Skip to content

OSDOCS-4462: Adding notice of future plans to enable PSA restricted e… #52541

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 15, 2022
Merged

OSDOCS-4462: Adding notice of future plans to enable PSA restricted e… #52541

merged 1 commit into from
Dec 15, 2022

Conversation

@bergerhoffer
Copy link
Contributor

@bergerhoffer bergerhoffer commented Nov 7, 2022
edited
Loading

…nforcement

Version(s):
4.12

Issue:
https://issues.redhat.com/browse/OSDOCS-4462

Link to docs preview:
https://52541--docspreview.netlify.app/openshift-enterprise/latest/release_notes/ocp-4-12-release-notes.html#ocp-4-12-psa-restricted-enforcement

QE review:

  • QE has approved this change.

Additional information:

@bergerhoffer bergerhoffer added this to the Planned for 4.12 GA milestone Nov 7, 2022
@openshift-ci openshift-ci bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Nov 7, 2022
@ocpdocs-previewbot
Copy link

ocpdocs-previewbot commented Nov 7, 2022
edited
Loading

🤖 Updated build preview is available at:
https://52541--docspreview.netlify.app

Build log: https://circleci.com/gh/ocpdocs-previewbot/openshift-docs/5419

bergerhoffer
bergerhoffer commented Nov 7, 2022
View reviewed changes
@openshift-ci openshift-ci bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Nov 8, 2022
bergerhoffer
bergerhoffer commented Nov 8, 2022
View reviewed changes
bergerhoffer
bergerhoffer commented Nov 8, 2022
View reviewed changes
@openshift-ci openshift-ci bot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Dec 12, 2022
@bergerhoffer
Copy link
Contributor Author

bergerhoffer commented Dec 12, 2022

@stlaz Okay so I played with this for awhile. I incorporated some of what you provided, but I didn't want to make it too explicit of step-by-step instructions on how to resolve issues. Especially since this is just the release notes.

Let me know how this looks, if this is sufficient enough information to get people started early looking at this before restricted enforcement is turned on for 4.13.

For 4.13, I think we'll want to add some more explicit steps on troubleshooting/fixing these violations. But that doesn't have to be now. We could even consider adding this in a future 4.12.z update if we do want to get it earlier. But again, the details don't need to be here and now in the release notes.

Let me know what you think, and if you have any feedback. Thanks!

Preview: https://52541--docspreview.netlify.app/openshift-enterprise/latest/release_notes/ocp-4-12-release-notes.html#ocp-4-12-psa-restricted-enforcement

stlaz
stlaz reviewed Dec 13, 2022
View reviewed changes
Copy link
Contributor

@stlaz stlaz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One bit that needs improving but I think that it looks good otherwise

@bergerhoffer
Copy link
Contributor Author

bergerhoffer commented Dec 13, 2022

@xingxingxia Can you please review this update, to give customers a heads up about restricted enforcement planned for 4.13?

Preview: https://52541--docspreview.netlify.app/openshift-enterprise/latest/release_notes/ocp-4-12-release-notes.html#ocp-4-12-psa-restricted-enforcement

@bergerhoffer
Copy link
Contributor Author

bergerhoffer commented Dec 13, 2022

FYI @anjaltelang

@xingxingxia
Copy link
Contributor

xingxingxia commented Dec 15, 2022

@zhouying7780 could you help review?

@zhouying7780
Copy link

zhouying7780 commented Dec 15, 2022

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Dec 15, 2022
@bergerhoffer bergerhoffer added the peer-review-needed Signifies that the peer review team needs to review this PR label Dec 15, 2022
@sheriff-rh
Copy link
Contributor

sheriff-rh commented Dec 15, 2022

/label peer-review-in-progress
/remove-label peer-review-needed

@openshift-ci openshift-ci bot added peer-review-in-progress Signifies that the peer review team is reviewing this PR and removed peer-review-needed Signifies that the peer review team needs to review this PR labels Dec 15, 2022
sheriff-rh
sheriff-rh reviewed Dec 15, 2022
View reviewed changes
Copy link
Contributor

@sheriff-rh sheriff-rh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One question, otherwise looks good!

release_notes/ocp-4-12-release-notes.adoc Outdated
Copy link
Contributor

@sheriff-rh sheriff-rh Dec 15, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interestingly, there is an "Identifying pod security violations" procedure module called modules/security-context-constraints-psa-alert-eval.adoc but I don't see it rendered in your build preview. But it is in the pull request where you added it in 3 months ago in #50631.

Am I missing something?

Copy link
Contributor Author

@bergerhoffer bergerhoffer Dec 15, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's really weird, I swear I rebased and that link worked. I will try rebasing again to make sure it links properly before merging. Thanks!

Copy link
Contributor Author

@bergerhoffer bergerhoffer Dec 15, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rebased and it's good now. Thanks again!

@sheriff-rh
Copy link
Contributor

sheriff-rh commented Dec 15, 2022

/label peer-review-done
/remove-label peer-review-in-progress

@openshift-ci openshift-ci bot added peer-review-done Signifies that the peer review team has reviewed this PR and removed peer-review-in-progress Signifies that the peer review team is reviewing this PR labels Dec 15, 2022
@openshift-ci openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Dec 15, 2022
@openshift-ci
Copy link

openshift-ci bot commented Dec 15, 2022

New changes are detected. LGTM label has been removed.

@bergerhoffer bergerhoffer merged commit a446674 into openshift:enterprise-4.12 Dec 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sheriff-rh sheriff-rh sheriff-rh left review comments

+1 more reviewer

@stlaz stlaz stlaz left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@zhouying7780 zhouying7780

Labels

branch/enterprise-4.12 peer-review-done Signifies that the peer review team has reviewed this PR size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

OCP 4.12 GA

Development

Successfully merging this pull request may close these issues.

6 participants

@bergerhoffer @ocpdocs-previewbot @xingxingxia @zhouying7780 @sheriff-rh @stlaz