Errata Tool added a comment - 2023/07/13 12:48 AM Since the problem described in this issue should be resolved in a recent advisory, it has been closed. For information on the advisory (OpenShift Compliance Operator bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:3630

Xiaojie Yuan added a comment - 2023/07/05 6:53 AM Verification pass with 4.14.0-0.nightly-2023-06-30-131338 + openshift-compliance-operator-bundle-container-1.1.0-4: $ oc get rule ocp4-oauth-login-template-set -o=jsonpath={.instructions} To verify that login template is properly set, do the following: $ oc get oauths cluster make sure that the login template is set in  the path .spec.templates.login.name, and references a valid $ oc get rule ocp4-oauth-logout-url-set -o=jsonpath={.instructions} Verify that the logout redirect setting in web console configuration is set: oc get console.config.openshift.io cluster -o jsonpath= '{.spec.authentication.logoutRedirect}{ "\n" }' $ oc get rule ocp4-oauth-provider-selection-set -o=jsonpath={.instructions} To verify that provider selection is properly set, do the following: $ oc get oauths cluster make sure that the provider selection is set in the path $ oc get rule ocp4-ocp-allowed-registries -o=jsonpath={.instructions} To verify that the allowed registries are configured, run the following: $ oc get image.config.openshift.io cluster -ojsonpath= '{.spec.registrySources.allowedRegistries}' make sure the output is not empty and matches the registries that you wish to allow. $ oc get rule ocp4-ocp-allowed-registries- for - import -o=jsonpath={.instructions} To verify that the allowed registries for import are configured, run the following: $ oc get image.config.openshift.io cluster -ojsonpath= '{.spec.allowedRegistriesForImport[:].domainName}' make sure the output is not empty and matches the registries that you wish to allow $ oc get rule ocp4-ocp-api-server-audit-log-maxbackup -o=jsonpath={.instructions} Run the following command: $ oc get configmap config -n openshift-apiserver -ojson | jq -r '.data[ "config.yaml" ]' | jq '.apiServerArguments[ "audit-log-maxbackup" ][0]' The output should return a value of 10 or as appropriate.

GitLab CEE Bot added a comment - 2023/06/14 2:47 PM CPaaS Service Account mentioned this issue in a merge request of isc-devel / Openshift Compliance Midstream on branch rhaos-4.12-rhel-8_ upstream _aa9a7d7d2c7eb9cbf2613d902f019678 : Updated US source to: 30f8329 fix: bash_ensure_mount_option_in_fstab/doc: param must start line, add types

GitLab CEE Bot added a comment - 2023/06/14 3:51 AM CPaaS Service Account mentioned this issue in a merge request of isc-devel / Openshift Compliance Midstream on branch rhaos-4.12-rhel-8_ upstream _92a18d1acc50769ccdb6ca24cd86e5b9 : Updated US source to: 9668d7f Merge pull request #10675 from jhrozek/gid_regression