-
Feature Request
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
-
Product / Portfolio Work
-
None
-
False
-
-
None
-
None
-
None
-
-
None
-
None
-
None
-
None
-
None
1. Proposed title of this feature request
Enhanced Filtering for Policy Violation Results in ACM Governance UI
2. What is the nature and description of the request?
In ACM’s Governance → Policies → Results view, policy violations are displayed when applied policies detect non-compliant resources across clusters. However, the current UI lacks the ability to filter or search through these violations, which often exceed hundreds or even thousands of entries per policy.
This feature request aims to add granular, resource-level filtering capabilities to the violation results view of individual policies — allowing users to quickly narrow down violations by Namespace, Resource kind, Resource name, Message content, and Cluster.
Goals
- Provide a more usable and scalable UI experience for users dealing with high-volume policy violations.
- Allow fine-grained filtering in the policy detail view, not just at the governance overview or cluster level.
- Enable quick root-cause identification and violation triage across large OpenShift deployments.
Requirements
| Requirement | Notes | isMvp? |
|---|---|---|
| Add filtering controls in the “Policy → Results” view | Should allow client- or server-side filtering of violation rows | ✅ YES |
| Filter by Namespace | Based on metadata in violation | ✅ YES |
| Filter by Resource kind (e.g., Pod, Deployment) | Based on metadata in violation | ✅ YES |
| Filter by Resource name | Useful for targeting specific workloads | ✅ YES |
| Filter by Violation message content | Supports quick textual search of causes | ✅ YES |
| Filter by Cluster | Especially important in multi-cluster environments | ✅ YES |
| Pagination and sorting improvements | Improve usability alongside filters | ❌ NO (Nice to have) |
| Export filtered results (optional) | For auditing or reporting | ❌ NO |
Use Cases
- As a platform admin, I apply a Rego-based policy that scans for disallowed hostPath mounts. It results in 600+ violations. I want to filter by Namespace and violation message to quickly identify critical workloads affected.
- As a security engineer, I need to review policy violations only in production clusters or specific namespaces (e.g., banking-prod-*).
- As a cluster operator, I want to investigate Pod-level violations flagged by a Kyverno policy, and need to search for specific pod names among hundreds of entries.
Related and Complementary Features (Jira Links)
This feature builds upon and complements several ongoing initiatives:
- ACM-15338: Cluster infrastructure-oriented Governance UX
- ACM-18496: [RFE] ACM custom annotations for policies.
- ACM-15339: Refresh Governance Overview & Dashboard
This request is distinct in that it targets the resource-level view of violations within a specific policy, not metadata-based filtering across clusters or policies.
Out of Scope
- Cross-policy search or filtering across the full governance space (i.e., across policies or clusters simultaneously)
- Automatic remediation or bulk fixes via this UI
- Custom sorting logic based on severity (covered in other RFEs)
3. Why does the customer need this? (List the business requirements here)
- large OpenShift fleets often generate 100s or 1000s of policy violations per policy.
- Without filtering, the current ACM UI becomes unusable for triage and root cause analysis.
- Aligns with ACM's strategic goals of enterprise-scale governance, compliance observability, and security-first UX.
4. List any affected packages or components.
RHACM - GRC -UI