Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: ACM 2.8.1
Affects Version/s: ACM 2.8.1
Component/s: GRC
Labels:

Story Points:
2
Blocked:
True
Blocked Reason:
https://issues.redhat.com/browse/ACM-5849 e2e test is broken. The e2e need to be fixed first
Ready:
False
Git Commit:
https://github.com/stolostron/config-policy-controller/pull/516/commits/6143136c9a1361f80cb154c04025aebe3bbb9dc4
Intelligence Requested:
Market:

Sprint:
GRC Sprint 2023-08, GRC Sprint 2023-09, GRC Sprint 2023-10
Severity:
Critical

Regression:
No

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Deploying a enforced ConfigurationPolicy with a valid template and then updating the template to be invalid caused the created object to be pruned. (I did it with hub templates, but I'd suspect managed cluster templates would have a similar behavior.)

expected: Not perform any deletion while in this error state.

2023-05-03T16:52:26.387Z	info	configuration-policy-controller	controllers/configurationpolicy_controller.go:914	An error occurred while processing hub-templates on the Hub cluster. Cannot process the policy.	{"policy": "dhaiduce", "message": "failed to parse the template JSON string {\"apiVersion\":\"policy.open-cluster-management.io/v1\",\"kind\":\"ConfigurationPolicy\",\"metadata\":{\"name\":\"dhaiduce\"},\"spec\":{\"object-templates\":[{\"complianceType\":\"musthave\",\"objectDefinition\":{\"apiVersion\":\"v1\",\"data\":{\"test\":\"{{hub with (lookup \\\"v1\\\" \\\"ConfigMap\\\" \\\"default\\\" .ManagedClusterName) -hub}}\\n  {{hub- if (empty .) -hub}}\\n    {{hub print \\\"default-value\\\" hub}}\\n  {{hub- else -hub}}\\n    {{hub (index . \\\"data\\\" \\\"endpoint-publishing-strategy\\\") hub}}{\\n  {hub- end -hub}}\\n{{hub- end hub}}\\n\"},\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"dhaiduce\",\"namespace\":\"default\"}}}],\"remediationAction\":\"inform\",\"severity\":\"low\"}}: template: tmpl:25: unexpected EOF"}
2023-05-03T16:52:26.387Z	info	configuration-policy-controller	controllers/configurationpolicy_controller.go:805	Setting the policy to noncompliant due to a templating error	{"policy": "dhaiduce", "error": "failed to parse the template JSON string {\"apiVersion\":\"policy.open-cluster-management.io/v1\",\"kind\":\"ConfigurationPolicy\",\"metadata\":{\"name\":\"dhaiduce\"},\"spec\":{\"object-templates\":[{\"complianceType\":\"musthave\",\"objectDefinition\":{\"apiVersion\":\"v1\",\"data\":{\"test\":\"{{hub with (lookup \\\"v1\\\" \\\"ConfigMap\\\" \\\"default\\\" .ManagedClusterName) -hub}}\\n  {{hub- if (empty .) -hub}}\\n    {{hub print \\\"default-value\\\" hub}}\\n  {{hub- else -hub}}\\n    {{hub (index . \\\"data\\\" \\\"endpoint-publishing-strategy\\\") hub}}{\\n  {hub- end -hub}}\\n{{hub- end hub}}\\n\"},\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"dhaiduce\",\"namespace\":\"default\"}}}],\"remediationAction\":\"inform\",\"severity\":\"low\"}}: template: tmpl:25: unexpected EOF"}
2023-05-03T16:52:26.387Z	info	configuration-policy-controller	controllers/configurationpolicy_controller.go:1348	Will update the policy status	{"policy": "dhaiduce", "complianceState": "NonCompliant"}
2023-05-03T16:52:26.398Z	info	configuration-policy-controller	controllers/configurationpolicy_controller.go:604	Object successfully deleted as part of child object pruning	{"policy": "dhaiduce", "groupVersionKind": "/v1, Kind=ConfigMap"}

clones

ACM-5301 Objects are pruned on templating errors

Closed

Assignee:: Yi Rae Kim

Reporter:: Dale Haiducek

QA Contact:: Derek Ho

Team:: ACM GRC & Gatekeeper

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2023/06/09 3:51 PM

Updated:: 2023/10/02 5:57 PM

Resolved:: 2023/10/02 5:57 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates