Add support for recording the diff in the ConfigurationPolicy status #246
Conversation
mprahl
force-pushed
the
diff-in-status
branch
3 times, most recently
from
2c99486
to
376c11c
Compare
mprahl
changed the title
| apiVersion: "route.openshift.io/v1", | ||
| kind: "Route", | ||
| expected: RecordDiffSensored, | ||
| }, |
There was a problem hiding this comment.
| }, | |
| }, | |
| { | |
| testName: "Route-recordDiff-unset", | |
| apiVersion: "route.openshift.io/v1", | |
| kind: "Route", | |
| recordDiff: RecordDiffLog, | |
| expected: RecordDiffSensored, | |
| }, |
Add this test too?
There was a problem hiding this comment.
If the user explicitly sets recordDiff we want to honor that. RecordDiffSensored is just to detect when sensitive data is present and we don't want to store the diff in the status by default.
| } | ||
|
|
||
| // handleDiff will generate the diff and then log it or return it based on the input recordDiff value. If recordDiff | ||
| // is set to None or is set to InStatus with enforce, no diff is generated. When recordDiff is set to Sensored, a |
There was a problem hiding this comment.
inform + inStatus creates diff? why? why enfore+instatus doesn't create diff?
There was a problem hiding this comment.
If the policy is enforced, then the diff is no longer relevant after the update so it shouldn't get stored in the status.
There was a problem hiding this comment.
I was confused about this as well, can the comment explain that detail?
There was a problem hiding this comment.
I added a comment that should help clarify this.
deploy/crds/kustomize_operatorpolicy/policy.open-cluster-management.io_operatorpolicies.yaml
Show resolved
Hide resolved
|
The Jira mentions "the new options of |
A new recordDiff option of "InStatus" allows the diff to be stored in the object properties in the ConfigurationPolicy status. The new default recordDiff value is "InStatus" unless sensitive data may be in the diff. Then the user must explicitly set recordDiff. Relates: https://issues.redhat.com/browse/ACM-11421 Signed-off-by: mprahl <mprahl@users.noreply.github.com>
Signed-off-by: mprahl <mprahl@users.noreply.github.com>
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: JustinKuli, mprahl The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-merge-bot
bot
merged commit 883e801
into
open-cluster-management-io:main
A new recordDiff option of "InStatus" allows the diff to be stored in
the object properties in the ConfigurationPolicy status.
The new default recordDiff value is "InStatus" unless sensitive data may
be in the diff. Then the user must explicitly set recordDiff.
Relates:
https://issues.redhat.com/browse/ACM-11421