search

open-cluster-management-io / policy-generator-plugin

A Kustomize generator plugin to generate Open Cluster Management policies
Apache License 2.0
29 stars 31 forks source link

Annotations on the PolicyGenerator CR causes failure #95

Closed kenmoini closed 1 year ago

kenmoini commented 1 year ago

So when creating a PolicyGenerator with a defined .metadata.annotations section causes it to fail generation. Not sure if this is intended or not, but figured I'd give it a little drop here in case the common metav1 stuff should be in there.

The PolicyGenerator CR:

apiVersion: policy.open-cluster-management.io/v1
kind: PolicyGenerator
metadata:
  name: additional-trust-bundle-pg
  # Removing the annotations below allows this to build
  annotations:
    argocd.argoproj.io/compare-options: IgnoreExtraneous
placementBindingDefaults:
  name: additional-trust-bundle-pg-pb
policyDefaults:
  namespace: rhacm-policies
  placement:
    placementRuleName: all-openshift-clusters
  remediationAction: enforce
  severity: high
  consolidateManifests: false # Put each object in its own ConfigurationPolicy in the Policy
  policySets: 
    - global-base-configuration
policies:
  - name: additional-trust-bundles
    manifests:
      - path: base

The kustomization.yml file:

generators:
  - policygenerator.yml
commonLabels:
  manifest-group: additional-trust-bundle

When running kustomize build --enable-alpha-plugins I get the following error:

$ kustomize build --enable-alpha-plugins

error processing the PolicyGenerator file '/var/folders/j0/wspjmhds20b2t63zpm9ycl4w0000gn/T/kust-plugin-config-2508743489': the PolicyGenerator configuration file is invalid: yaml: unmarshal errors:
  line 4: field annotations found but not defined { Name string "json:\"name,omitempty\" yaml:\"name,omitempty\"" }
Error: failure in plugin configured via /var/folders/j0/wspjmhds20b2t63zpm9ycl4w0000gn/T/kust-plugin-config-2508743489; exit status 1: exit status 1

Removing the annotations from the PolicyGenerator CR works, and then I can add them back as desired via commonAnnotations in the kustomization.yml so not crucial (in my case) that PolicyGenerator doesn't take annotations I guess, but may not be intended.

Working CRs

apiVersion: policy.open-cluster-management.io/v1
kind: PolicyGenerator
metadata:
  name: additional-trust-bundle-pg
placementBindingDefaults:
  name: additional-trust-bundle-pg-pb
policyDefaults:
  namespace: rhacm-policies
  placement:
    placementRuleName: all-openshift-clusters
  remediationAction: enforce
  severity: high
  consolidateManifests: false # Put each object in its own ConfigurationPolicy in the Policy
  policySets: 
    - global-base-configuration
policies:
  - name: additional-trust-bundles
    manifests:
      - path: base
generators:
  - policygenerator.yml
commonLabels:
  manifest-group: additional-trust-bundle

commonAnnotations:
  argocd.argoproj.io/compare-options: IgnoreExtraneous
mprahl commented 1 year ago

@kenmoini, this is intentional. The two options are as you did with commonAnnotations or by using the policyAnnotations field: https://github.com/stolostron/policy-generator-plugin/blob/e32fb03ee061fc2ac422fa09ddd0fee9540015ea/docs/policygenerator-reference.yaml#L156-L158