Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
  • Loading branch information
willkutler committed Mar 27, 2023
1 parent 1d08e54 commit 2935901
Showing 1 changed file with 10 additions and 5 deletions.
15 changes: 10 additions & 5 deletions controllers/configurationpolicy_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -1588,11 +1588,13 @@ func (r *ConfigurationPolicyReconciler) handleSingleObj(
// it is a musthave and it does not exist, so it must be created
if strings.EqualFold(string(remediation), string(policyv1.Enforce)) {
var uid string
statusUpdateNeeded, uid, err = r.enforceByCreatingOrDeleting(obj)
completed, reason, msg, uid, err := r.enforceByCreatingOrDeleting(obj)

if err != nil {
// violation created for handling error
objLog.Error(err, "Could not handle missing musthave object")

statusUpdateNeeded = addConditionToStatus(obj.policy, obj.index, completed, reason, msg)
} else {
// object is missing and will be created, so send noncompliant "does not exist" event first
// (this check has already happened, but we send the event here to avoid the status flipping on an
Expand All @@ -1608,6 +1610,8 @@ func (r *ConfigurationPolicyReconciler) handleSingleObj(
// update parent policy status
r.addForUpdate(obj.policy, true)

statusUpdateNeeded = addConditionToStatus(obj.policy, obj.index, completed, reason, msg)

created := true
creationInfo = &policyv1.ObjectProperties{
CreatedByPolicy: &created,
Expand All @@ -1623,10 +1627,12 @@ func (r *ConfigurationPolicyReconciler) handleSingleObj(
if exists && !obj.shouldExist {
// it is a mustnothave but it exist, so it must be deleted
if strings.EqualFold(string(remediation), string(policyv1.Enforce)) {
statusUpdateNeeded, _, err = r.enforceByCreatingOrDeleting(obj)
completed, reason, msg, _, err := r.enforceByCreatingOrDeleting(obj)
if err != nil {
objLog.Error(err, "Could not handle existing mustnothave object")
}

statusUpdateNeeded = addConditionToStatus(obj.policy, obj.index, completed, reason, msg)
} else { // inform
compliant = false
}
Expand Down Expand Up @@ -1980,7 +1986,7 @@ func getNamesOfKind(
// mustnothave object does exist. Eg, it does not handle the case where a targeted update would need
// to be made to an object.
func (r *ConfigurationPolicyReconciler) enforceByCreatingOrDeleting(obj singleObject) (
result bool, uid string, erro error,
result bool, reason string, msg string, uid string, erro error,
) {
log := log.WithValues(
"object", obj.name,
Expand All @@ -1998,7 +2004,6 @@ func (r *ConfigurationPolicyReconciler) enforceByCreatingOrDeleting(obj singleOb
}

var completed bool
var reason, msg string
var err error

if obj.shouldExist {
Expand Down Expand Up @@ -2034,7 +2039,7 @@ func (r *ConfigurationPolicyReconciler) enforceByCreatingOrDeleting(obj singleOb
}
}

return addConditionToStatus(obj.policy, obj.index, completed, reason, msg), uid, err
return completed, reason, msg, uid, err
}

// checkMessageSimilarity decides whether to append a new condition to a configurationPolicy status
Expand Down

0 comments on commit 2935901

Please sign in to comment.