Description of problem:
Customer has created a "Policy" with a "ConfigurationPolicy" that uses "complianceType: musthave" to ensure a LimitRange is always defined. "remediationAction: enforce" is set to make sure that the object is always applied.
For most clusters, this works as expected. However the customer observed that RHACM reports that the Policy is showing "compliant: Compliant", when looking at certain objects directly, they can see that some objects are NOT compliant (despite the overall Policy being reported as "Compliant").
This behaviour is visible in the following video: https://drive.google.com/file/d/12BVOeUYMYXFd4sVksnuSQuVGx0xexmbI/view
Version-Release number of selected component (if applicable):
- advanced-cluster-management.v2.6.4
- OpenShift Container Platform 4.11.33
How reproducible:
Always at customer
Steps to Reproduce:
- Create a "Policy" with a "ConfigurationPolicy" that uses "complianceType: musthave" to ensure a LimitRange object is always defined and apply it to multiple clusters
- Observe that the Policy reports as "Compliant"
Actual results:
Despite the Policy reporting as "Compliant", certain objects are showing violations
Expected results:
When a Policy reports as "Compliant", all objects are compliant and there are no violations when "remediationAction: enforce" is set.
Additional info:
- Support Case 03497395
- Video showing the issue: https://drive.google.com/file/d/12BVOeUYMYXFd4sVksnuSQuVGx0xexmbI/view
- Policy YAML attached below
- ACM must-gather available in the Support CaseĀ
- clones
-
ACM-5175 Policy shows as "Compliant" despite there being violations
-
- Closed
-