diff --git a/controllers/configurationpolicy_controller.go b/controllers/configurationpolicy_controller.go index 7ff6f940a..a1178e1bf 100644 --- a/controllers/configurationpolicy_controller.go +++ b/controllers/configurationpolicy_controller.go @@ -1588,11 +1588,13 @@ func (r *ConfigurationPolicyReconciler) handleSingleObj( // it is a musthave and it does not exist, so it must be created if strings.EqualFold(string(remediation), string(policyv1.Enforce)) { var uid string - statusUpdateNeeded, uid, err = r.enforceByCreatingOrDeleting(obj) + completed, reason, msg, uid, err := r.enforceByCreatingOrDeleting(obj) if err != nil { // violation created for handling error objLog.Error(err, "Could not handle missing musthave object") + + statusUpdateNeeded = addConditionToStatus(obj.policy, obj.index, completed, reason, msg) } else { // object is missing and will be created, so send noncompliant "does not exist" event first // (this check has already happened, but we send the event here to avoid the status flipping on an @@ -1608,6 +1610,8 @@ func (r *ConfigurationPolicyReconciler) handleSingleObj( // update parent policy status r.addForUpdate(obj.policy, true) + statusUpdateNeeded = addConditionToStatus(obj.policy, obj.index, completed, reason, msg) + created := true creationInfo = &policyv1.ObjectProperties{ CreatedByPolicy: &created, @@ -1623,10 +1627,12 @@ func (r *ConfigurationPolicyReconciler) handleSingleObj( if exists && !obj.shouldExist { // it is a mustnothave but it exist, so it must be deleted if strings.EqualFold(string(remediation), string(policyv1.Enforce)) { - statusUpdateNeeded, _, err = r.enforceByCreatingOrDeleting(obj) + completed, reason, msg, _, err := r.enforceByCreatingOrDeleting(obj) if err != nil { objLog.Error(err, "Could not handle existing mustnothave object") } + + statusUpdateNeeded = addConditionToStatus(obj.policy, obj.index, completed, reason, msg) } else { // inform compliant = false } @@ -1980,7 +1986,7 @@ func getNamesOfKind( // mustnothave object does exist. Eg, it does not handle the case where a targeted update would need // to be made to an object. func (r *ConfigurationPolicyReconciler) enforceByCreatingOrDeleting(obj singleObject) ( - result bool, uid string, erro error, + result bool, reason string, msg string, uid string, erro error, ) { log := log.WithValues( "object", obj.name, @@ -1998,8 +2004,6 @@ func (r *ConfigurationPolicyReconciler) enforceByCreatingOrDeleting(obj singleOb } var completed bool - var reason, msg string - var err error if obj.shouldExist { log.Info("Enforcing the policy by creating the object") @@ -2034,7 +2038,7 @@ func (r *ConfigurationPolicyReconciler) enforceByCreatingOrDeleting(obj singleOb } } - return addConditionToStatus(obj.policy, obj.index, completed, reason, msg), uid, err + return completed, reason, msg, uid, err } // checkMessageSimilarity decides whether to append a new condition to a configurationPolicy status