Allow informonly configuration policies

Signed-off-by: Jason Zhang <jaszhang@redhat.com>
open-cluster-management-io · Jul 21, 2023 · 3ab459e · 3ab459e
1 parent a62e7f2
commit 3ab459e
Show file tree

Hide file tree

Showing 4 changed files with 134 additions and 1 deletion.
diff --git a/controllers/templatesync/template_sync.go b/controllers/templatesync/template_sync.go
@@ -1222,7 +1222,11 @@ func overrideRemediationAction(instance *policiesv1.Policy, tObjectUnstructured
  if spec, ok := tObjectUnstructured.Object["spec"]; ok {
  specObject, ok := spec.(map[string]interface{})
  if ok {
- specObject["remediationAction"] = string(instance.Spec.RemediationAction)
+ if strings.EqualFold(specObject["remediationAction"].(string), "informonly") {
+ specObject["remediationAction"] = strings.ToLower(string(policiesv1.Inform))
+ } else {
+ specObject["remediationAction"] = string(instance.Spec.RemediationAction)
+ }
  }
  }
  }

diff --git a/test/e2e/case20_informonly_test.go b/test/e2e/case20_informonly_test.go
@@ -0,0 +1,97 @@
+// Copyright (c) 2020 Red Hat, Inc.
+// Copyright Contributors to the Open Cluster Management project
+
+package e2e
+
+import (
+ "context"
+ "errors"
+ "os/exec"
+
+ . "github.com/onsi/ginkgo/v2"
+ . "github.com/onsi/gomega"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "open-cluster-management.io/config-policy-controller/test/utils"
+)
+
+var _ = FDescribe("Test 'InformOnly' ConfigurationPolicies", Ordered, func() {
+ const (
+ case20PolicyName string = "case20-policy-informonly"
+ case20PolicyYaml string = "../resources/case20_policy_informonly/case20-parent-policy.yaml"
+ case20ConfigMapName string = "test-config"
+ case20ConfigMapYaml string = "../resources/case20_policy_informonly/case20-configmap.yaml"
+ case20ConfigPlcName string = "create-configmap"
+ )
+
+ BeforeEach(func() {
+ hubApplyPolicy(case20PolicyName, case20PolicyYaml)
+ })
+
+ AfterEach(func() {
+ By("Deleting a policy on the hub in ns:" + clusterNamespaceOnHub)
+ _, err := kubectlHub("delete", "-f", case20PolicyYaml, "-n", clusterNamespaceOnHub)
+ var e *exec.ExitError
+ if !errors.As(err, &e) {
+ Expect(err).ShouldNot(HaveOccurred())
+ }
+ opt := metav1.ListOptions{}
+ utils.ListWithTimeout(clientManagedDynamic, gvrPolicy, opt, 0, true, defaultTimeoutSeconds)
+ })
+
+ AfterAll(func() {
+ _, err := kubectlManaged("delete", "configmap", case20ConfigMapName, "-n",
+ clusterNamespace, "--ignore-not-found")
+ var e *exec.ExitError
+ if !errors.As(err, &e) {
+ Expect(err).ShouldNot(HaveOccurred())
+ }
+ })
+
+ Describe("Override remediationAction in spec", func() {
+ Context("When the CR does not exist", func() {
+ It("Should be noncompliant", func() {
+ Eventually(func() interface{} {
+ plc := utils.GetWithTimeout(clientManagedDynamic, gvrConfigurationPolicy,
+ case20ConfigPlcName, clusterNamespace, true, defaultTimeoutSeconds)
+
+ return utils.GetComplianceState(plc)
+ }, defaultTimeoutSeconds, 1).Should(Equal("NonCompliant"))
+ })
+ })
+
+ Context("When the CR exists", func() {
+ BeforeEach(func() {
+ _, err := kubectlManaged("apply", "-f", case20ConfigMapYaml, "-n", clusterNamespace)
+ var e *exec.ExitError
+ if !errors.As(err, &e) {
+ Expect(err).ShouldNot(HaveOccurred())
+ }
+ })
+
+ It("Verifies creation of configmap resource", func() {
+ cfmap, _ := clientManaged.CoreV1().ConfigMaps(clusterNamespace).Get(context.TODO(),
+ case20ConfigMapName, metav1.GetOptions{})
+
+ Expect(cfmap).NotTo(BeNil())
+ })
+
+ It("Should be compliant", func() {
+ Eventually(func() interface{} {
+ plc := utils.GetWithTimeout(clientManagedDynamic, gvrConfigurationPolicy,
+ case20ConfigPlcName, clusterNamespace, true, defaultTimeoutSeconds)
+
+ return utils.GetComplianceState(plc)
+ }, defaultTimeoutSeconds, 1).Should(Equal("Compliant"))
+ })
+
+ It("Should have remediationAction=inform", func() {
+ Eventually(func() interface{} {
+ plc := utils.GetWithTimeout(clientManagedDynamic, gvrConfigurationPolicy,
+ case20ConfigPlcName, clusterNamespace, true, defaultTimeoutSeconds)
+
+ return plc.Object["spec"].(map[string]interface{})["remediationAction"]
+ }, defaultTimeoutSeconds, 1).Should(Equal("inform"))
+ })
+ })
+ })
+})
diff --git a/test/resources/case20_policy_informonly/case20-configmap.yaml b/test/resources/case20_policy_informonly/case20-configmap.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: test-config
+ namespace: managed
diff --git a/test/resources/case20_policy_informonly/case20-parent-policy.yaml b/test/resources/case20_policy_informonly/case20-parent-policy.yaml
@@ -0,0 +1,27 @@
+apiVersion: policy.open-cluster-management.io/v1
+kind: Policy
+metadata:
+ name: case20-policy-informonly
+ labels:
+ policy.open-cluster-management.io/cluster-name: managed
+ policy.open-cluster-management.io/cluster-namespace: managed
+ policy.open-cluster-management.io/root-policy: policy-informonly
+spec:
+ remediationAction: enforce
+ disabled: false
+ policy-templates:
+ - objectDefinition:
+ apiVersion: policy.open-cluster-management.io/v1
+ kind: ConfigurationPolicy
+ metadata:
+ name: create-configmap
+ spec:
+ remediationAction: InformOnly
+ object-templates:
+ - complianceType: musthave
+ objectDefinition:
+ apiVersion: v1
+ kind: ConfigMap
+ metadata:
+ name: test-config
+ namespace: managed