Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be unavailable on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1816715 - Compliance data upload after package - 'scap-security-guide' update creates duplicate profile on cloud.redhat.com.
Summary: Compliance data upload after package - 'scap-security-guide' update creates d...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Cloud Software Services (cloud.redhat.com)
Classification: Red Hat
Component: Compliance
Version: unspecified
Hardware: x86_64
OS: Unspecified
unspecified
medium
Target Milestone: ---
: ---
Assignee: Daniel Lobato Garcia
QA Contact: Victor M.
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-03-24 15:31 UTC by Amar Huchchanavar
Modified: 2020-05-14 00:53 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-25 15:05:37 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Amar Huchchanavar 2020-03-24 15:31:10 UTC
Description of problem:

Compliance data upload after package - 'scap-security-guide' update creates duplicate profile on cloud.redhat.com. 

~~~
I still have 2 compliance policies with for me as end-user 100% the same naming.

From my customer view it looks to be that 1 policy is used by RHEL7.6 and the other for RHEL7.7 servers.
And for the servers that were upgraded from 7.6 to 7.7 in the last month they are associated to both policies.

For me as customer this is uncontrollable and unpredictable.
~~~

How reproducible:
Always

Steps to Reproduce:

- Kickstart RHEL7.6 server HostA
- Upload a compliance report of HostA
- Upgrade RHEL7.6 to RHEL7.7 on the HostA
- Upload a compliance report of HostA

Comment 2 Victor M. 2020-03-27 08:50:02 UTC
This is a known issue caused by not displaying the SSG version attached to the policy. With the system's upgrade from RHEL 7.6 to 7.7 the scap-security-guide was also updated to a different version, creating a new profile. since the SSG version is not displayed in the UI at the moment, this looks like a duplicated policy. 

Assigning RHICOMPL-548.

Comment 4 Peter Vreman 2020-04-14 10:39:07 UTC
This is really an issue that a new policy is created is per RHEL minor release.
With the first servers on RHEL7.8, without any other OS configuration changes, i have now a a 3rd policy created that is for me as end-user looking the same 'Standard System Security Profile for Red Hat Enterprise Linux 7'

Alternative:
If the policies are per minor release i have also no problem, but then make it visible that it is per minor release and not per major release.


Peter

Comment 5 Peter Vreman 2020-04-14 10:44:02 UTC
In the attached case i have uploaded a screenshot of the current Beta site that makes it visible.

Comment 6 Mohit Goyal 2020-04-14 12:20:18 UTC
Peter, yes, we are working to address this issue. More to come as we discuss our options.

Comment 7 Daniel Lobato Garcia 2020-04-14 12:45:40 UTC
Peter, we have a change on the way to make it more visible for now - the reason why you got 3 different reports is that each of these reports is really for a different version of the scap-security-guide package. Each version may have slight differences between rules even for the same policies, which is why they're considered as separate. We're discussing how to move forward with that, however, if you have upgraded all of your systems to RHEL 7.8, you can click on "View report" and delete the ones for 7.6 and 7.7.

Comment 8 Peter Vreman 2020-04-14 12:55:42 UTC
Daniel, Mohit,

Thanks for confirming it is work in progress.

Upgrading all systems to a single release (e.g. 7.8) is never going to happen in a SAP world.
The unique selling point of RHEL is it EUS and E4S support times to give me time to prepare and align with vendor requirements when we can do minor OS upgrades.

Peter

Comment 9 Mohit Goyal 2020-04-15 14:40:52 UTC
Peter and I held a call and I demo-ed the functionality to him. While a slightly different experience, the main concern Peter had I think is addressed via the additional context that I shared. Peter is going to test drive this functionality further and I have committed to him that we can connect again as needed.

At this point, I don't see any material change here for this issue for the product.

Comment 10 Mohit Goyal 2020-04-15 14:43:02 UTC
Ignore last comment. Peter and I spoke today. There is a change that is coming, that I also demo-ed to Peter, that will address this issue.

Comment 11 Mohit Goyal 2020-04-25 15:05:37 UTC
This issue has been fixed in the current release. What appeared to be duplicate reports were results that were different versions of SSG for the same policy. Changes have been made in the Reports section of Compliance to make it clear to users that SSGs are different in reports that otherwise appear to look the same.


Note You need to log in before you can comment on or make changes to this bug.