content
content copied to clipboard
ComplianceAsCode
Make package installation for iptables and nftables mutually exclusive
Description:
- Make package installation rules for iptables and nftables mutually exclusive
Rationale:
- nftables related rule rely on nftables package being installed, same is valid for iptables related rules, but the package_installed rules do not reflect the conflict between the two approaches so remediation of one package_installed_ rule breaks the other dependant rules and vice versa
Review Hints:
-
Review hints here. Replace this text. Don't use the italics format!
-
Use this optional section to give any relevant information which could help the reviewer to more quickly and assertively understand and test the changes.
-
Good examples are useful commands, if it is better to review all commits together or in a suggested sequence, any relevant discussion in other PRs or issues, etc.
Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all
![openshift-ci[bot] avatar](https://avatars.githubusercontent.com/in/91280?v=4 "Published by a pub.dev verified publisher"){kind=small}
Start a new ephemeral environment with changes proposed in this pull request:
Fedora Environment
Oracle Linux 8 Environment
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@teacup-on-rockingchair , do you have plans for this PR?
I believe that using the same approach as in https://github.com/ComplianceAsCode/content/pull/10812, where the applicability was treated in service level instead of package level, should make this PR good to be merged.
ping @teacup-on-rockingchair : )
re :)
I am working on a solution that would use profile interactive variable for this problem. For now will apply to SLE only , today I think I will be able to publish it at least as a draft I was just having doubts if to use this PR or new one.
ping @teacup-on-rockingchair : )
re :)
I am working on a solution that would use profile interactive variable for this problem. For now will apply to SLE only , today I think I will be able to publish it at least as a draft I was just having doubts if to use this PR or new one.
Thanks for the update. All fine so. Take your time. :)
Regarding this PR, I believe it is almost ready to be merged with minor changes in the platform, as I mentioned here.
So, maybe it would be still valid to make these minor changes and merge this PR. Then you could open another PR to introduce this interactive variable. What do you think?
:robot: A k8s content image for this PR is available at:
ghcr.io/complianceascode/k8scontent:11191
This image was built from commit: 77390db768ddfb2284461a4563b5729a8d9961ca
Click here to see how to deploy it
If you alread have Compliance Operator deployed:
utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:11191
Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and:
CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:11191 make deploy-local
Code Climate has analyzed commit 77390db7 and detected 0 issues on this pull request.
The test coverage on the diff in this pull request is 100.0% (50% is the threshold).
This pull request will bring the total coverage in the repository to 59.2% (0.0% change).
View more on Code Climate.
![qlty-cloud-legacy[bot] avatar](https://avatars.githubusercontent.com/in/9403?v=4 "Published by a pub.dev verified publisher"){kind=small}