New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add manualRules to tailoredProfile CRD #12
Conversation
First off, I'd like to hear from others what do they think. To expand on what's been requested -- some of our rules, for example those that check SCCs for being very privileged don't take into account customer customizations. The SCCs example checks that there exists one SCC that allows all capabilities and its name is So I'm OK with this approach personally, but because it touches the API, I'd like to hear from others, maybe there is a different solution. @mrogers950 @rhmdnd @JAORMX |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some nits inline, but the most important thing is to agree if we want to take this approach.
CHANGELOG.md
Outdated
@@ -21,6 +21,8 @@ Versioning](https://semver.org/spec/v2.0.0.html). | |||
- Added necessary permissions for api-resource-collector so that the new | |||
[rule](https://github.com/ComplianceAsCode/content/pull/8511) | |||
`cluster_logging_operator_exist` can be evaluated properly. | |||
- Added `maunalRules` to `TailoredProfile` CRD, user can choose to add the rule | |||
there so that those rules will show Manual as results. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should explicitly say that the remediations are not created in this case, both here and in the CRD docs.
I think the approach makes sense. |
041a0be
to
993a24e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jhrozek, Vincent056 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
New changes are detected. LGTM label has been removed. |
/retest |
2 similar comments
/retest |
/retest |
be5ca40
to
dcdcae0
Compare
This PR enables user to disable automated check on rules so that they can check those rules manually. They can do that by adding rules under manualRules in TailoredProfile Spec
This PR enables users to disable automated checks on rules so that they can check those rules manually. They can do that by adding rules under manualRules in TailoredProfile Spec.
ex.