Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCPBUGS-29272: Delete scan when SSB remove a profile #492

Merged
merged 2 commits into from
Mar 25, 2024
Merged

OCPBUGS-29272: Delete scan when SSB remove a profile #492

merged 2 commits into from
Mar 25, 2024

Conversation

Vincent056
Copy link

This pr fixes a issue when a profile gets removed from scansettingbinding, the old scan was not deleted when a profile is removed from the existing scansettingbinding, this pr checks that and does the removal so that new scan using that profile can be launch correctly. check OCPBUGS-29272: https://issues.redhat.com/browse/OCPBUGS-29272

@openshift-ci-robot
Copy link
Collaborator

@Vincent056: This pull request references Jira Issue OCPBUGS-29272, which is invalid:

  • expected the bug to target the "4.16.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

This pr fixes a issue when a profile gets removed from scansettingbinding, the old scan was not deleted when a profile is removed from the existing scansettingbinding, this pr checks that and does the removal so that new scan using that profile can be launch correctly. check OCPBUGS-29272: https://issues.redhat.com/browse/OCPBUGS-29272

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot added the approved label Feb 9, 2024
rhmdnd
rhmdnd reviewed Feb 12, 2024
View reviewed changes
tests/e2e/serial/main_test.go Outdated
}

// Check if the scan for `ocp4-moderate` profile is removed
if err := f.AssertScanDoesNotExist("ocp4-moderate", f.OperatorNamespace); err != nil {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another assertion we could add to this test would be to make sure all ComplianceCheckResults that belong to the ocp4-moderate profile's scans are also deleted.

@rhmdnd
Copy link

rhmdnd commented Feb 12, 2024

Looks great, just a few comments inline about testing.

@Vincent056 Vincent056 force-pushed the delete_scan branch 2 times, most recently from 4aa7b72 to de01cd1 Compare February 13, 2024 06:31
rhmdnd
rhmdnd reviewed Feb 13, 2024
View reviewed changes
tests/e2e/serial/main_test.go Outdated

// Make sure the checkresult is deleted as well
err = f.AssertHasCheck(bindingName, scanName, checkResult)
if err == nil {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this be not equals?

@Vincent056
Copy link
Author

/retest

2 similar comments
@Vincent056
Copy link
Author

/retest

@Vincent056
Copy link
Author

/retest

@Vincent056 Vincent056 force-pushed the delete_scan branch 2 times, most recently from a1a2d4e to 472354e Compare February 15, 2024 06:56
rhmdnd
rhmdnd reviewed Feb 15, 2024
View reviewed changes
tests/e2e/serial/main_test.go Outdated
if err := f.Client.Get(context.TODO(), types.NamespacedName{Namespace: f.OperatorNamespace, Name: checkResult.Name}, ccr); err != nil {
log.Printf("failed to get check %s: %s\n", checkResult.Name, err)
} else {
log.Printf("Object: %s\n", ccr)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This test tripped on this because of type checking.

@Vincent056
Copy link
Author

/retest

@BhargaviGudi
Copy link
Collaborator

/hold for test

@BhargaviGudi
Copy link
Collaborator

Verification passed with 4.16.0-0.nightly-2024-02-17-094036 + complance-operator from PR #492 code

  1. Install CO from code
  2. Create ssb with profile/ocp4-cis profile/ocp4-pci-dss
$ oc compliance bind -N test -S default-auto-apply profile/ocp4-cis profile/ocp4-pci-dss
Creating ScanSettingBinding test
$ oc get ssb
NAME   STATUS
test   READY
$ oc get suite
NAME   PHASE     RESULT
test   RUNNING   NOT-AVAILABLE
$ oc get pods
NAME                                             READY   STATUS            RESTARTS        AGE
compliance-operator-79b7bfcdf-jq7wm              1/1     Running           1 (4m19s ago)   4m23s
ocp4-cis-api-checks-pod                          0/2     PodInitializing   0               11s
ocp4-cis-rs-6b5c4977f7-zfgns                     1/1     Running           0               11s
ocp4-openshift-compliance-pp-54cfbb648f-wddgb    1/1     Running           0               4m17s
ocp4-pci-dss-api-checks-pod                      0/2     PodInitializing   0               13s
ocp4-pci-dss-rs-75dc5b8f8c-s8qfk                 1/1     Running           0               13s
rhcos4-openshift-compliance-pp-7bb9b68b7-6lfzc   1/1     Running           0               4m17s
$ oc get suite -w
NAME   PHASE   RESULT
test   DONE    NON-COMPLIANT
^C$ oc get suite
NAME   PHASE   RESULT
test   DONE    NON-COMPLIANT
$ oc get scan
NAME           PHASE   RESULT
ocp4-cis       DONE    NON-COMPLIANT
ocp4-pci-dss   DONE    NON-COMPLIANT
$ oc get ccr
NAME                                                                  STATUS   SEVERITY
ocp4-cis-accounts-restrict-service-account-tokens                     MANUAL   medium
ocp4-cis-accounts-unique-service-account                              MANUAL   medium
ocp4-cis-api-server-admission-control-plugin-alwaysadmit              PASS     medium
ocp4-cis-api-server-admission-control-plugin-alwayspullimages         PASS     high
ocp4-cis-api-server-admission-control-plugin-namespacelifecycle       PASS     medium
ocp4-cis-api-server-admission-control-plugin-noderestriction          PASS     medium
ocp4-cis-api-server-admission-control-plugin-scc                      PASS     medium
ocp4-cis-api-server-admission-control-plugin-service-account          PASS     medium
ocp4-cis-api-server-anonymous-auth                                    PASS     medium
ocp4-cis-api-server-api-priority-gate-enabled                         FAIL     medium
ocp4-cis-api-server-audit-log-maxbackup                               PASS     low
ocp4-cis-api-server-audit-log-maxsize                                 PASS     medium
ocp4-cis-api-server-audit-log-path                                    PASS     high
ocp4-cis-api-server-auth-mode-no-aa                                   PASS     medium
ocp4-cis-api-server-auth-mode-rbac                                    PASS     medium
ocp4-cis-api-server-basic-auth                                        PASS     medium
ocp4-cis-api-server-bind-address                                      PASS     low
ocp4-cis-api-server-client-ca                                         PASS     medium
ocp4-cis-api-server-encryption-provider-cipher                        PASS     medium
ocp4-cis-api-server-etcd-ca                                           PASS     medium
ocp4-cis-api-server-etcd-cert                                         PASS     medium
ocp4-cis-api-server-etcd-key                                          PASS     medium
ocp4-cis-api-server-https-for-kubelet-conn                            PASS     medium
ocp4-cis-api-server-insecure-bind-address                             PASS     medium
ocp4-cis-api-server-kubelet-certificate-authority                     PASS     high
ocp4-cis-api-server-oauth-https-serving-cert                          PASS     medium
ocp4-cis-api-server-openshift-https-serving-cert                      PASS     medium
ocp4-cis-api-server-profiling-protected-by-rbac                       PASS     medium
ocp4-cis-api-server-request-timeout                                   PASS     medium
ocp4-cis-api-server-service-account-lookup                            PASS     medium
ocp4-cis-api-server-service-account-public-key                        PASS     medium
ocp4-cis-api-server-tls-cert                                          PASS     medium
ocp4-cis-api-server-tls-cipher-suites                                 PASS     medium
ocp4-cis-api-server-tls-private-key                                   PASS     medium
ocp4-cis-api-server-token-auth                                        PASS     high
ocp4-cis-audit-log-forwarding-enabled                                 FAIL     medium
ocp4-cis-audit-profile-set                                            PASS     medium
ocp4-cis-configure-network-policies                                   PASS     high
ocp4-cis-configure-network-policies-namespaces                        FAIL     high
ocp4-cis-controller-insecure-port-disabled                            PASS     low
ocp4-cis-controller-secure-port                                       PASS     low
ocp4-cis-controller-service-account-ca                                PASS     medium
ocp4-cis-controller-service-account-private-key                       PASS     medium
ocp4-cis-controller-use-service-account                               PASS     medium
ocp4-cis-etcd-auto-tls                                                PASS     medium
ocp4-cis-etcd-cert-file                                               PASS     medium
ocp4-cis-etcd-client-cert-auth                                        PASS     medium
ocp4-cis-etcd-key-file                                                PASS     medium
ocp4-cis-etcd-peer-auto-tls                                           PASS     medium
ocp4-cis-etcd-peer-cert-file                                          PASS     medium
ocp4-cis-etcd-peer-client-cert-auth                                   PASS     medium
ocp4-cis-etcd-peer-key-file                                           PASS     medium
ocp4-cis-general-apply-scc                                            MANUAL   medium
ocp4-cis-general-default-namespace-use                                MANUAL   medium
ocp4-cis-general-default-seccomp-profile                              MANUAL   medium
ocp4-cis-general-namespaces-in-use                                    MANUAL   medium
ocp4-cis-idp-is-configured                                            PASS     medium
ocp4-cis-kubeadmin-removed                                            FAIL     medium
ocp4-cis-kubelet-disable-readonly-port                                PASS     medium
ocp4-cis-ocp-allowed-registries                                       FAIL     medium
ocp4-cis-ocp-allowed-registries-for-import                            FAIL     medium
ocp4-cis-ocp-api-server-audit-log-maxbackup                           PASS     low
ocp4-cis-ocp-api-server-audit-log-maxsize                             PASS     medium
ocp4-cis-ocp-insecure-allowed-registries-for-import                   PASS     medium
ocp4-cis-ocp-insecure-registries                                      PASS     medium
ocp4-cis-openshift-api-server-audit-log-path                          PASS     high
ocp4-cis-rbac-debug-role-protects-pprof                               PASS     medium
ocp4-cis-rbac-least-privilege                                         MANUAL   high
ocp4-cis-rbac-limit-cluster-admin                                     MANUAL   medium
ocp4-cis-rbac-limit-secrets-access                                    MANUAL   medium
ocp4-cis-rbac-pod-creation-access                                     MANUAL   medium
ocp4-cis-rbac-wildcard-use                                            MANUAL   medium
ocp4-cis-scc-drop-container-capabilities                              MANUAL   medium
ocp4-cis-scc-limit-container-allowed-capabilities                     PASS     medium
ocp4-cis-scc-limit-ipc-namespace                                      MANUAL   medium
ocp4-cis-scc-limit-net-raw-capability                                 MANUAL   medium
ocp4-cis-scc-limit-network-namespace                                  MANUAL   medium
ocp4-cis-scc-limit-privilege-escalation                               MANUAL   medium
ocp4-cis-scc-limit-privileged-containers                              MANUAL   medium
ocp4-cis-scc-limit-process-id-namespace                               MANUAL   medium
ocp4-cis-scc-limit-root-containers                                    MANUAL   medium
ocp4-cis-scheduler-profiling-protected-by-rbac                        PASS     medium
ocp4-cis-scheduler-service-protected-by-rbac                          PASS     medium
ocp4-cis-secrets-consider-external-storage                            MANUAL   medium
ocp4-cis-secrets-no-environment-variables                             MANUAL   medium
ocp4-pci-dss-accounts-restrict-service-account-tokens                 MANUAL   medium
ocp4-pci-dss-accounts-unique-service-account                          MANUAL   medium
ocp4-pci-dss-api-server-admission-control-plugin-alwaysadmit          PASS     medium
ocp4-pci-dss-api-server-admission-control-plugin-alwayspullimages     PASS     high
ocp4-pci-dss-api-server-admission-control-plugin-namespacelifecycle   PASS     medium
ocp4-pci-dss-api-server-admission-control-plugin-noderestriction      PASS     medium
ocp4-pci-dss-api-server-admission-control-plugin-scc                  PASS     medium
ocp4-pci-dss-api-server-admission-control-plugin-service-account      PASS     medium
ocp4-pci-dss-api-server-anonymous-auth                                PASS     medium
ocp4-pci-dss-api-server-api-priority-gate-enabled                     FAIL     medium
ocp4-pci-dss-api-server-audit-log-maxbackup                           PASS     low
ocp4-pci-dss-api-server-audit-log-maxsize                             PASS     medium
ocp4-pci-dss-api-server-audit-log-path                                PASS     high
ocp4-pci-dss-api-server-auth-mode-no-aa                               PASS     medium
ocp4-pci-dss-api-server-auth-mode-rbac                                PASS     medium
ocp4-pci-dss-api-server-basic-auth                                    PASS     medium
ocp4-pci-dss-api-server-bind-address                                  PASS     low
ocp4-pci-dss-api-server-client-ca                                     PASS     medium
ocp4-pci-dss-api-server-encryption-provider-cipher                    PASS     medium
ocp4-pci-dss-api-server-etcd-ca                                       PASS     medium
ocp4-pci-dss-api-server-etcd-cert                                     PASS     medium
ocp4-pci-dss-api-server-etcd-key                                      PASS     medium
ocp4-pci-dss-api-server-https-for-kubelet-conn                        PASS     medium
ocp4-pci-dss-api-server-insecure-bind-address                         PASS     medium
ocp4-pci-dss-api-server-kubelet-certificate-authority                 PASS     high
ocp4-pci-dss-api-server-oauth-https-serving-cert                      PASS     medium
ocp4-pci-dss-api-server-openshift-https-serving-cert                  PASS     medium
ocp4-pci-dss-api-server-profiling-protected-by-rbac                   PASS     medium
ocp4-pci-dss-api-server-request-timeout                               PASS     medium
ocp4-pci-dss-api-server-service-account-lookup                        PASS     medium
ocp4-pci-dss-api-server-service-account-public-key                    PASS     medium
ocp4-pci-dss-api-server-tls-cert                                      PASS     medium
ocp4-pci-dss-api-server-tls-cipher-suites                             PASS     medium
ocp4-pci-dss-api-server-tls-private-key                               PASS     medium
ocp4-pci-dss-api-server-token-auth                                    PASS     high
ocp4-pci-dss-audit-log-forwarding-enabled                             FAIL     medium
ocp4-pci-dss-audit-profile-set                                        PASS     medium
ocp4-pci-dss-configure-network-policies                               PASS     high
ocp4-pci-dss-configure-network-policies-namespaces                    FAIL     high
ocp4-pci-dss-controller-insecure-port-disabled                        PASS     low
ocp4-pci-dss-controller-secure-port                                   PASS     low
ocp4-pci-dss-controller-service-account-ca                            PASS     medium
ocp4-pci-dss-controller-service-account-private-key                   PASS     medium
ocp4-pci-dss-controller-use-service-account                           PASS     medium
ocp4-pci-dss-etcd-auto-tls                                            PASS     medium
ocp4-pci-dss-etcd-cert-file                                           PASS     medium
ocp4-pci-dss-etcd-check-cipher-suite                                  PASS     medium
ocp4-pci-dss-etcd-client-cert-auth                                    PASS     medium
ocp4-pci-dss-etcd-key-file                                            PASS     medium
ocp4-pci-dss-etcd-peer-auto-tls                                       PASS     medium
ocp4-pci-dss-etcd-peer-cert-file                                      PASS     medium
ocp4-pci-dss-etcd-peer-client-cert-auth                               PASS     medium
ocp4-pci-dss-etcd-peer-key-file                                       PASS     medium
ocp4-pci-dss-file-integrity-exists                                    FAIL     medium
ocp4-pci-dss-file-integrity-notification-enabled                      FAIL     medium
ocp4-pci-dss-general-apply-scc                                        MANUAL   medium
ocp4-pci-dss-general-default-namespace-use                            MANUAL   medium
ocp4-pci-dss-general-default-seccomp-profile                          MANUAL   medium
ocp4-pci-dss-general-namespaces-in-use                                MANUAL   medium
ocp4-pci-dss-idp-is-configured                                        PASS     medium
ocp4-pci-dss-kubeadmin-removed                                        FAIL     medium
ocp4-pci-dss-kubelet-disable-readonly-port                            PASS     medium
ocp4-pci-dss-machine-volume-encrypted                                 PASS     high
ocp4-pci-dss-ocp-allowed-registries                                   FAIL     medium
ocp4-pci-dss-ocp-allowed-registries-for-import                        FAIL     medium
ocp4-pci-dss-ocp-api-server-audit-log-maxbackup                       PASS     low
ocp4-pci-dss-ocp-api-server-audit-log-maxsize                         PASS     medium
ocp4-pci-dss-ocp-insecure-allowed-registries-for-import               PASS     medium
ocp4-pci-dss-ocp-insecure-registries                                  PASS     medium
ocp4-pci-dss-ocp-no-ldap-insecure                                     PASS     high
ocp4-pci-dss-openshift-api-server-audit-log-path                      PASS     high
ocp4-pci-dss-rbac-cluster-roles-defined                               PASS     medium
ocp4-pci-dss-rbac-debug-role-protects-pprof                           PASS     medium
ocp4-pci-dss-rbac-least-privilege                                     MANUAL   high
ocp4-pci-dss-rbac-limit-cluster-admin                                 MANUAL   medium
ocp4-pci-dss-rbac-limit-secrets-access                                MANUAL   medium
ocp4-pci-dss-rbac-pod-creation-access                                 MANUAL   medium
ocp4-pci-dss-rbac-roles-defined                                       PASS     medium
ocp4-pci-dss-rbac-wildcard-use                                        MANUAL   medium
ocp4-pci-dss-routes-protected-by-tls                                  PASS     medium
ocp4-pci-dss-scansettingbinding-exists                                PASS     medium
ocp4-pci-dss-scc-drop-container-capabilities                          MANUAL   medium
ocp4-pci-dss-scc-limit-container-allowed-capabilities                 PASS     medium
ocp4-pci-dss-scc-limit-ipc-namespace                                  MANUAL   medium
ocp4-pci-dss-scc-limit-net-raw-capability                             MANUAL   medium
ocp4-pci-dss-scc-limit-network-namespace                              MANUAL   medium
ocp4-pci-dss-scc-limit-privilege-escalation                           MANUAL   medium
ocp4-pci-dss-scc-limit-privileged-containers                          MANUAL   medium
ocp4-pci-dss-scc-limit-process-id-namespace                           MANUAL   medium
ocp4-pci-dss-scc-limit-root-containers                                MANUAL   medium
ocp4-pci-dss-scheduler-profiling-protected-by-rbac                    PASS     medium
ocp4-pci-dss-scheduler-service-protected-by-rbac                      PASS     medium
ocp4-pci-dss-secrets-consider-external-storage                        MANUAL   medium
ocp4-pci-dss-secrets-no-environment-variables                         MANUAL   medium
ocp4-pci-dss-storageclass-encryption-enabled                          PASS     high
ocp4-pci-dss-tls-version-check-apiserver                              PASS     medium
ocp4-pci-dss-tls-version-check-router                                 PASS     medium
  1. Remove ocp4-cis profile
$ oc get ssb -oyaml &> ssb.yaml
$ cat ssb.yaml
apiVersion: v1
items:
- apiVersion: compliance.openshift.io/v1alpha1
  kind: ScanSettingBinding
  metadata:
    creationTimestamp: "2024-02-19T07:45:02Z"
    generation: 1
    name: test
    namespace: openshift-compliance
    resourceVersion: "68535"
    uid: 2ecf5aca-2767-4220-aa7c-4b42c7dae4f8
  profiles:
  - apiGroup: compliance.openshift.io/v1alpha1
    kind: Profile
    name: ocp4-pci-dss
  settingsRef:
    apiGroup: compliance.openshift.io/v1alpha1
    kind: ScanSetting
    name: default-auto-apply
  status:
    conditions:
    - lastTransitionTime: "2024-02-19T07:45:03Z"
      message: The scan setting binding was successfully processed
      reason: Processed
      status: "True"
      type: Ready
    outputRef:
      apiGroup: compliance.openshift.io
      kind: ComplianceSuite
      name: test
    phase: READY
kind: List
metadata:
  resourceVersion: ""

$ oc apply -f ssb.yaml 
Warning: resource scansettingbindings/test is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by oc apply. oc apply should only be used on resources created declaratively by either oc create --save-config or oc apply. The missing annotation will be patched automatically.
scansettingbinding.compliance.openshift.io/test configured
$ oc get ssb
NAME   STATUS
test   READY
$ oc get suite
NAME   PHASE   RESULT
test   DONE    NON-COMPLIANT
$ oc get scan
NAME           PHASE   RESULT
ocp4-pci-dss   DONE    NON-COMPLIANT
$ oc get ssb test -oyaml
apiVersion: compliance.openshift.io/v1alpha1
kind: ScanSettingBinding
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"compliance.openshift.io/v1alpha1","kind":"ScanSettingBinding","metadata":{"annotations":{},"creationTimestamp":"2024-02-19T07:45:02Z","generation":1,"name":"test","namespace":"openshift-compliance","resourceVersion":"68535","uid":"2ecf5aca-2767-4220-aa7c-4b42c7dae4f8"},"profiles":[{"apiGroup":"compliance.openshift.io/v1alpha1","kind":"Profile","name":"ocp4-pci-dss"}],"settingsRef":{"apiGroup":"compliance.openshift.io/v1alpha1","kind":"ScanSetting","name":"default-auto-apply"},"status":{"conditions":[{"lastTransitionTime":"2024-02-19T07:45:03Z","message":"The scan setting binding was successfully processed","reason":"Processed","status":"True","type":"Ready"}],"outputRef":{"apiGroup":"compliance.openshift.io","kind":"ComplianceSuite","name":"test"},"phase":"READY"}}
  creationTimestamp: "2024-02-19T07:45:02Z"
  generation: 2
  name: test
  namespace: openshift-compliance
  resourceVersion: "95335"
  uid: 2ecf5aca-2767-4220-aa7c-4b42c7dae4f8
profiles:
- apiGroup: compliance.openshift.io/v1alpha1
  kind: Profile
  name: ocp4-pci-dss
settingsRef:
  apiGroup: compliance.openshift.io/v1alpha1
  kind: ScanSetting
  name: default-auto-apply
status:
  conditions:
  - lastTransitionTime: "2024-02-19T07:45:03Z"
    message: The scan setting binding was successfully processed
    reason: Processed
    status: "True"
    type: Ready
  outputRef:
    apiGroup: compliance.openshift.io
    kind: ComplianceSuite
    name: test
  phase: READY
$ oc get scan
NAME           PHASE   RESULT
ocp4-pci-dss   DONE    NON-COMPLIANT
  1. Verified ocp4-cis ccr are not present
$ oc get ccr
NAME                                                                  STATUS   SEVERITY
ocp4-pci-dss-accounts-restrict-service-account-tokens                 MANUAL   medium
ocp4-pci-dss-accounts-unique-service-account                          MANUAL   medium
ocp4-pci-dss-api-server-admission-control-plugin-alwaysadmit          PASS     medium
ocp4-pci-dss-api-server-admission-control-plugin-alwayspullimages     PASS     high
ocp4-pci-dss-api-server-admission-control-plugin-namespacelifecycle   PASS     medium
ocp4-pci-dss-api-server-admission-control-plugin-noderestriction      PASS     medium
ocp4-pci-dss-api-server-admission-control-plugin-scc                  PASS     medium
ocp4-pci-dss-api-server-admission-control-plugin-service-account      PASS     medium
ocp4-pci-dss-api-server-anonymous-auth                                PASS     medium
ocp4-pci-dss-api-server-api-priority-gate-enabled                     FAIL     medium
ocp4-pci-dss-api-server-audit-log-maxbackup                           PASS     low
ocp4-pci-dss-api-server-audit-log-maxsize                             PASS     medium
ocp4-pci-dss-api-server-audit-log-path                                PASS     high
ocp4-pci-dss-api-server-auth-mode-no-aa                               PASS     medium
ocp4-pci-dss-api-server-auth-mode-rbac                                PASS     medium
ocp4-pci-dss-api-server-basic-auth                                    PASS     medium
ocp4-pci-dss-api-server-bind-address                                  PASS     low
ocp4-pci-dss-api-server-client-ca                                     PASS     medium
ocp4-pci-dss-api-server-encryption-provider-cipher                    PASS     medium
ocp4-pci-dss-api-server-etcd-ca                                       PASS     medium
ocp4-pci-dss-api-server-etcd-cert                                     PASS     medium
ocp4-pci-dss-api-server-etcd-key                                      PASS     medium
ocp4-pci-dss-api-server-https-for-kubelet-conn                        PASS     medium
ocp4-pci-dss-api-server-insecure-bind-address                         PASS     medium
ocp4-pci-dss-api-server-kubelet-certificate-authority                 PASS     high
ocp4-pci-dss-api-server-oauth-https-serving-cert                      PASS     medium
ocp4-pci-dss-api-server-openshift-https-serving-cert                  PASS     medium
ocp4-pci-dss-api-server-profiling-protected-by-rbac                   PASS     medium
ocp4-pci-dss-api-server-request-timeout                               PASS     medium
ocp4-pci-dss-api-server-service-account-lookup                        PASS     medium
ocp4-pci-dss-api-server-service-account-public-key                    PASS     medium
ocp4-pci-dss-api-server-tls-cert                                      PASS     medium
ocp4-pci-dss-api-server-tls-cipher-suites                             PASS     medium
ocp4-pci-dss-api-server-tls-private-key                               PASS     medium
ocp4-pci-dss-api-server-token-auth                                    PASS     high
ocp4-pci-dss-audit-log-forwarding-enabled                             FAIL     medium
ocp4-pci-dss-audit-profile-set                                        PASS     medium
ocp4-pci-dss-configure-network-policies                               PASS     high
ocp4-pci-dss-configure-network-policies-namespaces                    FAIL     high
ocp4-pci-dss-controller-insecure-port-disabled                        PASS     low
ocp4-pci-dss-controller-secure-port                                   PASS     low
ocp4-pci-dss-controller-service-account-ca                            PASS     medium
ocp4-pci-dss-controller-service-account-private-key                   PASS     medium
ocp4-pci-dss-controller-use-service-account                           PASS     medium
ocp4-pci-dss-etcd-auto-tls                                            PASS     medium
ocp4-pci-dss-etcd-cert-file                                           PASS     medium
ocp4-pci-dss-etcd-check-cipher-suite                                  PASS     medium
ocp4-pci-dss-etcd-client-cert-auth                                    PASS     medium
ocp4-pci-dss-etcd-key-file                                            PASS     medium
ocp4-pci-dss-etcd-peer-auto-tls                                       PASS     medium
ocp4-pci-dss-etcd-peer-cert-file                                      PASS     medium
ocp4-pci-dss-etcd-peer-client-cert-auth                               PASS     medium
ocp4-pci-dss-etcd-peer-key-file                                       PASS     medium
ocp4-pci-dss-file-integrity-exists                                    FAIL     medium
ocp4-pci-dss-file-integrity-notification-enabled                      FAIL     medium
ocp4-pci-dss-general-apply-scc                                        MANUAL   medium
ocp4-pci-dss-general-default-namespace-use                            MANUAL   medium
ocp4-pci-dss-general-default-seccomp-profile                          MANUAL   medium
ocp4-pci-dss-general-namespaces-in-use                                MANUAL   medium
ocp4-pci-dss-idp-is-configured                                        PASS     medium
ocp4-pci-dss-kubeadmin-removed                                        FAIL     medium
ocp4-pci-dss-kubelet-disable-readonly-port                            PASS     medium
ocp4-pci-dss-machine-volume-encrypted                                 PASS     high
ocp4-pci-dss-ocp-allowed-registries                                   FAIL     medium
ocp4-pci-dss-ocp-allowed-registries-for-import                        FAIL     medium
ocp4-pci-dss-ocp-api-server-audit-log-maxbackup                       PASS     low
ocp4-pci-dss-ocp-api-server-audit-log-maxsize                         PASS     medium
ocp4-pci-dss-ocp-insecure-allowed-registries-for-import               PASS     medium
ocp4-pci-dss-ocp-insecure-registries                                  PASS     medium
ocp4-pci-dss-ocp-no-ldap-insecure                                     PASS     high
ocp4-pci-dss-openshift-api-server-audit-log-path                      PASS     high
ocp4-pci-dss-rbac-cluster-roles-defined                               PASS     medium
ocp4-pci-dss-rbac-debug-role-protects-pprof                           PASS     medium
ocp4-pci-dss-rbac-least-privilege                                     MANUAL   high
ocp4-pci-dss-rbac-limit-cluster-admin                                 MANUAL   medium
ocp4-pci-dss-rbac-limit-secrets-access                                MANUAL   medium
ocp4-pci-dss-rbac-pod-creation-access                                 MANUAL   medium
ocp4-pci-dss-rbac-roles-defined                                       PASS     medium
ocp4-pci-dss-rbac-wildcard-use                                        MANUAL   medium
ocp4-pci-dss-routes-protected-by-tls                                  PASS     medium
ocp4-pci-dss-scansettingbinding-exists                                PASS     medium
ocp4-pci-dss-scc-drop-container-capabilities                          MANUAL   medium
ocp4-pci-dss-scc-limit-container-allowed-capabilities                 PASS     medium
ocp4-pci-dss-scc-limit-ipc-namespace                                  MANUAL   medium
ocp4-pci-dss-scc-limit-net-raw-capability                             MANUAL   medium
ocp4-pci-dss-scc-limit-network-namespace                              MANUAL   medium
ocp4-pci-dss-scc-limit-privilege-escalation                           MANUAL   medium
ocp4-pci-dss-scc-limit-privileged-containers                          MANUAL   medium
ocp4-pci-dss-scc-limit-process-id-namespace                           MANUAL   medium
ocp4-pci-dss-scc-limit-root-containers                                MANUAL   medium
ocp4-pci-dss-scheduler-profiling-protected-by-rbac                    PASS     medium
ocp4-pci-dss-scheduler-service-protected-by-rbac                      PASS     medium
ocp4-pci-dss-secrets-consider-external-storage                        MANUAL   medium
ocp4-pci-dss-secrets-no-environment-variables                         MANUAL   medium
ocp4-pci-dss-storageclass-encryption-enabled                          PASS     high
ocp4-pci-dss-tls-version-check-apiserver                              PASS     medium
ocp4-pci-dss-tls-version-check-router                                 PASS     medium
  1. Create another ssb with profile/ocp4-cis
$ oc compliance bind -N test1 -S default-auto-apply profile/ocp4-cis 
Creating ScanSettingBinding test1
$ oc get ssb
NAME    STATUS
test    READY
test1   READY
$ oc get suite
NAME    PHASE     RESULT
test    DONE      NON-COMPLIANT
test1   RUNNING   NOT-AVAILABLE
$ oc get scan
NAME           PHASE     RESULT
ocp4-cis       RUNNING   NOT-AVAILABLE
ocp4-pci-dss   DONE      NON-COMPLIANT
$ oc get suite -w
NAME    PHASE     RESULT
test    DONE      NON-COMPLIANT
test1   RUNNING   NOT-AVAILABLE
test1   AGGREGATING   NOT-AVAILABLE
test1   DONE          NON-COMPLIANT
test1   DONE          NON-COMPLIANT
$ oc get ssb
NAME    STATUS
test    READY
test1   READY
$ oc get suite
NAME    PHASE   RESULT
test    DONE    NON-COMPLIANT
test1   DONE    NON-COMPLIANT
$ oc get scan
NAME           PHASE   RESULT
ocp4-cis       DONE    NON-COMPLIANT
ocp4-pci-dss   DONE    NON-COMPLIANT
$ oc get ccr
NAME                                                                  STATUS   SEVERITY
ocp4-cis-accounts-restrict-service-account-tokens                     MANUAL   medium
ocp4-cis-accounts-unique-service-account                              MANUAL   medium
ocp4-cis-api-server-admission-control-plugin-alwaysadmit              PASS     medium
ocp4-cis-api-server-admission-control-plugin-alwayspullimages         PASS     high
ocp4-cis-api-server-admission-control-plugin-namespacelifecycle       PASS     medium
ocp4-cis-api-server-admission-control-plugin-noderestriction          PASS     medium
ocp4-cis-api-server-admission-control-plugin-scc                      PASS     medium
ocp4-cis-api-server-admission-control-plugin-service-account          PASS     medium
ocp4-cis-api-server-anonymous-auth                                    PASS     medium
ocp4-cis-api-server-api-priority-gate-enabled                         FAIL     medium
ocp4-cis-api-server-audit-log-maxbackup                               PASS     low
ocp4-cis-api-server-audit-log-maxsize                                 PASS     medium
ocp4-cis-api-server-audit-log-path                                    PASS     high
ocp4-cis-api-server-auth-mode-no-aa                                   PASS     medium
ocp4-cis-api-server-auth-mode-rbac                                    PASS     medium
ocp4-cis-api-server-basic-auth                                        PASS     medium
ocp4-cis-api-server-bind-address                                      PASS     low
ocp4-cis-api-server-client-ca                                         PASS     medium
ocp4-cis-api-server-encryption-provider-cipher                        PASS     medium
ocp4-cis-api-server-etcd-ca                                           PASS     medium
ocp4-cis-api-server-etcd-cert                                         PASS     medium
ocp4-cis-api-server-etcd-key                                          PASS     medium
ocp4-cis-api-server-https-for-kubelet-conn                            PASS     medium
ocp4-cis-api-server-insecure-bind-address                             PASS     medium
ocp4-cis-api-server-kubelet-certificate-authority                     PASS     high
ocp4-cis-api-server-oauth-https-serving-cert                          PASS     medium
ocp4-cis-api-server-openshift-https-serving-cert                      PASS     medium
ocp4-cis-api-server-profiling-protected-by-rbac                       PASS     medium
ocp4-cis-api-server-request-timeout                                   PASS     medium
ocp4-cis-api-server-service-account-lookup                            PASS     medium
ocp4-cis-api-server-service-account-public-key                        PASS     medium
ocp4-cis-api-server-tls-cert                                          PASS     medium
ocp4-cis-api-server-tls-cipher-suites                                 PASS     medium
ocp4-cis-api-server-tls-private-key                                   PASS     medium
ocp4-cis-api-server-token-auth                                        PASS     high
ocp4-cis-audit-log-forwarding-enabled                                 FAIL     medium
ocp4-cis-audit-profile-set                                            PASS     medium
ocp4-cis-configure-network-policies                                   PASS     high
ocp4-cis-configure-network-policies-namespaces                        FAIL     high
ocp4-cis-controller-insecure-port-disabled                            PASS     low
ocp4-cis-controller-secure-port                                       PASS     low
ocp4-cis-controller-service-account-ca                                PASS     medium
ocp4-cis-controller-service-account-private-key                       PASS     medium
ocp4-cis-controller-use-service-account                               PASS     medium
ocp4-cis-etcd-auto-tls                                                PASS     medium
ocp4-cis-etcd-cert-file                                               PASS     medium
ocp4-cis-etcd-client-cert-auth                                        PASS     medium
ocp4-cis-etcd-key-file                                                PASS     medium
ocp4-cis-etcd-peer-auto-tls                                           PASS     medium
ocp4-cis-etcd-peer-cert-file                                          PASS     medium
ocp4-cis-etcd-peer-client-cert-auth                                   PASS     medium
ocp4-cis-etcd-peer-key-file                                           PASS     medium
ocp4-cis-general-apply-scc                                            MANUAL   medium
ocp4-cis-general-default-namespace-use                                MANUAL   medium
ocp4-cis-general-default-seccomp-profile                              MANUAL   medium
ocp4-cis-general-namespaces-in-use                                    MANUAL   medium
ocp4-cis-idp-is-configured                                            PASS     medium
ocp4-cis-kubeadmin-removed                                            FAIL     medium
ocp4-cis-kubelet-disable-readonly-port                                PASS     medium
ocp4-cis-ocp-allowed-registries                                       FAIL     medium
ocp4-cis-ocp-allowed-registries-for-import                            FAIL     medium
ocp4-cis-ocp-api-server-audit-log-maxbackup                           PASS     low
ocp4-cis-ocp-api-server-audit-log-maxsize                             PASS     medium
ocp4-cis-ocp-insecure-allowed-registries-for-import                   PASS     medium
ocp4-cis-ocp-insecure-registries                                      PASS     medium
ocp4-cis-openshift-api-server-audit-log-path                          PASS     high
ocp4-cis-rbac-debug-role-protects-pprof                               PASS     medium
ocp4-cis-rbac-least-privilege                                         MANUAL   high
ocp4-cis-rbac-limit-cluster-admin                                     MANUAL   medium
ocp4-cis-rbac-limit-secrets-access                                    MANUAL   medium
ocp4-cis-rbac-pod-creation-access                                     MANUAL   medium
ocp4-cis-rbac-wildcard-use                                            MANUAL   medium
ocp4-cis-scc-drop-container-capabilities                              MANUAL   medium
ocp4-cis-scc-limit-container-allowed-capabilities                     PASS     medium
ocp4-cis-scc-limit-ipc-namespace                                      MANUAL   medium
ocp4-cis-scc-limit-net-raw-capability                                 MANUAL   medium
ocp4-cis-scc-limit-network-namespace                                  MANUAL   medium
ocp4-cis-scc-limit-privilege-escalation                               MANUAL   medium
ocp4-cis-scc-limit-privileged-containers                              MANUAL   medium
ocp4-cis-scc-limit-process-id-namespace                               MANUAL   medium
ocp4-cis-scc-limit-root-containers                                    MANUAL   medium
ocp4-cis-scheduler-profiling-protected-by-rbac                        PASS     medium
ocp4-cis-scheduler-service-protected-by-rbac                          PASS     medium
ocp4-cis-secrets-consider-external-storage                            MANUAL   medium
ocp4-cis-secrets-no-environment-variables                             MANUAL   medium
ocp4-pci-dss-accounts-restrict-service-account-tokens                 MANUAL   medium
ocp4-pci-dss-accounts-unique-service-account                          MANUAL   medium
ocp4-pci-dss-api-server-admission-control-plugin-alwaysadmit          PASS     medium
ocp4-pci-dss-api-server-admission-control-plugin-alwayspullimages     PASS     high
ocp4-pci-dss-api-server-admission-control-plugin-namespacelifecycle   PASS     medium
ocp4-pci-dss-api-server-admission-control-plugin-noderestriction      PASS     medium
ocp4-pci-dss-api-server-admission-control-plugin-scc                  PASS     medium
ocp4-pci-dss-api-server-admission-control-plugin-service-account      PASS     medium
ocp4-pci-dss-api-server-anonymous-auth                                PASS     medium
ocp4-pci-dss-api-server-api-priority-gate-enabled                     FAIL     medium
ocp4-pci-dss-api-server-audit-log-maxbackup                           PASS     low
ocp4-pci-dss-api-server-audit-log-maxsize                             PASS     medium
ocp4-pci-dss-api-server-audit-log-path                                PASS     high
ocp4-pci-dss-api-server-auth-mode-no-aa                               PASS     medium
ocp4-pci-dss-api-server-auth-mode-rbac                                PASS     medium
ocp4-pci-dss-api-server-basic-auth                                    PASS     medium
ocp4-pci-dss-api-server-bind-address                                  PASS     low
ocp4-pci-dss-api-server-client-ca                                     PASS     medium
ocp4-pci-dss-api-server-encryption-provider-cipher                    PASS     medium
ocp4-pci-dss-api-server-etcd-ca                                       PASS     medium
ocp4-pci-dss-api-server-etcd-cert                                     PASS     medium
ocp4-pci-dss-api-server-etcd-key                                      PASS     medium
ocp4-pci-dss-api-server-https-for-kubelet-conn                        PASS     medium
ocp4-pci-dss-api-server-insecure-bind-address                         PASS     medium
ocp4-pci-dss-api-server-kubelet-certificate-authority                 PASS     high
ocp4-pci-dss-api-server-oauth-https-serving-cert                      PASS     medium
ocp4-pci-dss-api-server-openshift-https-serving-cert                  PASS     medium
ocp4-pci-dss-api-server-profiling-protected-by-rbac                   PASS     medium
ocp4-pci-dss-api-server-request-timeout                               PASS     medium
ocp4-pci-dss-api-server-service-account-lookup                        PASS     medium
ocp4-pci-dss-api-server-service-account-public-key                    PASS     medium
ocp4-pci-dss-api-server-tls-cert                                      PASS     medium
ocp4-pci-dss-api-server-tls-cipher-suites                             PASS     medium
ocp4-pci-dss-api-server-tls-private-key                               PASS     medium
ocp4-pci-dss-api-server-token-auth                                    PASS     high
ocp4-pci-dss-audit-log-forwarding-enabled                             FAIL     medium
ocp4-pci-dss-audit-profile-set                                        PASS     medium
ocp4-pci-dss-configure-network-policies                               PASS     high
ocp4-pci-dss-configure-network-policies-namespaces                    FAIL     high
ocp4-pci-dss-controller-insecure-port-disabled                        PASS     low
ocp4-pci-dss-controller-secure-port                                   PASS     low
ocp4-pci-dss-controller-service-account-ca                            PASS     medium
ocp4-pci-dss-controller-service-account-private-key                   PASS     medium
ocp4-pci-dss-controller-use-service-account                           PASS     medium
ocp4-pci-dss-etcd-auto-tls                                            PASS     medium
ocp4-pci-dss-etcd-cert-file                                           PASS     medium
ocp4-pci-dss-etcd-check-cipher-suite                                  PASS     medium
ocp4-pci-dss-etcd-client-cert-auth                                    PASS     medium
ocp4-pci-dss-etcd-key-file                                            PASS     medium
ocp4-pci-dss-etcd-peer-auto-tls                                       PASS     medium
ocp4-pci-dss-etcd-peer-cert-file                                      PASS     medium
ocp4-pci-dss-etcd-peer-client-cert-auth                               PASS     medium
ocp4-pci-dss-etcd-peer-key-file                                       PASS     medium
ocp4-pci-dss-file-integrity-exists                                    FAIL     medium
ocp4-pci-dss-file-integrity-notification-enabled                      FAIL     medium
ocp4-pci-dss-general-apply-scc                                        MANUAL   medium
ocp4-pci-dss-general-default-namespace-use                            MANUAL   medium
ocp4-pci-dss-general-default-seccomp-profile                          MANUAL   medium
ocp4-pci-dss-general-namespaces-in-use                                MANUAL   medium
ocp4-pci-dss-idp-is-configured                                        PASS     medium
ocp4-pci-dss-kubeadmin-removed                                        FAIL     medium
ocp4-pci-dss-kubelet-disable-readonly-port                            PASS     medium
ocp4-pci-dss-machine-volume-encrypted                                 PASS     high
ocp4-pci-dss-ocp-allowed-registries                                   FAIL     medium
ocp4-pci-dss-ocp-allowed-registries-for-import                        FAIL     medium
ocp4-pci-dss-ocp-api-server-audit-log-maxbackup                       PASS     low
ocp4-pci-dss-ocp-api-server-audit-log-maxsize                         PASS     medium
ocp4-pci-dss-ocp-insecure-allowed-registries-for-import               PASS     medium
ocp4-pci-dss-ocp-insecure-registries                                  PASS     medium
ocp4-pci-dss-ocp-no-ldap-insecure                                     PASS     high
ocp4-pci-dss-openshift-api-server-audit-log-path                      PASS     high
ocp4-pci-dss-rbac-cluster-roles-defined                               PASS     medium
ocp4-pci-dss-rbac-debug-role-protects-pprof                           PASS     medium
ocp4-pci-dss-rbac-least-privilege                                     MANUAL   high
ocp4-pci-dss-rbac-limit-cluster-admin                                 MANUAL   medium
ocp4-pci-dss-rbac-limit-secrets-access                                MANUAL   medium
ocp4-pci-dss-rbac-pod-creation-access                                 MANUAL   medium
ocp4-pci-dss-rbac-roles-defined                                       PASS     medium
ocp4-pci-dss-rbac-wildcard-use                                        MANUAL   medium
ocp4-pci-dss-routes-protected-by-tls                                  PASS     medium
ocp4-pci-dss-scansettingbinding-exists                                PASS     medium
ocp4-pci-dss-scc-drop-container-capabilities                          MANUAL   medium
ocp4-pci-dss-scc-limit-container-allowed-capabilities                 PASS     medium
ocp4-pci-dss-scc-limit-ipc-namespace                                  MANUAL   medium
ocp4-pci-dss-scc-limit-net-raw-capability                             MANUAL   medium
ocp4-pci-dss-scc-limit-network-namespace                              MANUAL   medium
ocp4-pci-dss-scc-limit-privilege-escalation                           MANUAL   medium
ocp4-pci-dss-scc-limit-privileged-containers                          MANUAL   medium
ocp4-pci-dss-scc-limit-process-id-namespace                           MANUAL   medium
ocp4-pci-dss-scc-limit-root-containers                                MANUAL   medium
ocp4-pci-dss-scheduler-profiling-protected-by-rbac                    PASS     medium
ocp4-pci-dss-scheduler-service-protected-by-rbac                      PASS     medium
ocp4-pci-dss-secrets-consider-external-storage                        MANUAL   medium
ocp4-pci-dss-secrets-no-environment-variables                         MANUAL   medium
ocp4-pci-dss-storageclass-encryption-enabled                          PASS     high
ocp4-pci-dss-tls-version-check-apiserver                              PASS     medium
ocp4-pci-dss-tls-version-check-router                                 PASS     medium
  1. Verified scan has expected ComplianceSuite
$ oc get scan ocp4-cis -oyaml  | grep -A 2 ComplianceSuite
    kind: ComplianceSuite
    name: test1
    uid: 0eccc05f-360d-4dbb-9b3c-647b781cca27
$ oc get scan ocp4-pci-dss -oyaml  | grep -A 2 ComplianceSuite
    kind: ComplianceSuite
    name: test
    uid: 587ec865-14d4-4300-87bc-78e0fc94838d

@BhargaviGudi
Copy link
Collaborator

/unhold
/label qe-approved

@rhmdnd rhmdnd self-requested a review February 23, 2024 01:34
@Vincent056
OCPBUGS-29272: Delete scan when SSB remove a profile
da5b8f5 
This pr fixes a issue when a profile gets removed from scansettingbinding, the old scan was not deleted when a profile is removed from the existing scansettingbinding, this pr checks that and does the removal so that new scan using that profile can be launch correctly. check OCPBUGS-29272: https://issues.redhat.com/browse/OCPBUGS-29272
@Vincent056 Vincent056 force-pushed the delete_scan branch 3 times, most recently from 52e82a8 to a146b05 Compare March 7, 2024 11:33
@Vincent056
Copy link
Author

/retest

rhmdnd
rhmdnd reviewed Mar 22, 2024
View reviewed changes
tests/e2e/serial/main_test.go Outdated
}
return false, nil
}
log.Printf("Scan %s doesn't exist anymore\n", scanName)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking through the logs, it appears we're only asserting that one of the two profiles we removed are actually gone.

We could also assert that ocp4-cis-node scans are also removed.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the log here was not correct, see https://github.com/ComplianceAsCode/compliance-operator/pull/492/files#diff-fb3ef6051bd7ff7e374c2606632940a81b280739ae4843fa3569f80ef03bdb1aR1618

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mhm - yes. Looks good.

Perhaps we can consolidate the duplicate assertions down to use a loop in a subsequent refactor patch.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's do that, track in https://issues.redhat.com/browse/CMP-2472

rhmdnd
rhmdnd approved these changes Mar 22, 2024
View reviewed changes
Copy link

@rhmdnd rhmdnd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Mar 22, 2024
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Mar 22, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rhmdnd, Vincent056

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@Vincent056 Vincent056 merged commit de5370b into ComplianceAsCode:master Mar 25, 2024
12 of 13 checks passed
@openshift-ci-robot
Copy link
Collaborator

@Vincent056: Jira Issue OCPBUGS-29272: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-29272 has been moved to the MODIFIED state.

In response to this:

This pr fixes a issue when a profile gets removed from scansettingbinding, the old scan was not deleted when a profile is removed from the existing scansettingbinding, this pr checks that and does the removal so that new scan using that profile can be launch correctly. check OCPBUGS-29272: https://issues.redhat.com/browse/OCPBUGS-29272

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rhmdnd rhmdnd rhmdnd approved these changes

@jhrozek jhrozek Awaiting requested review from jhrozek

@mrogers950 mrogers950 Awaiting requested review from mrogers950

Assignees

@rhmdnd rhmdnd

Labels
approved jira/invalid-bug jira/valid-reference lgtm px-approved qe-approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Vincent056 @openshift-ci-robot @rhmdnd @BhargaviGudi @mkumku