From a2a5f67b2f4125529d5199e92ad9994602327db8 Mon Sep 17 00:00:00 2001 From: vincent Date: Tue, 10 May 2022 12:26:17 -0700 Subject: [PATCH] Release v0.1.51 --- CHANGELOG.md | 25 +++++++++++---- deploy/compliance-operator-chart/Chart.yaml | 2 +- ...liance-operator.clusterserviceversion.yaml | 32 +++++++------------ ...nce.openshift.io_tailoredprofiles_crd.yaml | 19 +++++++++++ version/version.go | 2 +- 5 files changed, 50 insertions(+), 30 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3f9d9ccb6..4e86b90b2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,16 +9,11 @@ Versioning](https://semver.org/spec/v2.0.0.html). ### Enhancements -- Added `maunalRules` to `TailoredProfile` CRD, user can choose to add the rule - there so that those rules will show Manual as results and remediations will not be - created. +- ### Fixes -- Fix OpenScap scanner container crashloop caused by script mount permission issue - on a security envronment where DAC_OVERRIDE capability is dropped. This PR changes - script mount permission to give excute permission to all users. - [bug](https://bugzilla.redhat.com/show_bug.cgi?id=2082151) for more information. +- ### Internal Changes @@ -37,6 +32,22 @@ Versioning](https://semver.org/spec/v2.0.0.html). - +## [0.1.51] - 2022-05-10 + +### Enhancements + +- Added `maunalRules` to `TailoredProfile` CRD, user can choose to add the rule + there so that those rules will show Manual as results and remediation will not be + created. + +### Fixes + +- Fix OpenScap scanner container crashloop caused by script mount permission issue + on a security environment where DAC_OVERRIDE capability is dropped. This PR changes + script mount permission to give execute permission to all users. + [bug](https://bugzilla.redhat.com/show_bug.cgi?id=2082151) for more information. + + ## [0.1.50] - 2022-05-02 ### Enhancements diff --git a/deploy/compliance-operator-chart/Chart.yaml b/deploy/compliance-operator-chart/Chart.yaml index cb9f31d61..f913619e9 100644 --- a/deploy/compliance-operator-chart/Chart.yaml +++ b/deploy/compliance-operator-chart/Chart.yaml @@ -21,4 +21,4 @@ version: 0.1.0 # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "0.1.50" +appVersion: "0.1.51" diff --git a/deploy/olm-catalog/compliance-operator/manifests/compliance-operator.clusterserviceversion.yaml b/deploy/olm-catalog/compliance-operator/manifests/compliance-operator.clusterserviceversion.yaml index d3ed389e0..2116d951d 100644 --- a/deploy/olm-catalog/compliance-operator/manifests/compliance-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/compliance-operator/manifests/compliance-operator.clusterserviceversion.yaml @@ -160,7 +160,7 @@ metadata: ] capabilities: Seamless Upgrades categories: Monitoring,Security - olm.skipRange: '>=0.1.17 <0.1.50' + olm.skipRange: '>=0.1.17 <0.1.51' operatorframework.io/cluster-monitoring: "true" operatorframework.io/suggested-namespace: openshift-compliance operators.openshift.io/infrastructure-features: '["disconnected", "fips", "proxy-aware"]' @@ -170,7 +170,7 @@ metadata: operatorframework.io/arch.amd64: supported operatorframework.io/arch.ppc64le: supported operatorframework.io/arch.s390x: supported - name: compliance-operator.v0.1.50 + name: compliance-operator.v0.1.51 namespace: placeholder spec: apiservicedefinitions: {} @@ -295,22 +295,6 @@ spec: kind: TailoredProfile name: tailoredprofiles.compliance.openshift.io version: v1alpha1 - statusDescriptors: - - path: id - displayName: ID - description: The XCCDF ID of the tailored profile - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:text' - - path: state - displayName: State - description: The current state of the tailored profile - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:text' - - path: errorMessage - displayName: Error Message - description: If there are issues on the tailored profile, this will be filled up with an error. - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:text' - description: Variable describes a tunable in the XCCDF profile kind: Variable name: variables.compliance.openshift.io @@ -1308,10 +1292,10 @@ spec: - name: RELATED_IMAGE_OPENSCAP value: quay.io/compliance-operator/openscap-ocp:1.3.5 - name: RELATED_IMAGE_OPERATOR - value: quay.io/compliance-operator/compliance-operator:0.1.50 + value: quay.io/compliance-operator/compliance-operator:0.1.51 - name: RELATED_IMAGE_PROFILE value: quay.io/compliance-operator/compliance-operator-content:latest - image: quay.io/compliance-operator/compliance-operator:0.1.50 + image: quay.io/compliance-operator/compliance-operator:0.1.51 imagePullPolicy: Always name: compliance-operator resources: @@ -1564,6 +1548,12 @@ spec: - get - update - patch + - apiGroups: + - compliance.openshift.io + resources: + - tailoredprofiles + verbs: + - get serviceAccountName: remediation-aggregator - rules: - apiGroups: @@ -1628,4 +1618,4 @@ spec: provider: name: Red Hat Inc. url: www.redhat.com - version: 0.1.50 + version: 0.1.51 diff --git a/deploy/olm-catalog/compliance-operator/manifests/compliance.openshift.io_tailoredprofiles_crd.yaml b/deploy/olm-catalog/compliance-operator/manifests/compliance.openshift.io_tailoredprofiles_crd.yaml index cf238915a..661db611f 100644 --- a/deploy/olm-catalog/compliance-operator/manifests/compliance.openshift.io_tailoredprofiles_crd.yaml +++ b/deploy/olm-catalog/compliance-operator/manifests/compliance.openshift.io_tailoredprofiles_crd.yaml @@ -83,6 +83,25 @@ spec: extends: description: Points to the name of the profile to extend type: string + manualRules: + description: Disables the automated check on referenced rules for + manual check + items: + description: RuleReferenceSpec specifies a rule to be selected/deselected, + as well as the reason why + properties: + name: + description: Name of the rule that's being referenced + type: string + rationale: + description: Rationale of why this rule is being selected/deselected + type: string + required: + - name + - rationale + type: object + nullable: true + type: array setValues: description: Sets the referenced variables to selected values items: diff --git a/version/version.go b/version/version.go index 3f0eab630..7969ceabe 100644 --- a/version/version.go +++ b/version/version.go @@ -1,5 +1,5 @@ package version var ( - Version = "0.1.50" + Version = "0.1.51" )