The unit tests failed @eddycharly :(

Yeah, will fix it asap.

@realshuting does the changes make sense ?

@realshuting does the changes make sense ?

I'll probably have to defer it to @JimBugwadia , it was added via #6011. Not sure if we do this on purpose?

@JimBugwadia WDYT ?

My use case is to validate all registry.k8s.io/* images, it works but all other images now have a skip result, i expected that those other images are not considered at all because they don't match the image references i'm targeting.

My use case is to validate all registry.k8s.io/* images, it works but all other images now have a skip result, i expected that those other images are not considered at all because they don't match the image references i'm targeting.

Makes sense to me.

all other images now have a skip result

How does this impact users? Does Kyverno return skipped images in the message when an image is blocked?

How does this impact users?

At least this creates a report with a skipped entry in it.
I might be missing something but as long as the image doesn't match why do we continue processing the rule ?

How does this impact users?

At least this creates a report with a skipped entry in it. I might be missing something but as long as the image doesn't match why do we continue processing the rule ?

I agree, there seems no need to have these skipped results in the report. I thought skip is only used when the precondition doesn't match.

Codecov Report

Merging #6733 (23aec16) into main (eaaa8a0) will decrease coverage by 0.03%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main    #6733      +/-   ##
==========================================
- Coverage   34.36%   34.33%   -0.03%     
==========================================
  Files         215      215              
  Lines       21034    21025       -9     
==========================================
- Hits         7228     7219       -9     
  Misses      13109    13109              
  Partials      697      697              

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

The intent of Skip was to indicate that a rule matches but was not applied due to some other filter, like preconditions or image patterns.

What is the proposed behavior for Skip? Seems like the same argument for removing it for image matches can be applied to preconditions.

But in this case we have no way to target specific image patterns ? It's going to generate a lot of skip events.
Given that we can't match/exclude on image patterns, how can we make things better ?

Yes, that's true.

We can remove this, as I don't see much value in reporting Skip other than perhaps troubleshooting policies, which is not the intent of the report.

FWIW I agree here with the decision to not score non-matching images as a Skip result.