-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
None
-
None
-
False
-
None
-
False
-
-
-
None
Description of problem:
Creating a Policy with more than one object-template that points to the same CR works wrongly.
The Policy tries to do two things over the same object. Here the `master` MCP:
> oc -n vsno7 get policy ztp-site.sno7-tune-mcp NAME REMEDIATION ACTION COMPLIANCE STATE AGE ztp-site.sno7-tune-mcp inform Compliant 111s > oc -n vsno7 get policy ztp-site.sno7-tune-mcp -o yaml | yq ' . | select( .kind == "Policy" ) | .spec.policy-templates[0].objectDefinition.spec.object-templates' - complianceType: musthave objectDefinition: apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfigPool metadata: name: master spec: paused: true - complianceType: musthave objectDefinition: apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfigPool metadata: name: master spec: maxUnavailable: 75%
The Policy appears as `compliant`
> oc -n vsno7 get policy ztp-site.sno7-tune-mcp NAME REMEDIATION ACTION COMPLIANCE STATE AGE ztp-site.sno7-tune-mcp inform Compliant 111s
but it is actually not, because the object has been applied only with the first object-templae:
[jgato@provisioner ~]$ oc get mcp master -o yaml | grep paused
paused: true
[jgato@provisioner ~]$ oc get mcp master -o yaml | grep maxUnavailable
[jgato@provisioner ~]$
only the first object-template is honored. But the whole Policy appears Compliant.
Version-Release number of selected component (if applicable):
2.11
How reproducible:
create a Policy with serveral object-templates to modify the same object.
Steps to Reproduce:
- ...