XML

Word

Printable

Type: Epic
Resolution: Done-Errata
Priority: Critical
Fix Version/s: compliance-operator-1.7.0
Affects Version/s: None
Component/s: None
Labels:
None

Epic Name:
co-arm-support
Activity Type:
Product / Portfolio Work
Story Points:
0
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Color Status:
Not Selected
Epic Status:
In Progress
Feature Link:
CMP-2960 - Compliance Operator support on ARM (CIS OCP 1.7.0 and FedRAMP Moderate Revision 4)
Parent Link:
CMP-2960Compliance Operator support on ARM (CIS OCP 1.7.0 and FedRAMP Moderate Revision 4)
Hierarchy Progress Bar:

0% To Do, 0% In Progress, 100% Done

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

PX Impact Score:
PX Review Complete:

Intelligence Requested:
Market:

Epic Goal

Implement support and testing for running the Compliance Operator on ARM clusters.

Why is this important?

Several OpenShift users are using ARM, and it provides cost savings, which we could leverage in CI.

Scenarios

As a user, I want to be able to install the Compliance Operator on an ARM OpenShift cluster and leverage it to scan the environment, so that I can use the findings in audit reports
As an OpenShift engineer, I want my patches to be tested on ARM clusters so that we prevent regressions on ARM architecture when releasing the Compliance Operator.

Acceptance Criteria

Must have periodic weekly CI that runs some subset of profiles on ARM architecture
Must have gating CI jobs in the ComplianceAsCode/compliance-operator repository that tests each PR on an ARM cluster
Must set the appropriate ARM architecture annotations in bundle metadata.

Dependencies (internal and external)

Previous Work (Optional):

Open questions::

Done Checklist

CI - CI is running, tests are automated and merged.
Release Enablement <link to Feature Enablement Presentation>
DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
DEV - Downstream build attached to advisory: <link to errata>
QE - Test plans in Polarion: <link or reference to Polarion>
QE - Automated tests merged: <link or reference to automated tests>
DOC - Downstream documentation merged: <link to meaningful PR>

account is impacted by

CMP-3550 Rule audit-rules-unsuccessful-file-modification-unlink fail on arm

CMP-3575 Rule audit-rules-unsuccessful-file-modification-rename fail on arm

CMP-3598 Rule audit_rules_unsuccessful_file_modification_open_o_creat fail on ARM

CMP-3604 Rule audit_rules_unsuccessful_file_modification_open fails on ARM64 clusters

CMP-3621 Rule audit-rules-unsuccessful-file-modification-open-rule-order fail on arm

CMP-3633 Rule audit-rules-unsuccessful-file-modification-open-o-trunc-write fail on arm

is blocked by

CMP-3548 Rule audit-rules-time-stime fails on ARM64

CMP-3552 Rule audit-rules-unsuccessful-file-modification-open-o-creat fails on ARM64

CMP-3555 Rule audit-rules-unsuccessful-file-modification-rename fails on ARM64

CMP-3556 Rule audit-rules-etc-passwd-open fails on ARM64

CMP-3567 Rule audit-rules-unsuccessful-file-modification-chown fails on ARM64

CMP-3570 Rule audit-rules-unsuccessful-file-modification-chmod fails on ARM64

CMP-3572 Rule audit-rules-unsuccessful-file-modification-creat fails on ARM64

CMP-3573 Rule audit-rules-unsuccessful-file-modification-lchown fails on ARM64

CMP-3574 Rule audit-rules-unsuccessful-file-modification-open-o-trunc-write fails on ARM64

CMP-3576 Rule audit-rules-dac-modification-lchown fails on ARM64

CMP-3577 Rule audit-rules-unsuccessful-file-modification-open fails on ARM64

CMP-3584 Rule audit-rules-dac-modification-umount fails on ARM64

CMP-3585 Rule audit-rules-file-deletion-events-unlink fails on ARM64

CMP-3593 Rule audit-rules-file-deletion-events-rmdir fails on ARM64

CMP-3603 Rule audit-rules-file-deletion-events-rename fails on ARM64

CMP-3605 Rule audit-rules-etc-gshadow-open fails on ARM64

CMP-3609 Rule bios-enable-execution-restrictions fails on ARM64

CMP-3614 Rule audit-rules-dac-modification-chmod fails on ARM64

CMP-3616 Rule audit-rules-unsuccessful-file-modification-unlink fails on ARM64

CMP-3619 Rule audit-rules-dac-modification-chown fails on ARM64

CMP-3620 Rule audit-rules-etc-group-open fails on ARM64

CMP-3622 Rule audit-log-forwarding-uses-tls fails on ARM64

CMP-3627 Rule audit-rules-unsuccessful-file-modification-open-rule-order fails on ARM64

CMP-3631 Rule container-security-operator-exists fails on ARM64

CMP-3632 Rule security-profiles-operator-exists fails on ARM64

CMP-3634 Rule audit-rules-etc-shadow-open fails on ARM64

OCPBUGS-52884 Rule file-integrity-exists fails on ARM64 clusters

Closed

OCPBUGS-52885 Rule file-integrity-notification-enabled fails on ARM64 clusters

Closed

relates to

CMP-3115 Implement periodic profile CI that runs on ARM architecture

In Progress

links to

RHBA-2025:3728 OpenShift Compliance Operator 1.7.0

(1 account is impacted by, 28 is blocked by, 1 relates to, 1 links to)

1.	E2E Automation		Closed		Xiaojie Yuan
2.	CI Integration		Closed		Bhargavi Gudi

Assignee:: Lance Bragstad

Reporter:: Lance Bragstad

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/01/28 9:28 PM

Updated:: 2025/09/12 9:14 PM

Resolved:: 2025/04/28 7:59 AM

Details

Description

Epic Goal

Why is this important?

Scenarios

Acceptance Criteria

Dependencies (internal and external)

Previous Work (Optional):

Open questions::

Done Checklist

Attachments

Issue Links

Easy Agile Planning Poker

Sub-Tasks

Activity

People

Dates