-
Bug
-
Resolution: Unresolved
-
Major
-
4.9.0, 4.8.2
-
None
-
False
-
-
False
-
-
-
-
Rox Sprint 4.10E, Rox Sprint 4.10F, Rox Sprint 4.10G
USER PROBLEM
RHCOS BSI profile appears under 'others'
CONDITIONS
What conditions need to exist for a user to be affected? Is it everyone? Is it only those with a specific integration? Is it specific to someone with particular database content? etc.
This is reproducible 100% of time.
- Install CO
- Schedule any RHCOS BSI profile using RHACS
- Wait for results & inspect them
ROOT CAUSE
What is the root cause of the bug?
- The CO provides the relevant information since https://github.com/ComplianceAsCode/compliance-operator/pull/610
- But RHACS doesnt seem to parse it.
Initially we decided to extract the benchmark information from the profile CRD (see CMP-2579). As a temporary solution we embedded some configuration files to map benchmarks to profiles. These configuration files need to be updated every time there’s a new profile in the Compliance Operator, otherwise we will see this issue.
FIX
How was the bug fixed (this is more important if a workaround was implemented rather than an actual fix)?
- While we wait for CMP-2579, a solution would be to add regex rules to map profiles to benchmarks (e.g. a profile name containing cis can be mapped to CIS). This will not work if a new profile that maps to a completely new benchmark is added, but at least new versions will be automatically mapped. Since new versions happen fairly frequently and new benchmarks don’t, we think the regex solution is a good trade-off.
- relates to
-
CMP-2579 Add benchmark data to Profile CRD
-
- New
-
