compliance-operator icon indicating copy to clipboard operation
compliance-operator copied to clipboard

Published 20 hours ago verified publisher icon ComplianceAsCode

CMP-2614: Implement update timestamps on ComplianceCheckResults

Open Vincent056 opened this issue 6 months ago • 9 comments

Adding the lastscanned timestamp annotation in each complianceCheckResult, added annotation compliance.openshift.io/last-scanned-timestamp with a value equal to scan.status.StartTimestamp

example of CCR

kind: ComplianceCheckResult
metadata:
  annotations:
    compliance.openshift.io/last-scanned-timestamp: "2024-08-15T04:26:11Z"
    compliance.openshift.io/rule: scc-limit-root-containers
  creationTimestamp: "2024-08-15T04:26:43Z"
  generation: 1
  labels:
    compliance.openshift.io/check-severity: medium
    compliance.openshift.io/check-status: MANUAL
    compliance.openshift.io/profile-guid: a230315d-3e4a-5b58-b00f-f96f1553e036
    compliance.openshift.io/scan-name: ocp4-cis
    compliance.openshift.io/suite: ocp4-cis-ssb
  name: ocp4-cis-scc-limit-root-containers
  namespace: openshift-compliance

[vincent@node compliance-operator]$ oc get scan ocp4-cis -o yaml
apiVersion: compliance.openshift.io/v1alpha1
kind: ComplianceScan
metadata:
  creationTimestamp: "2024-08-15T04:26:10Z"
  finalizers:
  - scan.finalizers.compliance.openshift.io
  generation: 1
  labels:
    compliance.openshift.io/profile-guid: a230315d-3e4a-5b58-b00f-f96f1553e036
    compliance.openshift.io/suite: ocp4-cis-ssb
  name: ocp4-cis
  namespace: openshift-compliance
  ownerReferences:
  - apiVersion: compliance.openshift.io/v1alpha1
    blockOwnerDeletion: true
    controller: true
    kind: ComplianceSuite
    name: ocp4-cis-ssb
    uid: b80577a9-de77-4b7f-af6c-cfb7eee7e36f
  resourceVersion: "5290391"
  uid: 7abb45d7-1a61-491a-bbc1-306406d75e04
spec:
  content: ssg-ocp4-ds.xml
  contentImage: ghcr.io/complianceascode/k8scontent:latest
  maxRetryOnTimeout: 3
  profile: xccdf_org.ssgproject.content_profile_cis
  rawResultStorage:
    nodeSelector:
      node-role.kubernetes.io/master: ""
    pvAccessModes:
    - ReadWriteOnce
    rotation: 3
    size: 1Gi
    tolerations:
    - effect: NoSchedule
      key: node-role.kubernetes.io/master
      operator: Exists
    - effect: NoExecute
      key: node.kubernetes.io/not-ready
      operator: Exists
      tolerationSeconds: 300
    - effect: NoExecute
      key: node.kubernetes.io/unreachable
      operator: Exists
      tolerationSeconds: 300
    - effect: NoSchedule
      key: node.kubernetes.io/memory-pressure
      operator: Exists
  scanTolerations:
  - operator: Exists
  scanType: Platform
  showNotApplicable: false
  strictNodeScan: true
  timeout: 30m
status:
  conditions:
  - lastTransitionTime: "2024-08-15T04:26:14Z"
    message: Compliance scan run is running the scans
    reason: Running
    status: "True"
    type: Processing
  - lastTransitionTime: "2024-08-15T04:26:11Z"
    message: Compliance scan doesn't have results yet
    reason: Processing
    status: "False"
    type: Ready
  phase: AGGREGATING
  remainingRetries: 3
  result: NOT-AVAILABLE
  resultsStorage:
    name: ocp4-cis
    namespace: openshift-compliance
  startTimestamp: "2024-08-15T04:26:11Z"

Vincent056 avatar Aug 15 '24 01:08 Vincent056