Skip to content

OCPBUGS-25761: Clarified relationship between rules and profiles #89115

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

OCPBUGS-25761: Clarified relationship between rules and profiles #89115

wants to merge 1 commit into from

Conversation

sheriff-rh
Copy link
Contributor

@sheriff-rh sheriff-rh commented Feb 25, 2025
edited
Loading

Version(s):
4.12+

Issue:
https://issues.redhat.com/browse/OCPBUGS-25761

Link to docs preview:
Compliance Operator profile types

QE review:

  • QE has approved this change.

Additional information:
This PR moves, rearranges, and provides more detail regarding the complex relationship of Compliance Operator scans, rules, and available profiles.

@sheriff-rh sheriff-rh added this to the Continuous Release milestone Feb 25, 2025
@sheriff-rh sheriff-rh self-assigned this Feb 25, 2025
@openshift-ci-robot openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Feb 25, 2025
@openshift-ci-robot
Copy link

@sheriff-rh: This pull request references Jira Issue OCPBUGS-25761, which is invalid:

  • expected the bug to target the "4.19.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Version(s):
4.12+

Issue:
https://issues.redhat.com/browse/OCPBUGS-25761

Link to docs preview:
In progress

QE review:

  • QE has approved this change.

Additional information:
This PR moves, rearranges, and provides more detail regarding Compliance Operator scans, rules, and available profiles.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Feb 25, 2025
@sheriff-rh
Copy link
Contributor Author

/jira refresh

@openshift-ci-robot openshift-ci-robot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. and removed jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Feb 25, 2025
@openshift-ci-robot
Copy link

@sheriff-rh: This pull request references Jira Issue OCPBUGS-25761, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.19.0) matches configured target version for branch (4.19.0)
  • bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @xiaojiey

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot requested a review from xiaojiey February 25, 2025 11:44
@openshift-ci-robot
Copy link

@sheriff-rh: This pull request references Jira Issue OCPBUGS-25761, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.19.0) matches configured target version for branch (4.19.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @xiaojiey

In response to this:

Version(s):
4.12+

Issue:
https://issues.redhat.com/browse/OCPBUGS-25761

Link to docs preview:
In progress

QE review:

  • QE has approved this change.

Additional information:
This PR moves, rearranges, and provides more detail regarding the complex relationship of Compliance Operator scans, rules, and available profiles.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@sheriff-rh sheriff-rh force-pushed the OCPBUGS-25761 branch 2 times, most recently from 79ad462 to fe7e80c Compare February 25, 2025 11:59
@ocpdocs-previewbot
Copy link

ocpdocs-previewbot commented Feb 25, 2025
edited
Loading

🤖 Fri Apr 18 13:28:31 - Prow CI generated the docs preview:

https://89115--ocpdocs-pr.netlify.app/openshift-enterprise/latest/security/compliance_operator/co-concepts/compliance-operator-understanding.html
https://89115--ocpdocs-pr.netlify.app/openshift-enterprise/latest/security/compliance_operator/co-scans/compliance-operator-supported-profiles.html

@sheriff-rh sheriff-rh requested a review from rhmdnd February 26, 2025 15:05
@openshift-ci-robot openshift-ci-robot added jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. and removed jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. labels Feb 26, 2025
@openshift-ci-robot
Copy link

@sheriff-rh: This pull request references Jira Issue OCPBUGS-25761, which is invalid:

  • expected the bug to be in one of the following states: NEW, ASSIGNED, POST, but it is ON_QA instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Version(s):
4.12+

Issue:
https://issues.redhat.com/browse/OCPBUGS-25761

Link to docs preview:
89115--ocpdocs-pr.netlify.app/openshift-enterprise/latest/security/compliance_operator/co-concepts/compliance-operator-understanding.html
89115--ocpdocs-pr.netlify.app/openshift-enterprise/latest/security/compliance_operator/co-scans/compliance-operator-supported-profiles.html

QE review:

  • QE has approved this change.

Additional information:
This PR moves, rearranges, and provides more detail regarding the complex relationship of Compliance Operator scans, rules, and available profiles.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

rhmdnd
rhmdnd reviewed Feb 26, 2025
View reviewed changes
Copy link
Contributor

@rhmdnd rhmdnd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few suggestions inline to help clarify the difference between running node profiles for OpenShift and node profiles for RHCOS.

Thanks for working to clear this up!

@sheriff-rh sheriff-rh force-pushed the OCPBUGS-25761 branch 2 times, most recently from e97fea4 to 0353974 Compare March 4, 2025 18:39
@sheriff-rh
Copy link
Contributor Author

@xiaojiey @rhmdnd I have updated the PR based on your feedback. Thank you for the helpful suggestions!

@sheriff-rh
Copy link
Contributor Author

image

@sheriff-rh
Copy link
Contributor Author

Latest feedback applied, let me know what you think @xiaojiey @rhmdnd

rhmdnd
rhmdnd reviewed Apr 17, 2025
View reviewed changes
Copy link
Contributor

@rhmdnd rhmdnd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor suggestions inline.

Glad we're clarifying the difference though!

@sheriff-rh
Copy link
Contributor Author

All feedback implemented. Thanks for that, Lance.

What do you think @xiaojiey ?

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Apr 18, 2025

@sheriff-rh: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

xiaojiey
xiaojiey reviewed Apr 18, 2025
View reviewed changes
modules/compliance-profile-types.adoc

[IMPORTANT]
====
For benchmarks that have Node and Platform profiles, such as PCI-DSS, you must run both profiles in your {product-title} environment.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it better to use below sentence?
For benchmarks that have ocp4Platform andocp4 Node profiles, such as PCI-DSS, you must run both profiles in your {product-title} environment.

@xiaojiey
Copy link

@sheriff-rh One minor comment, all other looks good to me. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xiaojiey xiaojiey xiaojiey left review comments

@rhmdnd rhmdnd rhmdnd left review comments

@ocpdocs-vale-bot ocpdocs-vale-bot ocpdocs-vale-bot left review comments

Assignees

@sheriff-rh sheriff-rh

Labels
branch/enterprise-4.12 branch/enterprise-4.13 branch/enterprise-4.14 branch/enterprise-4.15 branch/enterprise-4.16 branch/enterprise-4.17 branch/enterprise-4.18 branch/enterprise-4.19 jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
Continuous Release
Development

Successfully merging this pull request may close these issues.
6 participants
@sheriff-rh @openshift-ci-robot @ocpdocs-previewbot @xiaojiey @rhmdnd @ocpdocs-vale-bot