open-cluster-management.io/governance-policy-propagator@v0.13.0/test/e2e/case3_mutation_recovery_test.go (about) 1 // Copyright (c) 2020 Red Hat, Inc. 2 // Copyright Contributors to the Open Cluster Management project 3 4 package e2e 5 6 import ( 7 "context" 8 9 . "github.com/onsi/ginkgo/v2" 10 . "github.com/onsi/gomega" 11 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 12 "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" 13 14 policiesv1 "open-cluster-management.io/governance-policy-propagator/api/v1" 15 "open-cluster-management.io/governance-policy-propagator/controllers/common" 16 "open-cluster-management.io/governance-policy-propagator/test/utils" 17 ) 18 19 var _ = Describe("Test unexpected policy mutation", func() { 20 const ( 21 case3PolicyName string = "case3-test-policy" 22 case3PolicyYaml string = "../resources/case3_mutation_recovery/case3-test-policy.yaml" 23 ) 24 25 BeforeEach(func() { 26 By("Creating " + case3PolicyYaml) 27 utils.Kubectl("apply", 28 "-f", case3PolicyYaml, 29 "-n", testNamespace, 30 "--kubeconfig="+kubeconfigHub) 31 plc := utils.GetWithTimeout( 32 clientHubDynamic, gvrPolicy, case3PolicyName, testNamespace, true, defaultTimeoutSeconds, 33 ) 34 Expect(plc).NotTo(BeNil()) 35 By("Patching test-policy-plr with decision of cluster managed1 and managed2") 36 plr := utils.GetWithTimeout( 37 clientHubDynamic, gvrPlacementRule, case3PolicyName+"-plr", testNamespace, true, defaultTimeoutSeconds, 38 ) 39 plr.Object["status"] = utils.GeneratePlrStatus("managed1", "managed2") 40 _, err := clientHubDynamic.Resource(gvrPlacementRule).Namespace(testNamespace).UpdateStatus( 41 context.TODO(), plr, metav1.UpdateOptions{}, 42 ) 43 Expect(err).ToNot(HaveOccurred()) 44 opt := metav1.ListOptions{LabelSelector: common.RootPolicyLabel + "=" + testNamespace + "." + case3PolicyName} 45 By("Patching both replicated policy status to compliant") 46 replicatedPlcList := utils.ListWithTimeout(clientHubDynamic, gvrPolicy, opt, 2, true, defaultTimeoutSeconds) 47 for _, replicatedPlc := range replicatedPlcList.Items { 48 replicatedPlc.Object["status"] = &policiesv1.PolicyStatus{ 49 ComplianceState: policiesv1.Compliant, 50 } 51 _, err = clientHubDynamic.Resource(gvrPolicy).Namespace(replicatedPlc.GetNamespace()).UpdateStatus( 52 context.TODO(), &replicatedPlc, metav1.UpdateOptions{}, 53 ) 54 Expect(err).ToNot(HaveOccurred()) 55 } 56 By("Checking the status of root policy") 57 yamlPlc := utils.ParseYaml("../resources/case3_mutation_recovery/managed-both-status-compliant.yaml") 58 Eventually(func() interface{} { 59 rootPlc := utils.GetWithTimeout( 60 clientHubDynamic, gvrPolicy, case3PolicyName, testNamespace, true, defaultTimeoutSeconds, 61 ) 62 63 return rootPlc.Object["status"] 64 }, defaultTimeoutSeconds, 1).Should(utils.SemanticEqual(yamlPlc.Object["status"])) 65 }) 66 AfterEach(func() { 67 utils.Kubectl("delete", 68 "-f", case3PolicyYaml, 69 "-n", testNamespace, 70 "--kubeconfig="+kubeconfigHub) 71 opt := metav1.ListOptions{} 72 utils.ListWithTimeout(clientHubDynamic, gvrPolicy, opt, 0, true, defaultTimeoutSeconds) 73 }) 74 It("Should recreate replicated policy when deleted", func() { 75 By("Deleting policy in cluster ns") 76 utils.Kubectl("delete", "policy", "-n", "managed1", "--all", "--kubeconfig="+kubeconfigHub) 77 utils.Kubectl("delete", "policy", "-n", "managed2", "--all", "--kubeconfig="+kubeconfigHub) 78 By("Checking number of policy left in all ns") 79 opt := metav1.ListOptions{} 80 utils.ListWithTimeout(clientHubDynamic, gvrPolicy, opt, 3, true, defaultTimeoutSeconds) 81 }) 82 It("Should recover replicated policy when modified field disabled", func() { 83 By("Modifiying policy in cluster ns managed2") 84 plc := utils.GetWithTimeout( 85 clientHubDynamic, gvrPolicy, testNamespace+"."+case3PolicyName, "managed2", true, defaultTimeoutSeconds, 86 ) 87 Expect(plc).ToNot(BeNil()) 88 plc.Object["spec"].(map[string]interface{})["disabled"] = true 89 plc, err := clientHubDynamic.Resource(gvrPolicy).Namespace("managed2").Update( 90 context.TODO(), plc, metav1.UpdateOptions{}, 91 ) 92 Expect(err).ToNot(HaveOccurred()) 93 Expect(plc.Object["spec"].(map[string]interface{})["disabled"]).To(BeTrue()) 94 By("Get policy in cluster ns managed2 again") 95 Eventually(func() interface{} { 96 plc = utils.GetWithTimeout( 97 clientHubDynamic, gvrPolicy, testNamespace+"."+case3PolicyName, "managed2", true, defaultTimeoutSeconds, 98 ) 99 100 return plc.Object["spec"].(map[string]interface{})["disabled"] 101 }, defaultTimeoutSeconds, 1).Should(utils.SemanticEqual(false)) 102 }) 103 It("Should recover replicated policy when modified field remediationAction", func() { 104 By("Modifiying policy in cluster ns managed2") 105 plc := utils.GetWithTimeout( 106 clientHubDynamic, gvrPolicy, testNamespace+"."+case3PolicyName, "managed2", true, defaultTimeoutSeconds, 107 ) 108 Expect(plc).ToNot(BeNil()) 109 plc.Object["spec"].(map[string]interface{})["remediationAction"] = "enforce" 110 plc, err := clientHubDynamic.Resource(gvrPolicy).Namespace("managed2").Update( 111 context.TODO(), plc, metav1.UpdateOptions{}, 112 ) 113 Expect(err).ToNot(HaveOccurred()) 114 Expect(plc.Object["spec"].(map[string]interface{})["remediationAction"]).To(Equal("enforce")) 115 By("Getting policy in cluster ns managed2 again") 116 Eventually(func() interface{} { 117 plc = utils.GetWithTimeout( 118 clientHubDynamic, gvrPolicy, testNamespace+"."+case3PolicyName, "managed2", true, defaultTimeoutSeconds, 119 ) 120 121 return plc.Object["spec"].(map[string]interface{})["remediationAction"] 122 }, defaultTimeoutSeconds, 1).Should(utils.SemanticEqual("inform")) 123 }) 124 It("Should recover replicated policy when modified field policy-templates", func() { 125 By("Modifiying policy in cluster ns managed2") 126 plc := utils.GetWithTimeout( 127 clientHubDynamic, gvrPolicy, testNamespace+"."+case3PolicyName, "managed2", true, defaultTimeoutSeconds, 128 ) 129 Expect(plc).ToNot(BeNil()) 130 plc.Object["spec"].(map[string]interface{})["policy-templates"] = []*policiesv1.PolicyTemplate{} 131 plc, err := clientHubDynamic.Resource(gvrPolicy).Namespace("managed2").Update( 132 context.TODO(), plc, metav1.UpdateOptions{}, 133 ) 134 Expect(err).ToNot(HaveOccurred()) 135 By("Getting policy in cluster ns managed2 again") 136 rootPlc := utils.GetWithTimeout( 137 clientHubDynamic, gvrPolicy, case3PolicyName, testNamespace, true, defaultTimeoutSeconds, 138 ) 139 Eventually(func(g Gomega) interface{} { 140 plc = utils.GetWithTimeout( 141 clientHubDynamic, gvrPolicy, testNamespace+"."+case3PolicyName, "managed2", true, defaultTimeoutSeconds, 142 ) 143 144 err := utils.RemovePolicyTemplateDBAnnotations(plc) 145 g.Expect(err).ToNot(HaveOccurred()) 146 147 return plc.Object["spec"] 148 }, defaultTimeoutSeconds, 1).Should(utils.SemanticEqual(rootPlc.Object["spec"])) 149 }) 150 It("Should remove labels added to replicated policies", func() { 151 By("Adding a label to the replicated policy in ns managed2") 152 plc := utils.GetWithTimeout( 153 clientHubDynamic, gvrPolicy, testNamespace+"."+case3PolicyName, "managed2", true, defaultTimeoutSeconds, 154 ) 155 Expect(plc).ToNot(BeNil()) 156 labels := plc.GetLabels() 157 if labels == nil { 158 labels = make(map[string]string) 159 } 160 labels["test.io/grc-prop-case3-label"] = "caterpie" 161 err := unstructured.SetNestedStringMap(plc.Object, labels, "metadata", "labels") 162 Expect(err).ToNot(HaveOccurred()) 163 _, err = clientHubDynamic.Resource(gvrPolicy).Namespace("managed2").Update( 164 context.TODO(), plc, metav1.UpdateOptions{}, 165 ) 166 Expect(err).ToNot(HaveOccurred()) 167 168 By("Checking that the label is removed") 169 Eventually(func() map[string]string { 170 plc := utils.GetWithTimeout( 171 clientHubDynamic, gvrPolicy, testNamespace+"."+case3PolicyName, "managed2", true, defaultTimeoutSeconds, 172 ) 173 174 return plc.GetLabels() 175 }, defaultTimeoutSeconds, 1).ShouldNot(HaveKey("test.io/grc-prop-case3-label")) 176 }) 177 It("Should remove annotations added to replicated policies", func() { 178 By("Adding an annotation to the replicated policy in ns managed2") 179 plc := utils.GetWithTimeout( 180 clientHubDynamic, gvrPolicy, testNamespace+"."+case3PolicyName, "managed2", true, defaultTimeoutSeconds, 181 ) 182 Expect(plc).ToNot(BeNil()) 183 annos := plc.GetAnnotations() 184 if annos == nil { 185 annos = make(map[string]string) 186 } 187 annos["test.io/grc-prop-case3-annotation"] = "weedle" 188 err := unstructured.SetNestedStringMap(plc.Object, annos, "metadata", "annotations") 189 Expect(err).ToNot(HaveOccurred()) 190 _, err = clientHubDynamic.Resource(gvrPolicy).Namespace("managed2").Update( 191 context.TODO(), plc, metav1.UpdateOptions{}, 192 ) 193 Expect(err).ToNot(HaveOccurred()) 194 195 By("Checking that the annotation is removed") 196 Eventually(func() map[string]string { 197 plc := utils.GetWithTimeout( 198 clientHubDynamic, gvrPolicy, testNamespace+"."+case3PolicyName, "managed2", true, defaultTimeoutSeconds, 199 ) 200 201 return plc.GetAnnotations() 202 }, defaultTimeoutSeconds, 1).ShouldNot(HaveKey("test.io/grc-prop-case3-annotation")) 203 }) 204 })