Bug 1969845
Summary: | Policy overview shows no violations | ||
---|---|---|---|
Product: | Red Hat Advanced Cluster Management for Kubernetes | Reporter: | Mihir Lele <mlele> |
Component: | GRC & Policy | Assignee: | Gus Parvin <gparvin> |
Status: | CLOSED ERRATA | QA Contact: | Derek Ho <dho> |
Severity: | high | Docs Contact: | Mikela Dockery <mdockery> |
Priority: | unspecified | ||
Version: | rhacm-2.2 | CC: | gghezzo, mouimet, njean |
Target Milestone: | --- | Flags: | dho:
qe_test_coverage-
ming: rhacm-2.2.z+ |
Target Release: | rhacm-2.2.6 | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-08-10 18:33:12 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Mihir Lele
2021-06-09 10:26:01 UTC
G2Bsync 860930112 comment gparvin Mon, 14 Jun 2021 19:17:35 UTC G2Bsync We have identified that this issue is working in a way that is not meeting our expectations for how policies should be applied across multiple namespaces. The engineer that began this investigation indicated the results seemed to intentionally return `Compliant` in this case, so we are trying to carefully determine if there was some scenario where this behavior was desired. Thank you SO much for bringing this to our attention! Hello, We are facing the exact same issue and I was about to open a bugzilla and finally found out this on. When we create a policy to check for the presence of a resource. As soon as one namespace does not comply to the policy, the policy should be in violation status. Idea: There should be a flag in the policy to specify if we want to report all namespaces or only on of the namespace specified in the namespaceselector. Similar to musthave and mustonlyhave, there could be a switch to specify something like mustallnamespace. Thanks ! Thanks @mouimet for the idea and capturing it in this Bugzilla. We will follow up after our review next week. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Red Hat Advanced Cluster Management 2.2.6 bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:3126 |