Deduplicate objects to watch

This version of the dependency-watches library can panic if passed
duplicate object IDs along with an object ID for a kind that is not
present on the cluster. This avoids triggering that situation, and
might be easier to backport than changes to the library itself.

Refs:
 - https://issues.redhat.com/browse/ACM-14091

Signed-off-by: Justin Kulikauskas <jkulikau@redhat.com>

Author: JustinKuli

controllers/templatesync/template_sync.go

@@ -879,12 +879,20 @@ func (r *PolicyReconciler) Reconcile(ctx context.Context, request reconcile.Requ
 	}
 
 	if len(allDeps) != 0 || len(childTemplates) != 0 {
-		objectsToWatch := make([]depclient.ObjectIdentifier, 0, len(allDeps)+len(childTemplates))
+		watchSet := make(map[depclient.ObjectIdentifier]struct{})
+
 		for depID := range allDeps {
-			objectsToWatch = append(objectsToWatch, depID)
+			watchSet[depID] = struct{}{}
+		}
+
+		for _, childID := range childTemplates {
+			watchSet[childID] = struct{}{}
 		}
 
-		objectsToWatch = append(objectsToWatch, childTemplates...)
+		objectsToWatch := make([]depclient.ObjectIdentifier, 0, len(watchSet))
+		for depID := range watchSet {
+			objectsToWatch = append(objectsToWatch, depID)
+		}
 
 		err = r.DynamicWatcher.AddOrUpdateWatcher(policyObjectID, objectsToWatch...)
 	} else {

test/e2e/case12_ordering_test.go

@@ -381,4 +381,31 @@ var _ = Describe("Test dependency logic in template sync", Ordered, func() {
 		By("Checking if policy status is consistently pending")
 		Consistently(checkCompliance(case12PolicyName), "15s", 1).Should(Equal("Pending"))
 	})
+	// This test case is meant for a specific panic that was being caused by some Policies.
+	It("Should function properly despite a nonexistent dependency kind", func() {
+		const (
+			testPolicyName string = "case12-test-nonexist-dep"
+			testPolicyYaml string = "../resources/case12_ordering/case12-plc-nonexist-dep.yaml"
+			templateName   string = "case12-config-policy"
+		)
+
+		By("Creating a policy on hub cluster in ns:" + clusterNamespaceOnHub)
+		hubPolicyApplyAndDeferCleanup(testPolicyYaml, testPolicyName)
+
+		By("Generating a noncompliant event on the first template")
+		generateEventOnPolicy(testPolicyName, templateName, "not yet successful", "NonCompliant")
+
+		By("Checking if policy status is noncompliant")
+		Eventually(checkCompliance(testPolicyName), defaultTimeoutSeconds, 1).Should(Equal("NonCompliant"))
+
+		// Sleep to avoid the status-sync from reconciling again before the template-sync has a
+		// chance to reconcile and (possibly) panic.
+		time.Sleep(5 * time.Second)
+
+		By("Generating a compliant event on the first template")
+		generateEventOnPolicy(testPolicyName, templateName, "all systems go", "Compliant")
+
+		By("Checking if policy status is Compliant")
+		Eventually(checkCompliance(testPolicyName), defaultTimeoutSeconds, 1).Should(Equal("Compliant"))
+	})
 })

test/resources/case12_ordering/case12-plc-nonexist-dep.yaml

@@ -0,0 +1,61 @@
+apiVersion: policy.open-cluster-management.io/v1
+kind: Policy
+metadata:
+  name: case12-test-nonexist-dep
+  labels:
+    policy.open-cluster-management.io/cluster-name: managed
+    policy.open-cluster-management.io/cluster-namespace: managed
+    policy.open-cluster-management.io/root-policy: case12-test-policy-nonexist-dep
+spec:
+  remediationAction: inform
+  disabled: false
+  policy-templates:
+    - objectDefinition:
+        apiVersion: policy.open-cluster-management.io/v1
+        kind: ConfigurationPolicy
+        metadata:
+          name: case12-config-policy
+        spec:
+          remediationAction: inform
+          object-templates:
+            - complianceType: musthave
+              objectDefinition:
+                apiVersion: v1
+                kind: Pod
+                metadata:
+                  name: nginx-pod-e2e
+                  namespace: default
+                spec:
+                  containers:
+                    - name: nginx
+    - extraDependencies:
+        - apiVersion: policy.open-cluster-management.io/v1
+          kind: ConfigurationPolicy
+          name: case12-config-policy
+          namespace: ""
+          compliance: Compliant
+        - apiVersion: policy.open-cluster-management.io/v1
+          kind: NonexistPolicy
+          name: nonexist
+          namespace: ""
+          compliance: Compliant
+      ignorePending: true
+      objectDefinition:
+        apiVersion: policy.open-cluster-management.io/v1
+        kind: ConfigurationPolicy
+        metadata:
+          name: case12-config-policy-2
+        spec:
+          remediationAction: inform
+          object-templates:
+            - complianceType: musthave
+              objectDefinition:
+                apiVersion: v1
+                kind: Pod
+                metadata:
+                  name: nginx-pod-e2e
+                  namespace: default
+                spec:
+                  containers:
+                    - name: nginx
+