Closed ereslibre closed 2 years ago
(T) The policy transitions eventually to active if the policy server exists
These tests will be an end to end test, given that integration tests don't have the controller-manager.
Modifying the bound policy server ConfigMap alters the status of the policy (observed state of the world)
We have agreed that modifying the ConfigMap
is not a big deal, given that we will be overriding it over and over with our own controller, so no need to watch for manual changes on the ConfigMap during regular operation.
Implemented by https://github.com/kubewarden/kubewarden-controller/pull/175
ClusterAdmissionPolicy
unscheduled
statepending
state if the bound policy server existsscheduled
if the bound policy server does not existscheduled
topending
if the policy was bound to a nonexistant policy server initially, but the policy server was created afterwardsactive
if the policy server existsConfigMap
alters thestatus
of the policy (observed state of the world)monitor
,protect
is set to what is observed on theConfigMap
PolicyServerConfigurationUpToDate
goes throughFalse
(withConfigurationVersionMismatch
reason) toTrue
(withConfigurationVersionMatch
reason).PolicyUniquelyReachable
goes throughFalse
(withLatestReplicaSetIsNotUniquelyReachable
reason) toTrue
(withLatestReplicaSetIsUniquelyReachable
reason)active
orpending
-- this means that the policy server had to exist, but does not anymore.active
: the policy is deletedAdmissionPolicy
unscheduled
statepending
state if the bound policy server existsscheduled
if the bound policy server does not existscheduled
topending
if the policy was bound to a nonexistant policy server initially, but the policy server was created afterwardsactive
if the policy server existsConfigMap
alters thestatus
of the policy (observed state of the world)monitor
,protect
is set to what is observed on theConfigMap
PolicyServerConfigurationUpToDate
goes throughFalse
(withConfigurationVersionMismatch
reason) toTrue
(withConfigurationVersionMatch
reason).PolicyUniquelyReachable
goes throughFalse
(withLatestReplicaSetIsNotUniquelyReachable
reason) toTrue
(withLatestReplicaSetIsUniquelyReachable
reason)active
orpending
-- this means that the policy server had to exist, but does not anymore.active
: the policy is deletedPolicyServer
ClusterAdmissionPolicy
and (T)AdmissionPolicy