Release v1.4.0

CHANGELOG.md

@@ -9,6 +9,33 @@ Versioning](https://semver.org/spec/v2.0.0.html).
 
 ### Enhancements
 
+-
+
+### Fixes
+
+-
+
+### Internal Changes
+
+-
+
+### Deprecations
+
+-
+
+### Removals
+
+-
+
+### Security
+
+-
+
+
+## [1.4.0] - 2023-12-01
+
+### Enhancements
+
 - Users can now pause scan schedules by setting the `ScanSetting.suspend`
   attribute to `True`. This allows users to suspend a scan, and reactivate it
   without having to delete and recreate the `ScanSettingBinding`, making it
@@ -17,39 +44,48 @@ Versioning](https://semver.org/spec/v2.0.0.html).
   for more details.
 - Implemented support for an optional `version` attribute on `Profile` custom
   resources.
+- `Rule` custom resources now contain an annotation
+  (`compliance.openshift.io/profiles`) that maps the rule to the profiles that
+  use it, making it easier to understand where a rule is used. The alternative
+  to this approach would be to query each `Profile` and join all rules.
 
 ### Fixes
 
-- Optimize how we check the KubeletConfig rule, we now store the runtime KubeletConfig
-  in a ConfigMap per node when a node scan is launched. Then, we mount the ConfigMap to
-  the scanner pod to scan for it. Hold on to applying remediation until all scans are 
-  done in the suite.
-  This fixes issues when comparing the KubeletConfig for each node.
-  This also fixes "/api/v1/nodes/NODE_NAME/proxy/configz" warning message in the log.
-  [OCPBUGS-11037](https://issues.redhat.com/browse/OCPBUGS-11037)
-
-- Fix api-checks-pod crashes issues caused by outdated MCO dependency, the dependency
-  bump will enable CO to support Ignition 3.4, and therefore solve the issue. 
-  [OCPBUGS-18025](https://issues.redhat.com/browse/OCPBUGS-18025)
+- Optimize how the operator checks `KubeletConfig` rules by storing the runtime
+  `KubeletConfig` in a `ConfigMap` per node when a node scan is launched. The
+  `ConfigMap` is then mounted to the scanner pod for evaluation. The operator
+  will wait to apply `ComplianceRemediation` objects until all scans are
+  processed. This also fixes issues when comparing the `KubeletConfig` options
+  for each node, and removes `/api/v1/nodes/NODE_NAME/proxy/configz` warning
+  messages in the log [OCPBUGS-11037](https://issues.redhat.com/browse/OCPBUGS-11037).
+- Fix api-checks-pod crashes issues caused by an outdated Machine Config Operator
+  dependency. The dependency bump allows the operator to support Ignition 3.4,
+  and therefore solves the issue [OCPBUGS-18025](https://issues.redhat.com/browse/OCPBUGS-18025).
+- Stale `ComplianceCheckResult` resources are now pruned on each rescan
+  [OCPBUGS-3009](https://issues.redhat.com/browse/OCPBUGS-3009).
 
 ### Internal Changes
 
--
-
-### Deprecations
-
--
+- All compatibility code for the `CronJob` beta API has been removed [CMP-2310](https://issues.redhat.com/browse/CMP-2310).
 
 ### Removals
 
-- We have reverted commit 9cbf874, which is a fix for OCPBUGS-3864, the fix
-  is not needed anymore since the issue is fixed when we switched back to
-  the old way remediate the KubeletConfig.
+- We have reverted commit
+  [9cbf874](https://github.com/ComplianceAsCode/compliance-operator/commit/9cbf874),
+  which is a fix for
+  [OCPBUGS-3864](https://issues.redhat.com/browse/OCPBUGS-3864), the fix is not
+  needed anymore with how `KubeletConfig` rules are processed.
 
-### Security
+## [1.3.1] - 2023-10-11
 
--
+### Fixes
+
+- Fix an issue caused by outdated Machine Config Operator dependencies where
+  the API check pod crashes due to Machine Config Operator using newer versions
+  of Ignition (3.4).
+  [OCPBUGS-18025](https://issues.redhat.com/browse/OCPBUGS-18025)
 
+## [1.3.0] - 2023-09-11
 
 ## [1.2.0] - 2023-07-21
 

bundle/manifests/compliance-operator.clusterserviceversion.yaml

@@ -160,7 +160,7 @@ metadata:
       ]
     capabilities: Seamless Upgrades
     categories: Monitoring,Security
-    olm.skipRange: '>=0.1.17 <1.2.0'
+    olm.skipRange: '>=0.1.17 <1.4.0'
     operatorframework.io/cluster-monitoring: "true"
     operatorframework.io/suggested-namespace: openshift-compliance
     operators.openshift.io/infrastructure-features: '["disconnected", "fips", "proxy-aware"]'
@@ -174,7 +174,7 @@ metadata:
     operatorframework.io/arch.amd64: supported
     operatorframework.io/arch.ppc64le: supported
     operatorframework.io/arch.s390x: supported
-  name: compliance-operator.v1.2.0
+  name: compliance-operator.v1.4.0
   namespace: placeholder
 spec:
   apiservicedefinitions: {}
@@ -1653,4 +1653,4 @@ spec:
     name: operator
   - image: ghcr.io/complianceascode/k8scontent:latest
     name: profile
-  version: 1.2.0
+  version: 1.4.0

bundle/manifests/compliance.openshift.io_tailoredprofiles.yaml

@@ -156,6 +156,8 @@ spec:
               state:
                 description: The current state of the tailored profile
                 type: string
+              warnings:
+                type: string
             type: object
         type: object
     served: true

catalog/preamble.json

@@ -13,8 +13,8 @@
     "package": "compliance-operator",
     "entries": [
         {
-            "name": "compliance-operator.v1.2.0",
-            "skipRange": ">=0.1.17 <1.2.0"
+            "name": "compliance-operator.v1.4.0",
+            "skipRange": ">=0.1.17 <1.4.0"
         }
     ]
 }

config/manifests/bases/compliance-operator.clusterserviceversion.yaml

@@ -160,7 +160,7 @@ metadata:
       ]
     capabilities: Seamless Upgrades
     categories: Monitoring,Security
-    olm.skipRange: '>=0.1.17 <1.2.0'
+    olm.skipRange: '>=0.1.17 <1.4.0'
     operatorframework.io/cluster-monitoring: "true"
     operatorframework.io/suggested-namespace: openshift-compliance
     operators.openshift.io/infrastructure-features: '["disconnected", "fips", "proxy-aware"]'

version.Makefile

@@ -2,4 +2,4 @@
 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
 
-VERSION?=1.2.0
+VERSION?=1.4.0

version/version.go

@@ -1,5 +1,5 @@
 package version
 
 var (
-	Version = "1.2.0"
+	Version = "1.4.0"
 )