Added condition for resource sync

[NoSkillGirl]

Signed-off-by: NoSkillGirl singhpooja240393@gmail.com

Related issue

closes #2181

What type of PR is this

/kind bug

Proposed Changes

Added logic to update the label and generated resource according to the synchronize flag in generate policy.

Logic:
In case synchronize is true - update the resource label and generated resource according to the data available in generate policy.
In case synchronize is false - update the resource label only if it does not match with the generate policy label and do not update the old generated resource.

Proof Manifests

1. Apply the following policy:

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  annotations:
    policies.kyverno.io/category: Workload Isolation
    policies.kyverno.io/description: To limit the number of objects, as well as the total amount of compute that may be consumed by a single namespace, create a default resource quota for each namespace.
  labels:
    app.kubernetes.io/version: v1.4.1
  name: add-ns-quota
spec:
  background: false
  rules:
    - generate:
        data:
          spec:
            hard:
              limits.cpu: 1600m
              limits.memory: 8Gi
              pods: 8
        kind: ResourceQuota
        name: default-resourcequota
        namespace: '{{request.object.metadata.name}}'
        synchronize: false
      match:
        resources:
          kinds:
            - Namespace
      name: generate-resourcequota
      preconditions:
        all:
          - key: '{{request.object.metadata.labels.businessunit}}'
            operator: NotEquals
            value: ""

2. Apply following resource :

apiVersion: v1
kind: Namespace
metadata:
  labels:
    businessunit: supplychain
    dataclassification: nonpci
    env: dev3
    networkzone: internal
  name: supplychainontario-wsigateway-dev3

3. Edit the generated resource:

kubectl edit ResourceQuota -n supplychainontario-wsigateway-dev3 

4. Wait for the next time trigger (approx 15min ) - the resource should not get updated by the kyverno. The changes should be still present in the generated resource.

Checklist

• I have read the contributing guidelines.
• [] I have added tests that prove my fix is effective or that my feature works.
• [] My PR contains new or altered behavior to Kyverno and
  • [] I have added or changed the documentation myself in an existing PR and the link is:
  • [] I have raised an issue in kyverno/website to track the doc update and the link is:
  • [] I have read the PR documentation guide and followed the process including adding proof manifests to this PR.

Further Comments