Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Compliance Workflow #219

Open
wants to merge 21 commits into
base: main
Choose a base branch
from
Open

Add Compliance Workflow #219

wants to merge 21 commits into from

Conversation

l3acon
Copy link
Collaborator

@l3acon l3acon commented Jan 29, 2025

These are some simple additions to the Linux / Compliance jobs we already have:

  • display report URL for generated reports
  • tag ec2 instances with _OUT_OF_COMPLIANCE if they are out of compliance and add relevant keyed_group to the AWS inventory
  • workflow combining the compliance report, tag/inventory sync, and the compliance enforce JT

jce-redhat
jce-redhat requested changes Jan 31, 2025
View reviewed changes
cloud/setup.yml Show resolved Hide resolved
linux/compliance.yml Outdated
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i don't think we should remove this playbook/job template, because it is meant to demo something slightly different than the multi-compliance demo. this one uses the DISA supplemental content, which among other things runs much faster than the ComplianceAsCode roles, so a) it allows folks to talk to multiple options for compliance content, and b) as it is faster this job can be run live in a short period of time, unlike the multi-compliance demo which takes much longer.

this will have a cascading effect, anywhere else where the related job template is changed/removed, those changes will need to be undone as well.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, that's fine I was just confused why there seemed to be duplicated.

collections/ansible_collections/demo/cloud/roles/aws/tasks/resize_ec2.yml Show resolved Hide resolved
jce-redhat
jce-redhat reviewed Jan 31, 2025
View reviewed changes
Copy link
Collaborator

@jce-redhat jce-redhat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changes look good. is the instance resize still part of the new compliance workflow?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jce-redhat jce-redhat jce-redhat requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@l3acon @jce-redhat