Case fixes

cloudpak/stable/ibm-spectrum-scale-csi-operator-bundle/case/ibm-spectrum-scale-csi-operator/README.md

@@ -29,3 +29,56 @@ This operator does not require any pod  security requirements.
 
 # SecurityContextConstraints Requirements
 The operator maintains the Security Context Constraints, removing the required restraints when the operator is uninstalled.
+
+The installed SCC is as follows, please note this is a jinja2 template applied by the operator:
+
+``` YAML
+  kind: SecurityContextConstraints
+  apiVersion: security.openshift.io/v1
+  metadata:
+    annotations:
+      kubernetes.io/description: allow hostpath and host network to be accessible
+    generation: 1
+    name: csiaccess
+    selfLink: /apis/security.openshift.io/v1/securitycontextconstraints/csiaccess
+  readOnlyRootFilesystem: false
+  requiredDropCapabilities:
+  - KILL
+  - MKNOD
+  - SETUID
+  - SETGID
+  runAsUser:
+    type: RunAsAny
+  seLinuxContext:
+    type: RunAsAny
+  supplementalGroups:
+    type: RunAsAny
+  volumes:
+  - configMap
+  - downwardAPI
+  - emptyDir
+  - hostPath
+  - persistentVolumeClaim
+  - projected
+  - secret
+  allowHostDirVolumePlugin: true
+  allowHostIPC: false
+  allowHostNetwork: true
+  allowHostPID: false
+  allowHostPorts: false
+  allowPrivilegeEscalation: true
+  allowPrivilegedContainer: true
+  allowedCapabilities: []
+  defaultAddCapabilities: null
+  fsGroup:
+    type: MustRunAs
+  groups:
+  - system:authenticated
+  {% if csiaccess_users|length > 0 %}
+  users:
+  {% for user in csiaccess_users %}
+    - "{{user}}"
+  {% endfor %}
+  {% endif %}
+
+```

cloudpak/stable/ibm-spectrum-scale-csi-operator-bundle/tests/lintOverrides.yaml

@@ -7,7 +7,7 @@ overrides:
     reduceTo: WARNING
     rule: NoPrivilegedContainers
 
-  - reason: Using default values and DROP ALL capabilities. Did not make GA time for explicit defitinition.
+  - reason: Using default values and DROP ALL capabilities. 
     reduceTo: WARNING
     rule: PodSecurityContextDefined
 
@@ -32,7 +32,7 @@ overrides:
     rule: ContainerHasLivenessProbe
 
   - reason: pull-secret can be provided in CR
-    reduceTo: WARNING
+    reduceTo: INFO
     rule: ServiceAccountHasPullSecret
 
   - reason: File is auto-generated, outside of our control.

operator/.osdk-scorecard.yaml

@@ -12,4 +12,4 @@ scorecard:
         namespace: "ibm-spectrum-scale-csi-driver"
         cr-manifest:
           - "deploy/crds/csiscaleoperators.csi.ibm.com_cr.yaml"
-        csv-path: "deploy/olm-catalog/ibm-spectrum-scale-csi-operator/2.0.0/ibm-spectrum-scale-csi-operator.v2.0.0.clusterserviceversion.yaml"
+        csv-path: "deploy/olm-catalog/ibm-spectrum-scale-csi-operator/1.1.0/ibm-spectrum-scale-csi-operator.v1.1.0.clusterserviceversion.yaml"

operator/deploy/crds/csiscaleoperators.csi.ibm.com.crd.yaml

@@ -1,5 +1,5 @@
 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   labels:

operator/deploy/operator.yaml

@@ -75,6 +75,7 @@ spec:
               cpu: 50m
               memory: 50Mi
           securityContext:
+            privileged: false
             capabilities:
               drop:
                 - ALL