openshift / compliance-operator

Operator providing OpenShift cluster compliance checks
Apache License 2.0
110 stars 110 forks source link

Enable Creation of TailoredProfiles without extending existing ones #691

Closed JAORMX closed 3 years ago

JAORMX commented 3 years ago

This removes the requirement of having to extend a Profile in order to create a TailoredProfile. So, the extends field from the TailoredProfile CRD is no longer mandatory.

This requires for users to only select rules from the same ProfileBundle, as the ProfileBundle will become "owner" of the TailoredProfile object (for garbage collection reasons).

Also, TailoredProfiles now require the following annotation (which is currently used by Profiles):

compliance.openshift.io/product-type: <Type>

If left unset, the default will be Platform.

If the TailoredProfile's name ends with the suffix -node, the annotation will have the value Node, and will schedule a Node scan type instead.

If the annotation is set, it's left untouched.

This is a little manual right now, but can be extended in the future.

The ScanSettigBinding controller will also now wait for a TailoredProfile object to be parsed and ready before trying to create a ComplianceSuite.

Closes https://github.com/openshift/compliance-operator/issues/628

JAORMX commented 3 years ago

Pull-request updated, HEAD is now 3795576cb75ff60f4b6b9c17248d4db36bd5d41e

JAORMX commented 3 years ago

Pull-request updated, HEAD is now f25aedebc65b47349684164bff3d16491571e63d

JAORMX commented 3 years ago

Pull-request updated, HEAD is now 49b284b000fdc93ad5a6f10fb68f6c002cb290fe

JAORMX commented 3 years ago

Pull-request updated, HEAD is now 281b0048196b762bce2ac18c5ac310beb279ad6e

JAORMX commented 3 years ago

Pull-request updated, HEAD is now 9f33795a7fc59432031c8984058d6278cd45d918

JAORMX commented 3 years ago

/retest

JAORMX commented 3 years ago

Pull-request updated, HEAD is now 3c4160967cd10a0745fcb8e7275798832a44ad30

JAORMX commented 3 years ago

Pull-request updated, HEAD is now 33fa74430ce298986c98d406799bcc5a5c315cb6

JAORMX commented 3 years ago

/test all

mrogers950 commented 3 years ago

Just the one small nit, and it LGTM

JAORMX commented 3 years ago

Pull-request updated, HEAD is now a515bb0cffd8d79ce539da3323e750a533067839

openshift-ci[bot] commented 3 years ago

@Vincent056: changing LGTM is restricted to collaborators

In response to [this](https://github.com/openshift/compliance-operator/pull/691#pullrequestreview-745840336): >/lgtm Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
xiaojiey commented 3 years ago

/bugzilla cc-qa

openshift-ci[bot] commented 3 years ago

@xiaojiey: No Bugzilla bug is referenced in the title of this pull request. To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

In response to [this](https://github.com/openshift/compliance-operator/pull/691#issuecomment-912547269): >/bugzilla cc-qa > Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
xiaojiey commented 3 years ago

per test result http://pastebin.test.redhat.com/991689, the PR looks good to me. /lgtm

openshift-ci[bot] commented 3 years ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JAORMX, Vincent056, xiaojiey

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift/compliance-operator/blob/master/OWNERS)~~ [JAORMX,xiaojiey] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
xiaojiey commented 3 years ago

/label qe-approved