Allow generatePlacement to override placement

Signed-off-by: Dale Haiducek <[email protected]>

Author: dhaiducek

internal/plugin.go

@@ -831,8 +831,7 @@ func (p *Plugin) assertValidConfig() error {
 	}
 
 	// Validate default policy placement settings
-	err := assertValidPlacement(
-		p.PolicyDefaults.Placement, p.PolicyDefaults.GeneratePolicyPlacement, "policyDefaults", nil)
+	err := assertValidPlacement(p.PolicyDefaults.Placement, "policyDefaults", nil)
 	if err != nil {
 		return err
 	}
@@ -1062,16 +1061,14 @@ func (p *Plugin) assertValidConfig() error {
 			}
 		}
 
-		err := assertValidPlacement(
-			policy.Placement, policy.GeneratePolicyPlacement, fmt.Sprintf("policy %s", policy.Name), &plCount)
+		err := assertValidPlacement(policy.Placement, fmt.Sprintf("policy %s", policy.Name), &plCount)
 		if err != nil {
 			return err
 		}
 	}
 
 	// Validate default policy set placement settings
-	err = assertValidPlacement(
-		p.PolicySetDefaults.Placement, p.PolicySetDefaults.GeneratePolicySetPlacement, "policySetDefaults", nil)
+	err = assertValidPlacement(p.PolicySetDefaults.Placement, "policySetDefaults", nil)
 	if err != nil {
 		return err
 	}
@@ -1102,8 +1099,7 @@ func (p *Plugin) assertValidConfig() error {
 		seenPlcset[plcset.Name] = true
 
 		// Validate policy set Placement settings
-		err := assertValidPlacement(
-			plcset.Placement, plcset.GeneratePolicySetPlacement, fmt.Sprintf("policySet %s", plcset.Name), &plCount)
+		err := assertValidPlacement(plcset.Placement, fmt.Sprintf("policySet %s", plcset.Name), &plCount)
 		if err != nil {
 			return err
 		}
@@ -1126,7 +1122,6 @@ func (p *Plugin) assertValidConfig() error {
 // assertValidPlacement is a helper for assertValidConfig to verify placement configurations
 func assertValidPlacement(
 	placement types.PlacementConfig,
-	generatePlacement bool,
 	path string,
 	plCount *struct {
 		plc int
@@ -1151,26 +1146,20 @@ func assertValidPlacement(
 		)
 	}
 
-	defaultPlacementOptions := 0
+	placementOptionCount := 0
 	if len(placement.LabelSelector) != 0 || len(placement.ClusterSelectors) != 0 {
-		defaultPlacementOptions++
+		placementOptionCount++
 	}
 
 	if placement.PlacementRulePath != "" || placement.PlacementPath != "" {
-		defaultPlacementOptions++
+		placementOptionCount++
 	}
 
 	if placement.PlacementRuleName != "" || placement.PlacementName != "" {
-		defaultPlacementOptions++
+		placementOptionCount++
 	}
 
-	if defaultPlacementOptions > 0 && !generatePlacement {
-		return fmt.Errorf(
-			"%s must not specify a placement when generatePlacement is set to false", path,
-		)
-	}
-
-	if defaultPlacementOptions > 1 {
+	if placementOptionCount > 1 {
 		return fmt.Errorf(
 			"%s must specify only one of placement selector, placement path, or placement name", path,
 		)

internal/plugin_config_test.go

@@ -379,74 +379,6 @@ policies:
 	assertEqual(t, err.Error(), expected)
 }
 
-func TestConfigDefaultPlacementWithDisabledPlacement(t *testing.T) {
-	t.Parallel()
-	tmpDir := t.TempDir()
-	createConfigMap(t, tmpDir, "configmap.yaml")
-	config := fmt.Sprintf(`
-apiVersion: policy.open-cluster-management.io/v1
-kind: PolicyGenerator
-metadata:
-  name: policy-generator-name
-policyDefaults:
-  namespace: my-policies
-  generatePolicyPlacement: false
-  placement:
-    clusterSelectors:
-      cloud: red hat
-policies:
-- name: policy-app-config
-  manifests:
-    - path: %s
-`,
-		path.Join(tmpDir, "configmap.yaml"),
-	)
-	p := Plugin{}
-
-	err := p.Config([]byte(config), tmpDir)
-	if err == nil {
-		t.Fatal("Expected an error but did not get one")
-	}
-
-	expected := "policyDefaults must not specify " +
-		"a placement when generatePlacement is set to false"
-	assertEqual(t, err.Error(), expected)
-}
-
-func TestConfigPlacementWithDisabledPlacement(t *testing.T) {
-	t.Parallel()
-	tmpDir := t.TempDir()
-	createConfigMap(t, tmpDir, "configmap.yaml")
-	config := fmt.Sprintf(`
-apiVersion: policy.open-cluster-management.io/v1
-kind: PolicyGenerator
-metadata:
-  name: policy-generator-name
-policyDefaults:
-  namespace: my-policies
-  placement:
-    clusterSelectors:
-      cloud: red hat
-policies:
-- name: policy-app-config
-  generatePolicyPlacement: false
-  manifests:
-    - path: %s
-`,
-		path.Join(tmpDir, "configmap.yaml"),
-	)
-	p := Plugin{}
-
-	err := p.Config([]byte(config), tmpDir)
-	if err == nil {
-		t.Fatal("Expected an error but did not get one")
-	}
-
-	expected := "policy policy-app-config must not specify " +
-		"a placement when generatePlacement is set to false"
-	assertEqual(t, err.Error(), expected)
-}
-
 func TestConfigMultiplePlacementsClusterSelectorAndPlRPath(t *testing.T) {
 	t.Parallel()
 	tmpDir := t.TempDir()

internal/plugin_test.go

@@ -306,6 +306,7 @@ func TestGeneratePolicyDisablePlacement(t *testing.T) {
 
 	p.PolicyDefaults.Namespace = "my-policies"
 	p.PolicyDefaults.MetadataComplianceType = "musthave"
+	p.PolicyDefaults.Placement.PlacementName = "my-placement"
 	policyConf := types.PolicyConfig{
 		Name: "policy-app-config",
 		Manifests: []types.Manifest{
@@ -373,6 +374,97 @@ spec:
 	assertEqual(t, string(output), expected)
 }
 
+func TestGeneratePolicyDisablePlacementOverride(t *testing.T) {
+	t.Parallel()
+	tmpDir := t.TempDir()
+	createConfigMap(t, tmpDir, "configmap.yaml")
+
+	p := Plugin{}
+	var err error
+
+	p.baseDirectory, err = filepath.EvalSymlinks(tmpDir)
+	if err != nil {
+		t.Fatal(err.Error())
+	}
+
+	p.PolicyDefaults.Namespace = "my-policies"
+	p.PolicyDefaults.MetadataComplianceType = "musthave"
+	p.PolicyDefaults.Placement.PlacementName = "my-placement"
+	policyConf := types.PolicyConfig{
+		Name: "policy-app-config",
+		Manifests: []types.Manifest{
+			{
+				Path: path.Join(tmpDir, "configmap.yaml"),
+			},
+		},
+		PolicyOptions: types.PolicyOptions{
+			GeneratePolicyPlacement: false,
+			Placement: types.PlacementConfig{
+				PlacementName: "my-placement",
+			},
+		},
+	}
+	p.Policies = append(p.Policies, policyConf)
+	p.applyDefaults(map[string]interface{}{
+		"policies": []interface{}{
+			map[string]interface{}{
+				"generatePolicyPlacement": false,
+			},
+		},
+	})
+	assertEqual(t, p.Policies[0].GeneratePolicyPlacement, false)
+	// Default all policy ConsolidateManifests flags are set to true
+	// unless explicitly set
+	assertEqual(t, p.Policies[0].ConsolidateManifests, true)
+
+	if err := p.assertValidConfig(); err != nil {
+		t.Fatal(err.Error())
+	}
+
+	expected := `
+---
+apiVersion: policy.open-cluster-management.io/v1
+kind: Policy
+metadata:
+    annotations:
+        policy.open-cluster-management.io/categories: CM Configuration Management
+        policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
+        policy.open-cluster-management.io/standards: NIST SP 800-53
+    name: policy-app-config
+    namespace: my-policies
+spec:
+    disabled: false
+    policy-templates:
+        - objectDefinition:
+            apiVersion: policy.open-cluster-management.io/v1
+            kind: ConfigurationPolicy
+            metadata:
+                name: policy-app-config
+            spec:
+                object-templates:
+                    - complianceType: musthave
+                      metadataComplianceType: musthave
+                      objectDefinition:
+                        apiVersion: v1
+                        data:
+                            game.properties: enemies=potato
+                        kind: ConfigMap
+                        metadata:
+                            name: my-configmap
+                remediationAction: inform
+                severity: low
+    remediationAction: inform
+`
+	expected = strings.TrimPrefix(expected, "\n")
+
+	output, err := p.Generate()
+	if err != nil {
+		t.Fatal(err.Error())
+	}
+
+	assertEqual(t, string(output), expected)
+}
+
 func TestGeneratePolicyExistingPlacementRuleName(t *testing.T) {
 	t.Parallel()
 	tmpDir := t.TempDir()