Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions templates/policies/ocp-gitops-policy.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,22 @@ spec:
include:
- default
object-templates:
- complianceType: musthave
objectDefinition:
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: default
namespace: {{ $.Values.global.vpArgoNamespace }}
spec:
clusterResourceWhitelist:
- group: '*'
kind: '*'
destinations:
- namespace: '*'
server: '*'
sourceRepos:
- '*'
- complianceType: mustonlyhave
objectDefinition:
apiVersion: argoproj.io/v1beta1
Expand Down Expand Up @@ -275,6 +291,14 @@ spec:
{{ .check | nindent 24 }}
{{- end }}
server:
initContainers:
- command:
- bash
- -c
- sleep 5
image: registry.redhat.io/ubi9/ubi-minimal:latest
name: wait-for-appproject
resources: {}
autoscale:
enabled: false
grpc:
Expand Down
14 changes: 7 additions & 7 deletions tests/ocp_gitops_policy_edge_cases_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,13 @@ tests:
path: metadata.name
value: group-one-gitops-policy-argocd
equal:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.spec.server.route.tls.insecureEdgeTerminationPolicy
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.server.route.tls.insecureEdgeTerminationPolicy
value: Allow
- documentSelector:
path: metadata.name
value: group-one-gitops-policy-argocd
equal:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.spec.server.route.tls.termination
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.server.route.tls.termination
value: passthrough

- it: should not include route TLS block when argocdServer is not configured
Expand All @@ -36,7 +36,7 @@ tests:
path: metadata.name
value: group-one-gitops-policy-argocd
isNull:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.spec.server.route.tls
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.server.route.tls

- it: should use default TLS values when tls block has a key but no overrides
values:
Expand All @@ -53,13 +53,13 @@ tests:
path: metadata.name
value: group-one-gitops-policy-argocd
equal:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.spec.server.route.tls.insecureEdgeTerminationPolicy
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.server.route.tls.insecureEdgeTerminationPolicy
value: Redirect
- documentSelector:
path: metadata.name
value: group-one-gitops-policy-argocd
equal:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.spec.server.route.tls.termination
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.server.route.tls.termination
value: reencrypt

- it: should not include route TLS block when tls is empty map
Expand All @@ -75,7 +75,7 @@ tests:
path: metadata.name
value: group-one-gitops-policy-argocd
isNull:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.spec.server.route.tls
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.server.route.tls

- it: should render multiple groups each with their own set of resources
set:
Expand Down Expand Up @@ -123,7 +123,7 @@ tests:
path: metadata.name
value: group-one-gitops-policy-argocd
equal:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.spec.server.route.enabled
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.server.route.enabled
value: true

- it: should set default channel when neither spokeGitops nor main gitops is set
Expand Down
28 changes: 14 additions & 14 deletions tests/ocp_gitops_policy_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -104,25 +104,25 @@ tests:
path: metadata.name
value: group-one-gitops-policy-argocd
lengthEqual:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.spec.resourceHealthChecks
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.resourceHealthChecks
count: 2
- documentSelector:
path: metadata.name
value: group-one-gitops-policy-argocd
equal:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.spec.resourceHealthChecks[0].group
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.resourceHealthChecks[0].group
value: operators.coreos.com
- documentSelector:
path: metadata.name
value: group-one-gitops-policy-argocd
equal:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.spec.resourceHealthChecks[0].kind
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.resourceHealthChecks[0].kind
value: Subscription
- documentSelector:
path: metadata.name
value: group-one-gitops-policy-argocd
equal:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.spec.resourceHealthChecks[1].kind
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.resourceHealthChecks[1].kind
value: PersistentVolumeClaim

- it: Should append a single extra resource healthcheck
Expand All @@ -142,31 +142,31 @@ tests:
path: metadata.name
value: group-one-gitops-policy-argocd
lengthEqual:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.spec.resourceHealthChecks
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.resourceHealthChecks
count: 3
- documentSelector:
path: metadata.name
value: group-one-gitops-policy-argocd
equal:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.spec.resourceHealthChecks[0].group
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.resourceHealthChecks[0].group
value: operators.coreos.com
- documentSelector:
path: metadata.name
value: group-one-gitops-policy-argocd
equal:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.spec.resourceHealthChecks[1].kind
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.resourceHealthChecks[1].kind
value: PersistentVolumeClaim
- documentSelector:
path: metadata.name
value: group-one-gitops-policy-argocd
equal:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.spec.resourceHealthChecks[2].group
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.resourceHealthChecks[2].group
value: argoproj.io
- documentSelector:
path: metadata.name
value: group-one-gitops-policy-argocd
equal:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.spec.resourceHealthChecks[2].kind
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.resourceHealthChecks[2].kind
value: Application

- it: Should append multiple extra resource healthchecks
Expand Down Expand Up @@ -194,29 +194,29 @@ tests:
path: metadata.name
value: group-one-gitops-policy-argocd
lengthEqual:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.spec.resourceHealthChecks
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.resourceHealthChecks
count: 4
- documentSelector:
path: metadata.name
value: group-one-gitops-policy-argocd
equal:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.spec.resourceHealthChecks[1].kind
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.resourceHealthChecks[1].kind
value: PersistentVolumeClaim
- documentSelector:
path: metadata.name
value: group-one-gitops-policy-argocd
equal:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.spec.resourceHealthChecks[2].group
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.resourceHealthChecks[2].group
value: argoproj.io
- documentSelector:
path: metadata.name
value: group-one-gitops-policy-argocd
equal:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.spec.resourceHealthChecks[3].group
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.resourceHealthChecks[3].group
value: batch
- documentSelector:
path: metadata.name
value: group-one-gitops-policy-argocd
equal:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.spec.resourceHealthChecks[3].kind
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.resourceHealthChecks[3].kind
value: Job
20 changes: 10 additions & 10 deletions tests/vp_argo_namespace_gitops_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -99,13 +99,13 @@ tests:
path: metadata.name
value: group-one-gitops-policy-argocd
equal:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.metadata.name
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.metadata.name
value: custom-argocd
- documentSelector:
path: metadata.name
value: group-one-gitops-policy-argocd
equal:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.metadata.namespace
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.metadata.namespace
value: custom-argocd

- it: should use default vpArgoNamespace for ArgoCD resource name and namespace
Expand All @@ -116,13 +116,13 @@ tests:
path: metadata.name
value: group-one-gitops-policy-argocd
equal:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.metadata.name
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.metadata.name
value: openshift-gitops
- documentSelector:
path: metadata.name
value: group-one-gitops-policy-argocd
equal:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.metadata.namespace
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.metadata.namespace
value: openshift-gitops

- it: should create ConsoleLink when vpArgoNamespace is not openshift-gitops
Expand All @@ -137,30 +137,30 @@ tests:
value: group-one-gitops-policy-argocd
lengthEqual:
path: spec.policy-templates[0].objectDefinition.spec.object-templates
count: 2
count: 3
- documentSelector:
path: metadata.name
value: group-one-gitops-policy-argocd
equal:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.kind
path: spec.policy-templates[0].objectDefinition.spec.object-templates[2].objectDefinition.kind
value: ConsoleLink
- documentSelector:
path: metadata.name
value: group-one-gitops-policy-argocd
equal:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.metadata.name
path: spec.policy-templates[0].objectDefinition.spec.object-templates[2].objectDefinition.metadata.name
value: custom-argocd-gitops-link
- documentSelector:
path: metadata.name
value: group-one-gitops-policy-argocd
equal:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.location
path: spec.policy-templates[0].objectDefinition.spec.object-templates[2].objectDefinition.spec.location
value: ApplicationMenu
- documentSelector:
path: metadata.name
value: group-one-gitops-policy-argocd
equal:
path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.text
path: spec.policy-templates[0].objectDefinition.spec.object-templates[2].objectDefinition.spec.text
value: Argo CD VP

- it: should NOT create ConsoleLink when vpArgoNamespace is openshift-gitops
Expand All @@ -172,7 +172,7 @@ tests:
value: group-one-gitops-policy-argocd
lengthEqual:
path: spec.policy-templates[0].objectDefinition.spec.object-templates
count: 1
count: 2

- it: should have 3 object-templates with custom vpArgoNamespace and no gitOpsSubNamespace
values:
Expand Down