Skip to content

CMP-4340: fix copy-paste variable reference in soft_nodefs_available rule#14838

Open
abushkin-redhat wants to merge 1 commit into
ComplianceAsCode:masterfrom
abushkin-redhat:cmp-4340-eviction-consolidation
Open

CMP-4340: fix copy-paste variable reference in soft_nodefs_available rule#14838
abushkin-redhat wants to merge 1 commit into
ComplianceAsCode:masterfrom
abushkin-redhat:cmp-4340-eviction-consolidation

Conversation

@abushkin-redhat

Copy link
Copy Markdown
Collaborator

Description:

  • copy-paste bug was fixed in kubelet_eviction_thresholds_set_soft_nodefs_available/rule.yml where xccdf_variable: var_event_record_qps (from a different rule) was replaced with the correct values block.

  • This was found while investigating CMP-4340 (kubelet eviction threshold remediation failures). During end-to-end testing of the scanner emptyDir fix (ComplianceAsCode/compliance-operator#1255), 4 of 5 soft eviction rules passed correctly on both initial scan and rescan, but soft_nodefs_available consistently failed despite the kubelet having the correct value. ARF analysis confirmed the scanner read 500Mi from the kubelet config but the OVAL comparison against var_event_record_qps (value 0) caused the false failure.

Fix:

Replace xccdf_variable: var_event_record_qps with the correct values block using pattern match, consistent with all 9 other eviction threshold rules.

@abushkin-redhat

Copy link
Copy Markdown
Collaborator Author

/ok-to-test

@openshift-ci openshift-ci Bot added the ok-to-test Used by openshift-ci bot. label Jun 29, 2026
@abushkin-redhat abushkin-redhat force-pushed the cmp-4340-eviction-consolidation branch from 308786f to e2f28d1 Compare June 29, 2026 14:32
@openshift-ci

openshift-ci Bot commented Jun 29, 2026

Copy link
Copy Markdown

@abushkin-redhat: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-openshift-node-compliance e2f28d1 link true /test e2e-aws-openshift-node-compliance

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@jan-cerny jan-cerny added the OpenShift OpenShift product related. label Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ok-to-test Used by openshift-ci bot. OpenShift OpenShift product related.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants