diff --git a/controllers/templatesync/template_sync.go b/controllers/templatesync/template_sync.go index e630de40..c3b0d258 100644 --- a/controllers/templatesync/template_sync.go +++ b/controllers/templatesync/template_sync.go @@ -1222,7 +1222,11 @@ func overrideRemediationAction(instance *policiesv1.Policy, tObjectUnstructured if spec, ok := tObjectUnstructured.Object["spec"]; ok { specObject, ok := spec.(map[string]interface{}) if ok { - specObject["remediationAction"] = string(instance.Spec.RemediationAction) + if strings.EqualFold(specObject["remediationAction"].(string), "informonly") { + specObject["remediationAction"] = strings.ToLower(string(policiesv1.Inform)) + } else { + specObject["remediationAction"] = string(instance.Spec.RemediationAction) + } } } } diff --git a/test/e2e/case20_informonly_test.go b/test/e2e/case20_informonly_test.go new file mode 100644 index 00000000..638b3571 --- /dev/null +++ b/test/e2e/case20_informonly_test.go @@ -0,0 +1,97 @@ +// Copyright (c) 2020 Red Hat, Inc. +// Copyright Contributors to the Open Cluster Management project + +package e2e + +import ( + "context" + "errors" + "os/exec" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "open-cluster-management.io/config-policy-controller/test/utils" +) + +var _ = FDescribe("Test 'InformOnly' ConfigurationPolicies", Ordered, func() { + const ( + case20PolicyName string = "case20-policy-informonly" + case20PolicyYaml string = "../resources/case20_policy_informonly/case20-parent-policy.yaml" + case20ConfigMapName string = "test-config" + case20ConfigMapYaml string = "../resources/case20_policy_informonly/case20-configmap.yaml" + case20ConfigPlcName string = "create-configmap" + ) + + BeforeEach(func() { + hubApplyPolicy(case20PolicyName, case20PolicyYaml) + }) + + AfterEach(func() { + By("Deleting a policy on the hub in ns:" + clusterNamespaceOnHub) + _, err := kubectlHub("delete", "-f", case20PolicyYaml, "-n", clusterNamespaceOnHub) + var e *exec.ExitError + if !errors.As(err, &e) { + Expect(err).ShouldNot(HaveOccurred()) + } + opt := metav1.ListOptions{} + utils.ListWithTimeout(clientManagedDynamic, gvrPolicy, opt, 0, true, defaultTimeoutSeconds) + }) + + AfterAll(func() { + _, err := kubectlManaged("delete", "configmap", case20ConfigMapName, "-n", + clusterNamespace, "--ignore-not-found") + var e *exec.ExitError + if !errors.As(err, &e) { + Expect(err).ShouldNot(HaveOccurred()) + } + }) + + Describe("Override remediationAction in spec", func() { + Context("When the CR does not exist", func() { + It("Should be noncompliant", func() { + Eventually(func() interface{} { + plc := utils.GetWithTimeout(clientManagedDynamic, gvrConfigurationPolicy, + case20ConfigPlcName, clusterNamespace, true, defaultTimeoutSeconds) + + return utils.GetComplianceState(plc) + }, defaultTimeoutSeconds, 1).Should(Equal("NonCompliant")) + }) + }) + + Context("When the CR exists", func() { + BeforeEach(func() { + _, err := kubectlManaged("apply", "-f", case20ConfigMapYaml, "-n", clusterNamespace) + var e *exec.ExitError + if !errors.As(err, &e) { + Expect(err).ShouldNot(HaveOccurred()) + } + }) + + It("Verifies creation of configmap resource", func() { + cfmap, _ := clientManaged.CoreV1().ConfigMaps(clusterNamespace).Get(context.TODO(), + case20ConfigMapName, metav1.GetOptions{}) + + Expect(cfmap).NotTo(BeNil()) + }) + + It("Should be compliant", func() { + Eventually(func() interface{} { + plc := utils.GetWithTimeout(clientManagedDynamic, gvrConfigurationPolicy, + case20ConfigPlcName, clusterNamespace, true, defaultTimeoutSeconds) + + return utils.GetComplianceState(plc) + }, defaultTimeoutSeconds, 1).Should(Equal("Compliant")) + }) + + It("Should have remediationAction=inform", func() { + Eventually(func() interface{} { + plc := utils.GetWithTimeout(clientManagedDynamic, gvrConfigurationPolicy, + case20ConfigPlcName, clusterNamespace, true, defaultTimeoutSeconds) + + return plc.Object["spec"].(map[string]interface{})["remediationAction"] + }, defaultTimeoutSeconds, 1).Should(Equal("inform")) + }) + }) + }) +}) diff --git a/test/resources/case20_policy_informonly/case20-configmap.yaml b/test/resources/case20_policy_informonly/case20-configmap.yaml new file mode 100644 index 00000000..1cfb65cc --- /dev/null +++ b/test/resources/case20_policy_informonly/case20-configmap.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: test-config + namespace: managed \ No newline at end of file diff --git a/test/resources/case20_policy_informonly/case20-parent-policy.yaml b/test/resources/case20_policy_informonly/case20-parent-policy.yaml new file mode 100644 index 00000000..b6c5aa18 --- /dev/null +++ b/test/resources/case20_policy_informonly/case20-parent-policy.yaml @@ -0,0 +1,27 @@ +apiVersion: policy.open-cluster-management.io/v1 +kind: Policy +metadata: + name: case20-policy-informonly + labels: + policy.open-cluster-management.io/cluster-name: managed + policy.open-cluster-management.io/cluster-namespace: managed + policy.open-cluster-management.io/root-policy: policy-informonly +spec: + remediationAction: enforce + disabled: false + policy-templates: + - objectDefinition: + apiVersion: policy.open-cluster-management.io/v1 + kind: ConfigurationPolicy + metadata: + name: create-configmap + spec: + remediationAction: InformOnly + object-templates: + - complianceType: musthave + objectDefinition: + apiVersion: v1 + kind: ConfigMap + metadata: + name: test-config + namespace: managed