Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-1810

show which OCP resource parameter doesn't match between the OCP resource deployed in OCP and the manifest file defined in the ACM inform policy

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Duplicate
    • Icon: Major Major
    • None
    • None
    • GRC
    • better identification of violations for ACM inform policies
    • False
    • Hide

      None

      Show
      None
    • False
    • To Do
    • ACM-33 - Multi-cluster Governance, Risk & Compliance (GRC)

      Epic Goal

      • Imagine a large inform policy meant to monitor several aspects of a deployment. Imagine that you do not want to enforce it but be informed of when changes are made. In that context, we need tools to be able to determine the cause of a violation being detected on an object monitored by the policy as at the present, all that we know is that there is a violation detected.

      Why is this important?

      • At the present navigating the objects and finding out the cause of the violation can require a lab and reploying similar objects and policy to figure it out.
      • Currently it is difficult and time-consuming to understand the differences between a resource already applied on a OCP managed cluster and the manifest defined in the resource policy. The message "Resource found but does not match" doesn't give information about which parameter of the resource doesn't match.

      Scenarios

      1. The end customer here is using policygenerator and inform / enforce policies to switch some application configration from gitops to RHACM policies. They have a large set of ressources already deployed by Gitops and the manifests for those.
        They wanted to verify what has been deployed using a RHACM inform policy.
        They need to find out what resource is non compliant, why and how it isn't compliant ; the message "Resource found but does not match" is not enough. At the moment the find out more about the violation is to break the policy into several parts in a lab and test it against deployed ressources
      2. in the case where the first scenario would only apply to one manifest instead of several, the same problem is present : the message isn't enough to find out the cause of the violation and more needs to be done to find it out.

      Acceptance Criteria

      • there is a clear way to find out in detail why a violation / change is done when a policy is run - which part of which resource is non compliant and doesn't match the rules set.

      Previous Work (Optional):

      some previous feature request approach the topic of this feature request :

              rhn-support-cstark Christian Stark
              rhn-support-fdewaley Felix Dewaleyne
              Derek Ho Derek Ho
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: