From 1a8349f39277ba7e8a4e7b81025b7310f80398fa Mon Sep 17 00:00:00 2001 From: Lance Bragstad Date: Fri, 1 Dec 2023 09:49:17 -0600 Subject: [PATCH] Release v1.4.0 --- CHANGELOG.md | 78 ++++++++++++++----- ...liance-operator.clusterserviceversion.yaml | 6 +- ...pliance.openshift.io_tailoredprofiles.yaml | 2 + catalog/preamble.json | 4 +- ...liance-operator.clusterserviceversion.yaml | 2 +- version.Makefile | 2 +- version/version.go | 2 +- 7 files changed, 67 insertions(+), 29 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b82907d14..a6550c079 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,33 @@ Versioning](https://semver.org/spec/v2.0.0.html). ### Enhancements +- + +### Fixes + +- + +### Internal Changes + +- + +### Deprecations + +- + +### Removals + +- + +### Security + +- + + +## [1.4.0] - 2023-12-01 + +### Enhancements + - Users can now pause scan schedules by setting the `ScanSetting.suspend` attribute to `True`. This allows users to suspend a scan, and reactivate it without having to delete and recreate the `ScanSettingBinding`, making it @@ -17,39 +44,48 @@ Versioning](https://semver.org/spec/v2.0.0.html). for more details. - Implemented support for an optional `version` attribute on `Profile` custom resources. +- `Rule` custom resources now contain an annotation + (`compliance.openshift.io/profiles`) that maps the rule to the profiles that + use it, making it easier to understand where a rule is used. The alternative + to this approach would be to query each `Profile` and join all rules. ### Fixes -- Optimize how we check the KubeletConfig rule, we now store the runtime KubeletConfig - in a ConfigMap per node when a node scan is launched. Then, we mount the ConfigMap to - the scanner pod to scan for it. Hold on to applying remediation until all scans are - done in the suite. - This fixes issues when comparing the KubeletConfig for each node. - This also fixes "/api/v1/nodes/NODE_NAME/proxy/configz" warning message in the log. - [OCPBUGS-11037](https://issues.redhat.com/browse/OCPBUGS-11037) - -- Fix api-checks-pod crashes issues caused by outdated MCO dependency, the dependency - bump will enable CO to support Ignition 3.4, and therefore solve the issue. - [OCPBUGS-18025](https://issues.redhat.com/browse/OCPBUGS-18025) +- Optimize how the operator checks `KubeletConfig` rules by storing the runtime + `KubeletConfig` in a `ConfigMap` per node when a node scan is launched. The + `ConfigMap` is then mounted to the scanner pod for evaluation. The operator + will wait to apply `ComplianceRemediation` objects until all scans are + processed. This also fixes issues when comparing the `KubeletConfig` options + for each node, and removes `/api/v1/nodes/NODE_NAME/proxy/configz` warning + messages in the log [OCPBUGS-11037](https://issues.redhat.com/browse/OCPBUGS-11037). +- Fix api-checks-pod crashes issues caused by an outdated Machine Config Operator + dependency. The dependency bump allows the operator to support Ignition 3.4, + and therefore solves the issue [OCPBUGS-18025](https://issues.redhat.com/browse/OCPBUGS-18025). +- Stale `ComplianceCheckResult` resources are now pruned on each rescan + [OCPBUGS-3009](https://issues.redhat.com/browse/OCPBUGS-3009). ### Internal Changes -- - -### Deprecations - -- +- All compatibility code for the `CronJob` beta API has been removed [CMP-2310](https://issues.redhat.com/browse/CMP-2310). ### Removals -- We have reverted commit 9cbf874, which is a fix for OCPBUGS-3864, the fix - is not needed anymore since the issue is fixed when we switched back to - the old way remediate the KubeletConfig. +- We have reverted commit + [9cbf874](https://github.com/ComplianceAsCode/compliance-operator/commit/9cbf874), + which is a fix for + [OCPBUGS-3864](https://issues.redhat.com/browse/OCPBUGS-3864), the fix is not + needed anymore with how `KubeletConfig` rules are processed. -### Security +## [1.3.1] - 2023-10-11 -- +### Fixes + +- Fix an issue caused by outdated Machine Config Operator dependencies where + the API check pod crashes due to Machine Config Operator using newer versions + of Ignition (3.4). + [OCPBUGS-18025](https://issues.redhat.com/browse/OCPBUGS-18025) +## [1.3.0] - 2023-09-11 ## [1.2.0] - 2023-07-21 diff --git a/bundle/manifests/compliance-operator.clusterserviceversion.yaml b/bundle/manifests/compliance-operator.clusterserviceversion.yaml index c36917e36..c75ce1a37 100644 --- a/bundle/manifests/compliance-operator.clusterserviceversion.yaml +++ b/bundle/manifests/compliance-operator.clusterserviceversion.yaml @@ -160,7 +160,7 @@ metadata: ] capabilities: Seamless Upgrades categories: Monitoring,Security - olm.skipRange: '>=0.1.17 <1.2.0' + olm.skipRange: '>=0.1.17 <1.4.0' operatorframework.io/cluster-monitoring: "true" operatorframework.io/suggested-namespace: openshift-compliance operators.openshift.io/infrastructure-features: '["disconnected", "fips", "proxy-aware"]' @@ -174,7 +174,7 @@ metadata: operatorframework.io/arch.amd64: supported operatorframework.io/arch.ppc64le: supported operatorframework.io/arch.s390x: supported - name: compliance-operator.v1.2.0 + name: compliance-operator.v1.4.0 namespace: placeholder spec: apiservicedefinitions: {} @@ -1653,4 +1653,4 @@ spec: name: operator - image: ghcr.io/complianceascode/k8scontent:latest name: profile - version: 1.2.0 + version: 1.4.0 diff --git a/bundle/manifests/compliance.openshift.io_tailoredprofiles.yaml b/bundle/manifests/compliance.openshift.io_tailoredprofiles.yaml index 8fe66582c..f8082883b 100644 --- a/bundle/manifests/compliance.openshift.io_tailoredprofiles.yaml +++ b/bundle/manifests/compliance.openshift.io_tailoredprofiles.yaml @@ -156,6 +156,8 @@ spec: state: description: The current state of the tailored profile type: string + warnings: + type: string type: object type: object served: true diff --git a/catalog/preamble.json b/catalog/preamble.json index 07267c2d5..5aa00e0ff 100644 --- a/catalog/preamble.json +++ b/catalog/preamble.json @@ -13,8 +13,8 @@ "package": "compliance-operator", "entries": [ { - "name": "compliance-operator.v1.2.0", - "skipRange": ">=0.1.17 <1.2.0" + "name": "compliance-operator.v1.4.0", + "skipRange": ">=0.1.17 <1.4.0" } ] } diff --git a/config/manifests/bases/compliance-operator.clusterserviceversion.yaml b/config/manifests/bases/compliance-operator.clusterserviceversion.yaml index 7438b67f8..c2b6e429f 100644 --- a/config/manifests/bases/compliance-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/compliance-operator.clusterserviceversion.yaml @@ -160,7 +160,7 @@ metadata: ] capabilities: Seamless Upgrades categories: Monitoring,Security - olm.skipRange: '>=0.1.17 <1.2.0' + olm.skipRange: '>=0.1.17 <1.4.0' operatorframework.io/cluster-monitoring: "true" operatorframework.io/suggested-namespace: openshift-compliance operators.openshift.io/infrastructure-features: '["disconnected", "fips", "proxy-aware"]' diff --git a/version.Makefile b/version.Makefile index 8fefd974a..5eebdcb2d 100644 --- a/version.Makefile +++ b/version.Makefile @@ -2,4 +2,4 @@ # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) -VERSION?=1.2.0 \ No newline at end of file +VERSION?=1.4.0 \ No newline at end of file diff --git a/version/version.go b/version/version.go index 56bc20cdb..6f3e4ce07 100644 --- a/version/version.go +++ b/version/version.go @@ -1,5 +1,5 @@ package version var ( - Version = "1.2.0" + Version = "1.4.0" )