🤖 Sync from open-cluster-management-io/config-policy-controller: #298 #1041
Conversation
![magic-mirror-bot[bot]](https://avatars.githubusercontent.com/u/60207193?s=60&v=4){kind=small}
Previously, this map was initialized when being setup with a controller runtime manager. It is not necessary to wait until then, and it was preventing any possibility of running the reconcilers without a real manager (for example, in tests). Signed-off-by: Justin Kulikauskas <[email protected]> (cherry picked from commit a98f4aaeae5ba0d8b9a135877613a65a2b8ca69c)
Storing both the rest.Config *and* multiple clients generated from it could lead to confusion, and prevented the possibility of using clients that we don't have the config for (potentially in tests). Signed-off-by: Justin Kulikauskas <[email protected]> (cherry picked from commit af4207604479985c8aa47f7e3f4342a0ae1cbd80)
v2 is much more configurable. Signed-off-by: Justin Kulikauskas <[email protected]> (cherry picked from commit 684ffc32e971cb5833b11709b87fb5be64d45ab4)
This would allow a user to save a set of REST mappings from an existing cluster which the config-policy-controller reconciler *could* use instead of a "live" discovery API. Currently the setup in main.go for the controller *does not* connect this, but it would be possible to add in the future. The included "default-mappings.yaml" file is the output of the tool from a simple kind cluster. Signed-off-by: Justin Kulikauskas <[email protected]> (cherry picked from commit d914d301ab450a8b2bb08eb926928d449ccdcc15)
This command allows for the testing of configuration policies without a cluster. "Cluster state" is provided via input files, which are simulated in a fake cluster. A real config-policy-controller reconciler is run against this fake cluster, and the resulting policy status, as well as the compliance events, are captured and can be displayed to the user. If the policy is noncompliant, the command exits with error code 2 (to distinguish it from other possible exit reasons). This also exposes the GenerateMappings command as a subcommand. Refs: - https://issues.redhat.com/browse/ACM-14161 Signed-off-by: Justin Kulikauskas <[email protected]> (cherry picked from commit 6e86ab4328e1db4abdd5b2195a6e8d87fc4f2b40)
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
SonarCloud found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.
|
/override "SonarCloud Code Analysis" It seems that SonarCloud doesn't like @JustinKuli's security practices in his test manifests for the dryrun CLI. |
|
@mprahl: Overrode contexts on behalf of mprahl: SonarCloud Code Analysis In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: magic-mirror-bot[bot], mprahl The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Syncing the following PRs:
Closes #1042