Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-4394

No validation if name + namespace exceeds 63 characters and Policy applied via CLI or Gitops

XMLWordPrintable

    • 3
    • False
    • Hide

      None

      Show
      None
    • False
    • GRC Sprint 2023-04, GRC Sprint 2023-05, GRC Sprint 2023-10, GRC Sprint 2023-11, GRC Sprint 2023-12, GRC Sprint 2023-15
    • +
    • None

      Can can create a Policy from the cli later in the UI you get an validation error

      reproduce, apply this policy from the cli:

      apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
  name: policytesttesttesttesttesttest
  namespace: open-cluster-management-global-set
  annotations:
    policy.open-cluster-management.io/categories: SC System and Communications Protection
    policy.open-cluster-management.io/standards: NIST SP 800-53
    policy.open-cluster-management.io/controls: SC-28 Protection Of Information At Rest
spec:
  disabled: false
  policy-templates:
    - objectDefinition:
        apiVersion: policy.open-cluster-management.io/v1
        kind: ConfigurationPolicy
        metadata:
          name: enable-etcd-encryption
        spec:
          remediationAction: inform
          severity: low
          object-templates:
            - complianceType: musthave
              objectDefinition:
                apiVersion: config.openshift.io/v1
                kind: APIServer
                metadata:
                  name: cluster
                spec:
                  encryption:
                    type: aescbc
    - objectDefinition:
        apiVersion: policy.open-cluster-management.io/v1
        kind: ConfigurationPolicy
        metadata:
          name: enable-etcd-encryption-status-kubeapi
        spec:
          remediationAction: inform
          severity: low
          object-templates:
            - complianceType: musthave
              objectDefinition:
                apiVersion: operator.openshift.io/v1
                kind: KubeAPIServer
                metadata:
                  name: cluster
                status:
                  conditions:
                    - message: "All resources encrypted: secrets, configmaps"
                      reason: EncryptionCompleted
---
apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
  name: policy-placement
  namespace: open-cluster-management-global-set
spec:
  clusterSelector:
    matchExpressions:
      - key: cloud
        operator: In
        values:
          - Amazon
  clusterConditions: []
---
apiVersion: policy.open-cluster-management.io/v1
kind: PlacementBinding
metadata:
  name: policy-placement33
  namespace: open-cluster-management-global-set
placementRef:
  name: policy-placement
  apiGroup: apps.open-cluster-management.io
  kind: PlacementRule
subjects:
  - name: policytesttesttesttesttesttest
    apiGroup: policy.open-cluster-management.io
    kind: Policy

        1. image-2023-03-17-16-56-18-596.png
          71 kB
          Christian Stark

          There are no Sub-Tasks for this issue.

              yikim@redhat.com Yi Rae Kim
              gnunn@redhat.com Gerald Nunn
              Derek Ho Derek Ho
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: