Red Hat Product Errata RHBA-2021:3214 - Bug Fix Advisory
Issued:
2021-09-07
Updated:
2021-09-07

RHBA-2021:3214 - Bug Fix Advisory

Synopsis

OpenShift Compliance Operator bug fix and enhancement update

Type/Severity

Bug Fix Advisory

Topic

An updated OpenShift Compliance Operator image that fixes various bugs and adds enhancements is now available for the Red Hat OpenShift Enterprise 4 catalog.

Description

The OpenShift Compliance Operator image update is available with the following changes:

  • Allow profileparser to parse PCI DSS references
  • Add permission for Operator to remediate PrometheusRule objects
  • Print Compliance Operator version on startup
  • Update wording in TailoredProfile custom resource definition (CRD)
  • e2e: aggregating/NA metric value
  • Bug 1990836: Move metrics service creation back into Operator startup
  • Add fetch-git-tags make target
  • Add a must-gather plugin
  • Bug 1946512: Use latest for CSV documentation link
  • Note that rolling back images in ProfileBundle is not well supported
  • Controller metrics e2e testing
  • Add initial controller metrics support
  • Vendor deps
  • Bump the suitererunner resource limits
  • Fix instructions on building VMs
  • Add NERC-CIP reference support
  • The remediation templating design doc Squashed
  • Add implementation of enforcement remediations
  • tailoring: Update the tailoring CM on changes

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.7 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64

Fixes

  • BZ - 1946512 - [OCP v48] Unreachable url shows in links section of Compliance Operator over GUI
  • BZ - 1972559 - compliancecheckresults fails with inconsistent results
  • BZ - 1975358 - Compliance Operator does not unpause pool during OCP Upgrade
  • BZ - 1982142 - Level up the resource for Compliance Operator Suite Cronjob
  • BZ - 1983878 - "Ensure that application Namespaces have Network Policies defined" check fails each time.
  • BZ - 1990836 - [v4.9] The compliance-operator installation fails due to secret "compliance-operator-serving-cert" not found

CVEs

(none)

References

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.