-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mirror from OCM around 56 #80
Conversation
This should make it slightly more re-usable in other controllers. In particular this allows the `instance` to be `nil`, which might be the case if the template was not created. Signed-off-by: Justin Kulikauskas <jkulikau@redhat.com> (cherry picked from commit c6dadad)
This might be slightly more performant, and other things can use this clientset. Signed-off-by: Justin Kulikauskas <jkulikau@redhat.com> (cherry picked from commit c01cf0a)
Previously, the controller-runtime event recorder was used for these events. Other policy controllers have moved away from that, for various reasons. In this case, if a policy went from pending to noncompliant and back to pending, the "old" pending event would be re-used by the event recorder, and only the `lastTimestamp` would be updated. In this case, if a policy controller emitted a compliance event within the same second as the Pending event, the status-sync would see it as a tie, and use the hex-encoded nanoseconds in the event name. But the event name was not updated from the original instance when the policy was pending, so the events would be ordered incorrectly. Most error cases from this synchronous sending can be ignored because they are already error cases that would be requeued. Refs: - https://issues.redhat.com/browse/ACM-4699 Signed-off-by: Justin Kulikauskas <jkulikau@redhat.com> (cherry picked from commit f0e2c60)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SonarCloud found more than 10 potential problems in the proposed changes. Check the Files changed tab for more details.
That's a lot of "vulnerabilities". If the error assignments are set to an empty assignment, maybe that'll make gosec (and the linter happy)? Alternatively, does the function need to return an error? |
There are a small number of cases where the error is useful, so I'd rather not fully remove it. Slightly disappointing that the linter comments aren't read by |
Now it's failed three times with
|
Quantum test: when I'm debugging it (including locally), it passes. |
aa45283
to
387e1bc
Compare
This PR will probably be replaced by something new incorporating open-cluster-management-io#59 |
Signed-off-by: Justin Kulikauskas <jkulikau@redhat.com> (cherry picked from commit d6cb733)
The KinD tests action will now run the gosec-scan, and that target will fail if any vulnerabilities are found. The target was also configured to ignore the test code. Signed-off-by: Justin Kulikauskas <jkulikau@redhat.com> (cherry picked from commit 8c251da)
Information about the gatekeeper pods might help if those tests fail. Signed-off-by: Justin Kulikauskas <jkulikau@redhat.com> (cherry picked from commit 0034b03)
The test is meant to ensure that the gatekeeper-sync is not emitting the same event multiple times in a row. But the assertion was failing sometimes because of duplicate events from template-errors. Those will sometimes occur during normal (correct) operation of the template-sync. Signed-off-by: Justin Kulikauskas <jkulikau@redhat.com> (cherry picked from commit 906dcff)
387e1bc
to
8a87b21
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the update! Having make gosec-scan
in the workflow twice gives me pause, but it won't hurt and we can clean it up in a separate PR.
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dhaiducek, JustinKuli The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Kudos, SonarCloud Quality Gate passed! |
Closes #79