diff --git a/controllers/operatorpolicy_controller.go b/controllers/operatorpolicy_controller.go index d7a720d2..9ed5a7ed 100644 --- a/controllers/operatorpolicy_controller.go +++ b/controllers/operatorpolicy_controller.go @@ -369,7 +369,7 @@ func (r *OperatorPolicyReconciler) buildResources(ctx context.Context, policy *p return sub, opGroup, false, fmt.Errorf("error getting operator namespace: %w", err) } - if gotNamespace == nil { + if gotNamespace == nil && policy.Spec.ComplianceType.IsMustHave() { validationErrors = append(validationErrors, fmt.Errorf("the operator namespace ('%v') does not exist", opGroupNS)) } diff --git a/test/e2e/case38_install_operator_test.go b/test/e2e/case38_install_operator_test.go index a729a674..b8ea0dfe 100644 --- a/test/e2e/case38_install_operator_test.go +++ b/test/e2e/case38_install_operator_test.go @@ -2750,6 +2750,44 @@ var _ = Describe("Testing OperatorPolicy", Ordered, func() { ) }) }) + Describe("Test mustnothave message when the namespace does not exist", func() { + const ( + opPolYAML = "../resources/case38_operator_install/operator-policy-no-group.yaml" + opPolName = "oppol-no-group" + subName = "project-quay" + ) + + BeforeEach(func() { + utils.Kubectl("create", "ns", opPolTestNS) + DeferCleanup(func() { + utils.Kubectl("delete", "ns", opPolTestNS) + }) + + createObjWithParent(parentPolicyYAML, parentPolicyName, + opPolYAML, opPolTestNS, gvrPolicy, gvrOperatorPolicy) + }) + + It("should report compliant", func() { + // change the subscription namespace, and the complianceType to mustnothave + utils.Kubectl("patch", "operatorpolicy", opPolName, "-n", opPolTestNS, "--type=json", "-p", + `[{"op": "replace", "path": "/spec/subscription/namespace", "value": "imaginaryfriend"},`+ + `{"op": "replace", "path": "/spec/complianceType", "value": "mustnothave"}]`) + + check( + opPolName, + false, + []policyv1.RelatedObject{}, + metav1.Condition{ + Type: "ValidPolicySpec", + Status: metav1.ConditionTrue, + Reason: "PolicyValidated", + Message: "the policy spec is valid", + }, + "the policy spec is valid", + ) + checkCompliance(opPolName, opPolTestNS, eventuallyTimeout, policyv1.Compliant) + }) + }) Describe("Testing mustnothave behavior of operator groups in DeleteIfUnused mode", Ordered, func() { const ( opPolYAML = "../resources/case38_operator_install/operator-policy-mustnothave-any-version.yaml"