mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

fix: apply exceptions after executing the policy itself (#8544)

Browse source 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
This commit is contained in:
Mariam Fahmy 2023-09-27 17:52:39 +03:00 committed by GitHub
parent 4cabc3ce44
commit eedc993ed9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
pkg/engine/engine.go
View file

@ -255,10 +255,6 @@ func (e *engine) invokeRuleHandler(
} else if handler, err := handlerFactory(); err != nil {
return resource, handlers.WithError(rule, ruleType, "failed to instantiate handler", err)
} else if handler != nil {
// check if there's an exception
if ruleResp := e.hasPolicyExceptions(logger, ruleType, policyContext, rule); ruleResp != nil {
return resource, handlers.WithResponses(ruleResp)
}
policyContext.JSONContext().Checkpoint()
defer func() {
policyContext.JSONContext().Restore()
@ -288,7 +284,16 @@ func (e *engine) invokeRuleHandler(
return resource, handlers.WithSkip(rule, ruleType, s)
}
// process handler
return handler.Process(ctx, logger, policyContext, resource, rule, contextLoader)
resource, ruleResponses := handler.Process(ctx, logger, policyContext, resource, rule, contextLoader)
// check if there's an exception if rule fails.
for _, ruleResp := range ruleResponses {
if ruleResp.Status() == engineapi.RuleStatusFail {
if resp := e.hasPolicyExceptions(logger, ruleType, policyContext, rule); resp != nil {
return resource, handlers.WithResponses(resp)
}
}
}
return resource, ruleResponses
}
return resource, nil
},