Ensure policyset name is unique (#36)

Fix the issue that policyset name could be duplicated.
Add test cases for policyset config validation.

Signed-off-by: Yu Cao <[email protected]>

Author: Yu Cao

internal/plugin.go

@@ -482,7 +482,7 @@ func (p *Plugin) assertValidConfig() error {
 		return errors.New("policies is empty but it must be set")
 	}
 
-	seen := map[string]bool{}
+	seenPlc := map[string]bool{}
 	plCount := struct {
 		plc int
 		plr int
@@ -495,12 +495,12 @@ func (p *Plugin) assertValidConfig() error {
 			)
 		}
 
-		if seen[policy.Name] {
+		if seenPlc[policy.Name] {
 			return fmt.Errorf(
 				"each policy must have a unique name set, but found a duplicate name: %s", policy.Name,
 			)
 		}
-		seen[policy.Name] = true
+		seenPlc[policy.Name] = true
 
 		if len(p.PolicyDefaults.Namespace+"."+policy.Name) > maxObjectNameLength {
 			return fmt.Errorf("the policy namespace and name cannot be more than 63 characters: %s.%s",
@@ -587,8 +587,8 @@ func (p *Plugin) assertValidConfig() error {
 		}
 	}
 
+	seenPlcset := map[string]bool{}
 	for i := range p.PolicySets {
-		seen := map[string]bool{}
 		plcset := &p.PolicySets[i]
 
 		if plcset.Name == "" {
@@ -597,12 +597,12 @@ func (p *Plugin) assertValidConfig() error {
 			)
 		}
 
-		if seen[plcset.Name] {
+		if seenPlcset[plcset.Name] {
 			return fmt.Errorf(
 				"each policySet must have a unique name set, but found a duplicate name: %s", plcset.Name,
 			)
 		}
-		seen[plcset.Name] = true
+		seenPlcset[plcset.Name] = true
 
 		// Validate policy Placement settings
 		if plcset.Placement.PlacementRulePath != "" && plcset.Placement.PlacementPath != "" {
@@ -660,7 +660,7 @@ func (p *Plugin) assertValidConfig() error {
 	// Validate only one type of placement kind is in use
 	if plCount.plc != 0 && plCount.plr != 0 {
 		return fmt.Errorf(
-			"may not use a mix of Placement and PlacementRule for policies; found %d Placement and %d PlacementRule",
+			"may not use a mix of Placement and PlacementRule for policies and policysets; found %d Placement and %d PlacementRule",
 			plCount.plc, plCount.plr,
 		)
 	}

internal/plugin_config_test.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"path"
+	"path/filepath"
 	"testing"
 
 	"github.com/stolostron/policy-generator-plugin/internal/types"
@@ -582,7 +583,7 @@ policies:
 	}
 
 	expected := "may not use a mix of Placement and PlacementRule for " +
-		"policies; found 1 Placement and 1 PlacementRule"
+		"policies and policysets; found 1 Placement and 1 PlacementRule"
 	assertEqual(t, err.Error(), expected)
 }
 
@@ -766,3 +767,215 @@ policies:
 	expected := fmt.Sprintf("could not read the placement rule path %s", plrPath)
 	assertEqual(t, err.Error(), expected)
 }
+
+func TestPolicySetConfig(t *testing.T) {
+	t.Parallel()
+	tmpDir := t.TempDir()
+	createConfigMap(t, tmpDir, "configmap.yaml")
+
+	testCases := []testCase{
+		{
+			name: "policySet must have a name set",
+			setupFunc: func(p *Plugin) {
+				p.PolicySets = []types.PolicySetConfig{
+					{
+						Placement: types.PlacementConfig{
+							Name:             "policyset-placement",
+							ClusterSelectors: map[string]string{"my": "app"},
+						},
+					},
+				}
+			},
+			expectedErrMsg: "each policySet must have a name set, but did not find a name at policySet array index 0",
+		},
+		{
+			name: "policySet must be unique",
+			setupFunc: func(p *Plugin) {
+				p.PolicySets = []types.PolicySetConfig{
+					{
+						Name: "my-policyset",
+					},
+					{
+						Name: "my-policyset",
+					},
+				}
+			},
+			expectedErrMsg: "each policySet must have a unique name set, but found a duplicate name: my-policyset",
+		},
+		{
+			name: "policySet must provide only one of placementRulePath or placementPath",
+			setupFunc: func(p *Plugin) {
+				p.PolicySets = []types.PolicySetConfig{
+					{
+						Name: "my-policyset",
+						Placement: types.PlacementConfig{
+							PlacementPath:     "../config/plc.yaml",
+							PlacementRulePath: "../config/plr.yaml",
+						},
+					},
+				}
+			},
+			expectedErrMsg: "policySet my-policyset must provide only one of placementRulePath or placementPath",
+		},
+		{
+			name: "policySet must provide only one of labelSelector or clusterselectors",
+			setupFunc: func(p *Plugin) {
+				p.PolicySets = []types.PolicySetConfig{
+					{
+						Name: "my-policyset",
+						Placement: types.PlacementConfig{
+							LabelSelector:    map[string]string{"cloud": "red hat"},
+							ClusterSelectors: map[string]string{"cloud": "red hat"},
+						},
+					},
+				}
+			},
+			expectedErrMsg: "policySet my-policyset must provide only one of placement.labelSelector or placement.clusterselectors",
+		},
+		{
+			name: "policySet may not specify a cluster selector and placement path together",
+			setupFunc: func(p *Plugin) {
+				p.PolicySets = []types.PolicySetConfig{
+					{
+						Name: "my-policyset",
+						Placement: types.PlacementConfig{
+							PlacementPath:    "../config/plc.yaml",
+							ClusterSelectors: map[string]string{"cloud": "red hat"},
+						},
+					},
+				}
+			},
+			expectedErrMsg: "policySet my-policyset may not specify a placement selector and placement path together",
+		},
+		{
+			name: "policySet may not specify a label selector and placement path together",
+			setupFunc: func(p *Plugin) {
+				p.PolicySets = []types.PolicySetConfig{
+					{
+						Name: "my-policyset",
+						Placement: types.PlacementConfig{
+							PlacementPath: "../config/plc.yaml",
+							LabelSelector: map[string]string{"cloud": "red hat"},
+						},
+					},
+				}
+			},
+			expectedErrMsg: "policySet my-policyset may not specify a placement selector and placement path together",
+		},
+		{
+			name: "policySet may not specify a cluster selector and placementrule path together",
+			setupFunc: func(p *Plugin) {
+				p.PolicySets = []types.PolicySetConfig{
+					{
+						Name: "my-policyset",
+						Placement: types.PlacementConfig{
+							PlacementRulePath: "../config/plc.yaml",
+							ClusterSelectors:  map[string]string{"cloud": "red hat"},
+						},
+					},
+				}
+			},
+			expectedErrMsg: "policySet my-policyset may not specify a placement selector and placement path together",
+		},
+		{
+			name: "policySet may not specify a label selector and placementrule path together",
+			setupFunc: func(p *Plugin) {
+				p.PolicySets = []types.PolicySetConfig{
+					{
+						Name: "my-policyset",
+						Placement: types.PlacementConfig{
+							PlacementRulePath: "../config/plc.yaml",
+							LabelSelector:     map[string]string{"cloud": "red hat"},
+						},
+					},
+				}
+			},
+			expectedErrMsg: "policySet my-policyset may not specify a placement selector and placement path together",
+		},
+		{
+			name: "policySet placementrule path not resolvable",
+			setupFunc: func(p *Plugin) {
+				p.PolicySets = []types.PolicySetConfig{
+					{
+						Name: "my-policyset",
+						Placement: types.PlacementConfig{
+							PlacementRulePath: "../config/plc.yaml",
+						},
+					},
+				}
+			},
+			expectedErrMsg: "could not read the placement rule path ../config/plc.yaml",
+		},
+		{
+			name: "policySet placement path not resolvable",
+			setupFunc: func(p *Plugin) {
+				p.PolicySets = []types.PolicySetConfig{
+					{
+						Name: "my-policyset",
+						Placement: types.PlacementConfig{
+							PlacementPath: "../config/plc.yaml",
+						},
+					},
+				}
+			},
+			expectedErrMsg: "could not read the placement path ../config/plc.yaml",
+		},
+		{
+			name: "Placement and PlacementRule can't be mixed",
+			setupFunc: func(p *Plugin) {
+				p.Policies[0].Placement = types.PlacementConfig{
+					LabelSelector: map[string]string{"cloud": "red hat"},
+				}
+				p.PolicySets = []types.PolicySetConfig{
+					{
+						Name: "my-policyset",
+						Placement: types.PlacementConfig{
+							ClusterSelectors: map[string]string{"cloud": "red hat"},
+						},
+					},
+				}
+			},
+			expectedErrMsg: "may not use a mix of Placement and PlacementRule for policies and policysets; found 1 Placement and 1 PlacementRule",
+		},
+	}
+
+	for _, tc := range testCases {
+		tc := tc // capture range variable
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+			p := Plugin{}
+			var err error
+			p.baseDirectory, err = filepath.EvalSymlinks(tmpDir)
+			if err != nil {
+				t.Fatal(err.Error())
+			}
+			p.PlacementBindingDefaults.Name = "my-placement-binding"
+			p.PolicyDefaults.Placement.Name = "my-placement-rule"
+			p.PolicyDefaults.Namespace = "my-policies"
+			policyConf1 := types.PolicyConfig{
+				Name: "policy-app-config",
+				Manifests: []types.Manifest{
+					{
+						Path: path.Join(tmpDir, "configmap.yaml"),
+					},
+				},
+			}
+			policyConf2 := types.PolicyConfig{
+				Name: "policy-app-config2",
+				Manifests: []types.Manifest{
+					{
+						Path: path.Join(tmpDir, "configmap.yaml"),
+					},
+				},
+			}
+			p.Policies = append(p.Policies, policyConf1, policyConf2)
+			tc.setupFunc(&p)
+			p.applyDefaults(map[string]interface{}{})
+			err = p.assertValidConfig()
+			if err == nil {
+				t.Fatal("Expected an error but did not get one")
+			}
+			assertEqual(t, err.Error(), tc.expectedErrMsg)
+		})
+	}
+}

internal/plugin_test.go

@@ -14,9 +14,10 @@ import (
 
 type testCase struct {
 	name                            string
-	setupFunc                       func(p *Plugin, policyConf types.PolicyConfig, policyConf2 types.PolicyConfig)
+	setupFunc                       func(p *Plugin)
 	expectedPolicySetConfigInPolicy [][]string
 	expectedPolicySetConfigs        []types.PolicySetConfig
+	expectedErrMsg                  string
 }
 
 func TestGenerate(t *testing.T) {
@@ -1170,7 +1171,7 @@ func TestGeneratePolicySets(t *testing.T) {
 	testCases := []testCase{
 		{
 			name: "Use p.PolicyDefaults.PolicySets only",
-			setupFunc: func(p *Plugin, policyConf types.PolicyConfig, policyConf2 types.PolicyConfig) {
+			setupFunc: func(p *Plugin) {
 				// PolicyDefaults.PolicySets should be applied to both policies
 				p.PolicyDefaults.PolicySets = []string{"policyset-default"}
 			},
@@ -1190,7 +1191,7 @@ func TestGeneratePolicySets(t *testing.T) {
 		},
 		{
 			name: "Use p.Policies[0].PolicySets to override with a different policy set",
-			setupFunc: func(p *Plugin, policyConf types.PolicyConfig, policyConf2 types.PolicyConfig) {
+			setupFunc: func(p *Plugin) {
 				// p.PolicyDefaults.PolicySets should be overridden by p.Policies[0].PolicySets
 				p.PolicyDefaults.PolicySets = []string{"policyset-default"}
 				p.Policies[0] = types.PolicyConfig{
@@ -1224,7 +1225,7 @@ func TestGeneratePolicySets(t *testing.T) {
 		},
 		{
 			name: "Use p.Policies[0].PolicySets to override with an empty policyset",
-			setupFunc: func(p *Plugin, policyConf types.PolicyConfig, policyConf2 types.PolicyConfig) {
+			setupFunc: func(p *Plugin) {
 				// p.PolicyDefaults.PolicySets should be overridden by p.Policies[0].PolicySets
 				p.PolicyDefaults.PolicySets = []string{"policyset-default"}
 				p.Policies[0] = types.PolicyConfig{
@@ -1252,7 +1253,7 @@ func TestGeneratePolicySets(t *testing.T) {
 		},
 		{
 			name: "Use p.Policies[0].PolicySets and p.PolicySets, should merge",
-			setupFunc: func(p *Plugin, policyConf types.PolicyConfig, policyConf2 types.PolicyConfig) {
+			setupFunc: func(p *Plugin) {
 				// p.Policies[0].PolicySets and p.PolicySets should merge
 				p.PolicySets = []types.PolicySetConfig{
 					{
@@ -1311,7 +1312,7 @@ func TestGeneratePolicySets(t *testing.T) {
 				},
 			}
 			p.Policies = append(p.Policies, policyConf, policyConf2)
-			tc.setupFunc(&p, policyConf, policyConf2)
+			tc.setupFunc(&p)
 			p.applyDefaults(map[string]interface{}{})
 			assertReflectEqual(t, p.Policies[0].PolicySets, tc.expectedPolicySetConfigInPolicy[0])
 			assertReflectEqual(t, p.Policies[1].PolicySets, tc.expectedPolicySetConfigInPolicy[1])