Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

platforms: in the rule no longer works #8833

Closed
jhrozek opened this issue May 25, 2022 · 12 comments
Closed

platforms: in the rule no longer works #8833

jhrozek opened this issue May 25, 2022 · 12 comments
Assignees
@evgenyz
Labels
CPE-AL CPE Applicability Language enhancement General enhancements to the project. Infrastructure Our content build system

Comments

@jhrozek
Copy link
Collaborator

jhrozek commented May 25, 2022

Description of problem:

We have a rule applications/openshift/api-server/api_server_api_priority_flowschema_catch_all that is supposed to run on a subset of OCP releases only. This doesn't work anymore.

The rule selects the platforms like this:

prodtype: ocp4


platforms:
  - ocp4.8
  - ocp4.9
  - ocp4.10

SCAP Security Guide Version:

today's master

Operating System Version:

OCP 4.10

Steps to Reproduce:

  1. build the content
  2. run the rule xccdf_org.ssgproject.content_rule_api_server_api_priority_flowschema_catch_all

Actual Results:

not applicable

Expected Results:

pass/fail

Additional Information/Debugging Steps:

Using git bisect, it seems like the last commit where the selection works is 9fcf5e2 and the first one where it doesn't is 6a8bc3c

I'm going to attach debug logs from both a good and a bad run.
@jhrozek
Copy link
Collaborator Author

jhrozek commented May 25, 2022

notaplicable.log
pass.log

@evgenyz
Copy link
Member

evgenyz commented May 25, 2022

It looks like the problem is with platform Id. In the rule it is <xccdf-1.2:platform idref="#ocp4.10"/> and the platform itself is <xccdf-1.2:platform idref="cpe:/a:redhat:openshift_container_platform:4.10"/>.

@evgenyz
Copy link
Member

evgenyz commented May 25, 2022

BTW, profile references platform correctly.

@evgenyz
Copy link
Member

evgenyz commented May 25, 2022

It looks like it has already been fixed in cpe_applicability branch.

@jhrozek
Copy link
Collaborator Author

jhrozek commented May 25, 2022

It looks like it has already been fixed in cpe_applicability branch.

Can we backport this fix to master sooner than when this branch merged? This is breaking some rules we had already released ...

@evgenyz
Copy link
Member

evgenyz commented May 25, 2022

It looks like it has already been fixed in cpe_applicability branch.

Can we backport this fix to master sooner than when this branch merged? This is breaking some rules we had already released

As soon as we figure out what exactly it was.

@evgenyz evgenyz added Infrastructure Our content build system CPE-AL CPE Applicability Language labels May 25, 2022
@evgenyz
Copy link
Member

evgenyz commented May 26, 2022

Note:

platforms:
  - ocp4.8 or ocp4.9 or ocp4.10

does work as intended.

@evgenyz evgenyz added the enhancement General enhancements to the project. label May 26, 2022
@evgenyz
Copy link
Member

evgenyz commented May 26, 2022

We should deprecate list-like notation.

@jhrozek
Copy link
Collaborator Author

jhrozek commented May 29, 2022

We should deprecate list-like notation.

Fine by me!

jhrozek added a commit to jhrozek/content that referenced this issue May 29, 2022
@jhrozek
OCP4: Don't use a list in platforms
7a75beb 
The list notation doesn't work anymore, let's use a boolean "sentence"
instead.

Related: ComplianceAsCode#8833
@jhrozek jhrozek mentioned this issue May 29, 2022
Merged
jhrozek added a commit to jhrozek/content that referenced this issue May 30, 2022
@jhrozek
OCP4: Don't use a list in platforms
ffde1e4 
The list notation doesn't work anymore, let's use a boolean "sentence"
instead.

Related: ComplianceAsCode#8833
This was referenced May 30, 2022
Closed
Closed
jhrozek added a commit to jhrozek/content that referenced this issue Jun 3, 2022
@jhrozek
OCP4: Don't use a list in platforms
c46cd0b 
The list notation doesn't work anymore, let's use a boolean "sentence"
instead.

Related: ComplianceAsCode#8833
@marcusburghardt
Copy link
Member

@evgenyz can you confirm if this issue can be closed, please?

@evgenyz
Copy link
Member

evgenyz commented Aug 25, 2023

Have we deprecated / dropped the platforms keyword?

@evgenyz
Copy link
Member

evgenyz commented Aug 27, 2023

I mean, we can close it, but the broken misleading platforms is how we got into this problem in the first place.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@evgenyz evgenyz

Labels
CPE-AL CPE Applicability Language enhancement General enhancements to the project. Infrastructure Our content build system
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@evgenyz @jhrozek @marcusburghardt