content icon indicating copy to clipboard operation
content copied to clipboard
verified publisher icon ComplianceAsCode

Fix issue with ambiguity of control product

Open teacup-on-rockingchair opened this issue 1 year ago • 6 comments

Description:

  • Fix issue with ambiguity of control product and partial match of product names vs product specific controls

Rationale:

  • When product member is initialized during loading of yaml file it could be ambiguously created as a string, when control is specific for only one product or list when multiple products are specified in the yaml. The problem with partial match of product names comes later in the add_references method, where the current product of the build is matched vs the control product, and the condition used is product not in self.product.
  • In case of list this condition will check if any of the members of the list is exact match to the product.
  • In case of string though, which is the more common case it will check if the string of the product name, for which we are building is partially matched (contained) in the self.product.

Fixes:

  • The issue was found while analyzing complaint from a contributor Joel Njanga(@barbarello), while he was trying to add support for al2 platform and it was conflicting with existing platform al2023. The discussion can be seen in the gitter/matrix discussion channel

teacup-on-rockingchair avatar Oct 02 '24 07:10 teacup-on-rockingchair

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment Open in Gitpod

Oracle Linux 8 Environment Open in Gitpod

github-actions[bot] avatar Oct 02 '24 07:10 github-actions[bot]

:robot: A k8s content image for this PR is available at: ghcr.io/complianceascode/k8scontent:12454 This image was built from commit: 83eaa2100cbeb50ce03771cea2eb09dd505c7a87

Click here to see how to deploy it

If you alread have Compliance Operator deployed: utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:12454

Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and: CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:12454 make deploy-local

github-actions[bot] avatar Oct 02 '24 08:10 github-actions[bot]

Thanks for the pull request. It appears that the CI failures on the Python Unit tests are valid. Please take look.

If you need any help please let us know.

Mab879 avatar Oct 02 '24 20:10 Mab879

Thanks for the pull request. It appears that the CI failures on the Python Unit tests are valid. Please take look.

If you need any help please let us know.

Thanks @Mab879 missed to include the consideration if product remains None

teacup-on-rockingchair avatar Oct 03 '24 07:10 teacup-on-rockingchair

@teacup-on-rockingchair Excellent catch!

I think it was originally designed as a filed that should contain just a single product but then it evolved. Unfortunately, at this moment it isn't well handled.

Please update this documentation: https://github.com/ComplianceAsCode/content/blob/b844c6328f5f5cbd897b2a48dfce71b31accb57f/docs/manual/developer/03_creating_content.md?plain=1#L980

Also, consider renaming it to "products" and enforcing it being a list.

jan-cerny avatar Oct 09 '24 08:10 jan-cerny

Code Climate has analyzed commit adf59e61 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 60.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 60.9% (1.3% change).

View more on Code Climate.

qlty-cloud-legacy[bot] avatar Oct 27 '24 15:10 qlty-cloud-legacy[bot]