evaluate policy upon deletion

Signed-off-by: Will Kutler <wkutler@redhat.com>
open-cluster-management-io · Jul 21, 2022 · ea3e308 · ea3e308
1 parent 531029a
commit ea3e308
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 0 deletions.
diff --git a/controllers/configurationpolicy_controller.go b/controllers/configurationpolicy_controller.go
@@ -255,6 +255,12 @@ func (r *ConfigurationPolicyReconciler) refreshDiscoveryInfo() error {
 func shouldEvaluatePolicy(policy *policyv1.ConfigurationPolicy) bool {
  log := log.WithValues("policy", policy.GetName())
 
+ if policy.ObjectMeta.DeletionTimestamp != nil {
+ log.V(2).Info("The policy has been deleted and is waiting for object cleanup. Will evaluate it now.")
+
+ return true
+ }
+
  if policy.Status.LastEvaluatedGeneration != policy.Generation {
  log.V(2).Info("The policy has been updated. Will evaluate it now.")
 

diff --git a/controllers/configurationpolicy_controller_test.go b/controllers/configurationpolicy_controller_test.go
@@ -523,6 +523,7 @@ func TestShouldEvaluatePolicy(t *testing.T) {
  evaluationInterval policyv1.EvaluationInterval
  complianceState policyv1.ComplianceState
  expected bool
+ deletionTimestamp *metav1.Time
  }{
  {
  "Just evaluated and the generation is unchanged",
@@ -531,6 +532,7 @@ func TestShouldEvaluatePolicy(t *testing.T) {
  policyv1.EvaluationInterval{},
  policyv1.Compliant,
  false,
+ nil,
  },
  {
  "The generation has changed",
@@ -539,6 +541,7 @@ func TestShouldEvaluatePolicy(t *testing.T) {
  policyv1.EvaluationInterval{},
  policyv1.Compliant,
  true,
+ nil,
  },
  {
  "lastEvaluated not set",
@@ -547,6 +550,7 @@ func TestShouldEvaluatePolicy(t *testing.T) {
  policyv1.EvaluationInterval{},
  policyv1.Compliant,
  true,
+ nil,
  },
  {
  "Invalid lastEvaluated",
@@ -555,6 +559,7 @@ func TestShouldEvaluatePolicy(t *testing.T) {
  policyv1.EvaluationInterval{},
  policyv1.Compliant,
  true,
+ nil,
  },
  {
  "Unknown compliance state",
@@ -563,6 +568,7 @@ func TestShouldEvaluatePolicy(t *testing.T) {
  policyv1.EvaluationInterval{},
  policyv1.UnknownCompliancy,
  true,
+ nil,
  },
  {
  "Default evaluation interval with a past lastEvaluated when compliant",
@@ -571,6 +577,7 @@ func TestShouldEvaluatePolicy(t *testing.T) {
  policyv1.EvaluationInterval{},
  policyv1.Compliant,
  true,
+ nil,
  },
  {
  "Default evaluation interval with a past lastEvaluated when noncompliant",
@@ -579,6 +586,7 @@ func TestShouldEvaluatePolicy(t *testing.T) {
  policyv1.EvaluationInterval{},
  policyv1.NonCompliant,
  true,
+ nil,
  },
  {
  "Never evaluation interval with past lastEvaluated when compliant",
@@ -587,6 +595,7 @@ func TestShouldEvaluatePolicy(t *testing.T) {
  policyv1.EvaluationInterval{Compliant: "never"},
  policyv1.Compliant,
  false,
+ nil,
  },
  {
  "Never evaluation interval with past lastEvaluated when noncompliant",
@@ -595,6 +604,7 @@ func TestShouldEvaluatePolicy(t *testing.T) {
  policyv1.EvaluationInterval{NonCompliant: "never"},
  policyv1.NonCompliant,
  false,
+ nil,
  },
  {
  "Invalid evaluation interval when compliant",
@@ -603,6 +613,7 @@ func TestShouldEvaluatePolicy(t *testing.T) {
  policyv1.EvaluationInterval{Compliant: "Do or do not. There is no try."},
  policyv1.Compliant,
  true,
+ nil,
  },
  {
  "Invalid evaluation interval when noncompliant",
@@ -611,6 +622,7 @@ func TestShouldEvaluatePolicy(t *testing.T) {
  policyv1.EvaluationInterval{NonCompliant: "Do or do not. There is no try."},
  policyv1.NonCompliant,
  true,
+ nil,
  },
  {
  "Custom evaluation interval that hasn't past yet when compliant",
@@ -619,6 +631,7 @@ func TestShouldEvaluatePolicy(t *testing.T) {
  policyv1.EvaluationInterval{Compliant: "12h"},
  policyv1.Compliant,
  false,
+ nil,
  },
  {
  "Custom evaluation interval that hasn't past yet when noncompliant",
@@ -627,6 +640,16 @@ func TestShouldEvaluatePolicy(t *testing.T) {
  policyv1.EvaluationInterval{NonCompliant: "12h"},
  policyv1.NonCompliant,
  false,
+ nil,
+ },
+ {
+ "Deletion timestamp is non nil",
+ time.Now().UTC().Add(-13 * time.Hour).Format(time.RFC3339),
+ 2,
+ policyv1.EvaluationInterval{NonCompliant: "12h"},
+ policyv1.NonCompliant,
+ true,
+ &metav1.Time{Time: time.Now()},
  },
  }
 
@@ -643,6 +666,7 @@ func TestShouldEvaluatePolicy(t *testing.T) {
  policy.Status.LastEvaluatedGeneration = test.lastEvaluatedGeneration
  policy.Spec.EvaluationInterval = test.evaluationInterval
  policy.Status.ComplianceState = test.complianceState
+ policy.ObjectMeta.DeletionTimestamp = test.deletionTimestamp
 
  if actual := shouldEvaluatePolicy(policy); actual != test.expected {
  t.Fatalf("expected %v but got %v", test.expected, actual)