From 772646bae13d20aa4b3f252ba06ab4aa33f13407 Mon Sep 17 00:00:00 2001 From: mprahl Date: Tue, 21 May 2024 14:48:48 -0400 Subject: [PATCH] Remove the censored diff message when the policy is enforced Signed-off-by: mprahl --- controllers/configurationpolicy_controller.go | 2 +- test/e2e/case39_diff_generation_test.go | 27 +++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/controllers/configurationpolicy_controller.go b/controllers/configurationpolicy_controller.go index fdcb8fce..ea0ed19c 100644 --- a/controllers/configurationpolicy_controller.go +++ b/controllers/configurationpolicy_controller.go @@ -2767,7 +2767,7 @@ func handleDiff( existingObject *unstructured.Unstructured, mergedObject *unstructured.Unstructured, ) string { - if !isInform && recordDiff == policyv1.RecordDiffInStatus { + if !isInform && (recordDiff == policyv1.RecordDiffInStatus || recordDiff == policyv1.RecordDiffCensored) { return "" } diff --git a/test/e2e/case39_diff_generation_test.go b/test/e2e/case39_diff_generation_test.go index ef702933..461bee8e 100644 --- a/test/e2e/case39_diff_generation_test.go +++ b/test/e2e/case39_diff_generation_test.go @@ -213,6 +213,33 @@ var _ = Describe("Diff generation with sensitive input", Ordered, func() { `# This diff may contain sensitive data. The "recordDiff" field must be set to "InStatus" ` + `to record a diff.`, )) + + By("Enforcing the policy removes the diff message") + utils.Kubectl( + "patch", "configurationpolicy", noDiffOnSecret, `--type=json`, + `-p=[{"op":"replace","path":"/spec/remediationAction","value":"enforce"}]`, "-n", testNamespace, + ) + + By("Verifying the diff in the status contains instructions to set recordDiff") + Eventually(func() interface{} { + managedPlc = utils.GetWithTimeout( + clientManagedDynamic, + gvrConfigPolicy, + noDiffOnSecret, + testNamespace, + true, + defaultTimeoutSeconds, + ) + + return utils.GetComplianceState(managedPlc) + }, defaultTimeoutSeconds, 1).Should(Equal("Compliant")) + + relatedObjects, _, err = unstructured.NestedSlice(managedPlc.Object, "status", "relatedObjects") + Expect(err).ToNot(HaveOccurred()) + Expect(relatedObjects).To(HaveLen(1)) + + diff, _, _ = unstructured.NestedString(relatedObjects[0].(map[string]interface{}), "properties", "diff") + Expect(diff).To(BeEmpty()) }) })