ROX-32677-vuln-in-console: adding new content for vulnerability info … #106918
+84
−0
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
| @@ -0,0 +1,22 @@ | ||||||
| :_mod-docs-content-type: ASSEMBLY | ||||||
| [id="accessing-vulnerability-information-in-web-console"] | ||||||
| = Accessing vulnerability information in the OpenShift Container Platform web console | ||||||
| include::modules/common-attributes.adoc[] | ||||||
| :context: accessing-vulnerability-information-in-web-console | ||||||
|
|
||||||
| toc::[] | ||||||
|
|
||||||
| // GUI LABELING ISSUES | ||||||
| // SEE MEETING RHACS SPRINT DEMO RECORDING 01/29/2026 ~28 MINUTES | ||||||
| // IN THE INTERFACE, THIS APPEARS AS "console plugin" IN THE OPERATOR INSTALLATION, BUT FROM THE INSTALLED OPERATORS PAGE FOR RHACS OPERATOR IT APPEARS IN THE SIDEBAR INFO AS A NAMED "advanced-cluster-security" PLUGIN UNDER A GENERIC "Console plugin" HEADER. UNSURE WHY THIS APPEARS WITH DIFFERNT NAMES IN DIFFERENT LOCATIONS IN THE GUI. IN THE FUTURE IF OTHER CONSOLE PLUGINS ARE ADDED, IT CANNOT BE GENERICALLY LABELED AS "Console plugin" IN THE RHACS OPERATOR INSTALLATION. | ||||||
| // ALSO UNCLEAR IF THIS FUNCTION/CODE IS THE SAME AS THE "RHACS PLUGIN" THAT YOU INSTALL WITH RHDH OR DIFFERENT FUNCTION/CODE. | ||||||
|
|
||||||
| By enabling the {rh-rhacs-console-plugin} dynamic plugin during the installation of the {product-title-short} operator, you can access vulnerability management information for your secured cluster workloads directly from the {ocp} web console. | ||||||
|
Contributor
There was a problem hiding this comment. Since it's enabled by default, I don't think we have to say "By enabling the {rh-rhacs-console-plugin} dynamic plugin during the installation of the {product-title-short} operator," Maybe just say something like: {product-title} provides a dynamic plugin that is enabled by default to provide vulnerability management information for your secured cluster workloads directly in the {ocp} web console. |
||||||
| // FOR YOUR...: workloads? clusters? cluster workloads? | ||||||
|
|
||||||
| With this dynamic plugin, data gathered by the {rh-rhacs-first} vulnerability management tools is displayed in the {ocp} interface, providing information about CVEs, image and workload vulnerabilities, and verified image signature status. Authorized security administrators, platform engineers, and application developers gain a unified view of security status that is embedded in their day-to-day {ocp} workflows. | ||||||
|
Contributor
There was a problem hiding this comment.
Suggested change
|
||||||
|
|
||||||
| // ARTIFACT FROM RHACS PLUGIN + RHDH FILE -- WHAT DOES THIS FeatureName TAG DO? | ||||||
| //:FeatureName: Integration of vulnerability findings into the {rh-rhdh} | ||||||
|
Contributor
There was a problem hiding this comment. Only needed if a feature is technology preview, so you can ignore the tag since this is GA (I think it's GA, right? |
||||||
| include::snippets/technology-preview.adoc[] | ||||||
|
|
||||||
|
Contributor
There was a problem hiding this comment. I think we would need to add an include for the viewing-vulnerability-information.adoc module here so that it shows up in the "Accessing vulnerability information in the OCP web console" page under the introductory/summary text. |
||||||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
| @@ -0,0 +1,36 @@ | ||||||
| // Module included in the following assemblies: | ||||||
| // | ||||||
| // * accessing-vulnerability-information-in-web-console.adoc | ||||||
|
|
||||||
| :_mod-docs-content-type: PROCEDURE | ||||||
| [id="enabling-the-plugin_{context}"] | ||||||
| = Enabling the plugin | ||||||
|
|
||||||
| The {rh-rhacs-console-plugin} dynamic plugin is enabled by default during the installation of the {product-title} Operator. | ||||||
|
|
||||||
| To review enablement status or to enable the {rh-rhacs-console-plugin} plugin after the installation of the {product-title-short} Operator, use the following steps. | ||||||
|
|
||||||
| [NOTE] | ||||||
| ==== | ||||||
| You can also review and change the enablement status of the {rh-rhacs-console-plugin} dynamic plugin after installation of the {product-title} Operator. To do so, view the installed Operators in the web console and then view the details of the {product-title} Operator. | ||||||
| ==== | ||||||
|
|
||||||
| .Prerequisites | ||||||
| // ARE THESE IN THE CORRECT ORDER? NOT SURE IF THE NOTEBOOKLM AI ASSIST PUT THESE IN THE RIGHT/MOST LOGICAL ORDER. | ||||||
|
Contributor
There was a problem hiding this comment. The Operator step would go before the secured cluster services step IMO. |
||||||
| * You are running {ocp} version 4.19 or later. | ||||||
| * You have installed secured cluster services, including sensor, on the cluster. | ||||||
|
Contributor
There was a problem hiding this comment.
Suggested change
Weird ACS-specific thing, we always capitalize Central, Sensor, Collector, etc. |
||||||
| * You have installed the {product-title} Operator on the cluster. | ||||||
|
Contributor
There was a problem hiding this comment.
Suggested change
|
||||||
|
|
||||||
| .Procedure | ||||||
|
|
||||||
| . In the {ocp} web console navigation, click *Ecosystem > Installed Operators*. | ||||||
|
|
||||||
| . From the installed operators, click the {product-title} Operator. | ||||||
|
|
||||||
| . In the Operator details, verify that the {rh-rhacs-console-plugin} plugin is enabled. | ||||||
|
|
||||||
| .Verification | ||||||
|
|
||||||
| If the {rh-rhacs-console-plugin} plugin is enabled on a secured cluster, a new *Security* navigation option, with a *Vulnerabilities* secondary option, displays in the web console navigation menu for authorized users with access to all of the deployment-like resources within the selected namespace. | ||||||
|
|
||||||
| In addition to the new navigation option, if the {rh-rhacs-console-plugin} plugin is enabled on a secured cluster, a new *Security* tab displays on certain pages in the web console, such as the details views for individual projects, namespaces, deployments, daemonsets, and so on. | ||||||
|
Contributor
There was a problem hiding this comment.
Suggested change
|
||||||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
| @@ -0,0 +1,25 @@ | ||||||
| // Module included in the following assemblies: | ||||||
| // | ||||||
| // * accessing-vulnerability-information-in-web-console.adoc | ||||||
|
|
||||||
| :_mod-docs-content-type: PROCEDURE | ||||||
| [id="viewing-vulnerability-information-in-web-console_{context}"] | ||||||
| = Viewing vulnerability information in the web console | ||||||
|
|
||||||
| Use the *Security* navigation option in the {ocp} web console to view vulnerability information that is scoped to the namespace of a secured cluster. | ||||||
|
|
||||||
| .Prerequisites | ||||||
| * The {rh-rhacs-console-plugin} plugin is enabled on the secured cluster. | ||||||
|
|
||||||
| .Procedure | ||||||
|
|
||||||
| . In the {ocp} web console navigation, click *Security > Vulnerabilities*. | ||||||
|
|
||||||
| . From the Workload vulnerabilities page, click the *CVEs*, *Images*, or *Deployments* option to determine the context in which you want to view vulnerabilities. | ||||||
|
|
||||||
| . In the displayed results, click a specific result to view detailed information about the vulnerability. | ||||||
|
|
||||||
| [NOTE] | ||||||
| ==== | ||||||
| You can also view vulnerability information on details views for other pages in the {ocp} web console by clicking the *Security* tab, such as in the details views for individual projects, namespaces, deployments, daemonsets, and so on. | ||||||
|
Contributor
There was a problem hiding this comment.
Suggested change
|
||||||
| ==== | ||||||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need to add an entry to the topic_map.yml file so that this assembly file gets put in the TOC and gets published. Right now it's not showing up in the preview because it's not in the TOC/yaml file. Not sure of the best place to put it - if it's in the "configuring" folder, it would go somewhere in this left TOC, but it doesn't really fit there so I'm not sure.