From 888d2ae171151dad497ccbe538fa3f7cb43b9a34 Mon Sep 17 00:00:00 2001
From: shravan <shravan.ss@zopsmart.com>
Date: Wed, 4 Mar 2020 19:16:26 +0530
Subject: [PATCH] 522 save commit

---
 cmd/kyverno/main.go    | 6 ++++++
 pkg/openapi/crdSync.go | 1 +
 pkg/policy/validate.go | 6 ++++++
 3 files changed, 13 insertions(+)

diff --git a/cmd/kyverno/main.go b/cmd/kyverno/main.go
index 62cefceeb9..3fcc02a047 100644
--- a/cmd/kyverno/main.go
+++ b/cmd/kyverno/main.go
@@ -5,6 +5,8 @@ import (
 	"flag"
 	"time"
 
+	"github.com/nirmata/kyverno/pkg/openapi"
+
 	"github.com/golang/glog"
 	"github.com/nirmata/kyverno/pkg/checker"
 	kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
@@ -200,6 +202,9 @@ func main() {
 		glog.Fatalf("Failed registering Admission Webhooks: %v\n", err)
 	}
 
+	// Sync openAPI definitions of resources
+	openApiSync := openapi.NewCRDSync(client)
+
 	// WEBHOOOK
 	// - https server to provide endpoints called based on rules defined in Mutating & Validation webhook configuration
 	// - reports the results based on the response from the policy engine:
@@ -238,6 +243,7 @@ func main() {
 	go grc.Run(1, stopCh)
 	go grcc.Run(1, stopCh)
 	go pvgen.Run(1, stopCh)
+	go openApiSync.Run(1, stopCh)
 
 	// verifys if the admission control is enabled and active
 	// resync: 60 seconds
diff --git a/pkg/openapi/crdSync.go b/pkg/openapi/crdSync.go
index 1ad171514e..f32c845b23 100644
--- a/pkg/openapi/crdSync.go
+++ b/pkg/openapi/crdSync.go
@@ -23,6 +23,7 @@ func (c *crdSync) Run(workers int, stopCh <-chan struct{}) {
 	for i := 0; i < workers; i++ {
 		go wait.Until(c.syncCrd, time.Second*10, stopCh)
 	}
+	<-stopCh
 }
 
 func (c *crdSync) syncCrd() {
diff --git a/pkg/policy/validate.go b/pkg/policy/validate.go
index bc44d7524f..4789687afa 100644
--- a/pkg/policy/validate.go
+++ b/pkg/policy/validate.go
@@ -8,6 +8,8 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/nirmata/kyverno/pkg/openapi"
+
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
 	"github.com/nirmata/kyverno/pkg/engine/anchor"
 	rbacv1 "k8s.io/api/rbac/v1"
@@ -80,6 +82,10 @@ func Validate(p kyverno.ClusterPolicy) error {
 		}
 	}
 
+	if err := openapi.ValidatePolicyMutation(p); err != nil {
+		return err
+	}
+
 	return nil
 }