Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: 4.15.z
Affects Version/s: 4.13.z
Component/s: TALM Operator
Labels:
None

Regression:
No
Sprint:
CNF RAN Sprint 245, CNF RAN Sprint 247
sprint_count:
2
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Type:
Feature
Release Note Status:
Proposed
RH Private Keywords:
Target Version:

4.15.z

SFDC Cases Counter:
SFDC Cases Links:

Description of problem:

When trying to create a CGU targetting a policy that uses object-templates-raw the talm operator marks the CGU as invalid due to a validation error.

ERROR    controllers.ClusterGroupUpgrade    Policy is invalid    {"error": "leaf-hubs-deploy-ztp-pipeline: policy is missing its spec.policy-templates.objectDefinition.spec.object-templates"}


The validation should include object-templates-raw as well.

Version-Release number of selected component (if applicable):

4.13.X

How reproducible:

Always

Steps to Reproduce:

Use this policy:


apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
  annotations:
    policy.open-cluster-management.io/categories: CM Configuration Management
    policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
    policy.open-cluster-management.io/standards: NIST SP 800-53
    ran.openshift.io/ztp-deploy-wave: "15"
  name: leaf-hubs-apply-vendor-label
  namespace: ztp-policies
spec:
  disabled: false
  policy-templates:
  - objectDefinition:
      apiVersion: policy.open-cluster-management.io/v1
      kind: ConfigurationPolicy
      metadata:
        name: apply-vendor-label-to-leaf-hubs
      spec:
        evaluationInterval:
          compliant: 10m
          noncompliant: 10s
        namespaceselector:
          exclude:
          - kube-*
          include:
          - '*'
        object-templates-raw: |
          {{- range (lookup "cluster.open-cluster-management.io/v1" "ManagedCluster" "" "").items }}
          {{- if eq (index .metadata.labels "leaf-hub") "true" }}
          - complianceType: musthave
            objectDefinition:
              apiVersion: cluster.open-cluster-management.io/v1
              kind: ManagedCluster
              metadata:
                name: {{ .metadata.name }}
                labels:
                  vendor: "OpenShift"
          {{- end }}
          {{- end }}
        remediationAction: inform
        severity: low
  remediationAction: inform

Actual results:

CGU reads the policy and validation fails.

Expected results:

CGU reads the policy and creates the enforce version.

Additional info:

https://redhat-internal.slack.com/archives/C02EG99MR9C/p1699288532177459

blocks

OCPBUGS-25433 TALM doesn's support policies with object-templates-raw only

Verified

is cloned by

OCPBUGS-25433 TALM doesn's support policies with object-templates-raw only

Verified

links to

openshift-kni/cluster-group-upgrades-operator#727: OCPBUGS-22973: Support object-templates-raw for config policies

RHEA-2023:123645 OpenShift Container Platform 4.15.0 CNF vRAN extras update

mentioned on

Merge request - Updated US source to: 6bf386a Replace sub /var/lib mounts with parent /var/lib mount (#733)

Merge request - Updated US source to: 212b843 [release-4.14] OCPBUGS-25433: Support object-templates-raw for config policies (#734)

(1 mentioned on)

Assignee:: Steven Skeard

Reporter:: Mario Vazquez Cebrian

QA Contact:: Joshua Clark

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2023/11/06 5:01 PM

Updated:: 2024/02/28 8:38 PM

Resolved:: 2024/02/28 8:38 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates