existing.go
+++ b/pkg/policy/existing.go
@ -29,36 +29,23 @@ func (pc *PolicyController) processExistingResources(policy *kyverno.ClusterPoli
 			continue
 		}

-		for _, kind := range rule.MatchResources.Kinds {
-			k := common.GetFormatedKind(kind)
-			logger = logger.WithValues("rule", rule.Name, "kind", k)
-			namespaced, err := pc.rm.GetScope(k)
-			if err != nil {
-				if err := pc.registerResource(k); err != nil {
-					logger.Error(err, "failed to find resource", "kind", k)
-					continue
-				}
+		match := rule.MatchResources
+		exclude := rule.ExcludeResources

-				namespaced, _ = pc.rm.GetScope(k)
-			}
-
-			// this tracker would help to ensure that even for multiple namespaces, duplicate metric are not generated
-			metricRegisteredTracker := false
-
-			if !namespaced {
-				pc.applyAndReportPerNamespace(policy, k, "", rule, logger.WithValues("kind", k), &metricRegisteredTracker)
-				continue
-			}
-
-			namespaces := pc.getNamespacesForRule(&rule, logger.WithValues("kind", k))
-			for _, ns := range namespaces {
-				// for kind: Policy, consider only the namespace which the policy belongs to.
-				// for kind: ClusterPolicy, consider all the namespaces.
-				if policy.Namespace == ns || policy.Namespace == "" {
-					pc.applyAndReportPerNamespace(policy, k, ns, rule, logger.WithValues("kind", k).WithValues("ns", ns), &metricRegisteredTracker)
-				}
-			}
+		for _, value := range match.Any {
+			pc.processExistingKinds(value.ResourceDescription.Kinds, policy, rule, logger)
 		}
+		for _, value := range match.All {
+			pc.processExistingKinds(value.ResourceDescription.Kinds, policy, rule, logger)
+		}
+		for _, value := range exclude.All {
+			pc.processExistingKinds(value.ResourceDescription.Kinds, policy, rule, logger)
+		}
+		for _, value := range exclude.Any {
+			pc.processExistingKinds(value.ResourceDescription.Kinds, policy, rule, logger)
+		}
+
+		pc.processExistingKinds(match.Kinds, policy, rule, logger)
 	}
 }

@ -239,3 +226,34 @@ func (rm *ResourceManager) GetScope(kind string) (bool, error) {
 func buildKey(policy, pv, kind, ns, name, rv string) string {
 	return policy + "/" + pv + "/" + kind + "/" + ns + "/" + name + "/" + rv
 }
+
+func (pc *PolicyController) processExistingKinds(kind []string, policy *kyverno.ClusterPolicy, rule kyverno.Rule, logger logr.Logger) {
+
+	for _, k := range kind {
+		logger = logger.WithValues("rule", rule.Name, "kind", k)
+		namespaced, err := pc.rm.GetScope(k)
+		if err != nil {
+			if err := pc.registerResource(k); err != nil {
+				logger.Error(err, "failed to find resource", "kind", k)
+				continue
+			}
+			namespaced, _ = pc.rm.GetScope(k)
+		}
+
+		// this tracker would help to ensure that even for multiple namespaces, duplicate metric are not generated
+		metricRegisteredTracker := false
+
+		if !namespaced {
+			pc.applyAndReportPerNamespace(policy, k, "", rule, logger.WithValues("kind", k), &metricRegisteredTracker)
+			continue
+		}
+		namespaces := pc.getNamespacesForRule(&rule, logger.WithValues("kind", k))
+		for _, ns := range namespaces {
+			// for kind: Policy, consider only the namespace which the policy belongs to.
+			// for kind: ClusterPolicy, consider all the namespaces.
+			if policy.Namespace == ns || policy.Namespace == "" {
+				pc.applyAndReportPerNamespace(policy, k, ns, rule, logger.WithValues("kind", k).WithValues("ns", ns), &metricRegisteredTracker)
+			}
+		}
+	}
+}