-
Bug
-
Resolution: Done
-
Major
-
ACM 2.14.0
-
Quality / Stability / Reliability
-
False
-
-
False
-
Fixes the case where the objectSelector and namespaceSelector are used together, and objects discovered by the objectSelector in specific namespaces are applied to all namespaces returned by the namespaceSelector.
-
-
-
GRC Sprint 2025-15, GRC Sprint 2025-16
-
Important
-
+
-
None
When the objectSelector and namespaceSelector are used together, the object that's found in one namespace is being applied to all of the namespaces that are found.
spec: namespaceSelector: matchLabels: {} object-templates: - objectSelector: {} objectDefinition: apiVersion: apps/v1 kind: Deployment metadata: name: '{{ not (hasPrefix "grc-" .ObjectName) | skipObject }}'
Expected status:
violation - deployments [grc-policy-addon-controller, grc-policy-propagator] found but not as specified in namespace open-cluster-management
Actual status:
violation - deployments [grc-policy-addon-controller, grc-policy-propagator] not found in namespaces: default, default-broker, e2e-rbac-test-1, e2e-rbac-test-2, hive, hypershift, kube-node-lease, kube-public, kube-system, local-cluster, multicluster-engine, open-cluster-management-agent, open-cluster-management-agent-addon, open-cluster-management-global-set, open-cluster-management-hub, open-cluster-management-policies, openshift, openshift-apiserver, openshift-apiserver-operator, openshift-authentication, openshift-authentication-operator, openshift-catalogd, openshift-cloud-controller-manager, openshift-cloud-controller-manager-operator, openshift-cloud-credential-operator, openshift-cloud-network-config-controller, openshift-cloud-platform-infra, openshift-cluster-csi-drivers, openshift-cluster-machine-approver, openshift-cluster-node-tuning-operator, openshift-cluster-olm-operator, openshift-cluster-samples-operator, openshift-cluster-storage-operator, openshift-cluster-version, openshift-config, openshift-config-managed, openshift-config-operator, openshift-console, openshift-console-operator, openshift-console-user-settings, openshift-controller-manager, openshift-controller-manager-operator, openshift-dns, openshift-dns-operator, openshift-etcd, openshift-etcd-operator, openshift-host-network, openshift-image-registry, openshift-infra, openshift-ingress, openshift-ingress-canary, openshift-ingress-operator, openshift-insights, openshift-kni-infra, openshift-kube-apiserver, openshift-kube-apiserver-operator, openshift-kube-controller-manager, openshift-kube-controller-manager-operator, openshift-kube-scheduler, openshift-kube-scheduler-operator, openshift-kube-storage-version-migrator, openshift-kube-storage-version-migrator-operator, openshift-machine-api, openshift-machine-config-operator, openshift-marketplace, openshift-monitoring, openshift-multus, openshift-network-console, openshift-network-diagnostics, openshift-network-node-identity, openshift-network-operator, openshift-node, openshift-nutanix-infra, openshift-oauth-apiserver, openshift-openstack-infra, openshift-operator-controller, openshift-operator-lifecycle-manager, openshift-operators, openshift-ovirt-infra, openshift-ovn-kubernetes, openshift-route-controller-manager, openshift-service-ca, openshift-service-ca-operator, openshift-user-workload-monitoring, openshift-vsphere-infra; deployments [grc-policy-addon-controller, grc-policy-propagator] found but not as specified in namespace open-cluster-management
- relates to
-
ACM-22742 objectSelector not correctly handled with namespaceSelector (PR from developer)
-
- Closed
-