XML

Word

Printable

Type: Epic
Resolution: Done-Errata
Priority: Critical
Fix Version/s: compliance-operator-1.7.0
Affects Version/s: None
Component/s: None
Labels:
None

Epic Name:
co-arm-support
Work Type:
BU Product Work
Story Points:
0
Blocked:
False
Blocked Reason:
None
Ready:
False
Color Status:
Not Selected
Epic Status:
In Progress
Feature Link:
CMP-2960 - Compliance Operator support on ARM (CIS OCP 1.7.0 and FedRAMP Moderate Revision 4)
Parent Link:
CMP-2960Compliance Operator support on ARM (CIS OCP 1.7.0 and FedRAMP Moderate Revision 4)
Hierarchy Progress Bar:

0% To Do, 0% In Progress, 100% Done

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

PX Impact Score:
PX Review Complete:

Intelligence Requested:
Market:

Epic Goal

Implement support and testing for running the Compliance Operator on ARM clusters.

Why is this important?

Several OpenShift users are using ARM, and it provides cost savings, which we could leverage in CI.

Scenarios

As a user, I want to be able to install the Compliance Operator on an ARM OpenShift cluster and leverage it to scan the environment, so that I can use the findings in audit reports
As an OpenShift engineer, I want my patches to be tested on ARM clusters so that we prevent regressions on ARM architecture when releasing the Compliance Operator.

Acceptance Criteria

Must have periodic weekly CI that runs some subset of profiles on ARM architecture
Must have gating CI jobs in the ComplianceAsCode/compliance-operator repository that tests each PR on an ARM cluster
Must set the appropriate ARM architecture annotations in bundle metadata.

Dependencies (internal and external)

Previous Work (Optional):

Open questions::

Done Checklist

CI - CI is running, tests are automated and merged.
Release Enablement <link to Feature Enablement Presentation>
DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
DEV - Downstream build attached to advisory: <link to errata>
QE - Test plans in Polarion: <link or reference to Polarion>
QE - Automated tests merged: <link or reference to automated tests>
DOC - Downstream documentation merged: <link to meaningful PR>

account is impacted by

OCPBUGS-54358 Rule audit_rules_unsuccessful_file_modification_open fails on ARM64 clusters

OCPBUGS-54359 Rule audit_rules_unsuccessful_file_modification_open_o_creat fail on ARM

OCPBUGS-54360 Rule audit-rules-unsuccessful-file-modification-open-o-trunc-write fail on arm

OCPBUGS-54361 Rule audit-rules-unsuccessful-file-modification-open-rule-order fail on arm

OCPBUGS-54363 Rule audit-rules-unsuccessful-file-modification-rename fail on arm

OCPBUGS-54364 Rule audit-rules-unsuccessful-file-modification-unlink fail on arm

is blocked by

OCPBUGS-52887 Rule audit-log-forwarding-uses-tls fails on ARM64

OCPBUGS-52891 Rule container-security-operator-exists fails on ARM64

OCPBUGS-52892 Rule security-profiles-operator-exists fails on ARM64

OCPBUGS-52893 Rule audit-rules-dac-modification-chmod fails on ARM64

OCPBUGS-52894 Rule audit-rules-dac-modification-chown fails on ARM64

OCPBUGS-52895 Rule audit-rules-time-stime fails on ARM64

OCPBUGS-52897 Rule audit-rules-dac-modification-lchown fails on ARM64

OCPBUGS-52898 Rule audit-rules-etc-group-open fails on ARM64

OCPBUGS-52900 Rule audit-rules-etc-gshadow-open fails on ARM64

OCPBUGS-52901 Rule audit-rules-etc-passwd-open fails on ARM64

OCPBUGS-52902 Rule audit-rules-etc-shadow-open fails on ARM64

OCPBUGS-52903 Rule audit-rules-file-deletion-events-rename fails on ARM64

OCPBUGS-52904 Rule audit-rules-file-deletion-events-rmdir fails on ARM64

OCPBUGS-52905 Rule audit-rules-file-deletion-events-unlink fails on ARM64

OCPBUGS-52907 Rule audit-rules-unsuccessful-file-modification-chmod fails on ARM64

OCPBUGS-52908 Rule audit-rules-unsuccessful-file-modification-chown fails on ARM64

OCPBUGS-52909 Rule audit-rules-unsuccessful-file-modification-creat fails on ARM64

OCPBUGS-52910 Rule audit-rules-unsuccessful-file-modification-lchown fails on ARM64

OCPBUGS-52911 Rule audit-rules-unsuccessful-file-modification-open fails on ARM64

OCPBUGS-52912 Rule audit-rules-unsuccessful-file-modification-open-o-creat fails on ARM64

OCPBUGS-52913 Rule audit-rules-unsuccessful-file-modification-open-o-trunc-write fails on ARM64

OCPBUGS-52914 Rule audit-rules-unsuccessful-file-modification-open-rule-order fails on ARM64

OCPBUGS-52915 Rule audit-rules-unsuccessful-file-modification-rename fails on ARM64

OCPBUGS-52916 Rule audit-rules-unsuccessful-file-modification-unlink fails on ARM64

OCPBUGS-52917 Rule audit-rules-dac-modification-umount fails on ARM64

OCPBUGS-52918 Rule bios-enable-execution-restrictions fails on ARM64

OCPBUGS-52884 Rule file-integrity-exists fails on ARM64 clusters

Closed

OCPBUGS-52885 Rule file-integrity-notification-enabled fails on ARM64 clusters

Closed

relates to

CMP-3115 Implement periodic profile CI that runs on ARM architecture

In Progress

links to

RHBA-2025:3728 OpenShift Compliance Operator 1.7.0

(1 account is impacted by, 28 is blocked by, 1 relates to, 1 links to)

1.	E2E Automation		Closed		Xiaojie Yuan
2.	CI Integration		Closed		Bhargavi Gudi

Assignee:: Lance Bragstad

Reporter:: Lance Bragstad

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/01/28 9:28 PM

Updated:: 2025/04/28 7:59 AM

Resolved:: 2025/04/28 7:59 AM

Details

Description

Epic Goal

Why is this important?

Scenarios

Acceptance Criteria

Dependencies (internal and external)

Previous Work (Optional):

Open questions::

Done Checklist

Attachments

Issue Links

Easy Agile Planning Poker

Sub-Tasks

Activity

People

Dates