Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-11918

Compliance remediations for checkresult ocp4-moderate-audit-profile-set and ocp4-cis-audit-profile-set could be confusing

XMLWordPrintable

    • No
    • 5
    • OSDOCS Sprint 242
    • 1
    • False
    • Hide

      None

      Show
      None
    • 4/25: telco reviewed

      Description of problem:

      
When trying to compliant with ocp4-moderate profile and ocp4-cis profile, we see there's a compliance remediation in ocp4-moderate showing:

spec:
  apply: false
  current:
    object:
      apiVersion: config.openshift.io/v1
      kind: APIServer
      metadata:
        name: cluster
      spec:
        audit:
          profile: WriteRequestBodies

And a compliance remediation showing:

  current:
    object:
      apiVersion: config.openshift.io/v1
      kind: APIServer
      metadata:
        name: cluster
      spec:
        audit:
          profile: Default

I suggest to set both similar so as to avoid any contradiction. It's not a severe issue since in general the ocp4-cis rule will not fail if the remediation in moderate is applied.

But it's confusing for the customers.

      Version-Release number of selected component (if applicable):

      How reproducible:

      Steps to Reproduce:

      1.
2.
3.

      Actual results:

      Expected results:

      Additional info:

            antaylor@redhat.com Andrew Taylor
            rhn-support-gparente German Parente
            Xiaojie Yuan Xiaojie Yuan
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved: