fixing bug to handle two different types of rules (#2954)

* fixing bug for the info variable

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

pkg/kyverno/common/common.go

@@ -750,6 +750,9 @@ func ProcessValidateEngineResponse(policy *v1.ClusterPolicy, validateResponse *r
 	printCount := 0
 	for _, policyRule := range policy.Spec.Rules {
 		ruleFoundInEngineResponse := false
+		if !policyRule.HasValidate() {
+			continue
+		}
 
 		for i, valResponseRule := range validateResponse.PolicyResponse.Rules {
 			if policyRule.Name == valResponseRule.Name {

test/cli/test/mixed/kyverno-test.yaml

@@ -0,0 +1,32 @@
+name: ondemand
+policies:
+  - policy.yaml
+resources:
+  - resource.yaml
+results:
+  - policy: ondemand
+    rule: ondemand-nodeselector
+    resource: nodeselector-with-labels-on-mutation
+    patchedResource: patched-resource.yaml
+    namespace: user-space
+    kind: Pod
+    result: pass
+  - policy: ondemand
+    rule: ondemand-managed_by
+    resource: nodeselector-with-labels-on-mutation
+    namespace: user-space
+    kind: Pod
+    result: pass
+  - policy: ondemand
+    rule: ondemand-nodeselector
+    resource: nodeselector-without-labels-on-mutation
+    patchedResource: patched-resource1.yaml
+    namespace: user-foo
+    kind: Pod
+    result: skip
+  - policy: ondemand
+    rule: ondemand-managed_by
+    resource: nodeselector-without-labels-on-mutation
+    namespace: user-foo
+    kind: Pod
+    result: fail

test/cli/test/mixed/patched-resource.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: open-ondemand
+  name: nodeselector-with-labels-on-mutation
+  namespace: user-space
+spec:
+  containers:
+  - image: nginx:latest
+    name: nginx
+  nodeSelector:
+    osc.edu/role: ondemand

test/cli/test/mixed/patched-resource1.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nodeselector-without-labels-on-mutation
+  labels:
+    app.kubernetes.io/managed-by: "open-xyz"
+  namespace: user-foo
+spec:
+  containers:
+  - name: nginx
+    image: nginx:latest

test/cli/test/mixed/policy.yaml

@@ -0,0 +1,39 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: ondemand
+  annotations:
+    policies.kyverno.io/description: >-
+      This Policy contains two different types of rules that is validate 
+      as well as mutate. The validate rule validate against the mutation or patches added by the mutate rule
+      whereas mutate rule adds label for nodeSelector "osc.edu/role: ondemand".
+spec:
+  rules:
+  - name: ondemand-managed_by
+    match:
+      any:
+      - resources:
+          kinds:
+          - Pod
+          namespaces:
+          - "user-?*"
+    validate:
+      message: "{{ request.object.metadata.namespace }} pods must be managed by open-ondemand"
+      pattern:
+        metadata:
+          labels:
+            app.kubernetes.io/managed-by: "open-ondemand"
+  - name: ondemand-nodeselector
+    match:
+      any:
+      - resources:
+          kinds:
+          - Pod
+          selector:
+            matchLabels:
+              app.kubernetes.io/managed-by: open-ondemand
+    mutate:
+      patchStrategicMerge:
+        spec:
+          nodeSelector:
+            osc.edu/role: ondemand

test/cli/test/mixed/resource.yaml

@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nodeselector-with-labels-on-mutation
+  labels:
+    app.kubernetes.io/managed-by: open-ondemand
+  namespace: user-space
+spec:
+  containers:
+    - name: nginx
+      image: nginx:latest
+
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nodeselector-without-labels-on-mutation
+  labels:
+    app.kubernetes.io/managed-by: "open-xyz"
+  namespace: user-foo
+spec:
+  containers:
+  - name: nginx
+    image: nginx:latest