Reenable Template Compliance Check


Ever since VMs and Templates/Images are separated and distinguished by the base_model name, namely Vm and MiqTemplate, the compliance check for templates is broken. Yes, you can still create a VM Compliance Check Policy and assign it to a template, but the compliance check will not go through.

Another related issue is scheduling a compliance check task for templates. Currently when create a new schedule task the available actions include VM Analysis, Template Analysis, VM Compliance Check, but NO Template Compliance Check. For VM Compliance Check, you can select a single VM using VM Selection Filter, but you cannot select a template. Thus there is no way to schedule a compliance check for a template.

This topic is to discuss the proper way to reenable template compliance check. There are two solutions. The first is to completely separate template from VM. The UI needs to add Template Compliance Policies under Control/Explore/Policies/Compliance Policies. Similarly when adding a new Schedule, the Action drop down list should provide a new option Template Compliance Check. This makes sense since VM Analysis and Template Analysis are already separate options there.

The second solution is to treat VM and Template the same when performing a compliance check. This requires some refactoring at the back end. In addition the UI needs to rename VM Compliance Check/Policies to VM and Template Compliance Check/Policies, it also needs to enable selection of a template when scheduling a compliance check task.


@bill, As we spoke about yesterday, I think the best approach might be to change the “towhat” notion on compliance policies (and policies in general) to an Array instead of a single item. This column is supposed to represent what kinds of things this policy can be attached to and to me it makes sense that it could point to multiple things. In this particular case it can point to Vm or MiqTemplate, but I can envision compliance policies that could point to those plus other things like Host, ForemanProvider, etc. By having an Array, this will also shield us from future work where we may want to completely separate the vms table into vms and miq_templates tables.