Add PolicyOptions / ConfigurationPolicyOptions

dhaiducek · dhaiducek · commit 2d7a140a6d6e · 2022-10-10T14:13:31.000-04:00
These are consolidated structs that increase maintainability by having
keys in a single location

Signed-off-by: Dale Haiducek &lt;dhaiduce@redhat.com&gt;
diff --git a/internal/expanders/gatekeeper_test.go b/internal/expanders/gatekeeper_test.go
@@ -74,7 +74,8 @@ func TestGatekeeperEnabled(t *testing.T) {
 	}{{true, true}, {false, false}}
 
 	for _, test := range tests {
-		policyConf := types.PolicyConfig{InformGatekeeperPolicies: test.Enabled}
+		var policyConf types.PolicyConfig
+		policyConf.InformGatekeeperPolicies = test.Enabled
 		assertEqual(t, g.Enabled(&policyConf), test.Expected)
 	}
 }
diff --git a/internal/expanders/kyverno_test.go b/internal/expanders/kyverno_test.go
@@ -77,7 +77,8 @@ func TestKyvernoEnabled(t *testing.T) {
 	}{{true, true}, {false, false}}
 
 	for _, test := range tests {
-		policyConf := types.PolicyConfig{InformKyvernoPolicies: test.Enabled}
+		var policyConf types.PolicyConfig
+		policyConf.InformKyvernoPolicies = test.Enabled
 		assertEqual(t, k.Enabled(&policyConf), test.Expected)
 	}
 }
diff --git a/internal/plugin.go b/internal/plugin.go
@@ -64,12 +64,16 @@ type Plugin struct {
 }
 
 var defaults = types.PolicyDefaults{
-	Categories:        []string{"CM Configuration Management"},
-	ComplianceType:    "musthave",
-	Controls:          []string{"CM-2 Baseline Configuration"},
-	RemediationAction: "inform",
-	Severity:          "low",
-	Standards:         []string{"NIST SP 800-53"},
+	PolicyOptions: types.PolicyOptions{
+		Categories: []string{"CM Configuration Management"},
+		Controls:   []string{"CM-2 Baseline Configuration"},
+		Standards:  []string{"NIST SP 800-53"},
+	},
+	ConfigurationPolicyOptions: types.ConfigurationPolicyOptions{
+		ComplianceType:    "musthave",
+		RemediationAction: "inform",
+		Severity:          "low",
+	},
 }
 
 // Config validates the input PolicyGenerator configuration, applies any missing defaults, and
diff --git a/internal/plugin_test.go b/internal/plugin_test.go
@@ -48,8 +48,10 @@ func TestGenerate(t *testing.T) {
 		},
 	}
 	policyConf := types.PolicyConfig{
-		Name:                "policy-app-config",
-		PruneObjectBehavior: "None",
+		Name: "policy-app-config",
+		ConfigurationPolicyOptions: types.ConfigurationPolicyOptions{
+			PruneObjectBehavior: "None",
+		},
 		Manifests: []types.Manifest{
 			{
 				Path:    path.Join(tmpDir, "configmap.yaml"),
@@ -61,8 +63,10 @@ func TestGenerate(t *testing.T) {
 		Name: "policy-app-config2",
 		Manifests: []types.Manifest{
 			{
-				MetadataComplianceType: "mustonlyhave",
-				Path:                   path.Join(tmpDir, "configmap.yaml"),
+				ConfigurationPolicyOptions: types.ConfigurationPolicyOptions{
+					MetadataComplianceType: "mustonlyhave",
+				},
+				Path: path.Join(tmpDir, "configmap.yaml"),
 			},
 		},
 	}
@@ -782,10 +786,12 @@ func TestCreatePolicyFromIamPolicyTypeManifest(t *testing.T) {
 	p := Plugin{}
 	p.PolicyDefaults.Namespace = "Iam-policies"
 	policyConf := types.PolicyConfig{
-		Categories: []string{"AC Access Control"},
-		Controls:   []string{"AC-3 Access Enforcement"},
-		Standards:  []string{"NIST SP 800-53"},
-		Name:       "policy-limitclusteradmin",
+		PolicyOptions: types.PolicyOptions{
+			Categories: []string{"AC Access Control"},
+			Controls:   []string{"AC-3 Access Enforcement"},
+			Standards:  []string{"NIST SP 800-53"},
+		},
+		Name: "policy-limitclusteradmin",
 		Manifests: []types.Manifest{
 			{Path: path.Join(tmpDir, "iamKindManifestPluginTest.yaml")},
 		},
@@ -845,9 +851,11 @@ func TestCreatePolicyDir(t *testing.T) {
 	p := Plugin{}
 	p.PolicyDefaults.Namespace = "my-policies"
 	policyConf := types.PolicyConfig{
-		Name:              "policy-app-config",
-		Manifests:         []types.Manifest{{Path: tmpDir}},
-		NamespaceSelector: types.NamespaceSelector{Include: []string{"default"}},
+		Name:      "policy-app-config",
+		Manifests: []types.Manifest{{Path: tmpDir}},
+		ConfigurationPolicyOptions: types.ConfigurationPolicyOptions{
+			NamespaceSelector: types.NamespaceSelector{Include: []string{"default"}},
+		},
 	}
 	p.Policies = append(p.Policies, policyConf)
 	p.applyDefaults(map[string]interface{}{})
@@ -1156,15 +1164,19 @@ func TestCreatePlacementDuplicateName(t *testing.T) {
 	p.PolicyDefaults.Namespace = "my-policies"
 	policyConf := types.PolicyConfig{
 		Name: "policy-app-config",
-		Placement: types.PlacementConfig{
-			Name: "my-placement",
+		PolicyOptions: types.PolicyOptions{
+			Placement: types.PlacementConfig{
+				Name: "my-placement",
+			},
 		},
 	}
 	policyConf2 := types.PolicyConfig{
 		Name: "policy-app-config2",
-		Placement: types.PlacementConfig{
-			ClusterSelectors: map[string]string{"my": "app"},
-			Name:             "my-placement",
+		PolicyOptions: types.PolicyOptions{
+			Placement: types.PlacementConfig{
+				ClusterSelectors: map[string]string{"my": "app"},
+				Name:             "my-placement",
+			},
 		},
 	}
 
@@ -1676,7 +1688,9 @@ func TestGeneratePolicySets(t *testing.T) {
 							Path: path.Join(tmpDir, "configmap.yaml"),
 						},
 					},
-					PolicySets: []string{"policyset0"},
+					PolicyOptions: types.PolicyOptions{
+						PolicySets: []string{"policyset0"},
+					},
 				}
 			},
 			expectedPolicySetConfigInPolicy: [][]string{
@@ -1710,7 +1724,9 @@ func TestGeneratePolicySets(t *testing.T) {
 							Path: path.Join(tmpDir, "configmap.yaml"),
 						},
 					},
-					PolicySets: []string{},
+					PolicyOptions: types.PolicyOptions{
+						PolicySets: []string{},
+					},
 				}
 			},
 			expectedPolicySetConfigInPolicy: [][]string{
@@ -1820,7 +1836,9 @@ func TestGeneratePolicySetsWithPlacement(t *testing.T) {
 				Path: path.Join(tmpDir, "configmap.yaml"),
 			},
 		},
-		PolicySets: []string{"policyset"},
+		PolicyOptions: types.PolicyOptions{
+			PolicySets: []string{"policyset"},
+		},
 	}
 	p.Policies = append(p.Policies, policyConf)
 
@@ -1929,7 +1947,9 @@ func TestGeneratePolicySetsWithPolicyPlacement(t *testing.T) {
 				Path: path.Join(tmpDir, "configmap.yaml"),
 			},
 		},
-		PolicySets: []string{"my-policyset"},
+		PolicyOptions: types.PolicyOptions{
+			PolicySets: []string{"my-policyset"},
+		},
 	}
 	p.Policies = append(p.Policies, policyConf)
 	p.PolicySets = []types.PolicySetConfig{
@@ -2141,10 +2161,10 @@ func getYAMLEvaluationInterval(
 	configPolicy, ok := plcTemplate["objectDefinition"].(map[string]interface{})
 	assertEqual(t, ok, true)
 
-	configPolicySpec, ok := configPolicy["spec"].(map[string]interface{})
+	configPolicyOptions, ok := configPolicy["spec"].(map[string]interface{})
 	assertEqual(t, ok, true)
 
-	evaluationInterval, ok := configPolicySpec["evaluationInterval"].(map[string]interface{})
+	evaluationInterval, ok := configPolicyOptions["evaluationInterval"].(map[string]interface{})
 
 	if !skipFinalValidation {
 		assertEqual(t, ok, true)
@@ -2174,18 +2194,24 @@ func TestGenerateEvaluationInterval(t *testing.T) {
 
 	// Test that the policy evaluation interval gets inherited when not set on a manifest.
 	policyConf := types.PolicyConfig{
-		ConsolidateManifests: false,
-		EvaluationInterval: types.EvaluationInterval{
-			Compliant:    "30m",
-			NonCompliant: "30s",
+		PolicyOptions: types.PolicyOptions{
+			ConsolidateManifests: false,
+		},
+		ConfigurationPolicyOptions: types.ConfigurationPolicyOptions{
+			EvaluationInterval: types.EvaluationInterval{
+				Compliant:    "30m",
+				NonCompliant: "30s",
+			},
 		},
 		Name: "policy-app-config",
 		Manifests: []types.Manifest{
 			{Path: path.Join(tmpDir, "configmap.yaml")},
 			{
-				EvaluationInterval: types.EvaluationInterval{
-					Compliant:    "25m",
-					NonCompliant: "5m",
+				ConfigurationPolicyOptions: types.ConfigurationPolicyOptions{
+					EvaluationInterval: types.EvaluationInterval{
+						Compliant:    "25m",
+						NonCompliant: "5m",
+					},
 				},
 				Path: path.Join(tmpDir, "configmap.yaml"),
 			},
@@ -2204,8 +2230,10 @@ func TestGenerateEvaluationInterval(t *testing.T) {
 	}
 	// Test that explicitly setting evaluationInterval to an empty value overrides the policy default.
 	policyConf3 := types.PolicyConfig{
-		EvaluationInterval: types.EvaluationInterval{},
-		Name:               "policy-app-config3",
+		ConfigurationPolicyOptions: types.ConfigurationPolicyOptions{
+			EvaluationInterval: types.EvaluationInterval{},
+		},
+		Name: "policy-app-config3",
 		Manifests: []types.Manifest{
 			{Path: path.Join(tmpDir, "configmap.yaml")},
 		},
@@ -2459,9 +2487,9 @@ func TestCreatePolicyWithNamespaceSelector(t *testing.T) {
 			// nolint: forcetypeassert
 			configPolicy := policyTemplates[0].(map[string]interface{})["objectDefinition"].(map[string]interface{})
 			// nolint: forcetypeassert
-			configPolicySpec := configPolicy["spec"].(map[string]interface{})
+			configPolicyOptions := configPolicy["spec"].(map[string]interface{})
 			// nolint: forcetypeassert
-			configPolicySelector := configPolicySpec["namespaceSelector"].(map[string]interface{})
+			configPolicySelector := configPolicyOptions["namespaceSelector"].(map[string]interface{})
 
 			if reflect.DeepEqual(test.namespaceSelector, types.NamespaceSelector{}) {
 				assertSelectorEqual(t, configPolicySelector, p.PolicyDefaults.NamespaceSelector)
diff --git a/internal/types/types.go b/internal/types/types.go
@@ -7,13 +7,35 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+type PolicyOptions struct {
+	Categories                     []string          `json:"categories,omitempty" yaml:"categories,omitempty"`
+	Controls                       []string          `json:"controls,omitempty" yaml:"controls,omitempty"`
+	Placement                      PlacementConfig   `json:"placement,omitempty" yaml:"placement,omitempty"`
+	Standards                      []string          `json:"standards,omitempty" yaml:"standards,omitempty"`
+	ConsolidateManifests           bool              `json:"consolidateManifests,omitempty" yaml:"consolidateManifests,omitempty"`
+	Disabled                       bool              `json:"disabled,omitempty" yaml:"disabled,omitempty"`
+	InformGatekeeperPolicies       bool              `json:"informGatekeeperPolicies,omitempty" yaml:"informGatekeeperPolicies,omitempty"`
+	InformKyvernoPolicies          bool              `json:"informKyvernoPolicies,omitempty" yaml:"informKyvernoPolicies,omitempty"`
+	GeneratePlacementWhenInSet     bool              `json:"generatePlacementWhenInSet,omitempty" yaml:"generatePlacementWhenInSet,omitempty"`
+	PolicySets                     []string          `json:"policySets,omitempty" yaml:"policySets,omitempty"`
+	PolicyAnnotations              map[string]string `json:"policyAnnotations,omitempty" yaml:"policyAnnotations,omitempty"`
+	ConfigurationPolicyAnnotations map[string]string `json:"configurationPolicyAnnotations,omitempty" yaml:"configurationPolicyAnnotations,omitempty"`
+}
+
+type ConfigurationPolicyOptions struct {
+	RemediationAction      string             `json:"remediationAction,omitempty" yaml:"remediationAction,omitempty"`
+	Severity               string             `json:"severity,omitempty" yaml:"severity,omitempty"`
+	ComplianceType         string             `json:"complianceType,omitempty" yaml:"complianceType,omitempty"`
+	MetadataComplianceType string             `json:"metadataComplianceType,omitempty" yaml:"metadataComplianceType,omitempty"`
+	EvaluationInterval     EvaluationInterval `json:"evaluationInterval,omitempty" yaml:"evaluationInterval,omitempty"`
+	NamespaceSelector      NamespaceSelector  `json:"namespaceSelector,omitempty" yaml:"namespaceSelector,omitempty"`
+	PruneObjectBehavior    string             `json:"pruneObjectBehavior,omitempty" yaml:"pruneObjectBehavior,omitempty"`
+}
+
 type Manifest struct {
-	ComplianceType         string                   `json:"complianceType,omitempty" yaml:"complianceType,omitempty"`
-	MetadataComplianceType string                   `json:"metadataComplianceType,omitempty" yaml:"metadataComplianceType,omitempty"`
-	EvaluationInterval     EvaluationInterval       `json:"evaluationInterval,omitempty" yaml:"evaluationInterval,omitempty"`
-	PruneObjectBehavior    string                   `json:"pruneObjectBehavior,omitempty" yaml:"pruneObjectBehavior,omitempty"`
-	Patches                []map[string]interface{} `json:"patches,omitempty" yaml:"patches,omitempty"`
-	Path                   string                   `json:"path,omitempty" yaml:"path,omitempty"`
+	ConfigurationPolicyOptions `json:",inline" yaml:",inline"`
+	Patches                    []map[string]interface{} `json:"patches,omitempty" yaml:"patches,omitempty"`
+	Path                       string                   `json:"path,omitempty" yaml:"path,omitempty"`
 }
 
 type NamespaceSelector struct {
@@ -58,60 +80,23 @@ type EvaluationInterval struct {
 
 // PolicyConfig represents a policy entry in the PolicyGenerator configuration.
 type PolicyConfig struct {
-	Categories             []string `json:"categories,omitempty" yaml:"categories,omitempty"`
-	ComplianceType         string   `json:"complianceType,omitempty" yaml:"complianceType,omitempty"`
-	MetadataComplianceType string   `json:"metadataComplianceType,omitempty" yaml:"metadataComplianceType,omitempty"`
-	Controls               []string `json:"controls,omitempty" yaml:"controls,omitempty"`
+	PolicyOptions              `json:",inline" yaml:",inline"`
+	ConfigurationPolicyOptions `json:",inline" yaml:",inline"`
+	Name                       string `json:"name,omitempty" yaml:"name,omitempty"`
 	// This a slice of structs to allow additional configuration related to a manifest such as
 	// accepting patches.
-	Manifests         []Manifest        `json:"manifests,omitempty" yaml:"manifests,omitempty"`
-	Name              string            `json:"name,omitempty" yaml:"name,omitempty"`
-	NamespaceSelector NamespaceSelector `json:"namespaceSelector,omitempty" yaml:"namespaceSelector,omitempty"`
-	// This is named Placement so that eventually PlacementRules and Placements will be supported
-	Placement                      PlacementConfig    `json:"placement,omitempty" yaml:"placement,omitempty"`
-	RemediationAction              string             `json:"remediationAction,omitempty" yaml:"remediationAction,omitempty"`
-	Severity                       string             `json:"severity,omitempty" yaml:"severity,omitempty"`
-	Standards                      []string           `json:"standards,omitempty" yaml:"standards,omitempty"`
-	ConsolidateManifests           bool               `json:"consolidateManifests,omitempty" yaml:"consolidateManifests,omitempty"`
-	Disabled                       bool               `json:"disabled,omitempty" yaml:"disabled,omitempty"`
-	InformGatekeeperPolicies       bool               `json:"informGatekeeperPolicies,omitempty" yaml:"informGatekeeperPolicies,omitempty"`
-	InformKyvernoPolicies          bool               `json:"informKyvernoPolicies,omitempty" yaml:"informKyvernoPolicies,omitempty"`
-	GeneratePlacementWhenInSet     bool               `json:"generatePlacementWhenInSet,omitempty" yaml:"generatePlacementWhenInSet,omitempty"`
-	PolicySets                     []string           `json:"policySets,omitempty" yaml:"policySets,omitempty"`
-	EvaluationInterval             EvaluationInterval `json:"evaluationInterval,omitempty" yaml:"evaluationInterval,omitempty"`
-	PolicyAnnotations              map[string]string  `json:"policyAnnotations,omitempty" yaml:"policyAnnotations,omitempty"`
-	ConfigurationPolicyAnnotations map[string]string  `json:"configurationPolicyAnnotations,omitempty" yaml:"configurationPolicyAnnotations,omitempty"`
-	PruneObjectBehavior            string             `json:"pruneObjectBehavior,omitempty" yaml:"pruneObjectBehavior,omitempty"`
+	Manifests []Manifest `json:"manifests,omitempty" yaml:"manifests,omitempty"`
 }
 
 type PolicyDefaults struct {
-	Categories             []string          `json:"categories,omitempty" yaml:"categories,omitempty"`
-	ComplianceType         string            `json:"complianceType,omitempty" yaml:"complianceType,omitempty"`
-	MetadataComplianceType string            `json:"metadataComplianceType,omitempty" yaml:"metadataComplianceType,omitempty"`
-	Controls               []string          `json:"controls,omitempty" yaml:"controls,omitempty"`
-	Namespace              string            `json:"namespace,omitempty" yaml:"namespace,omitempty"`
-	NamespaceSelector      NamespaceSelector `json:"namespaceSelector,omitempty" yaml:"namespaceSelector,omitempty"`
-	// This is named Placement so that eventually PlacementRules and Placements will be supported
-	Placement                      PlacementConfig    `json:"placement,omitempty" yaml:"placement,omitempty"`
-	RemediationAction              string             `json:"remediationAction,omitempty" yaml:"remediationAction,omitempty"`
-	Severity                       string             `json:"severity,omitempty" yaml:"severity,omitempty"`
-	Standards                      []string           `json:"standards,omitempty" yaml:"standards,omitempty"`
-	ConsolidateManifests           bool               `json:"consolidateManifests,omitempty" yaml:"consolidateManifests,omitempty"`
-	Disabled                       bool               `json:"disabled,omitempty" yaml:"disabled,omitempty"`
-	InformGatekeeperPolicies       bool               `json:"informGatekeeperPolicies,omitempty" yaml:"informGatekeeperPolicies,omitempty"`
-	InformKyvernoPolicies          bool               `json:"informKyvernoPolicies,omitempty" yaml:"informKyvernoPolicies,omitempty"`
-	GeneratePlacementWhenInSet     bool               `json:"generatePlacementWhenInSet,omitempty" yaml:"generatePlacementWhenInSet,omitempty"`
-	PolicySets                     []string           `json:"policySets,omitempty" yaml:"policySets,omitempty"`
-	EvaluationInterval             EvaluationInterval `json:"evaluationInterval,omitempty" yaml:"evaluationInterval,omitempty"`
-	PolicyAnnotations              map[string]string  `json:"policyAnnotations,omitempty" yaml:"policyAnnotations,omitempty"`
-	ConfigurationPolicyAnnotations map[string]string  `json:"configurationPolicyAnnotations,omitempty" yaml:"configurationPolicyAnnotations,omitempty"`
-	PruneObjectBehavior            string             `json:"pruneObjectBehavior,omitempty" yaml:"pruneObjectBehavior,omitempty"`
+	PolicyOptions              `json:",inline" yaml:",inline"`
+	ConfigurationPolicyOptions `json:",inline" yaml:",inline"`
+	Namespace                  string `json:"namespace,omitempty" yaml:"namespace,omitempty"`
 }
 
 type PolicySetConfig struct {
-	Name        string   `json:"name,omitempty" yaml:"name,omitempty"`
-	Description string   `json:"description,omitempty" yaml:"description,omitempty"`
-	Policies    []string `json:"policies,omitempty" yaml:"policies,omitempty"`
-	// This is named Placement so that eventually PlacementRules and Placements will be supported
-	Placement PlacementConfig `json:"placement,omitempty" yaml:"placement,omitempty"`
+	Name        string          `json:"name,omitempty" yaml:"name,omitempty"`
+	Description string          `json:"description,omitempty" yaml:"description,omitempty"`
+	Policies    []string        `json:"policies,omitempty" yaml:"policies,omitempty"`
+	Placement   PlacementConfig `json:"placement,omitempty" yaml:"placement,omitempty"`
 }
diff --git a/internal/utils_test.go b/internal/utils_test.go

Original file line number	Diff line number	Diff line change
`@@ -74,7 +74,8 @@ func TestGatekeeperEnabled(t *testing.T) {`
`74`	`74`	`}{{true, true}, {false, false}}`
`75`	`75`
`76`	`76`	`for _, test := range tests {`
`77`		`- policyConf := types.PolicyConfig{InformGatekeeperPolicies: test.Enabled}`
	`77`	`+ var policyConf types.PolicyConfig`
	`78`	`+ policyConf.InformGatekeeperPolicies = test.Enabled`
`78`	`79`	`assertEqual(t, g.Enabled(&policyConf), test.Expected)`
`79`	`80`	`}`
`80`	`81`	`}`
Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,8 @@ func TestKyvernoEnabled(t *testing.T) {`
`77`	`77`	`}{{true, true}, {false, false}}`
`78`	`78`
`79`	`79`	`for _, test := range tests {`
`80`		`- policyConf := types.PolicyConfig{InformKyvernoPolicies: test.Enabled}`
	`80`	`+ var policyConf types.PolicyConfig`
	`81`	`+ policyConf.InformKyvernoPolicies = test.Enabled`
`81`	`82`	`assertEqual(t, k.Enabled(&policyConf), test.Expected)`
`82`	`83`	`}`
`83`	`84`	`}`