fix(health): add logic for disabled policies (#21347)

Signed-off-by: Dale Haiducek <19750917+dhaiducek@users.noreply.github.com> Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com> Co-authored-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
2026-02-20 01:28:45 +01:00 · 2025-09-12 18:09:30 -04:00
parent 0793efb5e4
commit f4c4c66f38
3 changed files with 70 additions and 1 deletions
--- a/resource_customizations/policy.open-cluster-management.io/Policy/health.lua
+++ b/resource_customizations/policy.open-cluster-management.io/Policy/health.lua
@@ -1,4 +1,9 @@
 hs = {}
+if obj.spec.disabled then
+  hs.status = "Healthy"
+  hs.message = "Policy is disabled"
+  return hs
+end

 if obj.status == nil then
  hs.status = "Progressing"
--- a/resource_customizations/policy.open-cluster-management.io/Policy/health_test.yaml
+++ b/resource_customizations/policy.open-cluster-management.io/Policy/health_test.yaml
@@ -15,6 +15,10 @@ tests:
      status: Healthy
      message: All templates are compliant
    inputPath: testdata/healthy_replicated.yaml
+  - healthStatus:
+      status: Healthy
+      message: Policy is disabled
+    inputPath: testdata/disabled_root.yaml
  - healthStatus:
      status: Progressing
      message: Waiting for the status to be reported
@@ -26,4 +30,4 @@ tests:
  - healthStatus:
      status: Healthy
      message: No clusters match this policy
-    inputPath: testdata/healthy_with_placement_empty_compliant.yaml
+    inputPath: testdata/healthy_with_placement_empty_compliant.yaml
--- a/resource_customizations/policy.open-cluster-management.io/Policy/testdata/disabled_root.yaml
+++ b/resource_customizations/policy.open-cluster-management.io/Policy/testdata/disabled_root.yaml
@@ -0,0 +1,60 @@
+apiVersion: policy.open-cluster-management.io/v1
+kind: Policy
+metadata:
+  generation: 4
+  name: argo-example
+  namespace: open-cluster-management-global-set
+spec:
+  disabled: true
+  policy-templates:
+    - objectDefinition:
+        apiVersion: policy.open-cluster-management.io/v1
+        kind: ConfigurationPolicy
+        metadata:
+          name: example-namespace
+        spec:
+          object-templates:
+            - complianceType: musthave
+              objectDefinition:
+                apiVersion: v1
+                kind: Namespace
+                metadata:
+                  name: example
+          remediationAction: inform
+          severity: low
+    - objectDefinition:
+        apiVersion: policy.open-cluster-management.io/v1
+        kind: ConfigurationPolicy
+        metadata:
+          name: example-pod
+        spec:
+          namespaceSelector:
+            exclude:
+              - kube-*
+            include:
+              - default
+          object-templates:
+            - complianceType: musthave
+              objectDefinition:
+                apiVersion: v1
+                kind: Pod
+                metadata:
+                  name: foobar
+                spec:
+                  containers:
+                    - image: 'registry.redhat.io/rhel9/httpd-24:latest'
+                      name: httpd
+                      securityContext:
+                        allowPrivilegeEscalation: false
+                        capabilities:
+                          drop:
+                            - ALL
+                        privileged: false
+                        runAsNonRoot: true
+          remediationAction: inform
+          severity: low
+  remediationAction: inform
+status:
+  placement:
+    - placement: argo-example-placement
+      placementBinding: argo-example-placement