fix: missing watchers in resource report controller (#4967)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-03-28 02:18:15 +00:00 · 2022-10-14 15:55:50 +02:00 · 2022-10-14 15:55:50 +02:00 · e749907302
commit e749907302
parent 29a26e54f7
5 changed files with 11 additions and 10 deletions
--- a/pkg/controllers/report/background/controller.go
+++ b/pkg/controllers/report/background/controller.go
@ -203,7 +203,7 @@ func (c *controller) updateReport(ctx context.Context, meta metav1.Object, gvk s
 		policies = append(policies, pols...)
 	}
 	// 	load background policies
-	backgroundPolicies := utils.RemoveNonBackgroundPolicies(logger, policies...)
+	backgroundPolicies := utils.RemoveNonValidationPolicies(logger, policies...)
 	if err != nil {
 		return err
 	}
--- a/pkg/controllers/report/resource/controller.go
+++ b/pkg/controllers/report/resource/controller.go
@ -125,7 +125,7 @@ func (c *controller) updateDynamicWatchers(ctx context.Context) error {
 	if err != nil {
 		return err
 	}
-	kinds := utils.BuildKindSet(logger, utils.RemoveNonBackgroundPolicies(logger, append(clusterPolicies, policies...)...)...)
+	kinds := utils.BuildKindSet(logger, utils.RemoveNonValidationPolicies(logger, append(clusterPolicies, policies...)...)...)
 	gvrs := map[string]schema.GroupVersionResource{}
 	for _, kind := range kinds.List() {
 		apiVersion, kind := kubeutils.GetKindFromGVK(kind)
--- a/pkg/controllers/report/utils/utils.go
+++ b/pkg/controllers/report/utils/utils.go
@ -30,12 +30,13 @@ func BuildKindSet(logger logr.Logger, policies ...kyvernov1.PolicyInterface) set
 	return kinds
 }

-func RemoveNonBackgroundPolicies(logger logr.Logger, policies ...kyvernov1.PolicyInterface) []kyvernov1.PolicyInterface {
-	var backgroundPolicies []kyvernov1.PolicyInterface
+func RemoveNonValidationPolicies(logger logr.Logger, policies ...kyvernov1.PolicyInterface) []kyvernov1.PolicyInterface {
+	var validationPolicies []kyvernov1.PolicyInterface
 	for _, pol := range policies {
-		if CanBackgroundProcess(logger, pol) {
-			backgroundPolicies = append(backgroundPolicies, pol)
+		spec := pol.GetSpec()
+		if spec.HasVerifyImages() || spec.HasValidate() || spec.HasYAMLSignatureVerify() {
+			validationPolicies = append(validationPolicies, pol)
 		}
 	}
-	return backgroundPolicies
+	return validationPolicies
 }
--- a/pkg/utils/report/labels.go
+++ b/pkg/utils/report/labels.go
@ -64,7 +64,7 @@ func SetManagedByKyvernoLabel(obj metav1.Object) {
 	controllerutils.SetLabel(obj, kyvernov1.LabelAppManagedBy, kyvernov1.ValueKyvernoApp)
 }

-func SetResourceLabels(report kyvernov1alpha2.ReportInterface, namespace, name string, uid types.UID) {
+func SetResourceLabels(report kyvernov1alpha2.ReportInterface, uid types.UID) {
 	controllerutils.SetLabel(report, LabelResourceUid, string(uid))
 }

--- a/pkg/utils/report/new.go
+++ b/pkg/utils/report/new.go
@ -43,7 +43,7 @@ func NewAdmissionReport(resource unstructured.Unstructured, request *admissionv1
 	}
 	report.SetName(name)
 	report.SetNamespace(namespace)
-	SetResourceLabels(report, namespace, owner, uid)
+	SetResourceLabels(report, uid)
 	SetResourceVersionLabels(report, &resource)
 	SetResponses(report, responses...)
 	SetManagedByKyvernoLabel(report)
@ -60,7 +60,7 @@ func NewBackgroundScanReport(namespace, name string, gvk schema.GroupVersionKind
 	report.SetName(name)
 	report.SetNamespace(namespace)
 	controllerutils.SetOwner(report, gvk.GroupVersion().String(), gvk.Kind, owner, uid)
-	SetResourceLabels(report, namespace, owner, uid)
+	SetResourceLabels(report, uid)
 	SetManagedByKyvernoLabel(report)
 	return report
 }