diff --git a/charts/hub/compliance-operator/Chart.yaml b/charts/hub/compliance-operator/Chart.yaml new file mode 100644 index 00000000..2f623d3e --- /dev/null +++ b/charts/hub/compliance-operator/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: openshift-compliance-operator +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.0.0" diff --git a/charts/hub/compliance-operator/templates/scansettingbinding-ocp4-high-node.yaml b/charts/hub/compliance-operator/templates/scansettingbinding-ocp4-high-node.yaml new file mode 100644 index 00000000..1697c83f --- /dev/null +++ b/charts/hub/compliance-operator/templates/scansettingbinding-ocp4-high-node.yaml @@ -0,0 +1,13 @@ +apiVersion: compliance.openshift.io/v1alpha1 +kind: ScanSettingBinding +metadata: + name: ocp4-high-node + namespace: openshift-compliance +profiles: +- apiGroup: compliance.openshift.io/v1alpha1 + kind: Profile + name: ocp4-high-node +settingsRef: + apiGroup: compliance.openshift.io/v1alpha1 + kind: ScanSetting + name: default diff --git a/charts/hub/compliance-operator/templates/scansettingbinding-ocp4-high.yaml b/charts/hub/compliance-operator/templates/scansettingbinding-ocp4-high.yaml new file mode 100644 index 00000000..37b556ac --- /dev/null +++ b/charts/hub/compliance-operator/templates/scansettingbinding-ocp4-high.yaml @@ -0,0 +1,13 @@ +apiVersion: compliance.openshift.io/v1alpha1 +kind: ScanSettingBinding +metadata: + name: ocp4-high + namespace: openshift-compliance +profiles: +- apiGroup: compliance.openshift.io/v1alpha1 + kind: Profile + name: ocp4-high +settingsRef: + apiGroup: compliance.openshift.io/v1alpha1 + kind: ScanSetting + name: default diff --git a/charts/hub/compliance-operator/templates/scansettingbinding-rhcos4-nist-high.yaml b/charts/hub/compliance-operator/templates/scansettingbinding-rhcos4-nist-high.yaml new file mode 100644 index 00000000..9aff5626 --- /dev/null +++ b/charts/hub/compliance-operator/templates/scansettingbinding-rhcos4-nist-high.yaml @@ -0,0 +1,13 @@ +apiVersion: compliance.openshift.io/v1alpha1 +kind: ScanSettingBinding +metadata: + name: rhcos4-nist-high + namespace: openshift-compliance +profiles: +- apiGroup: compliance.openshift.io/v1alpha1 + kind: Profile + name: rhcos4-high +settingsRef: + apiGroup: compliance.openshift.io/v1alpha1 + kind: ScanSetting + name: default diff --git a/charts/hub/compliance-operator/values.yaml b/charts/hub/compliance-operator/values.yaml new file mode 100644 index 00000000..31de9a49 --- /dev/null +++ b/charts/hub/compliance-operator/values.yaml @@ -0,0 +1,3 @@ +# Default values for container-security-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. diff --git a/tests/hub-compliance-operator-industrial-edge-factory.expected.yaml b/tests/hub-compliance-operator-industrial-edge-factory.expected.yaml new file mode 100644 index 00000000..bf0b3e25 --- /dev/null +++ b/tests/hub-compliance-operator-industrial-edge-factory.expected.yaml @@ -0,0 +1,45 @@ +--- +# Source: openshift-compliance-operator/templates/scansettingbinding-ocp4-high-node.yaml +apiVersion: compliance.openshift.io/v1alpha1 +kind: ScanSettingBinding +metadata: + name: ocp4-high-node + namespace: openshift-compliance +profiles: +- apiGroup: compliance.openshift.io/v1alpha1 + kind: Profile + name: ocp4-high-node +settingsRef: + apiGroup: compliance.openshift.io/v1alpha1 + kind: ScanSetting + name: default +--- +# Source: openshift-compliance-operator/templates/scansettingbinding-ocp4-high.yaml +apiVersion: compliance.openshift.io/v1alpha1 +kind: ScanSettingBinding +metadata: + name: ocp4-high + namespace: openshift-compliance +profiles: +- apiGroup: compliance.openshift.io/v1alpha1 + kind: Profile + name: ocp4-high +settingsRef: + apiGroup: compliance.openshift.io/v1alpha1 + kind: ScanSetting + name: default +--- +# Source: openshift-compliance-operator/templates/scansettingbinding-rhcos4-nist-high.yaml +apiVersion: compliance.openshift.io/v1alpha1 +kind: ScanSettingBinding +metadata: + name: rhcos4-nist-high + namespace: openshift-compliance +profiles: +- apiGroup: compliance.openshift.io/v1alpha1 + kind: Profile + name: rhcos4-high +settingsRef: + apiGroup: compliance.openshift.io/v1alpha1 + kind: ScanSetting + name: default diff --git a/tests/hub-compliance-operator-industrial-edge-hub.expected.yaml b/tests/hub-compliance-operator-industrial-edge-hub.expected.yaml new file mode 100644 index 00000000..bf0b3e25 --- /dev/null +++ b/tests/hub-compliance-operator-industrial-edge-hub.expected.yaml @@ -0,0 +1,45 @@ +--- +# Source: openshift-compliance-operator/templates/scansettingbinding-ocp4-high-node.yaml +apiVersion: compliance.openshift.io/v1alpha1 +kind: ScanSettingBinding +metadata: + name: ocp4-high-node + namespace: openshift-compliance +profiles: +- apiGroup: compliance.openshift.io/v1alpha1 + kind: Profile + name: ocp4-high-node +settingsRef: + apiGroup: compliance.openshift.io/v1alpha1 + kind: ScanSetting + name: default +--- +# Source: openshift-compliance-operator/templates/scansettingbinding-ocp4-high.yaml +apiVersion: compliance.openshift.io/v1alpha1 +kind: ScanSettingBinding +metadata: + name: ocp4-high + namespace: openshift-compliance +profiles: +- apiGroup: compliance.openshift.io/v1alpha1 + kind: Profile + name: ocp4-high +settingsRef: + apiGroup: compliance.openshift.io/v1alpha1 + kind: ScanSetting + name: default +--- +# Source: openshift-compliance-operator/templates/scansettingbinding-rhcos4-nist-high.yaml +apiVersion: compliance.openshift.io/v1alpha1 +kind: ScanSettingBinding +metadata: + name: rhcos4-nist-high + namespace: openshift-compliance +profiles: +- apiGroup: compliance.openshift.io/v1alpha1 + kind: Profile + name: rhcos4-high +settingsRef: + apiGroup: compliance.openshift.io/v1alpha1 + kind: ScanSetting + name: default diff --git a/tests/hub-compliance-operator-medical-diagnosis-hub.expected.yaml b/tests/hub-compliance-operator-medical-diagnosis-hub.expected.yaml new file mode 100644 index 00000000..bf0b3e25 --- /dev/null +++ b/tests/hub-compliance-operator-medical-diagnosis-hub.expected.yaml @@ -0,0 +1,45 @@ +--- +# Source: openshift-compliance-operator/templates/scansettingbinding-ocp4-high-node.yaml +apiVersion: compliance.openshift.io/v1alpha1 +kind: ScanSettingBinding +metadata: + name: ocp4-high-node + namespace: openshift-compliance +profiles: +- apiGroup: compliance.openshift.io/v1alpha1 + kind: Profile + name: ocp4-high-node +settingsRef: + apiGroup: compliance.openshift.io/v1alpha1 + kind: ScanSetting + name: default +--- +# Source: openshift-compliance-operator/templates/scansettingbinding-ocp4-high.yaml +apiVersion: compliance.openshift.io/v1alpha1 +kind: ScanSettingBinding +metadata: + name: ocp4-high + namespace: openshift-compliance +profiles: +- apiGroup: compliance.openshift.io/v1alpha1 + kind: Profile + name: ocp4-high +settingsRef: + apiGroup: compliance.openshift.io/v1alpha1 + kind: ScanSetting + name: default +--- +# Source: openshift-compliance-operator/templates/scansettingbinding-rhcos4-nist-high.yaml +apiVersion: compliance.openshift.io/v1alpha1 +kind: ScanSettingBinding +metadata: + name: rhcos4-nist-high + namespace: openshift-compliance +profiles: +- apiGroup: compliance.openshift.io/v1alpha1 + kind: Profile + name: rhcos4-high +settingsRef: + apiGroup: compliance.openshift.io/v1alpha1 + kind: ScanSetting + name: default diff --git a/tests/hub-compliance-operator-naked.expected.yaml b/tests/hub-compliance-operator-naked.expected.yaml new file mode 100644 index 00000000..bf0b3e25 --- /dev/null +++ b/tests/hub-compliance-operator-naked.expected.yaml @@ -0,0 +1,45 @@ +--- +# Source: openshift-compliance-operator/templates/scansettingbinding-ocp4-high-node.yaml +apiVersion: compliance.openshift.io/v1alpha1 +kind: ScanSettingBinding +metadata: + name: ocp4-high-node + namespace: openshift-compliance +profiles: +- apiGroup: compliance.openshift.io/v1alpha1 + kind: Profile + name: ocp4-high-node +settingsRef: + apiGroup: compliance.openshift.io/v1alpha1 + kind: ScanSetting + name: default +--- +# Source: openshift-compliance-operator/templates/scansettingbinding-ocp4-high.yaml +apiVersion: compliance.openshift.io/v1alpha1 +kind: ScanSettingBinding +metadata: + name: ocp4-high + namespace: openshift-compliance +profiles: +- apiGroup: compliance.openshift.io/v1alpha1 + kind: Profile + name: ocp4-high +settingsRef: + apiGroup: compliance.openshift.io/v1alpha1 + kind: ScanSetting + name: default +--- +# Source: openshift-compliance-operator/templates/scansettingbinding-rhcos4-nist-high.yaml +apiVersion: compliance.openshift.io/v1alpha1 +kind: ScanSettingBinding +metadata: + name: rhcos4-nist-high + namespace: openshift-compliance +profiles: +- apiGroup: compliance.openshift.io/v1alpha1 + kind: Profile + name: rhcos4-high +settingsRef: + apiGroup: compliance.openshift.io/v1alpha1 + kind: ScanSetting + name: default diff --git a/tests/hub-compliance-operator-normal.expected.yaml b/tests/hub-compliance-operator-normal.expected.yaml new file mode 100644 index 00000000..bf0b3e25 --- /dev/null +++ b/tests/hub-compliance-operator-normal.expected.yaml @@ -0,0 +1,45 @@ +--- +# Source: openshift-compliance-operator/templates/scansettingbinding-ocp4-high-node.yaml +apiVersion: compliance.openshift.io/v1alpha1 +kind: ScanSettingBinding +metadata: + name: ocp4-high-node + namespace: openshift-compliance +profiles: +- apiGroup: compliance.openshift.io/v1alpha1 + kind: Profile + name: ocp4-high-node +settingsRef: + apiGroup: compliance.openshift.io/v1alpha1 + kind: ScanSetting + name: default +--- +# Source: openshift-compliance-operator/templates/scansettingbinding-ocp4-high.yaml +apiVersion: compliance.openshift.io/v1alpha1 +kind: ScanSettingBinding +metadata: + name: ocp4-high + namespace: openshift-compliance +profiles: +- apiGroup: compliance.openshift.io/v1alpha1 + kind: Profile + name: ocp4-high +settingsRef: + apiGroup: compliance.openshift.io/v1alpha1 + kind: ScanSetting + name: default +--- +# Source: openshift-compliance-operator/templates/scansettingbinding-rhcos4-nist-high.yaml +apiVersion: compliance.openshift.io/v1alpha1 +kind: ScanSettingBinding +metadata: + name: rhcos4-nist-high + namespace: openshift-compliance +profiles: +- apiGroup: compliance.openshift.io/v1alpha1 + kind: Profile + name: rhcos4-high +settingsRef: + apiGroup: compliance.openshift.io/v1alpha1 + kind: ScanSetting + name: default diff --git a/values-hub.yaml b/values-hub.yaml index a9ae7b07..2270b536 100644 --- a/values-hub.yaml +++ b/values-hub.yaml @@ -9,6 +9,7 @@ clusterGroup: - open-cluster-management - vault - golang-external-secrets + - openshift-compliance - rhacs-operator - stackrox - policies @@ -41,6 +42,10 @@ clusterGroup: name: quay-operator namespace: openshift-operators + openshift-compliance: + name: compliance-operator + namespace: openshift-compliance + # The following section is used by # OpenShift GitOps (ArgoCD) # Projects are just ArgoCD groupings that can be filtered on. @@ -61,6 +66,12 @@ clusterGroup: jsonPointers: - /spec/loggingCA + openshift-compliance: + name: compliance-operator + namespace: openshift-compliance + project: hub + path: charts/hub/compliance-operator + acs-central: name: acs-central namespace: stackrox