open-cluster-management.io/governance-policy-propagator@v0.13.0/controllers/propagator/replicatedpolicy_controller_test.go (about) 1 package propagator 2 3 import ( 4 "context" 5 "testing" 6 7 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 8 "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" 9 "k8s.io/apimachinery/pkg/runtime" 10 11 policiesv1 "open-cluster-management.io/governance-policy-propagator/api/v1" 12 "open-cluster-management.io/governance-policy-propagator/controllers/complianceeventsapi" 13 ) 14 15 func getPolicyTemplateAnnotations(policy *policiesv1.Policy, templateIndex int) (map[string]string, error) { 16 plcTmplUnstruct := &unstructured.Unstructured{} 17 18 err := plcTmplUnstruct.UnmarshalJSON(policy.Spec.PolicyTemplates[templateIndex].ObjectDefinition.Raw) 19 if err != nil { 20 return nil, err 21 } 22 23 return plcTmplUnstruct.GetAnnotations(), nil 24 } 25 26 func TestSetDBAnnotationsNoDB(t *testing.T) { 27 complianceAPICtx, err := complianceeventsapi.NewComplianceServerCtx("postgres://localhost?mydb", "unknown") 28 if err != nil { 29 t.Fatalf("Failed create the compliance server context: %v", err) 30 } 31 32 // The unit tests shouldn't use the database, so that part of the code can't be covered here. 33 complianceAPICtx.DB = nil 34 35 reconciler := ReplicatedPolicyReconciler{ 36 ComplianceServerCtx: complianceAPICtx, 37 } 38 39 // Test no cache entry, no existing annotation on the replicated policy, and no database connection 40 rootPolicy := &policiesv1.Policy{ 41 ObjectMeta: metav1.ObjectMeta{ 42 Name: "my-policy", 43 Namespace: "policies", 44 Annotations: map[string]string{ 45 "policy.open-cluster-management.io/categories": "category1", 46 "policy.open-cluster-management.io/controls": "controls1, controls2", 47 "policy.open-cluster-management.io/standards": "standard1", 48 }, 49 }, 50 Spec: policiesv1.PolicySpec{ 51 PolicyTemplates: []*policiesv1.PolicyTemplate{ 52 { 53 ObjectDefinition: runtime.RawExtension{ 54 Raw: []byte(`{ 55 "apiVersion": "policy.open-cluster-management.io", 56 "kind": "ConfigurationPolicy", 57 "metadata": { 58 "name": "my-config", 59 "annotations": {} 60 }, 61 "spec": { 62 "severity": "critical", 63 "option1": "option2" 64 } 65 }`), 66 }, 67 }, 68 }, 69 }, 70 } 71 72 replicatedPolicy := rootPolicy.DeepCopy() 73 74 existingReplicatedPolicy := replicatedPolicy.DeepCopy() 75 76 reconciler.setDBAnnotations(context.TODO(), rootPolicy, replicatedPolicy, existingReplicatedPolicy) 77 78 annotations := rootPolicy.GetAnnotations() 79 if annotations[ParentPolicyIDAnnotation] != "" { 80 t.Fatalf("Expected no parent policy annotation but got: %s", annotations[ParentPolicyIDAnnotation]) 81 } 82 83 templateAnnotations, err := getPolicyTemplateAnnotations(replicatedPolicy, 0) 84 if err != nil { 85 t.Fatalf("Expected to get the policy template annotations but got: %v", err) 86 } 87 88 if templateAnnotations[PolicyIDAnnotation] != "" { 89 t.Fatalf("Expected no policy annotation but got: %s", templateAnnotations[PolicyIDAnnotation]) 90 } 91 92 // Test an existing replicated policy with annotations 93 rootPolicy2 := rootPolicy.DeepCopy() 94 replicatedPolicy2 := rootPolicy2.DeepCopy() 95 existingReplicatedPolicy2 := rootPolicy2.DeepCopy() 96 97 existingReplicatedPolicy2.Annotations["policy.open-cluster-management.io/parent-policy-compliance-db-id"] = "23" 98 existingReplicatedPolicy2.Spec.PolicyTemplates[0].ObjectDefinition.Raw = []byte(`{ 99 "apiVersion": "policy.open-cluster-management.io", 100 "kind": "ConfigurationPolicy", 101 "metadata": { 102 "name": "my-config", 103 "annotations": { 104 "policy.open-cluster-management.io/policy-compliance-db-id": "56" 105 } 106 }, 107 "spec": { 108 "severity": "critical", 109 "option1": "option2" 110 } 111 }`) 112 113 reconciler.setDBAnnotations(context.TODO(), rootPolicy2, replicatedPolicy2, existingReplicatedPolicy2) 114 115 annotations = replicatedPolicy2.GetAnnotations() 116 if annotations[ParentPolicyIDAnnotation] != "23" { 117 t.Fatalf("Expected the parent policy ID of 23 but got: %s", annotations[ParentPolicyIDAnnotation]) 118 } 119 120 templateAnnotations, err = getPolicyTemplateAnnotations(replicatedPolicy2, 0) 121 if err != nil { 122 t.Fatalf("Expected to get the policy template annotations but got: %v", err) 123 } 124 125 if templateAnnotations[PolicyIDAnnotation] != "56" { 126 t.Fatalf("Expected the policy ID of 56 but got: %s", templateAnnotations[PolicyIDAnnotation]) 127 } 128 129 if len(templateAnnotations) != 1 { 130 t.Fatalf("Expected 1 policy annotation but got: %d", len(templateAnnotations)) 131 } 132 133 // Test a cache hit from the last run using the policies from the first run 134 reconciler.setDBAnnotations(context.TODO(), rootPolicy, replicatedPolicy, existingReplicatedPolicy) 135 136 annotations = replicatedPolicy.GetAnnotations() 137 if annotations[ParentPolicyIDAnnotation] != "23" { 138 t.Fatalf("Expected the parent policy ID of 23 but got: %s", annotations[ParentPolicyIDAnnotation]) 139 } 140 141 templateAnnotations, err = getPolicyTemplateAnnotations(replicatedPolicy, 0) 142 if err != nil { 143 t.Fatalf("Expected to get the policy template annotations but got: %v", err) 144 } 145 146 if templateAnnotations[PolicyIDAnnotation] != "56" { 147 t.Fatalf("Expected the policy ID of 56 but got: %s", templateAnnotations[PolicyIDAnnotation]) 148 } 149 150 if len(templateAnnotations) != 1 { 151 t.Fatalf("Expected 1 policy annotation but got: %d", len(templateAnnotations)) 152 } 153 }