Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add more precise URI for SRG CTR #11647

Closed
wants to merge 2 commits into from
Closed

Add more precise URI for SRG CTR #11647

wants to merge 2 commits into from

Conversation

yuumasato
Copy link
Member

@yuumasato yuumasato commented Mar 4, 2024
edited
Loading

Description:

Rationale:

  • The container-platform URI more accurately points to the source of SRG CTR.
  • These SRGs are not yet parsed by CO, so this change should not have any impact there.

Review Hints:

  • Build ocp4 and rhcos4 and check that the SRG-APP-XXXXXX-CTR-XXXXX references have href pointing to https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform

@yuumasato
Add container-platform SRG URI
0d0a021 
Update SRG CTR reference to a more specific URI.
The application-servers is about Apache, JBoss and other server
applications.
@yuumasato
Ensure app-srg-ctr is include in product stability
543d2fc 
Run test_product_stability.py --update-reference-data and update product stability data.
@yuumasato yuumasato requested review from a team as code owners March 4, 2024 15:38
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 4, 2024

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 4, 2024

🤖 A k8s content image for this PR is available at:
ghcr.io/complianceascode/k8scontent:11647

Click here to see how to deploy it

If you alread have Compliance Operator deployed:
utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:11647

Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and:
CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:11647 make deploy-local

@codeclimate CodeClimate
Copy link

codeclimate bot commented Mar 4, 2024

Code Climate has analyzed commit 543d2fc and detected 1 issue on this pull request.

Here's the issue category breakdown:

Category Count
Style 1

The test coverage on the diff in this pull request is 0.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 59.8% (0.0% change).

View more on Code Climate.

@yuumasato yuumasato mentioned this pull request Mar 4, 2024
Merged
@xiaojiey
Copy link
Collaborator

xiaojiey commented Mar 5, 2024
edited
Loading

/hold for test

@openshift-ci openshift-ci bot added the do-not-merge/hold Used by openshift-ci-robot bot. label Mar 5, 2024
dodys
dodys approved these changes Mar 5, 2024
View reviewed changes
Copy link
Contributor

@dodys dodys left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, thanks!

@xiaojiey
Copy link
Collaborator

xiaojiey commented Mar 5, 2024

/hold for test

Vincent056
Vincent056 approved these changes Mar 7, 2024
View reviewed changes
Copy link
Contributor

@Vincent056 Vincent056 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@xiaojiey
Copy link
Collaborator

xiaojiey commented Mar 7, 2024

@yuumasato Just one question: I verified with command ./build_product ocp4 command. But I didn't see anything related in the downstream CRD. Is it expected? Thanks.

$ egrep -nr  "application-servers"
ocp4/product.yml:132:  app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers
ocp4/ssg-ocp4-xccdf.xml:45: <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">app-srg</xccdf-1.2:reference>
ssg-ocp4-xccdf.xml:46:  <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">app-srg</xccdf-1.2:reference>
ssg-ocp4-ds-1.2.xml:163:      <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">app-srg</xccdf-1.2:reference>
ssg-ocp4-ds.xml:163:      <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers">app-srg</xccdf-1.2:reference>
[xiyuan@fedora build (pr-11647)]$ egrep -nr "=container-platform" | head
ocp4/product.yml:133:  app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform
ocp4/ssg-ocp4-xccdf.xml:46: <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform">app-srg-ctr</xccdf-1.2:reference>
ocp4/ssg-ocp4-xccdf.xml:4447:    <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform">SRG-APP-000384-CTR-000915</xccdf-1.2:reference>
ocp4/ssg-ocp4-xccdf.xml:4478:    <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform">SRG-APP-000384-CTR-000915</xccdf-1.2:reference>
ocp4/ssg-ocp4-xccdf.xml:4515:    <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform">SRG-APP-000516-CTR-001325</xccdf-1.2:reference>
ocp4/ssg-ocp4-xccdf.xml:4563:    <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform">SRG-APP-000131-CTR-000285</xccdf-1.2:reference>
ocp4/ssg-ocp4-xccdf.xml:4674:     <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform">SRG-APP-000126-CTR-000275</xccdf-1.2:reference>
ocp4/ssg-ocp4-xccdf.xml:4675:     <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform">SRG-APP-000219-CTR-000550</xccdf-1.2:reference>
ocp4/ssg-ocp4-xccdf.xml:4676:     <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform">SRG-APP-000411-CTR-000995</xccdf-1.2:reference>
ocp4/ssg-ocp4-xccdf.xml:4677:     <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform">SRG-APP-000412-CTR-001000</xccdf-1.2:reference>

@xiaojiey
Copy link
Collaborator

xiaojiey commented Mar 7, 2024

/unhold

@openshift-ci openshift-ci bot removed the do-not-merge/hold Used by openshift-ci-robot bot. label Mar 7, 2024
@yuumasato
Copy link
Member Author

@yuumasato Just one question: I verified with command ./build_product ocp4 command. But I didn't see anything related in the downstream CRD. Is it expected? Thanks.

@xiaojiey correct , no new CRDs are expected.
The new URI is to be consumed by the parser added in
ComplianceAsCode/compliance-operator#494

@yuumasato
Copy link
Member Author

I have folded these commits into #11593.

The STIG ID URI required updates as well, so I decide to merge these PRs, as they are both touching similar code and require updates to the product stability data.

@yuumasato yuumasato closed this Mar 7, 2024
@yuumasato yuumasato deleted the update_container_platform_srg branch March 15, 2024 13:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Vincent056 Vincent056 Vincent056 approved these changes

@dodys dodys dodys approved these changes

@rhmdnd rhmdnd Awaiting requested review from rhmdnd

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@yuumasato @xiaojiey @dodys @Vincent056