Description of problem:
When using the PolicyGenerator if a policySet is specified, but a placement is not defined the generated output creates a PlacementRule which has an empty selector – this causes the policy to deploy to all clusters.
Version-Release number of selected component (if applicable):
How reproducible:
Every time
Steps to Reproduce:
Create a policy using a Generator like:
Actual results:
apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
name: placement-ps-tester
namespace: wookie-policies
spec:
clusterConditions:
- status: "True"
type: ManagedClusterConditionAvailable
clusterSelector:
matchExpressions: []
Expected results:
The generator should fail
apiVersion: policy.open-cluster-management.io/v1 kind: PolicyGenerator metadata: name: gen-policy-generator policyDefaults: namespace: wookie-policies remediationAction: enforce placement: placementRuleName: "hub-only" policySets: - ps-tester placementBindingDefaults: name: "ps-tester-binding" policies: - name: policyset-tester-policy remediationAction: enforce manifests: - path: namespace.yml
Additional info:
- is related to
-
ACM-3003 Add PolicySetDefaults to PolicyGenerator
-
- Closed
-
