-
Bug
-
Resolution: Done
-
Major
-
ACM 2.7.10
-
None
-
1
-
False
-
None
-
False
-
-
-
GRC Sprint 2024-06
-
Moderate
-
-
-
No
Description of problem:
I think this problem only happens in ACM 2.8.2 and 2.8.3. The OPP policyset created a secret for Observability which used templates to pull data from multiple places. Because the templates used the lookup function, there is a period of time the policy becomes compliant but the secret content contains "<no value>" for a couple fields while other OPP components are still starting. Once those values are available, the secret is supposed to be updated with the new content. Instead, the secret is not updated and the policy changes to and stays NonCompliant. The NonCompliant message reported in the policy is:
- compliant: NonCompliant
history:
- eventName: policies.policy-ocm-test.1792fed43627f156
lastTimestamp: "2023-10-30T21:09:56Z"
message: 'NonCompliant; violation - Error updating the object `test-object-storage`,
the error is `Secret in version "v1" cannot be handled as a Secret: illegal
base64 data at input byte 4`'
Version-Release number of selected component (if applicable): ACM 2.8.3 (and 2.8.2)
How reproducible: Easy on only these two versions. I have a recreate testcase
Steps to Reproduce:
- Apply the generator project I created
- Make sure the secret is created - you can double check that the <no value> exists in the secret
- Update the generator project to point to the correct names and re-apply the generator project
Note: The field in number 3 should change from buceeHost and buceeName to bucketHost and bucketName, respectively in the input-acm-observability/policy-ocm-observability.yaml file.