Description of the problem: GRC policies is not getting propagated for cluster-admin users. The policies get deployed on the managed clusters if the policies are created using the kubeadmin user. Release version: ACM 2.6.2 Steps to reproduce: Login to the ACM UI and create a GRC policy Actual results: Placementrule is not read by the propagator and hence policy does not get propagated to the managed clusters (local-cluster and one imported managed cluster) Expected results: Policy should get propagated to the managed clusters. Additional info: 1) Policy gets propagated if the customer creates it using kubeadmin user 2) ACM UI is being used to create these policies 3) Customer does not have any gitops integration in this environment 4) Users are externally authenticated AD users that have cluster-admin role assigned to them Workaround: Manually edit the placementrule and remove the user and group annotations.
While the support case was closed with an unclear resolution, we believe the problem was with the syncing of the groups from LDAP to OpenSHift. The last recommendation was to redirect the support ticket to OpenShift for troubleshooting. Please follow up if any additional support is needed here. Thanks