Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The ConfigurationPolicy error message for a missing namespace #80

Merged
merged 1 commit into from
Nov 23, 2022
Merged

The ConfigurationPolicy error message for a missing namespace #80

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 12 additions & 4 deletions controllers/configurationpolicy_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1180,12 +1180,20 @@ func (r *ConfigurationPolicyReconciler) handleObjects(
dclient, rsrc := r.getResourceAndDynamicClient(mapping)

if objDetails.isNamespaced && namespace == "" {
log.Info("The object template is namespaced but no namespace is specified. Cannot process.")
objName := objDetails.name
kindWithoutNS := objDetails.kind
log.Info(
"The object template is namespaced but no namespace is specified. Cannot process.",
"name", objName,
"kind", kindWithoutNS,
)
// namespaced but none specified, generate violation
statusUpdateNeeded = addConditionToStatus(policy, index, false, "K8s missing namespace",
"namespaced object has no namespace specified "+
"from the policy namespaceSelector nor the object metadata",
msg := fmt.Sprintf("namespaced object %s of kind %s has no namespace specified "+
"from the policy namespaceSelector nor the object metadata",
objName, kindWithoutNS,
)
statusUpdateNeeded = addConditionToStatus(policy, index, false, "K8s missing namespace", msg)

if statusUpdateNeeded {
eventType := eventNormal
if index < len(policy.Status.CompliancyDetails) &&
Expand Down
18 changes: 11 additions & 7 deletions test/e2e/case19_ns_selector_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,13 @@ import (
)

const (
case19PolicyName string = "policy-configmap-selector-e2e"
case19PolicyYaml string = "../resources/case19_ns_selector/case19_cm_policy.yaml"
case19PrereqYaml string = "../resources/case19_ns_selector/case19_cm_manifest.yaml"
case19PatchPrefix string = "[{\"op\":\"replace\",\"path\":\"/spec/namespaceSelector\",\"value\":"
case19PatchSuffix string = "}]"
case19PolicyName string = "policy-configmap-selector-e2e"
case19PolicyYaml string = "../resources/case19_ns_selector/case19_cm_policy.yaml"
case19TemplatesName string = "configmap-selector-e2e"
case19TemplatesKind string = "ConfigMap"
case19PrereqYaml string = "../resources/case19_ns_selector/case19_cm_manifest.yaml"
case19PatchPrefix string = "[{\"op\":\"replace\",\"path\":\"/spec/namespaceSelector\",\"value\":"
case19PatchSuffix string = "}]"
)

// Test setup for namespace selection policy tests:
Expand All @@ -33,12 +35,14 @@ var _ = Describe("Test object namespace selection", Ordered, func() {
}{
"no namespaceSelector specified": {
"{}",
"namespaced object has no namespace specified" +
"namespaced object " + case19TemplatesName + " of kind " + case19TemplatesKind +
" has no namespace specified" +
" from the policy namespaceSelector nor the object metadata",
},
"a non-matching LabelSelector": {
"{\"matchLabels\":{\"name\":\"not-a-namespace\"}}",
"namespaced object has no namespace specified" +
"namespaced object " + case19TemplatesName + " of kind " + case19TemplatesKind +
" has no namespace specified" +
" from the policy namespaceSelector nor the object metadata",
},
"LabelSelector and exclude": {
Expand Down