move policy violation type inside status subresource

controller/controller.go

@@ -204,3 +204,8 @@ func (c *policyController) getPolicyInterface(namespace string) lister.PolicyNam
 func (c *policyController) PatchPolicy(policy string, pt mergetypes.PatchType, data []byte) (*types.Policy, error) {
 	return c.policiesInterface.Patch(policy, pt, data)
 }
+
+func (c *policyController) UpdatePolicyViolations(updatedPolicy *types.Policy) error {
+	_, err := c.policiesInterface.UpdateStatus(updatedPolicy)
+	return err
+}

controller/internalinterfaces/controller_interfaces.go

@@ -12,6 +12,7 @@ type PolicyGetter interface {
 	GetPolicy(name string) (*policytypes.Policy, error)
 	GetCacheInformerSync() cache.InformerSynced
 	PatchPolicy(policy string, pt types.PatchType, data []byte) (*policytypes.Policy, error)
+	UpdatePolicyViolations(updatedPolicy *policytypes.Policy) error
 	Run(stopCh <-chan struct{})
 	LogPolicyError(name, text string)
 	LogPolicyInfo(name, text string)

pkg/apis/policy/v1alpha1/types.go

@@ -12,20 +12,8 @@ import (
 type Policy struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
-	Spec              PolicySpec       `json:"spec"`
-	Status            PolicyStatus     `json:"status"`
-	PolicyViolation   PolicyViolations `json:"policyviolation,omitempty"`
-}
-
-type PolicyViolations struct {
-	Violations []Violation `json:"violations,omitempty"`
-}
-type Violation struct {
-	Kind     string `json:"kind,omitempty"`
-	Resource string `json:"resource,omitempty"`
-	Rule     string `json:"rule,omitempty"`
-	Reason   string `json:"reason,omitempty"`
-	Message  string `json:"message,omitempty`
+	Spec              PolicySpec   `json:"spec"`
+	Status            PolicyStatus `json:"status"`
 }
 
 // Specification of the Policy.
@@ -86,7 +74,8 @@ type PolicyCopyFrom struct {
 
 // Contains logs about policy application
 type PolicyStatus struct {
-	Logs []string `json:"log"`
+	Logs       []string    `json:"log"`
+	Violations []Violation `json:"violations,omitempty"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@@ -97,3 +86,12 @@ type PolicyList struct {
 	metav1.ListMeta `json:"metadata"`
 	Items           []Policy `json:"items"`
 }
+
+// Violation for the policy
+type Violation struct {
+	Kind     string `json:"kind,omitempty"`
+	Resource string `json:"resource,omitempty"`
+	Rule     string `json:"rule,omitempty"`
+	Reason   string `json:"reason,omitempty"`
+	Message  string `json:"message,omitempty`
+}

pkg/violation/builder.go

@@ -75,7 +75,8 @@ func (b *builder) ProcessViolation(info utils.ViolationInfo) error {
 		Reason:   info.Reason,
 		Message:  info.Message,
 	}
-	for _, violation := range modifiedPolicy.PolicyViolation.Violations {
+
+	for _, violation := range modifiedPolicy.Status.Violations {
 		ok, err := b.IsActive(info.Kind, violation.Resource)
 		if err != nil {
 			utilruntime.HandleError(err)
@@ -98,9 +99,10 @@ func (b *builder) ProcessViolation(info utils.ViolationInfo) error {
 	}
 	modifiedViolations = append(modifiedViolations, newViolation)
 
-	modifiedPolicy.PolicyViolation.Violations = modifiedViolations
-	return b.Patch(policy, modifiedPolicy)
-
+	modifiedPolicy.Status.Violations = modifiedViolations
+	//	return b.Patch(policy, modifiedPolicy)
+	// Violations are part of the status sub resource, so we can use the Update Status api instead of updating the policy object
+	return b.controller.UpdatePolicyViolations(modifiedPolicy)
 }
 
 func (b *builder) IsActive(kind string, resource string) (bool, error) {