Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: compliance-operator-1.9.0
Affects Version/s: None
Component/s: Compliance Operator
Labels:
None

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Intelligence Requested:
Market:

Severity:
Low

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

PX Impact Score:

Description of problem:

The checkType was not set for some rules.
 
% cat testType.sh 
#/bin/bash
for rule in `oc get rules --no-headers | awk '{print $1}'`; do 
type=$(oc get rule $rule -o=jsonpath={.checkType})
if [[ "$type" != "Node" ]] && [[ "$type" != "Platform" ]]; then
echo $rule
fi
done
% ./testType.sh 
ocp4-accounts-restrict-service-account-tokens
ocp4-accounts-unique-service-account
ocp4-alert-receiver-configured
ocp4-etcd-backup
ocp4-file-groupowner-kubeconfig
ocp4-file-groupowner-proxy-kubeconfig
ocp4-file-owner-kubeconfig
ocp4-file-owner-proxy-kubeconfig
ocp4-file-permissions-kube-scheduler
ocp4-file-permissions-kubeconfig
ocp4-general-apply-scc
ocp4-general-configure-imagepolicywebhook
ocp4-general-default-namespace-use
ocp4-general-default-seccomp-profile
ocp4-general-namespace-separation
ocp4-general-namespaces-in-use
ocp4-general-network-separation
ocp4-general-node-separation
ocp4-kube-descheduler-podlifetime
ocp4-kubelet-disable-hostname-override
ocp4-liveness-readiness-probe-in-workload
ocp4-partition-for-var-log-kube-apiserver
ocp4-partition-for-var-log-oauth-apiserver
ocp4-partition-for-var-log-openshift-apiserver
ocp4-rbac-least-privilege
ocp4-rbac-limit-cluster-admin
ocp4-rbac-limit-secrets-access
ocp4-rbac-logging-del
ocp4-rbac-logging-mod
ocp4-rbac-logging-view
ocp4-rbac-pod-creation-access
ocp4-rbac-wildcard-use
ocp4-scc-drop-container-capabilities
ocp4-scc-limit-host-dir-volume-plugin
ocp4-scc-limit-host-ports
ocp4-scc-limit-ipc-namespace
ocp4-scc-limit-net-raw-capability
ocp4-scc-limit-network-namespace
ocp4-scc-limit-privilege-escalation
ocp4-scc-limit-privileged-containers
ocp4-scc-limit-process-id-namespace
ocp4-scc-limit-root-containers
ocp4-secrets-consider-external-storage
ocp4-secrets-no-environment-variables
ocp4-version-detect-in-hypershift
ocp4-version-detect-in-ocp
rhcos4-account-passwords-pam-faillock-dir
Rhcos4-account-use-centralized-automated-auth
...

Version-Release number of selected component (if applicable):

4.18.0-0.nightly-2024-12-15-202509 + compliance-operator.v1.6.1

How reproducible:

Always

Steps to Reproduce:

    1. Install compliance-operator.v1.6.1
    2.
    3.

Actual results:

The checkType was not set for some rules

Expected results:

The checkType of the rules should be set properly.

Additional info:

Assignee:: Vincent Shen

Reporter:: Xiaojie Yuan

QA Contact:: Xiaojie Yuan

Product Manager:: Maria Simon Marcos

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2024/12/18 6:14 AM

Updated:: 2025/09/12 5:37 PM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates