Correct details list when templates are removed

JustinKuli · openshift-merge-bot[bot] · commit 58c5e5c314e0 · 2024-09-27T17:29:54.000Z
Refs: - https://issues.redhat.com/browse/ACM-14550 Signed-off-by: Justin Kulikauskas <jkulikau@redhat.com>
diff --git a/controllers/configurationpolicy_controller.go b/controllers/configurationpolicy_controller.go
@@ -1228,6 +1228,14 @@ func (r *ConfigurationPolicyReconciler) handleTemplatization(
 		plc.Spec.ObjectTemplates[i].ObjectDefinition.Raw = resolvedTemplate.ResolvedJSON
 	}
 
+	// Set the CompliancyDetails array length accordingly in case the number of
+	// object-templates was reduced (the status update will handle if it's longer).
+	// Note that this still works when using `object-templates-raw` because the
+	// ObjectTemplates are manually set above to match what was resolved
+	if len(plc.Spec.ObjectTemplates) < len(plc.Status.CompliancyDetails) {
+		plc.Status.CompliancyDetails = plc.Status.CompliancyDetails[:len(plc.Spec.ObjectTemplates)]
+	}
+
 	return parentStatusUpdateNeeded, nil
 }
 
diff --git a/test/e2e/case5_multi_test.go b/test/e2e/case5_multi_test.go
@@ -6,88 +6,110 @@ package e2e
 import (
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 
 	"open-cluster-management.io/config-policy-controller/test/utils"
 )
 
-const (
-	case5ConfigPolicyNameInform  string = "policy-pod-multi-mh"
-	case5ConfigPolicyNameEnforce string = "policy-pod-multi-create"
-	case5ConfigPolicyNameCombo   string = "policy-pod-multi-combo"
-	case5PodName1                string = "case5-nginx-pod-1"
-	case5PodName2                string = "case5-nginx-pod-2"
-	case5InformYaml              string = "../resources/case5_multi/case5_multi_mh.yaml"
-	case5EnforceYaml             string = "../resources/case5_multi/case5_multi_enforce.yaml"
-	case5ComboYaml               string = "../resources/case5_multi/case5_multi_combo.yaml"
-)
-
 var _ = Describe("Test multiple obj template handling", Ordered, func() {
+	const (
+		configPolicyNameInform  string = "policy-pod-multi-mh"
+		configPolicyNameEnforce string = "policy-pod-multi-create"
+		configPolicyNameCombo   string = "policy-pod-multi-combo"
+		podName1                string = "case5-nginx-pod-1"
+		podName2                string = "case5-nginx-pod-2"
+		informYaml              string = "../resources/case5_multi/case5_multi_mh.yaml"
+		enforceYaml             string = "../resources/case5_multi/case5_multi_enforce.yaml"
+		comboYaml               string = "../resources/case5_multi/case5_multi_combo.yaml"
+		singleYaml              string = "../resources/case5_multi/case5_single_mh.yaml"
+	)
+
 	Describe("Create a policy on managed cluster in ns:"+testNamespace, Ordered, func() {
 		It("should be created properly on the managed cluster", func() {
-			By("Creating " + case5ConfigPolicyNameInform + " and " + case5ConfigPolicyNameCombo + " on managed")
-			utils.Kubectl("apply", "-f", case5InformYaml, "-n", testNamespace)
+			By("Creating " + configPolicyNameInform + " and " + configPolicyNameCombo + " on managed")
+			utils.Kubectl("apply", "-f", informYaml, "-n", testNamespace)
 			plc := utils.GetWithTimeout(clientManagedDynamic, gvrConfigPolicy,
-				case5ConfigPolicyNameInform, testNamespace, true, defaultTimeoutSeconds)
+				configPolicyNameInform, testNamespace, true, defaultTimeoutSeconds)
 			Expect(plc).NotTo(BeNil())
 			Eventually(func(g Gomega) {
 				managedPlc := utils.GetWithTimeout(clientManagedDynamic, gvrConfigPolicy,
-					case5ConfigPolicyNameInform, testNamespace, true, defaultTimeoutSeconds)
+					configPolicyNameInform, testNamespace, true, defaultTimeoutSeconds)
 
 				utils.CheckComplianceStatus(g, managedPlc, "NonCompliant")
 			}, defaultTimeoutSeconds, 1).Should(Succeed())
-			utils.Kubectl("apply", "-f", case5ComboYaml, "-n", testNamespace)
+			utils.Kubectl("apply", "-f", comboYaml, "-n", testNamespace)
 			plc = utils.GetWithTimeout(clientManagedDynamic, gvrConfigPolicy,
-				case5ConfigPolicyNameCombo, testNamespace, true, defaultTimeoutSeconds)
+				configPolicyNameCombo, testNamespace, true, defaultTimeoutSeconds)
 			Expect(plc).NotTo(BeNil())
 			Eventually(func(g Gomega) {
 				managedPlc := utils.GetWithTimeout(clientManagedDynamic, gvrConfigPolicy,
-					case5ConfigPolicyNameCombo, testNamespace, true, defaultTimeoutSeconds)
+					configPolicyNameCombo, testNamespace, true, defaultTimeoutSeconds)
 
 				utils.CheckComplianceStatus(g, managedPlc, "NonCompliant")
 			}, defaultTimeoutSeconds, 1).Should(Succeed())
 		})
 		It("should create pods on managed cluster", func() {
-			By("creating " + case5ConfigPolicyNameEnforce + " on hub with spec.remediationAction = enforce")
-			utils.Kubectl("apply", "-f", case5EnforceYaml, "-n", testNamespace)
+			By("creating " + configPolicyNameEnforce + " on hub with spec.remediationAction = enforce")
+			utils.Kubectl("apply", "-f", enforceYaml, "-n", testNamespace)
 			plc := utils.GetWithTimeout(clientManagedDynamic, gvrConfigPolicy,
-				case5ConfigPolicyNameEnforce, testNamespace, true, defaultTimeoutSeconds)
+				configPolicyNameEnforce, testNamespace, true, defaultTimeoutSeconds)
 			Expect(plc).NotTo(BeNil())
 			Eventually(func(g Gomega) {
 				managedPlc := utils.GetWithTimeout(clientManagedDynamic, gvrConfigPolicy,
-					case5ConfigPolicyNameEnforce, testNamespace, true, defaultTimeoutSeconds)
+					configPolicyNameEnforce, testNamespace, true, defaultTimeoutSeconds)
 
 				utils.CheckComplianceStatus(g, managedPlc, "Compliant")
 			}, defaultTimeoutSeconds, 1).Should(Succeed())
 			Eventually(func(g Gomega) {
 				informPlc := utils.GetWithTimeout(clientManagedDynamic, gvrConfigPolicy,
-					case5ConfigPolicyNameInform, testNamespace, true, defaultTimeoutSeconds)
+					configPolicyNameInform, testNamespace, true, defaultTimeoutSeconds)
 
 				utils.CheckComplianceStatus(g, informPlc, "Compliant")
 			}, defaultTimeoutSeconds, 1).Should(Succeed())
 			Eventually(func(g Gomega) {
 				comboPlc := utils.GetWithTimeout(clientManagedDynamic, gvrConfigPolicy,
-					case5ConfigPolicyNameCombo, testNamespace, true, defaultTimeoutSeconds)
+					configPolicyNameCombo, testNamespace, true, defaultTimeoutSeconds)
 
 				utils.CheckComplianceStatus(g, comboPlc, "NonCompliant")
 			}, defaultTimeoutSeconds, 1).Should(Succeed())
 			pod1 := utils.GetWithTimeout(clientManagedDynamic, gvrPod,
-				case5PodName1, "default", true, defaultTimeoutSeconds)
+				podName1, "default", true, defaultTimeoutSeconds)
 			Expect(pod1).NotTo(BeNil())
 			pod2 := utils.GetWithTimeout(clientManagedDynamic, gvrPod,
-				case5PodName2, "default", true, defaultTimeoutSeconds)
+				podName2, "default", true, defaultTimeoutSeconds)
 			Expect(pod2).NotTo(BeNil())
 		})
+		It("should only have compliancy details on the current objects when templates are removed", func() {
+			By("confirming the current details on the policy")
+			Eventually(func(g Gomega) {
+				managedPlc := utils.GetWithTimeout(clientManagedDynamic, gvrConfigPolicy,
+					configPolicyNameInform, testNamespace, true, defaultTimeoutSeconds)
+				details, _, _ := unstructured.NestedSlice(managedPlc.Object, "status", "compliancyDetails")
+				g.Expect(details).To(HaveLen(2))
+			}, defaultTimeoutSeconds, 1).Should(Succeed())
+
+			By("removing the second template on the policy")
+			utils.Kubectl("apply", "-f", singleYaml, "-n", testNamespace)
+
+			By("checking the new details on the policy")
+			Eventually(func(g Gomega) {
+				managedPlc := utils.GetWithTimeout(clientManagedDynamic, gvrConfigPolicy,
+					configPolicyNameInform, testNamespace, true, defaultTimeoutSeconds)
+				details, _, _ := unstructured.NestedSlice(managedPlc.Object, "status", "compliancyDetails")
+				g.Expect(details).To(HaveLen(1))
+			}, defaultTimeoutSeconds, 1).Should(Succeed())
+		})
 		AfterAll(func() {
 			policies := []string{
-				case5ConfigPolicyNameInform,
-				case5ConfigPolicyNameEnforce,
-				case5ConfigPolicyNameCombo,
+				configPolicyNameInform,
+				configPolicyNameEnforce,
+				configPolicyNameCombo,
 			}
 
 			deleteConfigPolicies(policies)
 
 			By("Delete pods")
-			pods := []string{case5PodName1, case5PodName2}
+			pods := []string{podName1, podName2}
 			namespaces := []string{"default"}
 			deletePods(pods, namespaces)
 		})
diff --git a/test/resources/case5_multi/case5_single_mh.yaml b/test/resources/case5_multi/case5_single_mh.yaml
@@ -0,0 +1,23 @@
+apiVersion: policy.open-cluster-management.io/v1
+kind: ConfigurationPolicy
+metadata:
+  name: policy-pod-multi-mh
+  namespace: managed
+spec:
+  remediationAction: inform
+  namespaceSelector:
+    exclude: ["kube-*"]
+    include: ["default"]
+  object-templates:
+    - complianceType: musthave
+      objectDefinition:
+        apiVersion: v1
+        kind: Pod
+        metadata:
+          name: case5-nginx-pod-1
+        spec:
+          containers:
+            - image: nginx:1.7.9
+              name: nginx
+              ports:
+                - containerPort: 80

Original file line number	Diff line number	Diff line change
`@@ -1228,6 +1228,14 @@ func (r *ConfigurationPolicyReconciler) handleTemplatization(`
`1228`	`1228`	`plc.Spec.ObjectTemplates[i].ObjectDefinition.Raw = resolvedTemplate.ResolvedJSON`
`1229`	`1229`	`}`
`1230`	`1230`
	`1231`	`+ // Set the CompliancyDetails array length accordingly in case the number of`
	`1232`	`+ // object-templates was reduced (the status update will handle if it's longer).`
	`1233`	+ // Note that this still works when using `object-templates-raw` because the
	`1234`	`+ // ObjectTemplates are manually set above to match what was resolved`
	`1235`	`+ if len(plc.Spec.ObjectTemplates) < len(plc.Status.CompliancyDetails) {`
	`1236`	`+ plc.Status.CompliancyDetails = plc.Status.CompliancyDetails[:len(plc.Spec.ObjectTemplates)]`
	`1237`	`+ }`
	`1238`	`+`
`1231`	`1239`	`return parentStatusUpdateNeeded, nil`
`1232`	`1240`	`}`
`1233`	`1241`