mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-29 02:45:06 +00:00
Code Activity

feat: skip applying a VP which is converted to VAP (#12312)

Browse source 
* feat: skip vpol application if it's converted to vap

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: add missing error checks

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
This commit is contained in:
shuting 2025-03-07 16:07:50 +08:00 committed by GitHub
parent 4b4e6cc415
commit d7a37924a9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 16 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
pkg/cel/engine/provider.go
View file

@ -161,6 +161,13 @@ func (r *policyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr
if err != nil { if err != nil {
return ctrl.Result{}, err return ctrl.Result{}, err
} }
if policy.GetStatus().Generated {
r.lock.Lock()
defer r.lock.Unlock()
delete(r.policies, req.NamespacedName.String())
return ctrl.Result{}, nil
}
// get exceptions that match the policy // get exceptions that match the policy
exceptions, err := r.ListExceptions(policy.GetName()) exceptions, err := r.ListExceptions(policy.GetName())
if err != nil { if err != nil {

11
pkg/controllers/validatingadmissionpolicy-generate/controller.go
View file

@ -519,14 +519,21 @@ func (c *controller) updatePolicyStatus(ctx context.Context, policy engineapi.Ge
latest.Status.ValidatingAdmissionPolicy.Generated = generated latest.Status.ValidatingAdmissionPolicy.Generated = generated
latest.Status.ValidatingAdmissionPolicy.Message = msg latest.Status.ValidatingAdmissionPolicy.Message = msg
new, _ := c.kyvernoClient.KyvernoV1().ClusterPolicies().UpdateStatus(ctx, latest, metav1.UpdateOptions{}) new, err := c.kyvernoClient.KyvernoV1().ClusterPolicies().UpdateStatus(ctx, latest, metav1.UpdateOptions{})
if err != nil {
logging.Error(err, "failed to update cluster policy status", cpol.GetName(), "status", new.Status)
}
logging.V(3).Info("updated cluster policy status", "name", cpol.GetName(), "status", new.Status) logging.V(3).Info("updated cluster policy status", "name", cpol.GetName(), "status", new.Status)
} else if vpol := policy.AsValidatingPolicy(); vpol != nil { } else if vpol := policy.AsValidatingPolicy(); vpol != nil {
latest := vpol.DeepCopy() latest := vpol.DeepCopy()
latest.Status.Generated = generated latest.Status.Generated = generated
latest.Status.Message = msg latest.Status.Message = msg
new, _ := c.kyvernoClient.PoliciesV1alpha1().ValidatingPolicies().UpdateStatus(ctx, latest, metav1.UpdateOptions{}) new, err := c.kyvernoClient.PoliciesV1alpha1().ValidatingPolicies().UpdateStatus(ctx, latest, metav1.UpdateOptions{})
if err != nil {
logging.Error(err, "failed to update validating policy status", vpol.GetName(), "status", new.Status)
}
logging.V(3).Info("updated validating policy status", "name", vpol.GetName(), "status", new.Status) logging.V(3).Info("updated validating policy status", "name", vpol.GetName(), "status", new.Status)
} }
} }