Fix template sync duplicate detection

gparvin · openshift-merge-robot · commit 2df23d812b1c · 2023-09-01T20:02:01.000+02:00
We don't want duplicate config policy templates, but the logic prevented me from having a Constraint and a ConstraintTemplate that had the same name. Of course a config policy couldn't have that same name either so adding gvk in the name check. Refs: - https://issues.redhat.com/browse/ACM-7265 Signed-off-by: Gus Parvin <gparvin@redhat.com>
diff --git a/controllers/templatesync/template_sync.go b/controllers/templatesync/template_sync.go
@@ -1551,6 +1551,9 @@ func hasDupName(pol *policiesv1.Policy) bool {
 		}
 
 		name := unstructured.GetName()
+		apiv := unstructured.GetAPIVersion()
+		kind := unstructured.GetKind()
+		name = fmt.Sprintf("%s/%s/%s", name, apiv, kind)
 
 		if _, has := foundNames[name]; has {
 			return true
diff --git a/controllers/templatesync/template_sync_test.go b/controllers/templatesync/template_sync_test.go
@@ -6,6 +6,7 @@ import (
 	"context"
 	"testing"
 
+	gktemplatesv1 "github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -91,3 +92,124 @@ func TestHandleSyncSuccessNoDoubleRemoveStatus(t *testing.T) {
 		t.Fatalf("handleSyncSuccess failed unexpectedly: %s", err)
 	}
 }
+
+func TestHasDuplicateNames(t *testing.T) {
+	policy := policiesv1.Policy{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       "Policy",
+			APIVersion: "policy.open-cluster-management.io/v1",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "test-policy",
+			Namespace: "managed",
+		},
+	}
+
+	configPolicy := configpoliciesv1.ConfigurationPolicy{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       "ConfigurationPolicy",
+			APIVersion: "policy.open-cluster-management.io/v1",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "test-configpolicy",
+			Namespace: "managed",
+		},
+	}
+
+	outBytes, err := runtime.Encode(unstructured.UnstructuredJSONScheme, &configPolicy)
+	if err != nil {
+		t.Fatalf("Could not serialize the config policy: %s", err)
+	}
+
+	raw := runtime.RawExtension{
+		Raw: outBytes,
+	}
+
+	x := policiesv1.PolicyTemplate{
+		ObjectDefinition: raw,
+	}
+
+	policy.Spec.PolicyTemplates = append(policy.Spec.PolicyTemplates, &x)
+
+	has := hasDupName(&policy)
+	if has {
+		t.Fatal("Duplicate names found in templates but not expected")
+	}
+
+	// add a gatekeeper constraint template with a duplicate name
+	gkt := gktemplatesv1.ConstraintTemplate{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       "ConstraintTemplate",
+			APIVersion: "templates.gatekeeper.sh/v1beta1",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "test-configpolicy",
+		},
+	}
+
+	outBytes, err = runtime.Encode(unstructured.UnstructuredJSONScheme, &gkt)
+	if err != nil {
+		t.Fatalf("Could not serialize the constraint template: %s", err)
+	}
+
+	y := policiesv1.PolicyTemplate{
+		ObjectDefinition: runtime.RawExtension{
+			Raw: outBytes,
+		},
+	}
+
+	policy.Spec.PolicyTemplates = append(policy.Spec.PolicyTemplates, &y)
+
+	has = hasDupName(&policy)
+	if has {
+		t.Fatal("Duplicate names found in templates but not expected")
+	}
+
+	// add a gatekeeper constraint with a duplicate name
+	gkc := gktemplatesv1.ConstraintTemplate{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       "ContainerEnvMaxMemory",
+			APIVersion: "constraints.gatekeeper.sh/v1beta1",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "test-configpolicy",
+		},
+	}
+
+	outBytes, err = runtime.Encode(unstructured.UnstructuredJSONScheme, &gkc)
+	if err != nil {
+		t.Fatalf("Could not serialize the constraint template: %s", err)
+	}
+
+	z := policiesv1.PolicyTemplate{
+		ObjectDefinition: runtime.RawExtension{
+			Raw: outBytes,
+		},
+	}
+
+	policy.Spec.PolicyTemplates = append(policy.Spec.PolicyTemplates, &z)
+
+	has = hasDupName(&policy)
+	if has {
+		t.Fatal("Duplicate names found in templates but not expected")
+	}
+
+	// add a config policy with a duplicate name
+	outBytes, err = runtime.Encode(unstructured.UnstructuredJSONScheme, &configPolicy)
+	if err != nil {
+		t.Fatalf("Could not serialize the config policy: %s", err)
+	}
+
+	x2 := policiesv1.PolicyTemplate{
+		ObjectDefinition: runtime.RawExtension{
+			Raw: outBytes,
+		},
+	}
+
+	policy.Spec.PolicyTemplates = append(policy.Spec.PolicyTemplates, &x2)
+
+	has = hasDupName(&policy)
+	if !has { // expect duplicate detection to return true
+		t.Fatal("Duplicate name not detected")
+	}
+}

Original file line number	Diff line number	Diff line change
`@@ -1551,6 +1551,9 @@ func hasDupName(pol *policiesv1.Policy) bool {`
`1551`	`1551`	`}`
`1552`	`1552`
`1553`	`1553`	`name := unstructured.GetName()`
	`1554`	`+ apiv := unstructured.GetAPIVersion()`
	`1555`	`+ kind := unstructured.GetKind()`
	`1556`	`+ name = fmt.Sprintf("%s/%s/%s", name, apiv, kind)`
`1554`	`1557`
`1555`	`1558`	`if _, has := foundNames[name]; has {`
`1556`	`1559`	`return true`