From 86241f13f0abfc63b78b73d62ce682473a916347 Mon Sep 17 00:00:00 2001
From: Rudraksh Pareek <rudraksh@accuknox.com>
Date: Fri, 6 Dec 2024 13:24:55 +0530
Subject: [PATCH] feat: diff host policy before apply

Signed-off-by: Rudraksh Pareek <rudraksh@accuknox.com>
---
 KubeArmor/core/kubeUpdate.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/KubeArmor/core/kubeUpdate.go b/KubeArmor/core/kubeUpdate.go
index a191614b1..87e4dbd45 100644
--- a/KubeArmor/core/kubeUpdate.go
+++ b/KubeArmor/core/kubeUpdate.go
@@ -9,6 +9,7 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"reflect"
 	"sort"
 	"strconv"
 	"strings"
@@ -2271,6 +2272,12 @@ func (dm *KubeArmorDaemon) ParseAndUpdateHostSecurityPolicy(event tp.K8sKubeArmo
 		new := true
 		for idx, policy := range dm.HostSecurityPolicies {
 			if policy.Metadata["policyName"] == secPolicy.Metadata["policyName"] {
+				if reflect.DeepEqual(policy, secPolicy) {
+					kg.Debugf("No updates to policy %s", policy.Metadata["policyName"])
+					dm.HostSecurityPoliciesLock.Unlock()
+					return pb.PolicyStatus_Applied
+				}
+
 				dm.HostSecurityPolicies[idx] = secPolicy
 				event.Type = "MODIFIED"
 				new = false
@@ -2283,6 +2290,12 @@ func (dm *KubeArmorDaemon) ParseAndUpdateHostSecurityPolicy(event tp.K8sKubeArmo
 	} else if event.Type == "MODIFIED" {
 		for idx, policy := range dm.HostSecurityPolicies {
 			if policy.Metadata["policyName"] == secPolicy.Metadata["policyName"] {
+				if reflect.DeepEqual(policy, secPolicy) {
+					kg.Debugf("No updates to policy %s", policy.Metadata["policyName"])
+					dm.HostSecurityPoliciesLock.Unlock()
+					return pb.PolicyStatus_Applied
+				}
+
 				dm.HostSecurityPolicies[idx] = secPolicy
 				break
 			}