Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: None
Affects Version/s: 4.14.z
Component/s: Compliance Operator
Labels:
- pre-merge-verified
- regression

Severity:
Moderate
Regression:
No
Epic Link:
co-1.4.0-bugs
Blocked:
False
Blocked Reason:

Hide

None

Show
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

Ovs rules not available in scans for profile ocp4-cis-node for compliance-operator.v1.4.0
$ oc compliance bind -N test profile/ocp4-cis profile/ocp4-cis-node
Creating ScanSettingBinding test
$ oc get ccr | grep -i ovs
$
Or if
if try to upgrade from  compliance-operator.v1.3.1 to compliance-operator.v1.4.0. the ovs rules scan result will be updated from PASS to NOT-APPLICABLE : 
$ oc get ccr | grep -i ovs 
ocp4-cis-node-master-file-permissions-ovs-conf-db                                      NOT-APPLICABLE   medium 
ocp4-cis-node-master-file-permissions-ovs-conf-db-lock                                 NOT-APPLICABLE   medium 
ocp4-cis-node-master-file-permissions-ovs-pid                                          NOT-APPLICABLE   medium 
ocp4-cis-node-master-file-permissions-ovs-sys-id-conf                                  NOT-APPLICABLE   medium 
ocp4-cis-node-master-file-permissions-ovs-vswitchd-pid                                 NOT-APPLICABLE   medium 
ocp4-cis-node-master-file-permissions-ovsdb-server-pid                                 NOT-APPLICABLE   medium 
ocp4-cis-node-worker-file-permissions-ovs-conf-db                                      NOT-APPLICABLE   medium 
ocp4-cis-node-worker-file-permissions-ovs-conf-db-lock                                 NOT-APPLICABLE   medium 
ocp4-cis-node-worker-file-permissions-ovs-pid                                          NOT-APPLICABLE   medium 
ocp4-cis-node-worker-file-permissions-ovs-sys-id-conf                                  NOT-APPLICABLE   medium 
ocp4-cis-node-worker-file-permissions-ovs-vswitchd-pid                                 NOT-APPLICABLE   medium 
ocp4-cis-node-worker-file-permissions-ovsdb-server-pid                                 NOT-APPLICABLE   medium

Version-Release number of selected component (if applicable):

 4.14.0-0.nightly-2023-12-12-073004 + compliance-operator.v1.4.

How reproducible:

  Always

Steps to Reproduce:

1. Install compliance-operator.v1.4.0 and create a ssb with command: $ oc compliance bind -N test profile/ocp4-cis profile/ocp4-cis-node

Or you can also install compliance-operator.v1.3.1 and trigger the scan with command 
$ oc compliance bind -N test profile/ocp4-cis profile/ocp4-cis-node, and then upgrade CO to compliance-operator.v1.4.0

Actual results:

For compliance-operator.v1.4.0 fresh install, the result doesn't contain ovs rules.  
For upgrade, the ovs rules will become NOT-applicable for all ovs rules.

Expected results:

The result should contain ovs rules and ovs rules should show PASS.

Additional info:

 The result is the same on SDN and OVN clusters on a 4.14 cluster

links to

RHBA-2023:7658 OpenShift Compliance Operator bug fix and enhancement update

Assignee:: Lance Bragstad

Reporter:: Xiaojie Yuan

QA Contact:: Bhargavi Gudi

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2023/12/13 9:44 AM

Updated:: 2024/01/04 1:08 AM

Resolved:: 2024/01/04 1:08 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates