Handle hub template errors

JustinKuli · openshift-merge-bot[bot] · commit 4d7c4dadf363 · 2024-04-24T18:49:08.000Z
The plan is to add template support to more policy types. Currently it is restricted to ConfigurationPolicies. This removes that restriction and reports hub template errors that would be added by the propagator, so that each policy controller does not need to duplicate the logic to emit those events themselves. Refs: - https://issues.redhat.com/browse/ACM-10858 Signed-off-by: Justin Kulikauskas <jkulikau@redhat.com>
diff --git a/controllers/templatesync/template_sync.go b/controllers/templatesync/template_sync.go
@@ -361,13 +361,11 @@ func (r *PolicyReconciler) Reconcile(ctx context.Context, request reconcile.Requ
 			continue
 		}
 
-		var tName string
-		if tMetaObj, ok := object.(metav1.Object); ok {
-			tName = tMetaObj.GetName()
-		}
+		metaObj, ok := object.(metav1.Object)
+		tName := metaObj.GetName()
 
-		if tName == "" {
-			errMsg := fmt.Sprintf("Failed to get name from policy template at index %v", tIndex)
+		if !ok || tName == "" {
+			errMsg := fmt.Sprintf("Failed to parse or get name from policy template at index %v", tIndex)
 			resultError = k8serrors.NewBadRequest(errMsg)
 
 			_ = r.emitTemplateError(ctx, instance, tIndex,
@@ -463,21 +461,15 @@ func (r *PolicyReconciler) Reconcile(ctx context.Context, request reconcile.Requ
 			continue
 		}
 
-		// reject if not configuration policy and has template strings, and don't requeue
-		if gvk.Kind != "ConfigurationPolicy" {
-			// if not configuration policies, do a simple check for templates {{hub and reject
-			// only checking for hub and not {{ as they could be valid cases where they are valid chars.
-			if strings.Contains(string(policyT.ObjectDefinition.Raw), "{{hub ") {
-				errMsg := fmt.Sprintf("Templates are not supported for kind : %s", gvk.Kind)
-
-				_ = r.emitTemplateError(ctx, instance, tIndex, tName, isClusterScoped, errMsg)
+		// check for hub template error
+		if errAnno := metaObj.GetAnnotations()["policy.open-cluster-management.io/hub-templates-error"]; errAnno != "" {
+			_ = r.emitTemplateError(ctx, instance, tIndex, tName, isClusterScoped, errAnno)
 
-				tLogger.Error(k8serrors.NewBadRequest(errMsg), "Failed to process the policy template")
+			tLogger.Error(k8serrors.NewBadRequest(errAnno), "Failed to process the policy template")
 
-				policyUserErrorsCounter.WithLabelValues(instance.Name, tName, "format-error").Inc()
+			policyUserErrorsCounter.WithLabelValues(instance.Name, tName, "format-error").Inc()
 
-				continue
-			}
+			continue
 		}
 
 		dependencyFailures := r.processDependencies(ctx, dClient, discoveryClient, templateDeps, tLogger)
diff --git a/test/e2e/case10_error_test.go b/test/e2e/case10_error_test.go
@@ -96,7 +96,7 @@ var _ = Describe("Test error handling", func() {
 
 		By("Checking for event with missing name err on managed cluster in ns:" + clusterNamespace)
 		Eventually(
-			checkForEvent("case10-template-name-error", "template-error; Failed to get name from policy"),
+			checkForEvent("case10-template-name-error", "template-error; Failed to parse or get name from policy"),
 			defaultTimeoutSeconds,
 			1,
 		).Should(BeTrue())
@@ -255,7 +255,7 @@ var _ = Describe("Test error handling", func() {
 			return found
 		}, defaultTimeoutSeconds*2, 1).Should(BeFalse())
 	})
-	It("should throw a noncompliance event if a non-configurationpolicy uses a hub template", func() {
+	It("should throw a noncompliance event for hub template errors", func() {
 		By("Deploying a test policy CRD")
 		_, err := kubectlManaged("apply", "-f", yamlBasePath+"mock-crd.yaml")
 		Expect(err).ToNot(HaveOccurred())
@@ -266,11 +266,11 @@ var _ = Describe("Test error handling", func() {
 		})
 
 		hubApplyPolicy("case10-bad-hubtemplate",
-			yamlBasePath+"non-config-hubtemplate.yaml")
+			yamlBasePath+"error-hubtemplate.yaml")
 
 		By("Checking for the error event")
 		Eventually(
-			checkForEvent("case10-bad-hubtemplate", "Templates are not supported for kind"),
+			checkForEvent("case10-bad-hubtemplate", "must be aboveground"),
 			defaultTimeoutSeconds,
 			1,
 		).Should(BeTrue())
diff --git a/test/resources/case10_template_sync_error_test/error-hubtemplate.yaml b/test/resources/case10_template_sync_error_test/error-hubtemplate.yaml
@@ -15,5 +15,7 @@ spec:
         kind: MockPolicy
         metadata:
           name: case10-bad-hubtemplate-policy
+          annotations:
+            policy.open-cluster-management.io/hub-templates-error: "must be aboveground"
         spec:
           foo: 'I come from {{hub the land down under hub}}'
