Feature Request: Linux demo - Add ability to run compliance scan (once defined in Insights)

RedHatGov / product-demos

GNU General Public License v3.0

31 stars 22 forks source link

Feature Request: Linux demo - Add ability to run compliance scan (once defined in Insights) #30

Closed benblasco closed 1 year ago

benblasco commented 2 years ago

The LINUX / Compliance scan only offers the STIG profile. It would be great if we could provide this kind of workflow for a demo:

Run LINUX / Register
Log into console.redhat.com and associate systems to a compliance profile
Run new LINUX / Compliance Scan job to call insights-client --compliance
Ensure that the job above handles the case where the user hasn't associated the system to a compliance profile.

Happy to work on this and submit a PR when I can.

benblasco commented 2 years ago

This will also require the installation of the correct version of scap-security-guide on the host as per:

Insights Compliance - Supported Configurations

Here's an example of how I have dealt with it:

aap_rhelconfigure.yml

willtome commented 2 years ago

there is a role for that here https://github.com/RedHatInsights/ansible-collections-insights/tree/master/roles/insights_client

would need to integrate into the lab

benblasco commented 1 year ago

I have revisited this particular demo and realise that it is not connected to Insights in any way. We are just running one of the compliance demos available from here: https://galaxy.ansible.com/RedHatOfficial

As a consequence maybe it is worthwhile developing a separate exercise to run an Insights-based compliance scan. Thoughts?

benblasco commented 1 year ago

I believe I have addressed this issue via PR #51 Do you think we can close this issue as a consequence?

willtome commented 1 year ago

Closing as #51 has been merged