added ns labels in validate audit

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
kyverno · Feb 3, 2021 · 880448c · 880448c
1 parent c60ef5a
commit 880448c
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 4 deletions.
diff --git a/pkg/webhooks/server.go b/pkg/webhooks/server.go
@@ -16,6 +16,7 @@ import (
 	kyvernoclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
 	kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
 	kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
+	"github.com/kyverno/kyverno/pkg/common"
 	"github.com/kyverno/kyverno/pkg/config"
 	client "github.com/kyverno/kyverno/pkg/dclient"
 	context2 "github.com/kyverno/kyverno/pkg/engine/context"
@@ -468,7 +469,8 @@ func (ws *WebhookServer) resourceValidation(request *v1beta1.AdmissionRequest) *
 		logger.Error(err, "failed to load service account in context")
 	}
 
-	ok, msg := HandleValidation(request, policies, nil, ctx, userRequestInfo, ws.statusListener, ws.eventGen, ws.prGenerator, ws.log, ws.configHandler, ws.resCache, ws.client)
+	namespaceLabels := common.GetNamespaceSelectors(request.Kind.Kind, request.Namespace, ws.nsLister, logger)
+	ok, msg := HandleValidation(request, policies, nil, ctx, userRequestInfo, ws.statusListener, ws.eventGen, ws.prGenerator, ws.log, ws.configHandler, ws.resCache, ws.client, namespaceLabels)
 	if !ok {
 		logger.Info("admission request denied")
 		return &v1beta1.AdmissionResponse{

diff --git a/pkg/webhooks/validate_audit.go b/pkg/webhooks/validate_audit.go
@@ -4,6 +4,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/kyverno/kyverno/pkg/common"
 	client "github.com/kyverno/kyverno/pkg/dclient"
 
 	"github.com/go-logr/logr"
@@ -183,7 +184,8 @@ func (h *auditHandler) process(request *v1beta1.AdmissionRequest) error {
 		return errors.Wrap(err, "failed to load service account in context")
 	}
 
-	HandleValidation(request, policies, nil, ctx, userRequestInfo, h.statusListener, h.eventGen, h.prGenerator, logger, h.configHandler, h.resCache, h.client)
+	namespaceLabels := common.GetNamespaceSelectors(request.Kind.Kind, request.Namespace, h.nsLister, logger)
+	HandleValidation(request, policies, nil, ctx, userRequestInfo, h.statusListener, h.eventGen, h.prGenerator, logger, h.configHandler, h.resCache, h.client, namespaceLabels)
 	return nil
 }
 

diff --git a/pkg/webhooks/validation.go b/pkg/webhooks/validation.go
@@ -1,11 +1,12 @@
 package webhooks
 
 import (
-	client "github.com/kyverno/kyverno/pkg/dclient"
 	"reflect"
 	"sort"
 	"time"
 
+	client "github.com/kyverno/kyverno/pkg/dclient"
+
 	"github.com/go-logr/logr"
 	kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
 	v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
@@ -38,7 +39,8 @@ func HandleValidation(
 	log logr.Logger,
 	dynamicConfig config.Interface,
 	resCache resourcecache.ResourceCache,
-	client *client.Client) (bool, string) {
+	client *client.Client,
+	namespaceLabels map[string]string) (bool, string) {
 
 	if len(policies) == 0 {
 		return true, ""