Skip to content

Commit

Permalink
check for completed backups and update compliant messages
Browse files Browse the repository at this point in the history
Signed-off-by: Valentina Birsan <[email protected]>
(cherry picked from commit be0ebf2)
  • Loading branch information
birsanv authored and magic-mirror-bot[bot] committed Sep 26, 2024
1 parent 7e9a4a0 commit bfd0e26
Showing 1 changed file with 50 additions and 15 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -78,15 +78,21 @@ spec:
{{hub end hub}}
remediationAction: inform
severity: high
customMessage:
compliant: |
The schedule {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> phase is not FailedValidation.{{hub end hub}}
noncompliant: |
The schedule {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> phase is FailedValidation. {{hub end hub}}
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
name: check-backup-completed
name: check-backup-error
spec:
object-templates-raw: |
{{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}}
- complianceType: musthave
- complianceType: mustnothave
objectDefinition:
apiVersion: velero.io/v1
kind: Backup
Expand All @@ -97,15 +103,21 @@ spec:
cluster-id: '{{ fromClusterClaim "id.openshift.io" }}'
cluster-name: '{{ fromClusterClaim "name" }}'
status:
phase: Completed
phase: Error
startTimestamp: '{{ (lookup "velero.io/v1" "Schedule" "{{hub $configMap.data.backupNS hub}}" "{{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}{{hub end hub}}-{{hub (printf "%s" .ManagedClusterName) hub}}").status.lastBackup }}'
remediationAction: inform
severity: high
customMessage:
compliant: |
There is no Backup with a startTimestamp matching the schedule {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.status.lastBackup and having an Error phase.{{hub end hub}}
noncompliant: |
The Backup with a startTimestamp matching the {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.status.lastBackup was found and has an Error phase. {{hub end hub}}
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
name: check-backup-error
name: check-backup-failed-validation
spec:
object-templates-raw: |
{{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}}
Expand All @@ -120,15 +132,21 @@ spec:
cluster-id: '{{ fromClusterClaim "id.openshift.io" }}'
cluster-name: '{{ fromClusterClaim "name" }}'
status:
phase: Error
phase: FailedValidation
startTimestamp: '{{ (lookup "velero.io/v1" "Schedule" "{{hub $configMap.data.backupNS hub}}" "{{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}{{hub end hub}}-{{hub (printf "%s" .ManagedClusterName) hub}}").status.lastBackup }}'
remediationAction: inform
severity: high
customMessage:
compliant: |
There is no Backup with a startTimestamp matching the schedule {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.status.lastBackup and having a FailedValidation phase.{{hub end hub}}
noncompliant: |
The Backup with a startTimestamp matching the {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.status.lastBackup was found and has a FailedValidation phase. {{hub end hub}}
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
name: check-backup-failed-validation
name: check-backup-partially-failed
spec:
object-templates-raw: |
{{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}}
Expand All @@ -143,15 +161,21 @@ spec:
cluster-id: '{{ fromClusterClaim "id.openshift.io" }}'
cluster-name: '{{ fromClusterClaim "name" }}'
status:
phase: FailedValidation
phase: PartiallyFailed
startTimestamp: '{{ (lookup "velero.io/v1" "Schedule" "{{hub $configMap.data.backupNS hub}}" "{{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}{{hub end hub}}-{{hub (printf "%s" .ManagedClusterName) hub}}").status.lastBackup }}'
remediationAction: inform
severity: high
customMessage:
compliant: |
There is no Backup with a startTimestamp matching the schedule {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.status.lastBackup and having a PartiallyFailed phase.{{hub end hub}}
noncompliant: |
The Backup with a startTimestamp matching the {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.status.lastBackup was found and has a PartiallyFailed phase. {{hub end hub}}
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
name: check-backup-partially-failed
name: check-backup-no-status
spec:
object-templates-raw: |
{{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}}
Expand All @@ -166,19 +190,25 @@ spec:
cluster-id: '{{ fromClusterClaim "id.openshift.io" }}'
cluster-name: '{{ fromClusterClaim "name" }}'
status:
phase: PartiallyFailed
phase: ''
startTimestamp: '{{ (lookup "velero.io/v1" "Schedule" "{{hub $configMap.data.backupNS hub}}" "{{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}{{hub end hub}}-{{hub (printf "%s" .ManagedClusterName) hub}}").status.lastBackup }}'
remediationAction: inform
severity: high
severity: low
customMessage:
compliant: |
There is no Backup with a startTimestamp matching the schedule {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.status.lastBackup and having an empty phase.{{hub end hub}}
noncompliant: |
The Backup with a startTimestamp matching the {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.status.lastBackup was found and has an empty state. {{hub end hub}}
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
name: check-backup-no-status
name: check-backup-completed
spec:
object-templates-raw: |
{{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}}
- complianceType: mustnothave
- complianceType: musthave
objectDefinition:
apiVersion: velero.io/v1
kind: Backup
Expand All @@ -189,7 +219,12 @@ spec:
cluster-id: '{{ fromClusterClaim "id.openshift.io" }}'
cluster-name: '{{ fromClusterClaim "name" }}'
status:
phase: ''
startTimestamp: '{{ (lookup "velero.io/v1" "Schedule" "{{hub $configMap.data.backupNS hub}}" "{{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}{{hub end hub}}-{{hub (printf "%s" .ManagedClusterName) hub}}").status.lastBackup }}'
phase: Completed
{{hub end hub}}
remediationAction: inform
severity: low
severity: high
customMessage:
compliant: |
There is at least one completed Backup generated by the {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.{{hub end hub}}
noncompliant: |
There is no completed Backup generated by the {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.{{hub end hub}}

0 comments on commit bfd0e26

Please sign in to comment.