Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🤖 Sync from open-cluster-management-io/governance-policy-framework-addon: #16 #13

Merged
merged 1 commit into from
Nov 17, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 6 additions & 14 deletions controllers/templatesync/template_sync.go
Original file line number Diff line number Diff line change
Expand Up @@ -264,17 +264,7 @@ func (r *PolicyReconciler) Reconcile(ctx context.Context, request reconcile.Requ
}
}

dependencyFailures, depMappingErr := r.processDependencies(ctx, dClient, rMapper, templateDeps, tLogger)

// skip template if there is a dependency mapping error
if depMappingErr != nil {
resultError = err
errMsg := fmt.Sprintf("Mapping not found, please check if you have CRD deployed: %s", err)

r.emitTemplateError(instance, tIndex, tName, errMsg)

continue
}
dependencyFailures := r.processDependencies(ctx, dClient, rMapper, templateDeps, tLogger)

// fetch resource
res := dClient.Resource(rsrc).Namespace(instance.GetNamespace())
Expand Down Expand Up @@ -492,7 +482,7 @@ func (r *PolicyReconciler) Reconcile(ctx context.Context, request reconcile.Requ
// processDependencies iterates through all dependencies of a template and returns an array of any that are not met
func (r *PolicyReconciler) processDependencies(ctx context.Context, dClient dynamic.Interface, rMapper meta.RESTMapper,
templateDeps map[depclient.ObjectIdentifier]string, tLogger logr.Logger,
) ([]depclient.ObjectIdentifier, error) {
) []depclient.ObjectIdentifier {
var dependencyFailures []depclient.ObjectIdentifier

for dep := range templateDeps {
Expand All @@ -515,7 +505,9 @@ func (r *PolicyReconciler) processDependencies(ctx context.Context, dClient dyna
"kind", depGvk.Kind,
)

return nil, err
dependencyFailures = append(dependencyFailures, dep)

continue
}

// set up namespace for replicated policy dependencies
Expand Down Expand Up @@ -546,7 +538,7 @@ func (r *PolicyReconciler) processDependencies(ctx context.Context, dClient dyna
}
}

return dependencyFailures, nil
return dependencyFailures
}

// generatePendingErr formats the list of failed dependencies into a readable error
Expand Down
21 changes: 21 additions & 0 deletions test/e2e/case12_ordering_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ import (
const (
case12PolicyName string = "case12-test-policy"
case12PolicyYaml string = "../resources/case12_ordering/case12-plc.yaml"
case12PolicyNameInvalid string = "case12-test-policy-invalid"
case12PolicyYamlInvalid string = "../resources/case12_ordering/case12-plc-invalid-dep.yaml"
case12ExtraDepsPolicyName string = "case12-test-policy-multi"
case12ExtraDepsPolicyYaml string = "../resources/case12_ordering/case12-plc-multiple-deps.yaml"
case12Plc2TemplatesName string = "case12-test-policy-2-templates"
Expand Down Expand Up @@ -207,13 +209,32 @@ var _ = Describe("Test dependency logic in template sync", Ordered, func() {
By("Checking if policy status is compliant")
Eventually(checkCompliance(case12PolicyName), defaultTimeoutSeconds, 1).Should(Equal("Compliant"))

By("Creating a policy with an invalid dep on hub cluster in ns:" + clusterNamespaceOnHub)
_, err = kubectlHub("apply", "-f", case12PolicyYamlInvalid, "-n", clusterNamespaceOnHub)
Expect(err).To(BeNil())
hubPlc = utils.GetWithTimeout(
clientHubDynamic,
gvrPolicy,
case12PolicyNameInvalid,
clusterNamespaceOnHub,
true,
defaultTimeoutSeconds)
Expect(hubPlc).NotTo(BeNil())

By("Checking if policy status is pending")
Eventually(checkCompliance(case12PolicyNameInvalid), defaultTimeoutSeconds, 1).Should(Equal("Pending"))

By("Deleting dependency on hub cluster in ns:" + clusterNamespaceOnHub)
_, err = kubectlHub("delete", "-f", case12DepYaml, "-n", clusterNamespaceOnHub)
Expect(err).To(BeNil())

By("Deleting the policy on hub cluster in ns:" + clusterNamespaceOnHub)
_, err = kubectlHub("delete", "-f", case12PolicyYaml, "-n", clusterNamespaceOnHub)
Expect(err).To(BeNil())

By("Deleting invalid policy in ns:" + clusterNamespaceOnHub)
_, err = kubectlHub("delete", "-f", case12PolicyYamlInvalid, "-n", clusterNamespaceOnHub)
Expect(err).To(BeNil())
})
It("Should remove template if dependency changes", func() {
By("Creating a dep on hub cluster in ns:" + clusterNamespaceOnHub)
Expand Down
36 changes: 36 additions & 0 deletions test/resources/case12_ordering/case12-plc-invalid-dep.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
name: case12-test-policy-invalid
labels:
policy.open-cluster-management.io/cluster-name: managed
policy.open-cluster-management.io/cluster-namespace: managed
policy.open-cluster-management.io/root-policy: case12-test-policy
spec:
remediationAction: inform
disabled: false
dependencies:
- apiVersion: invalid.api.group/v1
kind: Policy
name: namespace-foo-setup-policy
namespace: ""
compliance: Compliant
policy-templates:
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
name: case12-config-policy-invalid
spec:
remediationAction: inform
object-templates:
- complianceType: musthave
objectDefinition:
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod-e2e
namespace: default
spec:
containers:
- name: nginx