-
Feature Request
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
None
-
Product / Portfolio Work
-
None
-
False
-
-
None
-
None
-
None
-
-
None
-
None
-
None
-
None
-
None
- Proposed title of this feature request
Support for custom attributes (via annotation/labels) in compliance-operator
- What is the nature and description of the request?
One of our customers would like to see this feature included in OpenShift 4.x.
JPMC would like specific attributes included as part of the compliance rules so they can be consumed by downstream applications. Examples include:
- weakness_score
- break_severity
- jpmc-id
We attempted to add these attributes as labels/annotations on rules (by cloning existing rules and creating a tailored profile), but this approach did not behave as expected during testing.
Steps taken:
- Copied an existing rule (ocp4-accounts-no-0clusterrolebindings-default-service-account) and created a prefixed version:
demo-ocp4-accounts-no-0clusterrolebindings-default-service-account.
- Created a TailoredProfile (demo-ocp4-accounts) referencing the above rule under enabledRules.
- Created a ScanSettingBinding referencing the tailored profile and the default scan setting.
Result:
The ComplianceCheckResult was created successfully. However, the custom labels/annotations did not appear in the ComplianceCheckResult.
ExpectedResult:
The ComplianceCheckResult }}contains the cuustom labels/annotations in the {{{}ComplianceCheckResult.
- Why does the customer need this? (List the business requirements here)
The customer needs these beacuse these results needs to be fed into a downstream custom applications which expects these attributes to process the results.
