Bug: ACM-6632, parent policy cannot override remediationAction if unset in policy template

https://issues.redhat.com/browse/ACM-6632

Signed-off-by: Jason Zhang <[email protected]>

Author: zyjjay

controllers/templatesync/template_sync.go

@@ -1236,10 +1236,10 @@ func overrideRemediationAction(instance *policiesv1.Policy, tObjectUnstructured
 				return
 			}
 		}
+	}
 
-		if instance.Spec.RemediationAction != "" {
-			specObject["remediationAction"] = string(instance.Spec.RemediationAction)
-		}
+	if instance.Spec.RemediationAction != "" {
+		specObject["remediationAction"] = string(instance.Spec.RemediationAction)
 	}
 }
 

test/e2e/case20_informonly_test.go

@@ -20,16 +20,20 @@ const (
 	case20PolicyNoRemediationName    string = "case20-policy-informonly-no-remediationaction"
 	case20PolicyNoRemediationYaml    string = "../resources/case20_policy_informonly/" +
 		"case20-parent-policy-noremediation.yaml"
+	case20PlcTemplateNoRemediationName string = "case20-policy-template-no-remediationaction"
+	case20PlcTemplateNoRemediationYaml string = "../resources/case20_policy_informonly/" +
+		"case20-policy-template-noremediation.yaml"
+	case20ConfigPlcTemplateNoRemediationName string = "create-configmap-policy-template"
 )
 
-func checkInformAction(cfplc string) {
+func checkInformAction(cfplc string, compliance string) {
 	By("Checking template policy remediationAction")
 	Eventually(func() interface{} {
 		plc := utils.GetWithTimeout(clientManagedDynamic, gvrConfigurationPolicy,
 			cfplc, clusterNamespace, true, defaultTimeoutSeconds)
 
 		return plc.Object["spec"].(map[string]interface{})["remediationAction"]
-	}, defaultTimeoutSeconds, 1).Should(Equal("inform"))
+	}, defaultTimeoutSeconds, 1).Should(Equal(compliance))
 }
 
 var _ = Describe("Test 'InformOnly' ConfigurationPolicies", Ordered, func() {
@@ -47,22 +51,37 @@ var _ = Describe("Test 'InformOnly' ConfigurationPolicies", Ordered, func() {
 		if !errors.As(err, &e) {
 			Expect(err).ShouldNot(HaveOccurred())
 		}
+
+		_, err = kubectlHub("delete", "-f", case20PlcTemplateNoRemediationYaml, "-n", clusterNamespaceOnHub,
+			"--ignore-not-found")
+		if !errors.As(err, &e) {
+			Expect(err).ShouldNot(HaveOccurred())
+		}
 	})
 
 	Describe("Override remediationAction in spec", func() {
 		Context("When parent policy have remediationAction=enforce", func() {
 			It("Should have remediationAction=inform", func() {
 				By("Applying parent policy " + case20PolicyName + " in hub ns: " + clusterNamespaceOnHub)
 				hubApplyPolicy(case20PolicyName, case20PolicyYaml)
-				checkInformAction(case20ConfigPlcName)
+				checkInformAction(case20ConfigPlcName, "inform")
 			})
 		})
 
 		Context("When parent policy have no remediationAction field set", func() {
 			It("Should have remediationAction=inform", func() {
 				By("Applying parent policy " + case20PolicyNoRemediationName + " in hub ns: " + clusterNamespaceOnHub)
 				hubApplyPolicy(case20PolicyNoRemediationName, case20PolicyNoRemediationYaml)
-				checkInformAction(case20ConfigPlcNoRemediationName)
+				checkInformAction(case20ConfigPlcNoRemediationName, "inform")
+			})
+		})
+
+		Context("When policy template have no remediationAction field set", func() {
+			It("Should have inherited parent policy's remediationAction field", func() {
+				By("Applying parent policy " + case20PlcTemplateNoRemediationName + " in hub ns: " +
+					clusterNamespaceOnHub)
+				hubApplyPolicy(case20PlcTemplateNoRemediationName, case20PlcTemplateNoRemediationYaml)
+				checkInformAction(case20ConfigPlcTemplateNoRemediationName, "inform")
 			})
 		})
 	})

test/resources/case20_policy_informonly/case20-parent-policy-noremediation.yaml

@@ -5,7 +5,7 @@ metadata:
   labels:
     policy.open-cluster-management.io/cluster-name: managed
     policy.open-cluster-management.io/cluster-namespace: managed
-    policy.open-cluster-management.io/root-policy: policy-informonly
+    policy.open-cluster-management.io/root-policy: case20-policy-informonly-no-remediationaction
 spec:
   disabled: false
   policy-templates:

test/resources/case20_policy_informonly/case20-parent-policy.yaml

@@ -5,7 +5,7 @@ metadata:
   labels:
     policy.open-cluster-management.io/cluster-name: managed
     policy.open-cluster-management.io/cluster-namespace: managed
-    policy.open-cluster-management.io/root-policy: policy-informonly
+    policy.open-cluster-management.io/root-policy: case20-policy-informonly
 spec:
   remediationAction: enforce
   disabled: false

test/resources/case20_policy_informonly/case20-policy-template-noremediation.yaml

@@ -0,0 +1,26 @@
+apiVersion: policy.open-cluster-management.io/v1
+kind: Policy
+metadata:
+  name: case20-policy-template-no-remediationaction
+  labels:
+    policy.open-cluster-management.io/cluster-name: managed
+    policy.open-cluster-management.io/cluster-namespace: managed
+    policy.open-cluster-management.io/root-policy: case20-policy-template-no-remediationaction
+spec:
+  remediationAction: inform
+  disabled: false
+  policy-templates:
+    - objectDefinition:
+        apiVersion: policy.open-cluster-management.io/v1
+        kind: ConfigurationPolicy
+        metadata:
+          name: create-configmap-policy-template
+        spec:
+          object-templates:
+          - complianceType: musthave
+            objectDefinition:
+              apiVersion: v1
+              kind: ConfigMap
+              metadata:
+                name: test-config
+                namespace: managed