Skip to content

Commit

Permalink
Update assertions for PCI-DSS profile
Browse files Browse the repository at this point in the history 
We recently updated the PCI-DSS profile to use 4.0 by default, but
didn't update the default assertions. This commit updates the assertions
so that the versionless profile name includes assertions for rules in
the v4.0 profile.
  • Loading branch information
@rhmdnd
rhmdnd committed Sep 3, 2024
1 parent 8df17e5 commit 95b59c6
Show file tree
Hide file tree
Showing 10 changed files with 285 additions and 0 deletions.
33 changes: 33 additions & 0 deletions tests/assertions/ocp4/ocp4-pci-dss-4.13.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -334,3 +334,36 @@ rule_results:
e2e-pci-dss-tls-version-check-router:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-acs-sensor-exists:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-alert-receiver-configured:
default_result: MANUAL
result_after_remediation: MANUAL
e2e-pci-dss-api-server-tls-security-profile:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-audit-error-alert-exists:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-container-security-operator-exists:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-ingress-controller-certificate:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-ingress-controller-tls-security-profile:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-kubelet-configure-tls-cipher-suites-ingresscontroller:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-oauth-or-oauthclient-inactivity-timeout:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-ocp-idp-no-htpasswd:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-security-profiles-operator-exists:
default_result: FAIL
result_after_remediation: PASS
33 changes: 33 additions & 0 deletions tests/assertions/ocp4/ocp4-pci-dss-4.14.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -334,3 +334,36 @@ rule_results:
e2e-pci-dss-tls-version-check-router:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-acs-sensor-exists:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-alert-receiver-configured:
default_result: MANUAL
result_after_remediation: MANUAL
e2e-pci-dss-api-server-tls-security-profile:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-audit-error-alert-exists:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-container-security-operator-exists:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-ingress-controller-certificate:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-ingress-controller-tls-security-profile:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-kubelet-configure-tls-cipher-suites-ingresscontroller:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-oauth-or-oauthclient-inactivity-timeout:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-ocp-idp-no-htpasswd:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-security-profiles-operator-exists:
default_result: FAIL
result_after_remediation: PASS
33 changes: 33 additions & 0 deletions tests/assertions/ocp4/ocp4-pci-dss-4.15.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -334,3 +334,36 @@ rule_results:
e2e-pci-dss-tls-version-check-router:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-acs-sensor-exists:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-alert-receiver-configured:
default_result: MANUAL
result_after_remediation: MANUAL
e2e-pci-dss-api-server-tls-security-profile:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-audit-error-alert-exists:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-container-security-operator-exists:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-ingress-controller-certificate:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-ingress-controller-tls-security-profile:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-kubelet-configure-tls-cipher-suites-ingresscontroller:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-oauth-or-oauthclient-inactivity-timeout:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-ocp-idp-no-htpasswd:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-security-profiles-operator-exists:
default_result: FAIL
result_after_remediation: PASS
33 changes: 33 additions & 0 deletions tests/assertions/ocp4/ocp4-pci-dss-4.16.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -334,3 +334,36 @@ rule_results:
e2e-pci-dss-tls-version-check-router:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-acs-sensor-exists:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-alert-receiver-configured:
default_result: MANUAL
result_after_remediation: MANUAL
e2e-pci-dss-api-server-tls-security-profile:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-audit-error-alert-exists:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-container-security-operator-exists:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-ingress-controller-certificate:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-ingress-controller-tls-security-profile:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-kubelet-configure-tls-cipher-suites-ingresscontroller:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-oauth-or-oauthclient-inactivity-timeout:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-ocp-idp-no-htpasswd:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-security-profiles-operator-exists:
default_result: FAIL
result_after_remediation: PASS
33 changes: 33 additions & 0 deletions tests/assertions/ocp4/ocp4-pci-dss-4.17.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -335,3 +335,36 @@ rule_results:
e2e-pci-dss-tls-version-check-router:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-acs-sensor-exists:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-alert-receiver-configured:
default_result: MANUAL
result_after_remediation: MANUAL
e2e-pci-dss-api-server-tls-security-profile:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-audit-error-alert-exists:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-container-security-operator-exists:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-ingress-controller-certificate:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-ingress-controller-tls-security-profile:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-kubelet-configure-tls-cipher-suites-ingresscontroller:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-oauth-or-oauthclient-inactivity-timeout:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-ocp-idp-no-htpasswd:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-security-profiles-operator-exists:
default_result: FAIL
result_after_remediation: PASS
24 changes: 24 additions & 0 deletions tests/assertions/ocp4/ocp4-pci-dss-node-4.13.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -452,3 +452,27 @@ rule_results:
default_result: MANUAL
e2e-pci-dss-node-worker-tls-version-check-masters-workers:
default_result: PASS
e2e-pci-dss-node-master-directory-access-var-log-kube-audit:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-node-master-directory-access-var-log-oauth-audit:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-node-master-directory-access-var-log-ocp-audit:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-node-master-kubelet-configure-tls-min-version:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-node-worker-directory-access-var-log-kube-audit:
default_result: NOT-APPLICABLE
result_after_remediation: NOT-APPLICABLE
e2e-pci-dss-node-worker-directory-access-var-log-oauth-audit:
default_result: NOT-APPLICABLE
result_after_remediation: NOT-APPLICABLE
e2e-pci-dss-node-worker-directory-access-var-log-ocp-audit:
default_result: NOT-APPLICABLE
result_after_remediation: NOT-APPLICABLE
e2e-pci-dss-node-worker-kubelet-configure-tls-min-version:
default_result: PASS
result_after_remediation: PASS
24 changes: 24 additions & 0 deletions tests/assertions/ocp4/ocp4-pci-dss-node-4.14.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -452,3 +452,27 @@ rule_results:
default_result: MANUAL
e2e-pci-dss-node-worker-tls-version-check-masters-workers:
default_result: PASS
e2e-pci-dss-node-master-directory-access-var-log-kube-audit:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-node-master-directory-access-var-log-oauth-audit:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-node-master-directory-access-var-log-ocp-audit:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-node-master-kubelet-configure-tls-min-version:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-node-worker-directory-access-var-log-kube-audit:
default_result: NOT-APPLICABLE
result_after_remediation: NOT-APPLICABLE
e2e-pci-dss-node-worker-directory-access-var-log-oauth-audit:
default_result: NOT-APPLICABLE
result_after_remediation: NOT-APPLICABLE
e2e-pci-dss-node-worker-directory-access-var-log-ocp-audit:
default_result: NOT-APPLICABLE
result_after_remediation: NOT-APPLICABLE
e2e-pci-dss-node-worker-kubelet-configure-tls-min-version:
default_result: PASS
result_after_remediation: PASS
24 changes: 24 additions & 0 deletions tests/assertions/ocp4/ocp4-pci-dss-node-4.15.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -452,3 +452,27 @@ rule_results:
default_result: MANUAL
e2e-pci-dss-node-worker-tls-version-check-masters-workers:
default_result: PASS
e2e-pci-dss-node-master-directory-access-var-log-kube-audit:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-node-master-directory-access-var-log-oauth-audit:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-node-master-directory-access-var-log-ocp-audit:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-node-master-kubelet-configure-tls-min-version:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-node-worker-directory-access-var-log-kube-audit:
default_result: NOT-APPLICABLE
result_after_remediation: NOT-APPLICABLE
e2e-pci-dss-node-worker-directory-access-var-log-oauth-audit:
default_result: NOT-APPLICABLE
result_after_remediation: NOT-APPLICABLE
e2e-pci-dss-node-worker-directory-access-var-log-ocp-audit:
default_result: NOT-APPLICABLE
result_after_remediation: NOT-APPLICABLE
e2e-pci-dss-node-worker-kubelet-configure-tls-min-version:
default_result: PASS
result_after_remediation: PASS
24 changes: 24 additions & 0 deletions tests/assertions/ocp4/ocp4-pci-dss-node-4.16.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -452,3 +452,27 @@ rule_results:
default_result: MANUAL
e2e-pci-dss-node-worker-tls-version-check-masters-workers:
default_result: PASS
e2e-pci-dss-node-master-directory-access-var-log-kube-audit:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-node-master-directory-access-var-log-oauth-audit:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-node-master-directory-access-var-log-ocp-audit:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-node-master-kubelet-configure-tls-min-version:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-node-worker-directory-access-var-log-kube-audit:
default_result: NOT-APPLICABLE
result_after_remediation: NOT-APPLICABLE
e2e-pci-dss-node-worker-directory-access-var-log-oauth-audit:
default_result: NOT-APPLICABLE
result_after_remediation: NOT-APPLICABLE
e2e-pci-dss-node-worker-directory-access-var-log-ocp-audit:
default_result: NOT-APPLICABLE
result_after_remediation: NOT-APPLICABLE
e2e-pci-dss-node-worker-kubelet-configure-tls-min-version:
default_result: PASS
result_after_remediation: PASS
24 changes: 24 additions & 0 deletions tests/assertions/ocp4/ocp4-pci-dss-node-4.17.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -451,3 +451,27 @@ rule_results:
default_result: MANUAL
e2e-pci-dss-node-worker-tls-version-check-masters-workers:
default_result: PASS
e2e-pci-dss-node-master-directory-access-var-log-kube-audit:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-node-master-directory-access-var-log-oauth-audit:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-node-master-directory-access-var-log-ocp-audit:
default_result: FAIL
result_after_remediation: PASS
e2e-pci-dss-node-master-kubelet-configure-tls-min-version:
default_result: PASS
result_after_remediation: PASS
e2e-pci-dss-node-worker-directory-access-var-log-kube-audit:
default_result: NOT-APPLICABLE
result_after_remediation: NOT-APPLICABLE
e2e-pci-dss-node-worker-directory-access-var-log-oauth-audit:
default_result: NOT-APPLICABLE
result_after_remediation: NOT-APPLICABLE
e2e-pci-dss-node-worker-directory-access-var-log-ocp-audit:
default_result: NOT-APPLICABLE
result_after_remediation: NOT-APPLICABLE
e2e-pci-dss-node-worker-kubelet-configure-tls-min-version:
default_result: PASS
result_after_remediation: PASS

0 comments on commit 95b59c6

Please sign in to comment.