From 37f895f69ac221b7f3d1075fa33fe8715583bbbf Mon Sep 17 00:00:00 2001
From: Denis Belyshev <belyshev.denis@apriorit.com>
Date: Fri, 7 Jun 2019 14:46:18 +0300
Subject: [PATCH] Fixed old tests on new function ResourceMeetsDescription
 (added the new file utils-test.go) Resource representation formatted in
 utils-test.go Deleted irrelevant tests from controller-test.go Fixed an issue
 with registration-test.go (tests covered ExtractCA func instead of extractCA)

---
 pkg/controller/controller_test.go | 149 -------------
 pkg/engine/utils_test.go          | 333 ++++++++++++++++++++++++++++++
 pkg/webhooks/admission_test.go    | 225 --------------------
 pkg/webhooks/registration.go      |   2 +-
 pkg/webhooks/registration_test.go |  11 +-
 pkg/webhooks/server.go            |   5 +-
 6 files changed, 342 insertions(+), 383 deletions(-)
 create mode 100644 pkg/engine/utils_test.go

diff --git a/pkg/controller/controller_test.go b/pkg/controller/controller_test.go
index 9f915ba259..b0b429f899 100644
--- a/pkg/controller/controller_test.go
+++ b/pkg/controller/controller_test.go
@@ -1,150 +1 @@
 package controller
-
-import (
-	"testing"
-
-	"gotest.tools/assert"
-
-	types "github.com/nirmata/kyverno/pkg/apis/policy/v1alpha1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-func TestPolicyCopyFrom_Validate(t *testing.T) {
-	copyFrom := types.PolicyCopyFrom{}
-	assert.Assert(t, copyFrom.Validate() != nil)
-	copyFrom.Name = "name"
-	assert.Assert(t, copyFrom.Validate() != nil)
-	copyFrom.Namespace = "ns"
-	assert.Assert(t, copyFrom.Validate() == nil)
-}
-
-func TestPolicyConfigGenerator_Validate(t *testing.T) {
-	// Not valid
-	generator := types.PolicyConfigGenerator{}
-	assert.Assert(t, generator.Validate() != nil)
-	generator.Name = "generator-name"
-	assert.Assert(t, generator.Validate() != nil)
-	generator.Data = make(map[string]string)
-	assert.Assert(t, generator.Validate() != nil)
-	// Valid
-	generator.Data["field"] = "value"
-	assert.Assert(t, generator.Validate() == nil)
-	generator.CopyFrom = &types.PolicyCopyFrom{
-		Name:      "config-map-name",
-		Namespace: "custom-ns",
-	}
-	assert.Assert(t, generator.Validate() == nil)
-	generator.Data = nil
-	assert.Assert(t, generator.Validate() == nil)
-	// Not valid again
-	generator.CopyFrom = nil
-}
-
-func TestPolicyPatch_Validate(t *testing.T) {
-	// Not valid
-	patch := types.PolicyPatch{}
-	assert.Assert(t, patch.Validate() != nil)
-	patch.Path = "/path"
-	assert.Assert(t, patch.Validate() != nil)
-	patch.Operation = "add"
-	assert.Assert(t, patch.Validate() != nil)
-	// Valid
-	patch.Value = "some-value"
-	assert.Assert(t, patch.Validate() == nil)
-	patch.Operation = "replace"
-	assert.Assert(t, patch.Validate() == nil)
-	patch.Operation = "remove"
-	assert.Assert(t, patch.Validate() == nil)
-	// Valid without a value
-	patch.Value = ""
-	assert.Assert(t, patch.Validate() == nil)
-	// Not valid again
-	patch.Operation = "unknown"
-	assert.Assert(t, patch.Validate() != nil)
-	patch.Value = "some-another-value"
-	assert.Assert(t, patch.Validate() != nil)
-}
-
-func TestPolicyResource_Validate_Name(t *testing.T) {
-	// Not valid
-	resource := types.PolicyResource{}
-	assert.Assert(t, resource.Validate() != nil)
-	resource.Kind = "Deployment"
-	assert.Assert(t, resource.Validate() != nil)
-	// Valid
-	resourceName := "nginx"
-	resource.Name = &resourceName
-	assert.Assert(t, resource.Validate() == nil)
-}
-
-func TestPolicyResource_Validate_Selector(t *testing.T) {
-	// Not valid
-	resource := types.PolicyResource{
-		Kind:     "ConfigMap",
-		Selector: new(metav1.LabelSelector),
-	}
-	assert.Assert(t, resource.Validate() != nil)
-	resource.Selector.MatchLabels = make(map[string]string)
-	assert.Assert(t, resource.Validate() != nil)
-	// Valid
-	resource.Selector.MatchLabels["new-label"] = "new-value"
-	assert.Assert(t, resource.Validate() == nil)
-}
-
-func makeValidRuleResource() types.PolicyResource {
-	resourceName := "test-deployment"
-	return types.PolicyResource{
-		Kind: "Deployment",
-		Name: &resourceName,
-	}
-}
-
-func TestPolicyRule_Validate_Resource(t *testing.T) {
-	// Not valid
-	rule := types.PolicyRule{}
-	assert.Assert(t, rule.Validate() != nil)
-	// Empty
-	rule.Resource = makeValidRuleResource()
-	// Validate resource toi ensure that it is the only valid field
-	assert.Assert(t, rule.Resource.Validate() == nil)
-	assert.Assert(t, rule.Validate() != nil)
-}
-
-func TestPolicyRule_Validate_Patches(t *testing.T) {
-	rule := types.PolicyRule{
-		Resource: makeValidRuleResource(),
-	}
-	// Not empty, but not valid
-	patch := types.PolicyPatch{}
-	rule.Patches = append(rule.Patches, patch)
-	// Not empty and valid
-	assert.Assert(t, rule.Validate() != nil)
-	rule.Patches[0] = types.PolicyPatch{
-		Path:      "/",
-		Operation: "add",
-		Value:     "some",
-	}
-	assert.Assert(t, rule.Validate() == nil)
-}
-
-func TestPolicyRule_Validate_ConfigGenerators(t *testing.T) {
-	rule := types.PolicyRule{
-		Resource: makeValidRuleResource(),
-	}
-	// Not empty, but not valid
-	rule.ConfigMapGenerator = &types.PolicyConfigGenerator{
-		Name: "test-generator",
-	}
-	assert.Assert(t, rule.Validate() != nil)
-	// Not empty and valid
-	rule.ConfigMapGenerator.Data = make(map[string]string)
-	rule.ConfigMapGenerator.Data["some-data"] = "some-value"
-	assert.Assert(t, rule.Validate() == nil)
-	rule.SecretGenerator = rule.ConfigMapGenerator
-	assert.Assert(t, rule.Validate() == nil)
-	rule.ConfigMapGenerator = nil
-	assert.Assert(t, rule.Validate() == nil)
-	// Not valid again
-	rule.SecretGenerator.Name = ""
-	assert.Assert(t, rule.Validate() != nil)
-}
diff --git a/pkg/engine/utils_test.go b/pkg/engine/utils_test.go
new file mode 100644
index 0000000000..bf0bce425e
--- /dev/null
+++ b/pkg/engine/utils_test.go
@@ -0,0 +1,333 @@
+package engine
+
+import (
+	"testing"
+
+	types "github.com/nirmata/kyverno/pkg/apis/policy/v1alpha1"
+	"gotest.tools/assert"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+func TestResourceMeetsDescription_Kind(t *testing.T) {
+	resourceName := "test-config-map"
+	resourceDescription := types.ResourceDescription{
+		Kinds: []string{"ConfigMap"},
+		Name:  &resourceName,
+		Selector: &metav1.LabelSelector{
+			MatchLabels:      nil,
+			MatchExpressions: nil,
+		},
+	}
+	groupVersionKind := metav1.GroupVersionKind{Kind: "ConfigMap"}
+
+	rawResource := []byte(`{
+		"metadata":{
+			"name":"test-config-map",
+			"namespace":"default",
+			"creationTimestamp":null,
+			"labels":{
+				"label1":"test1",
+				"label2":"test2"
+			}
+		}
+	}`)
+
+	assert.Assert(t, ResourceMeetsDescription(rawResource, resourceDescription, groupVersionKind))
+	resourceDescription.Kinds[0] = "Deployment"
+	assert.Assert(t, false == ResourceMeetsDescription(rawResource, resourceDescription, groupVersionKind))
+	resourceDescription.Kinds[0] = "ConfigMap"
+	groupVersionKind.Kind = "Deployment"
+	assert.Assert(t, false == ResourceMeetsDescription(rawResource, resourceDescription, groupVersionKind))
+}
+
+func TestResourceMeetsDescription_Name(t *testing.T) {
+	resourceName := "test-config-map"
+	resourceDescription := types.ResourceDescription{
+		Kinds: []string{"ConfigMap"},
+		Name:  &resourceName,
+		Selector: &metav1.LabelSelector{
+			MatchLabels:      nil,
+			MatchExpressions: nil,
+		},
+	}
+	groupVersionKind := metav1.GroupVersionKind{Kind: "ConfigMap"}
+
+	rawResource := []byte(`{
+		"metadata":{
+			"name":"test-config-map",
+			"namespace":"default",
+			"creationTimestamp":null,
+			"labels":{
+				"label1":"test1",
+				"label2":"test2"
+			}
+		}
+	}`)
+
+	assert.Assert(t, ResourceMeetsDescription(rawResource, resourceDescription, groupVersionKind))
+	resourceName = "test-config-map-new"
+	assert.Assert(t, false == ResourceMeetsDescription(rawResource, resourceDescription, groupVersionKind))
+
+	rawResource = []byte(`{
+		"metadata":{
+			"name":"test-config-map-new",
+			"namespace":"default",
+			"creationTimestamp":null,
+			"labels":{
+				"label1":"test1",
+				"label2":"test2"
+			}
+		}
+	}`)
+	assert.Assert(t, ResourceMeetsDescription(rawResource, resourceDescription, groupVersionKind))
+
+	rawResource = []byte(`{
+		"metadata":{
+			"name":"",
+			"namespace":"default",
+			"creationTimestamp":null,
+			"labels":{
+				"label1":"test1",
+				"label2":"test2"
+			}
+		}
+	}`)
+	assert.Assert(t, false == ResourceMeetsDescription(rawResource, resourceDescription, groupVersionKind))
+}
+
+func TestResourceMeetsDescription_MatchExpressions(t *testing.T) {
+	resourceName := "test-config-map"
+	resourceDescription := types.ResourceDescription{
+		Kinds: []string{"ConfigMap"},
+		Name:  &resourceName,
+		Selector: &metav1.LabelSelector{
+			MatchLabels: nil,
+			MatchExpressions: []metav1.LabelSelectorRequirement{
+				metav1.LabelSelectorRequirement{
+					Key:      "label2",
+					Operator: "NotIn",
+					Values: []string{
+						"sometest1",
+					},
+				},
+				metav1.LabelSelectorRequirement{
+					Key:      "label1",
+					Operator: "In",
+					Values: []string{
+						"test1",
+						"test8",
+						"test201",
+					},
+				},
+				metav1.LabelSelectorRequirement{
+					Key:      "label3",
+					Operator: "DoesNotExist",
+					Values:   nil,
+				},
+				metav1.LabelSelectorRequirement{
+					Key:      "label2",
+					Operator: "In",
+					Values: []string{
+						"test2",
+					},
+				},
+			},
+		},
+	}
+	groupVersionKind := metav1.GroupVersionKind{Kind: "ConfigMap"}
+	rawResource := []byte(`{
+		"metadata":{
+			"name":"test-config-map",
+			"namespace":"default",
+			"creationTimestamp":null,
+			"labels":{
+				"label1":"test1",
+				"label2":"test2"
+			}
+		}
+	}`)
+
+	assert.Assert(t, ResourceMeetsDescription(rawResource, resourceDescription, groupVersionKind))
+
+	rawResource = []byte(`{
+		"metadata":{
+			"name":"test-config-map",
+			"namespace":"default",
+			"creationTimestamp":null,
+			"labels":{
+				"label1":"test1234567890",
+				"label2":"test2"
+			}
+		}
+	}`)
+
+	assert.Assert(t, false == ResourceMeetsDescription(rawResource, resourceDescription, groupVersionKind))
+}
+
+func TestResourceMeetsDescription_MatchLabels(t *testing.T) {
+	resourceName := "test-config-map"
+	resourceDescription := types.ResourceDescription{
+		Kinds: []string{"ConfigMap"},
+		Name:  &resourceName,
+		Selector: &metav1.LabelSelector{
+			MatchLabels: map[string]string{
+				"label1": "test1",
+				"label2": "test2",
+			},
+			MatchExpressions: nil,
+		},
+	}
+	groupVersionKind := metav1.GroupVersionKind{Kind: "ConfigMap"}
+
+	rawResource := []byte(`{
+		"metadata":{
+			"name":"test-config-map",
+			"namespace":"default",
+			"creationTimestamp":null,
+			"labels":{
+				"label1":"test1",
+				"label2":"test2"
+			}
+		}
+	}`)
+	assert.Assert(t, ResourceMeetsDescription(rawResource, resourceDescription, groupVersionKind))
+
+	rawResource = []byte(`{
+		"metadata":{
+			"name":"test-config-map",
+			"namespace":"default",
+			"creationTimestamp":null,
+			"labels":{
+				"label3":"test1",
+				"label2":"test2"
+			}
+		}
+	}`)
+	assert.Assert(t, false == ResourceMeetsDescription(rawResource, resourceDescription, groupVersionKind))
+
+	resourceDescription = types.ResourceDescription{
+		Kinds: []string{"ConfigMap"},
+		Name:  &resourceName,
+		Selector: &metav1.LabelSelector{
+			MatchLabels: map[string]string{
+				"label3": "test1",
+				"label2": "test2",
+			},
+			MatchExpressions: nil,
+		},
+	}
+
+	assert.Assert(t, ResourceMeetsDescription(rawResource, resourceDescription, groupVersionKind))
+}
+
+func TestResourceMeetsDescription_MatchLabelsAndMatchExpressions(t *testing.T) {
+	resourceName := "test-config-map"
+	resourceDescription := types.ResourceDescription{
+		Kinds: []string{"ConfigMap"},
+		Name:  &resourceName,
+		Selector: &metav1.LabelSelector{
+			MatchLabels: map[string]string{
+				"label1": "test1",
+			},
+			MatchExpressions: []metav1.LabelSelectorRequirement{
+				metav1.LabelSelectorRequirement{
+					Key:      "label2",
+					Operator: "In",
+					Values: []string{
+						"test2",
+					},
+				},
+			},
+		},
+	}
+	groupVersionKind := metav1.GroupVersionKind{Kind: "ConfigMap"}
+
+	rawResource := []byte(`{
+		"metadata":{
+			"name":"test-config-map",
+			"namespace":"default",
+			"creationTimestamp":null,
+			"labels":{
+				"label1":"test1",
+				"label2":"test2"
+			}
+		}
+	}`)
+
+	assert.Assert(t, ResourceMeetsDescription(rawResource, resourceDescription, groupVersionKind))
+
+	resourceDescription = types.ResourceDescription{
+		Kinds: []string{"ConfigMap"},
+		Name:  &resourceName,
+		Selector: &metav1.LabelSelector{
+			MatchLabels: map[string]string{
+				"label1": "test1",
+			},
+			MatchExpressions: []metav1.LabelSelectorRequirement{
+				metav1.LabelSelectorRequirement{
+					Key:      "label2",
+					Operator: "NotIn",
+					Values: []string{
+						"sometest1",
+					},
+				},
+			},
+		},
+	}
+
+	rawResource = []byte(`{
+		"metadata":{
+			"name":"test-config-map",
+			"namespace":"default",
+			"creationTimestamp":null,
+			"labels":{
+				"label1":"test1",
+				"label2":"test2"
+			}
+		}
+	}`)
+	assert.Assert(t, ResourceMeetsDescription(rawResource, resourceDescription, groupVersionKind))
+
+	resourceDescription = types.ResourceDescription{
+		Kinds: []string{"ConfigMap"},
+		Name:  &resourceName,
+		Selector: &metav1.LabelSelector{
+			MatchLabels: map[string]string{
+				"label1": "test1",
+			},
+			MatchExpressions: []metav1.LabelSelectorRequirement{
+				metav1.LabelSelectorRequirement{
+					Key:      "label2",
+					Operator: "In",
+					Values: []string{
+						"sometest1",
+					},
+				},
+			},
+		},
+	}
+
+	assert.Assert(t, false == ResourceMeetsDescription(rawResource, resourceDescription, groupVersionKind))
+
+	resourceDescription = types.ResourceDescription{
+		Kinds: []string{"ConfigMap"},
+		Name:  &resourceName,
+		Selector: &metav1.LabelSelector{
+			MatchLabels: map[string]string{
+				"label1": "test1",
+				"label3": "test3",
+			},
+			MatchExpressions: []metav1.LabelSelectorRequirement{
+				metav1.LabelSelectorRequirement{
+					Key:      "label2",
+					Operator: "In",
+					Values: []string{
+						"test2",
+					},
+				},
+			},
+		},
+	}
+
+	assert.Assert(t, false == ResourceMeetsDescription(rawResource, resourceDescription, groupVersionKind))
+}
diff --git a/pkg/webhooks/admission_test.go b/pkg/webhooks/admission_test.go
index 40667713d9..d753352a72 100644
--- a/pkg/webhooks/admission_test.go
+++ b/pkg/webhooks/admission_test.go
@@ -1,226 +1 @@
 package webhooks_test
-
-import (
-	"testing"
-
-	"gotest.tools/assert"
-
-	types "github.com/nirmata/kyverno/pkg/apis/policy/v1alpha1"
-	"github.com/nirmata/kyverno/webhooks"
-	v1beta1 "k8s.io/api/admission/v1beta1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-func TestAdmissionIsRequired(t *testing.T) {
-	var request v1beta1.AdmissionRequest
-	request.Kind.Kind = "ConfigMap"
-	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
-	request.Kind.Kind = "CronJob"
-	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
-	request.Kind.Kind = "DaemonSet"
-	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
-	request.Kind.Kind = "Deployment"
-	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
-	request.Kind.Kind = "Endpoints"
-	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
-	request.Kind.Kind = "HorizontalPodAutoscaler"
-	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
-	request.Kind.Kind = "Ingress"
-	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
-	request.Kind.Kind = "Job"
-	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
-	request.Kind.Kind = "LimitRange"
-	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
-	request.Kind.Kind = "Namespace"
-	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
-	request.Kind.Kind = "NetworkPolicy"
-	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
-	request.Kind.Kind = "PersistentVolumeClaim"
-	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
-	request.Kind.Kind = "PodDisruptionBudget"
-	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
-	request.Kind.Kind = "PodTemplate"
-	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
-	request.Kind.Kind = "ResourceQuota"
-	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
-	request.Kind.Kind = "Secret"
-	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
-	request.Kind.Kind = "Service"
-	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
-	request.Kind.Kind = "StatefulSet"
-	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
-}
-
-func TestIsRuleResourceFitsRequest_Kind(t *testing.T) {
-	resourceName := "test-config-map"
-	resource := types.PolicyResource{
-		Kind: "ConfigMap",
-		Name: &resourceName,
-	}
-	request := v1beta1.AdmissionRequest{
-		Kind: metav1.GroupVersionKind{Kind: "ConfigMap"},
-	}
-
-	objectByteArray := []byte(`{"metadata":{"name":"test-config-map","namespace":"default","creationTimestamp":null,"labels":{"label1":"test1","label2":"test2"}}}`)
-	request.Object.Raw = objectByteArray
-
-	assert.Assert(t, webhooks.IsRuleApplicableToRequest(resource, &request))
-	resource.Kind = "Deployment"
-	assert.Assert(t, false == webhooks.IsRuleApplicableToRequest(resource, &request))
-}
-
-func TestIsRuleResourceFitsRequest_Name(t *testing.T) {
-	resourceName := "test-config-map"
-	resource := types.PolicyResource{
-		Kind: "ConfigMap",
-		Name: &resourceName,
-	}
-	request := v1beta1.AdmissionRequest{
-		Kind: metav1.GroupVersionKind{Kind: "ConfigMap"},
-	}
-
-	objectByteArray := []byte(`{"metadata":{"name":"test-config-map","namespace":"default","creationTimestamp":null,"labels":{"label1":"test1","label2":"test2"}}}`)
-	request.Object.Raw = objectByteArray
-	assert.Assert(t, webhooks.IsRuleApplicableToRequest(resource, &request))
-	resourceName = "test-config-map-new"
-	assert.Assert(t, false == webhooks.IsRuleApplicableToRequest(resource, &request))
-
-	objectByteArray = []byte(`{"metadata":{"name":"test-config-map-new","namespace":"default","creationTimestamp":null,"labels":{"label1":"test1","label2":"test2"}}}`)
-	request.Object.Raw = objectByteArray
-	assert.Assert(t, webhooks.IsRuleApplicableToRequest(resource, &request))
-
-	objectByteArray = []byte(`{"metadata":{"name":"","namespace":"default","creationTimestamp":null,"labels":{"label1":"test1","label2":"test2"}}}`)
-	request.Object.Raw = objectByteArray
-	assert.Assert(t, false == webhooks.IsRuleApplicableToRequest(resource, &request))
-}
-
-func TestIsRuleResourceFitsRequest_MatchExpressions(t *testing.T) {
-	request := v1beta1.AdmissionRequest{
-		Kind: metav1.GroupVersionKind{Kind: "ConfigMap"},
-	}
-
-	resource := types.PolicyResource{
-		Kind: "ConfigMap",
-		Selector: &metav1.LabelSelector{
-			MatchLabels: nil,
-			MatchExpressions: []metav1.LabelSelectorRequirement{
-				metav1.LabelSelectorRequirement{
-					Key:      "label2",
-					Operator: "NotIn",
-					Values: []string{
-						"sometest1",
-					},
-				},
-				metav1.LabelSelectorRequirement{
-					Key:      "label1",
-					Operator: "In",
-					Values: []string{
-						"test1",
-						"test8",
-						"test201",
-					},
-				},
-				metav1.LabelSelectorRequirement{
-					Key:      "label3",
-					Operator: "DoesNotExist",
-					Values:   nil,
-				},
-			},
-		},
-	}
-
-	objectByteArray := []byte(`{"metadata":{"name":"test-config-map","namespace":"default","creationTimestamp":null,"labels":{"label1":"test1","label2":"test2"}}}`)
-	request.Object.Raw = objectByteArray
-
-	assert.Assert(t, webhooks.IsRuleApplicableToRequest(resource, &request))
-}
-
-func TestIsRuleResourceFitsRequest_MatchLabels(t *testing.T) {
-	resource := types.PolicyResource{
-		Kind: "ConfigMap",
-		Selector: &metav1.LabelSelector{
-			MatchLabels: map[string]string{
-				"label1": "test1",
-				"label2": "test2",
-			},
-			MatchExpressions: nil,
-		},
-	}
-
-	request := v1beta1.AdmissionRequest{
-		Kind: metav1.GroupVersionKind{Kind: "ConfigMap"},
-	}
-
-	objectByteArray := []byte(`{"metadata":{"name":"test-config-map","namespace":"default","creationTimestamp":null,"labels":{"label1":"test1","label2":"test2"}}}`)
-	request.Object.Raw = objectByteArray
-	assert.Assert(t, webhooks.IsRuleApplicableToRequest(resource, &request))
-
-	objectByteArray = []byte(`{"metadata":{"name":"test-config-map","namespace":"default","creationTimestamp":null,"labels":{"label3":"test1","label2":"test2"}}}`)
-	request.Object.Raw = objectByteArray
-	assert.Assert(t, false == webhooks.IsRuleApplicableToRequest(resource, &request))
-
-	resource = types.PolicyResource{
-		Kind: "ConfigMap",
-		Selector: &metav1.LabelSelector{
-			MatchLabels: map[string]string{
-				"label3": "test1",
-				"label2": "test2",
-			},
-			MatchExpressions: nil,
-		},
-	}
-
-	assert.Assert(t, webhooks.IsRuleApplicableToRequest(resource, &request))
-}
-
-func TestIsRuleResourceFitsRequest_MatchLabelsAndMatchExpressions(t *testing.T) {
-	request := v1beta1.AdmissionRequest{
-		Kind: metav1.GroupVersionKind{Kind: "ConfigMap"},
-	}
-
-	resource := types.PolicyResource{
-		Kind: "ConfigMap",
-		Selector: &metav1.LabelSelector{
-			MatchLabels: map[string]string{
-				"label1": "test1",
-			},
-			MatchExpressions: []metav1.LabelSelectorRequirement{
-				metav1.LabelSelectorRequirement{
-					Key:      "label2",
-					Operator: "In",
-					Values: []string{
-						"test2",
-					},
-				},
-			},
-		},
-	}
-
-	objectByteArray := []byte(`{"metadata":{"name":"test-config-map","namespace":"default","creationTimestamp":null,"labels":{"label1":"test1","label2":"test2"}}}`)
-	request.Object.Raw = objectByteArray
-
-	assert.Assert(t, webhooks.IsRuleApplicableToRequest(resource, &request))
-
-	resource = types.PolicyResource{
-		Kind: "ConfigMap",
-		Selector: &metav1.LabelSelector{
-			MatchLabels: map[string]string{
-				"label1": "test1",
-			},
-			MatchExpressions: []metav1.LabelSelectorRequirement{
-				metav1.LabelSelectorRequirement{
-					Key:      "label2",
-					Operator: "NotIn",
-					Values: []string{
-						"sometest1",
-					},
-				},
-			},
-		},
-	}
-
-	objectByteArray = []byte(`{"metadata":{"name":"test-config-map","namespace":"default","creationTimestamp":null,"labels":{"label1":"test1","label2":"test2"}}}`)
-	request.Object.Raw = objectByteArray
-
-	assert.Assert(t, webhooks.IsRuleApplicableToRequest(resource, &request))
-}
diff --git a/pkg/webhooks/registration.go b/pkg/webhooks/registration.go
index 0ec020c750..b269f94227 100644
--- a/pkg/webhooks/registration.go
+++ b/pkg/webhooks/registration.go
@@ -4,8 +4,8 @@ import (
 	"errors"
 	"io/ioutil"
 
-	"github.com/nirmata/kyverno/pkg/dclient"
 	"github.com/nirmata/kyverno/pkg/config"
+	client "github.com/nirmata/kyverno/pkg/dclient"
 
 	admregapi "k8s.io/api/admissionregistration/v1beta1"
 	meta "k8s.io/apimachinery/pkg/apis/meta/v1"
diff --git a/pkg/webhooks/registration_test.go b/pkg/webhooks/registration_test.go
index e4ca630cf0..eb3cad3f78 100644
--- a/pkg/webhooks/registration_test.go
+++ b/pkg/webhooks/registration_test.go
@@ -1,11 +1,10 @@
-package webhooks_test
+package webhooks
 
 import (
 	"bytes"
 	"io/ioutil"
 	"testing"
 
-	"github.com/nirmata/kyverno/pkg/webhooks"
 	"gotest.tools/assert"
 	rest "k8s.io/client-go/rest"
 )
@@ -22,7 +21,7 @@ func TestExtractCA_EmptyBundle(t *testing.T) {
 
 	expected, err := ioutil.ReadFile(CAFile)
 	assert.Assert(t, err == nil)
-	actual := webhooks.ExtractCA(config)
+	actual := extractCA(config)
 	assert.Assert(t, bytes.Equal(expected, actual))
 }
 
@@ -36,7 +35,7 @@ func TestExtractCA_EmptyCAFile(t *testing.T) {
 		},
 	}
 
-	actual := webhooks.ExtractCA(config)
+	actual := extractCA(config)
 	assert.Assert(t, bytes.Equal(CABundle, actual))
 }
 
@@ -48,7 +47,7 @@ func TestExtractCA_EmptyConfig(t *testing.T) {
 		},
 	}
 
-	actual := webhooks.ExtractCA(config)
+	actual := extractCA(config)
 	assert.Assert(t, actual == nil)
 }
 
@@ -60,6 +59,6 @@ func TestExtractCA_InvalidFile(t *testing.T) {
 		},
 	}
 
-	actual := webhooks.ExtractCA(config)
+	actual := extractCA(config)
 	assert.Assert(t, actual == nil)
 }
diff --git a/pkg/webhooks/server.go b/pkg/webhooks/server.go
index 5dc06c9055..81fd2b23d9 100644
--- a/pkg/webhooks/server.go
+++ b/pkg/webhooks/server.go
@@ -89,6 +89,7 @@ func (ws *WebhookServer) serve(w http.ResponseWriter, r *http.Request) {
 	admissionReview.Response.UID = admissionReview.Request.UID
 
 	responseJson, err := json.Marshal(admissionReview)
+
 	if err != nil {
 		http.Error(w, fmt.Sprintf("Could not encode response: %v", err), http.StatusInternalServerError)
 		return
@@ -116,7 +117,7 @@ func (ws *WebhookServer) Stop() {
 	err := ws.server.Shutdown(context.Background())
 	if err != nil {
 		// Error from closing listeners, or context timeout:
-		glog.Info("Server Shutdown error: %v", err)
+		glog.Info("Server Shutdown error: ", err)
 		ws.server.Close()
 	}
 }
@@ -239,7 +240,7 @@ func (ws *WebhookServer) bodyToAdmissionReview(request *http.Request, writer htt
 
 	contentType := request.Header.Get("Content-Type")
 	if contentType != "application/json" {
-		glog.Error("Error: invalid Content-Type: %v", contentType)
+		glog.Error("Error: invalid Content-Type: ", contentType)
 		http.Error(writer, "invalid Content-Type, expect `application/json`", http.StatusUnsupportedMediaType)
 		return nil
 	}