Skip to content

fix: compliant with mustnothave and objectselector #408

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: compliant with mustnothave and objectselector #408

wants to merge 1 commit into from

Conversation

@dhaiducek
Copy link
Member

@dhaiducek dhaiducek commented Nov 4, 2025
edited
Loading

When a mustnothave ConfigurationPolicy returns objects from the objectSelector but no objects match the policy, the status wasn't populated. This populates a compliant status for this case.

ref: https://issues.redhat.com/browse/ACM-25562

Followup to:

Assisted-by: Cursor IDE using claude-4.5-sonnet

@openshift-ci openshift-ci bot added the approved label Nov 4, 2025
@dhaiducek dhaiducek force-pushed the 25562-mustnothave-objsel branch 2 times, most recently from 75eb217 to 5f92b6b Compare November 4, 2025 21:48
dhaiducek
dhaiducek commented Nov 4, 2025
View reviewed changes
controllers/configurationpolicy_controller.go
Comment on lines 1887 to 1898
for ns := range relevantNsNames {
namespaces = append(namespaces, ns)
}
Copy link
Member Author

@dhaiducek dhaiducek Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is basically pulling all the namespaces from namespace/namespaceSelector. I realized I'm missing populating relatedObjects. I'll check to see what mustnothave with unnamed objects does and see whether it makes sense to do that here also.

JustinKuli
JustinKuli previously approved these changes Nov 5, 2025
View reviewed changes
Copy link
Member

@JustinKuli JustinKuli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's here looks good! Just holding in case we want to update any related object information like you commented.

/hold

@openshift-ci openshift-ci bot added the lgtm label Nov 5, 2025
@dhaiducek dhaiducek force-pushed the 25562-mustnothave-objsel branch from 5f92b6b to 032e9fc Compare November 7, 2025 21:09
@openshift-ci openshift-ci bot removed the lgtm label Nov 7, 2025
@openshift-ci
Copy link

openshift-ci bot commented Nov 7, 2025

New changes are detected. LGTM label has been removed.

@openshift-ci
Copy link

openshift-ci bot commented Nov 7, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dhaiducek

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

1 similar comment
@openshift-ci
Copy link

openshift-ci bot commented Nov 7, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dhaiducek

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@dhaiducek dhaiducek force-pushed the 25562-mustnothave-objsel branch 2 times, most recently from a839659 to 1e86265 Compare November 7, 2025 21:39
@dhaiducek
fix: compliant with mustnothave and objectselector
fa6c249 
When a mustnothave ConfigurationPolicy returns objects from the
objectSelector but no objects match the policy, the status wasn't
populated. This populates a compliant status for this case.

ref: https://issues.redhat.com/browse/ACM-25562
Signed-off-by: Dale Haiducek <[email protected]>
@dhaiducek dhaiducek force-pushed the 25562-mustnothave-objsel branch from 1e86265 to fa6c249 Compare November 7, 2025 21:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JustinKuli JustinKuli JustinKuli left review comments

@gparvin gparvin Awaiting requested review from gparvin

@yiraeChristineKim yiraeChristineKim Awaiting requested review from yiraeChristineKim

@jan-law jan-law Awaiting requested review from jan-law

At least 1 approving review is required to merge this pull request.

Assignees

@JustinKuli JustinKuli

Labels

approved dco-signoff: yes do-not-merge/hold

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dhaiducek @JustinKuli