Merge pull request #157 from MariamFahmy98/cherrypick-11237-2

feat: add dumpPatch flag
nirmata · Oct 3, 2024 · dac9dec · dac9dec
2 parents c96c5ad + c8ec5fe
commit dac9dec
Show file tree

Hide file tree

Showing 8 changed files with 20 additions and 1 deletion.
diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md
@@ -300,6 +300,7 @@ The chart values are organised per component.
 | features.configMapCaching.enabled | bool | `true` | Enables the feature |
 | features.deferredLoading.enabled | bool | `true` | Enables the feature |
 | features.dumpPayload.enabled | bool | `false` | Enables the feature |
+| features.dumpPatches.enabled | bool | `false` | Enables the feature |
 | features.forceFailurePolicyIgnore.enabled | bool | `false` | Enables the feature |
 | features.logging.format | string | `"text"` | Logging format |
 | features.logging.verbosity | int | `2` | Logging verbosity |

diff --git a/charts/kyverno/templates/_helpers.tpl b/charts/kyverno/templates/_helpers.tpl
@@ -34,6 +34,9 @@
 {{- with .dumpPayload -}}
   {{- $flags = append $flags (print "--dumpPayload=" .enabled) -}}
 {{- end -}}
+{{- with .dumpPatches -}}
+  {{- $flags = append $flags (print "--dumpPatches=" .enabled) -}}
+{{- end -}}
 {{- with .forceFailurePolicyIgnore -}}
   {{- $flags = append $flags (print "--forceFailurePolicyIgnore=" .enabled) -}}
 {{- end -}}

diff --git a/charts/kyverno/templates/admission-controller/deployment.yaml b/charts/kyverno/templates/admission-controller/deployment.yaml
@@ -156,6 +156,7 @@ spec:
               "deferredLoading"
               "dumpPayload"
               "forceFailurePolicyIgnore"
+              "dumpPatches"
               "logging"
               "omitEvents"
               "policyExceptions"

diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml
@@ -370,6 +370,9 @@ features:
   dumpPayload:
     # -- Enables the feature
     enabled: false
+  dumpPatches:
+    # -- Enables the feature
+    enabled: false
   forceFailurePolicyIgnore:
     # -- Enables the feature
     enabled: false

diff --git a/cmd/kyverno/main.go b/cmd/kyverno/main.go
@@ -203,6 +203,7 @@ func main() {
 	flagset.DurationVar(&webhookRegistrationTimeout, "webhookRegistrationTimeout", 120*time.Second, "Timeout for webhook registration, e.g., 30s, 1m, 5m.")
 	flagset.Func(toggle.ProtectManagedResourcesFlagName, toggle.ProtectManagedResourcesDescription, toggle.ProtectManagedResources.Parse)
 	flagset.Func(toggle.ForceFailurePolicyIgnoreFlagName, toggle.ForceFailurePolicyIgnoreDescription, toggle.ForceFailurePolicyIgnore.Parse)
+	flagset.Func(toggle.DumpMutatePatchesFlagName, toggle.DumpMutatePatchesDescription, toggle.DumpMutatePatches.Parse)
 	flagset.BoolVar(&admissionReports, "admissionReports", true, "Enable or disable admission reports.")
 	flagset.IntVar(&servicePort, "servicePort", 443, "Port used by the Kyverno Service resource and for webhook configurations.")
 	flagset.StringVar(&backgroundServiceAccountName, "backgroundServiceAccountName", "", "Background service account name.")

diff --git a/config/install-latest-testing.yaml b/config/install-latest-testing.yaml
@@ -32426,6 +32426,7 @@ spec:
             - --enableConfigMapCaching=true
             - --enableDeferredLoading=true
             - --dumpPayload=false
+            - --dumpPatches=false
             - --forceFailurePolicyIgnore=false
             - --loggingFormat=text
             - --v=2

diff --git a/pkg/toggle/toggle.go b/pkg/toggle/toggle.go
@@ -21,12 +21,18 @@ const (
 	EnableDeferredLoadingDescription = "enable deferred loading of context variables"
 	enableDeferredLoadingEnvVar      = "FLAG_ENABLE_DEFERRED_LOADING"
 	defaultEnableDeferredLoading     = true
+	// dump mutate patches
+	DumpMutatePatchesFlagName    = "dumpPatches"
+	DumpMutatePatchesDescription = "Set the flag to 'true', to dump mutate patches."
+	dumpMutatePatchesEnvVar      = "FLAG_DUMP_PATCHES"
+	defaultDumpMutatePatches     = false
 )
 
 var (
 	ProtectManagedResources  = newToggle(defaultProtectManagedResources, protectManagedResourcesEnvVar)
 	ForceFailurePolicyIgnore = newToggle(defaultForceFailurePolicyIgnore, forceFailurePolicyIgnoreEnvVar)
 	EnableDeferredLoading    = newToggle(defaultEnableDeferredLoading, enableDeferredLoadingEnvVar)
+	DumpMutatePatches        = newToggle(defaultDumpMutatePatches, dumpMutatePatchesEnvVar)
 )
 
 type Toggle interface {

diff --git a/pkg/webhooks/resource/mutation/mutation.go b/pkg/webhooks/resource/mutation/mutation.go
@@ -12,6 +12,7 @@ import (
 	"github.com/kyverno/kyverno/pkg/event"
 	"github.com/kyverno/kyverno/pkg/metrics"
 	"github.com/kyverno/kyverno/pkg/openapi"
+	"github.com/kyverno/kyverno/pkg/toggle"
 	"github.com/kyverno/kyverno/pkg/tracing"
 	engineutils "github.com/kyverno/kyverno/pkg/utils/engine"
 	jsonutils "github.com/kyverno/kyverno/pkg/utils/json"
@@ -66,7 +67,9 @@ func (h *mutationHandler) HandleMutation(
 	if err != nil {
 		return nil, nil, err
 	}
-	h.log.V(6).Info("", "generated patches", string(mutatePatches))
+	if toggle.DumpMutatePatches.Enabled() {
+		h.log.V(2).Info("", "generated patches", string(mutatePatches))
+	}
 	return mutatePatches, webhookutils.GetWarningMessages(mutateEngineResponses), nil
 }