-
Bug
-
Resolution: Won't Do
-
Normal
-
None
-
4.8
-
Quality / Stability / Reliability
-
None
-
None
-
2
-
Moderate
-
None
-
Unspecified
-
None
-
None
-
CMP Sprint 62, CMP Sprint 63, CMP Sprint 64, CMP Sprint 65, CMP Sprint 66, CMP Sprint 67, CMP Sprint 68, CMP Sprint 69, CMP Sprint 70, CMP Sprint 71, CMP Sprint 72, CMP Sprint 73, CMP Sprint 74, CMP Sprint 75
-
14
-
None
-
If docs needed, set a value
-
None
-
None
-
None
-
None
-
None
Description of problem:
Compliance rule ocp4-cis-accounts-unique-service-account is reported as "MANUAL" as recommendation is to have a unique service account for each namespace. In OpenShift 4 when a namespace is created, also service accounts for only that project namespace is configured. Wouldn't this apply the recommendation for this Rule? As per official OpenShift hardening book, this rule is automatic as in OpenShift 4 every project has its own service accounts and are
isolated by the project namespace.
Version-Release number of selected component (if applicable):
1.49
How reproducible:
always
Steps to Reproduce:
1. Create the scansettingbinding with CIS Benchmark profiles to verify
2. Check the results
Actual results:
Not clear if rule should be "MANUAL" or "AUTOMATIC"
Expected results:
Have the hardening book aligned with the operator results
Additional info:
