Draft: Enable WithIgnoreMutationWebhook

[KalenWessel]

Add WithIgnoreMutationWebhook() to generateDiff function, this way we can have things like kyverno report back failed policy checks.

[zapier-sre-bot]

Mergecat's Review

Click to read mergecats review!

😼 Mergecat review of pkg/checks/diff/diff.go

@@ -206,6 +206,7 @@ func generateDiff(ctx context.Context, request checks.Request, argoSettings *set
 		WithDiffSettings(request.App.Spec.IgnoreDifferences, overrides, ignoreAggregatedRoles, ignoreNormalizerOpts).
 		WithTracking(argoSettings.AppLabelKey, argoSettings.TrackingMethod).
 		WithNoCache().
+		WithIgnoreMutationWebhook(false).
 		Build()
 	if err != nil {
 		telemetry.SetError(span, err, "Build Diff")

Feedback & Suggestions:

1. Security Consideration: The addition of WithIgnoreMutationWebhook(false) suggests that mutation webhooks will not be ignored during the diff process. Ensure that this change is intentional and that the application logic accounts for any side effects or security implications of processing mutation webhooks. Mutation webhooks can alter the state of resources, and ignoring them might have been a deliberate choice to avoid unintended changes.

2. Documentation: Consider adding a comment explaining why WithIgnoreMutationWebhook(false) is being set. This will help future maintainers understand the rationale behind this decision and ensure that the change aligns with the intended behavior of the application.

3. Testing: Ensure that there are adequate tests covering scenarios where mutation webhooks are involved. This will help verify that the new behavior does not introduce any regressions or unexpected behavior.

---

---

Dependency Review

Click to read mergecats review!

No suggestions found