fixes

pkg/api/kyverno/v1alpha1/types.go

@@ -47,7 +47,7 @@ type ExcludeResources struct {
 type ResourceDescription struct {
 	Kinds      []string              `json:"kinds"`
 	Name       string                `json:"name"`
-	Namespaces []string              `json:"namespace,omitempty"`
+	Namespaces []string              `json:"namespaces,omitempty"`
 	Selector   *metav1.LabelSelector `json:"selector"`
 }
 

pkg/policy/existing.go

@@ -66,6 +66,7 @@ func listResources(client *client.Client, policy kyverno.Policy, filterK8Resourc
 			}
 			if len(rule.MatchResources.Namespaces) > 0 {
 				namespaces = append(namespaces, rule.MatchResources.Namespaces...)
+				glog.V(4).Infof("namespaces specified for inclusion: %v", rule.MatchResources.Namespaces)
 			} else {
 				glog.V(4).Infof("processing policy %s rule %s, namespace not defined, getting all namespaces ", policy.Name, rule.Name)
 				// get all namespaces

pkg/policyviolation/controller.go

@@ -212,6 +212,7 @@ func (pvc *PolicyViolationController) syncPolicyViolation(key string) error {
 	pv := policyViolation.DeepCopy()
 	// TODO: Update Status to update ObserverdGeneration
 	// TODO: check if the policy violation refers to a resource thats active ? // done by policy controller
+	// TODO: remove the PV, if the corresponding policy is not present
 	// TODO: additional check on deleted webhook for a resource, to delete a policy violation it has a policy violation
 	// list the resource with label selectors, but this can be expensive for each delete request of a resource
 	if err := pvc.syncActiveResource(pv); err != nil {
@@ -242,6 +243,8 @@ func (pvc *PolicyViolationController) syncActiveResource(curPv *kyverno.PolicyVi
 		glog.V(4).Infof("error while retrieved resource %s/%s/%s: %v", rspec.Kind, rspec.Namespace, rspec.Name, err)
 		return err
 	}
+	//TODO- if the policy is not present, remove the policy violation
+
 	return nil
 }