Change statusConfig to complianceConfig in CRD, change default values…

…, add compliance changes on relatedObjects

Signed-off-by: Jeffrey Luo <jeluo@redhat.com>

api/v1beta1/operatorpolicy_types.go

@@ -12,19 +12,20 @@ import (
 	policyv1 "open-cluster-management.io/config-policy-controller/api/v1"
 )
 
-// StatusConfigAction : StatusMessageOnly or NonCompliant
-// +kubebuilder:validation:Enum=StatusMessageOnly;NonCompliant
-type StatusConfigAction string
+// ComplianceConfigAction : Compliant or NonCompliant
+// +kubebuilder:validation:Enum=Compliant;NonCompliant
+type ComplianceConfigAction string
 
 // RemovalAction : Keep, Delete, or DeleteIfUnused
 type RemovalAction string
 
 const (
-	// StatusMessageOnly is a StatusConfigAction that only shows the status message
-	StatusMessageOnly StatusConfigAction = "StatusMessageOnly"
-	// NonCompliant is a StatusConfigAction that shows the status message and sets
+	// Compliant is a ComplianceConfigAction that only shows the status message and
+	// sets thje compliance to Compliant
+	Compliant ComplianceConfigAction = "Compliant"
+	// NonCompliant is a ComplianceConfigAction that shows the status message and sets
 	// the compliance to NonCompliant
-	NonCompliant StatusConfigAction = "NonCompliant"
+	NonCompliant ComplianceConfigAction = "NonCompliant"
 )
 
 const (
@@ -98,14 +99,14 @@ func (rb RemovalBehavior) ApplyDefaults() RemovalBehavior {
 	return withDefaults
 }
 
-// StatusConfig defines how resource statuses affect the OperatorPolicy status and compliance
-type StatusConfig struct {
+// ComplianceConfig defines how resource statuses affect the OperatorPolicy status and compliance
+type ComplianceConfig struct {
+	// +kubebuilder:default=Compliant
+	CatalogSourceUnhealthy ComplianceConfigAction `json:"catalogSourceUnhealthy,omitempty"`
 	// +kubebuilder:default=NonCompliant
-	CatalogSourceUnhealthy StatusConfigAction `json:"catalogSourceUnhealthy,omitempty"`
-	// +kubebuilder:default=NonCompliant
-	DeploymentsUnavailable StatusConfigAction `json:"deploymentsUnavailable,omitempty"`
-	// +kubebuilder:default=NonCompliant
-	UpgradesAvailable StatusConfigAction `json:"upgradesAvailable,omitempty"`
+	DeploymentsUnavailable ComplianceConfigAction `json:"deploymentsUnavailable,omitempty"`
+	// +kubebuilder:default=Compliant
+	UpgradesAvailable ComplianceConfigAction `json:"upgradesAvailable,omitempty"`
 }
 
 // OperatorPolicySpec defines the desired state of OperatorPolicy
@@ -147,10 +148,10 @@ type OperatorPolicySpec struct {
 	UpgradeApproval string `json:"upgradeApproval"`
 
 	// +kubebuilder:default={}
-	// StatusConfig defines how resource statuses affect the OperatorPolicy status and compliance.
-	// Options include StatusMessageOnly, which does not affect compliance but reports a Status,
-	// and NonCompliant, which will update the OperatorPolicy compliance as well.
-	StatusConfig StatusConfig `json:"statusConfig,omitempty"`
+	// ComplianceConfig defines how resource statuses affect the OperatorPolicy status and compliance.
+	// Options include Compliant, which will essentially ignore NonCompliance for certain cases,
+	// and NonCompliant, which will report NonCompliance for those cases.
+	ComplianceConfig ComplianceConfig `json:"complianceConfig,omitempty"`
 }
 
 // OperatorPolicyStatus defines the observed state of OperatorPolicy

controllers/operatorpolicy_controller.go

@@ -1356,7 +1356,9 @@ func (r *OperatorPolicyReconciler) musthaveInstallPlan(
 			}
 		}
 
-		relatedInstallPlans = append(relatedInstallPlans, existingInstallPlanObj(&ownedInstallPlans[i], phase))
+		complianceConfig := policy.Spec.ComplianceConfig.UpgradesAvailable
+		relatedInstallPlans = append(relatedInstallPlans,
+			existingInstallPlanObj(&ownedInstallPlans[i], phase, string(complianceConfig)))
 	}
 
 	if currentPlanFailed {
@@ -1396,8 +1398,6 @@ func (r *OperatorPolicyReconciler) musthaveInstallPlan(
 	// Only report this status when not approving an InstallPlan, because otherwise it could easily
 	// oscillate between this and another condition.
 	if policy.Spec.RemediationAction.IsInform() || (!initialInstall && !autoUpgrade) {
-		// FUTURE: check policy.spec.statusConfig.upgradesAvailable to determine `compliant`.
-		// For now this condition assumes it is set to 'NonCompliant'
 		return updateStatus(policy, installPlanUpgradeCond(allUpgradeVersions, nil), relatedInstallPlans...), nil
 	}
 
@@ -1680,7 +1680,8 @@ func (r *OperatorPolicyReconciler) handleDeployment(
 		if policy.Spec.ComplianceType.IsMustNotHave() {
 			relatedObjects = append(relatedObjects, foundNotApplicableObj(&dep))
 		} else {
-			relatedObjects = append(relatedObjects, existingDeploymentObj(&dep))
+			complianceConfig := policy.Spec.ComplianceConfig.DeploymentsUnavailable
+			relatedObjects = append(relatedObjects, existingDeploymentObj(&dep, string(complianceConfig)))
 		}
 	}
 
@@ -1888,8 +1889,9 @@ func (r *OperatorPolicyReconciler) musthaveCatalogSource(
 		isUnhealthy = (CatalogSrcState != CatalogSourceReady)
 	}
 
+	complianceConfig := policy.Spec.ComplianceConfig.CatalogSourceUnhealthy
 	changed := updateStatus(policy, catalogSourceFindCond(isUnhealthy, isMissing, catalogName),
-		catalogSourceObj(catalogName, catalogNS, isUnhealthy, isMissing))
+		catalogSourceObj(catalogName, catalogNS, isUnhealthy, isMissing, string(complianceConfig)))
 
 	return changed, nil
 }

controllers/operatorpolicy_status.go

@@ -210,7 +210,7 @@ func calculateComplianceCondition(policy *policyv1beta1.OperatorPolicy) metav1.C
 		}
 	}
 
-	modifyCompliance := policy.Spec.StatusConfig.UpgradesAvailable == "NonCompliant"
+	modifyCompliance := policy.Spec.ComplianceConfig.UpgradesAvailable == "NonCompliant"
 	idx, cond = policy.Status.GetCondition(installPlanConditionType)
 
 	if idx == -1 {
@@ -251,7 +251,7 @@ func calculateComplianceCondition(policy *policyv1beta1.OperatorPolicy) metav1.C
 		}
 	}
 
-	modifyCompliance = policy.Spec.StatusConfig.DeploymentsUnavailable == "NonCompliant"
+	modifyCompliance = policy.Spec.ComplianceConfig.DeploymentsUnavailable == "NonCompliant"
 	idx, cond = policy.Status.GetCondition(deploymentConditionType)
 
 	if idx == -1 {
@@ -268,7 +268,7 @@ func calculateComplianceCondition(policy *policyv1beta1.OperatorPolicy) metav1.C
 		}
 	}
 
-	modifyCompliance = policy.Spec.StatusConfig.CatalogSourceUnhealthy == "NonCompliant"
+	modifyCompliance = policy.Spec.ComplianceConfig.CatalogSourceUnhealthy == "NonCompliant"
 	idx, cond = policy.Status.GetCondition(catalogSrcConditionType)
 
 	if idx == -1 {
@@ -685,8 +685,6 @@ var installPlansNoApprovals = metav1.Condition{
 // installPlanUpgradeCond is a NonCompliant condition with Reason 'InstallPlanRequiresApproval'
 // and a message detailing which possible updates are available
 func installPlanUpgradeCond(versions []string, approvableIPs []unstructured.Unstructured) metav1.Condition {
-	// FUTURE: check policy.spec.statusConfig.upgradesAvailable to determine `compliant`.
-	// For now this condition assumes it is set to 'NonCompliant'
 	cond := metav1.Condition{
 		Type:   installPlanConditionType,
 		Status: metav1.ConditionFalse,
@@ -1059,7 +1057,7 @@ func noInstallPlansObj(namespace string) policyv1.RelatedObject {
 // existingInstallPlanObj returns a RelatedObject for the InstallPlan, with a reason
 // like 'The InstallPlan is ____' based on the phase. When the InstallPlan is in phase
 // 'Complete', the object will be Compliant, otherwise it will be NonCompliant.
-func existingInstallPlanObj(ip client.Object, phase string) policyv1.RelatedObject {
+func existingInstallPlanObj(ip client.Object, phase string, complianceConfig string) policyv1.RelatedObject {
 	relObj := policyv1.RelatedObject{
 		Object: policyv1.ObjectResourceFromObj(ip),
 		Properties: &policyv1.ObjectProperties{
@@ -1075,9 +1073,12 @@ func existingInstallPlanObj(ip client.Object, phase string) policyv1.RelatedObje
 
 	switch phase {
 	case string(operatorv1alpha1.InstallPlanPhaseRequiresApproval):
-		// FUTURE: check policy.spec.statusConfig.upgradesAvailable to determine `compliant`.
-		// For now, assume it is set to 'NonCompliant'
-		relObj.Compliant = string(policyv1.NonCompliant)
+		// Check policy.spec.statusConfig.upgradesAvailable to determine `compliant`.
+		if complianceConfig != string(policyv1.Compliant) {
+			relObj.Compliant = string(policyv1.NonCompliant)
+		} else {
+			relObj.Compliant = string(policyv1.Compliant)
+		}
 	case string(operatorv1alpha1.InstallPlanPhaseComplete):
 		relObj.Compliant = string(policyv1.Compliant)
 	default:
@@ -1170,13 +1171,15 @@ var noExistingCRDObj = policyv1.RelatedObject{
 
 // existingDeploymentObj returns a RelatedObject for a Deployment, which will
 // be Compliant if there are no unavailable replicas on the deployment.
-func existingDeploymentObj(dep *appsv1.Deployment) policyv1.RelatedObject {
+func existingDeploymentObj(dep *appsv1.Deployment, complianceConfig string) policyv1.RelatedObject {
 	compliance := policyv1.NonCompliant
 	reason := "Deployment Unavailable"
 
 	if dep.Status.UnavailableReplicas == 0 {
 		compliance = policyv1.Compliant
 		reason = "Deployment Available"
+	} else if complianceConfig == string(policyv1.Compliant) {
+		compliance = policyv1.Compliant
 	}
 
 	return policyv1.RelatedObject{
@@ -1204,12 +1207,21 @@ var noExistingDeploymentObj = policyv1.RelatedObject{
 
 // catalogSourceObj returns a conditionally compliant RelatedObject with reason based on the
 // `isUnhealthy` and `isMissing` parameters
-func catalogSourceObj(catalogName string, catalogNS string, isUnhealthy bool, isMissing bool) policyv1.RelatedObject {
+func catalogSourceObj(
+	catalogName string,
+	catalogNS string,
+	isUnhealthy bool,
+	isMissing bool,
+	complianceConfig string,
+) policyv1.RelatedObject {
 	compliance := string(policyv1.Compliant)
 	reason := reasonWantFoundExists
 
 	if isUnhealthy {
-		compliance = string(policyv1.NonCompliant)
+		if complianceConfig != string(policyv1.Compliant) {
+			compliance = string(policyv1.NonCompliant)
+		}
+
 		reason = reasonWantFoundExists + " but is unhealthy"
 	}