-
Bug
-
Resolution: Unresolved
-
Major
-
ACM 2.13.2
-
Quality / Stability / Reliability
-
False
-
-
False
-
-
-
Moderate
-
None
Description of problem:
The `fromClusterClaim` template function available in the policy framework generally allows for convenient access to certain properties of the cluster like the platform, or a cluster ID. However, some ClusterClaims are not always present, like the "hostedcluster.hypershift.openshift.io" property used in a fix for https://issues.redhat.com/browse/ACM-16141.
When the ClusterClaim does not exist, the policy will return a templating error, and not be able to evaluate the policy. The "default" template function can not even be used to get around this.
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
- Create a policy with a template using something like `{{
fromClusterClaim "foo.bar.io" }}` - Observe the error.
- ...
Actual results:
Policy is non-compliant with a template error
Expected results:
The function could return an empty string, or a sentinel value, which would allow the policy author to determine how to deal with the situation.
In particular, the behavior of `fromClusterClaim` is different than the equivalent `lookup`: `{{ (lookup "cluster.open-cluster-management.io/v1alpha1" "ClusterClaim" "" "foo.bar.io").spec.value }}`, which would return a special empty value, allowing comparisons or defaulting behavior.