-
Notifications
You must be signed in to change notification settings - Fork 784
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#644 - Policy Rule Exclude conditions should be processed as a logical AND instead of a logical OR #662
#644 - Policy Rule Exclude conditions should be processed as a logical AND instead of a logical OR #662
Conversation
Since i am unclear on why these changes are required, i would like these changes to be reviewed before i test them .etc. |
This reverts commit 4021453.
…d alot of deadcode to make changes
@shravanshetty1 here is the reason for doing this change request: From https://github.com/nirmata/kyverno/issues/634 If a rule has this exclude block:
the user expectation is that the Does that help clarify the intent? |
@JimBugwadia Yes this does clarify the intent will update the PR by EOD |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The intent is to combine the resource kind and user info checks into a single logical AND check. We still need both checks.
The error reporting should indicate the precise conditions that fail.
We can extract these checks into a separate method.
@JimBugwadia Requested changes have been made |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@shravanshetty1
Curious to know the reason behind using goroutines to do checks?
- As most of the checks inside the goroutines are small and fast( wondering if we will spend time just managing the goroutines for tasks like looping over a list of slices). Routines are helpful to process tasks in async but, if the tasks are really small it might be faster to process them sequentially in a single goroutine(could be an overkill, but this is a theoretical observation).
- The error is captured using a channel and each goroutine can finish at different times, so the order of messages might be different. And we also assign indices after receiving errors, so the order of messages would matter. The generated messages are being used internally, so shouldnt be a major issue. But if we do plan to use the output to the unit tests(we do not check for error text returned), then we would expect the errors to be consistent order.
- Suggestion, the channel used in each goroutine is open(i.e. send & receive), will be a good design to pass the "sending only" channel if we are just adding error values to it.
@shivdudhani suggested changes have been made |
Fix #644. |
No description provided.