From 83ecd959451aa24f2b3170ae16fe51b788a18679 Mon Sep 17 00:00:00 2001
From: shravan <shravan.ss@zopsmart.com>
Date: Wed, 15 Apr 2020 21:17:14 +0530
Subject: [PATCH] 744 added all request values to context

---
 definitions/install.yaml        | 19 +++++++------------
 definitions/install_debug.yaml  | 19 +++++++------------
 pkg/engine/context/context.go   | 18 ++++++++++++++++++
 pkg/policy/validate/validate.go |  4 ++--
 pkg/webhooks/server.go          |  8 ++++++++
 5 files changed, 42 insertions(+), 26 deletions(-)

diff --git a/definitions/install.yaml b/definitions/install.yaml
index 72ba5cf550..d85ad4574d 100644
--- a/definitions/install.yaml
+++ b/definitions/install.yaml
@@ -209,18 +209,13 @@ spec:
                       anyPattern:
                         AnyValue: {}
                       deny:
-                        type: object
-                        properties:
-                          message:
-                            type: string
-                          conditions:
-                            type: array
-                            items:
-                              type: object
-                              required:
-                                - key  # can be of any type
-                                - operator # typed
-                                - value # can be of any type
+                        type: array
+                        items:
+                          type: object
+                          required:
+                            - key  # can be of any type
+                            - operator # typed
+                            - value # can be of any type
                   generate:
                     type: object
                     required:
diff --git a/definitions/install_debug.yaml b/definitions/install_debug.yaml
index 3c416a9ede..6984c76187 100644
--- a/definitions/install_debug.yaml
+++ b/definitions/install_debug.yaml
@@ -209,18 +209,13 @@ spec:
                       anyPattern:
                         AnyValue: {}
                       deny:
-                        type: object
-                        properties:
-                          message:
-                            type: string
-                          conditions:
-                            type: array
-                            items:
-                              type: object
-                              required:
-                                - key  # can be of any type
-                                - operator # typed
-                                - value # can be of any type
+                        type: array
+                        items:
+                          type: object
+                          required:
+                            - key  # can be of any type
+                            - operator # typed
+                            - value # can be of any type
                   generate:
                     type: object
                     required:
diff --git a/pkg/engine/context/context.go b/pkg/engine/context/context.go
index 163e81fef0..eba01a1538 100644
--- a/pkg/engine/context/context.go
+++ b/pkg/engine/context/context.go
@@ -5,6 +5,8 @@ import (
 	"strings"
 	"sync"
 
+	"k8s.io/api/admission/v1beta1"
+
 	jsonpatch "github.com/evanphx/json-patch"
 	"github.com/go-logr/logr"
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
@@ -63,6 +65,22 @@ func (ctx *Context) AddJSON(dataRaw []byte) error {
 	return nil
 }
 
+//AddResource data at path: request.object
+func (ctx *Context) AddRequest(request *v1beta1.AdmissionRequest) error {
+	modifiedResource := struct {
+		Request interface{} `json:"request"`
+	}{
+		Request: request,
+	}
+
+	objRaw, err := json.Marshal(modifiedResource)
+	if err != nil {
+		ctx.log.Error(err, "failed to marshal the UserInfo")
+		return err
+	}
+	return ctx.AddJSON(objRaw)
+}
+
 //AddResource data at path: request.object
 func (ctx *Context) AddResource(dataRaw []byte) error {
 
diff --git a/pkg/policy/validate/validate.go b/pkg/policy/validate/validate.go
index 3889f9f163..1e705758aa 100644
--- a/pkg/policy/validate/validate.go
+++ b/pkg/policy/validate/validate.go
@@ -49,8 +49,8 @@ func (v *Validate) Validate() (string, error) {
 // validateOverlayPattern checks one of pattern/anyPattern must exist
 func (v *Validate) validateOverlayPattern() error {
 	rule := v.rule
-	if rule.Pattern == nil && len(rule.AnyPattern) == 0 {
-		return fmt.Errorf("a pattern or anyPattern must be specified")
+	if rule.Pattern == nil && len(rule.AnyPattern) == 0 && len(rule.Deny) == 0 {
+		return fmt.Errorf("a pattern or anyPattern or deny must be specified")
 	}
 
 	if rule.Pattern != nil && len(rule.AnyPattern) != 0 {
diff --git a/pkg/webhooks/server.go b/pkg/webhooks/server.go
index 350f3a6ccb..23e8ccd6e8 100644
--- a/pkg/webhooks/server.go
+++ b/pkg/webhooks/server.go
@@ -242,6 +242,10 @@ func (ws *WebhookServer) resourceMutation(request *v1beta1.AdmissionRequest) *v1
 
 	// build context
 	ctx := context2.NewContext()
+	err = ctx.AddRequest(request)
+	if err != nil {
+		logger.Error(err, "failed to load incoming request in context")
+	}
 	// load incoming resource into the context
 	err = ctx.AddResource(request.Object.Raw)
 	if err != nil {
@@ -336,6 +340,10 @@ func (ws *WebhookServer) resourceValidation(request *v1beta1.AdmissionRequest) *
 
 	// build context
 	ctx := context2.NewContext()
+	err = ctx.AddRequest(request)
+	if err != nil {
+		logger.Error(err, "failed to load incoming request in context")
+	}
 	// load incoming resource into the context
 	err = ctx.AddResource(request.Object.Raw)
 	if err != nil {