testing stuff

Signed-off-by: Sertac Ozercan <[email protected]>
sozercan · Jan 30, 2024 · c517313 · c517313
1 parent c1b9b0f
commit c517313
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 8 deletions.
diff --git a/main.go b/main.go
@@ -132,7 +132,9 @@ func init() {
 
 	// +kubebuilder:scaffold:scheme
 	flag.Var(disabledBuiltins, "disable-opa-builtin", "disable opa built-in function, this flag can be declared more than once.")
-	flag.Var(&constraint.VapEnforcement, "vap-enforcement", "control VAP resource generation. Allowed values are NONE:do not generate, GATEKEEPER_DEFAULT:do not generate unless label gatekeeper.sh/use-vap: yes is added to policy explictly, VAP_DEFAULT: generate unless label gatekeeper.sh/use-vap: no is added to policy explictly.")
+	// flag.Var(&constraint.VapEnforcement, "vap-enforcement", "control VAP resource generation. Allowed values are NONE:do not generate, GATEKEEPER_DEFAULT:do not generate unless label gatekeeper.sh/use-vap: yes is added to policy explictly, VAP_DEFAULT: generate unless label gatekeeper.sh/use-vap: no is added to policy explictly.")
+	vapStr := constraint.VapEnforcement.String()
+	flag.StringVar(&vapStr, "vap-enforcement", "VAP_DEFAULT", "control VAP resource generation. Allowed values are NONE:do not generate, GATEKEEPER_DEFAULT:do not generate unless label gatekeeper.sh/use-vap: yes is added to policy explictly, VAP_DEFAULT: generate unless label gatekeeper.sh/use-vap: no is added to policy explictly.")
 }
 
 func main() {

diff --git a/pkg/controller/constraint/constraint_controller.go b/pkg/controller/constraint/constraint_controller.go
@@ -333,7 +333,7 @@ func (r *ReconcileConstraint) Reconcile(ctx context.Context, request reconcile.R
 
 		if c, err := r.cfClient.GetConstraint(instance); err != nil || !constraints.SemanticEqual(instance, c) || r.generateVapBinding != cachedGenerateVapBinding {
 			// generate vapbinding resources
-			if r.generateVapBinding && IsVapAPIEnabled() {
+			if r.generateVapBinding {
 				// check if vapbinding resource already exists
 				currentVapBinding := &admissionregistrationv1alpha1.ValidatingAdmissionPolicyBinding{}
 				vapBindingName := fmt.Sprintf("gatekeeper-%s", instance.GetName())

diff --git a/pkg/controller/constrainttemplate/constrainttemplate_controller.go b/pkg/controller/constrainttemplate/constrainttemplate_controller.go
@@ -283,12 +283,16 @@ func (r *ReconcileConstraintTemplate) Reconcile(ctx context.Context, request rec
 	labels := ct.GetLabels()
 	logger.Info("constraint template resource", "labels", labels)
 	useVap, ok := labels[constraint.VapGenerationLabel]
+	logger.Info("*** useVap", "useVap", useVap)
 	if !ok {
 		logger.Info("constraint template resource does not have a label for use-vap; will default to flag behavior", "VapEnforcement", constraint.VapEnforcement)
 		r.generateVap = constraint.ShouldGenerateVap("")
+		logger.Info("***1", "r.generateVap", r.generateVap)
 	} else {
-		logger.Info("constraint template resource", "useVap", useVap)
-		r.generateVap = constraint.ShouldGenerateVap(useVap)
+		logger.Info("*** constraint template resource", "useVap", useVap)
+		// r.generateVap = constraint.ShouldGenerateVap(useVap)
+		r.generateVap = true
+		logger.Info("***2", "r.generateVap", r.generateVap, "useVap", useVap)
 		if useVap != "no" && useVap != "yes" {
 			logger.Error(fmt.Errorf("constraint template resource has an invalid value for %s, allowed values are yes and no", constraint.VapGenerationLabel), "constraint template resource has an invalid label value")
 		}
@@ -476,12 +480,13 @@ func (r *ReconcileConstraintTemplate) handleUpdate(
 		logger.Error(err, "error adding template to watch registry")
 		return reconcile.Result{}, err
 	}
+
 	// generating vap resources
-	if r.generateVap && constraint.IsVapAPIEnabled() {
+	if r.generateVap {
 		// check if vap resource already exists
 		currentVap := &admissionregistrationv1alpha1.ValidatingAdmissionPolicy{}
 		vapName := fmt.Sprintf("gatekeeper-%s", unversionedCT.GetName())
-		logger.Info("check if vap exists", "vapName", vapName)
+		logger.Info("check if vap exists1", "vapName", vapName)
 		if err := r.Get(ctx, types.NamespacedName{Name: vapName}, currentVap); err != nil {
 			logger.Info("get vap error", "vapName", vapName, "error", err)
 
@@ -562,11 +567,11 @@ func (r *ReconcileConstraintTemplate) handleUpdate(
 		}
 	}
 	// do not generate vap resources
-	if !r.generateVap && constraint.IsVapAPIEnabled() {
+	if !r.generateVap {
 		// check if vap resource already exists
 		currentVap := &admissionregistrationv1alpha1.ValidatingAdmissionPolicy{}
 		vapName := fmt.Sprintf("gatekeeper-%s", unversionedCT.GetName())
-		logger.Info("check if vap exists", "vapName", vapName)
+		logger.Info("check if vap exists2", "vapName", vapName)
 		if err := r.Get(ctx, types.NamespacedName{Name: vapName}, currentVap); err != nil {
 			if !errors.IsNotFound(err) {
 				return reconcile.Result{}, err