mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity
kyverno/pkg/engine/exceptions.go
Mariam Fahmy c0e0cea9f4
feat: compute policy exceptions as a part of the rule execution (#8713) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2023-11-13 15:43:25 +00:00

35 lines
951 B
Go
Raw Blame History

package engine
import (
"fmt"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
)
// GetPolicyExceptions get all exceptions that match both the policy and the rule.
func (e *engine) GetPolicyExceptions(
policy kyvernov1.PolicyInterface,
rule string,
) ([]kyvernov2beta1.PolicyException, error) {
var exceptions []kyvernov2beta1.PolicyException
if e.exceptionSelector == nil {
return exceptions, nil
}
polexs, err := e.exceptionSelector.List(labels.Everything())
if err != nil {
return exceptions, err
}
policyName, err := cache.MetaNamespaceKeyFunc(policy)
if err != nil {
return exceptions, fmt.Errorf("failed to compute policy key: %w", err)
}
for _, polex := range polexs {
if polex.Contains(policyName, rule) {
exceptions = append(exceptions, *polex)
}
}
return exceptions, nil
}
View git blame Copy permalink