-
Notifications
You must be signed in to change notification settings - Fork 19
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add more validation to the OperatorPolicy
The `ValidPolicySpec` condition now reports when the subscription or operatorGroup in the policy have unknown fields. It also reports if the InstallPlanApproval value in the subscription is not correct. That condition also reports when the namespace for the subscription does not exist, and the controller now watches that namespace so that if it is created (or deleted), the policy will be reconciled and the status will be updated. Refs: - https://issues.redhat.com/browse/ACM-9993 Signed-off-by: Justin Kulikauskas <jkulikau@redhat.com>
- Loading branch information
1 parent
296b1b7
commit dbd3f19
Showing
3 changed files
with
239 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
31 changes: 31 additions & 0 deletions
31
test/resources/case38_operator_install/operator-policy-validity-test.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
apiVersion: policy.open-cluster-management.io/v1beta1 | ||
kind: OperatorPolicy | ||
metadata: | ||
name: oppol-validity-test | ||
annotations: | ||
policy.open-cluster-management.io/parent-policy-compliance-db-id: "124" | ||
policy.open-cluster-management.io/policy-compliance-db-id: "64" | ||
ownerReferences: | ||
- apiVersion: policy.open-cluster-management.io/v1 | ||
kind: Policy | ||
name: parent-policy | ||
uid: 12345678-90ab-cdef-1234-567890abcdef # must be replaced before creation | ||
spec: | ||
remediationAction: inform | ||
severity: medium | ||
complianceType: musthave | ||
operatorGroup: # optional | ||
foo: bar | ||
name: scoped-operator-group | ||
namespace: operator-policy-testns | ||
targetNamespaces: | ||
- operator-policy-testns | ||
subscription: | ||
actually: incorrect | ||
channel: stable-3.8 | ||
name: project-quay | ||
namespace: nonexist-testns | ||
installPlanApproval: Incorrect | ||
source: operatorhubio-catalog | ||
sourceNamespace: olm | ||
startingCSV: quay-operator.v3.8.1 |