fix: correct CRD field accuracy across samples and Helm charts (#67)

mayurkr · claude · web-flow · commit be1d711e9ddb · 2026-04-12T14:53:23.000+05:30
- ScanReport sample: remove non-existent fields (startedAt,
  completedAt, passedControls, failedControls) that are not in the
  ScanReportSpec CRD definition
- ClusterScan compliance: exclude nist-800-53 and iso-27001 from
  ClusterScan presets since its enum only allows cis, nsa-cisa,
  pci-dss, soc2, hipaa (those frameworks are cloud-only)
- Operator values.yaml: fix temperature from quoted string "0.1"
  to float 0.1 matching the CRD's *float64 type

Co-authored-by: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/config/samples/zelyo-operator_v1alpha1_scanreport.yaml b/config/samples/zelyo-operator_v1alpha1_scanreport.yaml
@@ -8,8 +8,6 @@ metadata:
   namespace: zelyo-system
 spec:
   scanRef: clusterscan-sample
-  startedAt: "2026-03-03T02:00:00Z"
-  completedAt: "2026-03-03T02:05:30Z"
   summary:
     totalFindings: 0
     critical: 0
@@ -18,6 +16,4 @@ spec:
     low: 0
     info: 0
     resourcesScanned: 0
-    passedControls: 0
-    failedControls: 0
   findings: []
diff --git a/deploy/helm/zelyo-operator/values.yaml b/deploy/helm/zelyo-operator/values.yaml
@@ -161,7 +161,7 @@ config:
     # -- Custom API endpoint (required for ollama/custom providers)
     endpoint: ""
     # -- LLM temperature (0.0 = deterministic, 1.0 = creative)
-    temperature: "0.1"
+    temperature: 0.1
     # -- Max tokens per LLM request
     maxTokensPerRequest: 4096
 
diff --git a/deploy/helm/zelyo-policies/templates/_helpers.tpl b/deploy/helm/zelyo-policies/templates/_helpers.tpl
@@ -175,8 +175,9 @@ strict   — all 8 rules, all enforced
 {{- end }}
 
 {{/*
-Collect enabled compliance frameworks from compliance.presets into a YAML list.
-Used by ClusterScan and CloudAccountConfig templates.
+Collect enabled compliance frameworks valid for ClusterScan.
+ClusterScan enum: cis, nsa-cisa, pci-dss, soc2, hipaa.
+Note: nist-800-53 and iso-27001 are cloud-only and NOT valid here.
 */}}
 {{- define "zelyo-policies.complianceFrameworks" -}}
 {{- $frameworks := list }}
@@ -192,12 +193,6 @@ Used by ClusterScan and CloudAccountConfig templates.
 {{- if .Values.compliance.presets.hipaa }}
 {{- $frameworks = append $frameworks "hipaa" }}
 {{- end }}
-{{- if .Values.compliance.presets.nist }}
-{{- $frameworks = append $frameworks "nist-800-53" }}
-{{- end }}
-{{- if .Values.compliance.presets.iso27001 }}
-{{- $frameworks = append $frameworks "iso-27001" }}
-{{- end }}
 {{- toJson $frameworks }}
 {{- end }}
 
diff --git a/deploy/helm/zelyo-policies/templates/cluster-scans.yaml b/deploy/helm/zelyo-policies/templates/cluster-scans.yaml
@@ -2,13 +2,13 @@
 {{- /*
   Build the preset compliance frameworks list once for reuse.
 */ -}}
+{{- /* ClusterScan only supports: cis, nsa-cisa, pci-dss, soc2, hipaa.
+       nist-800-53 and iso-27001 are cloud-only (CloudAccountConfig). */ -}}
 {{- $presetFrameworks := list }}
 {{- if .Values.compliance.presets.cis }}{{ $presetFrameworks = append $presetFrameworks "cis" }}{{ end }}
 {{- if .Values.compliance.presets.soc2 }}{{ $presetFrameworks = append $presetFrameworks "soc2" }}{{ end }}
 {{- if .Values.compliance.presets.pciDss }}{{ $presetFrameworks = append $presetFrameworks "pci-dss" }}{{ end }}
 {{- if .Values.compliance.presets.hipaa }}{{ $presetFrameworks = append $presetFrameworks "hipaa" }}{{ end }}
-{{- if .Values.compliance.presets.nist }}{{ $presetFrameworks = append $presetFrameworks "nist-800-53" }}{{ end }}
-{{- if .Values.compliance.presets.iso27001 }}{{ $presetFrameworks = append $presetFrameworks "iso-27001" }}{{ end }}
 {{- /*
   Nightly ClusterScan — full scan every night.
 */ -}}
