Skip to content

excluded skipped reports still show in the interface #1298

New issue
New issue
Open
Open
excluded skipped reports still show in the interface#1298
Labels
CorePolicy Reporter Core ApplicationUIPolicy Reporter UI v2enhancementNew feature or request
@grozan

Description

@grozan
grozan
opened on Dec 4, 2025

Hi,

this is a follow-up to issue #1213 (the display bug reported in that issue is now fixed, thx!)
There are still other places in the UI where those skipped resources still show up, though

Example here: in the foo namespace there are 2 service accounts: default and skip-me
I apply a dummy vpol to skip all SAs that are not called default

apiVersion: policies.kyverno.io/v1alpha1
kind: ValidatingPolicy
metadata:
  name: dummy-skip-non-default-sa
spec:
  validationActions:
    - Audit
  autogen:
    validatingAdmissionPolicy:
     enabled: false
  evaluation:
    background:
      enabled: true
  matchConstraints:
    resourceRules:
      - apiGroups: [""]
        apiVersions: ["v1"]
        resources: ["serviceaccounts"]
        operations: ["CREATE","UPDATE"]
  matchConditions:
    - name: 'skip if non-default'
      expression: object.metadata.name == 'default'
  validations:
    - expression: '0 == 0'
      message: 'always pass'

I get the expected policyreports

$ kubectl get polr -n foo
NAME                                   KIND             NAME      PASS   FAIL   WARN   ERROR   SKIP   AGE
29869038-4922-401b-824c-653d0308a801   ServiceAccount   default   1      0      0      0       0      32m
f31148c7-dffc-4b30-a423-53005f2f88ae   ServiceAccount   skip-me   0      0      0      0       1      32m

As in the other issue I have

  sources:
    - name: KyvernoValidatingPolicy
      type: result
      exceptions: false
      excludes:
        results:
          - error
          - skip

What I expect is to see the default service account in the UI, but NOT the skip-me service account. It's still listed in the global "Other" view

Image

Second place where it still appears: I create a NamespaceCustomBoard for that namespace

apiVersion: ui.policyreporter.kyverno.io/v1alpha1
kind: NamespaceCustomBoard
metadata:
  name: my-namespacecustomboard
  namespace: foo
spec:
  title: foo

and the skip-me service account is also visible in there

Image

Weird thing: I create another namespaceCustomboard, but with the results display option this time

apiVersion: ui.policyreporter.kyverno.io/v1alpha1
kind: NamespaceCustomBoard
metadata:
  name: my-namespacecustomboard-results
  namespace: foo
spec:
  title: foo-results
  display: results

and there I do not see any of the 2 service accounts

Image

Thanks

Metadata

Metadata

Assignees

No one assigned

    Labels

    CorePolicy Reporter Core ApplicationUIPolicy Reporter UI v2enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions