Uploaded image for project: 'Cloud Infrastructure Security & Compliance'
  1. Cloud Infrastructure Security & Compliance
  2. CMP-1225

Decouple storage requirement from scan result processing

    XMLWordPrintable

Details

    • Compliance Operator Ephemeral Disk option
    • False
    • False
    • To Do
    • 0
    • 0% 0%
    • Approved

    Description

      Epic Goal

      • Implement an "ephemeral disk" or "skip" option for the raw result output. With the ephemeral option selected, the compliance scans will run and report their results as usual, but the raw results are thrown away instead of being saved to a PV.

      Why is this important?

      • The compliance operator currently requires persistent storage to be available. For some deployments, persistent storage is not available and requires proper configuration of the local storage operator first. Storage management also presents its own set of issues.
      • Customers may only be interested in the brief scan results especially for repeated scheduled scans, where they are only looking to see if the compliance state of the cluster changes between scans. In this situation skipping PVC loading will make the scans more efficient.
      • Raw results are mostly interesting in auditing situations and profile investigation. For day-to-day compliance monitoring of the cluster, not so much.
      • Future compliance-operator will have other options for result forwarding available.

      Scenarios

      • As an OCP admin, my cluster deployment has no need for/can't use persistent storage, but I still want to run the compliance operator without any additional configuration of the LSO. I don't care about the raw arf data, the overall cluster results are good enough.
      • As an OCP admin, I'm trying to use the compliance operator but I'm having unknown PV issues. Can I work around that?

      Acceptance Criteria

      • The compliance operator has the option to skip saving the raw results to persistent storage. Note this does NOT include a requirement to support sending the raw results to another source.

      Dependencies (internal and external)

      • NA

      Previous Work (Optional):

      • NA

      Open questions::

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Downstream documentation merged: <link to meaningful PR>

      Attachments

        Issue Links

          clones

          Feature Request - Feature requests from customers and/or users CMP-1893 Compliance Operator Ephemeral Disk option

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Refinement
          links to

          Web Link KCS

          Activity

            People

              wenshen@redhat.com Vincent Shen
              dcaspin@redhat.com Doron Caspin
              Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: