From 1afa5ac4cd6ea1b77fc8d52f4ebc5d2a30e11360 Mon Sep 17 00:00:00 2001
From: Jaydip Gabani <gabanijaydip@gmail.com>
Date: Wed, 20 Nov 2024 19:26:31 +0000
Subject: [PATCH] updating shouldgeneratevap

Signed-off-by: Jaydip Gabani <gabanijaydip@gmail.com>
---
 .../constraint/constraint_controller.go       |  2 +-
 .../constraint/constraint_controller_test.go  | 16 ++-----------
 .../constrainttemplate_controller.go          |  7 ++----
 .../constrainttemplate_controller_test.go     | 23 -------------------
 4 files changed, 5 insertions(+), 43 deletions(-)

diff --git a/pkg/controller/constraint/constraint_controller.go b/pkg/controller/constraint/constraint_controller.go
index 41c482d00fb..277a130edac 100644
--- a/pkg/controller/constraint/constraint_controller.go
+++ b/pkg/controller/constraint/constraint_controller.go
@@ -419,7 +419,7 @@ func (r *ReconcileConstraint) getOrCreatePodStatus(ctx context.Context, constrai
 func ShouldGenerateVAP(ct *templates.ConstraintTemplate) (bool, error) {
 	source, err := celSchema.GetSourceFromTemplate(ct)
 	if err != nil {
-		return *DefaultGenerateVAP, err
+		return false, err
 	}
 	if source.GenerateVAP == nil {
 		return *DefaultGenerateVAP, nil
diff --git a/pkg/controller/constraint/constraint_controller_test.go b/pkg/controller/constraint/constraint_controller_test.go
index 6fe288a34f6..7bdce693577 100644
--- a/pkg/controller/constraint/constraint_controller_test.go
+++ b/pkg/controller/constraint/constraint_controller_test.go
@@ -445,14 +445,14 @@ func TestShouldGenerateVAP(t *testing.T) {
 				},
 			},
 			vapDefault: true,
-			expected:   true,
+			expected:   false,
 			wantErr:    true,
 		},
 		{
 			name:       "template with only Rego engine",
 			template:   makeTemplateWithRegoEngine(),
 			vapDefault: true,
-			expected:   true,
+			expected:   false,
 			wantErr:    true,
 		},
 		{
@@ -511,18 +511,6 @@ func TestShouldGenerateVAP(t *testing.T) {
 			expected:   false,
 			wantErr:    false,
 		},
-		{
-			name:       "missing, default 'yes'",
-			template:   makeTemplateWithCELEngine(nil),
-			vapDefault: true,
-			expected:   true,
-		},
-		{
-			name:       "missing, default 'no'",
-			template:   makeTemplateWithCELEngine(nil),
-			vapDefault: false,
-			expected:   false,
-		},
 	}
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
diff --git a/pkg/controller/constrainttemplate/constrainttemplate_controller.go b/pkg/controller/constrainttemplate/constrainttemplate_controller.go
index d4b4e885b92..ff69d8a972e 100644
--- a/pkg/controller/constrainttemplate/constrainttemplate_controller.go
+++ b/pkg/controller/constrainttemplate/constrainttemplate_controller.go
@@ -441,12 +441,9 @@ func (r *ReconcileConstraintTemplate) handleUpdate(
 	t.Observe(unversionedCT)
 
 	generateVap, err := constraint.ShouldGenerateVAP(unversionedCT)
-	if err != nil {
+	if err != nil && !errors.Is(err, celSchema.ErrCELEngineMissing) {
 		logger.Error(err, "generateVap error")
-		if generateVap {
-			generateVap = false
-			status.Status.VAPGenerationStatus = &statusv1beta1.VAPGenerationStatus{State: ErrGenerateVAPState, ObservedGeneration: ct.GetGeneration(), Warning: fmt.Sprintf("ValidatingAdmissionPolicy is not generated: %s", err.Error())}
-		}
+		status.Status.VAPGenerationStatus = &statusv1beta1.VAPGenerationStatus{State: ErrGenerateVAPState, ObservedGeneration: ct.GetGeneration(), Warning: fmt.Sprintf("ValidatingAdmissionPolicy is not generated: %s", err.Error())}
 	}
 
 	if err := r.generateCRD(ctx, ct, proposedCRD, currentCRD, status, logger, generateVap); err != nil {
diff --git a/pkg/controller/constrainttemplate/constrainttemplate_controller_test.go b/pkg/controller/constrainttemplate/constrainttemplate_controller_test.go
index de40949602c..1e28caa924a 100644
--- a/pkg/controller/constrainttemplate/constrainttemplate_controller_test.go
+++ b/pkg/controller/constrainttemplate/constrainttemplate_controller_test.go
@@ -399,29 +399,6 @@ func TestReconcile(t *testing.T) {
 			t.Fatal(err)
 		}
 
-		logger.Info("Running test: Warning should be present on constrainttemplate for not able to generate VAP")
-		err = retry.OnError(testutils.ConstantRetry, func(_ error) bool {
-			return true
-		}, func() error {
-			statusObj := &statusv1beta1.ConstraintTemplatePodStatus{}
-			sName, err := statusv1beta1.KeyForConstraintTemplate(util.GetPodName(), constraintTemplate.GetName())
-			if err != nil {
-				return err
-			}
-			key := types.NamespacedName{Name: sName, Namespace: util.GetNamespace()}
-			if err := c.Get(ctx, key, statusObj); err != nil {
-				return err
-			}
-
-			if statusObj.Status.VAPGenerationStatus == nil || statusObj.Status.VAPGenerationStatus.Warning == "" {
-				return fmt.Errorf("expected warning message")
-			}
-			return nil
-		})
-		if err != nil {
-			t.Fatal(err)
-		}
-
 		logger.Info("Running test: EnforcementPointStatus should indicate missing CEL engine for constraint using VAP enforcementPoint with rego templates")
 		cstr := newDenyAllCstrWithScopedEA(suffix, util.VAPEnforcementPoint)
 		err = retry.OnError(testutils.ConstantRetry, func(_ error) bool {