Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: 4.14.z
Affects Version/s: 4.13.z
Component/s: TALM Operator
Labels:
- PotentialErrataMiss

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
None
Regression:
No

Target Backport Versions:
None
Target Version:

4.14.z
Release Blocker:
None
Sprint:
CNF RAN Sprint 245, CNF RAN Sprint 247
sprint_count:
2

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Release Note Status:
Proposed
Release Note Type:
Feature
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

When trying to create a CGU targetting a policy that uses object-templates-raw the talm operator marks the CGU as invalid due to a validation error.

ERROR    controllers.ClusterGroupUpgrade    Policy is invalid    {"error": "leaf-hubs-deploy-ztp-pipeline: policy is missing its spec.policy-templates.objectDefinition.spec.object-templates"}


The validation should include object-templates-raw as well.

Version-Release number of selected component (if applicable):

4.13.X

How reproducible:

Always

Steps to Reproduce:

Use this policy:


apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
  annotations:
    policy.open-cluster-management.io/categories: CM Configuration Management
    policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
    policy.open-cluster-management.io/standards: NIST SP 800-53
    ran.openshift.io/ztp-deploy-wave: "15"
  name: leaf-hubs-apply-vendor-label
  namespace: ztp-policies
spec:
  disabled: false
  policy-templates:
  - objectDefinition:
      apiVersion: policy.open-cluster-management.io/v1
      kind: ConfigurationPolicy
      metadata:
        name: apply-vendor-label-to-leaf-hubs
      spec:
        evaluationInterval:
          compliant: 10m
          noncompliant: 10s
        namespaceselector:
          exclude:
          - kube-*
          include:
          - '*'
        object-templates-raw: |
          {{- range (lookup "cluster.open-cluster-management.io/v1" "ManagedCluster" "" "").items }}
          {{- if eq (index .metadata.labels "leaf-hub") "true" }}
          - complianceType: musthave
            objectDefinition:
              apiVersion: cluster.open-cluster-management.io/v1
              kind: ManagedCluster
              metadata:
                name: {{ .metadata.name }}
                labels:
                  vendor: "OpenShift"
          {{- end }}
          {{- end }}
        remediationAction: inform
        severity: low
  remediationAction: inform

Actual results:

CGU reads the policy and validation fails.

Expected results:

CGU reads the policy and creates the enforce version.

Additional info:

https://redhat-internal.slack.com/archives/C02EG99MR9C/p1699288532177459

clones

OCPBUGS-22973 TALM doesn's support policies with object-templates-raw only

Closed

is blocked by

OCPBUGS-22973 TALM doesn's support policies with object-templates-raw only

Closed

links to

openshift-kni/cluster-group-upgrades-operator#734: [release-4.14] OCPBUGS-25433: Support object-templates-raw for config policies

RHEA-2024:128507 OpenShift Container Platform 4.14.5 CNF vRAN extras update

mentioned on

Merge request - Updated US source to: 212b843 [release-4.14] OCPBUGS-25433: Support object-templates-raw for config policies (#734)

Assignee:: Steven Skeard

Reporter:: OpenShift Prow Bot

Need Info From:: None

Contributors:: None

QA Contact:: Joshua Clark

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2023/12/14 11:11 PM

Updated:: 2025/07/24 11:46 AM

Resolved:: 2024/05/30 12:34 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates