refactor engine api

pkg/engine/mutation.go

@@ -10,122 +10,7 @@ import (
 )
 
 // Mutate performs mutation. Overlay first and then mutation patches
-
-// func Mutate(policy kyverno.Policy, resource unstructured.Unstructured) (response EngineResponse) {
-// 	// var response EngineResponse
-// 	var allPatches, rulePatches [][]byte
-// 	var err error
-// 	var errs []error
-// 	ris := []info.RuleInfo{}
-// 	startTime := time.Now()
-// 	glog.V(4).Infof("started applying mutation rules of policy %q (%v)", policy.Name, startTime)
-// 	defer func() {
-// 		response.ExecutionTime = time.Since(startTime)
-// 		glog.V(4).Infof("finished applying mutation rules policy %v (%v)", policy.Name, response.ExecutionTime)
-// 		glog.V(4).Infof("Mutation Rules appplied succesfully count %v for policy %q", response.RulesAppliedCount, policy.Name)
-// 	}()
-// 	incrementAppliedRuleCount := func() {
-// 		// rules applied succesfully count
-// 		response.RulesAppliedCount++
-// 	}
-
-// 	patchedDocument, err := resource.MarshalJSON()
-// 	if err != nil {
-// 		glog.Errorf("unable to marshal resource : %v\n", err)
-// 	}
-
-// 	if err != nil {
-// 		glog.V(4).Infof("unable to marshal resource : %v", err)
-// 		response.PatchedResource = resource
-// 		return response
-// 	}
-
-// 	for _, rule := range policy.Spec.Rules {
-// 		if reflect.DeepEqual(rule.Mutation, kyverno.Mutation{}) {
-// 			continue
-// 		}
-
-// 		// check if the resource satisfies the filter conditions defined in the rule
-// 		//TODO: this needs to be extracted, to filter the resource so that we can avoid passing resources that
-// 		// dont statisfy a policy rule resource description
-// 		ok := MatchesResourceDescription(resource, rule)
-// 		if !ok {
-// 			glog.V(4).Infof("resource %s/%s does not satisfy the resource description for the rule ", resource.GetNamespace(), resource.GetName())
-// 			continue
-// 		}
-
-// 		ruleInfo := info.NewRuleInfo(rule.Name, info.Mutation)
-
-// 		// Process Overlay
-// 		if rule.Mutation.Overlay != nil {
-// 			// ruleRespone := processOverlay(rule, res)
-// 			rulePatches, err = processOverlay(rule, patchedDocument)
-// 			if err == nil {
-// 				if len(rulePatches) == 0 {
-// 					// if array elements dont match then we skip(nil patch, no error)
-// 					// or if acnohor is defined and doenst match
-// 					// policy is not applicable
-// 					glog.V(4).Info("overlay does not match, so skipping applying rule")
-// 					continue
-// 				}
-
-// 				ruleInfo.Addf("Rule %s: Overlay succesfully applied.", rule.Name)
-
-// 				// strip slashes from string
-// 				ruleInfo.Patches = rulePatches
-// 				allPatches = append(allPatches, rulePatches...)
-
-// 				glog.V(4).Infof("overlay applied succesfully on resource %s/%s", resource.GetNamespace(), resource.GetName())
-// 			} else {
-// 				glog.V(4).Infof("failed to apply overlay: %v", err)
-// 				ruleInfo.Fail()
-// 				ruleInfo.Addf("failed to apply overlay: %v", err)
-// 			}
-// 			incrementAppliedRuleCount()
-// 		}
-
-// 		// Process Patches
-// 		if len(rule.Mutation.Patches) != 0 {
-// 			rulePatches, errs = processPatches(rule, patchedDocument)
-// 			if len(errs) > 0 {
-// 				ruleInfo.Fail()
-// 				for _, err := range errs {
-// 					glog.V(4).Infof("failed to apply patches: %v", err)
-// 					ruleInfo.Addf("patches application has failed, err %v.", err)
-// 				}
-// 			} else {
-// 				glog.V(4).Infof("patches applied succesfully on resource %s/%s", resource.GetNamespace(), resource.GetName())
-// 				ruleInfo.Addf("Patches succesfully applied.")
-
-// 				ruleInfo.Patches = rulePatches
-// 				allPatches = append(allPatches, rulePatches...)
-// 			}
-// 			incrementAppliedRuleCount()
-// 		}
-
-// 		patchedDocument, err = ApplyPatches(patchedDocument, rulePatches)
-// 		if err != nil {
-// 			glog.Errorf("Failed to apply patches on ruleName=%s, err%v\n:", rule.Name, err)
-// 		}
-
-// 		ris = append(ris, ruleInfo)
-// 	}
-
-// 	patchedResource, err := ConvertToUnstructured(patchedDocument)
-// 	if err != nil {
-// 		glog.Errorf("Failed to convert patched resource to unstructuredtype, err%v\n:", err)
-// 		response.PatchedResource = resource
-// 		return response
-// 	}
-
-// 	response.Patches = allPatches
-// 	response.PatchedResource = *patchedResource
-// 	response.RuleInfos = ris
-// 	return response
-// }
-
-//MutateNew ...
-func MutateNew(policy kyverno.ClusterPolicy, resource unstructured.Unstructured) (response EngineResponseNew) {
+func Mutate(policy kyverno.ClusterPolicy, resource unstructured.Unstructured) (response EngineResponseNew) {
 	startTime := time.Now()
 	// policy information
 	func() {

pkg/engine/validation.go

@@ -14,58 +14,53 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 )
 
-// // Validate handles validating admission request
-// // Checks the target resources for rules defined in the policy
-// func Validate(policy kyverno.Policy, resource unstructured.Unstructured) (response EngineResponse) {
-// 	// var response EngineResponse
-// 	startTime := time.Now()
-// 	glog.V(4).Infof("started applying validation rules of policy %q (%v)", policy.Name, startTime)
-// 	defer func() {
-// 		response.ExecutionTime = time.Since(startTime)
-// 		glog.V(4).Infof("Finished applying validation rules policy %v (%v)", policy.Name, response.ExecutionTime)
-// 		glog.V(4).Infof("Validation Rules appplied succesfully count %v for policy %q", response.RulesAppliedCount, policy.Name)
-// 	}()
-// 	incrementAppliedRuleCount := func() {
-// 		// rules applied succesfully count
-// 		response.RulesAppliedCount++
-// 	}
-// 	resourceRaw, err := resource.MarshalJSON()
-// 	if err != nil {
-// 		glog.V(4).Infof("Skip processing validating rule, unable to marshal resource : %v\n", err)
-// 		response.PatchedResource = resource
-// 		return response
-// 	}
+//Validate applies validation rules from policy on the resource
+func Validate(policy kyverno.ClusterPolicy, resource unstructured.Unstructured) (response EngineResponseNew) {
+	startTime := time.Now()
+	// policy information
+	func() {
+		// set policy information
+		response.PolicyResponse.Policy = policy.Name
+		// resource details
+		response.PolicyResponse.Resource.Name = resource.GetName()
+		response.PolicyResponse.Resource.Namespace = resource.GetNamespace()
+		response.PolicyResponse.Resource.Kind = resource.GetKind()
+		response.PolicyResponse.Resource.APIVersion = resource.GetAPIVersion()
+		response.PolicyResponse.ValidationFailureAction = policy.Spec.ValidationFailureAction
+	}()
 
-// 	var resourceInt interface{}
-// 	if err := json.Unmarshal(resourceRaw, &resourceInt); err != nil {
-// 		glog.V(4).Infof("unable to unmarshal resource : %v\n", err)
-// 		response.PatchedResource = resource
-// 		return response
-// 	}
+	glog.V(4).Infof("started applying validation rules of policy %q (%v)", policy.Name, startTime)
+	defer func() {
+		response.PolicyResponse.ProcessingTime = time.Since(startTime)
+		glog.V(4).Infof("Finished applying validation rules policy %v (%v)", policy.Name, response.PolicyResponse.ProcessingTime)
+		glog.V(4).Infof("Validation Rules appplied succesfully count %v for policy %q", response.PolicyResponse.RulesAppliedCount, policy.Name)
+	}()
+	incrementAppliedRuleCount := func() {
+		// rules applied succesfully count
+		response.PolicyResponse.RulesAppliedCount++
+	}
 
-// 	var ruleInfos []info.RuleInfo
+	for _, rule := range policy.Spec.Rules {
+		if reflect.DeepEqual(rule.Validation, kyverno.Validation{}) {
+			continue
+		}
 
-// 	for _, rule := range policy.Spec.Rules {
-// 		if reflect.DeepEqual(rule.Validation, kyverno.Validation{}) {
-// 			continue
-// 		}
-
-// 		// check if the resource satisfies the filter conditions defined in the rule
-// 		// TODO: this needs to be extracted, to filter the resource so that we can avoid passing resources that
-// 		// dont statisfy a policy rule resource description
-// 		ok := MatchesResourceDescription(resource, rule)
-// 		if !ok {
-// 			glog.V(4).Infof("resource %s/%s does not satisfy the resource description for the rule ", resource.GetNamespace(), resource.GetName())
-// 			continue
-// 		}
-
-// 		// ruleInfo := validatePatterns(resource, rule)
-// 		incrementAppliedRuleCount()
-// 		// ruleInfos = append(ruleInfos, ruleInfo)
-// 	}
-// 	response.RuleInfos = ruleInfos
-// 	return response
-// }
+		// check if the resource satisfies the filter conditions defined in the rule
+		// TODO: this needs to be extracted, to filter the resource so that we can avoid passing resources that
+		// dont statisfy a policy rule resource description
+		ok := MatchesResourceDescription(resource, rule)
+		if !ok {
+			glog.V(4).Infof("resource %s/%s does not satisfy the resource description for the rule ", resource.GetNamespace(), resource.GetName())
+			continue
+		}
+		if rule.Validation.Pattern != nil || rule.Validation.AnyPattern != nil {
+			ruleResponse := validatePatterns(resource, rule)
+			incrementAppliedRuleCount()
+			response.PolicyResponse.Rules = append(response.PolicyResponse.Rules, ruleResponse)
+		}
+	}
+	return response
+}
 
 // validatePatterns validate pattern and anyPattern
 func validatePatterns(resource unstructured.Unstructured, rule kyverno.Rule) (response RuleResponse) {
@@ -340,51 +335,3 @@ func validateArrayOfMaps(resourceMapArray []interface{}, patternMap map[string]i
 	handler := CreateAnchorHandler(anchor, pattern, path)
 	return handler.Handle(resourceMapArray, patternMap, originPattern)
 }
-
-//ValidateNew ...
-func ValidateNew(policy kyverno.ClusterPolicy, resource unstructured.Unstructured) (response EngineResponseNew) {
-	startTime := time.Now()
-	// policy information
-	func() {
-		// set policy information
-		response.PolicyResponse.Policy = policy.Name
-		// resource details
-		response.PolicyResponse.Resource.Name = resource.GetName()
-		response.PolicyResponse.Resource.Namespace = resource.GetNamespace()
-		response.PolicyResponse.Resource.Kind = resource.GetKind()
-		response.PolicyResponse.Resource.APIVersion = resource.GetAPIVersion()
-		response.PolicyResponse.ValidationFailureAction = policy.Spec.ValidationFailureAction
-	}()
-
-	glog.V(4).Infof("started applying validation rules of policy %q (%v)", policy.Name, startTime)
-	defer func() {
-		response.PolicyResponse.ProcessingTime = time.Since(startTime)
-		glog.V(4).Infof("Finished applying validation rules policy %v (%v)", policy.Name, response.PolicyResponse.ProcessingTime)
-		glog.V(4).Infof("Validation Rules appplied succesfully count %v for policy %q", response.PolicyResponse.RulesAppliedCount, policy.Name)
-	}()
-	incrementAppliedRuleCount := func() {
-		// rules applied succesfully count
-		response.PolicyResponse.RulesAppliedCount++
-	}
-
-	for _, rule := range policy.Spec.Rules {
-		if reflect.DeepEqual(rule.Validation, kyverno.Validation{}) {
-			continue
-		}
-
-		// check if the resource satisfies the filter conditions defined in the rule
-		// TODO: this needs to be extracted, to filter the resource so that we can avoid passing resources that
-		// dont statisfy a policy rule resource description
-		ok := MatchesResourceDescription(resource, rule)
-		if !ok {
-			glog.V(4).Infof("resource %s/%s does not satisfy the resource description for the rule ", resource.GetNamespace(), resource.GetName())
-			continue
-		}
-		if rule.Validation.Pattern != nil || rule.Validation.AnyPattern != nil {
-			ruleResponse := validatePatterns(resource, rule)
-			incrementAppliedRuleCount()
-			response.PolicyResponse.Rules = append(response.PolicyResponse.Rules, ruleResponse)
-		}
-	}
-	return response
-}

pkg/engine/validation_test.go

@@ -1571,7 +1571,7 @@ func TestValidate_ServiceTest(t *testing.T) {
 
 	resourceUnstructured, err := ConvertToUnstructured(rawResource)
 	assert.NilError(t, err)
-	er := ValidateNew(policy, *resourceUnstructured)
+	er := Validate(policy, *resourceUnstructured)
 	assert.Assert(t, len(er.PolicyResponse.Rules) == 0)
 }
 
@@ -1668,6 +1668,6 @@ func TestValidate_MapHasFloats(t *testing.T) {
 
 	resourceUnstructured, err := ConvertToUnstructured(rawResource)
 	assert.NilError(t, err)
-	er := ValidateNew(policy, *resourceUnstructured)
+	er := Validate(policy, *resourceUnstructured)
 	assert.Assert(t, len(er.PolicyResponse.Rules) == 0)
 }

pkg/kyverno/apply/apply.go

@@ -105,7 +105,7 @@ func applyPolicyOnRaw(policy *kyverno.ClusterPolicy, rawResource []byte, gvk *me
 	}
 	//TODO check if the kind information is present resource
 	// Process Mutation
-	engineResponse := engine.MutateNew(*policy, *resource)
+	engineResponse := engine.Mutate(*policy, *resource)
 	if !engineResponse.IsSuccesful() {
 		glog.Infof("Failed to apply policy %s on resource %s/%s", policy.Name, rname, rns)
 		for _, r := range engineResponse.PolicyResponse.Rules {
@@ -115,7 +115,7 @@ func applyPolicyOnRaw(policy *kyverno.ClusterPolicy, rawResource []byte, gvk *me
 		glog.Infof("Mutation from policy %s has applied succesfully to %s %s/%s", policy.Name, gvk.Kind, rname, rns)
 
 		// Process Validation
-		engineResponse := engine.ValidateNew(*policy, *resource)
+		engineResponse := engine.Validate(*policy, *resource)
 
 		if !engineResponse.IsSuccesful() {
 			glog.Infof("Failed to apply policy %s on resource %s/%s", policy.Name, rname, rns)

pkg/policy/apply.go

@@ -54,7 +54,7 @@ func applyPolicy(policy kyverno.ClusterPolicy, resource unstructured.Unstructure
 	sendStat(false)
 
 	//VALIDATION
-	engineResponse = engine.ValidateNew(policy, resource)
+	engineResponse = engine.Validate(policy, resource)
 	engineResponses = append(engineResponses, engineResponse)
 	// gather stats
 	gatherStat(policy.Name, engineResponse.PolicyResponse)
@@ -65,7 +65,7 @@ func applyPolicy(policy kyverno.ClusterPolicy, resource unstructured.Unstructure
 	return engineResponses
 }
 func mutation(policy kyverno.ClusterPolicy, resource unstructured.Unstructured, policyStatus PolicyStatusInterface) (engine.EngineResponseNew, error) {
-	engineResponse := engine.MutateNew(policy, resource)
+	engineResponse := engine.Mutate(policy, resource)
 	if !engineResponse.IsSuccesful() {
 		glog.V(4).Infof("mutation had errors reporting them")
 		return engineResponse, nil

pkg/testrunner/scenario.go

@@ -142,7 +142,7 @@ func runTestCase(t *testing.T, tc scaseT) bool {
 
 	var er engine.EngineResponseNew
 	// Mutation
-	er = engine.MutateNew(*policy, *resource)
+	er = engine.Mutate(*policy, *resource)
 	// validate te response
 	t.Log("---Mutation---")
 	validateResource(t, er.PatchedResource, tc.Expected.Mutation.PatchedResource)
@@ -154,7 +154,7 @@ func runTestCase(t *testing.T, tc scaseT) bool {
 	}
 
 	// Validation
-	er = engine.ValidateNew(*policy, *resource)
+	er = engine.Validate(*policy, *resource)
 	// validate the response
 	t.Log("---Validation---")
 	validateResponse(t, er.PolicyResponse, tc.Expected.Validation.PolicyResponse)

pkg/webhooks/mutation.go

@@ -66,7 +66,7 @@ func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest) (bool
 		glog.V(4).Infof("Handling mutation for Kind=%s, Namespace=%s Name=%s UID=%s patchOperation=%s",
 			resource.GetKind(), resource.GetNamespace(), resource.GetName(), request.UID, request.Operation)
 		// TODO: this can be
-		engineResponse := engine.MutateNew(*policy, *resource)
+		engineResponse := engine.Mutate(*policy, *resource)
 		engineResponses = append(engineResponses, engineResponse)
 		// Gather policy application statistics
 		gatherStat(policy.Name, engineResponse.PolicyResponse)

pkg/webhooks/validation.go

@@ -76,7 +76,7 @@ func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest, pat
 
 		// glog.V(4).Infof("Validating resource %s/%s/%s with policy %s with %d rules\n", resource.GetKind(), resource.GetNamespace(), resource.GetName(), policy.ObjectMeta.Name, len(policy.Spec.Rules))
 
-		engineResponse := engine.ValidateNew(*policy, *resource)
+		engineResponse := engine.Validate(*policy, *resource)
 		engineResponses = append(engineResponses, engineResponse)
 		// Gather policy application statistics
 		gatherStat(policy.Name, engineResponse.PolicyResponse)