fix: Check placement exists before length check (#22060) (cherry-pick #22057) (#22089)

Signed-off-by: Dale Haiducek <[email protected]>
Co-authored-by: Dale Haiducek <[email protected]>

Author: gcp-cherry-pick-bot[bot]

resource_customizations/policy.open-cluster-management.io/Policy/health.lua

@@ -1,4 +1,5 @@
 hs = {}
+
 if obj.status == nil then
   hs.status = "Progressing"
   hs.message = "Waiting for the status to be reported"
@@ -7,7 +8,7 @@ end
 
 -- A policy will not have a compliant field but will have a placement key set if
 -- it is not being applied to any clusters
-if obj.status.compliant == nil and #obj.status.placement > 0 and obj.status.status == nil then
+if obj.status.compliant == nil and obj.status.status == nil and obj.status.placement ~= nil and #obj.status.placement > 0 then
   hs.status = "Healthy"
   hs.message = "No clusters match this policy"
   return hs
@@ -24,6 +25,8 @@ if obj.status.compliant == "Compliant" then
 else
   hs.status = "Degraded"
 end
+
+-- Collect NonCompliant clusters for the policy
 noncompliants = {}
 if obj.status.status ~= nil then
   -- "root" policy
@@ -50,4 +53,5 @@ elseif obj.status.details ~= nil then
     hs.message = "NonCompliant templates: " .. table.concat(noncompliants, ", ")
   end
 end
+
 return hs

resource_customizations/policy.open-cluster-management.io/Policy/health_test.yaml

@@ -19,6 +19,10 @@ tests:
       status: Progressing
       message: Waiting for the status to be reported
     inputPath: testdata/progressing_no_status.yaml
+  - healthStatus:
+      status: Progressing
+      message: Waiting for the status to be reported
+    inputPath: testdata/progressing_nil_status.yaml
   - healthStatus:
       status: Healthy
       message: No clusters match this policy

resource_customizations/policy.open-cluster-management.io/Policy/testdata/progressing_nil_status.yaml

@@ -0,0 +1,51 @@
+apiVersion: policy.open-cluster-management.io/v1
+kind: Policy
+metadata:
+  annotations:
+    argocd.argoproj.io/compare-options: IgnoreExtraneous
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  labels:
+    argocd.argoproj.io/instance: acm
+  name: acm-hub-ca-policy
+  namespace: open-cluster-management
+spec:
+  disabled: false
+  policy-templates:
+  - objectDefinition:
+      apiVersion: policy.open-cluster-management.io/v1
+      kind: ConfigurationPolicy
+      metadata:
+        name: acm-hub-ca-config-policy
+      spec:
+        namespaceSelector:
+          include:
+          - default
+        object-templates:
+        - complianceType: mustonlyhave
+          objectDefinition:
+            apiVersion: v1
+            data:
+              hub-kube-root-ca.crt: '{{hub fromConfigMap "" "kube-root-ca.crt" "ca.crt"
+                | base64enc hub}}'
+              hub-openshift-service-ca.crt: '{{hub fromConfigMap "" "openshift-service-ca.crt"
+                "service-ca.crt" | base64enc hub}}'
+            kind: Secret
+            metadata:
+              name: hub-ca
+              namespace: golang-external-secrets
+            type: Opaque
+        - complianceType: mustonlyhave
+          objectDefinition:
+            apiVersion: v1
+            data:
+              hub-kube-root-ca.crt: |
+                {{hub fromConfigMap "" "kube-root-ca.crt" "ca.crt" | autoindent hub}}
+              hub-openshift-service-ca.crt: |
+                {{hub fromConfigMap "" "openshift-service-ca.crt" "service-ca.crt" | autoindent hub}}
+            kind: ConfigMap
+            metadata:
+              name: trusted-hub-bundle
+              namespace: imperative
+        remediationAction: enforce
+        severity: medium
+  remediationAction: enforce

resource_customizations/policy.open-cluster-management.io/Policy/testdata/progressing_no_status.yaml

@@ -49,3 +49,4 @@ spec:
         remediationAction: enforce
         severity: medium
   remediationAction: enforce
+status: {}