From 5be2cea536e01df339211c0d18a604110766a091 Mon Sep 17 00:00:00 2001
From: Shuting Zhao <shutting06@gmail.com>
Date: Tue, 12 Nov 2019 13:32:30 -0800
Subject: [PATCH] create namespace pv when validate policy fails

---
 main.go                                                    | 3 +--
 pkg/namespace/report.go                                    | 2 +-
 pkg/policy/cleanup.go                                      | 4 ++--
 .../helpers.go => policyviolation/clusterpv.go}            | 7 ++++---
 .../controller.go                                          | 2 +-
 pkg/policyviolation/namespacedpv.go                        | 1 -
 6 files changed, 9 insertions(+), 10 deletions(-)
 rename pkg/{clusterpolicyviolation/helpers.go => policyviolation/clusterpv.go} (98%)
 rename pkg/{clusterpolicyviolation => policyviolation}/controller.go (99%)

diff --git a/main.go b/main.go
index c0693828a2..b6508b2515 100644
--- a/main.go
+++ b/main.go
@@ -7,7 +7,6 @@ import (
 	"github.com/golang/glog"
 	kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
 	kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions"
-	clusterpv "github.com/nirmata/kyverno/pkg/clusterpolicyviolation"
 	"github.com/nirmata/kyverno/pkg/config"
 	client "github.com/nirmata/kyverno/pkg/dclient"
 	event "github.com/nirmata/kyverno/pkg/event"
@@ -122,7 +121,7 @@ func main() {
 	// POLICY VIOLATION CONTROLLER
 	// policy violation cleanup if the corresponding resource is deleted
 	// status: lastUpdatTime
-	pvc, err := clusterpv.NewPolicyViolationController(client, pclient, pInformer.Kyverno().V1alpha1().ClusterPolicies(), pInformer.Kyverno().V1alpha1().ClusterPolicyViolations())
+	pvc, err := policyviolation.NewPolicyViolationController(client, pclient, pInformer.Kyverno().V1alpha1().ClusterPolicies(), pInformer.Kyverno().V1alpha1().ClusterPolicyViolations())
 	if err != nil {
 		glog.Fatalf("error creating policy violation controller: %v\n", err)
 	}
diff --git a/pkg/namespace/report.go b/pkg/namespace/report.go
index f268f554d5..90975f3791 100644
--- a/pkg/namespace/report.go
+++ b/pkg/namespace/report.go
@@ -7,7 +7,7 @@ import (
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
 	"github.com/nirmata/kyverno/pkg/engine"
 	"github.com/nirmata/kyverno/pkg/event"
-	policyviolation "github.com/nirmata/kyverno/pkg/policyviolation"
+	"github.com/nirmata/kyverno/pkg/policyviolation"
 )
 
 func (nsc *NamespaceController) report(engineResponses []engine.EngineResponse) {
diff --git a/pkg/policy/cleanup.go b/pkg/policy/cleanup.go
index d7ac11bf24..7a445bbad7 100644
--- a/pkg/policy/cleanup.go
+++ b/pkg/policy/cleanup.go
@@ -9,7 +9,7 @@ import (
 	kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1alpha1"
 	dclient "github.com/nirmata/kyverno/pkg/dclient"
 	"github.com/nirmata/kyverno/pkg/engine"
-	clusterpv "github.com/nirmata/kyverno/pkg/clusterpolicyviolation"
+	"github.com/nirmata/kyverno/pkg/policyviolation"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
 )
@@ -69,7 +69,7 @@ func getPVonOwnerRef(pvLister kyvernolister.ClusterPolicyViolationLister, dclien
 	}
 	// get owners
 	// getOwners returns nil if there is any error
-	owners := clusterpv.GetOwners(dclient, *resource)
+	owners := policyviolation.GetOwners(dclient, *resource)
 	// as we can have multiple top level owners to a resource
 	// check if pv exists on each one
 	// does not check for cycles
diff --git a/pkg/clusterpolicyviolation/helpers.go b/pkg/policyviolation/clusterpv.go
similarity index 98%
rename from pkg/clusterpolicyviolation/helpers.go
rename to pkg/policyviolation/clusterpv.go
index 946cd54fa4..6d0f79bc17 100644
--- a/pkg/clusterpolicyviolation/helpers.go
+++ b/pkg/policyviolation/clusterpv.go
@@ -1,4 +1,4 @@
-package clusterpolicyviolation
+package policyviolation
 
 import (
 	"fmt"
@@ -80,7 +80,8 @@ func createClusterPV(pvLister kyvernolister.ClusterPolicyViolationLister, client
 		// check if there was a previous policy voilation for policy & resource combination
 		curPv, err := getExistingPolicyViolationIfAny(nil, pvLister, newPv)
 		if err != nil {
-			glog.Error(err)
+			// TODO(shuting): remove
+			// glog.Error(err)
 			continue
 		}
 		if curPv == nil {
@@ -178,7 +179,7 @@ func getExistingPolicyViolationIfAny(pvListerSynced cache.InformerSynced, pvList
 	}
 	//TODO: ideally there should be only one policy violation returned
 	if len(pvs) > 1 {
-		glog.Errorf("more than one policy violation exists  with labels %v", labelMap)
+		glog.V(4).Infof("more than one policy violation exists  with labels %v", labelMap)
 		return nil, fmt.Errorf("more than one policy violation exists  with labels %v", labelMap)
 	}
 
diff --git a/pkg/clusterpolicyviolation/controller.go b/pkg/policyviolation/controller.go
similarity index 99%
rename from pkg/clusterpolicyviolation/controller.go
rename to pkg/policyviolation/controller.go
index 5945a15777..b10062da3d 100644
--- a/pkg/clusterpolicyviolation/controller.go
+++ b/pkg/policyviolation/controller.go
@@ -1,4 +1,4 @@
-package clusterpolicyviolation
+package policyviolation
 
 import (
 	"fmt"
diff --git a/pkg/policyviolation/namespacedpv.go b/pkg/policyviolation/namespacedpv.go
index 2fe07337a1..d24c312ff3 100644
--- a/pkg/policyviolation/namespacedpv.go
+++ b/pkg/policyviolation/namespacedpv.go
@@ -69,7 +69,6 @@ func buildNamespacedPVObj(policy string, resource kyverno.ResourceSpec, fRules [
 			ViolatedRules: fRules,
 		},
 	}
-
 	pv.SetGenerateName("pv-")
 	return pv
 }