Value Statement

When deploying a policy with ArgoCD, we need health check scripts to reflect the compliance status as an ArgoCD health status.

See the documentation on how to contribute these upstream:
https://argo-cd.readthedocs.io/en/stable/operator-manual/health/#way-2-contribute-a-custom-health-check

Here is an example health check for ConfigurationPolicy that doesn't yet account for `status.lastEvaluatedGeneration`:

hs = {}
if obj.status ~= nil and obj.status.compliant ~= nil then
  if obj.status.compliant == "Compliant" then
    hs.status = "Healthy"
  elseif obj.status.compliant == "NonCompliant" then
    hs.status = "Degraded"
  else
    hs.status = "Progressing"
  end  if obj.status.compliancyDetails ~= nil then
    messages = {}    for i, compliancy in ipairs(obj.status.compliancyDetails) do
      if compliancy.conditions ~= nil then
        for i, condition in ipairs(compliancy.conditions) do
          if condition.message ~= nil then
            table.insert(messages, condition.message)
          end
        end
      end
    end
  end  hs.message = table.concat(messages,"; ")
  return hs
endhs.status = "Progressing"
hs.message = "Waiting for compliance"
return hs 

Definition of Done for Engineering Story Owner (Checklist)

• A health check for ConfigurationPolicy is created which also accounts for `status.lastEvaluatedGeneration` so that if the compliance status is stale, the ArgoCD health check is progressing. This is key for ArgoCD rollouts.
• A health check for OpeartorPolicy which accounts for `status.observedGeneration` in ACM-12804
• A health check for CertificatePolicy
• A health check for Policy which should work for both root and replicated policies
• Create a documentation issue with instructions for configuring the OpenShift GitOps operator with these health checks

Development Complete

• The code is complete.
• Functionality is working.
• Any required downstream Docker file changes are made.

Tests Automated

• [ ] Unit/function tests have been automated and incorporated into the
  build.
• [ ] 100% automated unit/function test coverage for new or changed APIs.

Secure Design

• [ ] Security has been assessed and incorporated into your threat model.

Multidisciplinary Teams Readiness

• [ ] Create an informative documentation issue using the Customer

Portal Doc template that you can access from [The Playbook](

https://docs.google.com/document/d/1YTqpZRH54Bnn4WJ2nZmjaCoiRtqmrc2w6DdQxe_yLZ8/edit#heading=h.9fvyr2rdriby),

and ensure doc acceptance criteria is met.

• Call out this sentence as it's own action:

• [ ] Link the development issue to the doc issue.

Support Readiness

• [ ] The must-gather script has been updated.