From 514a851d2f4bc3a42815e695223ca080e829e15f Mon Sep 17 00:00:00 2001
From: shuting <shutting06@gmail.com>
Date: Sat, 9 Oct 2021 13:31:52 -0700
Subject: [PATCH] fix mutate foreach auto-gen rules (#2507)

Signed-off-by: ShutingZhao <shutting06@gmail.com>
---
 pkg/policymutation/policymutation.go | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/pkg/policymutation/policymutation.go b/pkg/policymutation/policymutation.go
index c28dd52584..5fb2bd6227 100644
--- a/pkg/policymutation/policymutation.go
+++ b/pkg/policymutation/policymutation.go
@@ -726,7 +726,16 @@ func generateRuleForControllers(rule kyverno.Rule, controllers string, log logr.
 
 	if rule.Mutation.ForEachMutation != nil && rule.Mutation.ForEachMutation.PatchStrategicMerge != nil {
 		newForeachMutation := &kyverno.Mutation{
-			ForEachMutation: rule.Mutation.ForEachMutation,
+			ForEachMutation: &kyverno.ForEachMutation{
+				List:             rule.Mutation.ForEachMutation.List,
+				Context:          rule.Mutation.ForEachMutation.Context,
+				AnyAllConditions: rule.Mutation.ForEachMutation.AnyAllConditions,
+				PatchStrategicMerge: map[string]interface{}{
+					"spec": map[string]interface{}{
+						"template": rule.Mutation.ForEachMutation.PatchStrategicMerge,
+					},
+				},
+			},
 		}
 		controllerRule.Mutation = newForeachMutation.DeepCopy()
 		return *controllerRule
@@ -745,15 +754,6 @@ func generateRuleForControllers(rule kyverno.Rule, controllers string, log logr.
 		return *controllerRule
 	}
 
-	if rule.Validation.ForEachValidation != nil && rule.Validation.ForEachValidation.Pattern != nil {
-		newForeachValidate := &kyverno.Validation{
-			Message:           variables.FindAndShiftReferences(log, rule.Validation.Message, "spec/template", "pattern"),
-			ForEachValidation: rule.Validation.ForEachValidation,
-		}
-		controllerRule.Validation = newForeachValidate.DeepCopy()
-		return *controllerRule
-	}
-
 	if rule.Validation.AnyPattern != nil {
 
 		anyPatterns, err := rule.Validation.DeserializeAnyPattern()
@@ -769,15 +769,16 @@ func generateRuleForControllers(rule kyverno.Rule, controllers string, log logr.
 		return *controllerRule
 	}
 
-	if rule.Validation.ForEachValidation != nil && rule.Validation.ForEachValidation.AnyPattern != nil {
-		controllerRule.Validation = &kyverno.Validation{
+	if rule.Validation.ForEachValidation != nil && rule.Validation.ForEachValidation.Pattern != nil {
+		newForeachValidate := &kyverno.Validation{
 			Message:           variables.FindAndShiftReferences(log, rule.Validation.Message, "spec/template", "pattern"),
 			ForEachValidation: rule.Validation.ForEachValidation,
 		}
+		controllerRule.Validation = newForeachValidate.DeepCopy()
 		return *controllerRule
 	}
 
-	if rule.Validation.ForEachValidation != nil && rule.Validation.ForEachValidation.Deny != nil {
+	if rule.Validation.ForEachValidation != nil && rule.Validation.ForEachValidation.AnyPattern != nil {
 		controllerRule.Validation = &kyverno.Validation{
 			Message:           variables.FindAndShiftReferences(log, rule.Validation.Message, "spec/template", "pattern"),
 			ForEachValidation: rule.Validation.ForEachValidation,