Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-16238

Fix critical console bugs related to policies with exceptional templates

XMLWordPrintable

    • 1
    • False
    • None
    • False
    • 1
    • GRC Sprint 2024-24
    • Critical
    • None

      Description of problem:

      Ref: https://redhat-internal.slack.com/archives/CU4QXLPQB/p1733754349163159

      This policy causes "undefined remediationAction" and "undefined severity" issue in console

      // code placeholder
apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
  annotations:
    policy.open-cluster-management.io/categories: SC System and Communications Protection
    policy.open-cluster-management.io/controls: SC-1 SYSTEM AND COMMUNICATIONS PROTECTION
      POLICY AND PROCEDURES
    policy.open-cluster-management.io/standards: NIST SP 800-53
  creationTimestamp: "2024-05-15T08:35:57Z"
  generation: 2
  labels:
    app.kubernetes.io/instance: policies
  name: policy-project-template
  namespace: acm-policies
  resourceVersion: "964815171"
  uid: 3a86a6cd-6ee1-4b8d-9f4f-117b0da9d037
spec:
  disabled: false
  policy-templates:
  - objectDefinition:
      apiVersion: template.openshift.io/v1
      kind: Template
      metadata:
        name: project-request
      objects:
      - apiVersion: project.openshift.io/v1
        kind: Project
        metadata:
          annotations:
            openshift.io/description: ${PROJECT_DESCRIPTION}
            openshift.io/dislay-name: ${PROJECT_DISPLAYNAME}
            openshift.io/requester: ${PROJECT_REQUESTING_USER}
          name: ${PROJECT_NAME}
        spec: {}
        status: {}
      - apiVersion: rbac.authorization.k8s.io/v1
        kind: RoleBinding
        metadata:
          name: admin
          namespace: ${PROJECT_NAME}
        roleRef:
          apiGroup: rbac.authorization.k8s.io
          kind: ClusterRole
          name: admin
        subjects:
        - apiGroup: rbac.authorization.k8s.io
          kind: User
          name: ${PROJECT_ADMIN_USER}
      - apiVersion: v1
        kind: ResourceQuota
        metadata:
          name: compute-resources
        spec:
          hard:
            limits.memory: 5Gi
            requests.cpu: "1"
            requests.memory: 1Gi
      parameters:
      - name: PROJECT_NAME
      - name: PROJECT_DISPLAYNAME
      - name: PROJECT_DESCRIPTION
      - name: PROJECT_ADMIN_USER
      - name: PROJECT_REQUESTING_USER
  remediationAction: enforce

      Version-Release number of selected component (if applicable):

      How reproducible:

      Steps to Reproduce:

      1.  
      2.  
      3. ...

      Actual results:

      Expected results:

      Additional info:

       

              yikim@redhat.com Yi Rae Kim
              yikim@redhat.com Yi Rae Kim
              Derek Ho Derek Ho
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: