Add setting name on ConfigurationPolicy

Ref: https://issues.redhat.com/browse/ACM-12563 Signed-off-by: yiraeChristineKim <[email protected]>
open-cluster-management-io · Jul 17, 2024 · 8b3af8c · 8b3af8c
1 parent 418a5ce
commit 8b3af8c
Show file tree

Hide file tree

Showing 7 changed files with 641 additions and 13 deletions.
diff --git a/docs/policygenerator-reference.yaml b/docs/policygenerator-reference.yaml
@@ -234,6 +234,9 @@ policies:
       #   3) For everything else, ConfigurationPolicy objects are generated to wrap these manifests. The resulting
       #      ConfigurationPolicy is added as a Policy's policy-templates entry.
       - path: ""
+        # Optional. This name is used when ConsolidateManifests is set to false and will serve as the ConfigurationPolicy name.
+        # If multiple manifests are present in the path, an index number will be appended.
+        name: "my-config-name"
         # Optional. (See policyDefaults.complianceType for description.)
         complianceType: "musthave"
         # Optional. (See policyDefaults.metadataComplianceType for description.)

diff --git a/internal/ordering_test.go b/internal/ordering_test.go
@@ -3,6 +3,8 @@ package internal
 import (
 	"bytes"
 	"embed"
+	"os"
+	"path"
 	"testing"
 	"text/template"
 )
@@ -164,6 +166,150 @@ policies:
 	}
 }
 
+func TestSetNameManifestLevel(t *testing.T) {
+	t.Parallel()
+	tmpDir := t.TempDir()
+	manifestsPath := path.Join(tmpDir, "configmap.yaml")
+	yamlContent := `
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: my-configmap
+data:
+  game.properties: enemies=potato
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: config-2
+data:
+  game.properties: enemies=cabbage
+`
+	rawPath := path.Join(tmpDir, "object-templates-raw.yaml")
+	rawYamlContent := `
+object-templates-raw: |-
+  - complianceType: musthave
+    objectDefinition:
+      apiVersion: v1
+      kind: ConfigMap
+      metadata:
+        name: example
+        namespace: default
+      data:
+        extraData: data
+---
+object-templates-raw: |-
+  - complianceType: musthave
+    objectDefinition:
+      apiVersion: v1
+      kind: ConfigMap
+      metadata:
+        name: example
+        namespace: default
+      data:
+        extraData: data
+`
+
+	err := os.WriteFile(manifestsPath, []byte(yamlContent), 0o666)
+	if err != nil {
+		t.Fatalf("Failed to write %s", manifestsPath)
+	}
+
+	err = os.WriteFile(rawPath, []byte(rawYamlContent), 0o666)
+	if err != nil {
+		t.Fatalf("Failed to write %s", manifestsPath)
+	}
+
+	tests := map[string]genOutTest{
+		"complicated policies": {
+			tmpDir: tmpDir,
+			generator: `
+apiVersion: policy.open-cluster-management.io/v1
+kind: PolicyGenerator
+metadata:
+  name: test
+policyDefaults:
+  orderPolicies: true
+  namespace: my-policies
+  consolidateManifests: false
+policies:
+- name: one
+  manifests:
+  - path: {{printf "%v/%v" .Dir "configmap.yaml"}}
+  - path: {{printf "%v/%v" .Dir "configmap.yaml"}}
+    name: lion
+    extraDependencies:
+    - name: elephant
+      kind: ConfigurationPolicy
+      compliance: "Compliant"
+  - path: {{printf "%v/%v" .Dir "configmap.yaml"}}
+    name: tiger
+    extraDependencies:
+    - name: lion
+      kind: ConfigurationPolicy
+      compliance: "Compliant"
+  - path: {{printf "%v/%v" .Dir "configmap.yaml"}}
+    remediationAction: inform
+    name: bird
+    extraDependencies:
+      - name: tiger2
+        kind: ConfigurationPolicy
+        compliance: "Compliant"
+      - name: lion2
+        kind: ConfigurationPolicy
+        compliance: "Compliant"
+`,
+			wantFile: "testdata/ordering/manifest-level-name.yaml",
+			wantErr:  "",
+		},
+		"complicated raw policies with consolidateManifests false": {
+			tmpDir: tmpDir,
+			generator: `
+apiVersion: policy.open-cluster-management.io/v1
+kind: PolicyGenerator
+metadata:
+  name: test
+policyDefaults:
+  orderPolicies: true
+  namespace: my-policies
+  consolidateManifests: false
+policies:
+- name: one
+  manifests:
+  - path: {{printf "%v/%v" .Dir "object-templates-raw.yaml"}}
+  - path: {{printf "%v/%v" .Dir "object-templates-raw.yaml"}}
+    name: tiger
+`,
+			wantFile: "testdata/ordering/manifest-level-name-raw-consolidate-false.yaml",
+			wantErr:  "",
+		},
+		"complicated raw policies with consolidateManifests true": {
+			tmpDir: tmpDir,
+			generator: `
+apiVersion: policy.open-cluster-management.io/v1
+kind: PolicyGenerator
+metadata:
+  name: test
+policyDefaults:
+  orderPolicies: true
+  namespace: my-policies
+  consolidateManifests: false
+policies:
+- name: one
+  manifests:
+  - path: {{printf "%v/%v" .Dir "object-templates-raw.yaml"}}
+  - path: {{printf "%v/%v" .Dir "object-templates-raw.yaml"}}
+`,
+			wantFile: "testdata/ordering/manifest-level-name-raw-consolidate-true.yaml",
+			wantErr:  "",
+		},
+	}
+
+	for name := range tests {
+		t.Run(name, tests[name].run)
+	}
+}
+
 func TestDependencies(t *testing.T) {
 	t.Parallel()
 	tmpDir := t.TempDir()

diff --git a/internal/testdata/ordering/manifest-level-name-raw-consolidate-false.yaml b/internal/testdata/ordering/manifest-level-name-raw-consolidate-false.yaml
@@ -0,0 +1,117 @@
+---
+apiVersion: policy.open-cluster-management.io/v1
+kind: Policy
+metadata:
+    annotations:
+        policy.open-cluster-management.io/categories: CM Configuration Management
+        policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
+        policy.open-cluster-management.io/description: ""
+        policy.open-cluster-management.io/standards: NIST SP 800-53
+    name: one
+    namespace: my-policies
+spec:
+    disabled: false
+    policy-templates:
+        - objectDefinition:
+            apiVersion: policy.open-cluster-management.io/v1
+            kind: ConfigurationPolicy
+            metadata:
+                name: one
+            spec:
+                object-templates-raw: |-
+                    - complianceType: musthave
+                      objectDefinition:
+                        apiVersion: v1
+                        kind: ConfigMap
+                        metadata:
+                          name: example
+                          namespace: default
+                        data:
+                          extraData: data
+                remediationAction: inform
+                severity: low
+        - objectDefinition:
+            apiVersion: policy.open-cluster-management.io/v1
+            kind: ConfigurationPolicy
+            metadata:
+                name: one2
+            spec:
+                object-templates-raw: |-
+                    - complianceType: musthave
+                      objectDefinition:
+                        apiVersion: v1
+                        kind: ConfigMap
+                        metadata:
+                          name: example
+                          namespace: default
+                        data:
+                          extraData: data
+                remediationAction: inform
+                severity: low
+        - objectDefinition:
+            apiVersion: policy.open-cluster-management.io/v1
+            kind: ConfigurationPolicy
+            metadata:
+                name: tiger
+            spec:
+                object-templates-raw: |-
+                    - complianceType: musthave
+                      objectDefinition:
+                        apiVersion: v1
+                        kind: ConfigMap
+                        metadata:
+                          name: example
+                          namespace: default
+                        data:
+                          extraData: data
+                remediationAction: inform
+                severity: low
+        - objectDefinition:
+            apiVersion: policy.open-cluster-management.io/v1
+            kind: ConfigurationPolicy
+            metadata:
+                name: tiger2
+            spec:
+                object-templates-raw: |-
+                    - complianceType: musthave
+                      objectDefinition:
+                        apiVersion: v1
+                        kind: ConfigMap
+                        metadata:
+                          name: example
+                          namespace: default
+                        data:
+                          extraData: data
+                remediationAction: inform
+                severity: low
+    remediationAction: inform
+---
+apiVersion: cluster.open-cluster-management.io/v1beta1
+kind: Placement
+metadata:
+    name: placement-one
+    namespace: my-policies
+spec:
+    predicates:
+        - requiredClusterSelector:
+            labelSelector:
+                matchExpressions: []
+    tolerations:
+        - key: cluster.open-cluster-management.io/unavailable
+          operator: Exists
+        - key: cluster.open-cluster-management.io/unreachable
+          operator: Exists
+---
+apiVersion: policy.open-cluster-management.io/v1
+kind: PlacementBinding
+metadata:
+    name: binding-one
+    namespace: my-policies
+placementRef:
+    apiGroup: cluster.open-cluster-management.io
+    kind: Placement
+    name: placement-one
+subjects:
+    - apiGroup: policy.open-cluster-management.io
+      kind: Policy
+      name: one