Override the namespace set in the template

Previously, if the user set a namespace in the template, then when the
template-sync tried to create the template, it would fail. Now the
template-sync always uses the cluster namespace, overriding what the
user might have provided.

Refs:
 - https://issues.redhat.com/browse/ACM-17666

Signed-off-by: Justin Kulikauskas <[email protected]>

Author: JustinKuli

controllers/templatesync/template_sync.go

@@ -530,6 +530,8 @@ func (r *PolicyReconciler) Reconcile(ctx context.Context, request reconcile.Requ
 
 				overrideRemediationAction(instance, tObjectUnstructured)
 
+				tObjectUnstructured.SetNamespace(resourceNs)
+
 				eObject, err = res.Create(ctx, tObjectUnstructured, metav1.CreateOptions{})
 				if err != nil {
 					multiTemplateRegExp := regexp.MustCompile(

test/e2e/case9_template_sync_test.go

@@ -11,6 +11,31 @@ import (
 	"open-cluster-management.io/governance-policy-propagator/test/utils"
 )
 
+var _ = Describe("Test template sync overrides namespace", func() {
+	const (
+		namespaceSetPolicyName       string = "case9-test-policy-with-ns"
+		namespaceSetPolicyYaml       string = "../resources/case9_template_sync/case9-test-policy-with-ns.yaml"
+		namespaceSetConfigPolicyName string = "case9-config-policy-with-ns"
+	)
+
+	BeforeEach(func() {
+		hubApplyPolicy(namespaceSetPolicyName, namespaceSetPolicyYaml)
+	})
+	AfterEach(func() {
+		By("Deleting a policy on the hub in ns:" + clusterNamespaceOnHub)
+		_, err := kubectlHub("delete", "-f", namespaceSetPolicyYaml, "-n", clusterNamespaceOnHub, "--ignore-not-found")
+		Expect(err).ShouldNot(HaveOccurred())
+		opt := metav1.ListOptions{}
+		utils.ListWithTimeout(clientManagedDynamic, gvrPolicy, opt, 0, true, defaultTimeoutSeconds)
+	})
+	It("should override the namespace in the template", func() {
+		By("Checking that the ConfigurationPolicy was created in the cluster namespace")
+		foundPlc := utils.GetWithTimeout(clientManagedDynamic, gvrConfigurationPolicy, namespaceSetConfigPolicyName,
+			clusterNamespace, true, defaultTimeoutSeconds)
+		Expect(foundPlc).NotTo(BeNil())
+	})
+})
+
 var _ = Describe("Test template sync", func() {
 	const (
 		case9PolicyName       string = "case9-test-policy"

test/resources/case9_template_sync/case9-test-policy-with-ns.yaml

@@ -0,0 +1,32 @@
+apiVersion: policy.open-cluster-management.io/v1
+kind: Policy
+metadata:
+  name: case9-test-policy-with-ns
+  labels:
+    policy.open-cluster-management.io/cluster-name: managed
+    policy.open-cluster-management.io/cluster-namespace: managed
+    policy.open-cluster-management.io/root-policy: case9-test-policy-with-ns
+spec:
+  remediationAction: inform
+  disabled: false
+  policy-templates:
+    - objectDefinition:
+        apiVersion: policy.open-cluster-management.io/v1
+        kind: ConfigurationPolicy
+        metadata:
+          name: case9-config-policy-with-ns
+          namespace: bad
+        spec:
+          remediationAction: inform
+          object-templates:
+            - complianceType: musthave
+              objectDefinition:
+                apiVersion: v1
+                kind: Pod
+                metadata:
+                  name: nginx-pod-e2e
+                  namespace: default
+                spec:
+                  containers:
+                    - name: nginx
+