+++ This bug was initially created as a clone of Bug #2044304 +++ Description of problem: Currently, it is possible to add a managedPolicy in a ClusterGroupUpgrade manifest that is already enforced. Version-Release number of selected component (if applicable): 4.10 How reproducible: Always Steps to Reproduce: 1. Create an enforced ACM policy by creating an ACM policy directly or a PGT with the remediationAction equals to enforce 2. Verify that the policy is patching the targeted clusters 3. Create a CGU manifest that includes the previous enforced policy Actual results: A copy of the previous enforced policy is created by the UOCR in enforce mode too Expected results: No copy policy needs to be created by the UOCR since the original policy was set to enforce. Additional info:
*** Bug 2072604 has been marked as a duplicate of this bug. ***
Verified in latest 4.10 TALM build. Enforce policies are ignored. 2022-07-07T18:41:25.355Z INFO controllers.ClusterGroupUpgrade [doManagedPoliciesExist] Ignoring policy common-config-policy with remediationAction enforce 2022-07-07T18:41:25.355Z INFO controllers.ClusterGroupUpgrade [doManagedPoliciesExist] Ignoring policy common-subscriptions-policy with remediationAction enforce
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.10.22 extras update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:5514