result is printed with mutated policy results

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

pkg/kyverno/apply/apply_command.go

@@ -1,6 +1,7 @@
 package apply
 
 import (
+	"encoding/json"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -224,6 +225,15 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool,
 		}
 	}
 
+	for _, policy := range mutatedPolicies {
+		p, err := json.Marshal(policy)
+		if err != nil {
+			return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError("failed to marsal mutated policy", err)
+		}
+		log.Log.V(5).Info("mutated Policy:", string(p))
+
+	}
+
 	resources, err = common.GetResourceAccordingToResourcePath(fs, resourcePaths, cluster, mutatedPolicies, dClient, namespace, policyReport, false, "")
 	if err != nil {
 		fmt.Printf("Error: failed to load resources\nCause: %s\n", err)
@@ -250,13 +260,12 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool,
 
 	if len(mutatedPolicies) > 0 && len(resources) > 0 {
 		if !stdin {
-			fmt.Printf("\napplying %s to %s... \n", msgPolicies, msgResources)
+			fmt.Printf("\nApplying %s to %s... \n(Total number of result count may vary as the policy is mutated by Kyverno. To check the mutated policy please try with log level 5)", msgPolicies, msgResources)
 		}
 	}
 
 	rc = &common.ResultCounts{}
 	validateEngineResponses = make([]*response.EngineResponse, 0)
-	// skippedPolicies = make([]SkippedPolicy, 0)
 	skippedPolicies = make([]string, 0)
 
 	for _, policy := range mutatedPolicies {
@@ -293,7 +302,7 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool,
 				return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError(fmt.Sprintf("policy %s have variables. pass the values for the variables using set/values_file flag", policy.Name), err)
 			}
 
-			validateErs, _, err := common.ApplyPolicyOnResource(policy, resource, mutateLogPath, mutateLogPathIsDir, thisPolicyResourceValues, policyReport, namespaceSelectorMap, stdin, rc)
+			validateErs, err := common.ApplyPolicyOnResource(policy, resource, mutateLogPath, mutateLogPathIsDir, thisPolicyResourceValues, policyReport, namespaceSelectorMap, stdin, rc)
 			if err != nil {
 				return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError(fmt.Errorf("failed to apply policy %v on resource %v", policy.Name, resource.GetName()).Error(), err)
 			}

pkg/kyverno/common/common.go

@@ -514,7 +514,7 @@ func MutatePolices(policies []*v1.ClusterPolicy) ([]*v1.ClusterPolicy, error) {
 
 // ApplyPolicyOnResource - function to apply policy on resource
 func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unstructured,
-	mutateLogPath string, mutateLogPathIsDir bool, variables map[string]string, policyReport bool, namespaceSelectorMap map[string]map[string]string, stdin bool, rc *ResultCounts) (*response.EngineResponse, bool, error) {
+	mutateLogPath string, mutateLogPathIsDir bool, variables map[string]string, policyReport bool, namespaceSelectorMap map[string]map[string]string, stdin bool, rc *ResultCounts) (*response.EngineResponse, error) {
 
 	operationIsDelete := false
 
@@ -522,7 +522,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst
 		operationIsDelete = true
 	}
 
-	responseError := false
+	// responseError := false
 	engineResponses := make([]*response.EngineResponse, 0)
 	namespaceLabels := make(map[string]string)
 
@@ -539,7 +539,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst
 		resourceNamespace := resource.GetNamespace()
 		namespaceLabels = namespaceSelectorMap[resource.GetNamespace()]
 		if resourceNamespace != "default" && len(namespaceLabels) < 1 {
-			return &response.EngineResponse{}, responseError, sanitizederror.NewWithError(fmt.Sprintf("failed to get namesapce labels for resource %s. use --values-file flag to pass the namespace labels", resource.GetName()), nil)
+			return &response.EngineResponse{}, sanitizederror.NewWithError(fmt.Sprintf("failed to get namesapce labels for resource %s. use --values-file flag to pass the namespace labels", resource.GetName()), nil)
 		}
 	}
 
@@ -574,12 +574,12 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst
 		for i, r := range mutateResponse.PolicyResponse.Rules {
 			fmt.Printf("\n%d. %s", i+1, r.Message)
 		}
-		responseError = true
+		// responseError = true
 	} else {
 		if len(mutateResponse.PolicyResponse.Rules) > 0 {
 			yamlEncodedResource, err := yamlv2.Marshal(mutateResponse.PatchedResource.Object)
 			if err != nil {
-				return &response.EngineResponse{}, responseError, sanitizederror.NewWithError("failed to marshal", err)
+				return &response.EngineResponse{}, sanitizederror.NewWithError("failed to marshal", err)
 			}
 
 			if mutateLogPath == "" {
@@ -594,7 +594,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst
 			} else {
 				err := PrintMutatedOutput(mutateLogPath, mutateLogPathIsDir, string(yamlEncodedResource), resource.GetName()+"-mutated")
 				if err != nil {
-					return &response.EngineResponse{}, responseError, sanitizederror.NewWithError("failed to print mutated result", err)
+					return &response.EngineResponse{}, sanitizederror.NewWithError("failed to print mutated result", err)
 				}
 				fmt.Printf("\n\nMutation:\nMutation has been applied successfully. Check the files.")
 			}
@@ -616,9 +616,8 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst
 	if !policyReport {
 		for _, policyRule := range policy.Spec.Rules {
 			ruleFoundInEngineResponse := false
+
 			for i, valResponseRule := range validateResponse.PolicyResponse.Rules {
-				fmt.Println("valResponseRule.Name: ", valResponseRule.Name)
-				fmt.Println("valResponseRule.Success: ", valResponseRule.Success)
 				if policyRule.Name == valResponseRule.Name {
 					ruleFoundInEngineResponse = true
 					if valResponseRule.Success {
@@ -635,21 +634,11 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst
 					continue
 				}
 			}
+
 			if !ruleFoundInEngineResponse {
 				rc.Skip++
 			}
 		}
-
-		// if !validateResponse.IsSuccessful() {
-		// 	fmt.Printf("\npolicy %s -> resource %s failed: \n", policy.Name, resPath)
-		// 	for i, r := range validateResponse.PolicyResponse.Rules {
-		// 		if !r.Success {
-		// 			fmt.Printf("%d. %s: %s \n", i+1, r.Name, r.Message)
-		// 		}
-		// 	}
-
-		// 	responseError = true
-		// }
 	}
 
 	var policyHasGenerate bool
@@ -680,11 +669,11 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst
 				fmt.Printf("%d. %s \b", i+1, r.Message)
 			}
 
-			responseError = true
+			// responseError = true
 		}
 	}
 
-	return validateResponse, responseError, nil
+	return validateResponse, nil
 }
 
 // PrintMutatedOutput - function to print output in provided file or directory

pkg/kyverno/common/common_test.go

@@ -85,7 +85,7 @@ func Test_NamespaceSelector(t *testing.T) {
 	for _, tc := range testcases {
 		policyArray, _ := ut.GetPolicy(tc.policy)
 		resourceArray, _ := GetResource(tc.resource)
-		validateErs, _, _ := ApplyPolicyOnResource(policyArray[0], resourceArray[0], "", false, nil, false, tc.namespaceSelectorMap, false, nil)
+		validateErs, _ := ApplyPolicyOnResource(policyArray[0], resourceArray[0], "", false, nil, false, tc.namespaceSelectorMap, false, nil)
 		assert.Assert(t, tc.success == validateErs.IsSuccessful())
 	}
 }

pkg/kyverno/test/test_command.go

@@ -394,7 +394,7 @@ func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile s
 				return sanitizederror.NewWithError(fmt.Sprintf("policy %s have variables. pass the values for the variables using set/values_file flag", policy.Name), err)
 			}
 
-			validateErs, _, err := common.ApplyPolicyOnResource(policy, resource, "", false, thisPolicyResourceValues, true, namespaceSelectorMap, false, nil)
+			validateErs, err := common.ApplyPolicyOnResource(policy, resource, "", false, thisPolicyResourceValues, true, namespaceSelectorMap, false, nil)
 			if err != nil {
 				return sanitizederror.NewWithError(fmt.Errorf("failed to apply policy %v on resource %v", policy.Name, resource.GetName()).Error(), err)
 			}