create namespace pv when validate policy fails

main.go

@@ -7,7 +7,6 @@ import (
 	"github.com/golang/glog"
 	kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
 	kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions"
-	clusterpv "github.com/nirmata/kyverno/pkg/clusterpolicyviolation"
 	"github.com/nirmata/kyverno/pkg/config"
 	client "github.com/nirmata/kyverno/pkg/dclient"
 	event "github.com/nirmata/kyverno/pkg/event"
@@ -122,7 +121,7 @@ func main() {
 	// POLICY VIOLATION CONTROLLER
 	// policy violation cleanup if the corresponding resource is deleted
 	// status: lastUpdatTime
-	pvc, err := clusterpv.NewPolicyViolationController(client, pclient, pInformer.Kyverno().V1alpha1().ClusterPolicies(), pInformer.Kyverno().V1alpha1().ClusterPolicyViolations())
+	pvc, err := policyviolation.NewPolicyViolationController(client, pclient, pInformer.Kyverno().V1alpha1().ClusterPolicies(), pInformer.Kyverno().V1alpha1().ClusterPolicyViolations())
 	if err != nil {
 		glog.Fatalf("error creating policy violation controller: %v\n", err)
 	}

pkg/namespace/report.go

@@ -7,7 +7,7 @@ import (
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
 	"github.com/nirmata/kyverno/pkg/engine"
 	"github.com/nirmata/kyverno/pkg/event"
-	policyviolation "github.com/nirmata/kyverno/pkg/policyviolation"
+	"github.com/nirmata/kyverno/pkg/policyviolation"
 )
 
 func (nsc *NamespaceController) report(engineResponses []engine.EngineResponse) {

pkg/policy/cleanup.go

@@ -9,7 +9,7 @@ import (
 	kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1alpha1"
 	dclient "github.com/nirmata/kyverno/pkg/dclient"
 	"github.com/nirmata/kyverno/pkg/engine"
-	clusterpv "github.com/nirmata/kyverno/pkg/clusterpolicyviolation"
+	"github.com/nirmata/kyverno/pkg/policyviolation"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
 )
@@ -69,7 +69,7 @@ func getPVonOwnerRef(pvLister kyvernolister.ClusterPolicyViolationLister, dclien
 	}
 	// get owners
 	// getOwners returns nil if there is any error
-	owners := clusterpv.GetOwners(dclient, *resource)
+	owners := policyviolation.GetOwners(dclient, *resource)
 	// as we can have multiple top level owners to a resource
 	// check if pv exists on each one
 	// does not check for cycles

pkg/policyviolation/clusterpv.go

@@ -1,4 +1,4 @@
-package clusterpolicyviolation
+package policyviolation
 
 import (
 	"fmt"
@@ -80,7 +80,8 @@ func createClusterPV(pvLister kyvernolister.ClusterPolicyViolationLister, client
 		// check if there was a previous policy voilation for policy & resource combination
 		curPv, err := getExistingPolicyViolationIfAny(nil, pvLister, newPv)
 		if err != nil {
-			glog.Error(err)
+			// TODO(shuting): remove
+			// glog.Error(err)
 			continue
 		}
 		if curPv == nil {
@@ -178,7 +179,7 @@ func getExistingPolicyViolationIfAny(pvListerSynced cache.InformerSynced, pvList
 	}
 	//TODO: ideally there should be only one policy violation returned
 	if len(pvs) > 1 {
-		glog.Errorf("more than one policy violation exists  with labels %v", labelMap)
+		glog.V(4).Infof("more than one policy violation exists  with labels %v", labelMap)
 		return nil, fmt.Errorf("more than one policy violation exists  with labels %v", labelMap)
 	}
 

pkg/policyviolation/controller.go

@@ -1,4 +1,4 @@
-package clusterpolicyviolation
+package policyviolation
 
 import (
 	"fmt"

pkg/policyviolation/namespacedpv.go

@@ -69,7 +69,6 @@ func buildNamespacedPVObj(policy string, resource kyverno.ResourceSpec, fRules [
 			ViolatedRules: fRules,
 		},
 	}
-
 	pv.SetGenerateName("pv-")
 	return pv
 }