Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-23563

skipObject is ignored if object CRD is not in cluster

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • ACM 2.15.0
    • ACM 2.14.0
    • GRC
    • None
    • Quality / Stability / Reliability
    • 2
    • False
    • Hide

      None

      Show
      None
    • False
    • GRC Sprint 2025-21, GRC Sprint 2025-22
    • Important
    • Customer Facing
    • Proposed
    • None

      Using skipObject to prevent an object from being created where the CRD does not exist in the cluster results in an error.

      Give a ConfigurationPolicy like:

       

      apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
  name: test-skip
spec:
  object-templates:
    - complianceType: musthave
      objectDefinition:
        apiVersion: v1
        kind: FakeKind
        metadata:
          labels:
            removed-in-ocp419: '{{ skipObject }}'
          name: testskip
          namespace: default
        spec:
          data:
            fake: test
  remediationAction: inform
  severity: medium

       ACM returns this error:

       

       

      violation - couldn't find mapping resource with kind FakeKind in API version v1, please check if you have CRD deployed

       

       

      The policytools correctly returns no object-templates

      $ policytools template-resolver test-skip.yml 
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
  name: test-skip
spec:
  object-templates: []
  remediationAction: inform
  severity: medium

       

       

              rh-ee-dhaiduce Dale Haiducek
              rhn-support-bjarvis Brian Jarvis
              Derek Ho Derek Ho
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: