Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-21618

FIPS validation fails to run in the catalog pipelines

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • None
    • ACM 2.14.0, MCE 2.9.0
    • Security
    • False
    • Hide

      None

      Show
      None
    • False
    • Critical
    • None

      Description of problem:

      The pipeline running the fips check is for our dev catalog.  Apparently it looks different enough from our published content that it can't figure out what's already been published and the scan runs against all images.  Because of this we don't get an automated FIPS scan and we could be exposed to an image failing FIPS readiness unexpectedly.

      There is a konflux users issue opened: https://issues.redhat.com/browse/KFLUXSPRT-3685
      slack: https://redhat-internal.slack.com/archives/C04PZ7H0VA8/p1749845889920459

      Version-Release number of selected component (if applicable):

      ACM 2.14 and MCE 2.9 each fail.

      How reproducible:

      Always

      Steps to Reproduce:

      1. Run the actions in the PRs for the FIPS mirror content
      2. https://github.com/stolostron/acm-mce-operator-catalogs/pull/231
      3. https://github.com/stolostron/acm-mce-operator-catalogs/pull/232

      Actual results:

      Crash in FIPS actions.

      Expected results:

      Results indicating whether images pass or fail the scan.

      Additional info:

       

              bseref Boran Seref
              gparvin-redhat Gus Parvin
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: