Bug 2072730

Summary: Upgrade: UOCR should not try to create an enforced copy of an already enforced policy
Product: OpenShift Container Platform Reporter: OpenShift BugZilla Robot <openshift-bugzilla-robot>
Component: Telco EdgeAssignee: melserng
Telco Edge sub component: RAN QA Contact: yliu1
Status: CLOSED ERRATA Docs Contact:
Severity: low    
Priority: low CC: jun, keyoung, mcornea, melserng
Version: 4.10   
Target Milestone: ---   
Target Release: 4.10.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-07-11 15:28:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2044304    
Bug Blocks: 2072604    

Description OpenShift BugZilla Robot 2022-04-06 21:07:48 UTC 
+++ This bug was initially created as a clone of Bug #2044304 +++

Description of problem:

Currently, it is possible to add a managedPolicy in a ClusterGroupUpgrade manifest that is already enforced.

Version-Release number of selected component (if applicable):
4.10

How reproducible:
Always

Steps to Reproduce:
1. Create an enforced ACM policy by creating an ACM policy directly or a PGT with the remediationAction equals to enforce
2. Verify that the policy is patching the targeted clusters
3. Create a CGU manifest that includes the previous enforced policy

Actual results:
A copy of the previous enforced policy is created by the UOCR in enforce mode too

Expected results:
No copy policy needs to be created by the UOCR since the original policy was set to enforce.

Additional info:
Comment 2 jun 2022-05-05 16:17:21 UTC 
*** Bug 2072604 has been marked as a duplicate of this bug. ***
Comment 5 yliu1 2022-07-07 18:43:13 UTC 
Verified in latest 4.10 TALM build. 
Enforce policies are ignored. 

2022-07-07T18:41:25.355Z	INFO	controllers.ClusterGroupUpgrade	[doManagedPoliciesExist] Ignoring policy common-config-policy with remediationAction enforce
2022-07-07T18:41:25.355Z	INFO	controllers.ClusterGroupUpgrade	[doManagedPoliciesExist] Ignoring policy common-subscriptions-policy with remediationAction enforce
Comment 7 errata-xmlrpc 2022-07-11 15:28:27 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.10.22 extras update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:5514