From 66f2bd6980a4607803407a69a1082c79f0a05e83 Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Fri, 16 Aug 2024 16:10:18 +0200 Subject: [PATCH] Enable these rules on OCP 4.17 These rules are valid and still work on 4.17. The platform notation needs improvements, but this is left for another PR. --- .../api-server/api_server_kubelet_client_cert/rule.yml | 2 +- .../openshift/api-server/api_server_kubelet_client_key/rule.yml | 2 +- .../openshift/kubelet/kubelet_configure_tls_cert/rule.yml | 2 +- .../openshift/kubelet/kubelet_configure_tls_key/rule.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/applications/openshift/api-server/api_server_kubelet_client_cert/rule.yml b/applications/openshift/api-server/api_server_kubelet_client_cert/rule.yml index c0e29775dcaa..280a90bc8353 100644 --- a/applications/openshift/api-server/api_server_kubelet_client_cert/rule.yml +++ b/applications/openshift/api-server/api_server_kubelet_client_cert/rule.yml @@ -34,7 +34,7 @@ identifiers: cce@ocp4: CCE-84080-1 platforms: - - (ocp4.9 or ocp4.10 or ocp4.11 or ocp4.12 or ocp4.13 or ocp4.14 or ocp4.15 or ocp4.16) and not ocp4-on-hypershift-hosted + - (ocp4.9 or ocp4.10 or ocp4.11 or ocp4.12 or ocp4.13 or ocp4.14 or ocp4.15 or ocp4.16 or ocp4.17) and not ocp4-on-hypershift-hosted severity: high diff --git a/applications/openshift/api-server/api_server_kubelet_client_key/rule.yml b/applications/openshift/api-server/api_server_kubelet_client_key/rule.yml index 7a3e46f95cd9..1368e60be598 100644 --- a/applications/openshift/api-server/api_server_kubelet_client_key/rule.yml +++ b/applications/openshift/api-server/api_server_kubelet_client_key/rule.yml @@ -34,7 +34,7 @@ identifiers: cce@ocp4: CCE-83591-8 platforms: - - (ocp4.9 or ocp4.10 or ocp4.11 or ocp4.12 or ocp4.13 or ocp4.14 or ocp4.15 or ocp4.16) and not ocp4-on-hypershift-hosted + - (ocp4.9 or ocp4.10 or ocp4.11 or ocp4.12 or ocp4.13 or ocp4.14 or ocp4.15 or ocp4.16 or ocp4.17) and not ocp4-on-hypershift-hosted severity: high diff --git a/applications/openshift/kubelet/kubelet_configure_tls_cert/rule.yml b/applications/openshift/kubelet/kubelet_configure_tls_cert/rule.yml index 28053c9ccf34..60d1df2ef0fa 100644 --- a/applications/openshift/kubelet/kubelet_configure_tls_cert/rule.yml +++ b/applications/openshift/kubelet/kubelet_configure_tls_cert/rule.yml @@ -27,7 +27,7 @@ identifiers: cce@ocp4: CCE-83396-2 platforms: - - (ocp4.9 or ocp4.10 or ocp4.11 or ocp4.12 or ocp4.13 or ocp4.14 or ocp4.15 or ocp4.16) and not ocp4-on-hypershift-hosted + - (ocp4.9 or ocp4.10 or ocp4.11 or ocp4.12 or ocp4.13 or ocp4.14 or ocp4.15 or ocp4.16 or ocp4.17) and not ocp4-on-hypershift-hosted references: cis@ocp4: 4.2.9 diff --git a/applications/openshift/kubelet/kubelet_configure_tls_key/rule.yml b/applications/openshift/kubelet/kubelet_configure_tls_key/rule.yml index 69593fe6dd4a..863d320117c7 100644 --- a/applications/openshift/kubelet/kubelet_configure_tls_key/rule.yml +++ b/applications/openshift/kubelet/kubelet_configure_tls_key/rule.yml @@ -27,7 +27,7 @@ identifiers: cce@ocp4: CCE-90614-9 platforms: - - (ocp4.9 or ocp4.10 or ocp4.11 or ocp4.12 or ocp4.13 or ocp4.14 or ocp4.15 or ocp4.16) and not ocp4-on-hypershift-hosted + - (ocp4.9 or ocp4.10 or ocp4.11 or ocp4.12 or ocp4.13 or ocp4.14 or ocp4.15 or ocp4.16 or ocp4.17) and not ocp4-on-hypershift-hosted references: cis@ocp4: 4.2.9