Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-6571

More verbose information for Fail or Error Compliance check as it's not clear why certain checks are reaching that state

XMLWordPrintable

    • False
    • None
    • False
    • Not Selected

      Business Problem:

      In Cluster compliance (under Compliance (2.)), when selecting an OpenShift Container Platform 4 - Cluster to review Compliance results, specific details about the checks failing are missing.

      The check ocp4-cis-audit-profile-set for example is showing Fail state. When running the Instructions we receive the following content back.

      $ oc get apiservers cluster -ojsonpath='{.spec.audit.profile}'
Default

      This looks as desired and it's therefore not clear why the check is marked as Fail. Having though details shown of the actual check run, the results and hence reasoning why the check is set to Fail would be useful to also mitigate that finding in a easy and simple manner.

      Use Cases:

      When running Compliance scan with Red Hat Advanced Cluster Security we aim to gain an overview over all attached OpenShift Container Platform 4 - Cluster to understand to what extend they are compliant to certain baseline. If some OpenShift Container Platform 4 - Cluster don't reach 100% or desired state, it's key to understand why that is and hence to show details from the check to understand what the check did return and why it's different from the desired result. That way, mitiagtion can be applied quickly and the OpenShift Container Platform 4 - Cluster brought back into a compliant state.

      Key Functionality:

      • Fail and Error checks should show details of what is being reported to highlight why the check is marked with the given state
      • It should be possible to quickly see all failing state and details associated to apply mitigation as quickly as possible and reach a compliant state
      • Manual checks should be possible to be acknowledged or similar, to mark them as done or similar as otherwise the compliant state will always report incomplete state

      Benefits:

      Better overview of Compliance state and even more important, understanding as to why something is reported as Fail or Error making this actionable without creating too much of effort or even requiring the customer to reach out to Red Hat Technical Support.

      Timeline:

      As soon as possible

              rh-ee-masimonm Maria Simon Marcos
              rhn-support-sreber Simon Reber
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: