sync Status in Policy

pkg/api/kyverno/register.go

@@ -0,0 +1,6 @@
+package kyverno
+
+const (
+	// GroupName must be the same as specified in Policy CRD
+	GroupName = "kyverno.io"
+)

pkg/api/kyverno/v1alpha1/doc.go

@@ -0,0 +1,4 @@
+// +k8s:deepcopy-gen=package
+// +groupName=kyverno.io
+
+package v1alpha1

pkg/api/kyverno/v1alpha1/register.go

@@ -0,0 +1,37 @@
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+
+	"github.com/nirmata/kyverno/pkg/apis/policy"
+)
+
+// SchemeGroupVersion is group version used to register these objects
+var SchemeGroupVersion = schema.GroupVersion{Group: policy.GroupName, Version: "v1alpha1"}
+
+// Kind takes an unqualified kind and returns back a Group qualified GroupKind
+func Kind(kind string) schema.GroupKind {
+	return SchemeGroupVersion.WithKind(kind).GroupKind()
+}
+
+// Resource takes an unqualified resource and returns a Group qualified GroupResource
+func Resource(resource string) schema.GroupResource {
+	return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
+
+var (
+	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
+	AddToScheme   = SchemeBuilder.AddToScheme
+)
+
+// Adds the list of known types to Scheme.
+func addKnownTypes(scheme *runtime.Scheme) error {
+	scheme.AddKnownTypes(SchemeGroupVersion,
+		&PolicyViolation{},
+		&PolicyViolationList{},
+	)
+	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
+	return nil
+}

pkg/api/kyverno/v1alpha1/types.go

@@ -0,0 +1,143 @@
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// Policy contains rules to be applied to created resources
+type Policy struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	Spec              Spec         `json:"spec"`
+	Status            PolicyStatus `json:"status"`
+}
+
+// Spec describes policy behavior by its rules
+type Spec struct {
+	Rules                   []Rule `json:"rules"`
+	ValidationFailureAction string `json:"validationFailureAction"`
+}
+
+// Rule is set of mutation, validation and generation actions
+// for the single resource description
+type Rule struct {
+	Name             string           `json:"name"`
+	MatchResources   MatchResources   `json:"match"`
+	ExcludeResources ExcludeResources `json:"exclude,omitempty"`
+	Mutation         Mutation         `json:"mutate"`
+	Validation       Validation       `json:"validate"`
+	Generation       Generation       `json:"generate"`
+}
+
+//MatchResources contains resource description of the resources that the rule is to apply on
+type MatchResources struct {
+	ResourceDescription `json:"resources"`
+}
+
+//ExcludeResources container resource description of the resources that are to be excluded from the applying the policy rule
+type ExcludeResources struct {
+	ResourceDescription `json:"resources"`
+}
+
+// ResourceDescription describes the resource to which the PolicyRule will be applied.
+type ResourceDescription struct {
+	Kinds     []string              `json:"kinds"`
+	Name      string                `json:"name"`
+	Namespace string                `json:"namespace,omitempty"`
+	Selector  *metav1.LabelSelector `json:"selector"`
+}
+
+// Mutation describes the way how Mutating Webhook will react on resource creation
+type Mutation struct {
+	Overlay interface{} `json:"overlay"`
+	Patches []Patch     `json:"patches"`
+}
+
+// +k8s:deepcopy-gen=false
+
+// Patch declares patch operation for created object according to RFC 6902
+type Patch struct {
+	Path      string      `json:"path"`
+	Operation string      `json:"op"`
+	Value     interface{} `json:"value"`
+}
+
+// Validation describes the way how Validating Webhook will check the resource on creation
+type Validation struct {
+	Message string      `json:"message"`
+	Pattern interface{} `json:"pattern"`
+}
+
+// Generation describes which resources will be created when other resource is created
+type Generation struct {
+	Kind  string      `json:"kind"`
+	Name  string      `json:"name"`
+	Data  interface{} `json:"data"`
+	Clone CloneFrom   `json:"clone"`
+}
+
+// CloneFrom - location of a Secret or a ConfigMap
+// which will be used as source when applying 'generate'
+type CloneFrom struct {
+	Namespace string `json:"namespace"`
+	Name      string `json:"name"`
+}
+
+//PolicyStatus provides status for violations
+type PolicyStatus struct {
+	Violations int `json:"violations"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// PolicyList is a list of Policy resources
+type PolicyList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata"`
+	Items           []Policy `json:"items"`
+}
+
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// PolicyViolation stores the information regarinding the resources for which a policy failed to apply
+type PolicyViolation struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	Spec              PolicyViolationSpec `json:"spec"`
+	Status            string              `json:"status"`
+}
+
+// PolicyViolationSpec describes policy behavior by its rules
+type PolicyViolationSpec struct {
+	Policy        string `json:"policy"`
+	ResourceSpec  `json:"resource"`
+	ViolatedRules []ViolatedRule `json:"rules"`
+}
+
+// ResourceSpec information to identify the resource
+type ResourceSpec struct {
+	Kind      string `json:"kind"`
+	Namespace string `json:"namespace,omitempty"`
+	Name      string `json:"name"`
+}
+
+type ViolatedRule struct {
+	Name    string `json:"name"`
+	Type    string `json:"type"`
+	Message string `json:"message"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// PolicyViolationList is a list of Policy Violation
+type PolicyViolationList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata"`
+	Items           []PolicyViolation `json:"items"`
+}

pkg/api/kyverno/v1alpha1/utils.go

@@ -0,0 +1,103 @@
+package v1alpha1
+
+import (
+	"errors"
+	"fmt"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// Validate checks if rule is not empty and all substructures are valid
+func (r *Rule) Validate() error {
+	// check matches Resoource Description of match resource
+	err := r.MatchResources.ResourceDescription.Validate()
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// Validate checks if all necesarry fields are present and have values. Also checks a Selector.
+// Returns error if
+// - kinds is not defined
+func (pr *ResourceDescription) Validate() error {
+	if len(pr.Kinds) == 0 {
+		return errors.New("The Kind is not specified")
+	}
+
+	if pr.Selector != nil {
+		selector, err := metav1.LabelSelectorAsSelector(pr.Selector)
+		if err != nil {
+			return err
+		}
+		requirements, _ := selector.Requirements()
+		if len(requirements) == 0 {
+			return errors.New("The requirements are not specified in selector")
+		}
+	}
+
+	return nil
+}
+
+// Validate if all mandatory PolicyPatch fields are set
+func (pp *Patch) Validate() error {
+	if pp.Path == "" {
+		return errors.New("JSONPatch field 'path' is mandatory")
+	}
+
+	if pp.Operation == "add" || pp.Operation == "replace" {
+		if pp.Value == nil {
+			return fmt.Errorf("JSONPatch field 'value' is mandatory for operation '%s'", pp.Operation)
+		}
+
+		return nil
+	} else if pp.Operation == "remove" {
+		return nil
+	}
+
+	return fmt.Errorf("Unsupported JSONPatch operation '%s'", pp.Operation)
+}
+
+// Validate returns error if generator is configured incompletely
+func (gen *Generation) Validate() error {
+	if gen.Data == nil && gen.Clone == (CloneFrom{}) {
+		return fmt.Errorf("Neither data nor clone (source) of %s is specified", gen.Kind)
+	}
+	if gen.Data != nil && gen.Clone != (CloneFrom{}) {
+		return fmt.Errorf("Both data nor clone (source) of %s are specified", gen.Kind)
+	}
+	return nil
+}
+
+// DeepCopyInto is declared because k8s:deepcopy-gen is
+// not able to generate this method for interface{} member
+func (in *Mutation) DeepCopyInto(out *Mutation) {
+	if out != nil {
+		*out = *in
+	}
+}
+
+// DeepCopyInto is declared because k8s:deepcopy-gen is
+// not able to generate this method for interface{} member
+func (pp *Patch) DeepCopyInto(out *Patch) {
+	if out != nil {
+		*out = *pp
+	}
+}
+
+// DeepCopyInto is declared because k8s:deepcopy-gen is
+// not able to generate this method for interface{} member
+func (in *Validation) DeepCopyInto(out *Validation) {
+	if out != nil {
+		*out = *in
+	}
+}
+
+// DeepCopyInto is declared because k8s:deepcopy-gen is
+// not able to generate this method for interface{} member
+func (gen *Generation) DeepCopyInto(out *Generation) {
+	if out != nil {
+		*out = *gen
+	}
+}

pkg/api/kyverno/v1alpha1/zz_generated.deepcopy.go

@@ -0,0 +1,367 @@
+// +build !ignore_autogenerated
+
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by deepcopy-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CloneFrom) DeepCopyInto(out *CloneFrom) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloneFrom.
+func (in *CloneFrom) DeepCopy() *CloneFrom {
+	if in == nil {
+		return nil
+	}
+	out := new(CloneFrom)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExcludeResources) DeepCopyInto(out *ExcludeResources) {
+	*out = *in
+	in.ResourceDescription.DeepCopyInto(&out.ResourceDescription)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExcludeResources.
+func (in *ExcludeResources) DeepCopy() *ExcludeResources {
+	if in == nil {
+		return nil
+	}
+	out := new(ExcludeResources)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Generation.
+func (in *Generation) DeepCopy() *Generation {
+	if in == nil {
+		return nil
+	}
+	out := new(Generation)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *MatchResources) DeepCopyInto(out *MatchResources) {
+	*out = *in
+	in.ResourceDescription.DeepCopyInto(&out.ResourceDescription)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MatchResources.
+func (in *MatchResources) DeepCopy() *MatchResources {
+	if in == nil {
+		return nil
+	}
+	out := new(MatchResources)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Mutation.
+func (in *Mutation) DeepCopy() *Mutation {
+	if in == nil {
+		return nil
+	}
+	out := new(Mutation)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Policy) DeepCopyInto(out *Policy) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	out.Status = in.Status
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.
+func (in *Policy) DeepCopy() *Policy {
+	if in == nil {
+		return nil
+	}
+	out := new(Policy)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *Policy) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PolicyList) DeepCopyInto(out *PolicyList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	out.ListMeta = in.ListMeta
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]Policy, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyList.
+func (in *PolicyList) DeepCopy() *PolicyList {
+	if in == nil {
+		return nil
+	}
+	out := new(PolicyList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *PolicyList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PolicyStatus) DeepCopyInto(out *PolicyStatus) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyStatus.
+func (in *PolicyStatus) DeepCopy() *PolicyStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(PolicyStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PolicyViolation) DeepCopyInto(out *PolicyViolation) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyViolation.
+func (in *PolicyViolation) DeepCopy() *PolicyViolation {
+	if in == nil {
+		return nil
+	}
+	out := new(PolicyViolation)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *PolicyViolation) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PolicyViolationList) DeepCopyInto(out *PolicyViolationList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	out.ListMeta = in.ListMeta
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]PolicyViolation, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyViolationList.
+func (in *PolicyViolationList) DeepCopy() *PolicyViolationList {
+	if in == nil {
+		return nil
+	}
+	out := new(PolicyViolationList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *PolicyViolationList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PolicyViolationSpec) DeepCopyInto(out *PolicyViolationSpec) {
+	*out = *in
+	out.ResourceSpec = in.ResourceSpec
+	if in.ViolatedRules != nil {
+		in, out := &in.ViolatedRules, &out.ViolatedRules
+		*out = make([]ViolatedRule, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyViolationSpec.
+func (in *PolicyViolationSpec) DeepCopy() *PolicyViolationSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(PolicyViolationSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ResourceDescription) DeepCopyInto(out *ResourceDescription) {
+	*out = *in
+	if in.Kinds != nil {
+		in, out := &in.Kinds, &out.Kinds
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.Selector != nil {
+		in, out := &in.Selector, &out.Selector
+		*out = new(v1.LabelSelector)
+		(*in).DeepCopyInto(*out)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceDescription.
+func (in *ResourceDescription) DeepCopy() *ResourceDescription {
+	if in == nil {
+		return nil
+	}
+	out := new(ResourceDescription)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ResourceSpec) DeepCopyInto(out *ResourceSpec) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceSpec.
+func (in *ResourceSpec) DeepCopy() *ResourceSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(ResourceSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Rule) DeepCopyInto(out *Rule) {
+	*out = *in
+	in.MatchResources.DeepCopyInto(&out.MatchResources)
+	in.ExcludeResources.DeepCopyInto(&out.ExcludeResources)
+	in.Mutation.DeepCopyInto(&out.Mutation)
+	in.Validation.DeepCopyInto(&out.Validation)
+	in.Generation.DeepCopyInto(&out.Generation)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule.
+func (in *Rule) DeepCopy() *Rule {
+	if in == nil {
+		return nil
+	}
+	out := new(Rule)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Spec) DeepCopyInto(out *Spec) {
+	*out = *in
+	if in.Rules != nil {
+		in, out := &in.Rules, &out.Rules
+		*out = make([]Rule, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Spec.
+func (in *Spec) DeepCopy() *Spec {
+	if in == nil {
+		return nil
+	}
+	out := new(Spec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Validation.
+func (in *Validation) DeepCopy() *Validation {
+	if in == nil {
+		return nil
+	}
+	out := new(Validation)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ViolatedRule) DeepCopyInto(out *ViolatedRule) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ViolatedRule.
+func (in *ViolatedRule) DeepCopy() *ViolatedRule {
+	if in == nil {
+		return nil
+	}
+	out := new(ViolatedRule)
+	in.DeepCopyInto(out)
+	return out
+}

pkg/clientNew/clientset/versioned/typed/kyverno/v1alpha1/doc.go

@@ -0,0 +1,20 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+// This package has the automatically generated typed clients.
+package v1alpha1

pkg/clientNew/clientset/versioned/typed/kyverno/v1alpha1/fake/doc.go

@@ -0,0 +1,20 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+// Package fake has the automatically generated clients.
+package fake

pkg/clientNew/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_kyverno_client.go

@@ -0,0 +1,44 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	v1alpha1 "github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned/typed/kyverno/v1alpha1"
+	rest "k8s.io/client-go/rest"
+	testing "k8s.io/client-go/testing"
+)
+
+type FakeKyvernoV1alpha1 struct {
+	*testing.Fake
+}
+
+func (c *FakeKyvernoV1alpha1) Policies() v1alpha1.PolicyInterface {
+	return &FakePolicies{c}
+}
+
+func (c *FakeKyvernoV1alpha1) PolicyViolations() v1alpha1.PolicyViolationInterface {
+	return &FakePolicyViolations{c}
+}
+
+// RESTClient returns a RESTClient that is used to communicate
+// with API server by this client implementation.
+func (c *FakeKyvernoV1alpha1) RESTClient() rest.Interface {
+	var ret *rest.RESTClient
+	return ret
+}

pkg/clientNew/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_policy.go

@@ -0,0 +1,131 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+)
+
+// FakePolicies implements PolicyInterface
+type FakePolicies struct {
+	Fake *FakeKyvernoV1alpha1
+}
+
+var policiesResource = schema.GroupVersionResource{Group: "kyverno.io", Version: "v1alpha1", Resource: "policies"}
+
+var policiesKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1alpha1", Kind: "Policy"}
+
+// Get takes name of the policy, and returns the corresponding policy object, and an error if there is any.
+func (c *FakePolicies) Get(name string, options v1.GetOptions) (result *v1alpha1.Policy, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootGetAction(policiesResource, name), &v1alpha1.Policy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.Policy), err
+}
+
+// List takes label and field selectors, and returns the list of Policies that match those selectors.
+func (c *FakePolicies) List(opts v1.ListOptions) (result *v1alpha1.PolicyList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootListAction(policiesResource, policiesKind, opts), &v1alpha1.PolicyList{})
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1alpha1.PolicyList{ListMeta: obj.(*v1alpha1.PolicyList).ListMeta}
+	for _, item := range obj.(*v1alpha1.PolicyList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested policies.
+func (c *FakePolicies) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewRootWatchAction(policiesResource, opts))
+}
+
+// Create takes the representation of a policy and creates it.  Returns the server's representation of the policy, and an error, if there is any.
+func (c *FakePolicies) Create(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootCreateAction(policiesResource, policy), &v1alpha1.Policy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.Policy), err
+}
+
+// Update takes the representation of a policy and updates it. Returns the server's representation of the policy, and an error, if there is any.
+func (c *FakePolicies) Update(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootUpdateAction(policiesResource, policy), &v1alpha1.Policy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.Policy), err
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *FakePolicies) UpdateStatus(policy *v1alpha1.Policy) (*v1alpha1.Policy, error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootUpdateSubresourceAction(policiesResource, "status", policy), &v1alpha1.Policy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.Policy), err
+}
+
+// Delete takes name of the policy and deletes it. Returns an error if one occurs.
+func (c *FakePolicies) Delete(name string, options *v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewRootDeleteAction(policiesResource, name), &v1alpha1.Policy{})
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakePolicies) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	action := testing.NewRootDeleteCollectionAction(policiesResource, listOptions)
+
+	_, err := c.Fake.Invokes(action, &v1alpha1.PolicyList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched policy.
+func (c *FakePolicies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.Policy, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootPatchSubresourceAction(policiesResource, name, pt, data, subresources...), &v1alpha1.Policy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.Policy), err
+}

pkg/clientNew/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_policyviolation.go

@@ -0,0 +1,131 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+)
+
+// FakePolicyViolations implements PolicyViolationInterface
+type FakePolicyViolations struct {
+	Fake *FakeKyvernoV1alpha1
+}
+
+var policyviolationsResource = schema.GroupVersionResource{Group: "kyverno.io", Version: "v1alpha1", Resource: "policyviolations"}
+
+var policyviolationsKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1alpha1", Kind: "PolicyViolation"}
+
+// Get takes name of the policyViolation, and returns the corresponding policyViolation object, and an error if there is any.
+func (c *FakePolicyViolations) Get(name string, options v1.GetOptions) (result *v1alpha1.PolicyViolation, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootGetAction(policyviolationsResource, name), &v1alpha1.PolicyViolation{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.PolicyViolation), err
+}
+
+// List takes label and field selectors, and returns the list of PolicyViolations that match those selectors.
+func (c *FakePolicyViolations) List(opts v1.ListOptions) (result *v1alpha1.PolicyViolationList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootListAction(policyviolationsResource, policyviolationsKind, opts), &v1alpha1.PolicyViolationList{})
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1alpha1.PolicyViolationList{ListMeta: obj.(*v1alpha1.PolicyViolationList).ListMeta}
+	for _, item := range obj.(*v1alpha1.PolicyViolationList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested policyViolations.
+func (c *FakePolicyViolations) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewRootWatchAction(policyviolationsResource, opts))
+}
+
+// Create takes the representation of a policyViolation and creates it.  Returns the server's representation of the policyViolation, and an error, if there is any.
+func (c *FakePolicyViolations) Create(policyViolation *v1alpha1.PolicyViolation) (result *v1alpha1.PolicyViolation, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootCreateAction(policyviolationsResource, policyViolation), &v1alpha1.PolicyViolation{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.PolicyViolation), err
+}
+
+// Update takes the representation of a policyViolation and updates it. Returns the server's representation of the policyViolation, and an error, if there is any.
+func (c *FakePolicyViolations) Update(policyViolation *v1alpha1.PolicyViolation) (result *v1alpha1.PolicyViolation, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootUpdateAction(policyviolationsResource, policyViolation), &v1alpha1.PolicyViolation{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.PolicyViolation), err
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *FakePolicyViolations) UpdateStatus(policyViolation *v1alpha1.PolicyViolation) (*v1alpha1.PolicyViolation, error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootUpdateSubresourceAction(policyviolationsResource, "status", policyViolation), &v1alpha1.PolicyViolation{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.PolicyViolation), err
+}
+
+// Delete takes name of the policyViolation and deletes it. Returns an error if one occurs.
+func (c *FakePolicyViolations) Delete(name string, options *v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewRootDeleteAction(policyviolationsResource, name), &v1alpha1.PolicyViolation{})
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakePolicyViolations) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	action := testing.NewRootDeleteCollectionAction(policyviolationsResource, listOptions)
+
+	_, err := c.Fake.Invokes(action, &v1alpha1.PolicyViolationList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched policyViolation.
+func (c *FakePolicyViolations) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.PolicyViolation, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootPatchSubresourceAction(policyviolationsResource, name, pt, data, subresources...), &v1alpha1.PolicyViolation{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.PolicyViolation), err
+}

pkg/clientNew/clientset/versioned/typed/kyverno/v1alpha1/generated_expansion.go

@@ -0,0 +1,23 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+type PolicyExpansion interface{}
+
+type PolicyViolationExpansion interface{}

pkg/clientNew/clientset/versioned/typed/kyverno/v1alpha1/kyverno_client.go

@@ -0,0 +1,95 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
+	"github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned/scheme"
+	serializer "k8s.io/apimachinery/pkg/runtime/serializer"
+	rest "k8s.io/client-go/rest"
+)
+
+type KyvernoV1alpha1Interface interface {
+	RESTClient() rest.Interface
+	PoliciesGetter
+	PolicyViolationsGetter
+}
+
+// KyvernoV1alpha1Client is used to interact with features provided by the kyverno.io group.
+type KyvernoV1alpha1Client struct {
+	restClient rest.Interface
+}
+
+func (c *KyvernoV1alpha1Client) Policies() PolicyInterface {
+	return newPolicies(c)
+}
+
+func (c *KyvernoV1alpha1Client) PolicyViolations() PolicyViolationInterface {
+	return newPolicyViolations(c)
+}
+
+// NewForConfig creates a new KyvernoV1alpha1Client for the given config.
+func NewForConfig(c *rest.Config) (*KyvernoV1alpha1Client, error) {
+	config := *c
+	if err := setConfigDefaults(&config); err != nil {
+		return nil, err
+	}
+	client, err := rest.RESTClientFor(&config)
+	if err != nil {
+		return nil, err
+	}
+	return &KyvernoV1alpha1Client{client}, nil
+}
+
+// NewForConfigOrDie creates a new KyvernoV1alpha1Client for the given config and
+// panics if there is an error in the config.
+func NewForConfigOrDie(c *rest.Config) *KyvernoV1alpha1Client {
+	client, err := NewForConfig(c)
+	if err != nil {
+		panic(err)
+	}
+	return client
+}
+
+// New creates a new KyvernoV1alpha1Client for the given RESTClient.
+func New(c rest.Interface) *KyvernoV1alpha1Client {
+	return &KyvernoV1alpha1Client{c}
+}
+
+func setConfigDefaults(config *rest.Config) error {
+	gv := v1alpha1.SchemeGroupVersion
+	config.GroupVersion = &gv
+	config.APIPath = "/apis"
+	config.NegotiatedSerializer = serializer.DirectCodecFactory{CodecFactory: scheme.Codecs}
+
+	if config.UserAgent == "" {
+		config.UserAgent = rest.DefaultKubernetesUserAgent()
+	}
+
+	return nil
+}
+
+// RESTClient returns a RESTClient that is used to communicate
+// with API server by this client implementation.
+func (c *KyvernoV1alpha1Client) RESTClient() rest.Interface {
+	if c == nil {
+		return nil
+	}
+	return c.restClient
+}

pkg/clientNew/clientset/versioned/typed/kyverno/v1alpha1/policy.go

@@ -0,0 +1,180 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	"time"
+
+	v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
+	scheme "github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned/scheme"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+)
+
+// PoliciesGetter has a method to return a PolicyInterface.
+// A group's client should implement this interface.
+type PoliciesGetter interface {
+	Policies() PolicyInterface
+}
+
+// PolicyInterface has methods to work with Policy resources.
+type PolicyInterface interface {
+	Create(*v1alpha1.Policy) (*v1alpha1.Policy, error)
+	Update(*v1alpha1.Policy) (*v1alpha1.Policy, error)
+	UpdateStatus(*v1alpha1.Policy) (*v1alpha1.Policy, error)
+	Delete(name string, options *v1.DeleteOptions) error
+	DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
+	Get(name string, options v1.GetOptions) (*v1alpha1.Policy, error)
+	List(opts v1.ListOptions) (*v1alpha1.PolicyList, error)
+	Watch(opts v1.ListOptions) (watch.Interface, error)
+	Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.Policy, err error)
+	PolicyExpansion
+}
+
+// policies implements PolicyInterface
+type policies struct {
+	client rest.Interface
+}
+
+// newPolicies returns a Policies
+func newPolicies(c *KyvernoV1alpha1Client) *policies {
+	return &policies{
+		client: c.RESTClient(),
+	}
+}
+
+// Get takes name of the policy, and returns the corresponding policy object, and an error if there is any.
+func (c *policies) Get(name string, options v1.GetOptions) (result *v1alpha1.Policy, err error) {
+	result = &v1alpha1.Policy{}
+	err = c.client.Get().
+		Resource("policies").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do().
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of Policies that match those selectors.
+func (c *policies) List(opts v1.ListOptions) (result *v1alpha1.PolicyList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1alpha1.PolicyList{}
+	err = c.client.Get().
+		Resource("policies").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do().
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested policies.
+func (c *policies) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Resource("policies").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch()
+}
+
+// Create takes the representation of a policy and creates it.  Returns the server's representation of the policy, and an error, if there is any.
+func (c *policies) Create(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) {
+	result = &v1alpha1.Policy{}
+	err = c.client.Post().
+		Resource("policies").
+		Body(policy).
+		Do().
+		Into(result)
+	return
+}
+
+// Update takes the representation of a policy and updates it. Returns the server's representation of the policy, and an error, if there is any.
+func (c *policies) Update(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) {
+	result = &v1alpha1.Policy{}
+	err = c.client.Put().
+		Resource("policies").
+		Name(policy.Name).
+		Body(policy).
+		Do().
+		Into(result)
+	return
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+
+func (c *policies) UpdateStatus(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) {
+	result = &v1alpha1.Policy{}
+	err = c.client.Put().
+		Resource("policies").
+		Name(policy.Name).
+		SubResource("status").
+		Body(policy).
+		Do().
+		Into(result)
+	return
+}
+
+// Delete takes name of the policy and deletes it. Returns an error if one occurs.
+func (c *policies) Delete(name string, options *v1.DeleteOptions) error {
+	return c.client.Delete().
+		Resource("policies").
+		Name(name).
+		Body(options).
+		Do().
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *policies) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	var timeout time.Duration
+	if listOptions.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Resource("policies").
+		VersionedParams(&listOptions, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(options).
+		Do().
+		Error()
+}
+
+// Patch applies the patch and returns the patched policy.
+func (c *policies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.Policy, err error) {
+	result = &v1alpha1.Policy{}
+	err = c.client.Patch(pt).
+		Resource("policies").
+		SubResource(subresources...).
+		Name(name).
+		Body(data).
+		Do().
+		Into(result)
+	return
+}

pkg/clientNew/clientset/versioned/typed/kyverno/v1alpha1/policyviolation.go

@@ -0,0 +1,180 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	"time"
+
+	v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
+	scheme "github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned/scheme"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+)
+
+// PolicyViolationsGetter has a method to return a PolicyViolationInterface.
+// A group's client should implement this interface.
+type PolicyViolationsGetter interface {
+	PolicyViolations() PolicyViolationInterface
+}
+
+// PolicyViolationInterface has methods to work with PolicyViolation resources.
+type PolicyViolationInterface interface {
+	Create(*v1alpha1.PolicyViolation) (*v1alpha1.PolicyViolation, error)
+	Update(*v1alpha1.PolicyViolation) (*v1alpha1.PolicyViolation, error)
+	UpdateStatus(*v1alpha1.PolicyViolation) (*v1alpha1.PolicyViolation, error)
+	Delete(name string, options *v1.DeleteOptions) error
+	DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
+	Get(name string, options v1.GetOptions) (*v1alpha1.PolicyViolation, error)
+	List(opts v1.ListOptions) (*v1alpha1.PolicyViolationList, error)
+	Watch(opts v1.ListOptions) (watch.Interface, error)
+	Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.PolicyViolation, err error)
+	PolicyViolationExpansion
+}
+
+// policyViolations implements PolicyViolationInterface
+type policyViolations struct {
+	client rest.Interface
+}
+
+// newPolicyViolations returns a PolicyViolations
+func newPolicyViolations(c *KyvernoV1alpha1Client) *policyViolations {
+	return &policyViolations{
+		client: c.RESTClient(),
+	}
+}
+
+// Get takes name of the policyViolation, and returns the corresponding policyViolation object, and an error if there is any.
+func (c *policyViolations) Get(name string, options v1.GetOptions) (result *v1alpha1.PolicyViolation, err error) {
+	result = &v1alpha1.PolicyViolation{}
+	err = c.client.Get().
+		Resource("policyviolations").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do().
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of PolicyViolations that match those selectors.
+func (c *policyViolations) List(opts v1.ListOptions) (result *v1alpha1.PolicyViolationList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1alpha1.PolicyViolationList{}
+	err = c.client.Get().
+		Resource("policyviolations").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do().
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested policyViolations.
+func (c *policyViolations) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Resource("policyviolations").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch()
+}
+
+// Create takes the representation of a policyViolation and creates it.  Returns the server's representation of the policyViolation, and an error, if there is any.
+func (c *policyViolations) Create(policyViolation *v1alpha1.PolicyViolation) (result *v1alpha1.PolicyViolation, err error) {
+	result = &v1alpha1.PolicyViolation{}
+	err = c.client.Post().
+		Resource("policyviolations").
+		Body(policyViolation).
+		Do().
+		Into(result)
+	return
+}
+
+// Update takes the representation of a policyViolation and updates it. Returns the server's representation of the policyViolation, and an error, if there is any.
+func (c *policyViolations) Update(policyViolation *v1alpha1.PolicyViolation) (result *v1alpha1.PolicyViolation, err error) {
+	result = &v1alpha1.PolicyViolation{}
+	err = c.client.Put().
+		Resource("policyviolations").
+		Name(policyViolation.Name).
+		Body(policyViolation).
+		Do().
+		Into(result)
+	return
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+
+func (c *policyViolations) UpdateStatus(policyViolation *v1alpha1.PolicyViolation) (result *v1alpha1.PolicyViolation, err error) {
+	result = &v1alpha1.PolicyViolation{}
+	err = c.client.Put().
+		Resource("policyviolations").
+		Name(policyViolation.Name).
+		SubResource("status").
+		Body(policyViolation).
+		Do().
+		Into(result)
+	return
+}
+
+// Delete takes name of the policyViolation and deletes it. Returns an error if one occurs.
+func (c *policyViolations) Delete(name string, options *v1.DeleteOptions) error {
+	return c.client.Delete().
+		Resource("policyviolations").
+		Name(name).
+		Body(options).
+		Do().
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *policyViolations) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	var timeout time.Duration
+	if listOptions.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Resource("policyviolations").
+		VersionedParams(&listOptions, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(options).
+		Do().
+		Error()
+}
+
+// Patch applies the patch and returns the patched policyViolation.
+func (c *policyViolations) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.PolicyViolation, err error) {
+	result = &v1alpha1.PolicyViolation{}
+	err = c.client.Patch(pt).
+		Resource("policyviolations").
+		SubResource(subresources...).
+		Name(name).
+		Body(data).
+		Do().
+		Into(result)
+	return
+}

pkg/clientNew/informers/externalversions/kyverno/interface.go

@@ -0,0 +1,46 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package kyverno
+
+import (
+	internalinterfaces "github.com/nirmata/kyverno/pkg/clientNew/informers/externalversions/internalinterfaces"
+	v1alpha1 "github.com/nirmata/kyverno/pkg/clientNew/informers/externalversions/kyverno/v1alpha1"
+)
+
+// Interface provides access to each of this group's versions.
+type Interface interface {
+	// V1alpha1 provides access to shared informers for resources in V1alpha1.
+	V1alpha1() v1alpha1.Interface
+}
+
+type group struct {
+	factory          internalinterfaces.SharedInformerFactory
+	namespace        string
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// New returns a new Interface.
+func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
+	return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
+}
+
+// V1alpha1 returns a new v1alpha1.Interface.
+func (g *group) V1alpha1() v1alpha1.Interface {
+	return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions)
+}

pkg/clientNew/informers/externalversions/kyverno/v1alpha1/interface.go

@@ -0,0 +1,52 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	internalinterfaces "github.com/nirmata/kyverno/pkg/clientNew/informers/externalversions/internalinterfaces"
+)
+
+// Interface provides access to all the informers in this group version.
+type Interface interface {
+	// Policies returns a PolicyInformer.
+	Policies() PolicyInformer
+	// PolicyViolations returns a PolicyViolationInformer.
+	PolicyViolations() PolicyViolationInformer
+}
+
+type version struct {
+	factory          internalinterfaces.SharedInformerFactory
+	namespace        string
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// New returns a new Interface.
+func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
+	return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
+}
+
+// Policies returns a PolicyInformer.
+func (v *version) Policies() PolicyInformer {
+	return &policyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
+}
+
+// PolicyViolations returns a PolicyViolationInformer.
+func (v *version) PolicyViolations() PolicyViolationInformer {
+	return &policyViolationInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
+}

pkg/clientNew/informers/externalversions/kyverno/v1alpha1/policy.go

@@ -0,0 +1,88 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	time "time"
+
+	kyvernov1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
+	versioned "github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned"
+	internalinterfaces "github.com/nirmata/kyverno/pkg/clientNew/informers/externalversions/internalinterfaces"
+	v1alpha1 "github.com/nirmata/kyverno/pkg/clientNew/listers/kyverno/v1alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+)
+
+// PolicyInformer provides access to a shared informer and lister for
+// Policies.
+type PolicyInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1alpha1.PolicyLister
+}
+
+type policyInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// NewPolicyInformer constructs a new informer for Policy type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewPolicyInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredPolicyInformer(client, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredPolicyInformer constructs a new informer for Policy type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredPolicyInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.KyvernoV1alpha1().Policies().List(options)
+			},
+			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.KyvernoV1alpha1().Policies().Watch(options)
+			},
+		},
+		&kyvernov1alpha1.Policy{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *policyInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredPolicyInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *policyInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&kyvernov1alpha1.Policy{}, f.defaultInformer)
+}
+
+func (f *policyInformer) Lister() v1alpha1.PolicyLister {
+	return v1alpha1.NewPolicyLister(f.Informer().GetIndexer())
+}

pkg/clientNew/informers/externalversions/kyverno/v1alpha1/policyviolation.go

@@ -0,0 +1,88 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	time "time"
+
+	kyvernov1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
+	versioned "github.com/nirmata/kyverno/pkg/clientNew/clientset/versioned"
+	internalinterfaces "github.com/nirmata/kyverno/pkg/clientNew/informers/externalversions/internalinterfaces"
+	v1alpha1 "github.com/nirmata/kyverno/pkg/clientNew/listers/kyverno/v1alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+)
+
+// PolicyViolationInformer provides access to a shared informer and lister for
+// PolicyViolations.
+type PolicyViolationInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1alpha1.PolicyViolationLister
+}
+
+type policyViolationInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// NewPolicyViolationInformer constructs a new informer for PolicyViolation type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewPolicyViolationInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredPolicyViolationInformer(client, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredPolicyViolationInformer constructs a new informer for PolicyViolation type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredPolicyViolationInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.KyvernoV1alpha1().PolicyViolations().List(options)
+			},
+			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.KyvernoV1alpha1().PolicyViolations().Watch(options)
+			},
+		},
+		&kyvernov1alpha1.PolicyViolation{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *policyViolationInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredPolicyViolationInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *policyViolationInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&kyvernov1alpha1.PolicyViolation{}, f.defaultInformer)
+}
+
+func (f *policyViolationInformer) Lister() v1alpha1.PolicyViolationLister {
+	return v1alpha1.NewPolicyViolationLister(f.Informer().GetIndexer())
+}

pkg/clientNew/listers/kyverno/v1alpha1/expansion_generated.go

@@ -0,0 +1,73 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	"fmt"
+
+	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/labels"
+)
+
+// PolicyListerExpansion allows custom methods to be added to
+// PolicyLister.
+type PolicyListerExpansion interface {
+	GetPolicyForPolicyViolation(pv *kyverno.PolicyViolation) ([]*kyverno.Policy, error)
+}
+
+// PolicyViolationListerExpansion allows custom methods to be added to
+// PolicyViolationLister.
+type PolicyViolationListerExpansion interface{}
+
+func (pl *policyLister) GetPolicyForPolicyViolation(pv *kyverno.PolicyViolation) ([]*kyverno.Policy, error) {
+	if len(pv.Labels) == 0 {
+		return nil, fmt.Errorf("no Policy found for PolicyViolation %v because it has no labels", pv.Name)
+	}
+
+	pList, err := pl.List(labels.Everything())
+	if err != nil {
+		return nil, err
+	}
+
+	var policies []*kyverno.Policy
+	for _, p := range pList {
+		labelPolicy := fmt.Sprintf("policy=%s", p.Name)
+		labelSelector, err := metav1.ParseToLabelSelector(labelPolicy)
+		if err != nil {
+			return nil, fmt.Errorf("failed to build label selector for %s: %v", labelPolicy, err)
+		}
+		selector, err := metav1.LabelSelectorAsSelector(labelSelector)
+		if err != nil {
+			return nil, fmt.Errorf("invalid label selector: %v", err)
+		}
+		// If a policy with a nil or empty selector creeps in, it should match nothing, not everything.
+		if selector.Empty() || !selector.Matches(labels.Set(pv.Labels)) {
+			continue
+		}
+		policies = append(policies, p)
+	}
+
+	if len(policies) == 0 {
+		return nil, fmt.Errorf("could not find Policy set for PolicyViolation %s with labels: %v", pv.Name, pv.Labels)
+	}
+
+	return policies, nil
+
+}

pkg/clientNew/listers/kyverno/v1alpha1/policy.go

@@ -0,0 +1,65 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+)
+
+// PolicyLister helps list Policies.
+type PolicyLister interface {
+	// List lists all Policies in the indexer.
+	List(selector labels.Selector) (ret []*v1alpha1.Policy, err error)
+	// Get retrieves the Policy from the index for a given name.
+	Get(name string) (*v1alpha1.Policy, error)
+	PolicyListerExpansion
+}
+
+// policyLister implements the PolicyLister interface.
+type policyLister struct {
+	indexer cache.Indexer
+}
+
+// NewPolicyLister returns a new PolicyLister.
+func NewPolicyLister(indexer cache.Indexer) PolicyLister {
+	return &policyLister{indexer: indexer}
+}
+
+// List lists all Policies in the indexer.
+func (s *policyLister) List(selector labels.Selector) (ret []*v1alpha1.Policy, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1alpha1.Policy))
+	})
+	return ret, err
+}
+
+// Get retrieves the Policy from the index for a given name.
+func (s *policyLister) Get(name string) (*v1alpha1.Policy, error) {
+	obj, exists, err := s.indexer.GetByKey(name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v1alpha1.Resource("policy"), name)
+	}
+	return obj.(*v1alpha1.Policy), nil
+}

pkg/clientNew/listers/kyverno/v1alpha1/policyviolation.go

@@ -0,0 +1,65 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+)
+
+// PolicyViolationLister helps list PolicyViolations.
+type PolicyViolationLister interface {
+	// List lists all PolicyViolations in the indexer.
+	List(selector labels.Selector) (ret []*v1alpha1.PolicyViolation, err error)
+	// Get retrieves the PolicyViolation from the index for a given name.
+	Get(name string) (*v1alpha1.PolicyViolation, error)
+	PolicyViolationListerExpansion
+}
+
+// policyViolationLister implements the PolicyViolationLister interface.
+type policyViolationLister struct {
+	indexer cache.Indexer
+}
+
+// NewPolicyViolationLister returns a new PolicyViolationLister.
+func NewPolicyViolationLister(indexer cache.Indexer) PolicyViolationLister {
+	return &policyViolationLister{indexer: indexer}
+}
+
+// List lists all PolicyViolations in the indexer.
+func (s *policyViolationLister) List(selector labels.Selector) (ret []*v1alpha1.PolicyViolation, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1alpha1.PolicyViolation))
+	})
+	return ret, err
+}
+
+// Get retrieves the PolicyViolation from the index for a given name.
+func (s *policyViolationLister) Get(name string) (*v1alpha1.PolicyViolation, error) {
+	obj, exists, err := s.indexer.GetByKey(name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v1alpha1.Resource("policyviolation"), name)
+	}
+	return obj.(*v1alpha1.PolicyViolation), nil
+}

pkg/policy/controller.go

@@ -388,18 +388,29 @@ func (pc *PolicyController) syncPolicy(key string) error {
 		return err
 	}
 
-	// // Add messages
-
-	if p.DeletionTimestamp != nil {
-		return pc.syncStatusOnly(p, pvList)
-	}
-	return nil
+	return pc.syncStatusOnly(p, pvList)
 }
 
 //TODO
 func (pc *PolicyController) syncStatusOnly(p *kyverno.Policy, pvList []*kyverno.PolicyViolation) error {
-	// Sync Status based on Policy Violation
-	return nil
+	newStatus := calculateStatus(pvList)
+	if reflect.DeepEqual(newStatus, p.Status) {
+		// no update to status
+		return nil
+	}
+	// update status
+	newPolicy := p
+	newPolicy.Status = newStatus
+	_, err := pc.kyvernoclient.KyvernoV1alpha1().Policies().UpdateStatus(newPolicy)
+	return err
+}
+
+func calculateStatus(pvList []*kyverno.PolicyViolation) kyverno.PolicyStatus {
+	violationCount := len(pvList)
+	status := kyverno.PolicyStatus{
+		Violations: violationCount,
+	}
+	return status
 }
 func (pc *PolicyController) getPolicyViolationsForPolicy(p *kyverno.Policy) ([]*kyverno.PolicyViolation, error) {
 	// List all PolicyViolation to find those we own but that no longer match our
@@ -725,17 +736,17 @@ func createLabelMapPatch(policy string) ([]byte, error) {
 // label is used here to lookup policyViolation and corresponding Policy
 func updatePolicyLabelIfNotDefined(pvControl PVControlInterface, pv *kyverno.PolicyViolation) bool {
 	updateLabel := func() bool {
-		glog.V(4).Infof("adding label 'policy:%s' to PolicyViolation %s", pv.Spec.PolicyName, pv.Name)
+		glog.V(4).Infof("adding label 'policy:%s' to PolicyViolation %s", pv.Spec.Policy, pv.Name)
 		// add label based on the policy spec
 		labels := pv.GetLabels()
-		if pv.Spec.PolicyName == "" {
+		if pv.Spec.Policy == "" {
 			glog.Error("policy not defined for violation")
 			// should be cleaned up
 			return false
 		}
 		if labels == nil {
 			// create a patch to generate the labels map with policy label
-			patch, err := createLabelMapPatch(pv.Spec.PolicyName)
+			patch, err := createLabelMapPatch(pv.Spec.Policy)
 			if err != nil {
 				glog.Errorf("unable to init label map. %v", err)
 				return false
@@ -748,7 +759,7 @@ func updatePolicyLabelIfNotDefined(pvControl PVControlInterface, pv *kyverno.Pol
 			return true
 		}
 		// JSON Patch to add exact label
-		labelPatch, err := createLabelPatch(pv.Spec.PolicyName)
+		labelPatch, err := createLabelPatch(pv.Spec.Policy)
 		if err != nil {
 			glog.Errorf("failed to generate patch to add label 'policy': %v", err)
 			return false
@@ -761,16 +772,16 @@ func updatePolicyLabelIfNotDefined(pvControl PVControlInterface, pv *kyverno.Pol
 		return true
 	}
 
-	var policyName string
+	var policy string
 	var ok bool
 	// operate oncopy of resource
 	curLabels := pv.GetLabels()
-	if policyName, ok = curLabels["policy"]; !ok {
+	if policy, ok = curLabels["policy"]; !ok {
 		return updateLabel()
 	}
 	// TODO: would be benificial to add a check to verify if the policy in name and resource spec match
-	if policyName != pv.Spec.PolicyName {
-		glog.Errorf("label 'policy:%s' and spec.policyName %s dont match ", policyName, pv.Spec.PolicyName)
+	if policy != pv.Spec.Policy {
+		glog.Errorf("label 'policy:%s' and spec.policy %s dont match ", policy, pv.Spec.Policy)
 		//TODO handle this case
 		return updateLabel()
 	}