From f4c4c66f3865bb75e61284e985d7962fbf943fb2 Mon Sep 17 00:00:00 2001 From: Dale Haiducek <19750917+dhaiducek@users.noreply.github.com> Date: Fri, 12 Sep 2025 18:09:30 -0400 Subject: [PATCH] fix(health): add logic for disabled policies (#21347) Signed-off-by: Dale Haiducek <19750917+dhaiducek@users.noreply.github.com> Signed-off-by: Alexandre Gaudreault Co-authored-by: Alexandre Gaudreault --- .../Policy/health.lua | 5 ++ .../Policy/health_test.yaml | 6 +- .../Policy/testdata/disabled_root.yaml | 60 +++++++++++++++++++ 3 files changed, 70 insertions(+), 1 deletion(-) create mode 100644 resource_customizations/policy.open-cluster-management.io/Policy/testdata/disabled_root.yaml diff --git a/resource_customizations/policy.open-cluster-management.io/Policy/health.lua b/resource_customizations/policy.open-cluster-management.io/Policy/health.lua index b053612f02..3061739141 100644 --- a/resource_customizations/policy.open-cluster-management.io/Policy/health.lua +++ b/resource_customizations/policy.open-cluster-management.io/Policy/health.lua @@ -1,4 +1,9 @@ hs = {} +if obj.spec.disabled then + hs.status = "Healthy" + hs.message = "Policy is disabled" + return hs +end if obj.status == nil then hs.status = "Progressing" diff --git a/resource_customizations/policy.open-cluster-management.io/Policy/health_test.yaml b/resource_customizations/policy.open-cluster-management.io/Policy/health_test.yaml index adc132ec74..420690a97a 100644 --- a/resource_customizations/policy.open-cluster-management.io/Policy/health_test.yaml +++ b/resource_customizations/policy.open-cluster-management.io/Policy/health_test.yaml @@ -15,6 +15,10 @@ tests: status: Healthy message: All templates are compliant inputPath: testdata/healthy_replicated.yaml + - healthStatus: + status: Healthy + message: Policy is disabled + inputPath: testdata/disabled_root.yaml - healthStatus: status: Progressing message: Waiting for the status to be reported @@ -26,4 +30,4 @@ tests: - healthStatus: status: Healthy message: No clusters match this policy - inputPath: testdata/healthy_with_placement_empty_compliant.yaml + inputPath: testdata/healthy_with_placement_empty_compliant.yaml \ No newline at end of file diff --git a/resource_customizations/policy.open-cluster-management.io/Policy/testdata/disabled_root.yaml b/resource_customizations/policy.open-cluster-management.io/Policy/testdata/disabled_root.yaml new file mode 100644 index 0000000000..c1b9b81d18 --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/Policy/testdata/disabled_root.yaml @@ -0,0 +1,60 @@ +apiVersion: policy.open-cluster-management.io/v1 +kind: Policy +metadata: + generation: 4 + name: argo-example + namespace: open-cluster-management-global-set +spec: + disabled: true + policy-templates: + - objectDefinition: + apiVersion: policy.open-cluster-management.io/v1 + kind: ConfigurationPolicy + metadata: + name: example-namespace + spec: + object-templates: + - complianceType: musthave + objectDefinition: + apiVersion: v1 + kind: Namespace + metadata: + name: example + remediationAction: inform + severity: low + - objectDefinition: + apiVersion: policy.open-cluster-management.io/v1 + kind: ConfigurationPolicy + metadata: + name: example-pod + spec: + namespaceSelector: + exclude: + - kube-* + include: + - default + object-templates: + - complianceType: musthave + objectDefinition: + apiVersion: v1 + kind: Pod + metadata: + name: foobar + spec: + containers: + - image: 'registry.redhat.io/rhel9/httpd-24:latest' + name: httpd + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + remediationAction: inform + severity: low + remediationAction: inform +status: + placement: + - placement: argo-example-placement + placementBinding: argo-example-placement