Merge pull request #718 from nirmata/revert_PR652_openapivalidation

remove open-api validation(manual revert)
2025-03-31 03:45:17 +00:00 · 2020-02-20 15:33:15 -08:00 · 2020-02-20 15:33:15 -08:00 · fd3c8521bf
commit fd3c8521bf
parent 35d8280c57 14609ae7d9
13 changed files with 0 additions and 1026 deletions
--- a/cmd/cli/kubectl-kyverno/main.go
+++ b/cmd/cli/kubectl-kyverno/main.go
@ -1,9 +0,0 @@
-package main
-
-import (
-	"github.com/nirmata/kyverno/pkg/kyverno"
-)
-
-func main() {
-	kyverno.CLI()
-}
--- a/cmd/kyverno/main.go
+++ b/cmd/kyverno/main.go
@ -5,10 +5,6 @@ import (
 	"flag"
 	"time"

-	"github.com/nirmata/kyverno/pkg/openapi"
-
-	"k8s.io/client-go/discovery"
-
 	"github.com/golang/glog"
 	"github.com/nirmata/kyverno/pkg/checker"
 	kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
@ -204,22 +200,6 @@ func main() {
 		glog.Fatalf("Failed registering Admission Webhooks: %v\n", err)
 	}

-	// OpenAPI document
-	// Getting openApi document from kubernetes and overriding default openapi document
-	restClient, err := discovery.NewDiscoveryClientForConfig(clientConfig)
-	if err != nil {
-		glog.Fatalf("Could not get rest client to get openApi doc: %v\n", err)
-	}
-
-	openApiDoc, err := restClient.RESTClient().Get().RequestURI("/openapi/v2").Do().Raw()
-	if err != nil {
-		glog.Fatalf("OpenApiDoc request failed: %v\n", err)
-	}
-
-	if err := openapi.UseCustomOpenApiDocument(openApiDoc); err != nil {
-		glog.Fatalf("Could not set custom OpenApi document: %v\n", err)
-	}
-
 	// WEBHOOOK
 	// - https server to provide endpoints called based on rules defined in Mutating & Validation webhook configuration
 	// - reports the results based on the response from the policy engine:
--- a/pkg/kyverno/apply/command.go
+++ b/pkg/kyverno/apply/command.go
@ -1,375 +0,0 @@
-package apply
-
-import (
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-
-	"github.com/nirmata/kyverno/pkg/kyverno/sanitizedError"
-
-	policy2 "github.com/nirmata/kyverno/pkg/policy"
-
-	"github.com/golang/glog"
-
-	"k8s.io/apimachinery/pkg/runtime/schema"
-
-	"k8s.io/client-go/discovery"
-
-	"k8s.io/apimachinery/pkg/util/yaml"
-
-	"github.com/nirmata/kyverno/pkg/engine"
-
-	engineutils "github.com/nirmata/kyverno/pkg/engine/utils"
-
-	"k8s.io/apimachinery/pkg/runtime"
-
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-
-	v1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
-	"github.com/spf13/cobra"
-	yamlv2 "gopkg.in/yaml.v2"
-	"k8s.io/cli-runtime/pkg/genericclioptions"
-	"k8s.io/client-go/kubernetes/scheme"
-)
-
-func Command() *cobra.Command {
-	var cmd *cobra.Command
-	var resourcePaths []string
-	var cluster bool
-
-	kubernetesConfig := genericclioptions.NewConfigFlags(true)
-
-	cmd = &cobra.Command{
-		Use:     "apply",
-		Short:   "Applies policies on resources",
-		Example: fmt.Sprintf("To apply on a resource:\nkyverno apply /path/to/policy.yaml /path/to/folderOfPolicies --resource=/path/to/resource1 --resource=/path/to/resource2\n\nTo apply on a cluster\nkyverno apply /path/to/policy.yaml /path/to/folderOfPolicies --cluster"),
-		RunE: func(cmd *cobra.Command, policyPaths []string) (err error) {
-			defer func() {
-				if err != nil {
-					if !sanitizedError.IsErrorSanitized(err) {
-						glog.V(4).Info(err)
-						err = fmt.Errorf("Internal error")
-					}
-				}
-			}()
-
-			if len(resourcePaths) == 0 && !cluster {
-				return sanitizedError.New(fmt.Sprintf("Specify path to resource file or cluster name"))
-			}
-
-			policies, err := getPolicies(policyPaths)
-			if err != nil {
-				if !sanitizedError.IsErrorSanitized(err) {
-					return sanitizedError.New("Could not parse policy paths")
-				} else {
-					return err
-				}
-			}
-
-			for _, policy := range policies {
-				err := policy2.Validate(*policy)
-				if err != nil {
-					return sanitizedError.New(fmt.Sprintf("Policy %v is not valid", policy.Name))
-				}
-			}
-
-			var dClient discovery.CachedDiscoveryInterface
-			if cluster {
-				dClient, err = kubernetesConfig.ToDiscoveryClient()
-				if err != nil {
-					return sanitizedError.New(fmt.Errorf("Issues with kubernetes Config").Error())
-				}
-			}
-
-			resources, err := getResources(policies, resourcePaths, dClient)
-			if err != nil {
-				return sanitizedError.New(fmt.Errorf("Issues fetching resources").Error())
-			}
-
-			for i, policy := range policies {
-				for j, resource := range resources {
-					if !(j == 0 && i == 0) {
-						fmt.Printf("\n\n=======================================================================\n")
-					}
-
-					err = applyPolicyOnResource(policy, resource)
-					if err != nil {
-						return sanitizedError.New(fmt.Errorf("Issues applying policy %v on resource %v", policy.Name, resource.GetName()).Error())
-					}
-				}
-			}
-
-			return nil
-		},
-	}
-
-	cmd.Flags().StringArrayVarP(&resourcePaths, "resource", "r", []string{}, "Path to resource files")
-	cmd.Flags().BoolVarP(&cluster, "cluster", "c", false, "Checks if policies should be applied to cluster in the current context")
-
-	return cmd
-}
-
-func getResources(policies []*v1.ClusterPolicy, resourcePaths []string, dClient discovery.CachedDiscoveryInterface) ([]*unstructured.Unstructured, error) {
-	var resources []*unstructured.Unstructured
-	var err error
-
-	if dClient != nil {
-		var resourceTypesMap = make(map[string]bool)
-		var resourceTypes []string
-		for _, policy := range policies {
-			for _, rule := range policy.Spec.Rules {
-				for _, kind := range rule.MatchResources.Kinds {
-					resourceTypesMap[kind] = true
-				}
-			}
-		}
-
-		for kind := range resourceTypesMap {
-			resourceTypes = append(resourceTypes, kind)
-		}
-
-		resources, err = getResourcesOfTypeFromCluster(resourceTypes, dClient)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	for _, resourcePath := range resourcePaths {
-		resource, err := getResource(resourcePath)
-		if err != nil {
-			return nil, err
-		}
-
-		resources = append(resources, resource)
-	}
-
-	return resources, nil
-}
-
-func getResourcesOfTypeFromCluster(resourceTypes []string, dClient discovery.CachedDiscoveryInterface) ([]*unstructured.Unstructured, error) {
-	var resources []*unstructured.Unstructured
-
-	for _, kind := range resourceTypes {
-		endpoint, err := getListEndpointForKind(kind)
-		if err != nil {
-			return nil, err
-		}
-
-		listObjectRaw, err := dClient.RESTClient().Get().RequestURI(endpoint).Do().Raw()
-		if err != nil {
-			return nil, err
-		}
-
-		listObject, err := engineutils.ConvertToUnstructured(listObjectRaw)
-		if err != nil {
-			return nil, err
-		}
-
-		resourceList, err := listObject.ToList()
-		if err != nil {
-			return nil, err
-		}
-
-		version := resourceList.GetAPIVersion()
-		for _, resource := range resourceList.Items {
-			resource.SetGroupVersionKind(schema.GroupVersionKind{
-				Group:   "",
-				Version: version,
-				Kind:    kind,
-			})
-			resources = append(resources, resource.DeepCopy())
-		}
-	}
-
-	return resources, nil
-}
-
-func getPoliciesInDir(path string) ([]*v1.ClusterPolicy, error) {
-	var policies []*v1.ClusterPolicy
-
-	files, err := ioutil.ReadDir(path)
-	if err != nil {
-		return nil, err
-	}
-
-	for _, file := range files {
-		if file.IsDir() {
-			policiesFromDir, err := getPoliciesInDir(filepath.Join(path, file.Name()))
-			if err != nil {
-				return nil, err
-			}
-
-			policies = append(policies, policiesFromDir...)
-		} else {
-			policy, err := getPolicy(filepath.Join(path, file.Name()))
-			if err != nil {
-				return nil, err
-			}
-
-			policies = append(policies, policy)
-		}
-	}
-
-	return policies, nil
-}
-
-func getPolicies(paths []string) ([]*v1.ClusterPolicy, error) {
-	var policies = make([]*v1.ClusterPolicy, 0, len(paths))
-	for _, path := range paths {
-		path = filepath.Clean(path)
-
-		fileDesc, err := os.Stat(path)
-		if err != nil {
-			return nil, err
-		}
-
-		if fileDesc.IsDir() {
-			policiesFromDir, err := getPoliciesInDir(path)
-			if err != nil {
-				return nil, err
-			}
-
-			policies = append(policies, policiesFromDir...)
-		} else {
-			policy, err := getPolicy(path)
-			if err != nil {
-				return nil, err
-			}
-
-			policies = append(policies, policy)
-		}
-	}
-
-	return policies, nil
-}
-
-func getPolicy(path string) (*v1.ClusterPolicy, error) {
-	policy := &v1.ClusterPolicy{}
-
-	file, err := ioutil.ReadFile(path)
-	if err != nil {
-		return nil, fmt.Errorf("failed to load file: %v", err)
-	}
-
-	policyBytes, err := yaml.ToJSON(file)
-	if err != nil {
-		return nil, err
-	}
-
-	if err := json.Unmarshal(policyBytes, policy); err != nil {
-		return nil, sanitizedError.New(fmt.Sprintf("failed to decode policy in %s", path))
-	}
-
-	if policy.TypeMeta.Kind != "ClusterPolicy" {
-		return nil, sanitizedError.New(fmt.Sprintf("resource %v is not a cluster policy", policy.Name))
-	}
-
-	return policy, nil
-}
-
-func getResource(path string) (*unstructured.Unstructured, error) {
-
-	resourceYaml, err := ioutil.ReadFile(path)
-	if err != nil {
-		return nil, err
-	}
-
-	decode := scheme.Codecs.UniversalDeserializer().Decode
-	resourceObject, metaData, err := decode(resourceYaml, nil, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	resourceUnstructured, err := runtime.DefaultUnstructuredConverter.ToUnstructured(&resourceObject)
-	if err != nil {
-		return nil, err
-	}
-
-	resourceJSON, err := json.Marshal(resourceUnstructured)
-	if err != nil {
-		return nil, err
-	}
-
-	resource, err := engineutils.ConvertToUnstructured(resourceJSON)
-	if err != nil {
-		return nil, err
-	}
-
-	resource.SetGroupVersionKind(*metaData)
-
-	if resource.GetNamespace() == "" {
-		resource.SetNamespace("default")
-	}
-
-	return resource, nil
-}
-
-func applyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unstructured) error {
-
-	fmt.Printf("\n\nApplying Policy %s on Resource %s/%s/%s", policy.Name, resource.GetNamespace(), resource.GetKind(), resource.GetName())
-
-	mutateResponse := engine.Mutate(engine.PolicyContext{Policy: *policy, NewResource: *resource})
-	if !mutateResponse.IsSuccesful() {
-		fmt.Printf("\n\nMutation:")
-		fmt.Printf("\nFailed to apply mutation")
-		for i, r := range mutateResponse.PolicyResponse.Rules {
-			fmt.Printf("\n%d. %s", i+1, r.Message)
-		}
-		fmt.Printf("\n\n")
-	} else {
-		if len(mutateResponse.PolicyResponse.Rules) > 0 {
-			fmt.Printf("\n\nMutation:")
-			fmt.Printf("\nMutation has been applied succesfully")
-			yamlEncodedResource, err := yamlv2.Marshal(mutateResponse.PatchedResource.Object)
-			if err != nil {
-				return err
-			}
-
-			fmt.Printf("\n\n" + string(yamlEncodedResource))
-			fmt.Printf("\n\n")
-		}
-	}
-
-	validateResponse := engine.Validate(engine.PolicyContext{Policy: *policy, NewResource: mutateResponse.PatchedResource})
-	if !validateResponse.IsSuccesful() {
-		fmt.Printf("\n\nValidation:")
-		fmt.Printf("\nResource is invalid")
-		for i, r := range validateResponse.PolicyResponse.Rules {
-			fmt.Printf("\n%d. %s", i+1, r.Message)
-		}
-		fmt.Printf("\n\n")
-	} else {
-		if len(validateResponse.PolicyResponse.Rules) > 0 {
-			fmt.Printf("\n\nValidation:")
-			fmt.Printf("\nResource is valid")
-			fmt.Printf("\n\n")
-		}
-	}
-
-	var policyHasGenerate bool
-	for _, rule := range policy.Spec.Rules {
-		if rule.HasGenerate() {
-			policyHasGenerate = true
-		}
-	}
-
-	if policyHasGenerate {
-		generateResponse := engine.Generate(engine.PolicyContext{Policy: *policy, NewResource: *resource})
-		if len(generateResponse.PolicyResponse.Rules) > 0 {
-			fmt.Printf("\n\nGenerate:")
-			fmt.Printf("\nResource is valid")
-			fmt.Printf("\n\n")
-		} else {
-			fmt.Printf("\n\nGenerate:")
-			fmt.Printf("\nResource is invalid")
-			for i, r := range generateResponse.PolicyResponse.Rules {
-				fmt.Printf("\n%d. %s", i+1, r.Message)
-			}
-			fmt.Printf("\n\n")
-		}
-	}
-
-	return nil
-}
--- a/pkg/kyverno/apply/helper.go
+++ b/pkg/kyverno/apply/helper.go
@ -1,37 +0,0 @@
-package apply
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/nirmata/kyverno/pkg/openapi"
-)
-
-func getListEndpointForKind(kind string) (string, error) {
-
-	definitionName := openapi.GetDefinitionNameFromKind(kind)
-	definitionNameWithoutPrefix := strings.Replace(definitionName, "io.k8s.", "", -1)
-
-	parts := strings.Split(definitionNameWithoutPrefix, ".")
-	definitionPrefix := strings.Join(parts[:len(parts)-1], ".")
-
-	defPrefixToApiPrefix := map[string]string{
-		"api.core.v1":                  "/api/v1",
-		"api.apps.v1":                  "/apis/apps/v1",
-		"api.batch.v1":                 "/apis/batch/v1",
-		"api.admissionregistration.v1": "/apis/admissionregistration.k8s.io/v1",
-		"kube-aggregator.pkg.apis.apiregistration.v1":       "/apis/apiregistration.k8s.io/v1",
-		"apiextensions-apiserver.pkg.apis.apiextensions.v1": "/apis/apiextensions.k8s.io/v1",
-		"api.autoscaling.v1":                                "/apis/autoscaling/v1/",
-		"api.storage.v1":                                    "/apis/storage.k8s.io/v1",
-		"api.coordination.v1":                               "/apis/coordination.k8s.io/v1",
-		"api.scheduling.v1":                                 "/apis/scheduling.k8s.io/v1",
-		"api.rbac.v1":                                       "/apis/rbac.authorization.k8s.io/v1",
-	}
-
-	if defPrefixToApiPrefix[definitionPrefix] == "" {
-		return "", fmt.Errorf("Unsupported resource type %v", kind)
-	}
-
-	return defPrefixToApiPrefix[definitionPrefix] + "/" + strings.ToLower(kind) + "s", nil
-}
--- a/pkg/kyverno/main.go
+++ b/pkg/kyverno/main.go
@ -1,50 +0,0 @@
-package kyverno
-
-import (
-	"flag"
-	"os"
-
-	"github.com/nirmata/kyverno/pkg/kyverno/validate"
-
-	"github.com/nirmata/kyverno/pkg/kyverno/apply"
-
-	"github.com/nirmata/kyverno/pkg/kyverno/version"
-
-	"github.com/spf13/cobra"
-)
-
-func CLI() {
-	cli := &cobra.Command{
-		Use:   "kyverno",
-		Short: "kyverno manages native policies of Kubernetes",
-	}
-
-	configureGlog(cli)
-
-	commands := []*cobra.Command{
-		version.Command(),
-		apply.Command(),
-		validate.Command(),
-	}
-
-	cli.AddCommand(commands...)
-
-	cli.SilenceUsage = true
-
-	if err := cli.Execute(); err != nil {
-		os.Exit(1)
-	}
-}
-
-func configureGlog(cli *cobra.Command) {
-	flag.Parse()
-	_ = flag.Set("logtostderr", "true")
-
-	cli.PersistentFlags().AddGoFlagSet(flag.CommandLine)
-	_ = cli.PersistentFlags().MarkHidden("alsologtostderr")
-	_ = cli.PersistentFlags().MarkHidden("logtostderr")
-	_ = cli.PersistentFlags().MarkHidden("log_dir")
-	_ = cli.PersistentFlags().MarkHidden("log_backtrace_at")
-	_ = cli.PersistentFlags().MarkHidden("stderrthreshold")
-	_ = cli.PersistentFlags().MarkHidden("vmodule")
-}
--- a/pkg/kyverno/sanitizedError/error.go
+++ b/pkg/kyverno/sanitizedError/error.go
@ -1,20 +0,0 @@
-package sanitizedError
-
-type customError struct {
-	message string
-}
-
-func (c customError) Error() string {
-	return c.message
-}
-
-func New(message string) error {
-	return customError{message: message}
-}
-
-func IsErrorSanitized(err error) bool {
-	if _, ok := err.(customError); !ok {
-		return false
-	}
-	return true
-}
--- a/pkg/kyverno/validate/command.go
+++ b/pkg/kyverno/validate/command.go
@ -1,142 +0,0 @@
-package validate
-
-import (
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-
-	"github.com/nirmata/kyverno/pkg/kyverno/sanitizedError"
-
-	"github.com/golang/glog"
-
-	policyvalidate "github.com/nirmata/kyverno/pkg/policy"
-
-	v1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
-	"github.com/spf13/cobra"
-	"k8s.io/apimachinery/pkg/util/yaml"
-)
-
-func Command() *cobra.Command {
-	cmd := &cobra.Command{
-		Use:     "validate",
-		Short:   "Validates kyverno policies",
-		Example: "kyverno validate /path/to/policy.yaml /path/to/folderOfPolicies",
-		RunE: func(cmd *cobra.Command, policyPaths []string) (err error) {
-			defer func() {
-				if err != nil {
-					if !sanitizedError.IsErrorSanitized(err) {
-						glog.V(4).Info(err)
-						err = fmt.Errorf("Internal error")
-					}
-				}
-			}()
-
-			policies, err := getPolicies(policyPaths)
-			if err != nil {
-				if !sanitizedError.IsErrorSanitized(err) {
-					return sanitizedError.New("Could not parse policy paths")
-				} else {
-					return err
-				}
-			}
-
-			for _, policy := range policies {
-				err = policyvalidate.Validate(*policy)
-				if err != nil {
-					fmt.Println("Policy " + policy.Name + " is invalid")
-				} else {
-					fmt.Println("Policy " + policy.Name + " is valid")
-				}
-			}
-
-			return nil
-		},
-	}
-
-	return cmd
-}
-
-func getPoliciesInDir(path string) ([]*v1.ClusterPolicy, error) {
-	var policies []*v1.ClusterPolicy
-
-	files, err := ioutil.ReadDir(path)
-	if err != nil {
-		return nil, err
-	}
-
-	for _, file := range files {
-		if file.IsDir() {
-			policiesFromDir, err := getPoliciesInDir(filepath.Join(path, file.Name()))
-			if err != nil {
-				return nil, err
-			}
-
-			policies = append(policies, policiesFromDir...)
-		} else {
-			policy, err := getPolicy(filepath.Join(path, file.Name()))
-			if err != nil {
-				return nil, err
-			}
-
-			policies = append(policies, policy)
-		}
-	}
-
-	return policies, nil
-}
-
-func getPolicies(paths []string) ([]*v1.ClusterPolicy, error) {
-	var policies = make([]*v1.ClusterPolicy, 0, len(paths))
-	for _, path := range paths {
-		path = filepath.Clean(path)
-
-		fileDesc, err := os.Stat(path)
-		if err != nil {
-			return nil, err
-		}
-
-		if fileDesc.IsDir() {
-			policiesFromDir, err := getPoliciesInDir(path)
-			if err != nil {
-				return nil, err
-			}
-
-			policies = append(policies, policiesFromDir...)
-		} else {
-			policy, err := getPolicy(path)
-			if err != nil {
-				return nil, err
-			}
-
-			policies = append(policies, policy)
-		}
-	}
-
-	return policies, nil
-}
-
-func getPolicy(path string) (*v1.ClusterPolicy, error) {
-	policy := &v1.ClusterPolicy{}
-
-	file, err := ioutil.ReadFile(path)
-	if err != nil {
-		return nil, fmt.Errorf("failed to load file: %v", err)
-	}
-
-	policyBytes, err := yaml.ToJSON(file)
-	if err != nil {
-		return nil, err
-	}
-
-	if err := json.Unmarshal(policyBytes, policy); err != nil {
-		return nil, sanitizedError.New(fmt.Sprintf("failed to decode policy in %s", path))
-	}
-
-	if policy.TypeMeta.Kind != "ClusterPolicy" {
-		return nil, sanitizedError.New(fmt.Sprintf("resource %v is not a cluster policy", policy.Name))
-	}
-
-	return policy, nil
-}
--- a/pkg/kyverno/version/command.go
+++ b/pkg/kyverno/version/command.go
@ -1,21 +0,0 @@
-package version
-
-import (
-	"fmt"
-
-	"github.com/nirmata/kyverno/pkg/version"
-	"github.com/spf13/cobra"
-)
-
-func Command() *cobra.Command {
-	return &cobra.Command{
-		Use:   "version",
-		Short: "Shows current version of kyverno",
-		RunE: func(cmd *cobra.Command, args []string) error {
-			fmt.Printf("Version: %s\n", version.BuildVersion)
-			fmt.Printf("Time: %s\n", version.BuildTime)
-			fmt.Printf("Git commit ID: %s\n", version.BuildHash)
-			return nil
-		},
-	}
-}
--- a/pkg/openapi/helper.go
+++ b/pkg/openapi/helper.go
@ -1,5 +0,0 @@
-package openapi
-
-func GetDefinitionNameFromKind(kind string) string {
-	return openApiGlobalState.kindToDefinitionName[kind]
-}
--- a/pkg/openapi/validation.go
+++ b/pkg/openapi/validation.go
@ -1,270 +0,0 @@
-package openapi
-
-import (
-	"fmt"
-	"strconv"
-	"strings"
-	"sync"
-
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-
-	"github.com/nirmata/kyverno/data"
-
-	"github.com/golang/glog"
-
-	"github.com/nirmata/kyverno/pkg/engine"
-	"github.com/nirmata/kyverno/pkg/engine/context"
-
-	v1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
-
-	openapi_v2 "github.com/googleapis/gnostic/OpenAPIv2"
-	"github.com/googleapis/gnostic/compiler"
-	"k8s.io/kube-openapi/pkg/util/proto"
-	"k8s.io/kube-openapi/pkg/util/proto/validation"
-
-	"gopkg.in/yaml.v2"
-)
-
-var openApiGlobalState struct {
-	document             *openapi_v2.Document
-	definitions          map[string]*openapi_v2.Schema
-	kindToDefinitionName map[string]string
-	models               proto.Models
-	isSet                bool
-}
-
-func init() {
-	err := setValidationGlobalState()
-	if err != nil {
-		panic(err)
-	}
-}
-
-func UseCustomOpenApiDocument(customDoc []byte) error {
-	var spec yaml.MapSlice
-	err := yaml.Unmarshal(customDoc, &spec)
-	if err != nil {
-		return err
-	}
-
-	openApiGlobalState.document, err = openapi_v2.NewDocument(spec, compiler.NewContext("$root", nil))
-	if err != nil {
-		return err
-	}
-
-	openApiGlobalState.definitions = make(map[string]*openapi_v2.Schema)
-	openApiGlobalState.kindToDefinitionName = make(map[string]string)
-	for _, definition := range openApiGlobalState.document.GetDefinitions().AdditionalProperties {
-		openApiGlobalState.definitions[definition.GetName()] = definition.GetValue()
-		path := strings.Split(definition.GetName(), ".")
-		openApiGlobalState.kindToDefinitionName[path[len(path)-1]] = definition.GetName()
-	}
-
-	openApiGlobalState.models, err = proto.NewOpenAPIData(openApiGlobalState.document)
-	if err != nil {
-		return err
-	}
-
-	openApiGlobalState.isSet = true
-
-	return nil
-}
-
-func ValidatePolicyMutation(policy v1.ClusterPolicy) error {
-	if !openApiGlobalState.isSet {
-		glog.V(4).Info("Cannot Validate policy: Validation global state not set")
-		return nil
-	}
-
-	var kindToRules = make(map[string][]v1.Rule)
-	for _, rule := range policy.Spec.Rules {
-		if rule.HasMutate() {
-			rule.MatchResources = v1.MatchResources{
-				UserInfo: v1.UserInfo{},
-				ResourceDescription: v1.ResourceDescription{
-					Kinds: rule.MatchResources.Kinds,
-				},
-			}
-			rule.ExcludeResources = v1.ExcludeResources{}
-			for _, kind := range rule.MatchResources.Kinds {
-				kindToRules[kind] = append(kindToRules[kind], rule)
-			}
-		}
-	}
-
-	for kind, rules := range kindToRules {
-		newPolicy := policy
-		newPolicy.Spec.Rules = rules
-
-		resource, _ := generateEmptyResource(openApiGlobalState.definitions[openApiGlobalState.kindToDefinitionName[kind]]).(map[string]interface{})
-		newResource := unstructured.Unstructured{Object: resource}
-		newResource.SetKind(kind)
-		policyContext := engine.PolicyContext{
-			Policy:      newPolicy,
-			NewResource: newResource,
-			Context:     context.NewContext(),
-		}
-		resp := engine.Mutate(policyContext)
-		if len(resp.GetSuccessRules()) != len(rules) {
-			var errMessages []string
-			for _, rule := range resp.PolicyResponse.Rules {
-				if !rule.Success {
-					errMessages = append(errMessages, fmt.Sprintf("Invalid rule : %v, %v", rule.Name, rule.Message))
-				}
-			}
-			return fmt.Errorf(strings.Join(errMessages, "\n"))
-		}
-		err := ValidateResource(resp.PatchedResource.UnstructuredContent(), kind)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func ValidateResource(patchedResource interface{}, kind string) error {
-	if !openApiGlobalState.isSet {
-		glog.V(4).Info("Cannot Validate resource: Validation global state not set")
-		return nil
-	}
-
-	kind = openApiGlobalState.kindToDefinitionName[kind]
-
-	schema := openApiGlobalState.models.LookupModel(kind)
-	if schema == nil {
-		return fmt.Errorf("pre-validation: couldn't find model %s", kind)
-	}
-
-	if errs := validation.ValidateModel(patchedResource, schema, kind); len(errs) > 0 {
-		var errorMessages []string
-		for i := range errs {
-			errorMessages = append(errorMessages, errs[i].Error())
-		}
-
-		return fmt.Errorf(strings.Join(errorMessages, "\n\n"))
-	}
-
-	return nil
-}
-
-func setValidationGlobalState() error {
-	if !openApiGlobalState.isSet {
-		var err error
-		openApiGlobalState.document, err = getSchemaDocument()
-		if err != nil {
-			return err
-		}
-
-		openApiGlobalState.definitions = make(map[string]*openapi_v2.Schema)
-		openApiGlobalState.kindToDefinitionName = make(map[string]string)
-		for _, definition := range openApiGlobalState.document.GetDefinitions().AdditionalProperties {
-			openApiGlobalState.definitions[definition.GetName()] = definition.GetValue()
-			path := strings.Split(definition.GetName(), ".")
-			openApiGlobalState.kindToDefinitionName[path[len(path)-1]] = definition.GetName()
-		}
-
-		for _, path := range openApiGlobalState.document.GetPaths().GetPath() {
-			path.GetName()
-		}
-
-		openApiGlobalState.models, err = proto.NewOpenAPIData(openApiGlobalState.document)
-		if err != nil {
-			return err
-		}
-
-		openApiGlobalState.isSet = true
-	}
-	return nil
-}
-
-func getSchemaDocument() (*openapi_v2.Document, error) {
-	var spec yaml.MapSlice
-	err := yaml.Unmarshal([]byte(data.SwaggerDoc), &spec)
-	if err != nil {
-		return nil, err
-	}
-
-	return openapi_v2.NewDocument(spec, compiler.NewContext("$root", nil))
-}
-
-func generateEmptyResource(kindSchema *openapi_v2.Schema) interface{} {
-
-	types := kindSchema.GetType().GetValue()
-
-	if kindSchema.GetXRef() != "" {
-		return generateEmptyResource(openApiGlobalState.definitions[strings.TrimPrefix(kindSchema.GetXRef(), "#/definitions/")])
-	}
-
-	if len(types) != 1 {
-		return nil
-	}
-
-	switch types[0] {
-	case "object":
-		var props = make(map[string]interface{})
-		properties := kindSchema.GetProperties().GetAdditionalProperties()
-		if len(properties) == 0 {
-			return props
-		}
-
-		var wg sync.WaitGroup
-		var mutex sync.Mutex
-		wg.Add(len(properties))
-		for _, property := range properties {
-			go func(property *openapi_v2.NamedSchema) {
-				prop := generateEmptyResource(property.GetValue())
-				mutex.Lock()
-				props[property.GetName()] = prop
-				mutex.Unlock()
-				wg.Done()
-			}(property)
-		}
-		wg.Wait()
-		return props
-	case "array":
-		var array []interface{}
-		for _, schema := range kindSchema.GetItems().GetSchema() {
-			array = append(array, generateEmptyResource(schema))
-		}
-		return array
-	case "string":
-		if kindSchema.GetDefault() != nil {
-			return string(kindSchema.GetDefault().Value.Value)
-		}
-		if kindSchema.GetExample() != nil {
-			return string(kindSchema.GetExample().GetValue().Value)
-		}
-		return ""
-	case "integer":
-		if kindSchema.GetDefault() != nil {
-			val, _ := strconv.Atoi(string(kindSchema.GetDefault().Value.Value))
-			return int64(val)
-		}
-		if kindSchema.GetExample() != nil {
-			val, _ := strconv.Atoi(string(kindSchema.GetExample().GetValue().Value))
-			return int64(val)
-		}
-		return int64(0)
-	case "number":
-		if kindSchema.GetDefault() != nil {
-			val, _ := strconv.Atoi(string(kindSchema.GetDefault().Value.Value))
-			return int64(val)
-		}
-		if kindSchema.GetExample() != nil {
-			val, _ := strconv.Atoi(string(kindSchema.GetExample().GetValue().Value))
-			return int64(val)
-		}
-		return int64(0)
-	case "boolean":
-		if kindSchema.GetDefault() != nil {
-			return string(kindSchema.GetDefault().Value.Value) == "true"
-		}
-		if kindSchema.GetExample() != nil {
-			return string(kindSchema.GetExample().GetValue().Value) == "true"
-		}
-		return false
-	}
-
-	return nil
-}
--- a/pkg/openapi/validation_test.go
+++ b/pkg/openapi/validation_test.go
@ -1,65 +0,0 @@
-package openapi
-
-import (
-	"encoding/json"
-	"testing"
-
-	v1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
-)
-
-func Test_ValidateMutationPolicy(t *testing.T) {
-	err := setValidationGlobalState()
-	if err != nil {
-		t.Fatalf("Could not set global state")
-	}
-
-	tcs := []struct {
-		description string
-		policy      []byte
-		errMessage  string
-	}{
-		{
-			description: "Policy with mutating imagePullPolicy Overlay",
-			policy:      []byte(`{"apiVersion":"kyverno.io/v1","kind":"ClusterPolicy","metadata":{"name":"set-image-pull-policy-2"},"spec":{"rules":[{"name":"set-image-pull-policy-2","match":{"resources":{"kinds":["Pod"]}},"mutate":{"overlay":{"spec":{"containers":[{"(image)":"*","imagePullPolicy":"Always"}]}}}}]}}`),
-		},
-		{
-			description: "Policy with mutating imagePullPolicy Overlay, field does not exist",
-			policy:      []byte(`{"apiVersion":"kyverno.io/v1","kind":"ClusterPolicy","metadata":{"name":"set-image-pull-policy-2"},"spec":{"rules":[{"name":"set-image-pull-policy-2","match":{"resources":{"kinds":["Pod"]}},"mutate":{"overlay":{"spec":{"containers":[{"(image)":"*","nonExistantField":"Always"}]}}}}]}}`),
-			errMessage:  `ValidationError(io.k8s.api.core.v1.Pod.spec.containers[0]): unknown field "nonExistantField" in io.k8s.api.core.v1.Container`,
-		},
-		{
-			description: "Policy with mutating imagePullPolicy Overlay, type of value is different (does not throw error since all numbers are also strings according to swagger)",
-			policy:      []byte(`{"apiVersion":"kyverno.io/v1","kind":"ClusterPolicy","metadata":{"name":"set-image-pull-policy-2"},"spec":{"rules":[{"name":"set-image-pull-policy-2","match":{"resources":{"kinds":["Pod"]}},"mutate":{"overlay":{"spec":{"containers":[{"(image)":"*","imagePullPolicy":80}]}}}}]}}`),
-		},
-		{
-			description: "Policy with patches",
-			policy:      []byte(`{"apiVersion":"kyverno.io/v1","kind":"ClusterPolicy","metadata":{"name":"policy-endpoints"},"spec":{"rules":[{"name":"pEP","match":{"resources":{"kinds":["Endpoints"],"selector":{"matchLabels":{"label":"test"}}}},"mutate":{"patches":[{"path":"/subsets/0/ports/0/port","op":"replace","value":9663},{"path":"/metadata/labels/isMutated","op":"add","value":"true"}]}}]}}`),
-		},
-		{
-			description: "Policy with patches, value converted from number to string",
-			policy:      []byte(`{"apiVersion":"kyverno.io/v1","kind":"ClusterPolicy","metadata":{"name":"policy-endpoints"},"spec":{"rules":[{"name":"pEP","match":{"resources":{"kinds":["Endpoints"],"selector":{"matchLabels":{"label":"test"}}}},"mutate":{"patches":[{"path":"/subsets/0/ports/0/port","op":"replace","value":"9663"},{"path":"/metadata/labels/isMutated","op":"add","value":"true"}]}}]}}`),
-			errMessage:  `ValidationError(io.k8s.api.core.v1.Endpoints.subsets[0].ports[0].port): invalid type for io.k8s.api.core.v1.EndpointPort.port: got "string", expected "integer"`,
-		},
-		{
-			description: "Policy where boolean is been converted to number",
-			policy:      []byte(`{"apiVersion":"kyverno.io/v1","kind":"ClusterPolicy","metadata":{"name":"mutate-pod-disable-automoutingapicred"},"spec":{"rules":[{"name":"pod-disable-automoutingapicred","match":{"resources":{"kinds":["Pod"]}},"mutate":{"overlay":{"spec":{"(serviceAccountName)":"*","automountServiceAccountToken":80}}}}]}}`),
-			errMessage:  `ValidationError(io.k8s.api.core.v1.Pod.spec.automountServiceAccountToken): invalid type for io.k8s.api.core.v1.PodSpec.automountServiceAccountToken: got "integer", expected "boolean"`,
-		},
-	}
-
-	for i, tc := range tcs {
-		policy := v1.ClusterPolicy{}
-		_ = json.Unmarshal(tc.policy, &policy)
-
-		var errMessage string
-		err := ValidatePolicyMutation(policy)
-		if err != nil {
-			errMessage = err.Error()
-		}
-
-		if errMessage != tc.errMessage {
-			t.Errorf("\nTestcase [%v] failed:\nExpected Error:  %v\nGot Error:  %v", i+1, tc.errMessage, errMessage)
-		}
-	}
-
-}
--- a/pkg/policy/validate.go
+++ b/pkg/policy/validate.go
@ -8,8 +8,6 @@ import (
 	"strconv"
 	"strings"

-	"github.com/nirmata/kyverno/pkg/openapi"
-
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
 	"github.com/nirmata/kyverno/pkg/engine/anchor"
 	rbacv1 "k8s.io/api/rbac/v1"
@ -73,10 +71,6 @@ func Validate(p kyverno.ClusterPolicy) error {
 		}
 	}

-	if err := openapi.ValidatePolicyMutation(p); err != nil {
-		return fmt.Errorf("Failed to validate policy: %v", err)
-	}
-
 	return nil
 }

--- a/pkg/webhooks/mutation.go
+++ b/pkg/webhooks/mutation.go
@ -9,7 +9,6 @@ import (
 	"github.com/nirmata/kyverno/pkg/engine/context"
 	"github.com/nirmata/kyverno/pkg/engine/response"
 	engineutils "github.com/nirmata/kyverno/pkg/engine/utils"
-	"github.com/nirmata/kyverno/pkg/openapi"
 	policyctr "github.com/nirmata/kyverno/pkg/policy"
 	"github.com/nirmata/kyverno/pkg/policyviolation"
 	"github.com/nirmata/kyverno/pkg/utils"
@ -102,11 +101,6 @@ func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest, resou
 			glog.V(4).Infof("Failed to apply policy %s on resource %s/%s\n", policy.Name, resource.GetNamespace(), resource.GetName())
 			continue
 		}
-		err := openapi.ValidateResource(engineResponse.PatchedResource.UnstructuredContent(), engineResponse.PatchedResource.GetKind())
-		if err != nil {
-			glog.V(4).Infoln(err)
-			continue
-		}
 		// gather patches
 		patches = append(patches, engineResponse.GetPatches()...)
 		glog.V(4).Infof("Mutation from policy %s has applied successfully to %s %s/%s", policy.Name, request.Kind.Kind, resource.GetNamespace(), resource.GetName())