Description of problem:
If an external process (e.g. ArgoCD) misbehaves by removing the owner references of policy templates (e.g. ConfigurationPolicy), they are not recovered and it leads to an index out of bounds panic:
https://github.com/open-cluster-management-io/governance-policy-framework-addon/blob/b66b1c505764963192c7dc54f889308ccb084fc3/controllers/templatesync/template_sync.go#L427
Version-Release number of selected component (if applicable):
All ACM versions
How reproducible:
Without a Policy Propagator change to ignore the "app.kubernetes.io/instance" label and annotation when creating the replicated policy, and without setting the "argocd.argoproj.io/compare-options: IgnoreExtraneous" annotation on the root policy, ArgoCD seems to remove owner references on the policy templates.
Actual results:
An index out of bounds panic
Expected results:
The index out of bounds panic should be guarded and the owner reference should be restored.
- clones
-
ACM-3027 Removed owner references are not recovered in policy templates
- Closed