-
Bug
-
Resolution: Won't Do
-
Normal
-
None
-
4.8
-
Quality / Stability / Reliability
-
None
-
None
-
5
-
Moderate
-
None
-
All
-
None
-
None
-
None
-
CMP Sprint 63, CMP Sprint 64, CMP Sprint 65, CMP Sprint 66, CMP Sprint 67, CMP Sprint 68, CMP Sprint 69, CMP Sprint 70, CMP Sprint 71, CMP Sprint 72, CMP Sprint 73, CMP Sprint 74, CMP Sprint 75
-
13
-
None
-
If docs needed, set a value
-
None
-
None
-
None
-
None
-
None
Description of problem:
can't disable rule ocp4-kubeadmin-removed, this bug has been opened to get information about how to get the rule disabled.
Version-Release number of selected component (if applicable):
OCP 4.x
Compliance Operator 1.52
How reproducible:
Steps to Reproduce:
1. Create the tailored profiles:
$ oc get tailoredprofiles.compliance.openshift.io
NAME STATE
ocp4-cis-kubeadmin-disable READY ---> tailored profile for ocp4-kubeadmin-remove rule
ocp4-cis-modified READY ---> tailored profile to disable others plataform rules
ocp4-cis-node-modified READY ---> tailored profile to disable ocp4-cis-node rules
2. Create the ssb :
$ cat tailoring-scansettingbinging-v2.yaml
apiVersion: compliance.openshift.io/v1alpha1
kind: ScanSettingBinding
metadata:
name: rh-benchmark-tailored
profiles:
- apiGroup: compliance.openshift.io/v1alpha1
kind: TailoredProfile
name: ocp4-cis-modified - apiGroup: compliance.openshift.io/v1alpha1
kind: TailoredProfile
name: ocp4-cis-node-modified - apiGroup: compliance.openshift.io/v1alpha1
kind: TailoredProfile
name: ocp4-cis-kubeadmin-disable
settingsRef:
apiGroup: compliance.openshift.io/v1alpha1
kind: ScanSetting
name: rhocp-benchmark-1-1
$ oc create -f tailoring-scansettingbinging-v2.yaml
$ oc get suites
NAME PHASE RESULT
rh-benchmark-tailored DONE NON-COMPLIANT
3. Verify if rule was disabled:
$ oc get ccr | grep removed
ocp4-cis-modified-kubeadmin-removed FAIL medium
Actual results:
The rule is reported as FAIL
Expected results:
The should not appear
