From d3bdfa98020790c3b2b1230a8d2022d58bd4686f Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Mon, 30 Sep 2024 12:12:19 +0200 Subject: [PATCH 1/3] Fix typo in assertion rule id I guess I typed ctrl+a in vim and did not notice, :) --- tests/assertions/ocp4/ocp4-pci-dss-4-0-4.15.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/assertions/ocp4/ocp4-pci-dss-4-0-4.15.yml b/tests/assertions/ocp4/ocp4-pci-dss-4-0-4.15.yml index 7c6602e7d36..72fafc5298d 100644 --- a/tests/assertions/ocp4/ocp4-pci-dss-4-0-4.15.yml +++ b/tests/assertions/ocp4/ocp4-pci-dss-4-0-4.15.yml @@ -230,7 +230,7 @@ rule_results: e2e-pci-dss-4-0-kubelet-configure-tls-cert: default_result: PASS result_after_remediation: PASS - e3e-pci-dss-4-0-kubelet-configure-tls-cipher-suites-ingresscontroller: + e2e-pci-dss-4-0-kubelet-configure-tls-cipher-suites-ingresscontroller: default_result: FAIL result_after_remediation: PASS e2e-pci-dss-4-0-kubelet-configure-tls-key: From cf3fb45bfbfe69d1c1b42acc57c942f76f1fd767 Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Mon, 30 Sep 2024 12:13:31 +0200 Subject: [PATCH 2/3] Fix result after remediation for cni-conf permissions These rules are passing by default now and after remediation they continue to passs --- tests/assertions/ocp4/ocp4-pci-dss-node-4-0-4.14.yml | 4 ++-- tests/assertions/ocp4/ocp4-pci-dss-node-4-0-4.15.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/assertions/ocp4/ocp4-pci-dss-node-4-0-4.14.yml b/tests/assertions/ocp4/ocp4-pci-dss-node-4-0-4.14.yml index 96e70bc0462..7489f13f6c0 100644 --- a/tests/assertions/ocp4/ocp4-pci-dss-node-4-0-4.14.yml +++ b/tests/assertions/ocp4/ocp4-pci-dss-node-4-0-4.14.yml @@ -202,7 +202,7 @@ rule_results: result_after_remediation: PASS e2e-pci-dss-node-4-0-master-file-permissions-cni-conf: default_result: PASS - result_after_remediation: FAIL + result_after_remediation: PASS e2e-pci-dss-node-4-0-master-file-permissions-controller-manager-kubeconfig: default_result: PASS result_after_remediation: PASS @@ -544,7 +544,7 @@ rule_results: result_after_remediation: NOT-APPLICABLE e2e-pci-dss-node-4-0-worker-file-permissions-cni-conf: default_result: PASS - result_after_remediation: FAIL + result_after_remediation: PASS e2e-pci-dss-node-4-0-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE diff --git a/tests/assertions/ocp4/ocp4-pci-dss-node-4-0-4.15.yml b/tests/assertions/ocp4/ocp4-pci-dss-node-4-0-4.15.yml index 96e70bc0462..7489f13f6c0 100644 --- a/tests/assertions/ocp4/ocp4-pci-dss-node-4-0-4.15.yml +++ b/tests/assertions/ocp4/ocp4-pci-dss-node-4-0-4.15.yml @@ -202,7 +202,7 @@ rule_results: result_after_remediation: PASS e2e-pci-dss-node-4-0-master-file-permissions-cni-conf: default_result: PASS - result_after_remediation: FAIL + result_after_remediation: PASS e2e-pci-dss-node-4-0-master-file-permissions-controller-manager-kubeconfig: default_result: PASS result_after_remediation: PASS @@ -544,7 +544,7 @@ rule_results: result_after_remediation: NOT-APPLICABLE e2e-pci-dss-node-4-0-worker-file-permissions-cni-conf: default_result: PASS - result_after_remediation: FAIL + result_after_remediation: PASS e2e-pci-dss-node-4-0-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE From 9630d28e3a2e678358779c14ec6522b912891322 Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Mon, 30 Sep 2024 12:43:57 +0200 Subject: [PATCH 3/3] This rule can occasionally result inconsistent Align this rule's assertion with what's in other profiles. --- tests/assertions/ocp4/ocp4-pci-dss-node-4.12.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/assertions/ocp4/ocp4-pci-dss-node-4.12.yml b/tests/assertions/ocp4/ocp4-pci-dss-node-4.12.yml index ae2ad46514c..d2005ba195a 100644 --- a/tests/assertions/ocp4/ocp4-pci-dss-node-4.12.yml +++ b/tests/assertions/ocp4/ocp4-pci-dss-node-4.12.yml @@ -176,7 +176,8 @@ rule_results: e2e-pci-dss-node-master-file-permissions-scheduler-kubeconfig: default_result: PASS e2e-pci-dss-node-master-file-permissions-var-log-kube-audit: - default_result: INCONSISTENT + # nodes get INCONSISTENT because of https://bugzilla.redhat.com/show_bug.cgi?id=2001442 + default_result: PASS or INCONSISTENT e2e-pci-dss-node-master-file-permissions-var-log-oauth-audit: default_result: PASS e2e-pci-dss-node-master-file-permissions-var-log-ocp-audit: