remove old function refereces and update tests

pkg/engine/mutation.go

@@ -51,7 +51,7 @@ func Mutate(policy kyverno.ClusterPolicy, resource unstructured.Unstructured) (r
 		// Process Overlay
 		if rule.Mutation.Overlay != nil {
 			var ruleResponse RuleResponse
-			ruleResponse, patchedResource = processOverlayNew(rule, resource)
+			ruleResponse, patchedResource = processOverlay(rule, resource)
 			if reflect.DeepEqual(ruleResponse, (RuleResponse{})) {
 				// overlay pattern does not match the resource conditions
 				continue
@@ -63,7 +63,7 @@ func Mutate(policy kyverno.ClusterPolicy, resource unstructured.Unstructured) (r
 		// Process Patches
 		if rule.Mutation.Patches != nil {
 			var ruleResponse RuleResponse
-			ruleResponse, patchedResource = processPatchesNew(rule, resource)
+			ruleResponse, patchedResource = processPatches(rule, resource)
 			response.PolicyResponse.Rules = append(response.PolicyResponse.Rules, ruleResponse)
 			incrementAppliedRuleCount()
 		}

pkg/engine/overlay.go

@@ -16,34 +16,8 @@ import (
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
 )
 
-// // rawResource handles validating admission request
-// // Checks the target resources for rules defined in the policy
-// // TODO: pass in the unstructured object in stead of raw byte?
-// func processOverlay(rule kyverno.Rule, rawResource []byte) ([][]byte, error) {
-// 	var resource interface{}
-// 	if err := json.Unmarshal(rawResource, &resource); err != nil {
-// 		glog.V(4).Infof("unable to unmarshal resource : %v", err)
-// 		return nil, err
-// 	}
-
-// 	resourceInfo := ParseResourceInfoFromObject(rawResource)
-// 	patches, err := processOverlayPatches(resource, rule.Mutation.Overlay)
-// 	if err != nil && strings.Contains(err.Error(), "Conditions are not met") {
-// 		// glog.V(4).Infof("overlay pattern %s does not match resource %s/%s", rule.Mutation.Overlay, resourceUnstr.GetNamespace(), resourceUnstr.GetName())
-// 		glog.Infof("Resource does not meet conditions in overlay pattern, resource=%s, rule=%s\n", resourceInfo, rule.Name)
-// 		// patches, err := processOverlayPatches(resource, rule.Mutation.Overlay)
-// 		// if err != nil && strings.Contains(err.Error(), "Conditions are not met") {
-// 		// 	glog.V(4).Infof("overlay pattern %s does not match resource %s/%s", rule.Mutation.Overlay, resourceUnstr.GetNamespace(), resourceUnstr.GetName())
-// 		// 	return nil, nil
-// 	}
-
-// 	return patches, err
-// }
-
-// rawResource handles validating admission request
-// Checks the target resources for rules defined in the policy
-// TODO: pass in the unstructured object in stead of raw byte?
-func processOverlayNew(rule kyverno.Rule, resource unstructured.Unstructured) (response RuleResponse, patchedResource unstructured.Unstructured) {
+// processOverlay processes validation patterns on the resource
+func processOverlay(rule kyverno.Rule, resource unstructured.Unstructured) (response RuleResponse, patchedResource unstructured.Unstructured) {
 	startTime := time.Now()
 	glog.V(4).Infof("started applying overlay rule %q (%v)", rule.Name, startTime)
 	response.Name = rule.Name

pkg/engine/patches.go

@@ -2,9 +2,7 @@ package engine
 
 import (
 	"encoding/json"
-	"errors"
 	"fmt"
-	"reflect"
 	"strings"
 	"time"
 
@@ -15,41 +13,6 @@ import (
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
 )
 
-// ProcessPatches Returns array from separate patches that can be applied to the document
-// Returns error ONLY in case when creation of resource should be denied.
-// TODO: pass in the unstructured object in stead of raw byte?
-func processPatches(rule kyverno.Rule, resource []byte) (allPatches [][]byte, errs []error) {
-	if len(resource) == 0 {
-		errs = append(errs, errors.New("Source document for patching is empty"))
-		return nil, errs
-	}
-	if reflect.DeepEqual(rule.Mutation, kyverno.Mutation{}) {
-		errs = append(errs, errors.New("No Mutation rules defined"))
-		return nil, errs
-	}
-	patchedDocument := resource
-	for _, patch := range rule.Mutation.Patches {
-		patchRaw, err := json.Marshal(patch)
-		if err != nil {
-			errs = append(errs, err)
-			continue
-		}
-		patches := [][]byte{patchRaw}
-		patchedDocument, err = ApplyPatches(patchedDocument, patches)
-		// TODO: continue on error if one of the patches fails, will add the failure event in such case
-		if patch.Operation == "remove" {
-			glog.Info(err)
-			continue
-		}
-		if err != nil {
-			errs = append(errs, err)
-			continue
-		}
-		allPatches = append(allPatches, patchRaw)
-	}
-	return allPatches, errs
-}
-
 // JoinPatches joins array of serialized JSON patches to the single JSONPatch array
 func JoinPatches(patches [][]byte) []byte {
 	var result []byte
@@ -106,7 +69,7 @@ func ApplyPatchNew(resource, patch []byte) ([]byte, error) {
 
 }
 
-func processPatchesNew(rule kyverno.Rule, resource unstructured.Unstructured) (response RuleResponse, patchedResource unstructured.Unstructured) {
+func processPatches(rule kyverno.Rule, resource unstructured.Unstructured) (response RuleResponse, patchedResource unstructured.Unstructured) {
 	startTime := time.Now()
 	glog.V(4).Infof("started JSON patch rule %q (%v)", rule.Name, startTime)
 	response.Name = rule.Name

pkg/engine/patches_test.go

@@ -4,6 +4,7 @@ import (
 	"testing"
 
 	"gotest.tools/assert"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 
 	types "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
 )
@@ -35,9 +36,13 @@ const endpointsDocument string = `{
 
 func TestProcessPatches_EmptyPatches(t *testing.T) {
 	var emptyRule = types.Rule{}
-	patches, err := processPatches(emptyRule, []byte(endpointsDocument))
-	assert.Check(t, len(err) == 1)
-	assert.Assert(t, len(patches) == 0)
+	resourceUnstructured, err := ConvertToUnstructured([]byte(endpointsDocument))
+	if err != nil {
+		t.Error(err)
+	}
+	rr, _ := processPatches(emptyRule, *resourceUnstructured)
+	assert.Check(t, rr.Success)
+	assert.Assert(t, len(rr.Patches) == 0)
 }
 
 func makeAddIsMutatedLabelPatch() types.Patch {
@@ -64,42 +69,54 @@ func makeRuleWithPatches(patches []types.Patch) types.Rule {
 
 func TestProcessPatches_EmptyDocument(t *testing.T) {
 	rule := makeRuleWithPatch(makeAddIsMutatedLabelPatch())
-	patchesBytes, err := processPatches(rule, nil)
-	assert.Assert(t, err != nil)
-	assert.Assert(t, len(patchesBytes) == 0)
+	rr, _ := processPatches(rule, unstructured.Unstructured{})
+	assert.Assert(t, !rr.Success)
+	assert.Assert(t, len(rr.Patches) == 0)
 }
 
 func TestProcessPatches_AllEmpty(t *testing.T) {
 	emptyRule := types.Rule{}
-	patchesBytes, err := processPatches(emptyRule, nil)
-	assert.Check(t, len(err) == 1)
-	assert.Assert(t, len(patchesBytes) == 0)
+	rr, _ := processPatches(emptyRule, unstructured.Unstructured{})
+	assert.Check(t, !rr.Success)
+	assert.Assert(t, len(rr.Patches) == 0)
 }
 
 func TestProcessPatches_AddPathDoesntExist(t *testing.T) {
 	patch := makeAddIsMutatedLabelPatch()
 	patch.Path = "/metadata/additional/is-mutated"
 	rule := makeRuleWithPatch(patch)
-	patchesBytes, err := processPatches(rule, []byte(endpointsDocument))
-	assert.Check(t, len(err) == 1)
-	assert.Assert(t, len(patchesBytes) == 0)
+	resourceUnstructured, err := ConvertToUnstructured([]byte(endpointsDocument))
+	if err != nil {
+		t.Error(err)
+	}
+	rr, _ := processPatches(rule, *resourceUnstructured)
+	assert.Check(t, !rr.Success)
+	assert.Assert(t, len(rr.Patches) == 0)
 }
 
 func TestProcessPatches_RemovePathDoesntExist(t *testing.T) {
 	patch := types.Patch{Path: "/metadata/labels/is-mutated", Operation: "remove"}
 	rule := makeRuleWithPatch(patch)
-	patchesBytes, err := processPatches(rule, []byte(endpointsDocument))
-	assert.Check(t, len(err) == 0)
-	assert.Assert(t, len(patchesBytes) == 0)
+	resourceUnstructured, err := ConvertToUnstructured([]byte(endpointsDocument))
+	if err != nil {
+		t.Error(err)
+	}
+	rr, _ := processPatches(rule, *resourceUnstructured)
+	assert.Check(t, rr.Success)
+	assert.Assert(t, len(rr.Patches) == 0)
 }
 
 func TestProcessPatches_AddAndRemovePathsDontExist_EmptyResult(t *testing.T) {
 	patch1 := types.Patch{Path: "/metadata/labels/is-mutated", Operation: "remove"}
 	patch2 := types.Patch{Path: "/spec/labels/label3", Operation: "add", Value: "label3Value"}
 	rule := makeRuleWithPatches([]types.Patch{patch1, patch2})
-	patchesBytes, err := processPatches(rule, []byte(endpointsDocument))
-	assert.Check(t, len(err) == 1)
-	assert.Assert(t, len(patchesBytes) == 0)
+	resourceUnstructured, err := ConvertToUnstructured([]byte(endpointsDocument))
+	if err != nil {
+		t.Error(err)
+	}
+	rr, _ := processPatches(rule, *resourceUnstructured)
+	assert.Check(t, !rr.Success)
+	assert.Assert(t, len(rr.Patches) == 0)
 }
 
 func TestProcessPatches_AddAndRemovePathsDontExist_ContinueOnError_NotEmptyResult(t *testing.T) {
@@ -107,28 +124,40 @@ func TestProcessPatches_AddAndRemovePathsDontExist_ContinueOnError_NotEmptyResul
 	patch2 := types.Patch{Path: "/spec/labels/label2", Operation: "remove", Value: "label2Value"}
 	patch3 := types.Patch{Path: "/metadata/labels/label3", Operation: "add", Value: "label3Value"}
 	rule := makeRuleWithPatches([]types.Patch{patch1, patch2, patch3})
-	patchesBytes, err := processPatches(rule, []byte(endpointsDocument))
-	assert.Check(t, len(err) == 0)
-	assert.Assert(t, len(patchesBytes) != 0)
-	assertEqStringAndData(t, `{"path":"/metadata/labels/label3","op":"add","value":"label3Value"}`, patchesBytes[0])
+	resourceUnstructured, err := ConvertToUnstructured([]byte(endpointsDocument))
+	if err != nil {
+		t.Error(err)
+	}
+	rr, _ := processPatches(rule, *resourceUnstructured)
+	assert.Check(t, rr.Success)
+	assert.Assert(t, len(rr.Patches) != 0)
+	assertEqStringAndData(t, `{"path":"/metadata/labels/label3","op":"add","value":"label3Value"}`, rr.Patches[0])
 }
 
 func TestProcessPatches_RemovePathDoesntExist_EmptyResult(t *testing.T) {
 	patch := types.Patch{Path: "/metadata/labels/is-mutated", Operation: "remove"}
 	rule := makeRuleWithPatch(patch)
-	patchesBytes, err := processPatches(rule, []byte(endpointsDocument))
-	assert.Check(t, len(err) == 0)
-	assert.Assert(t, len(patchesBytes) == 0)
+	resourceUnstructured, err := ConvertToUnstructured([]byte(endpointsDocument))
+	if err != nil {
+		t.Error(err)
+	}
+	rr, _ := processPatches(rule, *resourceUnstructured)
+	assert.Check(t, rr.Success)
+	assert.Assert(t, len(rr.Patches) == 0)
 }
 
 func TestProcessPatches_RemovePathDoesntExist_NotEmptyResult(t *testing.T) {
 	patch1 := types.Patch{Path: "/metadata/labels/is-mutated", Operation: "remove"}
 	patch2 := types.Patch{Path: "/metadata/labels/label2", Operation: "add", Value: "label2Value"}
 	rule := makeRuleWithPatches([]types.Patch{patch1, patch2})
-	patchesBytes, err := processPatches(rule, []byte(endpointsDocument))
-	assert.Check(t, len(err) == 0)
-	assert.Assert(t, len(patchesBytes) == 1)
-	assertEqStringAndData(t, `{"path":"/metadata/labels/label2","op":"add","value":"label2Value"}`, patchesBytes[0])
+	resourceUnstructured, err := ConvertToUnstructured([]byte(endpointsDocument))
+	if err != nil {
+		t.Error(err)
+	}
+	rr, _ := processPatches(rule, *resourceUnstructured)
+	assert.Check(t, rr.Success)
+	assert.Assert(t, len(rr.Patches) == 1)
+	assertEqStringAndData(t, `{"path":"/metadata/labels/label2","op":"add","value":"label2Value"}`, rr.Patches[0])
 }
 
 func assertEqDataImpl(t *testing.T, expected, actual []byte, formatModifier string) {