refactor: make response type (RuleType) typed (#3556)

* refactor: move common utils Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: make response type (RuleType) typed Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: merge Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2025-03-31 03:45:17 +00:00 · 2022-04-06 21:04:08 +02:00 · 2022-04-06 21:04:08 +02:00 · c8275b7c00
commit c8275b7c00
parent 98598e33cf
17 changed files with 79 additions and 119 deletions
--- a/pkg/engine/common/common.go
+++ b/pkg/engine/common/common.go
@ -10,7 +10,6 @@ func convertNumberToString(value interface{}) (string, error) {
 	if value == nil {
 		return "0", nil
 	}
-
 	switch typed := value.(type) {
 	case string:
 		return string(typed), nil
--- a/pkg/engine/common/utils.go
+++ b/pkg/engine/common/utils.go
@ -2,7 +2,6 @@ package common

 import (
 	"fmt"
-	"reflect"

 	kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/utils"
@ -13,7 +12,6 @@ func GetRawKeyIfWrappedWithAttributes(str string) string {
 	if len(str) < 2 {
 		return str
 	}
-
 	if str[0] == '(' && str[len(str)-1] == ')' {
 		return str[1 : len(str)-1]
 	} else if (str[0] == '$' || str[0] == '^' || str[0] == '+' || str[0] == '=') && (str[1] == '(' && str[len(str)-1] == ')') {
@ -31,31 +29,13 @@ func TransformConditions(original apiextensions.JSON) (interface{}, error) {
 	}
 	switch typedValue := oldConditions.(type) {
 	case kyverno.AnyAllConditions:
-		return copyAnyAllConditions(typedValue), nil
+		return *typedValue.DeepCopy(), nil
 	case []kyverno.Condition: // backwards compatibility
-		return copyOldConditions(typedValue), nil
+		var copies []kyverno.Condition
+		for _, condition := range typedValue {
+			copies = append(copies, *condition.DeepCopy())
+		}
+		return copies, nil
 	}
-
 	return nil, fmt.Errorf("invalid preconditions")
 }
-
-func copyAnyAllConditions(original kyverno.AnyAllConditions) kyverno.AnyAllConditions {
-	if reflect.DeepEqual(original, kyverno.AnyAllConditions{}) {
-		return kyverno.AnyAllConditions{}
-	}
-	return *original.DeepCopy()
-}
-
-// backwards compatibility
-func copyOldConditions(original []kyverno.Condition) []kyverno.Condition {
-	if len(original) == 0 {
-		return []kyverno.Condition{}
-	}
-
-	var copies []kyverno.Condition
-	for _, condition := range original {
-		copies = append(copies, *condition.DeepCopy())
-	}
-
-	return copies
-}
--- a/pkg/engine/imageVerify.go
+++ b/pkg/engine/imageVerify.go
@ -91,7 +91,7 @@ func VerifyAndPatchImages(policyContext *PolicyContext) (resp *response.EngineRe
 }

 func appendError(resp *response.EngineResponse, rule *v1.Rule, msg string, status response.RuleStatus) {
-	rr := ruleResponse(rule, utils.ImageVerify, msg, status)
+	rr := ruleResponse(rule, response.ImageVerify, msg, status)
 	resp.PolicyResponse.Rules = append(resp.PolicyResponse.Rules, *rr)
 	incrementErrorCount(resp)
 }
@ -173,7 +173,7 @@ func (iv *imageVerifier) verifySignature(imageVerify *v1.ImageVerification, imag

 	ruleResp := &response.RuleResponse{
 		Name: iv.rule.Name,
-		Type: utils.Validation.String(),
+		Type: response.Validation,
 	}

 	opts := cosign.Options{
@ -246,7 +246,7 @@ func (iv *imageVerifier) attestImage(imageVerify *v1.ImageVerification, imageInf
 	statements, err := cosign.FetchAttestations(image, imageVerify, iv.logger)
 	if err != nil {
 		iv.logger.Info("failed to fetch attestations", "image", image, "error", err, "duration", time.Since(start).Seconds())
-		return ruleError(iv.rule, utils.ImageVerify, fmt.Sprintf("failed to fetch attestations for %s", image), err)
+		return ruleError(iv.rule, response.ImageVerify, fmt.Sprintf("failed to fetch attestations for %s", image), err)
 	}

 	iv.logger.V(4).Info("received attestations", "statements", statements)
@ -256,25 +256,25 @@ func (iv *imageVerifier) attestImage(imageVerify *v1.ImageVerification, imageInf
 		statements := statementsByPredicate[ac.PredicateType]
 		if statements == nil {
 			msg := fmt.Sprintf("predicate type %s not found", ac.PredicateType)
-			return ruleResponse(iv.rule, utils.ImageVerify, msg, response.RuleStatusFail)
+			return ruleResponse(iv.rule, response.ImageVerify, msg, response.RuleStatusFail)
 		}

 		for _, s := range statements {
 			val, err := iv.checkAttestations(ac, s, imageInfo)
 			if err != nil {
-				return ruleError(iv.rule, utils.ImageVerify, "failed to check attestation", err)
+				return ruleError(iv.rule, response.ImageVerify, "failed to check attestation", err)
 			}

 			if !val {
 				msg := fmt.Sprintf("attestation checks failed for %s and predicate %s", imageInfo.String(), ac.PredicateType)
-				return ruleResponse(iv.rule, utils.ImageVerify, msg, response.RuleStatusFail)
+				return ruleResponse(iv.rule, response.ImageVerify, msg, response.RuleStatusFail)
 			}
 		}
 	}

 	msg := fmt.Sprintf("attestation checks passed for %s", imageInfo.String())
 	iv.logger.V(2).Info(msg)
-	return ruleResponse(iv.rule, utils.ImageVerify, msg, response.RuleStatusPass)
+	return ruleResponse(iv.rule, response.ImageVerify, msg, response.RuleStatusPass)
 }

 func buildStatementMap(statements []map[string]interface{}) map[string][]map[string]interface{} {
--- a/pkg/engine/mutate/mutation.go
+++ b/pkg/engine/mutate/mutation.go
@ -4,8 +4,6 @@ import (
 	"encoding/json"
 	"fmt"

-	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
-
 	"github.com/go-logr/logr"
 	kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/engine/context"
@ -13,6 +11,7 @@ import (
 	"github.com/kyverno/kyverno/pkg/engine/response"
 	"github.com/kyverno/kyverno/pkg/engine/variables"
 	"github.com/kyverno/kyverno/pkg/utils"
+	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 )

--- a/pkg/engine/mutate/mutation_test.go
+++ b/pkg/engine/mutate/mutation_test.go
@ -54,14 +54,14 @@ func applyPatches(rule *types.Rule, resource unstructured.Unstructured) (*respon

 	if mutateResp.Status != response.RuleStatusPass {
 		return &response.RuleResponse{
-			Type:    utils.Mutation.String(),
+			Type:    response.Mutation,
 			Status:  mutateResp.Status,
 			Message: mutateResp.Message,
 		}, resource
 	}

 	return &response.RuleResponse{
-		Type:    utils.Mutation.String(),
+		Type:    response.Mutation,
 		Status:  response.RuleStatusPass,
 		Patches: mutateResp.Patches,
 	}, mutateResp.PatchedResource
--- a/pkg/engine/mutate/patch/patchJSON6902.go
+++ b/pkg/engine/mutate/patch/patchJSON6902.go
@ -7,7 +7,6 @@ import (
 	jsonpatch "github.com/evanphx/json-patch/v5"
 	"github.com/go-logr/logr"
 	"github.com/kyverno/kyverno/pkg/engine/response"
-	"github.com/kyverno/kyverno/pkg/engine/utils"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"sigs.k8s.io/yaml"
 )
@ -18,7 +17,7 @@ func ProcessPatchJSON6902(ruleName string, patchesJSON6902 []byte, resource unst
 	startTime := time.Now()
 	logger.V(4).Info("started JSON6902 patch", "startTime", startTime)
 	resp.Name = ruleName
-	resp.Type = utils.Mutation.String()
+	resp.Type = response.Mutation
 	defer func() {
 		resp.RuleStats.ProcessingTime = time.Since(startTime)
 		resp.RuleStats.RuleExecutionTimestamp = startTime.Unix()
--- a/pkg/engine/mutate/patch/patches.go
+++ b/pkg/engine/mutate/patch/patches.go
@ -4,7 +4,6 @@ import (
 	"github.com/go-logr/logr"
 	"github.com/kyverno/kyverno/pkg/engine/context"
 	"github.com/kyverno/kyverno/pkg/engine/response"
-	"github.com/kyverno/kyverno/pkg/engine/utils"
 	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 )
@ -56,7 +55,7 @@ func NewPatchesJSON6902(ruleName string, patches string, patchedResource unstruc

 func (h patchesJSON6902Handler) Patch() (resp response.RuleResponse, patchedResource unstructured.Unstructured) {
 	resp.Name = h.ruleName
-	resp.Type = utils.Mutation.String()
+	resp.Type = response.Mutation

 	patchesJSON6902, err := ConvertPatchesToJSON(h.patches)
 	if err != nil {
--- a/pkg/engine/mutate/patch/strategicMergePatch.go
+++ b/pkg/engine/mutate/patch/strategicMergePatch.go
@ -8,7 +8,6 @@ import (

 	"github.com/go-logr/logr"
 	"github.com/kyverno/kyverno/pkg/engine/response"
-	"github.com/kyverno/kyverno/pkg/engine/utils"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"sigs.k8s.io/kustomize/api/filters/patchstrategicmerge"
 	filtersutil "sigs.k8s.io/kustomize/kyaml/filtersutil"
@ -21,7 +20,7 @@ func ProcessStrategicMergePatch(ruleName string, overlay interface{}, resource u
 	logger := log.WithName("ProcessStrategicMergePatch").WithValues("rule", ruleName)
 	logger.V(4).Info("started applying strategicMerge patch", "startTime", startTime)
 	resp.Name = ruleName
-	resp.Type = utils.Mutation.String()
+	resp.Type = response.Mutation

 	defer func() {
 		resp.RuleStats.ProcessingTime = time.Since(startTime)
--- a/pkg/engine/mutation.go
+++ b/pkg/engine/mutation.go
@ -11,7 +11,6 @@ import (
 	"github.com/kyverno/kyverno/pkg/autogen"
 	"github.com/kyverno/kyverno/pkg/engine/mutate"
 	"github.com/kyverno/kyverno/pkg/engine/response"
-	"github.com/kyverno/kyverno/pkg/engine/utils"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 )
@ -112,11 +111,11 @@ func Mutate(policyContext *PolicyContext) (resp *response.EngineResponse) {
 func mutateResource(rule *kyverno.Rule, ctx *PolicyContext, resource unstructured.Unstructured, logger logr.Logger) (*response.RuleResponse, unstructured.Unstructured) {
 	preconditionsPassed, err := checkPreconditions(logger, ctx, rule.GetAnyAllConditions())
 	if err != nil {
-		return ruleError(rule, utils.Mutation, "failed to evaluate preconditions", err), resource
+		return ruleError(rule, response.Mutation, "failed to evaluate preconditions", err), resource
 	}

 	if !preconditionsPassed {
-		return ruleResponse(rule, utils.Mutation, "preconditions not met", response.RuleStatusSkip), resource
+		return ruleResponse(rule, response.Mutation, "preconditions not met", response.RuleStatusSkip), resource
 	}

 	mutateResp := mutate.Mutate(rule, ctx.JSONContext, resource, logger)
@ -137,22 +136,22 @@ func mutateForEach(rule *kyverno.Rule, ctx *PolicyContext, resource unstructured
 	for _, foreach := range foreachList {
 		if err := LoadContext(logger, rule.Context, ctx, rule.Name); err != nil {
 			logger.Error(err, "failed to load context")
-			return ruleError(rule, utils.Mutation, "failed to load context", err), resource
+			return ruleError(rule, response.Mutation, "failed to load context", err), resource
 		}

 		preconditionsPassed, err := checkPreconditions(logger, ctx, rule.GetAnyAllConditions())
 		if err != nil {
-			return ruleError(rule, utils.Mutation, "failed to evaluate preconditions", err), resource
+			return ruleError(rule, response.Mutation, "failed to evaluate preconditions", err), resource
 		}

 		if !preconditionsPassed {
-			return ruleResponse(rule, utils.Mutation, "preconditions not met", response.RuleStatusSkip), resource
+			return ruleResponse(rule, response.Mutation, "preconditions not met", response.RuleStatusSkip), resource
 		}

 		elements, err := evaluateList(foreach.List, ctx.JSONContext)
 		if err != nil {
 			msg := fmt.Sprintf("failed to evaluate list %s", foreach.List)
-			return ruleError(rule, utils.Mutation, msg, err), resource
+			return ruleError(rule, response.Mutation, msg, err), resource
 		}

 		mutateResp := mutateElements(rule.Name, foreach, ctx, elements, patchedResource, logger)
@ -171,10 +170,10 @@ func mutateForEach(rule *kyverno.Rule, ctx *PolicyContext, resource unstructured
 	}

 	if applyCount == 0 {
-		return ruleResponse(rule, utils.Mutation, "0 elements processed", response.RuleStatusSkip), resource
+		return ruleResponse(rule, response.Mutation, "0 elements processed", response.RuleStatusSkip), resource
 	}

-	r := ruleResponse(rule, utils.Mutation, fmt.Sprintf("%d elements processed", applyCount), response.RuleStatusPass)
+	r := ruleResponse(rule, response.Mutation, fmt.Sprintf("%d elements processed", applyCount), response.RuleStatusPass)
 	r.Patches = allPatches
 	return r, patchedResource
 }
@ -239,7 +238,7 @@ func mutateError(err error, message string) *mutate.Response {
 }

 func buildRuleResponse(rule *kyverno.Rule, mutateResp *mutate.Response) *response.RuleResponse {
-	resp := ruleResponse(rule, utils.Mutation, mutateResp.Message, mutateResp.Status)
+	resp := ruleResponse(rule, response.Mutation, mutateResp.Message, mutateResp.Status)
 	if resp.Status == response.RuleStatusPass {
 		resp.Patches = mutateResp.Patches
 		resp.Message = buildSuccessMessage(mutateResp.PatchedResource)
--- a/pkg/engine/response/response.go
+++ b/pkg/engine/response/response.go
@ -76,6 +76,19 @@ type PolicyStats struct {
 	PolicyExecutionTimestamp int64 `json:"policyExecutionTimestamp"`
 }

+type RuleType string
+
+const (
+	//Mutation type for mutation rule
+	Mutation RuleType = "Mutation"
+	//Validation type for validation rule
+	Validation RuleType = "Validation"
+	//Generation type for generation rule
+	Generation RuleType = "Generation"
+	// ImageVerify type for image verification
+	ImageVerify RuleType = "All"
+)
+
 //RuleResponse details for each rule application
 type RuleResponse struct {

@ -83,7 +96,7 @@ type RuleResponse struct {
 	Name string `json:"name"`

 	// rule type (Mutation,Generation,Validation) for Kyverno Policy
-	Type string `json:"type"`
+	Type RuleType `json:"type"`

 	// message response from the rule application
 	Message string `json:"message"`
--- a/pkg/engine/utils.go
+++ b/pkg/engine/utils.go
@ -12,7 +12,6 @@ import (
 	kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/engine/context"
 	"github.com/kyverno/kyverno/pkg/engine/response"
-	engineUtils "github.com/kyverno/kyverno/pkg/engine/utils"
 	"github.com/kyverno/kyverno/pkg/engine/variables"
 	"github.com/pkg/errors"

@ -473,15 +472,15 @@ func evaluateList(jmesPath string, ctx context.EvalInterface) ([]interface{}, er
 	return l, nil
 }

-func ruleError(rule *kyverno.Rule, ruleType engineUtils.RuleType, msg string, err error) *response.RuleResponse {
+func ruleError(rule *kyverno.Rule, ruleType response.RuleType, msg string, err error) *response.RuleResponse {
 	msg = fmt.Sprintf("%s: %s", msg, err.Error())
 	return ruleResponse(rule, ruleType, msg, response.RuleStatusError)
 }

-func ruleResponse(rule *kyverno.Rule, ruleType engineUtils.RuleType, msg string, status response.RuleStatus) *response.RuleResponse {
+func ruleResponse(rule *kyverno.Rule, ruleType response.RuleType, msg string, status response.RuleStatus) *response.RuleResponse {
 	return &response.RuleResponse{
 		Name:    rule.Name,
-		Type:    ruleType.String(),
+		Type:    ruleType,
 		Message: msg,
 		Status:  status,
 	}
--- a/pkg/engine/utils/utils.go
+++ b/pkg/engine/utils/utils.go
@ -12,29 +12,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/log"
 )

-//RuleType defines the type for rule
-type RuleType int
-
-const (
-	//Mutation type for mutation rule
-	Mutation RuleType = iota
-	//Validation type for validation rule
-	Validation
-	//Generation type for generation rule
-	Generation
-	// ImageVerify type for image verification
-	ImageVerify
-)
-
-func (ri RuleType) String() string {
-	return [...]string{
-		"Mutation",
-		"Validation",
-		"Generation",
-		"All",
-	}[ri]
-}
-
 // ApplyPatches patches given resource with given patches and returns patched document
 // return original resource if any error occurs
 func ApplyPatches(resource []byte, patches [][]byte) ([]byte, error) {
--- a/pkg/engine/validation.go
+++ b/pkg/engine/validation.go
@ -16,7 +16,6 @@ import (
 	"github.com/go-logr/logr"
 	gojmespath "github.com/jmespath/go-jmespath"
 	"github.com/kyverno/kyverno/pkg/engine/response"
-	engineutils "github.com/kyverno/kyverno/pkg/engine/utils"
 	"github.com/kyverno/kyverno/pkg/engine/validate"
 	"github.com/kyverno/kyverno/pkg/engine/variables"
 	"github.com/kyverno/kyverno/pkg/utils"
@ -199,16 +198,16 @@ func newForeachValidator(foreach *kyverno.ForEachValidation, rule *kyverno.Rule,

 func (v *validator) validate() *response.RuleResponse {
 	if err := v.loadContext(); err != nil {
-		return ruleError(v.rule, engineutils.Validation, "failed to load context", err)
+		return ruleError(v.rule, response.Validation, "failed to load context", err)
 	}

 	preconditionsPassed, err := checkPreconditions(v.log, v.ctx, v.anyAllConditions)
 	if err != nil {
-		return ruleError(v.rule, engineutils.Validation, "failed to evaluate preconditions", err)
+		return ruleError(v.rule, response.Validation, "failed to evaluate preconditions", err)
 	}

 	if !preconditionsPassed && v.ctx.Policy.GetSpec().ValidationFailureAction != kyverno.Audit {
-		return ruleResponse(v.rule, engineutils.Validation, "preconditions not met", response.RuleStatusSkip)
+		return ruleResponse(v.rule, response.Validation, "preconditions not met", response.RuleStatusSkip)
 	}

 	if v.deny != nil {
@ -217,14 +216,14 @@ func (v *validator) validate() *response.RuleResponse {

 	if v.pattern != nil || v.anyPattern != nil {
 		if err = v.substitutePatterns(); err != nil {
-			return ruleError(v.rule, engineutils.Validation, "variable substitution failed", err)
+			return ruleError(v.rule, response.Validation, "variable substitution failed", err)
 		}

 		ruleResponse := v.validateResourceWithRule()
 		if isUpdateRequest(v.ctx) {
 			priorResp, err := validateOldObject(v.log, v.ctx, v.rule)
 			if err != nil {
-				return ruleError(v.rule, engineutils.Validation, "failed to validate old object", err)
+				return ruleError(v.rule, response.Validation, "failed to validate old object", err)
 			}

 			if isSameRuleResponse(ruleResponse, priorResp) {
@ -242,14 +241,14 @@ func (v *validator) validate() *response.RuleResponse {

 func (v *validator) validateForEach() *response.RuleResponse {
 	if err := v.loadContext(); err != nil {
-		return ruleError(v.rule, engineutils.Validation, "failed to load context", err)
+		return ruleError(v.rule, response.Validation, "failed to load context", err)
 	}

 	preconditionsPassed, err := checkPreconditions(v.log, v.ctx, v.anyAllConditions)
 	if err != nil {
-		return ruleError(v.rule, engineutils.Validation, "failed to evaluate preconditions", err)
+		return ruleError(v.rule, response.Validation, "failed to evaluate preconditions", err)
 	} else if !preconditionsPassed && v.ctx.Policy.GetSpec().ValidationFailureAction != kyverno.Audit {
-		return ruleResponse(v.rule, engineutils.Validation, "preconditions not met", response.RuleStatusSkip)
+		return ruleResponse(v.rule, response.Validation, "preconditions not met", response.RuleStatusSkip)
 	}

 	foreachList := v.rule.Validation.ForEachValidation
@ -279,10 +278,10 @@ func (v *validator) validateForEach() *response.RuleResponse {
 	}

 	if applyCount == 0 {
-		return ruleResponse(v.rule, engineutils.Validation, "rule skipped", response.RuleStatusSkip)
+		return ruleResponse(v.rule, response.Validation, "rule skipped", response.RuleStatusSkip)
 	}

-	return ruleResponse(v.rule, engineutils.Validation, "rule passed", response.RuleStatusPass)
+	return ruleResponse(v.rule, response.Validation, "rule passed", response.RuleStatusPass)
 }

 func (v *validator) validateElements(foreach *kyverno.ForEachValidation, elements []interface{}, elementScope bool) (*response.RuleResponse, int) {
@ -296,7 +295,7 @@ func (v *validator) validateElements(foreach *kyverno.ForEachValidation, element
 		ctx := v.ctx.Copy()
 		if err := addElementToContext(ctx, e, i, elementScope); err != nil {
 			v.log.Error(err, "failed to add element to context")
-			return ruleError(v.rule, engineutils.Validation, "failed to process foreach", err), applyCount
+			return ruleError(v.rule, response.Validation, "failed to process foreach", err), applyCount
 		}

 		foreachValidator := newForeachValidator(foreach, v.rule, ctx, v.log)
@ -309,13 +308,13 @@ func (v *validator) validateElements(foreach *kyverno.ForEachValidation, element
 			continue
 		} else if r.Status != response.RuleStatusPass {
 			msg := fmt.Sprintf("validation failure: %v", r.Message)
-			return ruleResponse(v.rule, engineutils.Validation, msg, r.Status), applyCount
+			return ruleResponse(v.rule, response.Validation, msg, r.Status), applyCount
 		}

 		applyCount++
 	}

-	return ruleResponse(v.rule, engineutils.Validation, "", response.RuleStatusPass), applyCount
+	return ruleResponse(v.rule, response.Validation, "", response.RuleStatusPass), applyCount
 }

 func addElementToContext(ctx *PolicyContext, e interface{}, elementIndex int, elementScope bool) error {
@ -360,24 +359,24 @@ func (v *validator) validateDeny() *response.RuleResponse {
 	anyAllCond := v.deny.GetAnyAllConditions()
 	anyAllCond, err := variables.SubstituteAll(v.log, v.ctx.JSONContext, anyAllCond)
 	if err != nil {
-		return ruleError(v.rule, engineutils.Validation, "failed to substitute variables in deny conditions", err)
+		return ruleError(v.rule, response.Validation, "failed to substitute variables in deny conditions", err)
 	}

 	if err = v.substituteDeny(); err != nil {
-		return ruleError(v.rule, engineutils.Validation, "failed to substitute variables in rule", err)
+		return ruleError(v.rule, response.Validation, "failed to substitute variables in rule", err)
 	}

 	denyConditions, err := common.TransformConditions(anyAllCond)
 	if err != nil {
-		return ruleError(v.rule, engineutils.Validation, "invalid deny conditions", err)
+		return ruleError(v.rule, response.Validation, "invalid deny conditions", err)
 	}

 	deny := variables.EvaluateConditions(v.log, v.ctx.JSONContext, denyConditions)
 	if deny {
-		return ruleResponse(v.rule, engineutils.Validation, v.getDenyMessage(deny), response.RuleStatusFail)
+		return ruleResponse(v.rule, response.Validation, v.getDenyMessage(deny), response.RuleStatusFail)
 	}

-	return ruleResponse(v.rule, engineutils.Validation, v.getDenyMessage(deny), response.RuleStatusPass)
+	return ruleResponse(v.rule, response.Validation, v.getDenyMessage(deny), response.RuleStatusPass)
 }

 func (v *validator) getDenyMessage(deny bool) string {
@ -481,22 +480,22 @@ func (v *validator) validatePatterns(resource unstructured.Unstructured) *respon
 				v.log.V(3).Info("validation error", "path", pe.Path, "error", err.Error())

 				if pe.Skip {
-					return ruleResponse(v.rule, engineutils.Validation, pe.Error(), response.RuleStatusSkip)
+					return ruleResponse(v.rule, response.Validation, pe.Error(), response.RuleStatusSkip)
 				}

 				if pe.Path == "" {
-					return ruleResponse(v.rule, engineutils.Validation, v.buildErrorMessage(err, ""), response.RuleStatusError)
+					return ruleResponse(v.rule, response.Validation, v.buildErrorMessage(err, ""), response.RuleStatusError)
 				}

-				return ruleResponse(v.rule, engineutils.Validation, v.buildErrorMessage(err, pe.Path), response.RuleStatusFail)
+				return ruleResponse(v.rule, response.Validation, v.buildErrorMessage(err, pe.Path), response.RuleStatusFail)
 			}

-			return ruleResponse(v.rule, engineutils.Validation, v.buildErrorMessage(err, pe.Path), response.RuleStatusError)
+			return ruleResponse(v.rule, response.Validation, v.buildErrorMessage(err, pe.Path), response.RuleStatusError)
 		}

 		v.log.V(4).Info("successfully processed rule")
 		msg := fmt.Sprintf("validation rule '%s' passed.", v.rule.Name)
-		return ruleResponse(v.rule, engineutils.Validation, msg, response.RuleStatusPass)
+		return ruleResponse(v.rule, response.Validation, msg, response.RuleStatusPass)
 	}

 	if v.anyPattern != nil {
@ -506,14 +505,14 @@ func (v *validator) validatePatterns(resource unstructured.Unstructured) *respon
 		anyPatterns, err := deserializeAnyPattern(v.anyPattern)
 		if err != nil {
 			msg := fmt.Sprintf("failed to deserialize anyPattern, expected type array: %v", err)
-			return ruleResponse(v.rule, engineutils.Validation, msg, response.RuleStatusError)
+			return ruleResponse(v.rule, response.Validation, msg, response.RuleStatusError)
 		}

 		for idx, pattern := range anyPatterns {
 			err := validate.MatchPattern(v.log, resource.Object, pattern)
 			if err == nil {
 				msg := fmt.Sprintf("validation rule '%s' anyPattern[%d] passed.", v.rule.Name, idx)
-				return ruleResponse(v.rule, engineutils.Validation, msg, response.RuleStatusPass)
+				return ruleResponse(v.rule, response.Validation, msg, response.RuleStatusPass)
 			}

 			if pe, ok := err.(*validate.PatternError); ok {
@ -537,11 +536,11 @@ func (v *validator) validatePatterns(resource unstructured.Unstructured) *respon

 			v.log.V(4).Info(fmt.Sprintf("Validation rule '%s' failed. %s", v.rule.Name, errorStr))
 			msg := buildAnyPatternErrorMessage(v.rule, errorStr)
-			return ruleResponse(v.rule, engineutils.Validation, msg, response.RuleStatusFail)
+			return ruleResponse(v.rule, response.Validation, msg, response.RuleStatusFail)
 		}
 	}

-	return ruleResponse(v.rule, engineutils.Validation, v.rule.Validation.Message, response.RuleStatusPass)
+	return ruleResponse(v.rule, response.Validation, v.rule.Validation.Message, response.RuleStatusPass)
 }

 func deserializeAnyPattern(anyPattern apiextensions.JSON) ([]interface{}, error) {
--- a/pkg/kyverno/apply/report.go
+++ b/pkg/kyverno/apply/report.go
@ -7,7 +7,7 @@ import (
 	"time"

 	report "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
-	"github.com/kyverno/kyverno/pkg/engine/utils"
+	"github.com/kyverno/kyverno/pkg/engine/response"
 	engineutils "github.com/kyverno/kyverno/pkg/engine/utils"
 	"github.com/kyverno/kyverno/pkg/policyreport"
 	corev1 "k8s.io/api/core/v1"
@ -88,7 +88,7 @@ func buildPolicyResults(infos []policyreport.Info) map[string][]*report.PolicyRe

 		for _, infoResult := range info.Results {
 			for _, rule := range infoResult.Rules {
-				if rule.Type != utils.Validation.String() {
+				if rule.Type != string(response.Validation) {
 					continue
 				}

--- a/pkg/kyverno/common/common.go
+++ b/pkg/kyverno/common/common.go
@ -768,7 +768,7 @@ func ProcessValidateEngineResponse(policy v1.PolicyInterface, validateResponse *
 				ruleFoundInEngineResponse = true
 				vrule := v1.ViolatedRule{
 					Name:    valResponseRule.Name,
-					Type:    valResponseRule.Type,
+					Type:    string(valResponseRule.Type),
 					Message: valResponseRule.Message,
 				}

--- a/pkg/kyverno/test/test_command.go
+++ b/pkg/kyverno/test/test_command.go
@ -21,7 +21,6 @@ import (
 	"github.com/kyverno/kyverno/pkg/autogen"
 	client "github.com/kyverno/kyverno/pkg/dclient"
 	"github.com/kyverno/kyverno/pkg/engine/response"
-	"github.com/kyverno/kyverno/pkg/engine/utils"
 	"github.com/kyverno/kyverno/pkg/generate"
 	"github.com/kyverno/kyverno/pkg/kyverno/common"
 	sanitizederror "github.com/kyverno/kyverno/pkg/kyverno/sanitizedError"
@ -558,7 +557,7 @@ func buildPolicyResults(engineResponses []*response.EngineResponse, testResults
 		}

 		for _, rule := range resp.PolicyResponse.Rules {
-			if rule.Type != utils.Mutation.String() {
+			if rule.Type != response.Mutation {
 				continue
 			}

@ -600,7 +599,7 @@ func buildPolicyResults(engineResponses []*response.EngineResponse, testResults
 	for _, info := range infos {
 		for _, infoResult := range info.Results {
 			for _, rule := range infoResult.Rules {
-				if rule.Type != utils.Validation.String() {
+				if rule.Type != string(response.Validation) {
 					continue
 				}

--- a/pkg/policyreport/builder.go
+++ b/pkg/policyreport/builder.go
@ -14,7 +14,6 @@ import (
 	"github.com/kyverno/kyverno/pkg/config"
 	"github.com/kyverno/kyverno/pkg/engine"
 	"github.com/kyverno/kyverno/pkg/engine/response"
-	"github.com/kyverno/kyverno/pkg/engine/utils"
 	"github.com/kyverno/kyverno/pkg/version"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -99,7 +98,7 @@ func (builder *requestBuilder) build(info Info) (req *unstructured.Unstructured,
 	req = new(unstructured.Unstructured)
 	for _, infoResult := range info.Results {
 		for _, rule := range infoResult.Rules {
-			if rule.Type != utils.Validation.String() && rule.Type != utils.ImageVerify.String() {
+			if rule.Type != string(response.Validation) && rule.Type != string(response.ImageVerify) {
 				continue
 			}

@ -284,7 +283,7 @@ func buildViolatedRules(er *response.EngineResponse) []kyverno.ViolatedRule {
 	for _, rule := range er.PolicyResponse.Rules {
 		vrule := kyverno.ViolatedRule{
 			Name:    rule.Name,
-			Type:    rule.Type,
+			Type:    string(rule.Type),
 			Message: rule.Message,
 		}