Merge pull request #40735 from kmccarron-rh/tailored

jeana-redhat · web-flow · commit 520d129cc5f6 · 2022-01-24T14:25:09.000-05:00
OSDOCS-3168: Fix steps in Using tailored profiles procedure
diff --git a/modules/compliance-tailored-profiles.adoc b/modules/compliance-tailored-profiles.adoc
@@ -14,19 +14,20 @@ The `ComplianceSuite` object contains an optional `TailoringConfigMap` attribute
 +
 [source,terminal]
 ----
-$ oc get rules.compliance -l compliance.openshift.io/profile-bundle=rhcos4
+$ oc get rules.compliance -n openshift-compliance -l compliance.openshift.io/profile-bundle=rhcos4 
 ----
 
 . Browse the available variables in the same `ProfileBundle`:
 +
 [source,terminal]
 ----
-$ oc get variables.compliance -l compliance.openshift.io/profile-bundle=rhcos4
+$ oc get variables.compliance -n openshift-compliance -l compliance.openshift.io/profile-bundle=rhcos4 
 ----
 
-. Choose which rules you want to add to the `TailoredProfile`. This `TailoredProfile` example disables two rules and changes one value. Use the `rationale` value to describe why these changes were made:
+. Create a tailored profile named `nist-moderate-modified`:
+.. Choose which rules you want to add to the `nist-moderate-modified` tailored profile. This example extends the `rhcos4-moderate` profile by disabling two rules and changing one value. Use the `rationale` value to describe why these changes were made:
 +
-.Example output
+.Example `new-profile-node.yaml`
 [source,yaml]
 ----
 apiVersion: compliance.openshift.io/v1alpha1
@@ -35,20 +36,18 @@ metadata:
   name: nist-moderate-modified
 spec:
   extends: rhcos4-moderate
+  description: NIST moderate profile
   title: My modified NIST moderate profile
   disableRules:
-  - name: rhcos4-file-permissions-node-config
-    rationale: This breaks X application.
+  - name: rhcos4-file-permissions-var-log-messages
+    rationale: The file contains logs of error messages in the system
   - name: rhcos4-account-disable-post-pw-expiration
     rationale: No need to check this as it comes from the IdP
   setValues:
   - name: rhcos4-var-selinux-state
     rationale: Organizational requirements
     value: permissive
 ----
-+
-
-
 +
 .Attributes for spec variables
 [cols="1,2a",options="header"]
@@ -74,15 +73,24 @@ spec:
 |`setValues`
 | A list of name, rationale, and value groupings. Each name refers to a name of the value set. The rationale is human-readable text describing the set. The value is the actual setting.
 |===
-+
-. Add the profile to the `ScanSettingsBinding` object:
+
+.. Create the `TailoredProfile` object:
 +
 [source,terminal]
 ----
-$ cat nist-moderate-modified.yaml
+$ oc create -n openshift-compliance -f new-profile-node.yaml <1>
 ----
+<1> The `TailoredProfile` object is created in the default `openshift-compliance` namespace.
 +
 .Example output
+[source,terminal]
+----
+tailoredprofile.compliance.openshift.io/nist-moderate-modified created
+----
+
+. Define the `ScanSettingBinding` object to bind the new `nist-moderate-modified` tailored profile to the default `ScanSetting` object. 
++
+.Example `new-scansettingbinding.yaml`
 [source,yaml]
 ----
 apiVersion: compliance.openshift.io/v1alpha1
@@ -102,11 +110,11 @@ settingsRef:
   name: default
 ----
 
-. Create the `TailoredProfile`:
+. Create the `ScanSettingBinding` object:
 +
 [source,terminal]
 ----
-$ oc create -n <namespace> -f <file-name>.yaml
+$ oc create -n openshift-compliance -f new-scansettingbinding.yaml
 ----
 +
 .Example output
