open-cluster-management.io/governance-policy-propagator@v0.13.0/test/e2e/case11_policyset_controller_test.go (about) 1 // Copyright (c) 2022 Red Hat, Inc. 2 // Copyright Contributors to the Open Cluster Management project 3 4 package e2e 5 6 import ( 7 "context" 8 9 . "github.com/onsi/ginkgo/v2" 10 . "github.com/onsi/gomega" 11 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 12 13 policiesv1 "open-cluster-management.io/governance-policy-propagator/api/v1" 14 "open-cluster-management.io/governance-policy-propagator/controllers/common" 15 "open-cluster-management.io/governance-policy-propagator/test/utils" 16 ) 17 18 var _ = Describe("Test policyset controller status updates", func() { 19 const ( 20 case11PolicyName string = "case11-test-policy" 21 case11PolicySetName string = "case11-test-policyset" 22 case11PolicySetNameManaged1 string = "test-plcset-managed1" 23 case11PolicyNameManaged2 string = "case11-multiple-placements-rule" 24 case11PolicySetEmpty string = "case11-empty-policyset" 25 case11PolicySetMultiStatus string = "case11-multistatus-policyset" 26 case11PolicyCompliant string = "case11-compliant-plc" 27 case11Path string = "../resources/case11_policyset_controller/" 28 case11PolicyYaml string = case11Path + "case11-test-policy.yaml" 29 case11PolicySetPatchYaml string = case11Path + "case11-patch-plcset.yaml" 30 case11PolicySetPatch2Yaml string = case11Path + "case11-patch-plcset-2.yaml" 31 case11DisablePolicyYaml string = case11Path + "case11-disable-plc.yaml" 32 case11PolicySetManaged1Yaml string = case11Path + "case11-plcset-managed1.yaml" 33 case11PolicyManaged2Yaml string = case11Path + "case11-plc-managed2.yaml" 34 case11PolicySetEmptyYaml string = case11Path + "case11-empty-plcset.yaml" 35 case11PolicySetMultiStatusYaml string = case11Path + "case11-plcset-multistatus.yaml" 36 case11PolicyCompliantYaml string = case11Path + "case11-compliant-plc.yaml" 37 ) 38 39 Describe("Create policy, policyset, and placement in ns:"+testNamespace, func() { 40 It("should create and process policy and policyset", func() { 41 By("Creating " + case11PolicyYaml) 42 utils.Kubectl("apply", 43 "-f", case11PolicyYaml, 44 "-n", testNamespace, 45 "--kubeconfig="+kubeconfigHub) 46 plc := utils.GetWithTimeout( 47 clientHubDynamic, gvrPolicy, case11PolicyName, testNamespace, true, defaultTimeoutSeconds, 48 ) 49 Expect(plc).NotTo(BeNil()) 50 51 By("Patching test-policy-plr with decision of cluster managed1 and managed2") 52 plr := utils.GetWithTimeout( 53 clientHubDynamic, gvrPlacementRule, "case11-test-policyset-plr", testNamespace, 54 true, defaultTimeoutSeconds, 55 ) 56 plr.Object["status"] = utils.GeneratePlrStatus("managed1", "managed2") 57 _, err := clientHubDynamic.Resource(gvrPlacementRule).Namespace(testNamespace).UpdateStatus( 58 context.TODO(), plr, metav1.UpdateOptions{}, 59 ) 60 Expect(err).ToNot(HaveOccurred()) 61 plc = utils.GetWithTimeout( 62 clientHubDynamic, gvrPolicy, testNamespace+"."+case11PolicyName, "managed2", true, 63 60, 64 ) 65 Expect(plc).ToNot(BeNil()) 66 67 opt := metav1.ListOptions{ 68 LabelSelector: common.RootPolicyLabel + "=" + testNamespace + "." + case11PolicyName, 69 } 70 By("Patching both replicated policy statuses") 71 replicatedPlcList := utils.ListWithTimeout(clientHubDynamic, gvrPolicy, opt, 2, true, 72 defaultTimeoutSeconds) 73 for _, replicatedPlc := range replicatedPlcList.Items { 74 replicatedPlc.Object["status"] = &policiesv1.PolicyStatus{ 75 ComplianceState: policiesv1.NonCompliant, 76 Status: []*policiesv1.CompliancePerClusterStatus{ 77 { 78 ClusterName: "managed1", 79 ClusterNamespace: "managed1", 80 ComplianceState: policiesv1.NonCompliant, 81 }, 82 }, 83 } 84 _, err = clientHubDynamic.Resource(gvrPolicy).Namespace(replicatedPlc.GetNamespace()).UpdateStatus( 85 context.TODO(), &replicatedPlc, metav1.UpdateOptions{}, 86 ) 87 Expect(err).ToNot(HaveOccurred()) 88 } 89 plcSet := utils.GetWithTimeout( 90 clientHubDynamic, gvrPolicySet, case11PolicySetName, testNamespace, true, defaultTimeoutSeconds, 91 ) 92 Expect(plcSet).NotTo(BeNil()) 93 By("Checking the status of policy set") 94 yamlPlc := utils.ParseYaml("../resources/case11_policyset_controller/case11-statuscheck-1.yaml") 95 Eventually(func() interface{} { 96 rootPlcSet := utils.GetWithTimeout( 97 clientHubDynamic, gvrPolicySet, case11PolicySetName, testNamespace, true, defaultTimeoutSeconds, 98 ) 99 100 return rootPlcSet.Object["status"] 101 }, defaultTimeoutSeconds, 1).Should(utils.SemanticEqual(yamlPlc.Object["status"])) 102 }) 103 It("should add a status entry in policyset for a policy that does not exist", func() { 104 By("Creating " + case11PolicySetPatchYaml) 105 utils.Kubectl("apply", 106 "-f", case11PolicySetPatchYaml, 107 "-n", testNamespace, "--kubeconfig="+kubeconfigHub) 108 plcSet := utils.GetWithTimeout( 109 clientHubDynamic, gvrPolicySet, case11PolicySetName, testNamespace, true, defaultTimeoutSeconds, 110 ) 111 Expect(plcSet).NotTo(BeNil()) 112 By("Checking the status of policy set") 113 yamlPlc := utils.ParseYaml("../resources/case11_policyset_controller/case11-statuscheck-2.yaml") 114 Eventually(func() interface{} { 115 rootPlcSet := utils.GetWithTimeout( 116 clientHubDynamic, gvrPolicySet, case11PolicySetName, testNamespace, true, defaultTimeoutSeconds, 117 ) 118 119 return rootPlcSet.Object["status"] 120 }, defaultTimeoutSeconds, 1).Should(utils.SemanticEqual(yamlPlc.Object["status"])) 121 utils.Kubectl( 122 "apply", 123 "-f", 124 "../resources/case11_policyset_controller/case11-reset-plcset.yaml", "-n", 125 testNamespace, "--kubeconfig="+kubeconfigHub, 126 ) 127 }) 128 It("should update to compliant if all its child policy violations have been remediated", func() { 129 opt := metav1.ListOptions{ 130 LabelSelector: common.RootPolicyLabel + "=" + testNamespace + "." + case11PolicyName, 131 } 132 By("Patching both replicated policy statuses") 133 replicatedPlcList := utils.ListWithTimeout(clientHubDynamic, gvrPolicy, opt, 2, true, 134 defaultTimeoutSeconds) 135 for _, replicatedPlc := range replicatedPlcList.Items { 136 replicatedPlc.Object["status"] = &policiesv1.PolicyStatus{ 137 ComplianceState: policiesv1.Compliant, 138 Status: []*policiesv1.CompliancePerClusterStatus{ 139 { 140 ClusterName: "managed1", 141 ClusterNamespace: "managed1", 142 ComplianceState: policiesv1.Compliant, 143 }, 144 }, 145 } 146 _, err := clientHubDynamic.Resource(gvrPolicy).Namespace(replicatedPlc.GetNamespace()).UpdateStatus( 147 context.TODO(), &replicatedPlc, metav1.UpdateOptions{}, 148 ) 149 Expect(err).ToNot(HaveOccurred()) 150 } 151 By("Checking the status of policy set") 152 yamlPlc := utils.ParseYaml("../resources/case11_policyset_controller/case11-statuscheck-3.yaml") 153 Eventually(func() interface{} { 154 rootPlcSet := utils.GetWithTimeout( 155 clientHubDynamic, gvrPolicySet, case11PolicySetName, testNamespace, true, defaultTimeoutSeconds, 156 ) 157 158 return rootPlcSet.Object["status"] 159 }, defaultTimeoutSeconds, 1).Should(utils.SemanticEqual(yamlPlc.Object["status"])) 160 }) 161 It("should show pending if its child policies are pending", func() { 162 opt := metav1.ListOptions{ 163 LabelSelector: common.RootPolicyLabel + "=" + testNamespace + "." + case11PolicyName, 164 } 165 By("Patching both replicated policy statuses") 166 replicatedPlcList := utils.ListWithTimeout(clientHubDynamic, gvrPolicy, opt, 2, true, 167 defaultTimeoutSeconds) 168 for _, replicatedPlc := range replicatedPlcList.Items { 169 replicatedPlc.Object["status"] = &policiesv1.PolicyStatus{ 170 ComplianceState: policiesv1.Pending, 171 Status: []*policiesv1.CompliancePerClusterStatus{ 172 { 173 ClusterName: "managed1", 174 ClusterNamespace: "managed1", 175 ComplianceState: policiesv1.Pending, 176 }, 177 }, 178 } 179 _, err := clientHubDynamic.Resource(gvrPolicy).Namespace(replicatedPlc.GetNamespace()).UpdateStatus( 180 context.TODO(), &replicatedPlc, metav1.UpdateOptions{}, 181 ) 182 Expect(err).ToNot(HaveOccurred()) 183 } 184 By("Checking the status of policy set") 185 yamlPlc := utils.ParseYaml("../resources/case11_policyset_controller/case11-statuscheck-8.yaml") 186 Eventually(func() interface{} { 187 rootPlcSet := utils.GetWithTimeout( 188 clientHubDynamic, gvrPolicySet, case11PolicySetName, testNamespace, true, defaultTimeoutSeconds, 189 ) 190 191 return rootPlcSet.Object["status"] 192 }, defaultTimeoutSeconds, 1).Should(utils.SemanticEqual(yamlPlc.Object["status"])) 193 }) 194 It("should update status properly if a policy is disabled", func() { 195 By("Creating " + case11DisablePolicyYaml) 196 utils.Kubectl("apply", 197 "-f", case11DisablePolicyYaml, 198 "-n", testNamespace, "--kubeconfig="+kubeconfigHub) 199 plc := utils.GetWithTimeout( 200 clientHubDynamic, gvrPolicy, case11PolicyName, testNamespace, true, defaultTimeoutSeconds, 201 ) 202 Expect(plc).NotTo(BeNil()) 203 204 By("Checking the status of policy set") 205 yamlPlc := utils.ParseYaml("../resources/case11_policyset_controller/case11-statuscheck-4.yaml") 206 Eventually(func() interface{} { 207 rootPlcSet := utils.GetWithTimeout( 208 clientHubDynamic, gvrPolicySet, case11PolicySetName, testNamespace, true, defaultTimeoutSeconds, 209 ) 210 211 return rootPlcSet.Object["status"] 212 }, defaultTimeoutSeconds, 1).Should(utils.SemanticEqual(yamlPlc.Object["status"])) 213 214 By("Creating " + case11PolicyCompliantYaml) 215 utils.Kubectl("apply", 216 "-f", case11PolicyCompliantYaml, 217 "-n", testNamespace, "--kubeconfig="+kubeconfigHub) 218 plc = utils.GetWithTimeout( 219 clientHubDynamic, gvrPolicy, case11PolicyCompliant, testNamespace, true, defaultTimeoutSeconds, 220 ) 221 Expect(plc).NotTo(BeNil()) 222 223 utils.Kubectl("apply", 224 "-f", case11PolicySetPatch2Yaml, 225 "-n", testNamespace, "--kubeconfig="+kubeconfigHub) 226 plcSet := utils.GetWithTimeout( 227 clientHubDynamic, gvrPolicySet, case11PolicySetName, testNamespace, true, defaultTimeoutSeconds, 228 ) 229 Expect(plcSet).NotTo(BeNil()) 230 231 By("Patching test-policy-plr with decision of cluster managed1 and managed2") 232 plr := utils.GetWithTimeout( 233 clientHubDynamic, gvrPlacementRule, "case11-test-policyset-plr", testNamespace, 234 true, defaultTimeoutSeconds, 235 ) 236 plr.Object["status"] = utils.GeneratePlrStatus("managed1", "managed2") 237 _, err := clientHubDynamic.Resource(gvrPlacementRule).Namespace(testNamespace).UpdateStatus( 238 context.TODO(), plr, metav1.UpdateOptions{}, 239 ) 240 Expect(err).ToNot(HaveOccurred()) 241 plc = utils.GetWithTimeout( 242 clientHubDynamic, gvrPolicy, testNamespace+"."+case11PolicyCompliant, "managed2", true, 243 defaultTimeoutSeconds, 244 ) 245 Expect(plc).ToNot(BeNil()) 246 247 opt := metav1.ListOptions{ 248 LabelSelector: common.RootPolicyLabel + "=" + testNamespace + "." + case11PolicyCompliant, 249 } 250 By("Patching both replicated policy statuses") 251 replicatedPlcList := utils.ListWithTimeout(clientHubDynamic, gvrPolicy, opt, 2, true, 252 defaultTimeoutSeconds) 253 for _, replicatedPlc := range replicatedPlcList.Items { 254 replicatedPlc.Object["status"] = &policiesv1.PolicyStatus{ 255 ComplianceState: policiesv1.Compliant, 256 Status: []*policiesv1.CompliancePerClusterStatus{ 257 { 258 ClusterName: "managed1", 259 ClusterNamespace: "managed1", 260 ComplianceState: policiesv1.Compliant, 261 }, 262 }, 263 } 264 _, err = clientHubDynamic.Resource(gvrPolicy).Namespace(replicatedPlc.GetNamespace()).UpdateStatus( 265 context.TODO(), &replicatedPlc, metav1.UpdateOptions{}, 266 ) 267 Expect(err).ToNot(HaveOccurred()) 268 } 269 270 By("Checking the status of policy set") 271 yamlPlc = utils.ParseYaml("../resources/case11_policyset_controller/case11-statuscheck-5.yaml") 272 Eventually(func() interface{} { 273 rootPlcSet := utils.GetWithTimeout( 274 clientHubDynamic, gvrPolicySet, case11PolicySetName, testNamespace, true, defaultTimeoutSeconds, 275 ) 276 277 return rootPlcSet.Object["status"] 278 }, defaultTimeoutSeconds, 1).Should(utils.SemanticEqual(yamlPlc.Object["status"])) 279 }) 280 It("should scope status to policyset placement", func() { 281 By("Creating " + case11PolicyManaged2Yaml) 282 utils.Kubectl("apply", 283 "-f", case11PolicySetManaged1Yaml, 284 "-n", testNamespace, "--kubeconfig="+kubeconfigHub) 285 utils.Kubectl("apply", 286 "-f", case11PolicyManaged2Yaml, 287 "-n", testNamespace, "--kubeconfig="+kubeconfigHub) 288 plc := utils.GetWithTimeout( 289 clientHubDynamic, gvrPolicy, case11PolicyNameManaged2, testNamespace, true, defaultTimeoutSeconds, 290 ) 291 Expect(plc).NotTo(BeNil()) 292 293 By("Patching test-policyset-plr with decision of cluster managed1") 294 plr := utils.GetWithTimeout( 295 clientHubDynamic, gvrPlacementRule, "test-plcset-managed1-plr", testNamespace, 296 true, defaultTimeoutSeconds, 297 ) 298 plr.Object["status"] = utils.GeneratePlrStatus("managed1") 299 _, err := clientHubDynamic.Resource(gvrPlacementRule).Namespace(testNamespace).UpdateStatus( 300 context.TODO(), plr, metav1.UpdateOptions{}, 301 ) 302 Expect(err).ToNot(HaveOccurred()) 303 plc = utils.GetWithTimeout( 304 clientHubDynamic, gvrPolicy, testNamespace+"."+case11PolicyNameManaged2, "managed1", true, 305 defaultTimeoutSeconds, 306 ) 307 Expect(plc).ToNot(BeNil()) 308 309 By("Patching test-policy-plr with decision of cluster managed2") 310 plr = utils.GetWithTimeout( 311 clientHubDynamic, gvrPlacementRule, "placement-case11-multiple-placements-rule", testNamespace, true, 312 defaultTimeoutSeconds, 313 ) 314 plr.Object["status"] = utils.GeneratePlrStatus("managed2") 315 _, err = clientHubDynamic.Resource(gvrPlacementRule).Namespace(testNamespace).UpdateStatus( 316 context.TODO(), plr, metav1.UpdateOptions{}, 317 ) 318 Expect(err).ToNot(HaveOccurred()) 319 plc = utils.GetWithTimeout( 320 clientHubDynamic, gvrPolicy, testNamespace+"."+case11PolicyNameManaged2, "managed2", true, 321 defaultTimeoutSeconds, 322 ) 323 Expect(plc).ToNot(BeNil()) 324 325 opt := metav1.ListOptions{ 326 LabelSelector: common.RootPolicyLabel + "=" + testNamespace + "." + case11PolicyNameManaged2, 327 } 328 By("Patching both replicated policy statuses") 329 replicatedPlcList := utils.ListWithTimeout(clientHubDynamic, gvrPolicy, opt, 2, true, 330 defaultTimeoutSeconds) 331 for _, replicatedPlc := range replicatedPlcList.Items { 332 replicatedPlc.Object["status"] = &policiesv1.PolicyStatus{ 333 ComplianceState: policiesv1.NonCompliant, 334 Status: []*policiesv1.CompliancePerClusterStatus{ 335 { 336 ClusterName: "managed1", 337 ClusterNamespace: "managed1", 338 ComplianceState: policiesv1.NonCompliant, 339 }, 340 }, 341 } 342 _, err = clientHubDynamic.Resource(gvrPolicy).Namespace(replicatedPlc.GetNamespace()).UpdateStatus( 343 context.TODO(), &replicatedPlc, metav1.UpdateOptions{}, 344 ) 345 Expect(err).ToNot(HaveOccurred()) 346 } 347 plcSet := utils.GetWithTimeout( 348 clientHubDynamic, gvrPolicySet, case11PolicySetNameManaged1, testNamespace, true, 349 defaultTimeoutSeconds, 350 ) 351 Expect(plcSet).NotTo(BeNil()) 352 By("Checking the status of policy set") 353 yamlPlc := utils.ParseYaml("../resources/case11_policyset_controller/case11-statuscheck-6.yaml") 354 Eventually(func() interface{} { 355 rootPlcSet := utils.GetWithTimeout( 356 clientHubDynamic, gvrPolicySet, case11PolicySetNameManaged1, testNamespace, true, 357 defaultTimeoutSeconds, 358 ) 359 360 return rootPlcSet.Object["status"] 361 }, defaultTimeoutSeconds, 1).Should(utils.SemanticEqual(yamlPlc.Object["status"])) 362 }) 363 It("should have no status if no policies are contained in the policySet", func() { 364 By("Creating " + case11PolicySetEmpty) 365 utils.Kubectl("apply", 366 "-f", case11PolicySetEmptyYaml, 367 "-n", testNamespace, "--kubeconfig="+kubeconfigHub) 368 plcSet := utils.GetWithTimeout( 369 clientHubDynamic, gvrPolicySet, case11PolicySetEmpty, testNamespace, true, defaultTimeoutSeconds, 370 ) 371 Expect(plcSet).NotTo(BeNil()) 372 By("Checking the status of policy set") 373 Eventually(func() interface{} { 374 rootPlcSet := utils.GetWithTimeout( 375 clientHubDynamic, gvrPolicySet, case11PolicySetEmpty, testNamespace, true, defaultTimeoutSeconds, 376 ) 377 378 return rootPlcSet.Object["status"] 379 }, defaultTimeoutSeconds, 1).Should(BeNil()) 380 }) 381 It("must have combined statusMessage when disabled/deleted policies are contained in the policySet", func() { 382 By("Creating " + case11PolicySetMultiStatus) 383 utils.Kubectl("apply", 384 "-f", case11PolicySetMultiStatusYaml, 385 "-n", testNamespace, "--kubeconfig="+kubeconfigHub) 386 plcSet := utils.GetWithTimeout( 387 clientHubDynamic, gvrPolicySet, case11PolicySetMultiStatus, testNamespace, true, defaultTimeoutSeconds, 388 ) 389 Expect(plcSet).NotTo(BeNil()) 390 By("Checking the status of policy set") 391 yamlPlc := utils.ParseYaml("../resources/case11_policyset_controller/case11-statuscheck-7.yaml") 392 Eventually(func() interface{} { 393 rootPlcSet := utils.GetWithTimeout( 394 clientHubDynamic, gvrPolicySet, case11PolicySetMultiStatus, 395 testNamespace, true, defaultTimeoutSeconds, 396 ) 397 398 return rootPlcSet.Object["status"] 399 }, defaultTimeoutSeconds, 1).Should(utils.SemanticEqual(yamlPlc.Object["status"])) 400 }) 401 It("should clean up", func() { 402 utils.Kubectl("delete", 403 "-f", "../resources/case11_policyset_controller/case11-test-policy.yaml", 404 "-n", testNamespace, "--kubeconfig="+kubeconfigHub) 405 utils.Kubectl("delete", 406 "-f", "../resources/case11_policyset_controller/case11-empty-plcset.yaml", 407 "-n", testNamespace, "--kubeconfig="+kubeconfigHub) 408 utils.Kubectl("delete", 409 "-f", case11PolicySetManaged1Yaml, 410 "-n", testNamespace, "--kubeconfig="+kubeconfigHub) 411 utils.Kubectl("delete", 412 "-f", case11PolicyManaged2Yaml, 413 "-n", testNamespace, "--kubeconfig="+kubeconfigHub) 414 utils.Kubectl("delete", 415 "-f", case11PolicyCompliantYaml, 416 "-n", testNamespace, "--kubeconfig="+kubeconfigHub) 417 utils.Kubectl("delete", 418 "-f", case11PolicySetMultiStatusYaml, 419 "-n", testNamespace, "--kubeconfig="+kubeconfigHub) 420 opt := metav1.ListOptions{} 421 utils.ListWithTimeout(clientHubDynamic, gvrPolicy, opt, 0, false, defaultTimeoutSeconds) 422 }) 423 }) 424 })