remove kustomize patchesJSON6902

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

pkg/engine/mutate/mutation.go

@@ -113,7 +113,15 @@ func (h patchesJSON6902Handler) Handle() (resp response.RuleResponse, patchedRes
 	resp.Name = h.ruleName
 	resp.Type = utils.Mutation.String()
 
-	skip, err := preProcessJSONPatches(*h.mutation, h.patchedResource, h.logger)
+	patchesJSON6902, err := convertPatchesToJSON(h.mutation.PatchesJSON6902)
+	if err != nil {
+		resp.Success = false
+		h.logger.Error(err, "error in type conversion")
+		resp.Message = err.Error()
+		return resp, h.patchedResource
+	}
+
+	skip, err := preProcessJSONPatches(patchesJSON6902, h.patchedResource, h.logger)
 	if err != nil {
 		h.logger.Error(err, "failed to preProcessJSONPatches")
 	}
@@ -123,7 +131,7 @@ func (h patchesJSON6902Handler) Handle() (resp response.RuleResponse, patchedRes
 		return resp, h.patchedResource
 	}
 
-	return ProcessPatchJSON6902(h.ruleName, *h.mutation, h.patchedResource, h.logger)
+	return ProcessPatchJSON6902(h.ruleName, patchesJSON6902, h.patchedResource, h.logger)
 }
 
 func (h overlayHandler) Handle() (response.RuleResponse, unstructured.Unstructured) {
@@ -133,7 +141,7 @@ func (h overlayHandler) Handle() (response.RuleResponse, unstructured.Unstructur
 	// substitute the variables
 	var err error
 	if overlay, err = variables.SubstituteVars(h.logger, h.evalCtx, overlay); err != nil {
-		// variable subsitution failed
+		// variable substitution failed
 		ruleResponse.Success = false
 		ruleResponse.Message = err.Error()
 		return ruleResponse, h.patchedResource
@@ -165,7 +173,16 @@ func (h patchesHandler) Handle() (resp response.RuleResponse, patchedResource un
 	resp.Name = h.ruleName
 	resp.Type = utils.Mutation.String()
 
-	skip, err := preProcessJSONPatches(*h.mutation, h.patchedResource, h.logger)
+	// patches is already converted to patchesJSON6902
+	patchesJSON6902, err := convertPatchesToJSON(h.mutation.PatchesJSON6902)
+	if err != nil {
+		resp.Success = false
+		h.logger.Error(err, "error in type conversion")
+		resp.Message = err.Error()
+		return resp, h.patchedResource
+	}
+
+	skip, err := preProcessJSONPatches(patchesJSON6902, h.patchedResource, h.logger)
 	if err != nil {
 		h.logger.Error(err, "failed to preProcessJSONPatches")
 	}

pkg/engine/mutate/patchJson6902.go

@@ -1,25 +1,20 @@
 package mutate
 
 import (
-	"bytes"
 	"encoding/json"
 	"fmt"
-	"strings"
 	"time"
 
-	jsonpatch "github.com/evanphx/json-patch"
 	"github.com/go-logr/logr"
 	kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/engine/response"
 	"github.com/kyverno/kyverno/pkg/engine/utils"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-	patchjson6902 "sigs.k8s.io/kustomize/api/filters/patchjson6902"
-	filtersutil "sigs.k8s.io/kustomize/kyaml/filtersutil"
 	"sigs.k8s.io/yaml"
 )
 
 // ProcessPatchJSON6902 ...
-func ProcessPatchJSON6902(ruleName string, mutation kyverno.Mutation, resource unstructured.Unstructured, log logr.Logger) (resp response.RuleResponse, patchedResource unstructured.Unstructured) {
+func ProcessPatchJSON6902(ruleName string, patchesJSON6902 []byte, resource unstructured.Unstructured, log logr.Logger) (resp response.RuleResponse, patchedResource unstructured.Unstructured) {
 	logger := log.WithValues("rule", ruleName)
 	startTime := time.Now()
 	logger.V(4).Info("started JSON6902 patch", "startTime", startTime)
@@ -38,7 +33,8 @@ func ProcessPatchJSON6902(ruleName string, mutation kyverno.Mutation, resource u
 		return resp, resource
 	}
 
-	patchedResourceRaw, err := patchJSON6902(string(resourceRaw), mutation.PatchesJSON6902)
+	patchedResourceRaw, err := utils.ApplyPatchNew(resourceRaw, patchesJSON6902)
+	// patchedResourceRaw, err := patchJSON6902(string(resourceRaw), mutation.PatchesJSON6902)
 	if err != nil {
 		resp.Success = false
 		logger.Error(err, "failed to process JSON6902 patches")
@@ -48,27 +44,14 @@ func ProcessPatchJSON6902(ruleName string, mutation kyverno.Mutation, resource u
 
 	err = patchedResource.UnmarshalJSON(patchedResourceRaw)
 	if err != nil {
-		logger.Error(err, "failed to unmmarshal resource")
+		logger.Error(err, "failed to unmarshal resource")
 		resp.Success = false
-		resp.Message = fmt.Sprintf("failed to unmmarshal resource: %v", err)
+		resp.Message = fmt.Sprintf("failed to unmarshal resource: %v", err)
 		return resp, resource
 	}
 
-	var op []byte
-	if mutation.PatchesJSON6902[0] != '[' {
-		// if it doesn't seem to be JSON, imagine
-		// it is YAML, and convert to JSON.
-		op, err = yaml.YAMLToJSON([]byte(mutation.PatchesJSON6902))
-		if err != nil {
-			resp.Success = false
-			resp.Message = fmt.Sprintf("failed to unmmarshal resource: %v", err)
-			return resp, resource
-		}
-		mutation.PatchesJSON6902 = string(op)
-	}
-
 	var decodedPatch []kyverno.Patch
-	err = json.Unmarshal(op, &decodedPatch)
+	err = json.Unmarshal(patchesJSON6902, &decodedPatch)
 	if err != nil {
 		resp.Success = false
 		resp.Message = err.Error()
@@ -94,32 +77,16 @@ func ProcessPatchJSON6902(ruleName string, mutation kyverno.Mutation, resource u
 	return resp, patchedResource
 }
 
-func patchJSON6902(base, patches string) ([]byte, error) {
-	f := patchjson6902.Filter{
-		Patch: patches,
-	}
-
-	baseObj := buffer{Buffer: bytes.NewBufferString(base)}
-	err := filtersutil.ApplyToJSON(f, baseObj)
-
-	return baseObj.Bytes(), err
-}
-
-func decodePatch(patch string) (jsonpatch.Patch, error) {
-	// If the patch doesn't look like a JSON6902 patch, we
-	// try to parse it to json.
-	if !strings.HasPrefix(patch, "[") {
-		p, err := yaml.YAMLToJSON([]byte(patch))
+func convertPatchesToJSON(patchesJSON6902 string) ([]byte, error) {
+	if patchesJSON6902[0] != '[' {
+		// If the patch doesn't look like a JSON6902 patch, we
+		// try to parse it to json.
+		op, err := yaml.YAMLToJSON([]byte(patchesJSON6902))
 		if err != nil {
-			return nil, err
+			return nil, fmt.Errorf("failed to convert patchesJSON6902 to JSON: %v", err)
 		}
-		patch = string(p)
-	}
-
-	decodedPatch, err := jsonpatch.DecodePatch([]byte(patch))
-	if err != nil {
-		return nil, err
+		return op, nil
 	}
 
-	return decodedPatch, nil
+	return []byte(patchesJSON6902), nil
 }

pkg/engine/mutate/patchesUtils.go

@@ -10,7 +10,6 @@ import (
 
 	evanjsonpatch "github.com/evanphx/json-patch"
 	"github.com/go-logr/logr"
-	kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
 	"github.com/mattbaird/jsonpatch"
 	"github.com/minio/minio/pkg/wildcard"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -156,16 +155,14 @@ func ignorePatch(path string) bool {
 // This duplicate error only occurs on type array, if it's adding to a map
 // the value will be added to the map if nil, otherwise it overwrites the old value
 // return skip == true to skip the json patch application
-func preProcessJSONPatches(mutation kyverno.Mutation, resource unstructured.Unstructured,
+func preProcessJSONPatches(patchesJSON6902 []byte, resource unstructured.Unstructured,
 	log logr.Logger) (skip bool, err error) {
 	var patches evanjsonpatch.Patch
 	log = log.WithName("preProcessJSONPatches")
 
-	if len(mutation.PatchesJSON6902) > 0 {
-		patches, err = decodePatch(mutation.PatchesJSON6902)
-		if err != nil {
-			return false, fmt.Errorf("failed to process JSON patches: %v", err)
-		}
+	patches, err = evanjsonpatch.DecodePatch(patchesJSON6902)
+	if err != nil {
+		return false, fmt.Errorf("cannot decode patches as an RFC 6902 patch: %v", err)
 	}
 
 	for _, patch := range patches {