remove overlay failure conditionNotPresent as it allows the tag not present

pkg/engine/mutation.go

@@ -62,9 +62,10 @@ func Mutate(policyContext PolicyContext) (response EngineResponse) {
 			ruleResponse, patchedResource = processOverlay(rule, resource)
 			if ruleResponse.Success == true && ruleResponse.Patches == nil {
 				// overlay pattern does not match the resource conditions
-				glog.Infof(ruleResponse.Message)
+				glog.V(4).Infof(ruleResponse.Message)
 				continue
 			}
+			glog.Infof("Mutate overlay in rule '%s' successfully applied on %s/%s/%s", rule.Name, resource.GetKind(), resource.GetNamespace(), resource.GetName())
 			response.PolicyResponse.Rules = append(response.PolicyResponse.Rules, ruleResponse)
 			incrementAppliedRuleCount()
 		}
@@ -73,6 +74,7 @@ func Mutate(policyContext PolicyContext) (response EngineResponse) {
 		if rule.Mutation.Patches != nil {
 			var ruleResponse RuleResponse
 			ruleResponse, patchedResource = processPatches(rule, resource)
+			glog.Infof("Mutate patches in rule '%s' successfully applied on %s/%s/%s", rule.Name, resource.GetKind(), resource.GetNamespace(), resource.GetName())
 			response.PolicyResponse.Rules = append(response.PolicyResponse.Rules, ruleResponse)
 			incrementAppliedRuleCount()
 		}

pkg/engine/overlay.go

@@ -31,13 +31,6 @@ func processOverlay(rule kyverno.Rule, resource unstructured.Unstructured) (resp
 	// resource does not satisfy the overlay pattern, we don't apply this rule
 	if !reflect.DeepEqual(overlayerr, overlayError{}) {
 		switch overlayerr.statusCode {
-		// condition key is not present in the resource, don't apply this rule
-		// consider as success
-		case conditionNotPresent:
-			glog.Infof("Resource %s/%s/%s: %s", resource.GetKind(), resource.GetNamespace(), resource.GetName(), overlayerr.ErrorMsg())
-			response.Success = true
-			response.Message = overlayerr.ErrorMsg()
-			return response, resource
 		// conditions are not met, don't apply this rule
 		// consider as failure
 		case conditionFailure:
@@ -95,13 +88,8 @@ func processOverlay(rule kyverno.Rule, resource unstructured.Unstructured) (resp
 
 func processOverlayPatches(resource, overlay interface{}) ([][]byte, overlayError) {
 	if path, overlayerr := meetConditions(resource, overlay); !reflect.DeepEqual(overlayerr, overlayError{}) {
-		switch overlayerr.statusCode {
-		// anchor key does not exist in the resource, skip applying policy
-		case conditionNotPresent:
-			glog.V(4).Infof("Mutate rule: policy not applied: %v at %s", overlayerr, path)
-			return nil, newOverlayError(overlayerr.statusCode, fmt.Sprintf("policy not applied: %v at %s", overlayerr.ErrorMsg(), path))
-		// anchor key is not satisfied in the resource, skip applying policy
-		case conditionFailure:
+		if overlayerr.statusCode == conditionFailure {
+			// anchor key is not satisfied in the resource, skip applying policy
 			glog.V(4).Infof("Mutate rule: failed to validate condition at %s, err: %v", path, overlayerr)
 			return nil, newOverlayError(overlayerr.statusCode, fmt.Sprintf("Conditions are not met at %s, %v", path, overlayerr))
 		}

pkg/engine/overlayCondition.go

@@ -98,7 +98,7 @@ func validateConditionAnchorMap(resourceMap, anchors map[string]interface{}, pat
 			}
 		} else {
 			// noAnchorKey doesn't exist in resource
-			return curPath, newOverlayError(conditionNotPresent, fmt.Sprintf("resource field is not present %s", noAnchorKey))
+			continue
 		}
 	}
 	return "", overlayError{}

pkg/engine/overlayError.go

@@ -6,7 +6,6 @@ type codeKey int
 
 const (
 	conditionFailure codeKey = iota
-	conditionNotPresent
 	overlayFailure
 )
 

samples/best_practices/add_safe-to-evict_annotation.yaml

@@ -31,7 +31,7 @@ spec:
       overlay:
         metadata:
           annotations:
-            +(cluster-autoscaler.kubernetes.io/safe-to-evict): "true"
+            +(cluster-autoscaler.kubernetes.io/safe-to-evictt): "true"
         spec:          
           volumes: 
           - (hostPath):