CMP-2130: Implement support for profile versioning

This commit adds support for an optional version attribute for Profile custom resources. This attribute is parsed out of the datastream and set on the Profile by the compliance operator. It's not intended for end users to supply their own version. Future patches may expand on this concept to support multiple versions of a single profile.
ComplianceAsCode · Sep 29, 2023 · cd968f6 · cd968f6
1 parent 351e6ef
commit cd968f6
Show file tree

Hide file tree

Showing 15 changed files with 32 additions and 14 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,7 +9,8 @@ Versioning](https://semver.org/spec/v2.0.0.html).
 
 ### Enhancements
 
--
+- Implemented support for an optional `version` attribute on `Profile` custom
+  resources.
 
 ### Fixes
 

diff --git a/config/crd/bases/compliance.openshift.io_compliancecheckresults.yaml b/config/crd/bases/compliance.openshift.io_compliancecheckresults.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.0
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: compliancecheckresults.compliance.openshift.io
 spec:
   group: compliance.openshift.io

diff --git a/config/crd/bases/compliance.openshift.io_complianceremediations.yaml b/config/crd/bases/compliance.openshift.io_complianceremediations.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.0
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: complianceremediations.compliance.openshift.io
 spec:
   group: compliance.openshift.io

diff --git a/config/crd/bases/compliance.openshift.io_compliancescans.yaml b/config/crd/bases/compliance.openshift.io_compliancescans.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.0
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: compliancescans.compliance.openshift.io
 spec:
   group: compliance.openshift.io

diff --git a/config/crd/bases/compliance.openshift.io_compliancesuites.yaml b/config/crd/bases/compliance.openshift.io_compliancesuites.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.0
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: compliancesuites.compliance.openshift.io
 spec:
   group: compliance.openshift.io

diff --git a/config/crd/bases/compliance.openshift.io_profilebundles.yaml b/config/crd/bases/compliance.openshift.io_profilebundles.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.0
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: profilebundles.compliance.openshift.io
 spec:
   group: compliance.openshift.io

diff --git a/config/crd/bases/compliance.openshift.io_profiles.yaml b/config/crd/bases/compliance.openshift.io_profiles.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.0
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: profiles.compliance.openshift.io
 spec:
   group: compliance.openshift.io
@@ -17,7 +17,11 @@ spec:
     singular: profile
   scope: Namespaced
   versions:
-  - name: v1alpha1
+  - additionalPrinterColumns:
+    - jsonPath: .version
+      name: Version
+      type: string
+    name: v1alpha1
     schema:
       openAPIV3Schema:
         description: Profile is the Schema for the profiles API
@@ -55,10 +59,13 @@ spec:
             nullable: true
             type: array
             x-kubernetes-list-type: atomic
+          version:
+            type: string
         required:
         - description
         - id
         - title
         type: object
     served: true
     storage: true
+    subresources: {}
diff --git a/config/crd/bases/compliance.openshift.io_rules.yaml b/config/crd/bases/compliance.openshift.io_rules.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.0
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: rules.compliance.openshift.io
 spec:
   group: compliance.openshift.io

diff --git a/config/crd/bases/compliance.openshift.io_scansettingbindings.yaml b/config/crd/bases/compliance.openshift.io_scansettingbindings.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.0
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: scansettingbindings.compliance.openshift.io
 spec:
   group: compliance.openshift.io

diff --git a/config/crd/bases/compliance.openshift.io_scansettings.yaml b/config/crd/bases/compliance.openshift.io_scansettings.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.0
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: scansettings.compliance.openshift.io
 spec:
   group: compliance.openshift.io

diff --git a/config/crd/bases/compliance.openshift.io_tailoredprofiles.yaml b/config/crd/bases/compliance.openshift.io_tailoredprofiles.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.0
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: tailoredprofiles.compliance.openshift.io
 spec:
   group: compliance.openshift.io

diff --git a/config/crd/bases/compliance.openshift.io_variables.yaml b/config/crd/bases/compliance.openshift.io_variables.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.0
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: variables.compliance.openshift.io
 spec:
   group: compliance.openshift.io

diff --git a/pkg/apis/compliance/v1alpha1/profile_types.go b/pkg/apis/compliance/v1alpha1/profile_types.go
@@ -35,12 +35,15 @@ type ProfilePayload struct {
 	// +optional
 	// +listType=atomic
 	Values []ProfileValue `json:"values,omitempty"`
+	// +optional
+	Version string `json:"version"`
 }
 
 // +kubebuilder:object:root=true
 
 // Profile is the Schema for the profiles API
 // +kubebuilder:resource:path=profiles,scope=Namespaced,shortName=profs;prof
+// +kubebuilder:printcolumn:name="Version",type="string",JSONPath=`.version`
 type Profile struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

diff --git a/pkg/apis/compliance/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/compliance/v1alpha1/zz_generated.deepcopy.go
diff --git a/pkg/profileparser/profileparser.go b/pkg/profileparser/profileparser.go
@@ -311,6 +311,13 @@ func parseProfileFromNode(profileRoot *xmlquery.Node, pb *cmpv1alpha1.ProfileBun
 		if description == nil {
 			return LogAndReturnError("no description in profile")
 		}
+		v := profileObj.SelectElement("xccdf-1.2:version")
+		var version string
+		if v != nil {
+			version = v.InnerText()
+		} else {
+			version = ""
+		}
 		log.Info("Found profile", "id", id)
 
 		// In case the profile sets its own CPE string
@@ -362,6 +369,7 @@ func parseProfileFromNode(profileRoot *xmlquery.Node, pb *cmpv1alpha1.ProfileBun
 				Description: utils.XmlNodeAsMarkdown(description),
 				Rules:       selectedrules,
 				Values:      selectedvalues,
+				Version:     version,
 			},
 		}