Merge pull request #68 from nirmata/44_support_list_kind

support list of kind in resource
2025-03-31 03:45:17 +00:00 · 2019-05-22 11:10:12 -07:00 · 2019-05-22 11:10:12 -07:00 · 7a3f514fa1
commit 7a3f514fa1
parent 63ab88b6e0 857aa81f3e
35 changed files with 159 additions and 109 deletions
--- a/definitions/install.yaml
+++ b/definitions/install.yaml
@ -35,29 +35,31 @@ spec:
                  resource:
                    type: object
                    required:
-                    - kind
+                    - kinds
                    properties:
-                      kind:
-                        type: string
-                        enum:
-                        - ConfigMap
-                        - CronJob
-                        - DaemonSet
-                        - Deployment
-                        - Endpoints
-                        - HorizontalPodAutoscaler
-                        - Ingress
-                        - Job
-                        - LimitRange
-                        - Namespace
-                        - NetworkPolicy
-                        - PersistentVolumeClaim
-                        - PodDisruptionBudget
-                        - PodTemplate
-                        - ResourceQuota
-                        - Secret
-                        - Service
-                        - StatefulSet
+                      kinds:
+                        type: array
+                        items:
+                          type: string
+                          enum:
+                          - ConfigMap
+                          - CronJob
+                          - DaemonSet
+                          - Deployment
+                          - Endpoints
+                          - HorizontalPodAutoscaler
+                          - Ingress
+                          - Job
+                          - LimitRange
+                          - Namespace
+                          - NetworkPolicy
+                          - PersistentVolumeClaim
+                          - PodDisruptionBudget
+                          - PodTemplate
+                          - ResourceQuota
+                          - Secret
+                          - Service
+                          - StatefulSet
                      name:
                        type: string
                      selector:
--- a/examples/CLI/deployment/policy-deployment.yaml
+++ b/examples/CLI/deployment/policy-deployment.yaml
@ -6,7 +6,8 @@ spec :
  rules:
    - name: deployment-policy
      resource:
-        kind : Deployment
+        kinds : 
+        - Deployment
        selector :
          matchLabels :
            cli: test
--- a/examples/Validate/check_cpu_memory.yaml
+++ b/examples/Validate/check_cpu_memory.yaml
@ -1,4 +1,4 @@
-apiVersion: policy.nirmata.io/v1alpha1
+apiVersion : kyverno.nirmata.io/v1alpha1
 kind: Policy
 metadata:
  name: check-cpu-memory
@ -6,7 +6,8 @@ spec:
  rules:
  - name: check-defined
    resource:
-      kind: Deployment
+      kinds: 
+      - Deployment
    validate:
      message: "Resource requests and limits are required for CPU and memory"
      pattern:
@ -22,7 +23,8 @@ spec:
              cpu: "?"
  - name: check-memory-in-range
    resource:
-      kind: Deployment
+      kinds: 
+      - Deployment
    validate:
      message: "Memory request cannot be greater than 10Gi"
      pattern:
--- a/examples/Validate/check_hostpath.yaml
+++ b/examples/Validate/check_hostpath.yaml
@ -1,4 +1,4 @@
-apiVersion: policy.nirmata.io/v1alpha1
+apiVersion : kyverno.nirmata.io/v1alpha1
 kind: Policy
 metadata:
  name: check-host-path
@ -6,7 +6,8 @@ spec:
  rules:
  - name: check-host-path
    resource:
-      kind: Pod
+      kinds: 
+      - Pod
    validate:
      message: "Host path volumes are not allowed"
      pattern:
--- a/examples/Validate/check_image_version.yaml
+++ b/examples/Validate/check_image_version.yaml
@ -1,4 +1,4 @@
-apiVersion: policy.nirmata.io/v1alpha1
+apiVersion : kyverno.nirmata.io/v1alpha1
 kind: Policy
 metadata:
  name: image-pull-policy
@ -7,7 +7,8 @@ spec:
  - name: image-pull-policy
    message: "Image tag ':latest' requires imagePullPolicy 'Always'"
    resource:
-      kind: Deployment
+      kinds: 
+      - Deployment
    overlay:
      template:
        spec:
--- a/examples/Validate/check_nodeport.yaml
+++ b/examples/Validate/check_nodeport.yaml
@ -1,4 +1,4 @@
-apiVersion: policy.nirmata.io/v1alpha1
+apiVersion : kyverno.nirmata.io/v1alpha1
 kind: Policy
 metadata:
  name: check-host-path
@ -6,7 +6,8 @@ spec:
  rules:
  - name: check-host-path
    resource:
-      kind: Service
+      kinds: 
+      - Service
    validate:
      message: "Node port services are not allowed"
      pattern:
--- a/examples/Validate/check_probe_exists.yaml
+++ b/examples/Validate/check_probe_exists.yaml
@ -1,4 +1,4 @@
-apiVersion: policy.nirmata.io/v1alpha1
+apiVersion : kyverno.nirmata.io/v1alpha1
 kind: Policy
 metadata:
  name: check-probe-exists
@ -6,7 +6,8 @@ spec:
  rules:
  - name: check-liveness-probe-exists
    resource:
-      kind: StatefulSet
+      kinds: 
+      - StatefulSet
    validate:
      message: "a livenessProbe is required"
      pattern:
@ -14,10 +15,11 @@ spec:
          # In this case every object in containers list will be checked for pattern
          - name: "*"
            livenessProbe:
-              periodSeconds: ?
+              periodSeconds: "?"
  - resource:
-      kind: Deployment
-    name: check-readiness-probe-exists
+      kinds: 
+      - Deployment
+    name: check-readinessprobe-exists
    validate:
      message: "a readinessProbe is required"
      pattern:
@ -25,4 +27,4 @@ spec:
          # In this case every object in containers list will be checked for pattern
          - name: "*"
            readinessProbe:
-              periodSeconds: ?
+              periodSeconds: "?"
--- a/examples/Validate/check_probe_intervals.yaml
+++ b/examples/Validate/check_probe_intervals.yaml
@ -1,4 +1,4 @@
-apiVersion: policy.nirmata.io/v1alpha1
+apiVersion : kyverno.nirmata.io/v1alpha1
 kind: Policy
 metadata:
  name: check-probe-intervals
@ -6,7 +6,8 @@ spec:
  rules:
  - name: check-probe-intervals
    resource:
-      kind: Deployment
+      kinds: 
+      - Deployment
    validate:
      message: "livenessProbe must be > 10s"
      pattern:
@ -16,7 +17,9 @@ spec:
            livenessProbe:
              periodSeconds: ">10"
  - resource:
-      kind: Deployment
+      kinds: 
+      - Deployment
+    name: check-readinessprobe-intervals
    validate:
      pattern:
        message: "readinessProbe must be > 10s"    
--- a/examples/Validate/check_whitelist_registries.yaml
+++ b/examples/Validate/check_whitelist_registries.yaml
@ -1,4 +1,4 @@
-apiVersion: policy.nirmata.io/v1alpha1
+apiVersion : kyverno.nirmata.io/v1alpha1
 kind: Policy
 metadata:
  name: check-whitelist-registries
@ -7,7 +7,8 @@ spec:
  - name: check-whitelist-registries
    message: "Registry is not allowed"
    resource:
-      kind: Deployment
+      kinds: 
+      - Deployment
    validate:
      pattern:
        template:
--- a/pkg/apis/policy/v1alpha1/types.go
+++ b/pkg/apis/policy/v1alpha1/types.go
@ -33,7 +33,7 @@ type Rule struct {

 // ResourceDescription describes the resource to which the PolicyRule will be applied.
 type ResourceDescription struct {
-	Kind     string                `json:"kind"`
+	Kinds    []string              `json:"kinds"`
 	Name     *string               `json:"name"`
 	Selector *metav1.LabelSelector `json:"selector"`
 }
--- a/pkg/apis/policy/v1alpha1/utils.go
+++ b/pkg/apis/policy/v1alpha1/utils.go
@ -22,13 +22,11 @@ func (r *Rule) Validate() error {
 }

 // Validate checks if all necesarry fields are present and have values. Also checks a Selector.
-// Returns error if resource definition is invalid.
+// Returns error if
+// - kinds is not defined
 func (pr *ResourceDescription) Validate() error {
-	// TBD: selector or name MUST be specified
-	if pr.Kind == "" {
+	if len(pr.Kinds) == 0 {
 		return errors.New("The Kind is not specified")
-	} else if pr.Name == nil && pr.Selector == nil {
-		return errors.New("Neither Name nor Selector is specified")
 	}

 	if pr.Selector != nil {
--- a/pkg/apis/policy/v1alpha1/utils_test.go
+++ b/pkg/apis/policy/v1alpha1/utils_test.go
@ -9,8 +9,8 @@ import (

 var defaultResourceDescriptionName = "defaultResourceDescription"
 var defaultResourceDescription = ResourceDescription{
-	Kind: "Deployment",
-	Name: &defaultResourceDescriptionName,
+	Kinds: []string{"Deployment"},
+	Name:  &defaultResourceDescriptionName,
 	Selector: &metav1.LabelSelector{
 		MatchLabels: map[string]string{"LabelForSelector": "defaultResourceDescription"},
 	},
@ -43,7 +43,7 @@ func Test_ResourceDescription_EmptyKind(t *testing.T) {

 func Test_ResourceDescription_EmptyNameAndSelector(t *testing.T) {
 	resourceDescription := ResourceDescription{
-		Kind: "Deployment",
+		Kinds: []string{"Deployment"},
 	}
 	err := resourceDescription.Validate()
 	assert.Assert(t, err != nil)
--- a/pkg/engine/utils.go
+++ b/pkg/engine/utils.go
@ -13,7 +13,7 @@ import (

 // ResourceMeetsDescription checks requests kind, name and labels to fit the policy rule
 func ResourceMeetsDescription(resourceRaw []byte, description kubepolicy.ResourceDescription, gvk metav1.GroupVersionKind) bool {
-	if description.Kind != gvk.Kind {
+	if !findKind(description.Kinds, gvk.Kind) {
 		return false
 	}

@ -104,3 +104,12 @@ func ParseRegexPolicyResourceName(policyResourceName string) (string, bool) {
 	}
 	return strings.Trim(regex[1], " "), true
 }
+
+func findKind(kinds []string, kindGVK string) bool {
+	for _, kind := range kinds {
+		if kind == kindGVK {
+			return true
+		}
+	}
+	return false
+}
--- a/pkg/engine/validation_test.go
+++ b/pkg/engine/validation_test.go
@ -358,7 +358,7 @@ func TestValidateMapElement_OneElementInArrayNotPass(t *testing.T) {
 }

 func TestValidate_ServiceTest(t *testing.T) {
-	rawPolicy := []byte(`{ "apiVersion": "kubepolicy.nirmata.io/v1alpha1", "kind": "Policy", "metadata": { "name": "policy-service" }, "spec": { "rules": [ { "name": "ps1", "resource": { "kind": "Service", "name": "game-service*" }, "mutate": { "patches": [ { "path": "/metadata/labels/isMutated", "op": "add", "value": "true" }, { "path": "/metadata/labels/secretLabel", "op": "replace", "value": "weKnow" }, { "path": "/metadata/labels/originalLabel", "op": "remove" }, { "path": "/spec/selector/app", "op": "replace", "value": "mutedApp" } ] }, "validate": { "message": "This resource is broken", "pattern": { "spec": { "ports": [ { "name": "hs", "protocol": 32 } ] } } } } ] } }`)
+	rawPolicy := []byte(`{ "apiVersion": "kyverno.nirmata.io/v1alpha1", "kind": "Policy", "metadata": { "name": "policy-service" }, "spec": { "rules": [ { "name": "ps1", "resource": { "kind": "Service", "name": "game-service*" }, "mutate": { "patches": [ { "path": "/metadata/labels/isMutated", "op": "add", "value": "true" }, { "path": "/metadata/labels/secretLabel", "op": "replace", "value": "weKnow" }, { "path": "/metadata/labels/originalLabel", "op": "remove" }, { "path": "/spec/selector/app", "op": "replace", "value": "mutedApp" } ] }, "validate": { "message": "This resource is broken", "pattern": { "spec": { "ports": [ { "name": "hs", "protocol": 32 } ] } } } } ] } }`)
 	rawResource := []byte(`{ "kind": "Service", "apiVersion": "v1", "metadata": { "name": "game-service", "labels": { "originalLabel": "isHere", "secretLabel": "thisIsMySecret" } }, "spec": { "selector": { "app": "MyApp" }, "ports": [ { "name": "http", "protocol": "TCP", "port": 80, "targetPort": 9376 } ] } }`)

 	var policy kubepolicy.Policy
@ -372,7 +372,7 @@ func TestValidate_ServiceTest(t *testing.T) {
 }

 func TestValidate_MapHasFloats(t *testing.T) {
-	rawPolicy := []byte(`{ "apiVersion": "kubepolicy.nirmata.io/v1alpha1", "kind": "Policy", "metadata": { "name": "policy-deployment-changed" }, "spec": { "rules": [ { "name": "First policy v2", "resource": { "kind": "Deployment", "name": "nginx-*" }, "mutate": { "patches": [ { "path": "/metadata/labels/isMutated", "op": "add", "value": "true" }, { "path": "/metadata/labels/app", "op": "replace", "value": "nginx_is_mutated" } ] }, "validate": { "message": "replicas number is wrong", "pattern": { "metadata": { "labels": { "app": "*" } }, "spec": { "replicas": 3 } } } } ] } }`)
+	rawPolicy := []byte(`{ "apiVersion": "kyverno.nirmata.io/v1alpha1", "kind": "Policy", "metadata": { "name": "policy-deployment-changed" }, "spec": { "rules": [ { "name": "First policy v2", "resource": { "kind": "Deployment", "name": "nginx-*" }, "mutate": { "patches": [ { "path": "/metadata/labels/isMutated", "op": "add", "value": "true" }, { "path": "/metadata/labels/app", "op": "replace", "value": "nginx_is_mutated" } ] }, "validate": { "message": "replicas number is wrong", "pattern": { "metadata": { "labels": { "app": "*" } }, "spec": { "replicas": 3 } } } } ] } }`)
 	rawResource := []byte(`{ "apiVersion": "apps/v1", "kind": "Deployment", "metadata": { "name": "nginx-deployment", "labels": { "app": "nginx" } }, "spec": { "replicas": 3, "selector": { "matchLabels": { "app": "nginx" } }, "template": { "metadata": { "labels": { "app": "nginx" } }, "spec": { "containers": [ { "name": "nginx", "image": "nginx:1.7.9", "ports": [ { "containerPort": 80 } ] } ] } } } }`)

 	var policy kubepolicy.Policy
--- a/test/ConfigMap/policy-CM.yaml
+++ b/test/ConfigMap/policy-CM.yaml
@ -6,7 +6,8 @@ spec :
  rules:
    - name: pCM1
      resource:
-        kind : ConfigMap
+        kinds : 
+        - ConfigMap
        name: "game-config"
      mutate:
        patches:
@ -15,7 +16,8 @@ spec :
          value : newValue
    - name: pCM2
      resource:
-        kind : ConfigMap
+        kinds : 
+        - ConfigMap
        name: "game-config"
      mutate:
        patches:
@ -26,7 +28,8 @@ spec :
          value : "data is replaced"
    - name: pCM3
      resource:
-        kind : ConfigMap
+        kinds : 
+        - ConfigMap
        name: "game-config"
      mutate:
        patches:
@ -40,7 +43,8 @@ spec :
            game.properties: "*enemies=aliens*"
    - name: pCM4
      resource:
-        kind : ConfigMap
+        kinds : 
+        - ConfigMap
        name: "game-config"
      validate:
        message: "This CM data is broken because it does not have ui.properties"
--- a/test/ConfigMapGenerator-SecretGenerator/policy-cm-test.yaml
+++ b/test/ConfigMapGenerator-SecretGenerator/policy-cm-test.yaml
@ -6,12 +6,13 @@ spec:
  rules:
  - name: "copyCM"
    resource :
-      kind : Namespace
+      kinds : 
+      - Namespace
      selector:
        matchLabels:
          LabelForSelector : "namespace2"
    generate :
-      kind: ConfigMap
+    - kind: ConfigMap
      name : copied-cm
      copyFrom :
        namespace : default
--- a/test/ConfigMapGenerator-SecretGenerator/policy-namespace-patch-cmgCG-sgCG.yaml
+++ b/test/ConfigMapGenerator-SecretGenerator/policy-namespace-patch-cmgCG-sgCG.yaml
@ -11,7 +11,8 @@ spec :
  rules:
  - name: "patchNamespace2"
    resource :
-      kind : Namespace
+      kinds : 
+      - Namespace
      selector:
        matchLabels:
          LabelForSelector : "namespace2"
@ -23,12 +24,13 @@ spec :

  - name: "copyCM"
    resource :
-      kind : Namespace
+      kinds : 
+      - Namespace
      selector:
        matchLabels:
          LabelForSelector : "namespace2"
    generate :
-      kind: ConfigMap
+    - kind: ConfigMap
      name : copied-cm
      copyFrom :
        namespace : default
@ -38,12 +40,13 @@ spec :
       
  - name: "generateCM"
    resource :
-      kind : Namespace
+      kinds : 
+      - Namespace
      selector:
        matchLabels:
          LabelForSelector : "namespace2"
    generate :
-      kind: ConfigMap
+    - kind: ConfigMap
      name : generated-cm
      data :
        secretData: "very sensitive data from cmg"
@ -56,10 +59,11 @@ spec :
  
  - name: "generateSecret"
    resource :
-      kind : Namespace
+      kinds : 
+      - Namespace
      name: ns2
    generate :
-      kind: Secret
+    - kind: Secret
      name : generated-secrets
      data :
        foo : bar
@ -72,10 +76,11 @@ spec :

  - name: "copySecret"
    resource :
-      kind : Namespace
+      kinds : 
+      - Namespace
      name: ns2
    generate :
-      kind: Secret
+    - kind: Secret
      name : copied-secrets
      copyFrom :
        namespace : default
--- a/test/CronJob/policy-cronjob-wldcrd.yaml
+++ b/test/CronJob/policy-cronjob-wldcrd.yaml
@ -6,7 +6,8 @@ spec:
  rules:
    - name: pCJ
      resource:
-        kind : CronJob
+        kinds : 
+        - CronJob
        name: "?ell*"
      mutate:
        patches:
--- a/test/DaemonSet/policy-daemonset.yaml
+++ b/test/DaemonSet/policy-daemonset.yaml
@ -6,7 +6,8 @@ spec:
  rules:
    - name: "Patch and Volume validation"
      resource:
-        kind: DaemonSet
+        kinds:
+        - DaemonSet
        name: fluentd-elasticsearch
      mutate:
        patches:
--- a/test/Deployment/policy-deployment-any.yaml
+++ b/test/Deployment/policy-deployment-any.yaml
@ -6,8 +6,8 @@ spec :
  rules:
    - name: "First policy v2"
      resource:
-        kind : Deployment
-        name: nginx-*
+        kinds : 
+        - Deployment
      mutate:
        patches:
        - path: /metadata/labels/isMutated
--- a/test/Endpoint/policy-endpoints.yaml
+++ b/test/Endpoint/policy-endpoints.yaml
@ -6,7 +6,8 @@ spec :
  rules:
    - name: pEP
      resource:
-        kind : Endpoints
+        kinds : 
+        - Endpoints
        selector:
          matchLabels:
            label : test
--- a/test/HorizontalPodAutoscaler/policy-hpa.yaml
+++ b/test/HorizontalPodAutoscaler/policy-hpa.yaml
@ -6,7 +6,8 @@ spec :
  rules:
    - name: hpa1
      resource:
-        kind : HorizontalPodAutoscaler
+        kinds : 
+        - HorizontalPodAutoscaler
        selector:
          matchLabels:
            originalLabel: isHere
--- a/test/Ingress/policy-ingress.yaml
+++ b/test/Ingress/policy-ingress.yaml
@ -1,4 +1,4 @@
-apiVersion: kubepolicy.nirmata.io/v1alpha1
+apiVersion: kyverno.nirmata.io/v1alpha1
 kind: Policy
 metadata :
  name : policy-ingress
@ -6,7 +6,8 @@ spec :
  rules:
    - name: ingress1
      resource:
-        kind : Ingress
+        kinds : 
+        - Ingress
        selector:
          matchLabels:
            originalLabel: isHere
--- a/test/Job/policy-job.yaml
+++ b/test/Job/policy-job.yaml
@ -1,4 +1,4 @@
-apiVersion: kubepolicy.nirmata.io/v1alpha1
+apiVersion: kyverno.nirmata.io/v1alpha1
 kind: Policy
 metadata:
  name: policy-job-perl-bigint
@ -6,7 +6,8 @@ spec :
  rules:
    - name: job1
      resource:
-        kind: Job
+        kinds: 
+        - Job
        name: pi
      mutate:
        patches:
--- a/test/LimitRange/policy-limitrange.yaml
+++ b/test/LimitRange/policy-limitrange.yaml
@ -1,12 +1,13 @@
-apiVersion : kubepolicy.nirmata.io/v1alpha1
+apiVersion : kyverno.nirmata.io/v1alpha1
 kind : Policy
 metadata :
  name : policy-limitrange
 spec :
  rules:
-    - name:
+    - name: "rule"
      resource:
-        kind : LimitRange
+        kinds : 
+        - LimitRange
        selector:
          matchLabels:
            containerSize: minimal
--- a/test/Namespace/policy-namespace.yaml
+++ b/test/Namespace/policy-namespace.yaml
@ -1,4 +1,4 @@
-apiVersion: kubepolicy.nirmata.io/v1alpha1
+apiVersion: kyverno.nirmata.io/v1alpha1
 kind: Policy
 metadata :
  name : policy-namespace
@ -7,7 +7,8 @@ spec :
  rules:
    - name: ns1
      resource:
-        kind : Namespace
+        kinds : 
+        - Namespace
        selector:
          matchLabels:
            LabelForSelector : "namespace"
--- a/test/NetworkPolicy/policy-network-policy.yaml
+++ b/test/NetworkPolicy/policy-network-policy.yaml
@ -1,4 +1,4 @@
-apiVersion: kubepolicy.nirmata.io/v1alpha1
+apiVersion: kyverno.nirmata.io/v1alpha1
 kind: Policy
 metadata:
  name: policy-network-policy
@ -6,7 +6,8 @@ spec:
  rules:
    - name: np1
      resource:
-        kind : NetworkPolicy
+        kinds : 
+        - NetworkPolicy
        selector:
          matchLabels:
            originalLabel: isHere
--- a/test/PersistentVolumeClaim/policy-PVC.yaml
+++ b/test/PersistentVolumeClaim/policy-PVC.yaml
@ -1,4 +1,4 @@
-apiVersion: kubepolicy.nirmata.io/v1alpha1
+apiVersion: kyverno.nirmata.io/v1alpha1
 kind: Policy
 metadata:
  name: policy-pvc
@ -6,7 +6,8 @@ spec:
  rules:
    - name: pvc1
      resource:
-        kind : PersistentVolumeClaim
+        kinds : 
+        - PersistentVolumeClaim
        matchLabels:
            originalLabel: isHere
      mutate:
--- a/test/PodDisruptionBudget/policy-pdb.yaml
+++ b/test/PodDisruptionBudget/policy-pdb.yaml
@ -1,4 +1,4 @@
-apiVersion: kubepolicy.nirmata.io/v1alpha1
+apiVersion: kyverno.nirmata.io/v1alpha1
 kind: Policy
 metadata:
  name: policy-pdb
@ -6,7 +6,8 @@ spec:
  rules:
    - name: pdb1
      resource:
-        kind : PodDisruptionBudget
+        kinds : 
+        - PodDisruptionBudget
        name: "game-pdb"
      mutate:
        patches:
--- a/test/PodTemplate/policy-PodTemplate.yaml
+++ b/test/PodTemplate/policy-PodTemplate.yaml
@ -1,4 +1,4 @@
-apiVersion: kubepolicy.nirmata.io/v1alpha1
+apiVersion: kyverno.nirmata.io/v1alpha1
 kind: Policy
 metadata:
  name: test-podtemplate
@ -6,7 +6,8 @@ spec:
  rules:
    - name: podtemplate1
      resource:
-        kind : PodTemplate
+        kinds : 
+        - PodTemplate
        selector:
          matchLabels:
            originalLabel: isHere
--- a/test/ResourceQuota/policy-quota-validation.yaml
+++ b/test/ResourceQuota/policy-quota-validation.yaml
@ -1,12 +1,13 @@
-apiVersion : kubepolicy.nirmata.io/v1alpha1
+apiVersion : kyverno.nirmata.io/v1alpha1
 kind : Policy
 metadata :
  name : policy-quota-low-test-validation
 spec :
  rules:
-    - name:
+    - name: "rule1"
      resource:
-        kind : ResourceQuota
+        kinds : 
+        - ResourceQuota
        selector:
          matchLabels:
            quota: low
@ -16,9 +17,10 @@ spec :
          spec:
            hard:
              memory: "8Gi|12Gi"
-    - name:
+    - name: "rule2"
      resource:
-        kind : ResourceQuota
+        kinds : 
+        - ResourceQuota
        selector:
          matchLabels:
            quota: low
@ -28,9 +30,10 @@ spec :
          spec:
            hard:
              cpu: <3
-    - name:
+    - name: "rule3"
      resource:
-        kind : ResourceQuota
+        kinds : 
+        - ResourceQuota
        selector:
          matchLabels:
            quota: low
--- a/test/ResourceQuota/policy-quota.yaml
+++ b/test/ResourceQuota/policy-quota.yaml
@ -1,12 +1,13 @@
-apiVersion : kubepolicy.nirmata.io/v1alpha1
+apiVersion : kyverno.nirmata.io/v1alpha1
 kind : Policy
 metadata :
  name : policy-quota-low-test
 spec :
  rules:
-    - name:
+    - name: "rule"
      resource:
-        kind : ResourceQuota
+        kinds : 
+        - ResourceQuota
        selector:
          matchLabels:
            quota: low
--- a/test/Secret/policy-secret.yaml
+++ b/test/Secret/policy-secret.yaml
@ -1,4 +1,4 @@
-apiVersion: kubepolicy.nirmata.io/v1alpha1
+apiVersion: kyverno.nirmata.io/v1alpha1
 kind: Policy
 metadata:
  name: policy-secrets
@ -6,7 +6,8 @@ spec:
  rules:
    - name: secret1
      resource:
-        kind : Secret
+        kinds : 
+        - Secret
        name: "mysecret"
      mutate:
        patches:
--- a/test/Service/policy-service.yaml
+++ b/test/Service/policy-service.yaml
@ -1,4 +1,4 @@
-apiVersion : kubepolicy.nirmata.io/v1alpha1
+apiVersion : kyverno.nirmata.io/v1alpha1
 kind : Policy
 metadata :
  name : policy-service
@ -6,7 +6,8 @@ spec :
  rules:
    - name: ps1
      resource:
-        kind: Service
+        kinds: 
+        - Service
        name: "game-service*"
      mutate:
        patches:
--- a/test/StatefulSet/policy-StatefulSet.yaml
+++ b/test/StatefulSet/policy-StatefulSet.yaml
@ -1,4 +1,4 @@
-apiVersion: kubepolicy.nirmata.io/v1alpha1
+apiVersion: kyverno.nirmata.io/v1alpha1
 kind: Policy
 metadata:
  name: policy-statefulset
@ -6,7 +6,8 @@ spec:
  rules:
    - name: statefulset1
      resource:
-        kind : StatefulSet
+        kinds : 
+        - StatefulSet
        selector:
          matchLabels:
            originalLabel: isHere