-
Bug
-
Resolution: Done
-
Major
-
ACM 2.8.0, ACM 2.8.1
-
2
-
False
-
None
-
False
-
-
-
2
-
GRC Sprint 2023-09, GRC Sprint 2023-10
-
Important
-
No
Creating a policy with identical names succeeds. The ConfigurationPolicy is repeatedly overwritten by the template-sync, swapping out the two policies, and repeatedly updating the status with alternating statuses from the two policies.
For example, this policy has two ConfigurationPolicy templates both named policy-pod:
apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: name: dhaiduce-policy namespace: dhaiduce spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: policy-pod spec: namespaceSelector: exclude: - kube-* include: - default object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 kind: Pod metadata: name: dhaiduce-pod spec: containers: - name: nginx image: nginx:1.18.0 ports: - containerPort: 80 remediationAction: inform severity: low - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: policy-pod spec: object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: name: dhaiduce-pod remediationAction: inform severity: low
I'd expect this to fail and return a status that there is a duplicate name instead.
- is documented by
-
-
- Closed
-