update logging, naming, and event retry (#959)

* update logging and naming

* check per policy patch count

go.sum

@@ -34,8 +34,10 @@ github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
+github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
+github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/Shopify/sarama v1.24.1/go.mod h1:fGP8eQ6PugKEI0iUETYYtnP6d1pH/bdDMTel1X5ajsU=
 github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
@@ -122,6 +124,7 @@ github.com/elazarl/go-bindata-assetfs v1.0.0/go.mod h1:v+YaWX3bdea5J/mo8dSETolEo
 github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/elazarl/goproxy v0.0.0-20181003060214-f58a169a71a5/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
+github.com/emicklei/go-restful v2.9.5+incompatible h1:spTtZBk5DYEvbxMVutUuTyh1Ao2r4iyvLdACqsl/Ljk=
 github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/evanphx/json-patch v0.0.0-20190203023257-5858425f7550/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
@@ -136,6 +139,7 @@ github.com/frankban/quicktest v1.4.1/go.mod h1:36zfPVQyHxymz4cH7wlDmVwDrJuljRB60
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 h1:Mn26/9ZMNWSw9C9ERFA1PUxfmGpolnw2v0bKOREu5ew=
 github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32/go.mod h1:GIjDIg/heH5DOkXY3YJ/wNhfHsQHoXGjl8G8amsYQ1I=
 github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
 github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
@@ -160,11 +164,13 @@ github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+
 github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M=
 github.com/go-openapi/jsonpointer v0.18.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M=
 github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
+github.com/go-openapi/jsonpointer v0.19.3 h1:gihV7YNZK1iK6Tgwwsxo2rJbD1GTbdm72325Bq8FI3w=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
 github.com/go-openapi/jsonreference v0.17.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I=
 github.com/go-openapi/jsonreference v0.18.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I=
 github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
+github.com/go-openapi/jsonreference v0.19.3 h1:5cxNfTy0UVC3X8JL5ymxzyoUZmo8iZb+jeTWn7tUa8o=
 github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
 github.com/go-openapi/loads v0.17.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU=
 github.com/go-openapi/loads v0.18.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU=
@@ -178,6 +184,7 @@ github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nA
 github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI=
 github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI=
 github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY=
+github.com/go-openapi/spec v0.19.3 h1:0XRyw8kguri6Yw4SxhsQA/atC88yqrk0+G4YhI2wabc=
 github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
 github.com/go-openapi/strfmt v0.17.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU=
 github.com/go-openapi/strfmt v0.18.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU=
@@ -187,6 +194,7 @@ github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dp
 github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg=
 github.com/go-openapi/swag v0.18.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg=
 github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
+github.com/go-openapi/swag v0.19.5 h1:lTz6Ys4CmqqCQmZPBlbQENR1/GucA2bzYTE12Pw4tFY=
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4=
 github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA=
@@ -392,6 +400,7 @@ github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/gomodule/redigo v2.0.0+incompatible/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/btree v1.0.0 h1:0udJVsspx3VBr5FwtLhQQtuAsVc79tTq0ocGIPAU6qo=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -429,6 +438,7 @@ github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gotestyourself/gotestyourself v2.2.0+incompatible/go.mod h1:zZKM6oeNM8k+FRljX1mnzVYeS8wiGgQyvST1/GafPbY=
+github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
 github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
 github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
@@ -471,6 +481,7 @@ github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJ
 github.com/imdario/mergo v0.3.8 h1:CGgOkSJeqMRmt0D9XLWExdT4m4F1vd3FV3VPt+0VxkQ=
 github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/inconshreveable/go-update v0.0.0-20160112193335-8152e7eb6ccf/go.mod h1:hyb9oH7vZsitZCiBt0ZvifOrB+qc8PS5IiilCIb87rg=
+github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/jackc/fake v0.0.0-20150926172116-812a484cc733/go.mod h1:WrMFNQdiFJ80sQsxDoMokWK1W5TQtxBFNpzWTD84ibQ=
 github.com/jackc/pgx v3.2.0+incompatible/go.mod h1:0ZGrqGqkRlliWnWB4zKnWtjbSWbGkVEFm4TeybAXq+I=
@@ -521,6 +532,7 @@ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kurin/blazer v0.5.4-0.20190613185654-cf2f27cc0be3/go.mod h1:4FCXMUWo9DllR2Do4TtBd377ezyAJ51vB5uTBjt0pGU=
 github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
 github.com/luna-duclos/instrumentedsql v1.1.2/go.mod h1:4LGbEqDnopzNAiyxPPDXhLspyunZxgPTMJBKtC6U0BQ=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
@@ -531,6 +543,7 @@ github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN
 github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.7.0 h1:aizVhC/NAAcKWb+5QsU1iNOZb4Yws5UO2I+aIprQITM=
 github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
 github.com/markbates/deplist v1.0.4/go.mod h1:gRRbPbbuA8TmMiRvaOzUlRfzfjeCCBqX2A6arxN01MM=
 github.com/markbates/deplist v1.0.5/go.mod h1:gRRbPbbuA8TmMiRvaOzUlRfzfjeCCBqX2A6arxN01MM=
@@ -658,6 +671,7 @@ github.com/pborman/getopt v0.0.0-20180729010549-6fdd0a2c7117/go.mod h1:85jBQOZwp
 github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pelletier/go-toml v1.4.0/go.mod h1:PN7xzY2wHTK0K9p34ErDQMlFxa51Fk0OUruD3k1mMwo=
+github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
 github.com/pierrec/lz4 v2.2.6+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
@@ -739,6 +753,7 @@ github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTd
 github.com/spf13/cast v1.2.0/go.mod h1:r2rcYCSwa1IExKTDiTfzaxqT2FNHs8hODu4LnUfgKEg=
 github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
+github.com/spf13/cobra v0.0.5 h1:f0B+LkLX6DtmRH1isoNA9VTtNUK9K8xYd28JNNfOv/s=
 github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
@@ -1084,6 +1099,7 @@ k8s.io/apimachinery v0.17.2/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZ
 k8s.io/apimachinery v0.17.4 h1:UzM+38cPUJnzqSQ+E1PY4YxMHIzQyCg29LOoGfo79Zw=
 k8s.io/apimachinery v0.17.4/go.mod h1:gxLnyZcGNdZTCLnq3fgzyg2A5BVCHTNDFrw8AmuJ+0g=
 k8s.io/apiserver v0.17.2/go.mod h1:lBmw/TtQdtxvrTk0e2cgtOxHizXI+d0mmGQURIHQZlo=
+k8s.io/cli-runtime v0.17.4 h1:ZIJdxpBEszZqUhydrCoiI5rLXS2J/1AF5xFok2QJ9bc=
 k8s.io/cli-runtime v0.17.4/go.mod h1:IVW4zrKKx/8gBgNNkhiUIc7nZbVVNhc1+HcQh+PiNHc=
 k8s.io/client-go v0.17.2/go.mod h1:QAzRgsa0C2xl4/eVpeVAZMvikCn8Nm81yqVx3Kk9XYI=
 k8s.io/client-go v0.17.4/go.mod h1:ouF6o5pz3is8qU0/qYL2RnoxOPqgfuidYLowytyLJmc=
@@ -1107,6 +1123,7 @@ k8s.io/utils v0.0.0-20200109141947-94aeca20bf09/go.mod h1:sZAwmy6armz5eXlNoLmJcl
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 sigs.k8s.io/controller-runtime v0.5.0 h1:CbqIy5fbUX+4E9bpnBFd204YAzRYlM9SWW77BbrcDQo=
 sigs.k8s.io/controller-runtime v0.5.0/go.mod h1:REiJzC7Y00U+2YkMbT8wxgrsX5USpXKGhb2sCtAXiT8=
+sigs.k8s.io/kustomize v2.0.3+incompatible h1:JUufWFNlI44MdtnjUqVnvh29rR37PQFzPbLXqhyOyX0=
 sigs.k8s.io/kustomize v2.0.3+incompatible/go.mod h1:MkjgH3RdOWrievjo6c9T245dYlB5QeXV4WCbnt/PEpU=
 sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI=
 sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06/go.mod h1:/ULNhyfzRopfcjskuui0cTITekDduZ7ycKN3oUT9R18=

pkg/engine/mutation.go

@@ -22,7 +22,7 @@ const (
 	PodControllersAnnotation = "pod-policies.kyverno.io/autogen-controllers"
 	//PodTemplateAnnotation defines the annotation key for Pod-Template
 	PodTemplateAnnotation = "pod-policies.kyverno.io/autogen-applied"
-	PodControllerRuleName = "podControllerAnnotation"
+	PodControllerRuleName = "autogen-pod-ctrl-annotation"
 )
 
 // Mutate performs mutation. Overlay first and then mutation patches
@@ -62,7 +62,7 @@ func Mutate(policyContext PolicyContext) (resp response.EngineResponse) {
 		// operate on the copy of the conditions, as we perform variable substitution
 		copyConditions := copyConditions(rule.Conditions)
 		// evaluate pre-conditions
-		// - handle variable subsitutions
+		// - handle variable substitutions
 		if !variables.EvaluateConditions(logger, ctx, copyConditions) {
 			logger.V(3).Info("resource fails the preconditions")
 			continue
@@ -88,7 +88,7 @@ func Mutate(policyContext PolicyContext) (resp response.EngineResponse) {
 				if ruleResponse.Patches == nil {
 					continue
 				}
-				logger.V(4).Info("overlay applied succesfully")
+				logger.V(4).Info("overlay applied successfully")
 			}
 
 			resp.PolicyResponse.Rules = append(resp.PolicyResponse.Rules, ruleResponse)

pkg/engine/response/response.go

@@ -72,14 +72,14 @@ func (rr RuleResponse) ToString() string {
 	return fmt.Sprintf("rule %s (%s): %v", rr.Name, rr.Type, rr.Message)
 }
 
-//RuleStats stores the statisctis for the single rule application
+//RuleStats stores the statistics for the single rule application
 type RuleStats struct {
-	// time required to appliy the rule on the resource
+	// time required to apply the rule on the resource
 	ProcessingTime time.Duration `json:"processingTime"`
 }
 
-//IsSuccesful checks if any rule has failed or not
-func (er EngineResponse) IsSuccesful() bool {
+//IsSuccessful checks if any rule has failed or not
+func (er EngineResponse) IsSuccessful() bool {
 	for _, r := range er.PolicyResponse.Rules {
 		if !r.Success {
 			return false
@@ -96,7 +96,7 @@ func (er EngineResponse) GetPatches() [][]byte {
 			patches = append(patches, r.Patches...)
 		}
 	}
-	// join patches
+
 	return patches
 }
 
@@ -113,9 +113,10 @@ func (er EngineResponse) GetSuccessRules() []string {
 func (er EngineResponse) getRules(success bool) []string {
 	var rules []string
 	for _, r := range er.PolicyResponse.Rules {
-		if r.Success == success {
+		if r.Success == success{
 			rules = append(rules, r.Name)
 		}
 	}
+
 	return rules
 }

pkg/engine/validation.go

@@ -64,7 +64,7 @@ func Validate(policyContext PolicyContext) (resp response.EngineResponse) {
 		return *isRequestDenied(logger, ctx, policy, oldR, admissionInfo)
 	}
 
-	if denyResp := isRequestDenied(logger, ctx, policy, newR, admissionInfo); !denyResp.IsSuccesful() {
+	if denyResp := isRequestDenied(logger, ctx, policy, newR, admissionInfo); !denyResp.IsSuccessful() {
 		return *denyResp
 	}
 

pkg/engine/validation_test.go

@@ -131,7 +131,7 @@ func TestValidate_image_tag_fail(t *testing.T) {
 	for index, r := range er.PolicyResponse.Rules {
 		assert.Equal(t, r.Message, msgs[index])
 	}
-	assert.Assert(t, !er.IsSuccesful())
+	assert.Assert(t, !er.IsSuccessful())
 }
 
 func TestValidate_image_tag_pass(t *testing.T) {
@@ -230,7 +230,7 @@ func TestValidate_image_tag_pass(t *testing.T) {
 	for index, r := range er.PolicyResponse.Rules {
 		assert.Equal(t, r.Message, msgs[index])
 	}
-	assert.Assert(t, er.IsSuccesful())
+	assert.Assert(t, er.IsSuccessful())
 }
 
 func TestValidate_Fail_anyPattern(t *testing.T) {
@@ -305,7 +305,7 @@ func TestValidate_Fail_anyPattern(t *testing.T) {
 	for index, r := range er.PolicyResponse.Rules {
 		assert.Equal(t, r.Message, msgs[index])
 	}
-	assert.Assert(t, !er.IsSuccesful())
+	assert.Assert(t, !er.IsSuccessful())
 }
 
 func TestValidate_host_network_port(t *testing.T) {
@@ -388,7 +388,7 @@ func TestValidate_host_network_port(t *testing.T) {
 	for index, r := range er.PolicyResponse.Rules {
 		assert.Equal(t, r.Message, msgs[index])
 	}
-	assert.Assert(t, !er.IsSuccesful())
+	assert.Assert(t, !er.IsSuccessful())
 }
 
 func TestValidate_anchor_arraymap_pass(t *testing.T) {
@@ -478,7 +478,7 @@ func TestValidate_anchor_arraymap_pass(t *testing.T) {
 	for index, r := range er.PolicyResponse.Rules {
 		assert.Equal(t, r.Message, msgs[index])
 	}
-	assert.Assert(t, er.IsSuccesful())
+	assert.Assert(t, er.IsSuccessful())
 }
 
 func TestValidate_anchor_arraymap_fail(t *testing.T) {
@@ -566,7 +566,7 @@ func TestValidate_anchor_arraymap_fail(t *testing.T) {
 	for index, r := range er.PolicyResponse.Rules {
 		assert.Equal(t, r.Message, msgs[index])
 	}
-	assert.Assert(t, !er.IsSuccesful())
+	assert.Assert(t, !er.IsSuccessful())
 }
 
 func TestValidate_anchor_map_notfound(t *testing.T) {
@@ -636,7 +636,7 @@ func TestValidate_anchor_map_notfound(t *testing.T) {
 	for index, r := range er.PolicyResponse.Rules {
 		assert.Equal(t, r.Message, msgs[index])
 	}
-	assert.Assert(t, er.IsSuccesful())
+	assert.Assert(t, er.IsSuccessful())
 }
 
 func TestValidate_anchor_map_found_valid(t *testing.T) {
@@ -709,7 +709,7 @@ func TestValidate_anchor_map_found_valid(t *testing.T) {
 	for index, r := range er.PolicyResponse.Rules {
 		assert.Equal(t, r.Message, msgs[index])
 	}
-	assert.Assert(t, er.IsSuccesful())
+	assert.Assert(t, er.IsSuccessful())
 }
 
 func TestValidate_anchor_map_found_invalid(t *testing.T) {
@@ -782,7 +782,7 @@ func TestValidate_anchor_map_found_invalid(t *testing.T) {
 	for index, r := range er.PolicyResponse.Rules {
 		assert.Equal(t, r.Message, msgs[index])
 	}
-	assert.Assert(t, !er.IsSuccesful())
+	assert.Assert(t, !er.IsSuccessful())
 }
 
 func TestValidate_AnchorList_pass(t *testing.T) {
@@ -858,7 +858,7 @@ func TestValidate_AnchorList_pass(t *testing.T) {
 		t.Log(r.Message)
 		assert.Equal(t, r.Message, msgs[index])
 	}
-	assert.Assert(t, er.IsSuccesful())
+	assert.Assert(t, er.IsSuccessful())
 }
 
 func TestValidate_AnchorList_fail(t *testing.T) {
@@ -932,7 +932,7 @@ func TestValidate_AnchorList_fail(t *testing.T) {
 	// 	// t.Log(r.Message)
 	// 	assert.Equal(t, r.Message, msgs[index])
 	// }
-	assert.Assert(t, !er.IsSuccesful())
+	assert.Assert(t, !er.IsSuccessful())
 }
 
 func TestValidate_existenceAnchor_fail(t *testing.T) {
@@ -1008,7 +1008,7 @@ func TestValidate_existenceAnchor_fail(t *testing.T) {
 	// 	t.Log(r.Message)
 	// 	assert.Equal(t, r.Message, msgs[index])
 	// }
-	assert.Assert(t, !er.IsSuccesful())
+	assert.Assert(t, !er.IsSuccessful())
 }
 
 func TestValidate_existenceAnchor_pass(t *testing.T) {
@@ -1083,7 +1083,7 @@ func TestValidate_existenceAnchor_pass(t *testing.T) {
 	for index, r := range er.PolicyResponse.Rules {
 		assert.Equal(t, r.Message, msgs[index])
 	}
-	assert.Assert(t, er.IsSuccesful())
+	assert.Assert(t, er.IsSuccessful())
 }
 
 func TestValidate_negationAnchor_deny(t *testing.T) {
@@ -1171,7 +1171,7 @@ func TestValidate_negationAnchor_deny(t *testing.T) {
 	for index, r := range er.PolicyResponse.Rules {
 		assert.Equal(t, r.Message, msgs[index])
 	}
-	assert.Assert(t, !er.IsSuccesful())
+	assert.Assert(t, !er.IsSuccessful())
 }
 
 func TestValidate_negationAnchor_pass(t *testing.T) {
@@ -1258,7 +1258,7 @@ func TestValidate_negationAnchor_pass(t *testing.T) {
 	for index, r := range er.PolicyResponse.Rules {
 		assert.Equal(t, r.Message, msgs[index])
 	}
-	assert.Assert(t, er.IsSuccesful())
+	assert.Assert(t, er.IsSuccessful())
 }
 
 func Test_VariableSubstitutionPathNotExistInPattern(t *testing.T) {
@@ -1714,7 +1714,7 @@ func Test_denyFeatureIssue744(t *testing.T) {
 			Context:       ctx,
 		}
 		resp := Validate(pc)
-		if resp.IsSuccesful() == !testcase.requestDenied {
+		if resp.IsSuccessful() == !testcase.requestDenied {
 			continue
 		}
 

pkg/event/controller.go

@@ -2,6 +2,7 @@ package event
 
 import (
 	"github.com/go-logr/logr"
+	"time"
 
 	"github.com/nirmata/kyverno/pkg/client/clientset/versioned/scheme"
 	kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1"
@@ -48,7 +49,7 @@ func NewEventGenerator(client *client.Client, pInformer kyvernoinformer.ClusterP
 	gen := Generator{
 		client:               client,
 		pLister:              pInformer.Lister(),
-		queue:                workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), eventWorkQueueName),
+		queue:                workqueue.NewNamedRateLimitingQueue(rateLimiter(), eventWorkQueueName),
 		pSynced:              pInformer.Informer().HasSynced,
 		policyCtrRecorder:    initRecorder(client, PolicyController, log),
 		admissionCtrRecorder: initRecorder(client, AdmissionController, log),
@@ -58,6 +59,10 @@ func NewEventGenerator(client *client.Client, pInformer kyvernoinformer.ClusterP
 	return &gen
 }
 
+func rateLimiter() workqueue.RateLimiter {
+	return workqueue.NewItemExponentialFailureRateLimiter(1*time.Second, 1000*time.Second)
+}
+
 func initRecorder(client *client.Client, eventSource Source, log logr.Logger) record.EventRecorder {
 	// Initliaze Event Broadcaster
 	err := scheme.AddToScheme(scheme.Scheme)
@@ -126,14 +131,15 @@ func (gen *Generator) handleErr(err error, key interface{}) {
 	}
 	// This controller retries if something goes wrong. After that, it stops trying.
 	if gen.queue.NumRequeues(key) < workQueueRetryLimit {
-		logger.Error(err, "Error syncing events;re-queuing request,the resource might not have been created yet", "key", key)
+		logger.V(4).Info("retrying event generation", "key", key, "reason", err.Error())
 		// Re-enqueue the key rate limited. Based on the rate limiter on the
 		// queue and the re-enqueue history, the key will be processed later again.
 		gen.queue.AddRateLimited(key)
 		return
 	}
+
 	gen.queue.Forget(key)
-	logger.Error(err, "dropping the key out of queue", "key", key)
+	logger.Error(err, "failed to generate event", "key", key)
 }
 
 func (gen *Generator) processNextWorkItem() bool {

pkg/event/util.go

@@ -2,7 +2,7 @@ package event
 
 const eventWorkQueueName = "kyverno-events"
 
-const workQueueRetryLimit = 5
+const workQueueRetryLimit = 10
 
 //Info defines the event details
 type Info struct {

pkg/kyverno/apply/command.go

@@ -247,7 +247,7 @@ func applyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst
 	fmt.Printf("\n\nApplying Policy %s on Resource %s/%s/%s\n", policy.Name, resource.GetNamespace(), resource.GetKind(), resource.GetName())
 
 	mutateResponse := engine.Mutate(engine.PolicyContext{Policy: *policy, NewResource: *resource})
-	if !mutateResponse.IsSuccesful() {
+	if !mutateResponse.IsSuccessful() {
 		fmt.Printf("\n\nMutation:")
 		fmt.Printf("\nFailed to apply mutation")
 		for i, r := range mutateResponse.PolicyResponse.Rules {
@@ -270,7 +270,7 @@ func applyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst
 	}
 
 	validateResponse := engine.Validate(engine.PolicyContext{Policy: *policy, NewResource: mutateResponse.PatchedResource})
-	if !validateResponse.IsSuccesful() {
+	if !validateResponse.IsSuccessful() {
 		fmt.Printf("\n\nValidation:")
 		fmt.Printf("\nResource is invalid")
 		for i, r := range validateResponse.PolicyResponse.Rules {

pkg/policy/apply.go

@@ -56,7 +56,7 @@ func applyPolicy(policy kyverno.ClusterPolicy, resource unstructured.Unstructure
 func mutation(policy kyverno.ClusterPolicy, resource unstructured.Unstructured, ctx context.EvalInterface, log logr.Logger) (response.EngineResponse, error) {
 
 	engineResponse := engine.Mutate(engine.PolicyContext{Policy: policy, NewResource: resource, Context: ctx})
-	if !engineResponse.IsSuccesful() {
+	if !engineResponse.IsSuccessful() {
 		log.V(4).Info("failed to apply mutation rules; reporting them")
 		return engineResponse, nil
 	}

pkg/policy/cleanup.go

@@ -13,7 +13,7 @@ import (
 
 func (pc *PolicyController) cleanUp(ers []response.EngineResponse) {
 	for _, er := range ers {
-		if !er.IsSuccesful() {
+		if !er.IsSuccessful() {
 			continue
 		}
 		if len(er.PolicyResponse.Rules) == 0 {

pkg/policy/controller.go

@@ -45,8 +45,6 @@ type PolicyController struct {
 	kyvernoClient *kyvernoclient.Clientset
 	eventGen      event.Interface
 	eventRecorder record.EventRecorder
-	syncHandler   func(pKey string) error
-	enqueuePolicy func(policy *kyverno.ClusterPolicy)
 
 	//pvControl is used for adoptin/releasing policy violation
 	pvControl PVControlInterface
@@ -146,9 +144,6 @@ func NewPolicyController(kyvernoClient *kyvernoclient.Clientset,
 		DeleteFunc: pc.deleteNamespacedPolicyViolation,
 	})
 
-	pc.enqueuePolicy = pc.enqueue
-	pc.syncHandler = pc.syncPolicy
-
 	pc.pLister = pInformer.Lister()
 	pc.cpvLister = cpvInformer.Lister()
 	pc.nspvLister = nspvInformer.Lister()
@@ -230,11 +225,11 @@ func (pc *PolicyController) deletePolicy(obj interface{}) {
 	pc.enqueuePolicy(p)
 }
 
-func (pc *PolicyController) enqueue(policy *kyverno.ClusterPolicy) {
+func (pc *PolicyController) enqueuePolicy(policy *kyverno.ClusterPolicy) {
 	logger := pc.log
 	key, err := cache.MetaNamespaceKeyFunc(policy)
 	if err != nil {
-		logger.Error(err, "failed to enqueu policy")
+		logger.Error(err, "failed to enqueue policy")
 		return
 	}
 	pc.queue.Add(key)
@@ -273,14 +268,14 @@ func (pc *PolicyController) processNextWorkItem() bool {
 	// if policies exist before Kyverno get created, resource webhook configuration
 	// could not be registered as clusterpolicy.spec.background=false by default
 	// the policy controller would starts only when the first incoming policy is queued
-	pc.registerResourceWebhookConfiguration()
+	pc.resourceWebhookWatcher.RegisterResourceWebhook()
 
 	key, quit := pc.queue.Get()
 	if quit {
 		return false
 	}
 	defer pc.queue.Done(key)
-	err := pc.syncHandler(key.(string))
+	err := pc.syncPolicy(key.(string))
 	pc.handleErr(err, key)
 
 	return true
@@ -318,7 +313,6 @@ func (pc *PolicyController) syncPolicy(key string) error {
 
 		// remove webhook configurations if there are no policies
 		if err := pc.removeResourceWebhookConfiguration(); err != nil {
-			// do not fail, if unable to delete resource webhook config
 			logger.Error(err, "failed to remove resource webhook configurations")
 		}
 
@@ -338,43 +332,53 @@ func (pc *PolicyController) syncPolicy(key string) error {
 }
 
 func (pc *PolicyController) deletePolicyViolations(key string) {
-	if err := pc.deleteClusterPolicyViolations(key); err != nil {
-		pc.log.Error(err, "failed to delete policy violation", "key", key)
+	cpv, err := pc.deleteClusterPolicyViolations(key)
+	if err != nil {
+		pc.log.Error(err, "failed to delete policy violations", "policy", key)
 	}
 
-	if err := pc.deleteNamespacedPolicyViolations(key); err != nil {
-		pc.log.Error(err, "failed to delete policy violation", "key", key)
+	npv, err := pc.deleteNamespacedPolicyViolations(key)
+	if err != nil {
+		pc.log.Error(err, "failed to delete policy violations", "policy", key)
 	}
+
+	pc.log.Info("deleted policy violations", "policy", key, "count", cpv+npv)
 }
 
-func (pc *PolicyController) deleteClusterPolicyViolations(policy string) error {
+func (pc *PolicyController) deleteClusterPolicyViolations(policy string) (int, error) {
 	cpvList, err := pc.getClusterPolicyViolationForPolicy(policy)
 	if err != nil {
-		return err
+		return 0, err
 	}
 
+	count := 0
 	for _, cpv := range cpvList {
 		if err := pc.pvControl.DeleteClusterPolicyViolation(cpv.Name); err != nil {
 			pc.log.Error(err, "failed to delete policy violation", "name", cpv.Name)
+		} else {
+			count++
 		}
 	}
 
-	return nil
+	return count, nil
 }
 
-func (pc *PolicyController) deleteNamespacedPolicyViolations(policy string) error {
+func (pc *PolicyController) deleteNamespacedPolicyViolations(policy string) (int, error) {
 	nspvList, err := pc.getNamespacedPolicyViolationForPolicy(policy)
 	if err != nil {
-		return err
+		return 0, err
 	}
 
+	count := 0
 	for _, nspv := range nspvList {
 		if err := pc.pvControl.DeleteNamespacedPolicyViolation(nspv.Namespace, nspv.Name); err != nil {
 			pc.log.Error(err, "failed to delete policy violation", "name", nspv.Name)
+		} else {
+			count++
 		}
 	}
 
-	return nil
+	return count, nil
 }
 
 func (pc *PolicyController) getNamespacedPolicyViolationForPolicy(policy string) ([]*kyverno.PolicyViolation, error) {

pkg/policy/namespacedpv.go

@@ -2,20 +2,13 @@ package policy
 
 import (
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
 	cache "k8s.io/client-go/tools/cache"
 )
 
 func (pc *PolicyController) addNamespacedPolicyViolation(obj interface{}) {
 	pv := obj.(*kyverno.PolicyViolation)
-	logger := pc.log.WithValues("kind", pv.Kind, "namespace", pv.Namespace, "name", pv.Name)
-
-	if pv.DeletionTimestamp != nil {
-		// On a restart of the controller manager, it's possible for an object to
-		// show up in a state that is already pending deletion.
-		pc.deleteNamespacedPolicyViolation(pv)
-		return
-	}
-	// dont manage controller references as the ownerReference is assigned by violation generator
+	logger := pc.log.WithValues("kind", pv.GetObjectKind(), "namespace", pv.Namespace, "name", pv.Name)
 
 	ps := pc.getPolicyForNamespacedPolicyViolation(pv)
 	if len(ps) == 0 {
@@ -83,18 +76,22 @@ func (pc *PolicyController) deleteNamespacedPolicyViolation(obj interface{}) {
 		}
 	}
 
-	logger = logger.WithValues("kind", pv.Kind, "namespace", pv.Namespace, "name", pv.Name)
+	logger = logger.WithValues("kind", pv.GetObjectKind(), "namespace", pv.Namespace, "name", pv.Name)
 	ps := pc.getPolicyForNamespacedPolicyViolation(pv)
 	if len(ps) == 0 {
 		// there is no cluster policy for this violation, so we can delete this cluster policy violation
-		logger.V(4).Info("nameapced policy violation does not belong to an active policy, will be cleanedup")
+		logger.V(4).Info("namespaced policy violation does not belong to an active policy, will be cleaned up")
 		if err := pc.pvControl.DeleteNamespacedPolicyViolation(pv.Namespace, pv.Name); err != nil {
-			logger.Error(err, "failed to delete resource")
-			return
+			if !errors.IsNotFound(err) {
+				logger.Error(err, "failed to delete resource")
+				return
+			}
 		}
+
 		logger.V(4).Info("resource deleted")
 		return
 	}
+
 	logger.V(4).Info("resource updated")
 	for _, p := range ps {
 		pc.enqueuePolicy(p)

pkg/policy/report.go

@@ -33,7 +33,7 @@ func (pc *PolicyController) cleanupAndReport(engineResponses []response.EngineRe
 func generateEvents(log logr.Logger, ers []response.EngineResponse) []event.Info {
 	var eventInfos []event.Info
 	for _, er := range ers {
-		if er.IsSuccesful() {
+		if er.IsSuccessful() {
 			continue
 		}
 		eventInfos = append(eventInfos, generateEventsPerEr(log, er)...)
@@ -60,7 +60,7 @@ func generateEventsPerEr(log logr.Logger, er response.EngineResponse) []event.In
 		e.Message = fmt.Sprintf("policy '%s' (%s) rule '%s' not satisfied. %v", er.PolicyResponse.Policy, rule.Type, rule.Name, rule.Message)
 		eventInfos = append(eventInfos, e)
 	}
-	if er.IsSuccesful() {
+	if er.IsSuccessful() {
 		return eventInfos
 	}
 

pkg/policy/webhookregistration.go

@@ -16,14 +16,8 @@ func (pc *PolicyController) removeResourceWebhookConfiguration() error {
 
 	if len(policies) == 0 {
 		logger.V(4).Info("no policies loaded, removing resource webhook configuration if one exists")
-		return pc.resourceWebhookWatcher.RemoveResourceWebhookConfiguration()
+		pc.resourceWebhookWatcher.RemoveResourceWebhookConfiguration()
 	}
 
-	logger.V(4).Info("no policies with mutating or validating webhook configurations, remove resource webhook configuration if one exists")
-
-	return pc.resourceWebhookWatcher.RemoveResourceWebhookConfiguration()
-}
-
-func (pc *PolicyController) registerResourceWebhookConfiguration() {
-	pc.resourceWebhookWatcher.RegisterResourceWebhook()
+	return nil
 }

pkg/policyviolation/builder.go

@@ -17,7 +17,7 @@ func GeneratePVsFromEngineResponse(ers []response.EngineResponse, log logr.Logge
 			continue
 		}
 		// skip when response succeed
-		if er.IsSuccesful() {
+		if er.IsSuccessful() {
 			continue
 		}
 		// build policy violation info

pkg/webhookconfig/registration.go

@@ -277,15 +277,11 @@ func (wrc *WebhookRegistrationClient) removeWebhookConfigurations() {
 // TODO: re-work with RemoveResourceMutatingWebhookConfiguration, as the only difference is wg handling
 func (wrc *WebhookRegistrationClient) removeResourceMutatingWebhookConfiguration(wg *sync.WaitGroup) {
 	defer wg.Done()
-	if err := wrc.RemoveResourceMutatingWebhookConfiguration(); err != nil {
-		wrc.log.Error(err, "failed to remove resource mutating webhook configuration")
-	}
+	wrc.RemoveResourceMutatingWebhookConfiguration()
 }
 func (wrc *WebhookRegistrationClient) removeResourceValidatingWebhookConfiguration(wg *sync.WaitGroup) {
 	defer wg.Done()
-	if err := wrc.RemoveResourceValidatingWebhookConfiguration(); err != nil {
-		wrc.log.Error(err, "failed to remove resource validation webhook configuration")
-	}
+	wrc.RemoveResourceValidatingWebhookConfiguration()
 }
 
 func (wrc *WebhookRegistrationClient) removePolicyMutatingWebhookConfiguration(wg *sync.WaitGroup) {

pkg/webhookconfig/resource.go

@@ -66,23 +66,22 @@ func (wrc *WebhookRegistrationClient) GetResourceMutatingWebhookConfigName() str
 }
 
 //RemoveResourceMutatingWebhookConfiguration removes mutating webhook configuration for all resources
-func (wrc *WebhookRegistrationClient) RemoveResourceMutatingWebhookConfiguration() error {
+func (wrc *WebhookRegistrationClient) RemoveResourceMutatingWebhookConfiguration() {
 	configName := wrc.GetResourceMutatingWebhookConfigName()
 	logger := wrc.log.WithValues("kind", MutatingWebhookConfigurationKind, "name", configName)
 	// delete webhook configuration
 	err := wrc.client.DeleteResource(MutatingWebhookConfigurationKind, "", configName, false)
 	if errors.IsNotFound(err) {
-		logger.V(5).Info("webhook configuration not found")
-		return nil
+		logger.V(4).Info("webhook configuration not found")
+		return
 	}
 
 	if err != nil {
-		logger.V(4).Info("failed to delete webhook configuration")
-		return err
+		logger.Error(err, "failed to delete the mutating webhook configuration")
+		return
 	}
 
-	logger.V(4).Info("deleted webhook configuration")
-	return nil
+	logger.Info("mutating webhook configuration deleted")
 }
 
 func (wrc *WebhookRegistrationClient) constructDebugValidatingWebhookConfig(caData []byte) *admregapi.ValidatingWebhookConfiguration {
@@ -142,20 +141,20 @@ func (wrc *WebhookRegistrationClient) GetResourceValidatingWebhookConfigName() s
 }
 
 // RemoveResourceValidatingWebhookConfiguration deletes an existing webhook configuration
-func (wrc *WebhookRegistrationClient) RemoveResourceValidatingWebhookConfiguration() error {
+func (wrc *WebhookRegistrationClient) RemoveResourceValidatingWebhookConfiguration() {
 	configName := wrc.GetResourceValidatingWebhookConfigName()
 	logger := wrc.log.WithValues("kind", ValidatingWebhookConfigurationKind, "name", configName)
 	err := wrc.client.DeleteResource(ValidatingWebhookConfigurationKind, "", configName, false)
 	if errors.IsNotFound(err) {
 		logger.V(5).Info("webhook configuration not found")
-		return nil
+		return
 	}
 
 	if err != nil {
-		logger.Error(err, "failed to delete the webhook configuration")
-		return err
+		logger.Error(err, "failed to delete the validating webhook configuration")
+		return
 	}
 
-	logger.Info("webhook configuration deleted")
-	return nil
+	logger.Info("validating webhook configuration deleted")
+	return
 }

pkg/webhookconfig/rwebhookregister.go

@@ -118,36 +118,10 @@ func (rww *ResourceWebhookRegister) Run(stopCh <-chan struct{}) {
 }
 
 // RemoveResourceWebhookConfiguration removes the resource webhook configurations
-func (rww *ResourceWebhookRegister) RemoveResourceWebhookConfiguration() error {
-	logger := rww.log
-	mutatingConfigName := rww.webhookRegistrationClient.GetResourceMutatingWebhookConfigName()
-	mutatingConfig, err := rww.mWebhookConfigLister.Get(mutatingConfigName)
-	if err != nil {
-		logger.Error(err, "failed to list mutating webhook config")
-		return err
-	}
-	if mutatingConfig != nil {
-		err = rww.webhookRegistrationClient.RemoveResourceMutatingWebhookConfiguration()
-		if err != nil {
-			return err
-		}
-		logger.V(3).Info("removed mutating resource webhook configuration")
-	}
+func (rww *ResourceWebhookRegister) RemoveResourceWebhookConfiguration()  {
+	rww.webhookRegistrationClient.RemoveResourceMutatingWebhookConfiguration()
 
 	if rww.RunValidationInMutatingWebhook != "true" {
-		validatingConfigName := rww.webhookRegistrationClient.GetResourceValidatingWebhookConfigName()
-		validatingConfig, err := rww.vWebhookConfigLister.Get(validatingConfigName)
-		if err != nil {
-			logger.Error(err, "failed to list validating webhook config")
-			return err
-		}
-		if validatingConfig != nil {
-			err = rww.webhookRegistrationClient.RemoveResourceValidatingWebhookConfiguration()
-			if err != nil {
-				return err
-			}
-			logger.V(3).Info("removed validating resource webhook configuration")
-		}
+		rww.webhookRegistrationClient.RemoveResourceValidatingWebhookConfiguration()
 	}
-	return nil
 }

pkg/webhooks/annotations.go

@@ -97,7 +97,7 @@ func generateAnnotationPatches(engineResponses []response.EngineResponse, log lo
 func annotationFromEngineResponses(engineResponses []response.EngineResponse, log logr.Logger) []byte {
 	var annotationContent = make(map[string]string)
 	for _, engineResponse := range engineResponses {
-		if !engineResponse.IsSuccesful() {
+		if !engineResponse.IsSuccessful() {
 			log.V(3).Info("skip building annotation; policy failed to apply", "policy", engineResponse.PolicyResponse.Policy)
 			continue
 		}

pkg/webhooks/common.go

@@ -17,7 +17,7 @@ import (
 // isResponseSuccesful return true if all responses are successful
 func isResponseSuccesful(engineReponses []response.EngineResponse) bool {
 	for _, er := range engineReponses {
-		if !er.IsSuccesful() {
+		if !er.IsSuccessful() {
 			return false
 		}
 	}
@@ -28,7 +28,7 @@ func isResponseSuccesful(engineReponses []response.EngineResponse) bool {
 // returns false -> if all the policies are meant to report only, we dont block resource request
 func toBlockResource(engineReponses []response.EngineResponse, log logr.Logger) bool {
 	for _, er := range engineReponses {
-		if !er.IsSuccesful() && er.PolicyResponse.ValidationFailureAction == Enforce {
+		if !er.IsSuccessful() && er.PolicyResponse.ValidationFailureAction == Enforce {
 			log.Info("spec.ValidationFailureAction set to enforcel blocking resource request", "policy", er.PolicyResponse.Policy)
 			return true
 		}
@@ -42,7 +42,7 @@ func getEnforceFailureErrorMsg(engineResponses []response.EngineResponse) string
 	policyToRule := make(map[string]interface{})
 	var resourceName string
 	for _, er := range engineResponses {
-		if !er.IsSuccesful() && er.PolicyResponse.ValidationFailureAction == Enforce {
+		if !er.IsSuccessful() && er.PolicyResponse.ValidationFailureAction == Enforce {
 			ruleToReason := make(map[string]string)
 			for _, rule := range er.PolicyResponse.Rules {
 				if !rule.Success {
@@ -65,7 +65,7 @@ func getErrorMsg(engineReponses []response.EngineResponse) string {
 	var resourceInfo string
 
 	for _, er := range engineReponses {
-		if !er.IsSuccesful() {
+		if !er.IsSuccessful() {
 			// resource in engineReponses is identical as this was called per admission request
 			resourceInfo = fmt.Sprintf("%s/%s/%s", er.PolicyResponse.Resource.Kind, er.PolicyResponse.Resource.Namespace, er.PolicyResponse.Resource.Name)
 			str = append(str, fmt.Sprintf("failed policy %s:", er.PolicyResponse.Policy))

pkg/webhooks/mutation.go

@@ -52,7 +52,7 @@ func (ws *WebhookServer) HandleMutation(
 		engineResponse := engine.Mutate(policyContext)
 
 		ws.statusListener.Send(mutateStats{resp: engineResponse})
-		if !engineResponse.IsSuccesful() {
+		if !engineResponse.IsSuccessful() {
 			logger.Info("failed to apply policy", "policy", policy.Name, "failed rules", engineResponse.GetFailedRules())
 			continue
 		}
@@ -64,9 +64,11 @@ func (ws *WebhookServer) HandleMutation(
 		}
 
 		// gather patches
-		patches = append(patches, engineResponse.GetPatches()...)
-		if len(engineResponse.GetPatches()) != 0 {
-			logger.Info("mutation rules from policy applied succesfully", "policy", policy.Name)
+		policyPatches := engineResponse.GetPatches()
+		if len(policyPatches) > 0 {
+			patches = append(patches, policyPatches...)
+			rules := engineResponse.GetSuccessRules()
+			logger.Info("mutation rules from policy applied successfully", "policy", policy.Name,  "rules", rules)
 		}
 
 		policyContext.NewResource = engineResponse.PatchedResource
@@ -85,10 +87,10 @@ func (ws *WebhookServer) HandleMutation(
 
 	// REPORTING EVENTS
 	// Scenario 1:
-	//   some/all policies failed to apply on the resource. a policy volation is generated.
+	//   some/all policies failed to apply on the resource. a policy violation is generated.
 	//   create an event on the resource and the policy that failed
 	// Scenario 2:
-	//   all policies were applied succesfully.
+	//   all policies were applied successfully.
 	//   create an event on the resource
 	// ADD EVENTS
 	events := generateEvents(engineResponses, false, (request.Operation == v1beta1.Update), logger)

pkg/webhooks/report.go

@@ -48,7 +48,7 @@ func generateEvents(engineResponses []response.EngineResponse, blocked, onUpdate
 	//   - report event of policy is in enforce mode and failed to apply
 	if blocked {
 		for _, er := range engineResponses {
-			if er.IsSuccesful() {
+			if er.IsSuccessful() {
 				// do not create event on polices that were succesfuly
 				continue
 			}
@@ -84,7 +84,7 @@ func generateEvents(engineResponses []response.EngineResponse, blocked, onUpdate
 	//     - report event on resource that failed
 
 	for _, er := range engineResponses {
-		if er.IsSuccesful() {
+		if er.IsSuccessful() {
 			// do not create event on polices that were succesfuly
 			continue
 		}

pkg/webhooks/validation.go

@@ -75,7 +75,7 @@ func (ws *WebhookServer) HandleValidation(
 		ws.statusListener.Send(validateStats{
 			resp: engineResponse,
 		})
-		if !engineResponse.IsSuccesful() {
+		if !engineResponse.IsSuccessful() {
 			logger.V(4).Info("failed to apply policy", "policy", policy.Name, "failed rules", engineResponse.GetFailedRules())
 			continue
 		}