From 6f5b883f850f4c13ffcae44cb5a38a3a2ce6d855 Mon Sep 17 00:00:00 2001 From: Dale Haiducek <19750917+dhaiducek@users.noreply.github.com> Date: Tue, 5 Dec 2023 10:28:30 -0500 Subject: [PATCH] Require `objectDefinition` and `remediationAction` Without these fields, the policy is meaningless. When they're optional, a ConfigurationPolicy can be created without an `objectDefinition`. It'd be a better experience to make these required and surface the error sooner. ref: https://issues.redhat.com/browse/ACM-8898 Signed-off-by: Dale Haiducek <19750917+dhaiducek@users.noreply.github.com> --- api/v1/configurationpolicy_types.go | 6 +++--- ...cy.open-cluster-management.io_configurationpolicies.yaml | 3 +++ ...cy.open-cluster-management.io_configurationpolicies.yaml | 3 +++ 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/api/v1/configurationpolicy_types.go b/api/v1/configurationpolicy_types.go index ec41e287..93450aa0 100644 --- a/api/v1/configurationpolicy_types.go +++ b/api/v1/configurationpolicy_types.go @@ -152,8 +152,8 @@ func (e EvaluationInterval) GetNonCompliantInterval() (time.Duration, error) { // ConfigurationPolicySpec defines the desired state of ConfigurationPolicy type ConfigurationPolicySpec struct { - Severity Severity `json:"severity,omitempty"` // low, medium, high - RemediationAction RemediationAction `json:"remediationAction,omitempty"` // enforce, inform + Severity Severity `json:"severity,omitempty"` // low, medium, high + RemediationAction RemediationAction `json:"remediationAction"` // enforce, inform // 'namespaceSelector' defines the list of namespaces to include/exclude for objects defined in // spec.objectTemplates. All selector rules are ANDed. If 'include' is not provided but // 'matchLabels' and/or 'matchExpressions' are, 'include' will behave as if ['*'] were given. If @@ -186,7 +186,7 @@ type ObjectTemplate struct { // ObjectDefinition defines required fields for the object // +kubebuilder:pruning:PreserveUnknownFields - ObjectDefinition runtime.RawExtension `json:"objectDefinition,omitempty"` + ObjectDefinition runtime.RawExtension `json:"objectDefinition"` } // ConfigurationPolicyStatus defines the observed state of ConfigurationPolicy diff --git a/deploy/crds/kustomize_configurationpolicy/policy.open-cluster-management.io_configurationpolicies.yaml b/deploy/crds/kustomize_configurationpolicy/policy.open-cluster-management.io_configurationpolicies.yaml index d4009433..f4a23a79 100644 --- a/deploy/crds/kustomize_configurationpolicy/policy.open-cluster-management.io_configurationpolicies.yaml +++ b/deploy/crds/kustomize_configurationpolicy/policy.open-cluster-management.io_configurationpolicies.yaml @@ -163,6 +163,7 @@ spec: x-kubernetes-preserve-unknown-fields: true required: - complianceType + - objectDefinition type: object type: array object-templates-raw: @@ -202,6 +203,8 @@ spec: - critical - Critical type: string + required: + - remediationAction type: object status: description: ConfigurationPolicyStatus defines the observed state of ConfigurationPolicy diff --git a/deploy/crds/policy.open-cluster-management.io_configurationpolicies.yaml b/deploy/crds/policy.open-cluster-management.io_configurationpolicies.yaml index 06cd6a7e..0e323db3 100644 --- a/deploy/crds/policy.open-cluster-management.io_configurationpolicies.yaml +++ b/deploy/crds/policy.open-cluster-management.io_configurationpolicies.yaml @@ -170,6 +170,7 @@ spec: x-kubernetes-preserve-unknown-fields: true required: - complianceType + - objectDefinition type: object type: array object-templates-raw: @@ -209,6 +210,8 @@ spec: - critical - Critical type: string + required: + - remediationAction type: object status: description: ConfigurationPolicyStatus defines the observed state of ConfigurationPolicy