Add field to set labels on the Policy generated

brian-jarvis · openshift-merge-bot[bot] · commit ed4f32c51e83 · 2024-01-02T18:21:29.000Z
Signed-off-by: Brian Jarvis &lt;bjarvis@redhat.com&gt;
diff --git a/docs/policygenerator-reference.yaml b/docs/policygenerator-reference.yaml
@@ -184,6 +184,9 @@ policyDefaults:
   # Optional. Annotations that the policy will include under its metadata.annotations. It will be applied for all
   # policies unless specified in the policy.
   policyAnnotations: {}
+  # Optional. Labels that the policy will include under its metadata.labels. It will be applied for all
+  # policies unless specified in the policy.
+  policyLabels: {}
 
 # Optional. Defaults for policy set generation. Any default value listed here can be overridden under an entry in the
 # policySets array.
@@ -319,6 +322,8 @@ policies:
     # Optional. Annotations that the policy will include under its metadata.annotations. It will overwrite the
     # policyAnnotation defined in the policyDefaults.
     policyAnnotations: {}
+    # Optional. (See policyDefaults.policyLabels for description.)
+    policyLabels: {}
 
 # Optional. The list of policy sets to create. To include a policy in a policy set, use policies[*].policySets or
 # policyDefaults.policySets or policySets.policies.
diff --git a/internal/plugin.go b/internal/plugin.go
@@ -522,6 +522,15 @@ func (p *Plugin) applyDefaults(unmarshaledConfig map[string]interface{}) {
 			policy.PolicyAnnotations = annotations
 		}
 
+		if policy.PolicyLabels == nil {
+			labels := map[string]string{}
+			for k, v := range p.PolicyDefaults.PolicyLabels {
+				labels[k] = v
+			}
+
+			policy.PolicyLabels = labels
+		}
+
 		if policy.Categories == nil {
 			policy.Categories = p.PolicyDefaults.Categories
 		}
@@ -1300,6 +1309,10 @@ func (p *Plugin) createPolicy(policyConf *types.PolicyConfig) error {
 		policyConf.PolicyAnnotations = map[string]string{}
 	}
 
+	if policyConf.PolicyLabels == nil {
+		policyConf.PolicyLabels = map[string]string{}
+	}
+
 	policyConf.PolicyAnnotations["policy.open-cluster-management.io/categories"] = strings.Join(
 		policyConf.Categories, ",",
 	)
@@ -1349,6 +1362,10 @@ func (p *Plugin) createPolicy(policyConf *types.PolicyConfig) error {
 		"spec": spec,
 	}
 
+	if len(policyConf.PolicyLabels) != 0 {
+		policy["metadata"].(map[string]interface{})["labels"] = policyConf.PolicyLabels
+	}
+
 	// set the root policy remediation action if all the remediation actions match
 	if rootRemediationAction := getRootRemediationAction(policyTemplates); rootRemediationAction != "" {
 		policy["spec"].(map[string]interface{})["remediationAction"] = rootRemediationAction
diff --git a/internal/plugin_test.go b/internal/plugin_test.go
@@ -1117,6 +1117,168 @@ spec:
 	assertEqual(t, output, expected)
 }
 
+func TestCreatePolicyWithLabels(t *testing.T) {
+	t.Parallel()
+	tmpDir := t.TempDir()
+	createConfigMap(t, tmpDir, "configmap.yaml")
+
+	p := Plugin{}
+	p.PolicyDefaults.Namespace = "my-policies"
+	p.PolicyDefaults.PolicyLabels = map[string]string{"test-default-label": "default"}
+
+	policyConf := types.PolicyConfig{
+		Name: "policy-app-config",
+		Manifests: []types.Manifest{
+			{Path: path.Join(tmpDir, "configmap.yaml")},
+		},
+	}
+	p.Policies = append(p.Policies, policyConf)
+	p.applyDefaults(map[string]interface{}{})
+
+	err := p.createPolicy(&p.Policies[0])
+	if err != nil {
+		t.Fatal(err.Error())
+	}
+
+	output := p.outputBuffer.String()
+	expected := `
+---
+apiVersion: policy.open-cluster-management.io/v1
+kind: Policy
+metadata:
+    annotations:
+        policy.open-cluster-management.io/categories: CM Configuration Management
+        policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
+        policy.open-cluster-management.io/description: ""
+        policy.open-cluster-management.io/standards: NIST SP 800-53
+    labels:
+        test-default-label: default
+    name: policy-app-config
+    namespace: my-policies
+spec:
+    disabled: false
+    policy-templates:
+        - objectDefinition:
+            apiVersion: policy.open-cluster-management.io/v1
+            kind: ConfigurationPolicy
+            metadata:
+                name: policy-app-config
+            spec:
+                object-templates:
+                    - complianceType: musthave
+                      objectDefinition:
+                        apiVersion: v1
+                        data:
+                            game.properties: enemies=potato
+                        kind: ConfigMap
+                        metadata:
+                            name: my-configmap
+                remediationAction: inform
+                severity: low
+    remediationAction: inform
+`
+	expected = strings.TrimPrefix(expected, "\n")
+	assertEqual(t, output, expected)
+
+	// Check for override default policy with empty map to skip default labels from the policy
+	p.outputBuffer.Reset()
+	p.Policies[0].PolicyLabels = map[string]string{}
+	p.applyDefaults(map[string]interface{}{})
+
+	err = p.createPolicy(&p.Policies[0])
+	if err != nil {
+		t.Fatal(err.Error())
+	}
+
+	output = p.outputBuffer.String()
+	expected = `
+---
+apiVersion: policy.open-cluster-management.io/v1
+kind: Policy
+metadata:
+    annotations:
+        policy.open-cluster-management.io/categories: CM Configuration Management
+        policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
+        policy.open-cluster-management.io/description: ""
+        policy.open-cluster-management.io/standards: NIST SP 800-53
+    name: policy-app-config
+    namespace: my-policies
+spec:
+    disabled: false
+    policy-templates:
+        - objectDefinition:
+            apiVersion: policy.open-cluster-management.io/v1
+            kind: ConfigurationPolicy
+            metadata:
+                name: policy-app-config
+            spec:
+                object-templates:
+                    - complianceType: musthave
+                      objectDefinition:
+                        apiVersion: v1
+                        data:
+                            game.properties: enemies=potato
+                        kind: ConfigMap
+                        metadata:
+                            name: my-configmap
+                remediationAction: inform
+                severity: low
+    remediationAction: inform
+`
+	expected = strings.TrimPrefix(expected, "\n")
+	assertEqual(t, output, expected)
+
+	// Check for override default policy labels
+	p.outputBuffer.Reset()
+	p.Policies[0].PolicyLabels = map[string]string{"test-wave-label": "100"}
+	p.applyDefaults(map[string]interface{}{})
+
+	err = p.createPolicy(&p.Policies[0])
+	if err != nil {
+		t.Fatal(err.Error())
+	}
+
+	output = p.outputBuffer.String()
+	expected = `
+---
+apiVersion: policy.open-cluster-management.io/v1
+kind: Policy
+metadata:
+    annotations:
+        policy.open-cluster-management.io/categories: CM Configuration Management
+        policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
+        policy.open-cluster-management.io/description: ""
+        policy.open-cluster-management.io/standards: NIST SP 800-53
+    labels:
+        test-wave-label: "100"
+    name: policy-app-config
+    namespace: my-policies
+spec:
+    disabled: false
+    policy-templates:
+        - objectDefinition:
+            apiVersion: policy.open-cluster-management.io/v1
+            kind: ConfigurationPolicy
+            metadata:
+                name: policy-app-config
+            spec:
+                object-templates:
+                    - complianceType: musthave
+                      objectDefinition:
+                        apiVersion: v1
+                        data:
+                            game.properties: enemies=potato
+                        kind: ConfigMap
+                        metadata:
+                            name: my-configmap
+                remediationAction: inform
+                severity: low
+    remediationAction: inform
+`
+	expected = strings.TrimPrefix(expected, "\n")
+	assertEqual(t, output, expected)
+}
+
 func TestCreatePolicyFromIamPolicyTypeManifest(t *testing.T) {
 	t.Parallel()
 	tmpDir := t.TempDir()
diff --git a/internal/types/types.go b/internal/types/types.go
@@ -26,6 +26,7 @@ type PolicyOptions struct {
 	GeneratePlacementWhenInSet     bool               `json:"generatePlacementWhenInSet,omitempty" yaml:"generatePlacementWhenInSet,omitempty"`
 	PolicySets                     []string           `json:"policySets,omitempty" yaml:"policySets,omitempty"`
 	PolicyAnnotations              map[string]string  `json:"policyAnnotations,omitempty" yaml:"policyAnnotations,omitempty"`
+	PolicyLabels                   map[string]string  `json:"policyLabels,omitempty" yaml:"policyLabels,omitempty"`
 	ConfigurationPolicyAnnotations map[string]string  `json:"configurationPolicyAnnotations,omitempty" yaml:"configurationPolicyAnnotations,omitempty"`
 }
 

Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,7 @@ type PolicyOptions struct {`
`26`	`26`	GeneratePlacementWhenInSet bool `json:"generatePlacementWhenInSet,omitempty" yaml:"generatePlacementWhenInSet,omitempty"`
`27`	`27`	PolicySets []string `json:"policySets,omitempty" yaml:"policySets,omitempty"`
`28`	`28`	PolicyAnnotations map[string]string `json:"policyAnnotations,omitempty" yaml:"policyAnnotations,omitempty"`
	`29`	+ PolicyLabels map[string]string `json:"policyLabels,omitempty" yaml:"policyLabels,omitempty"`
`29`	`30`	ConfigurationPolicyAnnotations map[string]string `json:"configurationPolicyAnnotations,omitempty" yaml:"configurationPolicyAnnotations,omitempty"`
`30`	`31`	`}`
`31`	`32`