refactor: remove PolicySpec from engine api (#6159)

* refactor: introduce engine api package Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * status Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: clean engine api package Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: remove PolicySpec from engine api Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rm Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * constructor Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>
2025-03-31 03:45:17 +00:00 · 2023-02-10 09:11:21 +01:00 · 2023-02-10 09:11:21 +01:00 · ed5cf2cdde
commit ed5cf2cdde
parent 3a48c1fcaa
22 changed files with 114 additions and 94 deletions
--- a/cmd/cli/kubectl-kyverno/apply/report_test.go
+++ b/cmd/cli/kubectl-kyverno/apply/report_test.go
@ -94,6 +94,7 @@ func Test_buildPolicyReports(t *testing.T) {
 	var er engineapi.EngineResponse
 	err = json.Unmarshal(rawEngRes, &er)
 	er.Policy = &policy
 	assert.NilError(t, err)
 	info := kyvCommon.ProcessValidateEngineResponse(&policy, &er, "", rc, true, false)
@ -130,6 +131,7 @@ func Test_buildPolicyResults(t *testing.T) {
 	var er engineapi.EngineResponse
 	err = json.Unmarshal(rawEngRes, &er)
 	er.Policy = &policy
 	assert.NilError(t, err)
 	info := kyvCommon.ProcessValidateEngineResponse(&policy, &er, "", rc, true, false)
--- a/cmd/cli/kubectl-kyverno/test/test_command.go
+++ b/cmd/cli/kubectl-kyverno/test/test_command.go
@ -432,11 +432,11 @@ func buildPolicyResults(engineResponses []*engineapi.EngineResponse, testResults
 	now := metav1.Timestamp{Seconds: time.Now().Unix()}
 	for _, resp := range engineResponses {
-		policyName := resp.PolicyResponse.Policy.Name
+		policyName := resp.Policy.GetName()
 		resourceName := resp.PolicyResponse.Resource.Name
 		resourceKind := resp.PolicyResponse.Resource.Kind
 		resourceNamespace := resp.PolicyResponse.Resource.Namespace
-		policyNamespace := resp.PolicyResponse.Policy.Namespace
+		policyNamespace := resp.Policy.GetNamespace()
 		var rules []string
 		for _, rule := range resp.PolicyResponse.Rules {
--- a/cmd/cli/kubectl-kyverno/utils/common/common.go
+++ b/cmd/cli/kubectl-kyverno/utils/common/common.go
@ -789,7 +789,7 @@ func ProcessValidateEngineResponse(policy kyvernov1.PolicyInterface, validateRes
 func buildPVInfo(er *engineapi.EngineResponse, violatedRules []kyvernov1.ViolatedRule) Info {
 	info := Info{
-		PolicyName: er.PolicyResponse.Policy.Name,
+		PolicyName: er.Policy.GetName(),
 		Namespace:  er.PatchedResource.GetNamespace(),
 		Results: []EngineResponseResult{
 			{
@ -1115,7 +1115,7 @@ func handleGeneratePolicy(generateResponse *engineapi.EngineResponse, policyCont
 	gr := kyvernov1beta1.UpdateRequest{
 		Spec: kyvernov1beta1.UpdateRequestSpec{
 			Type:   kyvernov1beta1.Generate,
-			Policy: generateResponse.PolicyResponse.Policy.Name,
+			Policy: generateResponse.Policy.GetName(),
 			Resource: kyvernov1.ResourceSpec{
 				Kind:       generateResponse.PolicyResponse.Resource.Kind,
 				Namespace:  generateResponse.PolicyResponse.Resource.Namespace,
--- a/pkg/background/generate/generate.go
+++ b/pkg/background/generate/generate.go
@ -209,7 +209,7 @@ func (c *GenerateController) applyGenerate(resource unstructured.Unstructured, u
 		if r.Status != engineapi.RuleStatusPass {
 			logger.V(4).Info("querying all update requests")
 			selector := labels.SelectorFromSet(labels.Set(map[string]string{
-				kyvernov1beta1.URGeneratePolicyLabel:       engineResponse.PolicyResponse.Policy.Name,
+				kyvernov1beta1.URGeneratePolicyLabel:       engineResponse.Policy.GetName(),
 				kyvernov1beta1.URGenerateResourceNameLabel: engineResponse.PolicyResponse.Resource.Name,
 				kyvernov1beta1.URGenerateResourceKindLabel: engineResponse.PolicyResponse.Resource.Kind,
 				kyvernov1beta1.URGenerateResourceNSLabel:   engineResponse.PolicyResponse.Resource.Namespace,
--- a/pkg/controllers/report/utils/events.go
+++ b/pkg/controllers/report/utils/events.go
@ -23,7 +23,7 @@ func GenerateEvents(logger logr.Logger, eventGen event.Interface, config config.
 func generateSuccessEvents(log logr.Logger, ers ...*engineapi.EngineResponse) (eventInfos []event.Info) {
 	for _, er := range ers {
-		logger := log.WithValues("policy", er.PolicyResponse.Policy, "kind", er.PolicyResponse.Resource.Kind, "namespace", er.PolicyResponse.Resource.Namespace, "name", er.PolicyResponse.Resource.Name)
+		logger := log.WithValues("policy", er.Policy.GetName(), "kind", er.PolicyResponse.Resource.Kind, "namespace", er.PolicyResponse.Resource.Namespace, "name", er.PolicyResponse.Resource.Name)
 		if !er.IsFailed() {
 			logger.V(4).Info("generating event on policy for success rules")
 			e := event.NewPolicyAppliedEvent(event.PolicyController, er)
@ -55,7 +55,7 @@ func generateFailEvents(log logr.Logger, ers ...*engineapi.EngineResponse) (even
 func generateFailEventsPerEr(log logr.Logger, er *engineapi.EngineResponse) []event.Info {
 	var eventInfos []event.Info
 	logger := log.WithValues(
-		"policy", er.PolicyResponse.Policy.Name,
+		"policy", er.Policy.GetName(),
 		"kind", er.PolicyResponse.Resource.Kind,
 		"namespace", er.PolicyResponse.Resource.Namespace,
 		"name", er.PolicyResponse.Resource.Name,
--- a/pkg/engine/api/engineresponse.go
+++ b/pkg/engine/api/engineresponse.go
@ -21,6 +21,14 @@ type EngineResponse struct {
 	NamespaceLabels map[string]string
 }
 func NewEngineResponse(
 	policy kyvernov1.PolicyInterface,
 ) *EngineResponse {
 	return &EngineResponse{
 		Policy: policy,
 	}
 }
 // IsOneOf checks if any rule has status in a given list
 func (er EngineResponse) IsOneOf(status ...RuleStatus) bool {
 	for _, r := range er.PolicyResponse.Rules {
--- a/pkg/engine/api/policyresponse.go
+++ b/pkg/engine/api/policyresponse.go
@ -13,8 +13,6 @@ type ValidationFailureActionOverride struct {
 // PolicyResponse policy application response
 type PolicyResponse struct {
 	// Policy contains policy details
 	Policy PolicySpec
 	// Resource contains resource details
 	Resource ResourceSpec
 	// PolicyStats contains policy statistics
--- a/pkg/engine/api/policyspec.go
+++ b/pkg/engine/api/policyspec.go
@ -1,7 +0,0 @@
 package api
 // PolicySpec policy
 type PolicySpec struct {
 	Name      string
 	Namespace string
 }
--- a/pkg/engine/background.go
+++ b/pkg/engine/background.go
@ -37,12 +37,8 @@ func (e *engine) filterRules(
 	name := newResource.GetName()
 	namespace := newResource.GetNamespace()
 	apiVersion := newResource.GetAPIVersion()
-	resp := &engineapi.EngineResponse{
+	resp := engineapi.NewEngineResponse(policy)
-		PolicyResponse: engineapi.PolicyResponse{
+	resp.PolicyResponse = engineapi.PolicyResponse{
 			Policy: engineapi.PolicySpec{
 				Name:      policy.GetName(),
 				Namespace: policy.GetNamespace(),
 			},
 		PolicyStats: engineapi.PolicyStats{
 			ExecutionStats: engineapi.ExecutionStats{
 				Timestamp: startTime.Unix(),
@ -54,7 +50,6 @@ func (e *engine) filterRules(
 			Namespace:  namespace,
 			APIVersion: apiVersion,
 		},
 		},
 	}
 	if e.configuration.ToFilter(kind, namespace, name) {
--- a/pkg/engine/generation.go
+++ b/pkg/engine/generation.go
@ -9,7 +9,6 @@ import (
 	"github.com/kyverno/kyverno/pkg/autogen"
 	engineapi "github.com/kyverno/kyverno/pkg/engine/api"
 	"github.com/kyverno/kyverno/pkg/engine/internal"
 	"k8s.io/client-go/tools/cache"
 )
 // GenerateResponse checks for validity of generate rule on the resource
@ -33,16 +32,8 @@ func (e *engine) filterGenerateRules(
 	name := newResource.GetName()
 	namespace := newResource.GetNamespace()
 	apiVersion := newResource.GetAPIVersion()
-	pNamespace, pName, err := cache.SplitMetaNamespaceKey(policyNameKey)
+	resp := engineapi.NewEngineResponse(policyContext.Policy())
-	if err != nil {
+	resp.PolicyResponse = engineapi.PolicyResponse{
 		logger.Error(err, "failed to spilt name and namespace", "policy.key", policyNameKey)
 	}
 	resp := &engineapi.EngineResponse{
 		PolicyResponse: engineapi.PolicyResponse{
 			Policy: engineapi.PolicySpec{
 				Name:      pName,
 				Namespace: pNamespace,
 			},
 		PolicyStats: engineapi.PolicyStats{
 			ExecutionStats: engineapi.ExecutionStats{
 				Timestamp: startTime.Unix(),
@ -54,7 +45,6 @@ func (e *engine) filterGenerateRules(
 			Namespace:  namespace,
 			APIVersion: apiVersion,
 		},
 		},
 	}
 	if e.configuration.ToFilter(kind, namespace, name) {
 		logger.Info("resource excluded")
--- a/pkg/engine/imageVerify.go
+++ b/pkg/engine/imageVerify.go
@ -24,9 +24,8 @@ func (e *engine) verifyAndPatchImages(
 	logger logr.Logger,
 	policyContext engineapi.PolicyContext,
 ) (*engineapi.EngineResponse, *engineapi.ImageVerificationMetadata) {
 	resp := &engineapi.EngineResponse{}
 	policy := policyContext.Policy()
 	resp := engineapi.NewEngineResponse(policy)
 	startTime := time.Now()
 	defer func() {
 		internal.BuildResponse(policyContext, resp, startTime)
--- a/pkg/engine/internal/response.go
+++ b/pkg/engine/internal/response.go
@ -58,8 +58,6 @@ func BuildResponse(ctx engineapi.PolicyContext, resp *engineapi.EngineResponse,
 	}
 	policy := ctx.Policy()
 	resp.Policy = policy
 	resp.PolicyResponse.Policy.Name = policy.GetName()
 	resp.PolicyResponse.Policy.Namespace = policy.GetNamespace()
 	resp.PolicyResponse.Resource.Name = resp.PatchedResource.GetName()
 	resp.PolicyResponse.Resource.Namespace = resp.PatchedResource.GetNamespace()
 	resp.PolicyResponse.Resource.Kind = resp.PatchedResource.GetKind()
--- a/pkg/engine/mutation.go
+++ b/pkg/engine/mutation.go
@ -28,9 +28,7 @@ func (e *engine) mutate(
 ) (resp *engineapi.EngineResponse) {
 	startTime := time.Now()
 	policy := policyContext.Policy()
-	resp = &engineapi.EngineResponse{
+	resp = engineapi.NewEngineResponse(policy)
 		Policy: policy,
 	}
 	matchedResource := policyContext.NewResource()
 	enginectx := policyContext.JSONContext()
 	var skippedRules []string
@ -350,9 +348,6 @@ func startMutateResultResponse(resp *engineapi.EngineResponse, policy kyvernov1.
 	if resp == nil {
 		return
 	}
 	resp.PolicyResponse.Policy.Name = policy.GetName()
 	resp.PolicyResponse.Policy.Namespace = policy.GetNamespace()
 	resp.PolicyResponse.Resource.Name = resource.GetName()
 	resp.PolicyResponse.Resource.Namespace = resource.GetNamespace()
 	resp.PolicyResponse.Resource.Kind = resource.GetKind()
@ -363,7 +358,6 @@ func endMutateResultResponse(logger logr.Logger, resp *engineapi.EngineResponse,
 	if resp == nil {
 		return
 	}
 	resp.PolicyResponse.ProcessingTime = time.Since(startTime)
 	resp.PolicyResponse.Timestamp = startTime.Unix()
 	logger.V(5).Info("finished processing policy", "processingTime", resp.PolicyResponse.ProcessingTime.String(), "mutationRulesApplied", resp.PolicyResponse.RulesAppliedCount)
--- a/pkg/event/events.go
+++ b/pkg/event/events.go
@ -12,8 +12,8 @@ import (
 func NewPolicyFailEvent(source Source, reason Reason, engineResponse *engineapi.EngineResponse, ruleResp *engineapi.RuleResponse, blocked bool) Info {
 	return Info{
 		Kind:      getPolicyKind(engineResponse.Policy),
-		Name:      engineResponse.PolicyResponse.Policy.Name,
+		Name:      engineResponse.Policy.GetName(),
-		Namespace: engineResponse.PolicyResponse.Policy.Namespace,
+		Namespace: engineResponse.Policy.GetNamespace(),
 		Reason:    reason,
 		Source:    source,
 		Message:   buildPolicyEventMessage(ruleResp, engineResponse.GetResourceSpec(), blocked),
@ -60,8 +60,8 @@ func NewPolicyAppliedEvent(source Source, engineResponse *engineapi.EngineRespon
 	return Info{
 		Kind:      getPolicyKind(engineResponse.Policy),
-		Name:      engineResponse.PolicyResponse.Policy.Name,
+		Name:      engineResponse.Policy.GetName(),
-		Namespace: engineResponse.PolicyResponse.Policy.Namespace,
+		Namespace: engineResponse.Policy.GetNamespace(),
 		Reason:    PolicyApplied,
 		Source:    source,
 		Message:   bldr.String(),
@ -127,15 +127,15 @@ func NewPolicyExceptionEvents(engineResponse *engineapi.EngineResponse, ruleResp
 	exceptionName, exceptionNamespace := getExceptionEventInfoFromRuleResponseMsg(ruleResp.Message)
 	policyMessage := fmt.Sprintf("resource %s was skipped from rule %s due to policy exception %s/%s", engineResponse.PatchedResource.GetName(), ruleResp.Name, exceptionNamespace, exceptionName)
 	var exceptionMessage string
-	if engineResponse.PolicyResponse.Policy.Namespace == "" {
+	if engineResponse.Policy.GetNamespace() == "" {
-		exceptionMessage = fmt.Sprintf("resource %s was skipped from policy rule %s/%s", engineResponse.PatchedResource.GetName(), engineResponse.PolicyResponse.Policy.Name, ruleResp.Name)
+		exceptionMessage = fmt.Sprintf("resource %s was skipped from policy rule %s/%s", engineResponse.PatchedResource.GetName(), engineResponse.Policy.GetName(), ruleResp.Name)
 	} else {
-		exceptionMessage = fmt.Sprintf("resource %s was skipped from policy rule %s/%s/%s", engineResponse.PatchedResource.GetName(), engineResponse.PolicyResponse.Policy.Namespace, engineResponse.PolicyResponse.Policy.Name, ruleResp.Name)
+		exceptionMessage = fmt.Sprintf("resource %s was skipped from policy rule %s/%s/%s", engineResponse.PatchedResource.GetName(), engineResponse.Policy.GetNamespace(), engineResponse.Policy.GetName(), ruleResp.Name)
 	}
 	policyEvent := Info{
 		Kind:      getPolicyKind(engineResponse.Policy),
-		Name:      engineResponse.PolicyResponse.Policy.Name,
+		Name:      engineResponse.Policy.GetName(),
-		Namespace: engineResponse.PolicyResponse.Policy.Namespace,
+		Namespace: engineResponse.Policy.GetNamespace(),
 		Reason:    PolicySkipped,
 		Message:   policyMessage,
 	}
--- a/pkg/utils/annotations.go
+++ b/pkg/utils/annotations.go
@ -95,14 +95,14 @@ func annotationFromEngineResponses(engineResponses []*engineapi.EngineResponse,
 	annotationContent := make(map[string]string)
 	for _, engineResponse := range engineResponses {
 		if !engineResponse.IsSuccessful() {
-			log.V(3).Info("skip building annotation; policy failed to apply", "policy", engineResponse.PolicyResponse.Policy.Name)
+			log.V(3).Info("skip building annotation; policy failed to apply", "policy", engineResponse.Policy.GetName())
 			continue
 		}
 		rulePatches := annotationFromPolicyResponse(engineResponse.PolicyResponse, log)
 		if rulePatches == nil {
 			continue
 		}
-		policyName := engineResponse.PolicyResponse.Policy.Name
+		policyName := engineResponse.Policy.GetName()
 		for _, rulePatch := range rulePatches {
 			annotationContent[rulePatch.RuleName+"."+policyName+".kyverno.io"] = OperationToPastTense[rulePatch.Op] + " " + rulePatch.Path
 		}
--- a/pkg/utils/annotations_test.go
+++ b/pkg/utils/annotations_test.go
@ -3,20 +3,21 @@ package utils
 import (
 	"testing"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	engineapi "github.com/kyverno/kyverno/pkg/engine/api"
 	"github.com/kyverno/kyverno/pkg/logging"
 	"gotest.tools/assert"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 )
-func newPolicyResponse(policy, rule string, patchesStr []string, status engineapi.RuleStatus) engineapi.PolicyResponse {
+func newPolicyResponse(rule string, patchesStr []string, status engineapi.RuleStatus) engineapi.PolicyResponse {
 	var patches [][]byte
 	for _, p := range patchesStr {
 		patches = append(patches, []byte(p))
 	}
 	return engineapi.PolicyResponse{
 		Policy: engineapi.PolicySpec{Name: policy},
 		Rules: []engineapi.RuleResponse{
 			{
 				Name:    rule,
@ -29,6 +30,11 @@ func newPolicyResponse(policy, rule string, patchesStr []string, status engineap
 func newEngineResponse(policy, rule string, patchesStr []string, status engineapi.RuleStatus, annotation map[string]interface{}) *engineapi.EngineResponse {
 	return &engineapi.EngineResponse{
 		Policy: &kyvernov1.ClusterPolicy{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: policy,
 			},
 		},
 		PatchedResource: unstructured.Unstructured{
 			Object: map[string]interface{}{
 				"metadata": map[string]interface{}{
@ -36,7 +42,7 @@ func newEngineResponse(policy, rule string, patchesStr []string, status engineap
 				},
 			},
 		},
-		PolicyResponse: newPolicyResponse(policy, rule, patchesStr, status),
+		PolicyResponse: newPolicyResponse(rule, patchesStr, status),
 	}
 }
--- a/pkg/webhooks/resource/generation/generation.go
+++ b/pkg/webhooks/resource/generation/generation.go
@ -245,7 +245,7 @@ func (h *generationHandler) handleUpdateGenerateTargetResource(ctx context.Conte
 func (h *generationHandler) deleteGR(ctx context.Context, engineResponse *engineapi.EngineResponse) {
 	h.log.V(4).Info("querying all update requests")
 	selector := labels.SelectorFromSet(labels.Set(map[string]string{
-		kyvernov1beta1.URGeneratePolicyLabel:       engineResponse.PolicyResponse.Policy.Name,
+		kyvernov1beta1.URGeneratePolicyLabel:       engineResponse.Policy.GetName(),
 		kyvernov1beta1.URGenerateResourceNameLabel: engineResponse.PolicyResponse.Resource.Name,
 		kyvernov1beta1.URGenerateResourceKindLabel: engineResponse.PolicyResponse.Resource.Kind,
 		kyvernov1beta1.URGenerateResourceNSLabel:   engineResponse.PolicyResponse.Resource.Namespace,
--- a/pkg/webhooks/resource/generation/utils.go
+++ b/pkg/webhooks/resource/generation/utils.go
@ -141,10 +141,10 @@ func applyUpdateRequest(
 func transform(admissionRequestInfo kyvernov1beta1.AdmissionRequestInfoObject, userRequestInfo kyvernov1beta1.RequestInfo, er *engineapi.EngineResponse, ruleType kyvernov1beta1.RequestType) kyvernov1beta1.UpdateRequestSpec {
 	var PolicyNameNamespaceKey string
-	if er.PolicyResponse.Policy.Namespace != "" {
+	if er.Policy.GetNamespace() != "" {
-		PolicyNameNamespaceKey = er.PolicyResponse.Policy.Namespace + "/" + er.PolicyResponse.Policy.Name
+		PolicyNameNamespaceKey = er.Policy.GetNamespace() + "/" + er.Policy.GetName()
 	} else {
-		PolicyNameNamespaceKey = er.PolicyResponse.Policy.Name
+		PolicyNameNamespaceKey = er.Policy.GetName()
 	}
 	ur := kyvernov1beta1.UpdateRequestSpec{
--- a/pkg/webhooks/resource/utils.go
+++ b/pkg/webhooks/resource/utils.go
@ -71,10 +71,10 @@ func applyUpdateRequest(
 func transform(admissionRequestInfo kyvernov1beta1.AdmissionRequestInfoObject, userRequestInfo kyvernov1beta1.RequestInfo, er *engineapi.EngineResponse, ruleType kyvernov1beta1.RequestType) kyvernov1beta1.UpdateRequestSpec {
 	var PolicyNameNamespaceKey string
-	if er.PolicyResponse.Policy.Namespace != "" {
+	if er.Policy.GetNamespace() != "" {
-		PolicyNameNamespaceKey = er.PolicyResponse.Policy.Namespace + "/" + er.PolicyResponse.Policy.Name
+		PolicyNameNamespaceKey = er.Policy.GetNamespace() + "/" + er.Policy.GetName()
 	} else {
-		PolicyNameNamespaceKey = er.PolicyResponse.Policy.Name
+		PolicyNameNamespaceKey = er.Policy.GetName()
 	}
 	ur := kyvernov1beta1.UpdateRequestSpec{
--- a/pkg/webhooks/utils/block.go
+++ b/pkg/webhooks/utils/block.go
@ -26,7 +26,7 @@ func getAction(hasViolations bool, i int) string {
 func BlockRequest(engineResponses []*engineapi.EngineResponse, failurePolicy kyvernov1.FailurePolicyType, log logr.Logger) bool {
 	for _, er := range engineResponses {
 		if engineutils.BlockRequest(er, failurePolicy) {
-			log.V(2).Info("blocking admission request", "policy", er.PolicyResponse.Policy.Name)
+			log.V(2).Info("blocking admission request", "policy", er.Policy.GetName())
 			return true
 		}
 	}
@ -52,7 +52,7 @@ func GetBlockedMessages(engineResponses []*engineapi.EngineResponse) string {
 			}
 		}
 		if len(ruleToReason) != 0 {
-			failures[er.PolicyResponse.Policy.Name] = ruleToReason
+			failures[er.Policy.GetName()] = ruleToReason
 		}
 	}
 	if len(failures) == 0 {
--- a/pkg/webhooks/utils/block_test.go
+++ b/pkg/webhooks/utils/block_test.go
@ -7,6 +7,7 @@ import (
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	engineapi "github.com/kyverno/kyverno/pkg/engine/api"
 	"github.com/stretchr/testify/assert"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 func Test_getAction(t *testing.T) {
@ -58,6 +59,11 @@ func TestBlockRequest(t *testing.T) {
 		args: args{
 			engineResponses: []*engineapi.EngineResponse{
 				{
 					Policy: &kyvernov1.ClusterPolicy{
 						ObjectMeta: v1.ObjectMeta{
 							Name: "test",
 						},
 					},
 					PolicyResponse: engineapi.PolicyResponse{
 						ValidationFailureAction: "Enforce",
 						Rules: []engineapi.RuleResponse{
@ -79,6 +85,11 @@ func TestBlockRequest(t *testing.T) {
 		args: args{
 			engineResponses: []*engineapi.EngineResponse{
 				{
 					Policy: &kyvernov1.ClusterPolicy{
 						ObjectMeta: v1.ObjectMeta{
 							Name: "test",
 						},
 					},
 					PolicyResponse: engineapi.PolicyResponse{
 						ValidationFailureAction: "Audit",
 						Rules: []engineapi.RuleResponse{
@ -100,6 +111,11 @@ func TestBlockRequest(t *testing.T) {
 		args: args{
 			engineResponses: []*engineapi.EngineResponse{
 				{
 					Policy: &kyvernov1.ClusterPolicy{
 						ObjectMeta: v1.ObjectMeta{
 							Name: "test",
 						},
 					},
 					PolicyResponse: engineapi.PolicyResponse{
 						ValidationFailureAction: "Audit",
 						Rules: []engineapi.RuleResponse{
@ -121,6 +137,11 @@ func TestBlockRequest(t *testing.T) {
 		args: args{
 			engineResponses: []*engineapi.EngineResponse{
 				{
 					Policy: &kyvernov1.ClusterPolicy{
 						ObjectMeta: v1.ObjectMeta{
 							Name: "test",
 						},
 					},
 					PolicyResponse: engineapi.PolicyResponse{
 						ValidationFailureAction: "Audit",
 						Rules: []engineapi.RuleResponse{
@ -142,6 +163,11 @@ func TestBlockRequest(t *testing.T) {
 		args: args{
 			engineResponses: []*engineapi.EngineResponse{
 				{
 					Policy: &kyvernov1.ClusterPolicy{
 						ObjectMeta: v1.ObjectMeta{
 							Name: "test",
 						},
 					},
 					PolicyResponse: engineapi.PolicyResponse{
 						ValidationFailureAction: "Audit",
 						Rules: []engineapi.RuleResponse{
@ -163,6 +189,11 @@ func TestBlockRequest(t *testing.T) {
 		args: args{
 			engineResponses: []*engineapi.EngineResponse{
 				{
 					Policy: &kyvernov1.ClusterPolicy{
 						ObjectMeta: v1.ObjectMeta{
 							Name: "test",
 						},
 					},
 					PolicyResponse: engineapi.PolicyResponse{
 						ValidationFailureAction: "Audit",
 						Rules: []engineapi.RuleResponse{
@ -201,10 +232,12 @@ func TestGetBlockedMessages(t *testing.T) {
 		args: args{
 			engineResponses: []*engineapi.EngineResponse{
 				{
-					PolicyResponse: engineapi.PolicyResponse{
+					Policy: &kyvernov1.ClusterPolicy{
-						Policy: engineapi.PolicySpec{
+						ObjectMeta: v1.ObjectMeta{
 							Name: "test",
 						},
 					},
 					PolicyResponse: engineapi.PolicyResponse{
 						ValidationFailureAction: "Enforce",
 						Rules: []engineapi.RuleResponse{
 							{
@ -228,10 +261,12 @@ func TestGetBlockedMessages(t *testing.T) {
 		args: args{
 			engineResponses: []*engineapi.EngineResponse{
 				{
-					PolicyResponse: engineapi.PolicyResponse{
+					Policy: &kyvernov1.ClusterPolicy{
-						Policy: engineapi.PolicySpec{
+						ObjectMeta: v1.ObjectMeta{
 							Name: "test",
 						},
 					},
 					PolicyResponse: engineapi.PolicyResponse{
 						ValidationFailureAction: "Enforce",
 						Rules: []engineapi.RuleResponse{
 							{
@ -255,10 +290,12 @@ func TestGetBlockedMessages(t *testing.T) {
 		args: args{
 			engineResponses: []*engineapi.EngineResponse{
 				{
-					PolicyResponse: engineapi.PolicyResponse{
+					Policy: &kyvernov1.ClusterPolicy{
-						Policy: engineapi.PolicySpec{
+						ObjectMeta: v1.ObjectMeta{
 							Name: "test",
 						},
 					},
 					PolicyResponse: engineapi.PolicyResponse{
 						ValidationFailureAction: "Enforce",
 						Rules: []engineapi.RuleResponse{
 							{
--- a/pkg/webhooks/utils/error.go
+++ b/pkg/webhooks/utils/error.go
@ -14,7 +14,7 @@ func GetErrorMsg(engineReponses []*engineapi.EngineResponse) string {
 		if !er.IsSuccessful() {
 			// resource in engineReponses is identical as this was called per admission request
 			resourceInfo = fmt.Sprintf("%s/%s/%s", er.PolicyResponse.Resource.Kind, er.PolicyResponse.Resource.Namespace, er.PolicyResponse.Resource.Name)
-			str = append(str, fmt.Sprintf("failed policy %s:", er.PolicyResponse.Policy.Name))
+			str = append(str, fmt.Sprintf("failed policy %s:", er.Policy.GetName()))
 			for _, rule := range er.PolicyResponse.Rules {
 				if rule.Status != engineapi.RuleStatusPass {
 					str = append(str, rule.String())