-
Bug
-
Resolution: Done
-
Major
-
ACM 2.8.Z
-
2
-
False
-
None
-
False
-
-
-
GRC Sprint 2023-16
-
No
getting the following error applying policy https://gist.github.com/brian-jarvis/7764610dadd7f13d80b566d2731c2889
Failed sync attempt to 04d7018965380591b5f31045e1e725ba151447be: one or more objects failed to apply, reason: Policy.policy.open-cluster-management.io "acm-observe" is invalid: [<nil>: Invalid value: "": "spec.policy-templates[5].extraDependencies[0]" must validate one and only one schema (oneOf). Found none valid, spec.policy-templates[5].extraDependencies[0].namespace: Too long: may not be longer than 0] (retried 5 times).
The policy is created from this generator
policies: - name: acm-observe remediationAction: enforce manifests: - path: namespace.yml - path: console.yml - path: pull-secret.yml - path: objectbucketclaim.yml - path: thanos-secret.yml extraDependencies: - name: acm-observe4 kind: ConfigurationPolicy compliance: "Compliant" - path: observability.yml extraDependencies: - name: thanos-secret kind: ConfigurationPolicy compliance: "Compliant"
The first ConfigurationPolicy has the extraDependency created as
- objectDefinition: apiVersion: policy.open-cluster-management.io/v1 extraDependencies: - apiVersion: policy.open-cluster-management.io/v1 compliance: Compliant kind: ConfigurationPolicy name: acm-observe4 namespace: bry-tam-policies-prod kind: ConfigurationPolicy metadata: name: thanos-secret
The second is created as, notice the extraDependencies is not part of the objectDefinition itself.
- extraDependencies: - apiVersion: policy.open-cluster-management.io/v1 compliance: Compliant kind: ConfigurationPolicy name: thanos-secret namespace: bry-tam-policies objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: acm-observe6
See https://redhat-internal.slack.com/archives/CU4QXLPQB/p1694016791286889 for discussion.
