Update OpenShift logging rules to handle CLO 6.0 #12484
Conversation
cluster-loggin-operator has transitioned to stable-6.0 channel. This updates our testing remediations to grab CLO from the correct channel.
Reform rule audit_log_forwarding_enabled to check for ClusterlogForwarders from logging and observability APIs. Adds two rules checking for log forwarding in each API
Reform rule audit_log_forwarding_uses_tls to check for ClusterlogForwarders from logging and observability APIs. Adds two rules checking for log forwarding in each API
Reform rule audit_log_forwarding_webhook to check for ClusterlogForwarders from logging and observability APIs. Adds two rules checking for log forwarding in each API
Reform rule cluster_logging_operator_exists to check for existence ClusterlogForwarders from logging and observability APIs. Adds two rules checking for log forwarding in each API
|
Start a new ephemeral environment with changes proposed in this pull request: rhel8 (from CTF) Environment (using Fedora as testing environment) Fedora Testing Environment Oracle Linux 8 Environment |
|
🤖 A k8s content image for this PR is available at: Click here to see how to deploy itIf you alread have Compliance Operator deployed: Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and: |
|
Should be good to rekick the testing here now that ComplianceAsCode/compliance-operator#616 landed. The images should rebuild and push to the ghci. |
|
/test 4.17-e2e-aws-ocp4-pci-dss-4-0 /test 4.17-e2e-aws-ocp4-stig |
|
/test 4.13-e2e-aws-ocp4-pci-dss-4-0 |
|
/test 4.17-e2e-aws-ocp4-pci-dss-4-0 /test 4.17-e2e-aws-ocp4-stig |
|
/test 4.13-e2e-aws-ocp4-stig |
|
Rule /test 4.13-e2e-aws-ocp4-high |
|
/test 4.15-e2e-aws-ocp4-high |
Fix jq filter for audit_log_forwarding_uses_tls for the legacy clusterlogforwarder on logging.openshift.io. There is a single object named 'instance', so there is no need for '.items[]'
|
/test 4.17-e2e-aws-ocp4-pci-dss-4-0 /test 4.17-e2e-aws-ocp4-stig |
|
I think the PCI-DSS 4.0 failure will get fixed with https://github.com/ComplianceAsCode/content/pull/12491/files |
applications/openshift/api-server/audit_log_forwarding_enabled/rule.yml
Outdated
Show resolved
Hide resolved
applications/openshift/api-server/audit_log_forwarding_enabled_logging_api/rule.yml
Outdated
Show resolved
Hide resolved
applications/openshift/api-server/audit_log_forwarding_enabled_logging_api/rule.yml
Show resolved
Hide resolved
applications/openshift/api-server/audit_log_forwarding_enabled_observability_api/rule.yml
Outdated
Show resolved
Hide resolved
applications/openshift/api-server/audit_log_forwarding_enabled_observability_api/rule.yml
Outdated
Show resolved
Hide resolved
|
Looks like this is working as intended through CI. |
Update logging api rules to point to latest logging.openshift.io docs
configured to logs to -> configured to log to
|
Code Climate has analyzed commit 3782188 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 59.5% (0.0% change). View more on Code Climate. |
|
/test 4.17-e2e-aws-ocp4-pci-dss-4-0 |
|
What a beautiful prow run |
Description:
observability.openshift.iowhen CLO 6.0 is installed/availableRationale:
Review Hints: