CR fixes

pkg/policyviolation/clusterpv.go

@@ -10,7 +10,6 @@ import (
 	kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
 	client "github.com/nirmata/kyverno/pkg/dclient"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	labels "k8s.io/apimachinery/pkg/labels"
 )
 
 //ClusterPV ...
@@ -52,7 +51,15 @@ func (cpv *clusterPV) create(pv kyverno.PolicyViolation) error {
 }
 
 func (cpv *clusterPV) getExisting(newPv kyverno.ClusterPolicyViolation) (*kyverno.ClusterPolicyViolation, error) {
-	pvs, err := cpv.cpvLister.List(labels.Everything())
+	var err error
+	// use labels
+	policyLabelmap := map[string]string{"policy": newPv.Spec.Policy, "resource": newPv.Spec.ResourceSpec.ToKey()}
+	ls, err := converLabelToSelector(policyLabelmap)
+	if err != nil {
+		return nil, err
+	}
+
+	pvs, err := cpv.cpvLister.List(ls)
 	if err != nil {
 		glog.Errorf("unable to list cluster policy violations : %v", err)
 		return nil, err
@@ -99,6 +106,7 @@ func (cpv *clusterPV) updatePV(newPv, oldPv *kyverno.ClusterPolicyViolation) err
 	}
 	// set name
 	newPv.SetName(oldPv.Name)
+	newPv.SetResourceVersion(oldPv.ResourceVersion)
 
 	// update resource
 	_, err = cpv.kyvernoInterface.ClusterPolicyViolations().Update(newPv)

pkg/policyviolation/common.go

@@ -1,6 +1,7 @@
 package policyviolation
 
 import (
+	"fmt"
 	"time"
 
 	backoff "github.com/cenkalti/backoff"
@@ -9,6 +10,7 @@ import (
 	client "github.com/nirmata/kyverno/pkg/dclient"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	unstructured "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/labels"
 )
 
 func createOwnerReference(resource *unstructured.Unstructured) metav1.OwnerReference {
@@ -97,3 +99,18 @@ func GetOwner(dclient *client.Client, ownerMap map[kyverno.ResourceSpec]interfac
 		GetOwner(dclient, ownerMap, *owner)
 	}
 }
+
+func converLabelToSelector(labelMap map[string]string) (labels.Selector, error) {
+	ls := &metav1.LabelSelector{}
+	err := metav1.Convert_Map_string_To_string_To_v1_LabelSelector(&labelMap, ls, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	policyViolationSelector, err := metav1.LabelSelectorAsSelector(ls)
+	if err != nil {
+		return nil, fmt.Errorf("invalid label selector: %v", err)
+	}
+
+	return policyViolationSelector, nil
+}

pkg/policyviolation/namespacedpv.go

@@ -10,7 +10,6 @@ import (
 	kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
 	client "github.com/nirmata/kyverno/pkg/dclient"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	labels "k8s.io/apimachinery/pkg/labels"
 )
 
 //NamespacedPV ...
@@ -52,7 +51,14 @@ func (nspv *namespacedPV) create(pv kyverno.PolicyViolation) error {
 }
 
 func (nspv *namespacedPV) getExisting(newPv kyverno.NamespacedPolicyViolation) (*kyverno.NamespacedPolicyViolation, error) {
-	pvs, err := nspv.nspvLister.NamespacedPolicyViolations(newPv.GetNamespace()).List(labels.NewSelector())
+	var err error
+	// use labels
+	policyLabelmap := map[string]string{"policy": newPv.Spec.Policy, "resource": newPv.Spec.ResourceSpec.ToKey()}
+	ls, err := converLabelToSelector(policyLabelmap)
+	if err != nil {
+		return nil, err
+	}
+	pvs, err := nspv.nspvLister.NamespacedPolicyViolations(newPv.GetNamespace()).List(ls)
 	if err != nil {
 		glog.Errorf("unable to list namespaced policy violations : %v", err)
 		return nil, err
@@ -99,9 +105,9 @@ func (nspv *namespacedPV) updatePV(newPv, oldPv *kyverno.NamespacedPolicyViolati
 	}
 	// set name
 	newPv.SetName(oldPv.Name)
-
+	newPv.SetResourceVersion(oldPv.ResourceVersion)
 	// update resource
-	_, err = nspv.kyvernoInterface.NamespacedPolicyViolations(newPv.GetNamespace()).Create(newPv)
+	_, err = nspv.kyvernoInterface.NamespacedPolicyViolations(newPv.GetNamespace()).Update(newPv)
 	if err != nil {
 		return fmt.Errorf("failed to update namespaced polciy violation: %v", err)
 	}