Uploaded image for project: 'Cloud Infrastructure Security & Compliance'
  1. Cloud Infrastructure Security & Compliance
  2. CMP-1225

Decouple storage requirement from scan result processing

XMLWordPrintable

      Epic Goal

      • Implement "skip" option for the raw result output. With the ephemeral option selected, the compliance scans will run and report their results as usual, but the raw results are thrown away instead of being saved to a PV.

      Why is this important?

      • The compliance operator currently requires persistent storage to be available. For some deployments, persistent storage is not available and requires proper configuration of the local storage operator first. Storage management also presents its own set of issues.
      • Customers may only be interested in the brief scan results especially for repeated scheduled scans, where they are only looking to see if the compliance state of the cluster changes between scans. In this situation skipping PVC loading will make the scans more efficient.
      • Raw results are mostly interesting in auditing situations and profile investigation. For day-to-day compliance monitoring of the cluster, not so much.
      • Future compliance-operator will have other options for result forwarding available.

      Scenarios

      • As an OCP admin, my cluster deployment has no need for/can't use persistent storage, but I still want to run the compliance operator without any additional configuration of the LSO. I don't care about the raw arf data, the overall cluster results are good enough.
      • As an OCP admin, I'm trying to use the compliance operator but I'm having unknown PV issues. Can I work around that?

      Acceptance Criteria

      • The compliance operator has the option to skip saving the raw results to persistent storage. Note this does NOT include a requirement to support sending the raw results to another source.

      Dependencies (internal and external)

      • NA

      Previous Work (Optional):

      • NA

      Open questions::

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Downstream documentation merged: <link to meaningful PR>

              wenshen@redhat.com Vincent Shen
              rh-ee-masimonm Maria Simon Marcos
              Votes:
              3 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: