Add the recreateOption field

Signed-off-by: mprahl <[email protected]>

Author: mprahl

docs/policygenerator-reference.yaml

@@ -160,6 +160,11 @@ policyDefaults:
     # the responsibility of the administrator to ensure the placement rule exists. Use of this setting will prevent a
     # placement rule from being generated, but the placement binding will still be created.
     placementRuleName: ""
+  # Optional. recreateOption describes whether to delete and recreate an object when an update is required. `IfRequired`
+  # will recreate the object when updating an immutable field. `Always` will always recreate the object if a mismatch
+  # is detected. `RecreateOption` has no effect when the `remediationAction` is `inform`. `IfRequired` has no effect
+  # on clusters without dry run update support. The default value is `None`.
+  recreateOption: ""
   # Optional. Whether (and where) to record the diff between the policy and objects on the cluster. Defaults to an empty
   # string, which is equivalent to "None".
   recordDiff: ""
@@ -244,6 +249,8 @@ policies:
         # Optional. (See policyDefaults.remediationAction for description.)
         # Cannot be specified when policyDefaults.consolidateManifests is set to true.
         remediationAction: ""
+        # Optional. (See policyDefaults.recreateOption for description.)
+        recreateOption: ""
         # Optional. (See policyDefaults.recordDiff for description.)
         recordDiff: ""
         # Optional. (See policyDefaults.severity for description.)
@@ -316,6 +323,8 @@ policies:
     placement: {}
     # Optional. (See policyDefaults.remediationAction for description.)
     remediationAction: ""
+    # Optional. (See policyDefaults.recreateOption for description.)
+    recreateOption: ""
     # Optional. (See policyDefaults.recordDiff for description.)
     recordDiff: ""
     # Optional. (See policyDefaults.severity for description.)

internal/plugin.go

@@ -563,6 +563,10 @@ func (p *Plugin) applyDefaults(unmarshaledConfig map[string]interface{}) {
 			policy.Description = p.PolicyDefaults.Description
 		}
 
+		if policy.RecreateOption == "" {
+			policy.RecreateOption = p.PolicyDefaults.RecreateOption
+		}
+
 		if policy.RecordDiff == "" {
 			policy.RecordDiff = p.PolicyDefaults.RecordDiff
 		}
@@ -733,6 +737,10 @@ func (p *Plugin) applyDefaults(unmarshaledConfig map[string]interface{}) {
 				manifest.Severity = policy.Severity
 			}
 
+			if manifest.RecreateOption == "" {
+				manifest.RecreateOption = policy.RecreateOption
+			}
+
 			if manifest.RecordDiff == "" {
 				manifest.RecordDiff = policy.RecordDiff
 			}

internal/plugin_test.go

@@ -43,6 +43,7 @@ func TestGenerate(t *testing.T) {
 	p.PolicyDefaults.Namespace = "my-policies"
 	p.PolicyDefaults.MetadataComplianceType = "musthave"
 	p.PolicyDefaults.RecordDiff = "Log"
+	p.PolicyDefaults.RecreateOption = "IfRequired"
 	p.PolicyDefaults.PruneObjectBehavior = "DeleteAll"
 	patch := map[string]interface{}{
 		"metadata": map[string]interface{}{
@@ -70,6 +71,7 @@ func TestGenerate(t *testing.T) {
 				ConfigurationPolicyOptions: types.ConfigurationPolicyOptions{
 					MetadataComplianceType: "mustonlyhave",
 					RecordDiff:             "None",
+					RecreateOption:         "None",
 				},
 				Path: path.Join(tmpDir, "configmap.yaml"),
 			},
@@ -120,6 +122,7 @@ spec:
                                 chandler: bing
                             name: my-configmap
                       recordDiff: Log
+                      recreateOption: IfRequired
                 pruneObjectBehavior: None
                 remediationAction: inform
                 severity: low
@@ -155,6 +158,7 @@ spec:
                         metadata:
                             name: my-configmap
                       recordDiff: None
+                      recreateOption: None
                 pruneObjectBehavior: DeleteAll
                 remediationAction: inform
                 severity: low

internal/types/types.go

@@ -44,6 +44,7 @@ type ConfigurationPolicyOptions struct {
 	NamespaceSelector      NamespaceSelector  `json:"namespaceSelector,omitempty" yaml:"namespaceSelector,omitempty"`
 	PruneObjectBehavior    string             `json:"pruneObjectBehavior,omitempty" yaml:"pruneObjectBehavior,omitempty"`
 	RecordDiff             string             `json:"recordDiff,omitempty" yaml:"recordDiff,omitempty"`
+	RecreateOption         string             `json:"recreateOption,omitempty" yaml:"recreateOption,omitempty"`
 }
 
 type Manifest struct {

internal/utils.go

@@ -171,6 +171,7 @@ func getPolicyTemplates(policyConf *types.PolicyConfig) ([]map[string]interface{
 	for i, manifestGroup := range manifestGroups {
 		complianceType := policyConf.Manifests[i].ComplianceType
 		metadataComplianceType := policyConf.Manifests[i].MetadataComplianceType
+		recreateOption := policyConf.Manifests[i].RecreateOption
 		recordDiff := policyConf.Manifests[i].RecordDiff
 		ignorePending := policyConf.Manifests[i].IgnorePending
 		extraDeps := policyConf.Manifests[i].ExtraDependencies
@@ -231,6 +232,10 @@ func getPolicyTemplates(policyConf *types.PolicyConfig) ([]map[string]interface{
 				objTemplate["metadataComplianceType"] = metadataComplianceType
 			}
 
+			if recreateOption != "" {
+				objTemplate["recreateOption"] = recreateOption
+			}
+
 			if recordDiff != "" {
 				objTemplate["recordDiff"] = recordDiff
 			}