Merge branch 'master' into 253_ValidationInMutationFlag_v3

pkg/client/listers/kyverno/v1/expansion_generated.go

@@ -53,6 +53,9 @@ type PolicyViolationNamespaceListerExpansion interface{}
 // as the lister is specific to a gvk we can harcode the values here
 func (pvl *clusterPolicyViolationLister) ListResources(selector labels.Selector) (ret []*kyvernov1.ClusterPolicyViolation, err error) {
 	policyviolations, err := pvl.List(selector)
+	if err != nil {
+		return nil, err
+	}
 	for index := range policyviolations {
 		policyviolations[index].SetGroupVersionKind(kyvernov1.SchemeGroupVersion.WithKind("ClusterPolicyViolation"))
 	}

pkg/config/config.go

@@ -72,9 +72,19 @@ var (
 
 //LogDefaults sets default glog flags
 func LogDefaultFlags() {
-	flag.Set("logtostderr", "true")
+	var err error
-	flag.Set("stderrthreshold", "WARNING")
+	err = flag.Set("logtostderr", "true")
+	if err != nil {
+		glog.Fatalf("failed to set flag 'logtostderr' to 'true':%v", err)
+	}
+	err = flag.Set("stderrthreshold", "WARNING")
+	if err != nil {
+		glog.Fatalf("failed to set flag 'stderrthreshold' to 'WARNING':%v", err)
+	}
 	flag.Set("v", "2")
+	if err != nil {
+		glog.Fatalf("failed to set flag 'v' to '2':%v", err)
+	}
 }
 
 //CreateClientConfig creates client config

pkg/config/dynamicconfig.go

@@ -19,7 +19,6 @@ import (
 // read the conifgMap with name in env:INIT_CONFIG
 // this configmap stores the resources that are to be filtered
 const cmNameEnv string = "INIT_CONFIG"
-const cmDataField string = "resourceFilters"
 
 type ConfigData struct {
 	client kubernetes.Interface

pkg/dclient/client.go

@@ -29,7 +29,6 @@ import (
 //Client enables interaction with k8 resource
 type Client struct {
 	client          dynamic.Interface
-	cachedClient    discovery.CachedDiscoveryInterface
 	clientConfig    *rest.Config
 	kclient         kubernetes.Interface
 	DiscoveryClient IDiscovery

pkg/engine/context/context_test.go

@@ -9,6 +9,7 @@ import (
 )
 
 func Test_addResourceAndUserContext(t *testing.T) {
+	var err error
 	rawResource := []byte(`
 	{
 		"apiVersion": "v1",
@@ -54,7 +55,10 @@ func Test_addResourceAndUserContext(t *testing.T) {
 
 	var expectedResult string
 	ctx := NewContext()
-	ctx.AddResource(rawResource)
+	err = ctx.AddResource(rawResource)
+	if err != nil {
+		t.Error(err)
+	}
 	result, err := ctx.Query("request.object.apiVersion")
 	if err != nil {
 		t.Error(err)
@@ -65,7 +69,10 @@ func Test_addResourceAndUserContext(t *testing.T) {
 		t.Error("exected result does not match")
 	}
 
-	ctx.AddUserInfo(userRequestInfo)
+	err = ctx.AddUserInfo(userRequestInfo)
+	if err != nil {
+		t.Error(err)
+	}
 	result, err = ctx.Query("request.object.apiVersion")
 	if err != nil {
 		t.Error(err)
@@ -86,7 +93,10 @@ func Test_addResourceAndUserContext(t *testing.T) {
 		t.Error("exected result does not match")
 	}
 	// Add service account Name
-	ctx.AddSA(userRequestInfo.AdmissionUserInfo.Username)
+	err = ctx.AddSA(userRequestInfo.AdmissionUserInfo.Username)
+	if err != nil {
+		t.Error(err)
+	}
 	result, err = ctx.Query("serviceAccountName")
 	if err != nil {
 		t.Error(err)

pkg/engine/mutate/patches_test.go

@@ -174,10 +174,6 @@ func assertEqDataImpl(t *testing.T, expected, actual []byte, formatModifier stri
 	}
 }
 
-func assertEqData(t *testing.T, expected, actual []byte) {
-	assertEqDataImpl(t, expected, actual, "%x")
-}
-
 func assertEqStringAndData(t *testing.T, str string, data []byte) {
 	assertEqDataImpl(t, []byte(str), data, "%s")
 }

pkg/engine/operator/operator.go

@@ -18,7 +18,6 @@ const (
 	Less Operator = "<"
 )
 
-const relativePrefix Operator = "./"
 const ReferenceSign Operator = "$()"
 
 // getOperatorFromStringPattern parses opeartor from pattern

pkg/engine/policy/validate_test.go

@@ -500,7 +500,6 @@ func Test_Validate_ExistingAnchor_Valid(t *testing.T) {
 	if _, err := validateValidation(validation); err != nil {
 		assert.Assert(t, err != nil)
 	}
-	rawValidation = nil
 	rawValidation = []byte(`
 	{
 		"message": "validate container security contexts",
@@ -567,7 +566,6 @@ func Test_Validate_Validate_ValidAnchor(t *testing.T) {
 	}
 
 	// case 2
-	rawValidate = nil
 	validate = kyverno.Validation{}
 	rawValidate = []byte(`
 	{

pkg/engine/utils.go

@@ -10,7 +10,6 @@ import (
 	"github.com/minio/minio/pkg/wildcard"
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
 	"github.com/nirmata/kyverno/pkg/engine/context"
-	"github.com/nirmata/kyverno/pkg/engine/operator"
 	"github.com/nirmata/kyverno/pkg/engine/response"
 	"github.com/nirmata/kyverno/pkg/engine/variables"
 	"github.com/nirmata/kyverno/pkg/utils"
@@ -219,19 +218,6 @@ func findKind(kinds []string, kindGVK string) bool {
 	return false
 }
 
-func isStringIsReference(str string) bool {
-	if len(str) < len(operator.ReferenceSign) {
-		return false
-	}
-
-	return str[0] == '$' && str[1] == '(' && str[len(str)-1] == ')'
-}
-
-type resourceInfo struct {
-	Resource unstructured.Unstructured
-	Gvk      *metav1.GroupVersionKind
-}
-
 // validateGeneralRuleInfoVariables validate variable subtition defined in
 // - MatchResources
 // - ExcludeResources

pkg/engine/utils/utils_test.go

@@ -1,9 +1,9 @@
 package utils
 
-import(
+import (
-	"testing"
 	"encoding/json"
 	"gotest.tools/assert"
+	"testing"
 )
 
 func TestGetAnchorsFromMap_ThereAreNoAnchors(t *testing.T) {
@@ -19,8 +19,10 @@ func TestGetAnchorsFromMap_ThereAreNoAnchors(t *testing.T) {
 	}`)
 
 	var unmarshalled map[string]interface{}
-	json.Unmarshal(rawMap, &unmarshalled)
+	err := json.Unmarshal(rawMap, &unmarshalled)
-
+	if err != nil {
+		t.Error(err)
+	}
 	actualMap := GetAnchorsFromMap(unmarshalled)
 	assert.Assert(t, len(actualMap) == 0)
 }

pkg/engine/utils_test.go

@@ -488,9 +488,19 @@ func Test_validateGeneralRuleInfoVariables(t *testing.T) {
 	assert.NilError(t, json.Unmarshal(policyRaw, &policy))
 
 	ctx := context.NewContext()
-	ctx.AddResource(rawResource)
+	var err error
-	ctx.AddUserInfo(userReqInfo)
+	err = ctx.AddResource(rawResource)
-	ctx.AddSA("system:serviceaccount:test:testuser")
+	if err != nil {
+		t.Error(err)
+	}
+	err = ctx.AddUserInfo(userReqInfo)
+	if err != nil {
+		t.Error(err)
+	}
+	err = ctx.AddSA("system:serviceaccount:test:testuser")
+	if err != nil {
+		t.Error(err)
+	}
 
 	expectPaths := []string{"request.userInfo.username1", "request.object.namespace", ""}
 

pkg/engine/validate/common.go

@@ -3,8 +3,6 @@ package validate
 import (
 	"fmt"
 	"strconv"
-
-	"github.com/nirmata/kyverno/pkg/engine/operator"
 )
 
 type ValidationFailureReason int
@@ -14,36 +12,6 @@ const (
 	Rulefailure
 )
 
-func isStringIsReference(str string) bool {
-	if len(str) < len(operator.ReferenceSign) {
-		return false
-	}
-
-	return str[0] == '$' && str[1] == '(' && str[len(str)-1] == ')'
-}
-
-// convertToFloat converts string and any other value to float64
-func convertToFloat(value interface{}) (float64, error) {
-	switch typed := value.(type) {
-	case string:
-		var err error
-		floatValue, err := strconv.ParseFloat(typed, 64)
-		if err != nil {
-			return 0, err
-		}
-
-		return floatValue, nil
-	case float64:
-		return typed, nil
-	case int64:
-		return float64(typed), nil
-	case int:
-		return float64(typed), nil
-	default:
-		return 0, fmt.Errorf("Could not convert %T to float64", value)
-	}
-}
-
 // convertToString converts value to string
 func convertToString(value interface{}) (string, error) {
 	switch typed := value.(type) {

pkg/engine/validate/validate.go

@@ -274,3 +274,11 @@ func validateArrayOfMaps(resourceMapArray []interface{}, patternMap map[string]i
 	}
 	return "", nil
 }
+
+func isStringIsReference(str string) bool {
+	if len(str) < len(operator.ReferenceSign) {
+		return false
+	}
+
+	return str[0] == '$' && str[1] == '(' && str[len(str)-1] == ')'
+}

pkg/engine/variables/evaluate_test.go

@@ -299,12 +299,20 @@ func Test_Eval_NoEqual_Const_float64_Fail(t *testing.T) {
 
 func Test_Eval_Equal_Const_object_Pass(t *testing.T) {
 	ctx := context.NewContext()
+	var err error
 
 	obj1Raw := []byte(`{ "dir": { "file1": "a" } }`)
 	obj2Raw := []byte(`{ "dir": { "file1": "a" } }`)
 	var obj1, obj2 interface{}
-	json.Unmarshal(obj1Raw, &obj1)
+	err = json.Unmarshal(obj1Raw, &obj1)
-	json.Unmarshal(obj2Raw, &obj2)
+	if err != nil {
+		t.Error(err)
+	}
+	err = json.Unmarshal(obj2Raw, &obj2)
+	if err != nil {
+		t.Error(err)
+	}
+
 	// no variables
 	condition := kyverno.Condition{
 		Key:      obj1,
@@ -319,12 +327,20 @@ func Test_Eval_Equal_Const_object_Pass(t *testing.T) {
 
 func Test_Eval_Equal_Const_object_Fail(t *testing.T) {
 	ctx := context.NewContext()
-
+	var err error
 	obj1Raw := []byte(`{ "dir": { "file1": "a" } }`)
 	obj2Raw := []byte(`{ "dir": { "file1": "b" } }`)
 	var obj1, obj2 interface{}
-	json.Unmarshal(obj1Raw, &obj1)
+	err = json.Unmarshal(obj1Raw, &obj1)
-	json.Unmarshal(obj2Raw, &obj2)
+	if err != nil {
+		t.Error(err)
+	}
+
+	err = json.Unmarshal(obj2Raw, &obj2)
+	if err != nil {
+		t.Error(err)
+	}
+
 	// no variables
 	condition := kyverno.Condition{
 		Key:      obj1,
@@ -339,12 +355,20 @@ func Test_Eval_Equal_Const_object_Fail(t *testing.T) {
 
 func Test_Eval_NotEqual_Const_object_Pass(t *testing.T) {
 	ctx := context.NewContext()
-
+	var err error
 	obj1Raw := []byte(`{ "dir": { "file1": "a" } }`)
 	obj2Raw := []byte(`{ "dir": { "file1": "b" } }`)
 	var obj1, obj2 interface{}
-	json.Unmarshal(obj1Raw, &obj1)
+	err = json.Unmarshal(obj1Raw, &obj1)
-	json.Unmarshal(obj2Raw, &obj2)
+	if err != nil {
+		t.Error(err)
+	}
+
+	err = json.Unmarshal(obj2Raw, &obj2)
+	if err != nil {
+		t.Error(err)
+	}
+
 	// no variables
 	condition := kyverno.Condition{
 		Key:      obj1,
@@ -359,12 +383,20 @@ func Test_Eval_NotEqual_Const_object_Pass(t *testing.T) {
 
 func Test_Eval_NotEqual_Const_object_Fail(t *testing.T) {
 	ctx := context.NewContext()
-
+	var err error
 	obj1Raw := []byte(`{ "dir": { "file1": "a" } }`)
 	obj2Raw := []byte(`{ "dir": { "file1": "a" } }`)
 	var obj1, obj2 interface{}
-	json.Unmarshal(obj1Raw, &obj1)
+	err = json.Unmarshal(obj1Raw, &obj1)
-	json.Unmarshal(obj2Raw, &obj2)
+	if err != nil {
+		t.Error(err)
+	}
+
+	err = json.Unmarshal(obj2Raw, &obj2)
+	if err != nil {
+		t.Error(err)
+	}
+
 	// no variables
 	condition := kyverno.Condition{
 		Key:      obj1,
@@ -381,12 +413,20 @@ func Test_Eval_NotEqual_Const_object_Fail(t *testing.T) {
 
 func Test_Eval_Equal_Const_list_Pass(t *testing.T) {
 	ctx := context.NewContext()
-
+	var err error
 	obj1Raw := []byte(`[ { "name": "a", "file": "a" }, { "name": "b", "file": "b" } ]`)
 	obj2Raw := []byte(`[ { "name": "a", "file": "a" }, { "name": "b", "file": "b" } ]`)
 	var obj1, obj2 interface{}
-	json.Unmarshal(obj1Raw, &obj1)
+	err = json.Unmarshal(obj1Raw, &obj1)
-	json.Unmarshal(obj2Raw, &obj2)
+	if err != nil {
+		t.Error(err)
+	}
+
+	err = json.Unmarshal(obj2Raw, &obj2)
+	if err != nil {
+		t.Error(err)
+	}
+
 	// no variables
 	condition := kyverno.Condition{
 		Key:      obj1,
@@ -401,12 +441,18 @@ func Test_Eval_Equal_Const_list_Pass(t *testing.T) {
 
 func Test_Eval_Equal_Const_list_Fail(t *testing.T) {
 	ctx := context.NewContext()
-
+	var err error
 	obj1Raw := []byte(`[ { "name": "a", "file": "a" }, { "name": "b", "file": "b" } ]`)
 	obj2Raw := []byte(`[ { "name": "b", "file": "a" }, { "name": "b", "file": "b" } ]`)
 	var obj1, obj2 interface{}
-	json.Unmarshal(obj1Raw, &obj1)
+	err = json.Unmarshal(obj1Raw, &obj1)
-	json.Unmarshal(obj2Raw, &obj2)
+	if err != nil {
+		t.Error(err)
+	}
+	err = json.Unmarshal(obj2Raw, &obj2)
+	if err != nil {
+		t.Error(err)
+	}
 	// no variables
 	condition := kyverno.Condition{
 		Key:      obj1,
@@ -421,12 +467,18 @@ func Test_Eval_Equal_Const_list_Fail(t *testing.T) {
 
 func Test_Eval_NotEqual_Const_list_Pass(t *testing.T) {
 	ctx := context.NewContext()
-
+	var err error
 	obj1Raw := []byte(`[ { "name": "a", "file": "a" }, { "name": "b", "file": "b" } ]`)
 	obj2Raw := []byte(`[ { "name": "b", "file": "a" }, { "name": "b", "file": "b" } ]`)
 	var obj1, obj2 interface{}
-	json.Unmarshal(obj1Raw, &obj1)
+	err = json.Unmarshal(obj1Raw, &obj1)
-	json.Unmarshal(obj2Raw, &obj2)
+	if err != nil {
+		t.Error(err)
+	}
+	err = json.Unmarshal(obj2Raw, &obj2)
+	if err != nil {
+		t.Error(err)
+	}
 	// no variables
 	condition := kyverno.Condition{
 		Key:      obj1,
@@ -441,12 +493,18 @@ func Test_Eval_NotEqual_Const_list_Pass(t *testing.T) {
 
 func Test_Eval_NotEqual_Const_list_Fail(t *testing.T) {
 	ctx := context.NewContext()
-
+	var err error
 	obj1Raw := []byte(`[ { "name": "a", "file": "a" }, { "name": "b", "file": "b" } ]`)
 	obj2Raw := []byte(`[ { "name": "a", "file": "a" }, { "name": "b", "file": "b" } ]`)
 	var obj1, obj2 interface{}
-	json.Unmarshal(obj1Raw, &obj1)
+	err = json.Unmarshal(obj1Raw, &obj1)
-	json.Unmarshal(obj2Raw, &obj2)
+	if err != nil {
+		t.Error(err)
+	}
+	err = json.Unmarshal(obj2Raw, &obj2)
+	if err != nil {
+		t.Error(err)
+	}
 	// no variables
 	condition := kyverno.Condition{
 		Key:      obj1,
@@ -477,7 +535,10 @@ func Test_Eval_Equal_Var_Pass(t *testing.T) {
 
 	// context
 	ctx := context.NewContext()
-	ctx.AddResource(resourceRaw)
+	err := ctx.AddResource(resourceRaw)
+	if err != nil {
+		t.Error(err)
+	}
 	condition := kyverno.Condition{
 		Key:      "{{request.object.metadata.name}}",
 		Operator: kyverno.Equal,
@@ -505,7 +566,10 @@ func Test_Eval_Equal_Var_Fail(t *testing.T) {
 
 	// context
 	ctx := context.NewContext()
-	ctx.AddResource(resourceRaw)
+	err := ctx.AddResource(resourceRaw)
+	if err != nil {
+		t.Error(err)
+	}
 	condition := kyverno.Condition{
 		Key:      "{{request.object.metadata.name}}",
 		Operator: kyverno.Equal,

pkg/engine/variables/validatevariables.go

@@ -1,6 +1,7 @@
 package variables
 
 import (
+	"fmt"
 	"regexp"
 	"strings"
 
@@ -42,6 +43,7 @@ func extractVariables(pattern interface{}) [][]string {
 	case string:
 		return extractValue(typedPattern)
 	default:
+		fmt.Printf("variable type %T", typedPattern)
 		return nil
 	}
 }

pkg/engine/variables/validatevariables_test.go

@@ -95,10 +95,16 @@ func Test_ValidateVariables_NoVariable(t *testing.T) {
 	assert.NilError(t, json.Unmarshal(patternRaw, &pattern))
 	assert.NilError(t, json.Unmarshal(resourceRaw, &resource))
 
+	var err error
 	ctx := context.NewContext()
-	ctx.AddResource(resourceRaw)
+	err = ctx.AddResource(resourceRaw)
-	ctx.AddUserInfo(userReqInfo)
+	if err != nil {
-
+		t.Error(err)
+	}
+	err = ctx.AddUserInfo(userReqInfo)
+	if err != nil {
+		t.Error(err)
+	}
 	invalidPaths := ValidateVariables(ctx, pattern)
 	assert.Assert(t, len(invalidPaths) == 0)
 }
@@ -152,8 +158,15 @@ func Test_ValidateVariables(t *testing.T) {
 	assert.NilError(t, json.Unmarshal(resourceRaw, &resource))
 
 	ctx := context.NewContext()
-	ctx.AddResource(resourceRaw)
+	var err error
-	ctx.AddUserInfo(userReqInfo)
+	err = ctx.AddResource(resourceRaw)
+	if err != nil {
+		t.Error(err)
+	}
+	err = ctx.AddUserInfo(userReqInfo)
+	if err != nil {
+		t.Error(err)
+	}
 
 	invalidPaths := ValidateVariables(ctx, pattern)
 	assert.Assert(t, len(invalidPaths) > 0)

pkg/event/util.go

@@ -2,8 +2,6 @@ package event
 
 const eventWorkQueueName = "kyverno-events"
 
-const eventWorkerThreadCount = 1
-
 const workQueueRetryLimit = 5
 
 //Info defines the event details

pkg/generate/generate.go

@@ -66,10 +66,21 @@ func (c *Controller) applyGenerate(resource unstructured.Unstructured, gr kyvern
 		glog.V(4).Infof("failed to marshal resource: %v", err)
 		return nil, err
 	}
-
+	err = ctx.AddResource(resourceRaw)
-	ctx.AddResource(resourceRaw)
+	if err != nil {
-	ctx.AddUserInfo(gr.Spec.Context.UserRequestInfo)
+		glog.Infof("Failed to load resource in context: %v", err)
-	ctx.AddSA(gr.Spec.Context.UserRequestInfo.AdmissionUserInfo.Username)
+		return nil, err
+	}
+	err = ctx.AddUserInfo(gr.Spec.Context.UserRequestInfo)
+	if err != nil {
+		glog.Infof("Failed to load userInfo in context: %v", err)
+		return nil, err
+	}
+	err = ctx.AddSA(gr.Spec.Context.UserRequestInfo.AdmissionUserInfo.Username)
+	if err != nil {
+		glog.Infof("Failed to load serviceAccount in context: %v", err)
+		return nil, err
+	}
 
 	policyContext := engine.PolicyContext{
 		NewResource:   resource,

pkg/namespace/controller.go

@@ -173,7 +173,7 @@ func (nsc *NamespaceController) Run(workers int, stopCh <-chan struct{}) {
 		return
 	}
 
-	for i := 0; i < workerCount; i++ {
+	for i := 0; i < workers; i++ {
 		go wait.Until(nsc.worker, time.Second, stopCh)
 	}
 	<-stopCh

pkg/namespace/utils.go

@@ -1,7 +0,0 @@
-package namespace
-
-const (
-	wqNamespace  string = "namespace"
-	workerCount  int    = 1
-	wqRetryLimit int    = 5
-)

pkg/policy/cleanup.go

@@ -8,7 +8,6 @@ import (
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
 	kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
 	"github.com/nirmata/kyverno/pkg/engine/response"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
 )
 
@@ -88,18 +87,3 @@ func getNamespacedPV(nspvLister kyvernolister.PolicyViolationLister, policyName,
 
 	return kyverno.PolicyViolation{}, nil
 }
-
-func converLabelToSelector(labelMap map[string]string) (labels.Selector, error) {
-	ls := &metav1.LabelSelector{}
-	err := metav1.Convert_Map_string_To_string_To_v1_LabelSelector(&labelMap, ls, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	policyViolationSelector, err := metav1.LabelSelectorAsSelector(ls)
-	if err != nil {
-		return nil, fmt.Errorf("invalid label selector: %v", err)
-	}
-
-	return policyViolationSelector, nil
-}

pkg/policy/controller.go

@@ -38,8 +38,6 @@ const (
 	maxRetries = 15
 )
 
-var controllerKind = kyverno.SchemeGroupVersion.WithKind("ClusterPolicy")
-
 // PolicyController is responsible for synchronizing Policy objects stored
 // in the system with the corresponding policy violations
 type PolicyController struct {
@@ -188,7 +186,10 @@ func (pc *PolicyController) updatePolicy(old, cur interface{}) {
 	curP := cur.(*kyverno.ClusterPolicy)
 	// TODO: optimize this : policy meta-store
 	// Update policy-> (remove,add)
-	pc.pMetaStore.UnRegister(*oldP)
+	err := pc.pMetaStore.UnRegister(*oldP)
+	if err != nil {
+		glog.Infof("Failed to unregister policy %s", oldP.Name)
+	}
 	pc.pMetaStore.Register(*curP)
 
 	// Only process policies that are enabled for "background" execution
@@ -230,7 +231,9 @@ func (pc *PolicyController) deletePolicy(obj interface{}) {
 	}
 	glog.V(4).Infof("Deleting Policy %s", p.Name)
 	// Unregister from policy meta-store
-	pc.pMetaStore.UnRegister(*p)
+	if err := pc.pMetaStore.UnRegister(*p); err != nil {
+		glog.Infof("failed to unregister policy %s", p.Name)
+	}
 	// we process policies that are not set of background processing as we need to perform policy violation
 	// cleanup when a policy is deleted.
 	pc.enqueuePolicy(p)

pkg/policy/existing.go

@@ -239,47 +239,6 @@ func mergeresources(a, b map[string]unstructured.Unstructured) {
 		a[k] = v
 	}
 }
-func mergeLabelSectors(include, exclude *metav1.LabelSelector) *metav1.LabelSelector {
-	if exclude == nil {
-		return include
-	}
-	// negate the exclude information
-	// copy the label selector
-	//TODO: support exclude expressions in exclude
-	ls := include.DeepCopy()
-	for k, v := range exclude.MatchLabels {
-		lsreq := metav1.LabelSelectorRequirement{
-			Key:      k,
-			Operator: metav1.LabelSelectorOpNotIn,
-			Values:   []string{v},
-		}
-		ls.MatchExpressions = append(ls.MatchExpressions, lsreq)
-	}
-	return ls
-}
-
-func kindIsExcluded(kind string, list []string) bool {
-	for _, b := range list {
-		if b == kind {
-			return true
-		}
-	}
-	return false
-}
-
-func excludeNamespaces(namespaces, excludeNs []string) []string {
-	if len(excludeNs) == 0 {
-		return namespaces
-	}
-	filteredNamespaces := []string{}
-	for _, n := range namespaces {
-		if utils.ContainsNamepace(excludeNs, n) {
-			continue
-		}
-		filteredNamespaces = append(filteredNamespaces, n)
-	}
-	return filteredNamespaces
-}
 
 func getAllNamespaces(client *client.Client) []string {
 	var namespaces []string

pkg/policy/utils.go

@@ -1,17 +0,0 @@
-package policy
-
-import kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
-
-// reEvaulatePolicy checks if the policy needs to be re-evaulated
-// during re-evaulation we remove all the old policy violations and re-create new ones
-// - Rule count changes
-// - Rule resource description changes
-// - Rule operation changes
-// - Rule name changed
-func reEvaulatePolicy(curP, oldP *kyverno.ClusterPolicy) bool {
-	// count of rules changed
-	if len(curP.Spec.Rules) != len(curP.Spec.Rules) {
-
-	}
-	return true
-}

pkg/policy/webhookregistration.go

@@ -20,9 +20,8 @@ func (pc *PolicyController) removeResourceWebhookConfiguration() error {
 	}
 
 	glog.V(4).Info("no policies with mutating or validating webhook configurations, remove resource webhook configuration if one exists")
-	return pc.resourceWebhookWatcher.RemoveResourceWebhookConfiguration()
 
-	return nil
+	return pc.resourceWebhookWatcher.RemoveResourceWebhookConfiguration()
 }
 
 func (pc *PolicyController) registerResourceWebhookConfiguration() {

pkg/policystore/policystore_test.go

@@ -230,7 +230,10 @@ func Test_Operations(t *testing.T) {
 	}
 
 	// Remove
-	store.UnRegister(policy1)
+	err = store.UnRegister(policy1)
+	if err != nil {
+		t.Error(err)
+	}
 	retPolicies, err = store.LookUp("Pod", "")
 	if err != nil {
 		t.Error(err)

pkg/testrunner/scenario.go

@@ -7,7 +7,6 @@ import (
 	"io/ioutil"
 	"os"
 	ospath "path"
-	"path/filepath"
 	"reflect"
 	"testing"
 
@@ -109,24 +108,6 @@ func loadFile(t *testing.T, path string) ([]byte, error) {
 	return ioutil.ReadFile(path)
 }
 
-//getFiles loads all scneario files in specified folder path
-func getFiles(t *testing.T, folder string) ([]string, error) {
-	t.Logf("loading scneario files for folder %s", folder)
-	files, err := ioutil.ReadDir(folder)
-	if err != nil {
-		glog.Error(err)
-		return nil, err
-	}
-
-	var yamls []string
-	for _, file := range files {
-		if filepath.Ext(file.Name()) == ".yml" || filepath.Ext(file.Name()) == ".yaml" {
-			yamls = append(yamls, ospath.Join(folder, file.Name()))
-		}
-	}
-	return yamls, nil
-}
-
 func runScenario(t *testing.T, s *scenarioT) bool {
 	for _, tc := range s.testCases {
 		runTestCase(t, tc)

pkg/testrunner/utils.go

@@ -9,8 +9,7 @@ import (
 )
 
 const (
-	defaultYamlSeparator = "---"
+	projectPath = "src/github.com/nirmata/kyverno"
-	projectPath          = "src/github.com/nirmata/kyverno"
 )
 
 // LoadFile loads file in byte buffer

pkg/webhookconfig/registration.go

@@ -266,7 +266,9 @@ func (wrc *WebhookRegistrationClient) removeWebhookConfigurations() {
 // TODO: re-work with RemoveResourceMutatingWebhookConfiguration, as the only difference is wg handling
 func (wrc *WebhookRegistrationClient) removeResourceMutatingWebhookConfiguration(wg *sync.WaitGroup) {
 	defer wg.Done()
-	wrc.RemoveResourceMutatingWebhookConfiguration()
+	if err := wrc.RemoveResourceMutatingWebhookConfiguration(); err != nil {
+		glog.Error(err)
+	}
 }
 func (wrc *WebhookRegistrationClient) removeResourceValidatingWebhookConfiguration(wg *sync.WaitGroup) {
 	defer wg.Done()

pkg/webhooks/common.go

@@ -92,19 +92,6 @@ func (i *ArrayFlags) Set(value string) error {
 	return nil
 }
 
-// extract the kinds that the policy rules apply to
-func getApplicableKindsForPolicy(p *kyverno.ClusterPolicy) []string {
-	kinds := []string{}
-	// iterate over the rules an identify all kinds
-	// Matching
-	for _, rule := range p.Spec.Rules {
-		for _, k := range rule.MatchResources.Kinds {
-			kinds = append(kinds, k)
-		}
-	}
-	return kinds
-}
-
 // Policy Reporting Modes
 const (
 	Enforce = "enforce" // blocks the request on failure

pkg/webhooks/policyvalidation.go

@@ -43,12 +43,3 @@ func (ws *WebhookServer) handlePolicyValidation(request *v1beta1.AdmissionReques
 	}
 	return admissionResp
 }
-
-func failResponseWithMsg(msg string) *v1beta1.AdmissionResponse {
-	return &v1beta1.AdmissionResponse{
-		Allowed: false,
-		Result: &metav1.Status{
-			Message: msg,
-		},
-	}
-}