Skip to content

Remove deprecated CIS OpenShift 1.4.0 and 1.5.0 profiles#13832

Merged
yuumasato merged 4 commits into
ComplianceAsCode:masterfrom
rhmdnd:CMP-3713
Sep 1, 2025
Merged

Remove deprecated CIS OpenShift 1.4.0 and 1.5.0 profiles#13832
yuumasato merged 4 commits into
ComplianceAsCode:masterfrom
rhmdnd:CMP-3713

Conversation

@rhmdnd
Copy link
Copy Markdown
Collaborator

@rhmdnd rhmdnd commented Aug 28, 2025

  • CMP-3713: Remove CIS OpenShift 1.4.0 Profiles
  • CMP-3714: Remove CIS OpenShift 1.5.0 Profiles
  • Rename cis_ocp_1_4_0 to cis_ocp_1_7_0

@rhmdnd rhmdnd changed the title CMP 3713 Remove deprecated CIS OpenShift 1.4.0 and 1.5.0 profiles Aug 28, 2025
rhmdnd added 3 commits August 28, 2025 14:23
@rhmdnd
CMP-3713: Remove CIS OpenShift 1.4.0 Profiles
bb9a175 
These were deprecated last release, and we're removing them in favor of
the newer profile (1.7.0).
@rhmdnd
CMP-3714: Remove CIS OpenShift 1.5.0 Profiles
285dc62 
These were deprecated last release, and we're removing them in favor of
the newer profile (1.7.0).
@rhmdnd
Rename cis_ocp_1_4_0 to cis_ocp_1_7_0
c72bcd6 
Since we're removing the old profile, let's also change the control
organization so that it doesn't reference an old profile.
@rhmdnd
Copy link
Copy Markdown
Collaborator Author

rhmdnd commented Aug 28, 2025

@Mab879 Do you know if there is a way to exclude yamllint checks on profiles we're removing?

Run for profile_file in $(cat filenames.txt | grep "\.profile"); do
Running yamllint on products/ocp4/profiles/cis-1-4.profile...
[Errno 2] No such file or directory: 'products/ocp4/profiles/cis-1-4.profile'
Error: Process completed with exit code 255.

CI linter is failing because it can't lint a file we've removed.

@Mab879 Mab879 added this to the 0.1.79 milestone Aug 28, 2025
@Mab879
Copy link
Copy Markdown
Member

Mab879 commented Aug 28, 2025

The way the check works is rather naive, something we can improve later. In the meantime, since it isn't a required check we can just merge as is.

@xiaojiey
Copy link
Copy Markdown
Collaborator

xiaojiey commented Aug 29, 2025

cis 1.40 and cis 1.5.0 have been removed

% oc get profile.compliance | grep -i upstream | grep -i cis
upstream-ocp4-cis                   5m39s   1.7.0
upstream-ocp4-cis-1-7               5m40s   1.7.0
upstream-ocp4-cis-node              5m40s   1.7.0
upstream-ocp4-cis-node-1-7          5m40s   1.7.0

yuumasato
yuumasato reviewed Aug 29, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@yuumasato yuumasato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great.
I just have a small nit pick.

Comment thread controls/cis_ocp_1_7_0.yml
@yuumasato yuumasato added OpenShift OpenShift product related. CIS CIS Benchmark related. labels Aug 29, 2025
@rhmdnd
Remove CIS version from OCP profile name
5e97d9e 
We can make maintaining this profile a little easier on ourselves by
removing the version from the name. The version is already encapsulated
as part of the profile data.
@yuumasato yuumasato self-assigned this Sep 1, 2025
@yuumasato yuumasato merged commit eea229b into ComplianceAsCode:master Sep 1, 2025
131 of 132 checks passed
@sync-cac-oscal-bot sync-cac-oscal-bot Bot mentioned this pull request Sep 1, 2025
Merged
@jan-cerny jan-cerny added the Highlight This PR/Issue should make it to the featured changelog. label Nov 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yuumasato yuumasato yuumasato approved these changes

@Vincent056 Vincent056 Awaiting requested review from Vincent056

@Anna-Koudelkova Anna-Koudelkova Awaiting requested review from Anna-Koudelkova

Assignees

@yuumasato yuumasato

Labels

CIS CIS Benchmark related. Highlight This PR/Issue should make it to the featured changelog. OpenShift OpenShift product related.

Projects

None yet

Milestone

0.1.79

Development

Successfully merging this pull request may close these issues.

5 participants

@rhmdnd @Mab879 @xiaojiey @yuumasato @jan-cerny