check for completed backups and update compliant messages (https://issues.redhat.com/browse/ACM-14460)

community/CM-Configuration-Management/acm-app-pv-backup/resources/policies/oadp-hdr-app-backup.yaml

@@ -78,15 +78,21 @@ spec:
             {{hub end hub}}
           remediationAction: inform
           severity: high
+          customMessage:
+            compliant: |
+              The schedule {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> phase is not FailedValidation.{{hub end hub}}
+            noncompliant: |
+              The schedule {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> phase is FailedValidation. {{hub end hub}}
+
     - objectDefinition:
         apiVersion: policy.open-cluster-management.io/v1
         kind: ConfigurationPolicy
         metadata:
-          name: check-backup-completed
+          name: check-backup-error
         spec:
           object-templates-raw: |
             {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}}
-            - complianceType: musthave
+            - complianceType: mustnothave
               objectDefinition:
                 apiVersion: velero.io/v1
                 kind: Backup
@@ -97,15 +103,21 @@ spec:
                     cluster-id: '{{ fromClusterClaim "id.openshift.io" }}'
                     cluster-name: '{{ fromClusterClaim "name" }}'
                 status:
-                  phase: Completed
+                  phase: Error
                   startTimestamp: '{{ (lookup "velero.io/v1" "Schedule" "{{hub $configMap.data.backupNS hub}}" "{{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}{{hub end hub}}-{{hub (printf "%s" .ManagedClusterName) hub}}").status.lastBackup }}'
           remediationAction: inform
           severity: high
+          customMessage:
+            compliant: |
+              There is no Backup with a startTimestamp matching the schedule {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.status.lastBackup and having an Error phase.{{hub end hub}}
+            noncompliant: |
+              The Backup with a startTimestamp matching the {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.status.lastBackup was found and has an Error phase. {{hub end hub}}
+
     - objectDefinition:
         apiVersion: policy.open-cluster-management.io/v1
         kind: ConfigurationPolicy
         metadata:
-          name: check-backup-error
+          name: check-backup-failed-validation
         spec:
           object-templates-raw: |
             {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}}
@@ -120,15 +132,21 @@ spec:
                     cluster-id: '{{ fromClusterClaim "id.openshift.io" }}'
                     cluster-name: '{{ fromClusterClaim "name" }}'
                 status:
-                  phase: Error
+                  phase: FailedValidation
                   startTimestamp: '{{ (lookup "velero.io/v1" "Schedule" "{{hub $configMap.data.backupNS hub}}" "{{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}{{hub end hub}}-{{hub (printf "%s" .ManagedClusterName) hub}}").status.lastBackup }}'
           remediationAction: inform
           severity: high
+          customMessage:
+            compliant: |
+              There is no Backup with a startTimestamp matching the schedule {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.status.lastBackup and having a FailedValidation phase.{{hub end hub}}
+            noncompliant: |
+              The Backup with a startTimestamp matching the {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.status.lastBackup was found and has a FailedValidation phase. {{hub end hub}}
+
     - objectDefinition:
         apiVersion: policy.open-cluster-management.io/v1
         kind: ConfigurationPolicy
         metadata:
-          name: check-backup-failed-validation
+          name: check-backup-partially-failed
         spec:
           object-templates-raw: |
             {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}}
@@ -143,15 +161,21 @@ spec:
                     cluster-id: '{{ fromClusterClaim "id.openshift.io" }}'
                     cluster-name: '{{ fromClusterClaim "name" }}'
                 status:
-                  phase: FailedValidation
+                  phase: PartiallyFailed
                   startTimestamp: '{{ (lookup "velero.io/v1" "Schedule" "{{hub $configMap.data.backupNS hub}}" "{{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}{{hub end hub}}-{{hub (printf "%s" .ManagedClusterName) hub}}").status.lastBackup }}'
           remediationAction: inform
           severity: high
+          customMessage:
+            compliant: |
+              There is no Backup with a startTimestamp matching the schedule {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.status.lastBackup and having a PartiallyFailed phase.{{hub end hub}}
+            noncompliant: |
+              The Backup with a startTimestamp matching the {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.status.lastBackup was found and has a PartiallyFailed phase. {{hub end hub}}
+
     - objectDefinition:
         apiVersion: policy.open-cluster-management.io/v1
         kind: ConfigurationPolicy
         metadata:
-          name: check-backup-partially-failed
+          name: check-backup-no-status
         spec:
           object-templates-raw: |
             {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}}
@@ -166,19 +190,25 @@ spec:
                     cluster-id: '{{ fromClusterClaim "id.openshift.io" }}'
                     cluster-name: '{{ fromClusterClaim "name" }}'
                 status:
-                  phase: PartiallyFailed
+                  phase: ''
                   startTimestamp: '{{ (lookup "velero.io/v1" "Schedule" "{{hub $configMap.data.backupNS hub}}" "{{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}{{hub end hub}}-{{hub (printf "%s" .ManagedClusterName) hub}}").status.lastBackup }}'
           remediationAction: inform
-          severity: high
+          severity: low
+          customMessage:
+            compliant: |
+              There is no Backup with a startTimestamp matching the schedule {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.status.lastBackup and having an empty phase.{{hub end hub}}
+            noncompliant: |
+              The Backup with a startTimestamp matching the {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.status.lastBackup was found and has an empty state. {{hub end hub}}
+
     - objectDefinition:
         apiVersion: policy.open-cluster-management.io/v1
         kind: ConfigurationPolicy
         metadata:
-          name: check-backup-no-status
+          name: check-backup-completed
         spec:
           object-templates-raw: |
             {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}}
-            - complianceType: mustnothave
+            - complianceType: musthave
               objectDefinition:
                 apiVersion: velero.io/v1
                 kind: Backup
@@ -189,7 +219,12 @@ spec:
                     cluster-id: '{{ fromClusterClaim "id.openshift.io" }}'
                     cluster-name: '{{ fromClusterClaim "name" }}'
                 status:
-                  phase: ''
-                  startTimestamp: '{{ (lookup "velero.io/v1" "Schedule" "{{hub $configMap.data.backupNS hub}}" "{{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}{{hub end hub}}-{{hub (printf "%s" .ManagedClusterName) hub}}").status.lastBackup }}'
+                  phase: Completed
+              {{hub end hub}}
           remediationAction: inform
-          severity: low
+          severity: high
+          customMessage:
+            compliant: |
+              There is at least one completed Backup generated by the {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.{{hub end hub}}
+            noncompliant: |
+              There is no completed Backup generated by the {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.{{hub end hub}}