Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-4164

[2.5.8 Backport] Removed owner references are not recovered in policy templates

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Undefined Undefined
    • ACM 2.5.8
    • None
    • GRC
    • None
    • 2
    • False
    • None
    • False
    • No
    • Important

      Description of problem:

      If an external process (e.g. ArgoCD) misbehaves by removing the owner references of policy templates (e.g. ConfigurationPolicy), they are not recovered and it leads to an index out of bounds panic:
      https://github.com/open-cluster-management-io/governance-policy-framework-addon/blob/b66b1c505764963192c7dc54f889308ccb084fc3/controllers/templatesync/template_sync.go#L427

      Version-Release number of selected component (if applicable):

      All ACM versions

      How reproducible:

      Without a Policy Propagator change to ignore the "app.kubernetes.io/instance" label and annotation when creating the replicated policy, and without setting the "argocd.argoproj.io/compare-options: IgnoreExtraneous" annotation on the root policy, ArgoCD seems to remove owner references on the policy templates.

      Actual results:

      An index out of bounds panic

      Expected results:

      The index out of bounds panic should be guarded and the owner reference should be restored.

            wkutler@redhat.com William Kutler
            mprahl Matthew Prahl
            Derek Ho Derek Ho
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: