--resources (-r) 	→ pass the path for resource file/folder
--set (-s)		→ pass the value for variable present in the policy (currently supports, single policy applied on single resource)
--values-file (-f)	→ pass the variables file
--output (-o) 		→ pass the path of file/folder to print the mutated resource (in case of mutate policy)
--policy-report 	→ this generates the policy report 
--cluster (-c) 		→ to apply the policy on the resources present in cluster
--namespace (-n) 	→ pass this parameter to filter the resources in cluster
--stdin (-i)		→ pass this parameter to apply the mutated resource on the cluster

1. Get the variables from the terminal/file → common.GetVariable

2. Get the policies from the passed policy path → common.GetPoliciesFromPaths

3. Mutate the policies → common.MutatePolices → includes - ValidationFailureAction, Background, auto-gen annotation and rules

4. Get the resources from the passed resource path → common.GetResourceAccordingToResourcePath

5. Validate the policy → policy2.Validate

   1. If the policy is not valid add it in skip count and go for next policy

   2. If policy is valid

      • check for variables in the policy and relevant variable file passed

      • if not add the policy in skipped policies and go for next policy

6. Now we apply this policy to each resource

7. Add resource, namespace selector and other variables to the context

8. Call engine.Mutate and which gives mutated response

   1. If response is not successful, print the failed message

   2. Else print the mutated resource in the terminal or in the output format(file/folder) provided by the user

9. We use this mutated resource from mutated response, ctx, policy to build policy context.

10. We Call engine.Validate and get the validate response.

    1. If validate response is not successful then we print the failure message

    2. Else continue the process

11. If policy contains generate block then

    1. Build policy context and

    2. engine.Generate is called which gives generate response

    3. Based on generate response success we print passed/failed.

12. If user has passed policy-report flag, build a policy report and print it, else print the counts for pass, fail, etc…

policy2.Validate - This takes care about the following validation:

• Policy have valid variables

• Rules have unique name

• Validates the rule type(validate, mutate, generate)

• Conflicts between the match and exclude block

engine.Mutate - This creates a handler based on the type of mutate policy i.e, overly, Strategic Merge Patch and RFC 6902 JSONPatch. And accordingly process the resource and return the response accordingly.

engine.Validate - This checks for the pattern/deny in the policy and accordingly validates the resource.

engine.Generate - This will check for validity of the generate rule on the resource and returns the list of rules that are applicable on it.