fix for gvk not working for existing resources policy (#3384)

pkg/policy/existing.go

@@ -205,7 +205,8 @@ func (pc *PolicyController) processExistingKinds(kind []string, policy *kyverno.
 		logger = logger.WithValues("rule", rule.Name, "kind", k)
 		_, err := pc.rm.GetScope(k)
 		if err != nil {
-			resourceSchema, _, err := pc.client.DiscoveryClient.FindResource("", k)
+			gv, k := common.GetKindFromGVK(k)
+			resourceSchema, _, err := pc.client.DiscoveryClient.FindResource(gv, k)
 			if err != nil {
 				logger.Error(err, "failed to find resource", "kind", k)
 				continue

pkg/policy/validate_test.go

@@ -1606,3 +1606,48 @@ func Test_deny_exec(t *testing.T) {
 	err = Validate(policy, nil, true, openAPIController)
 	assert.NilError(t, err)
 }
+
+func Test_existing_resource_policy(t *testing.T) {
+	var err error
+	rawPolicy := []byte(`{
+		"apiVersion": "kyverno.io/v1",
+		"kind": "ClusterPolicy",
+		"metadata": {
+		  "name": "np-test-1"
+		},
+		"spec": {
+		  "validationFailureAction": "audit",
+		  "rules": [
+			{
+			  "name": "no-LoadBalancer",
+			  "match": {
+				"any": [
+				  {
+					"resources": {
+					  "kinds": [
+						"networking.k8s.io/v1/NetworkPolicy"
+					  ]
+					}
+				  }
+				]
+			  },
+			  "validate": {
+				"message": "np-test",
+				"pattern": {
+				  "metadata": {
+					"name": "?*"
+				  }
+				}
+			  }
+			}
+		  ]
+		}
+	  }`)
+	var policy *kyverno.ClusterPolicy
+	err = json.Unmarshal(rawPolicy, &policy)
+	assert.NilError(t, err)
+
+	openAPIController, _ := openapi.NewOpenAPIController()
+	err = Validate(policy, nil, true, openAPIController)
+	assert.NilError(t, err)
+}