Cli Apply command support Dir as resources (#3391)

* apply command support dir as resources

* fix issue

pkg/kyverno/apply/apply_command_test.go

@@ -45,9 +45,25 @@ func Test_Apply(t *testing.T) {
 				},
 			},
 		},
+		{
+			PolicyPaths:   []string{"../../../test/cli/apply/policies"},
+			ResourcePaths: []string{"../../../test/cli/apply/resource"},
+			expectedPolicyReports: []preport.PolicyReport{
+				{
+					Summary: preport.PolicyReportSummary{
+						Pass:  1,
+						Fail:  1,
+						Skip:  4,
+						Error: 0,
+						Warn:  0,
+					},
+				},
+			},
+		},
 	}
 
 	compareSummary := func(expected preport.PolicyReportSummary, actual map[string]interface{}) {
+
 		assert.Assert(t, actual[preport.StatusPass].(int64) == int64(expected.Pass))
 		assert.Assert(t, actual[preport.StatusFail].(int64) == int64(expected.Fail))
 		assert.Assert(t, actual[preport.StatusSkip].(int64) == int64(expected.Skip))

pkg/kyverno/common/common.go

@@ -735,6 +735,26 @@ func GetResourceAccordingToResourcePath(fs billy.Filesystem, resourcePaths []str
 				}
 			}
 		} else if (len(resourcePaths) > 0 && resourcePaths[0] != "-") || len(resourcePaths) < 0 || cluster {
+
+			fileDesc, err := os.Stat(resourcePaths[0])
+			if err != nil {
+				return nil, err
+			}
+			if fileDesc.IsDir() {
+
+				files, err := ioutil.ReadDir(resourcePaths[0])
+				if err != nil {
+					return nil, sanitizederror.NewWithError(fmt.Sprintf("failed to parse %v", resourcePaths[0]), err)
+				}
+				listOfFiles := make([]string, 0)
+				for _, file := range files {
+					ext := filepath.Ext(file.Name())
+					if ext == ".yaml" || ext == ".yml" {
+						listOfFiles = append(listOfFiles, filepath.Join(resourcePaths[0], file.Name()))
+					}
+				}
+				resourcePaths = listOfFiles
+			}
 			resources, err = GetResources(policies, resourcePaths, dClient, cluster, namespace, policyReport)
 			if err != nil {
 				return resources, err

test/cli/apply/policies/policy.yaml

@@ -0,0 +1,24 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: disallow-latest-tag
+  annotations:
+    policies.kyverno.io/category: Best Practices
+    policies.kyverno.io/description: >-
+      The ':latest' tag is mutable and can lead to unexpected errors if the
+      image changes. A best practice is to use an immutable tag that maps to
+      a specific version of an application pod.
+spec:
+  validationFailureAction: audit
+  rules:
+  - name: validate-image-tag
+    match:
+      resources:
+        kinds:
+        - Pod
+    validate:
+      message: "Using a mutable image tag e.g. 'latest' is not allowed."
+      pattern:
+        spec:
+          containers:
+          - image: "!*:latest"

test/cli/apply/resource/resources.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-require-image-tag-fail
+  labels:
+    app: app
+spec:
+  containers:
+  - name: nginx
+    image: nginx
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-validate-image-tag-ignore
+  labels:
+    app: app
+spec:
+  containers:
+  - name: nginx
+    image: nginx:latest

test/policy.yaml

@@ -1,19 +0,0 @@
-apiVersion: kyverno.io/v1
-kind: ClusterPolicy
-metadata:
-  name: who-created-this
-spec:
-  background: false
-  failurePolicy: Ignore
-  rules:
-  - name: who-created-this
-    match:
-      all:
-        - resources:
-            kinds:
-            - "*"
-    mutate:
-      patchStrategicMerge:
-        metadata:
-          annotations:
-            test: "app"

test/resources.yaml

@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: test-require-image-tag-pass
-spec:
-  containers:
-  - name: nginx
-    image: nginx:latest