Bug 1891846

Summary: When creating policy to trigger scan on RHACM managed cluster, the compliancesuite was not executed as expeted
Product: OpenShift Container Platform Reporter: xiyuan
Component: Compliance OperatorAssignee: Juan Antonio Osorio <josorior>
Status: CLOSED CURRENTRELEASE QA Contact: Prashant Dhamdhere <pdhamdhe>
Severity: high Docs Contact:
Priority: high    
Version: 4.6CC: josorior, mrogers, xiyuan
Target Milestone: ---   
Target Release: 4.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1892293 (view as bug list) Environment:
Last Closed: 2020-10-28 12:32:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1892293    

Description xiyuan 2020-10-27 14:08:33 UTC 
Description of Problem:
When creating policy to trigger scan on RHACM managed cluster, the compliancesuite was not executed as expeted. It reported "Failed to create policy template the namespace of the provided object does not match the namespace sent on the request"

Version-Release number of selected component (if applicable):
cluster version 4.6.1 with CO version 0.1.17
$ oc get clusterversion
NAME      VERSION   AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.6.1     True        False         5h8m    Cluster version is 4.6.1

How Reproducible:
Sometimes

Steps to Reproduce:
1. install RHACM on one cluster
2. import the other two clusters
3. apply policy(details refer to https://github.com/open-cluster-management/policy-collection/pull/36/files) to instlall CO by update value for remediationAction field: 'remediationAction: enforce'
4. apply policy(details refer to https://github.com/open-cluster-management/policy-collection/pull/37/files) to trigger compliancesuite on both cluster

Actual Results:
1. On one cluster, it reported "Failed to create policy template the namespace of the provided object does not match the namespace sent on the request"
$ oc get compliancesuite --all-namespaces 
No resources found

Expected Results:
1. on both clusters, the compliancesuite should be executed as expected:
$ kubectl get compliancesuites -n xiyuan10271 e8
NAME   PHASE   RESULT
e8     DONE    NON-COMPLIANT

Additional info:
https://github.com/openshift/compliance-operator/pull/462 should be backport it to the 4.6 branch