Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: 4.17
Component/s: Documentation / Security and Compliance
Labels:
- triaged

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
Moderate
Regression:
None

Target Backport Versions:
None
Target Version:
None
Release Blocker:
None
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

Recent changes in the the rule `security-profiles-operator-exists` caused that the rule is now checking if the SPO is installed by looking for subscription with the name `security-profiles-operator`:

$oc get sub -nopenshift-security-profiles security-profiles-operator -ojsonpath='{.status.installedCSV}'

If you however try to install SPO using the code blocks in the documentation in section 7.5.1. Installing the Security Profiles Operator,]
subscription object will be created with the metadata.name `security-profiles-operator-sub`, and the rule would no longer PASS.

apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: security-profiles-operator-sub
  namespace: openshift-security-profiles
spec:
  channel: release-alpha-rhel-8
  installPlanApproval: Automatic
  name: security-profiles-operator
  source: redhat-operators
  sourceNamespace: openshift-marketplace

Creating the SPO like described in the docs with the only exception being the change in the metadata.name of the subscription object works and the rule would PASS.

apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: security-profiles-operator
  namespace: openshift-security-profiles
spec:
  channel: release-alpha-rhel-8
  installPlanApproval: Automatic
  name: security-profiles-operator
  source: redhat-operators
  sourceNamespace: openshift-marketplace

Version-Release number of selected component (if applicable):

How reproducible:

    Always

Steps to Reproduce:

    1.Install SPO using the code blocks in the section 7.5.1. Installing the Security Profiles Operator

    2.$ oc get sub -nopenshift-security-profiles security-profiles-operator -ojsonpath='{.status.installedCSV}'

Actual results:

There is no subscription security-profiles-operator in the openshift-security-profiles namespace.There is, however, subscription security-profiles-operator-sub in the openshift-security-profiles namespace up and running.

Expected results:

    Subscription security-profiles-operator should exist in the openshift-security-profiles namespace

Assignee:: James Brigman

Reporter:: Anna Koudelkova

Need Info From:: None

Contributors:: None

QA Contact:: Xiaojie Yuan

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/04/24 2:54 PM

Updated:: 2025/07/13 1:32 PM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates

Hide