Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-3103

[Security] Build barbican & keystone operator correctly for OCP with FIPS enabled

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Done
    • Icon: Major Major
    • rhos-18.0.0
    • None
    • keystone-operator
    • None
    • [Security] Build barbican & keystone operator correctly for OCP with FIPS enabled
    • False
    • Hide

      None

      Show
      None
    • False
    • OSPRH-787FIPS Support in OSO 18.0
    • Committed
    • No Docs Impact
    • To Do
    • OSPRH-787 - FIPS Support in OSO 18.0
    • Committed
    • Committed
    • 0% To Do, 0% In Progress, 100% Done
    • Release Note Not Required
    • Rejected
    • Approved

      According to scan with check-payload tool keystone-operator is not build properly for OCP with FIPS enabled. Scan results:

      • upstream image
      +-----------------------------+-----------------+------------------------------+---------------------------------------------------+

| OPERATOR NAME               | EXECUTABLE NAME | STATUS                       | IMAGE                                             |

+-----------------------------+-----------------+------------------------------+---------------------------------------------------+

|                             |                 | openssl library not present  | quay.io/openstack-k8s-operators/keystone-operator |

| keystone-operator-container | /manager        | go binary is not CGO_ENABLED | quay.io/openstack-k8s-operators/keystone-operator |

+-----------------------------+-----------------+------------------------------+---------------------------------------------------+
      • downstream image
      +-----------------------------+-----------------+------------------------------+----------------------------------------------------------------------+

| OPERATOR NAME               | EXECUTABLE NAME | STATUS                       | IMAGE                                                                |

+-----------------------------+-----------------+------------------------------+----------------------------------------------------------------------+

| keystone-operator-container | /manager        | go binary is not CGO_ENABLED | registry.redhat.io/rhosp-dev-preview/keystone-rhel9-operator:0.1.2-6 |

+-----------------------------+-----------------+------------------------------+----------------------------------------------------------------------+

          1.
          		 [Security] Build barbican & keystone operator correctly for OCP with FIPS enabled Sub-task Closed Normal Unassigned

              rhn-support-afariasa Andre Aranha
              skaplons@redhat.com Slawomir Kaplonski
              Milana Levy Milana Levy
              rhos-dfg-security
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: