From 6bedc99250e5ed1cedc552d83261681ceec2efba Mon Sep 17 00:00:00 2001 From: Lance Bragstad Date: Thu, 28 Sep 2023 16:40:06 -0500 Subject: [PATCH] CMP-2130: Implement support for profile versioning This commit adds support for an optional version attribute for Profile custom resources. This attribute is parsed out of the datastream and set on the Profile by the compliance operator. It's not intended for end users to supply their own version. Future patches may expand on this concept to support multiple versions of a single profile. --- CHANGELOG.md | 3 ++- ...ompliance.openshift.io_compliancecheckresults.yaml | 2 +- ...ompliance.openshift.io_complianceremediations.yaml | 2 +- .../compliance.openshift.io_compliancescans.yaml | 2 +- .../compliance.openshift.io_compliancesuites.yaml | 2 +- .../bases/compliance.openshift.io_profilebundles.yaml | 2 +- .../crd/bases/compliance.openshift.io_profiles.yaml | 11 +++++++++-- config/crd/bases/compliance.openshift.io_rules.yaml | 2 +- .../compliance.openshift.io_scansettingbindings.yaml | 2 +- .../bases/compliance.openshift.io_scansettings.yaml | 2 +- .../compliance.openshift.io_tailoredprofiles.yaml | 2 +- .../crd/bases/compliance.openshift.io_variables.yaml | 2 +- config/manager/kustomization.yaml | 4 ++-- pkg/apis/compliance/v1alpha1/profile_types.go | 3 +++ pkg/apis/compliance/v1alpha1/zz_generated.deepcopy.go | 1 - pkg/profileparser/profileparser.go | 8 ++++++++ 16 files changed, 34 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 671761760..2f62fe047 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,7 +9,8 @@ Versioning](https://semver.org/spec/v2.0.0.html). ### Enhancements -- +- Implemented supported for an optional `version` attribute on `Profile` custom + resources. ### Fixes diff --git a/config/crd/bases/compliance.openshift.io_compliancecheckresults.yaml b/config/crd/bases/compliance.openshift.io_compliancecheckresults.yaml index ff8f26350..63318767d 100644 --- a/config/crd/bases/compliance.openshift.io_compliancecheckresults.yaml +++ b/config/crd/bases/compliance.openshift.io_compliancecheckresults.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.0 + controller-gen.kubebuilder.io/version: v0.13.0 name: compliancecheckresults.compliance.openshift.io spec: group: compliance.openshift.io diff --git a/config/crd/bases/compliance.openshift.io_complianceremediations.yaml b/config/crd/bases/compliance.openshift.io_complianceremediations.yaml index a506201cf..31f502a0b 100644 --- a/config/crd/bases/compliance.openshift.io_complianceremediations.yaml +++ b/config/crd/bases/compliance.openshift.io_complianceremediations.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.0 + controller-gen.kubebuilder.io/version: v0.13.0 name: complianceremediations.compliance.openshift.io spec: group: compliance.openshift.io diff --git a/config/crd/bases/compliance.openshift.io_compliancescans.yaml b/config/crd/bases/compliance.openshift.io_compliancescans.yaml index 875c9252a..58dd9ca32 100644 --- a/config/crd/bases/compliance.openshift.io_compliancescans.yaml +++ b/config/crd/bases/compliance.openshift.io_compliancescans.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.0 + controller-gen.kubebuilder.io/version: v0.13.0 name: compliancescans.compliance.openshift.io spec: group: compliance.openshift.io diff --git a/config/crd/bases/compliance.openshift.io_compliancesuites.yaml b/config/crd/bases/compliance.openshift.io_compliancesuites.yaml index b05225a94..ccf8c34c9 100644 --- a/config/crd/bases/compliance.openshift.io_compliancesuites.yaml +++ b/config/crd/bases/compliance.openshift.io_compliancesuites.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.0 + controller-gen.kubebuilder.io/version: v0.13.0 name: compliancesuites.compliance.openshift.io spec: group: compliance.openshift.io diff --git a/config/crd/bases/compliance.openshift.io_profilebundles.yaml b/config/crd/bases/compliance.openshift.io_profilebundles.yaml index 490fe9be7..7fbe8b5fe 100644 --- a/config/crd/bases/compliance.openshift.io_profilebundles.yaml +++ b/config/crd/bases/compliance.openshift.io_profilebundles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.0 + controller-gen.kubebuilder.io/version: v0.13.0 name: profilebundles.compliance.openshift.io spec: group: compliance.openshift.io diff --git a/config/crd/bases/compliance.openshift.io_profiles.yaml b/config/crd/bases/compliance.openshift.io_profiles.yaml index 82022c16c..d0a8ed54a 100644 --- a/config/crd/bases/compliance.openshift.io_profiles.yaml +++ b/config/crd/bases/compliance.openshift.io_profiles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.0 + controller-gen.kubebuilder.io/version: v0.13.0 name: profiles.compliance.openshift.io spec: group: compliance.openshift.io @@ -17,7 +17,11 @@ spec: singular: profile scope: Namespaced versions: - - name: v1alpha1 + - additionalPrinterColumns: + - jsonPath: .version + name: Version + type: string + name: v1alpha1 schema: openAPIV3Schema: description: Profile is the Schema for the profiles API @@ -55,6 +59,8 @@ spec: nullable: true type: array x-kubernetes-list-type: atomic + version: + type: string required: - description - id @@ -62,3 +68,4 @@ spec: type: object served: true storage: true + subresources: {} diff --git a/config/crd/bases/compliance.openshift.io_rules.yaml b/config/crd/bases/compliance.openshift.io_rules.yaml index 7da9d002a..15361c013 100644 --- a/config/crd/bases/compliance.openshift.io_rules.yaml +++ b/config/crd/bases/compliance.openshift.io_rules.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.0 + controller-gen.kubebuilder.io/version: v0.13.0 name: rules.compliance.openshift.io spec: group: compliance.openshift.io diff --git a/config/crd/bases/compliance.openshift.io_scansettingbindings.yaml b/config/crd/bases/compliance.openshift.io_scansettingbindings.yaml index d44fe3622..f0ff8de83 100644 --- a/config/crd/bases/compliance.openshift.io_scansettingbindings.yaml +++ b/config/crd/bases/compliance.openshift.io_scansettingbindings.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.0 + controller-gen.kubebuilder.io/version: v0.13.0 name: scansettingbindings.compliance.openshift.io spec: group: compliance.openshift.io diff --git a/config/crd/bases/compliance.openshift.io_scansettings.yaml b/config/crd/bases/compliance.openshift.io_scansettings.yaml index b5ef50246..b74bddb1f 100644 --- a/config/crd/bases/compliance.openshift.io_scansettings.yaml +++ b/config/crd/bases/compliance.openshift.io_scansettings.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.0 + controller-gen.kubebuilder.io/version: v0.13.0 name: scansettings.compliance.openshift.io spec: group: compliance.openshift.io diff --git a/config/crd/bases/compliance.openshift.io_tailoredprofiles.yaml b/config/crd/bases/compliance.openshift.io_tailoredprofiles.yaml index 9d59f9509..0763b2897 100644 --- a/config/crd/bases/compliance.openshift.io_tailoredprofiles.yaml +++ b/config/crd/bases/compliance.openshift.io_tailoredprofiles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.0 + controller-gen.kubebuilder.io/version: v0.13.0 name: tailoredprofiles.compliance.openshift.io spec: group: compliance.openshift.io diff --git a/config/crd/bases/compliance.openshift.io_variables.yaml b/config/crd/bases/compliance.openshift.io_variables.yaml index 99d021332..d3920a0d2 100644 --- a/config/crd/bases/compliance.openshift.io_variables.yaml +++ b/config/crd/bases/compliance.openshift.io_variables.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.0 + controller-gen.kubebuilder.io/version: v0.13.0 name: variables.compliance.openshift.io spec: group: compliance.openshift.io diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index d0963631f..26170e9d4 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -3,7 +3,7 @@ resources: images: - name: compliance-operator - newName: ghcr.io/complianceascode/compliance-operator - newTag: latest + newName: image-registry.openshift-image-registry.svc:5000/openshift/compliance-operator + newTag: 971ccfaf-9059-45a6-8a76-bfabcc9f47c5 apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/pkg/apis/compliance/v1alpha1/profile_types.go b/pkg/apis/compliance/v1alpha1/profile_types.go index 8686f66a8..b420e962d 100644 --- a/pkg/apis/compliance/v1alpha1/profile_types.go +++ b/pkg/apis/compliance/v1alpha1/profile_types.go @@ -35,12 +35,15 @@ type ProfilePayload struct { // +optional // +listType=atomic Values []ProfileValue `json:"values,omitempty"` + // +optional + Version string `json:"version"` } // +kubebuilder:object:root=true // Profile is the Schema for the profiles API // +kubebuilder:resource:path=profiles,scope=Namespaced,shortName=profs;prof +// +kubebuilder:printcolumn:name="Version",type="string",JSONPath=`.version` type Profile struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/pkg/apis/compliance/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/compliance/v1alpha1/zz_generated.deepcopy.go index 3df2bfa27..2af88722d 100644 --- a/pkg/apis/compliance/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/compliance/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022. diff --git a/pkg/profileparser/profileparser.go b/pkg/profileparser/profileparser.go index 756ce662b..fc0099ca1 100644 --- a/pkg/profileparser/profileparser.go +++ b/pkg/profileparser/profileparser.go @@ -311,6 +311,13 @@ func parseProfileFromNode(profileRoot *xmlquery.Node, pb *cmpv1alpha1.ProfileBun if description == nil { return LogAndReturnError("no description in profile") } + v := profileObj.SelectElement("xccdf-1.2:version") + var version string + if v != nil { + version = v.InnerText() + } else { + version = "" + } log.Info("Found profile", "id", id) // In case the profile sets its own CPE string @@ -362,6 +369,7 @@ func parseProfileFromNode(profileRoot *xmlquery.Node, pb *cmpv1alpha1.ProfileBun Description: utils.XmlNodeAsMarkdown(description), Rules: selectedrules, Values: selectedvalues, + Version: version, }, }