Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Won't Do
Priority: Undefined
Fix Version/s: ACM 2.6.5, ACM 2.5.8, ACM 2.7.2
Affects Version/s: None
Component/s: GRC
Labels:
None

Story Points:
2
Blocked:
False
Blocked Reason:
None
Ready:
False
Regression:
No

Severity:
Important

SFDC Cases Links:
SFDC Cases Counter:

Description

Description of problem:

If an external process (e.g. ArgoCD) misbehaves by removing the owner references of policy templates (e.g. ConfigurationPolicy), they are not recovered and it leads to an index out of bounds panic:
https://github.com/open-cluster-management-io/governance-policy-framework-addon/blob/b66b1c505764963192c7dc54f889308ccb084fc3/controllers/templatesync/template_sync.go#L427

Version-Release number of selected component (if applicable):

All ACM versions

How reproducible:

Without a Policy Propagator change to ignore the "app.kubernetes.io/instance" label and annotation when creating the replicated policy, and without setting the "argocd.argoproj.io/compare-options: IgnoreExtraneous" annotation on the root policy, ArgoCD seems to remove owner references on the policy templates.

Actual results:

An index out of bounds panic

Expected results:

The index out of bounds panic should be guarded and the owner reference should be restored.

Attachments

Issue Links

clones

ACM-3027 Removed owner references are not recovered in policy templates

Closed

Activity

People

Assignee:: William Kutler

Reporter:: Matthew Prahl

QA Contact:: Derek Ho

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2023/03/08 3:40 PM

Updated:: 2023/03/23 2:38 PM

Resolved:: 2023/03/23 2:38 PM