From 5f2fca1fc5620b92c167247177c9146be652abc2 Mon Sep 17 00:00:00 2001 From: Lance Bragstad Date: Tue, 3 Sep 2024 11:04:53 -0500 Subject: [PATCH] Update assertions for ingress controller TLS check We recently incorporated a new rule into the CIS profile that checks ingress controller TLS configs: https://github.com/ComplianceAsCode/content/pull/12220 We added it to the CIS profile, but didn't update the assertions in the moderate or high profiles, which is causing periodic CI to fail. This commit adds the assertion to the moderate and high test files so we're checking it in subsequent CI runs. --- tests/assertions/ocp4/ocp4-cis-4.17.yml | 3 +++ tests/assertions/ocp4/ocp4-high-4.13.yml | 3 +++ tests/assertions/ocp4/ocp4-high-4.14.yml | 3 +++ tests/assertions/ocp4/ocp4-high-4.15.yml | 3 +++ tests/assertions/ocp4/ocp4-high-4.16.yml | 3 +++ tests/assertions/ocp4/ocp4-high-4.17.yml | 3 +++ tests/assertions/ocp4/ocp4-moderate-4.13.yml | 3 +++ tests/assertions/ocp4/ocp4-moderate-4.14.yml | 3 +++ tests/assertions/ocp4/ocp4-moderate-4.15.yml | 3 +++ tests/assertions/ocp4/ocp4-moderate-4.16.yml | 3 +++ tests/assertions/ocp4/ocp4-moderate-4.17.yml | 3 +++ 11 files changed, 33 insertions(+) diff --git a/tests/assertions/ocp4/ocp4-cis-4.17.yml b/tests/assertions/ocp4/ocp4-cis-4.17.yml index 51364e1ed36..35c56794036 100644 --- a/tests/assertions/ocp4/ocp4-cis-4.17.yml +++ b/tests/assertions/ocp4/ocp4-cis-4.17.yml @@ -293,3 +293,6 @@ rule_results: e2e-cis-secrets-no-environment-variables: default_result: MANUAL result_after_remediation: MANUAL + e2e-cis-kubelet-configure-tls-cipher-suites-ingresscontroller: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-high-4.13.yml b/tests/assertions/ocp4/ocp4-high-4.13.yml index dc9407ed83d..4cff01b6b48 100644 --- a/tests/assertions/ocp4/ocp4-high-4.13.yml +++ b/tests/assertions/ocp4/ocp4-high-4.13.yml @@ -376,3 +376,6 @@ rule_results: default_result: MANUAL e2e-high-secrets-no-environment-variables: default_result: MANUAL + e2e-high-kubelet-configure-tls-cipher-suites-ingresscontroller: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-high-4.14.yml b/tests/assertions/ocp4/ocp4-high-4.14.yml index 79f27d693d9..40ef217c9f0 100644 --- a/tests/assertions/ocp4/ocp4-high-4.14.yml +++ b/tests/assertions/ocp4/ocp4-high-4.14.yml @@ -376,3 +376,6 @@ rule_results: default_result: MANUAL e2e-high-secrets-no-environment-variables: default_result: MANUAL + e2e-high-kubelet-configure-tls-cipher-suites-ingresscontroller: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-high-4.15.yml b/tests/assertions/ocp4/ocp4-high-4.15.yml index 23e7ef5e310..c240c235423 100644 --- a/tests/assertions/ocp4/ocp4-high-4.15.yml +++ b/tests/assertions/ocp4/ocp4-high-4.15.yml @@ -403,3 +403,6 @@ rule_results: e2e-high-secrets-no-environment-variables: default_result: MANUAL result_after_remediation: MANUAL + e2e-high-kubelet-configure-tls-cipher-suites-ingresscontroller: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-high-4.16.yml b/tests/assertions/ocp4/ocp4-high-4.16.yml index 23e7ef5e310..c240c235423 100644 --- a/tests/assertions/ocp4/ocp4-high-4.16.yml +++ b/tests/assertions/ocp4/ocp4-high-4.16.yml @@ -403,3 +403,6 @@ rule_results: e2e-high-secrets-no-environment-variables: default_result: MANUAL result_after_remediation: MANUAL + e2e-high-kubelet-configure-tls-cipher-suites-ingresscontroller: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-high-4.17.yml b/tests/assertions/ocp4/ocp4-high-4.17.yml index c3e9bd411ce..9e56115478f 100644 --- a/tests/assertions/ocp4/ocp4-high-4.17.yml +++ b/tests/assertions/ocp4/ocp4-high-4.17.yml @@ -404,3 +404,6 @@ rule_results: e2e-high-secrets-no-environment-variables: default_result: MANUAL result_after_remediation: MANUAL + e2e-high-kubelet-configure-tls-cipher-suites-ingresscontroller: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-moderate-4.13.yml b/tests/assertions/ocp4/ocp4-moderate-4.13.yml index c23d2e5e8ba..612900dc69a 100644 --- a/tests/assertions/ocp4/ocp4-moderate-4.13.yml +++ b/tests/assertions/ocp4/ocp4-moderate-4.13.yml @@ -394,3 +394,6 @@ rule_results: e2e-moderate-secrets-no-environment-variables: default_result: MANUAL result_after_remediation: MANUAL + e2e-moderate-kubelet-configure-tls-cipher-suites-ingresscontroller: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-moderate-4.14.yml b/tests/assertions/ocp4/ocp4-moderate-4.14.yml index 12bff0d98da..afa14a469d5 100644 --- a/tests/assertions/ocp4/ocp4-moderate-4.14.yml +++ b/tests/assertions/ocp4/ocp4-moderate-4.14.yml @@ -394,3 +394,6 @@ rule_results: e2e-moderate-secrets-no-environment-variables: default_result: MANUAL result_after_remediation: MANUAL + e2e-moderate-kubelet-configure-tls-cipher-suites-ingresscontroller: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-moderate-4.15.yml b/tests/assertions/ocp4/ocp4-moderate-4.15.yml index aa440cbb0c1..037cf1fa00f 100644 --- a/tests/assertions/ocp4/ocp4-moderate-4.15.yml +++ b/tests/assertions/ocp4/ocp4-moderate-4.15.yml @@ -368,3 +368,6 @@ rule_results: default_result: MANUAL e2e-moderate-secrets-no-environment-variables: default_result: MANUAL + e2e-moderate-kubelet-configure-tls-cipher-suites-ingresscontroller: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-moderate-4.16.yml b/tests/assertions/ocp4/ocp4-moderate-4.16.yml index 12bff0d98da..afa14a469d5 100644 --- a/tests/assertions/ocp4/ocp4-moderate-4.16.yml +++ b/tests/assertions/ocp4/ocp4-moderate-4.16.yml @@ -394,3 +394,6 @@ rule_results: e2e-moderate-secrets-no-environment-variables: default_result: MANUAL result_after_remediation: MANUAL + e2e-moderate-kubelet-configure-tls-cipher-suites-ingresscontroller: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-moderate-4.17.yml b/tests/assertions/ocp4/ocp4-moderate-4.17.yml index 5e4e3730b78..867aa8a10ff 100644 --- a/tests/assertions/ocp4/ocp4-moderate-4.17.yml +++ b/tests/assertions/ocp4/ocp4-moderate-4.17.yml @@ -395,3 +395,6 @@ rule_results: e2e-moderate-secrets-no-environment-variables: default_result: MANUAL result_after_remediation: MANUAL + e2e-moderate-kubelet-configure-tls-cipher-suites-ingresscontroller: + default_result: FAIL + result_after_remediation: PASS