Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-33067

On hypershift hosted cluster, a scan with ocp4-pci-dss profile will run into fatal error due to filter cannot iterate

XMLWordPrintable

    • Important
    • Yes
    • CMP Sprint 81
    • 1
    • Proposed
    • False
    • Hide

      None

      Show
      None

      Description of problem:

       

      On hypershift hosted cluster, a scan with ocp4-pci-dss profile will run into fatal error due to filter cannot iterate:
% oc get pod
NAME                       READY  STATUS         RESTARTS    AGE
compliance-operator-9df95cb96-nnf57       1/1   Running         0       56m
ocp4-openshift-compliance-pp-65c57d68c9-kbwnt  1/1   Running         0       56m
ocp4-pci-dss-api-checks-pod           0/2   Init:CrashLoopBackOff  5 (115s ago)  5m28s
ocp4-pci-dss-rs-7f78f7d844-p2rmk         1/1   Running         0       5m28s
rhcos4-openshift-compliance-pp-78597f577-hvb4w  1/1   Running         0       56m
- containerID: cri-o://a53e03193ba1dfc5f632a3161978cf69d2694ec348aeafd6923b4bf3237d810a
  image: registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:5afa0530abe2a1a7e9db820afab5b06943438ffc5b7e7f1670ac77918ee12c02
  imageID: registry.redhat.io/compliance/openshift-compliance-rhel8-operator@sha256:5afa0530abe2a1a7e9db820afab5b06943438ffc5b7e7f1670ac77918ee12c02
  lastState:
   terminated:
    containerID: cri-o://a53e03193ba1dfc5f632a3161978cf69d2694ec348aeafd6923b4bf3237d810a
    exitCode: 1
    finishedAt: "2024-04-26T12:59:32Z"
    reason: Error
    startedAt: "2024-04-26T12:59:27Z"
  name: api-resource-collector
  ready: false
  restartCount: 4
  started: false
  state:
   waiting:
    message: back-off 1m20s restarting failed container=api-resource-collector
     pod=ocp4-pci-dss-api-checks-pod_openshift-compliance(f524cf39-2415-4146-a380-043a90c60b21)
    reason: CrashLoopBackOff
$ oc logs pod/ocp4-pci-dss-api-checks-pod --all-containers
...
Fetching URI: '/apis/machineconfiguration.openshift.io/v1/machineconfigs'
FATAL:Error fetching resources: couldn't filter '{
 "metadata": {},
 "items": null
}': cannot iterate over: null
Error from server (BadRequest): container "log-collector" in pod "ocp4-pci-dss-api-checks-pod" is waiting to start: PodInitializing

      Version-Release number of selected component (if applicable):

      4.16.0-0.nightly-2024-04-23-032717 + cov1.4.1-8    

      How reproducible:

      Always

      Steps to Reproduce:

          1. Install Compliance Operator on a hypershift hosted cluster
    2. Create a scan with ocp4-pci-dss profile and check the result

      Actual results:

      On hypershift hosted cluster, a scan with ocp4-pci-dss profile will run into fatal error due to filter cannot iterate. Details seen from the description    

      Expected results:

      The scan for ocp4-pci-dss should reach done status and return "Compliance" or "Non-Compliance" test result    

      Additional info:

      There is similar issue for platform scan for other profiles, such as cis, pci-dss, stig

            wsato@redhat.com Watson Sato
            xiyuan@redhat.com Xiaojie Yuan
            Bhargavi Gudi Bhargavi Gudi
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: