2044304 – Upgrade: UOCR should not try to create an enforced copy of an already enforced policy

Bug 2044304 - Upgrade: UOCR should not try to create an enforced copy of an already enforced policy

Summary: Upgrade: UOCR should not try to create an enforced copy of an already enforce...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Telco Edge
Sub Component:
Version:	4.10
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	unspecified
Target Milestone:	---
Target Release:	4.11.0
Assignee:	melserng
QA Contact:	yliu1
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2072604 2072730
TreeView+	depends on / blocked

Reported:	2022-01-24 12:01 UTC by Alberto Losada
Modified:	2022-08-26 16:43 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-08-26 16:43:57 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Alberto Losada 2022-01-24 12:01:01 UTC

Description of problem:

Currently, it is possible to add a managedPolicy in a ClusterGroupUpgrade manifest that is already enforced.

Version-Release number of selected component (if applicable):
4.10

How reproducible:
Always

Steps to Reproduce:
1. Create an enforced ACM policy by creating an ACM policy directly or a PGT with the remediationAction equals to enforce
2. Verify that the policy is patching the targeted clusters
3. Create a CGU manifest that includes the previous enforced policy

Actual results:
A copy of the previous enforced policy is created by the UOCR in enforce mode too

Expected results:
No copy policy needs to be created by the UOCR since the original policy was set to enforce.

Additional info:

Comment 1 jun 2022-04-27 13:58:54 UTC

Change to verified to unblock backport to 4.10

Note You need to log in before you can comment on or make changes to this bug.