Description of problem:
The specific example where this has happened is when detaching and re-importing a cluster: if the detach process has not fully completed, and the cluster namespace is in a Terminating state, then the propagator can not create the replicated policy in that namespace. It seems to mark the root policy as non-compliant, but does not automatically re-attempt to propagate the policy. I think it's likely that this is not the only type of error that isn't re-queued.
Version-Release number of selected component (if applicable):
How reproducible:
Probably
Steps to Reproduce:
- Artificially add a finalizer to a cluster namespace.
- Delete the cluster namespace, and observe it is in a Terminating state.
- Create a policy which should be propagated to that cluster namespace.
Actual results:
It is not propagated, an error is in the logs like:
```
error policy-propagator propagator/propagation.go:783 Failed to create the replicated policy {"policyName": "my-policy", "policyNamespace": "my-namespace", "replicatePolicyName": "my-namespace.my-policy", "replicatedPolicyNamespace": "my-cluster", "error": "policies.policy.open-cluster-management.io \"my-namespace.my-policy\" is forbidden: unable to create new content in namespace my-cluster because it is being terminated"}
```
and the propagation is not re-attempted.
Expected results:
When the cluster namespace is re-created after it finishes terminating, the policy should be automatically propagated to it automatically within a reasonable amount of time.
Additional info:
- is cloned by
-
ACM-5310 [2.6] Policy propagator does not requeue certain errors
-
- Closed
-