diff --git a/stable/CA-Security-Assessment-and-Authorization/policy-compliance-operator-install.yaml b/stable/CA-Security-Assessment-and-Authorization/policy-compliance-operator-install.yaml index 414195bb..4f61312f 100644 --- a/stable/CA-Security-Assessment-and-Authorization/policy-compliance-operator-install.yaml +++ b/stable/CA-Security-Assessment-and-Authorization/policy-compliance-operator-install.yaml @@ -32,61 +32,22 @@ spec: metadata: name: openshift-compliance - objectDefinition: - apiVersion: policy.open-cluster-management.io/v1 - kind: ConfigurationPolicy + apiVersion: policy.open-cluster-management.io/v1beta1 + kind: OperatorPolicy metadata: - name: comp-operator-operator-group + name: operatorpolicy-comp-operator spec: - remediationAction: inform # will be overridden by remediationAction in parent policy + remediationAction: inform severity: high - object-templates: - - complianceType: musthave - objectDefinition: - apiVersion: operators.coreos.com/v1 - kind: OperatorGroup - metadata: - name: compliance-operator - namespace: openshift-compliance - spec: - targetNamespaces: - - openshift-compliance - - objectDefinition: - apiVersion: policy.open-cluster-management.io/v1 - kind: ConfigurationPolicy - metadata: - name: comp-operator-subscription - spec: - remediationAction: inform # will be overridden by remediationAction in parent policy - severity: high - object-templates: - - complianceType: musthave - objectDefinition: - apiVersion: operators.coreos.com/v1alpha1 - kind: Subscription - metadata: - name: compliance-operator - namespace: openshift-compliance - spec: - installPlanApproval: Automatic - name: compliance-operator - source: redhat-operators - sourceNamespace: openshift-marketplace - - objectDefinition: - apiVersion: policy.open-cluster-management.io/v1 - kind: ConfigurationPolicy - metadata: - name: comp-operator-status - spec: - remediationAction: inform # will be overridden by remediationAction in parent policy - severity: high - object-templates: - - complianceType: musthave - objectDefinition: - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - namespace: openshift-compliance - spec: - displayName: Compliance Operator - status: - phase: Succeeded # check the csv status to determine if operator is running or not + complianceType: musthave + upgradeApproval: Automatic + operatorGroup: + name: compliance-operator + namespace: openshift-compliance + targetNamespaces: + - openshift-compliance + subscription: + name: compliance-operator + namespace: openshift-compliance + source: redhat-operators + sourceNamespace: openshift-marketplace diff --git a/stable/CM-Configuration-Management/policy-gatekeeper-operator-downstream.yaml b/stable/CM-Configuration-Management/policy-gatekeeper-operator-downstream.yaml index a8eb2ed0..ad7c426b 100644 --- a/stable/CM-Configuration-Management/policy-gatekeeper-operator-downstream.yaml +++ b/stable/CM-Configuration-Management/policy-gatekeeper-operator-downstream.yaml @@ -15,46 +15,21 @@ spec: disabled: false policy-templates: - objectDefinition: - apiVersion: policy.open-cluster-management.io/v1 - kind: ConfigurationPolicy + apiVersion: policy.open-cluster-management.io/v1beta1 + kind: OperatorPolicy metadata: - name: gatekeeper-operator-product-sub + name: operatorpolicy-gatekeeper-operator spec: remediationAction: inform severity: high - object-templates: - - complianceType: musthave - objectDefinition: - apiVersion: operators.coreos.com/v1alpha1 - kind: Subscription - metadata: - name: gatekeeper-operator-product - namespace: openshift-operators - spec: - channel: stable - installPlanApproval: Automatic - name: gatekeeper-operator-product - source: redhat-operators - sourceNamespace: openshift-marketplace - - objectDefinition: - apiVersion: policy.open-cluster-management.io/v1 - kind: ConfigurationPolicy - metadata: - name: gatekeeper-operator-status - spec: - remediationAction: inform - severity: high - object-templates: - - complianceType: musthave - objectDefinition: - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - namespace: openshift-gatekeeper-system - spec: - displayName: Gatekeeper Operator - status: - phase: Succeeded # check the csv status to determine if operator is running or not + complianceType: musthave + upgradeApproval: Automatic + subscription: + channel: stable + name: gatekeeper-operator-product + namespace: openshift-operators + source: redhat-operators + sourceNamespace: openshift-marketplace - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy diff --git a/stable/SI-System-and-Information-Integrity/policy-imagemanifestvuln.yaml b/stable/SI-System-and-Information-Integrity/policy-imagemanifestvuln.yaml index b4d7edf8..94e22ad2 100644 --- a/stable/SI-System-and-Information-Integrity/policy-imagemanifestvuln.yaml +++ b/stable/SI-System-and-Information-Integrity/policy-imagemanifestvuln.yaml @@ -11,46 +11,20 @@ spec: disabled: false policy-templates: - objectDefinition: - apiVersion: policy.open-cluster-management.io/v1 - kind: ConfigurationPolicy + apiVersion: policy.open-cluster-management.io/v1beta1 + kind: OperatorPolicy metadata: - name: policy-imagemanifestvuln-example-sub + name: operatorpolicy-imagemanifestvuln spec: - remediationAction: inform # the policy-template spec.remediationAction is overridden by the preceding parameter value for spec.remediationAction. + remediationAction: inform severity: high - object-templates: - - complianceType: musthave - objectDefinition: - apiVersion: operators.coreos.com/v1alpha1 - kind: Subscription - metadata: - name: container-security-operator - namespace: openshift-operators - spec: - # channel: quay-v3.3 # specify a specific channel if desired - installPlanApproval: Automatic - name: container-security-operator - source: redhat-operators - sourceNamespace: openshift-marketplace - - objectDefinition: - apiVersion: policy.open-cluster-management.io/v1 - kind: ConfigurationPolicy - metadata: - name: policy-imagemanifestvuln-status - spec: - remediationAction: inform # will be overridden by remediationAction in parent policy - severity: high - object-templates: - - complianceType: musthave - objectDefinition: - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - namespace: openshift-operators - spec: - displayName: Red Hat Quay Container Security Operator - status: - phase: Succeeded # check the csv status to determine if operator is running or not + complianceType: musthave + upgradeApproval: Automatic + subscription: + name: container-security-operator + namespace: openshift-operators + source: redhat-operators + sourceNamespace: openshift-marketplace - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy @@ -60,8 +34,8 @@ spec: remediationAction: inform # the policy-template spec.remediationAction is overridden by the preceding parameter value for spec.remediationAction. severity: high namespaceSelector: - exclude: ["kube-*"] - include: ["*"] + exclude: ['kube-*'] + include: ['*'] object-templates: - complianceType: mustnothave # mustnothave any ImageManifestVuln object objectDefinition: