Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-3027

Removed owner references are not recovered in policy templates

XMLWordPrintable

    • 2
    • False
    • None
    • False
    • ACM Sprint 27, GRC Sprint 2023-01, GRC Sprint 2023-03
    • Important
    • No

      Description of problem:

      If an external process (e.g. ArgoCD) misbehaves by removing the owner references of policy templates (e.g. ConfigurationPolicy), they are not recovered and it leads to an index out of bounds panic:
      https://github.com/open-cluster-management-io/governance-policy-framework-addon/blob/b66b1c505764963192c7dc54f889308ccb084fc3/controllers/templatesync/template_sync.go#L427

      Version-Release number of selected component (if applicable):

      All ACM versions

      How reproducible:

      Without a Policy Propagator change to ignore the "app.kubernetes.io/instance" label and annotation when creating the replicated policy, and without setting the "argocd.argoproj.io/compare-options: IgnoreExtraneous" annotation on the root policy, ArgoCD seems to remove owner references on the policy templates.

      Actual results:

      An index out of bounds panic

      Expected results:

      The index out of bounds panic should be guarded and the owner reference should be restored.

              wkutler@redhat.com William Kutler
              mprahl Matthew Prahl
              Derek Ho Derek Ho
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: