content icon indicating copy to clipboard operation
content copied to clipboard

Published 20 hours ago verified publisher icon ComplianceAsCode

CMP-2378: Fix OCP version regex

Open Vincent056 opened this issue 1 year ago • 28 comments

We have issues when the OCP version is something like 4.14.6, the old regex matches this version into both 4.6 and 4.14, this commit changes the regex so it requires the match to start with '4'.

This is related to: https://issues.redhat.com/browse/CMP-2378

Vincent056 avatar Jan 30 '24 07:01 Vincent056

Start a new ephemeral environment with changes proposed in this pull request:

ocp4 (from CTF) Environment (using Fedora as testing environment) Open in Gitpod

Fedora Testing Environment Open in Gitpod

Oracle Linux 8 Environment Open in Gitpod

github-actions[bot] avatar Jan 30 '24 07:01 github-actions[bot]

:robot: A k8s content image for this PR is available at: ghcr.io/complianceascode/k8scontent:11499

Click here to see how to deploy it

If you alread have Compliance Operator deployed: utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:11499

Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and: CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:11499 make deploy-local

github-actions[bot] avatar Jan 30 '24 07:01 github-actions[bot]

deployed and tested on a OCP 4.14.6 cluster:

Title
	Configure the kubelet Certificate File for the API Server
Rule
	xccdf_org.ssgproject.content_rule_api_server_kubelet_client_cert_pre_4_9
Ident
	CCE-85890-2
I: oscap: Evaluating XCCDF rule 'xccdf_org.ssgproject.content_rule_api_server_kubelet_client_cert_pre_4_9'.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_node_on_openshift-ovn:def:1': Red Hat OpenShift Container network 4 on OpenShift-OVN.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_node_on_openshift-ovn:def:1' evaluated as false.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_node_on_openshift-sdn:def:1': Red Hat OpenShift Container network 4 on OpenShift-SDN.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_node_on_openshift-sdn:def:1' evaluated as false.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_node:def:1': Red Hat OpenShift Container Platform Node.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_node:def:1' evaluated as false.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_on_aws:def:1': Red Hat OpenShift Container Platform 4 on AWS.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_on_aws:def:1' evaluated as true.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_on_azure:def:1': Red Hat OpenShift Container Platform 4 on Azure.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_on_azure:def:1' evaluated as false.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_on_gcp:def:1': Red Hat OpenShift Container Platform 4 on GCP.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_on_gcp:def:1' evaluated as false.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_on_openshiftovn:def:1': Red Hat OpenShift Container network 4 on OpenShiftOVN.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_on_openshiftovn:def:1' evaluated as true.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_on_openshiftsdn:def:1': Red Hat OpenShift Container network 4 on OpenShiftSDN.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_on_openshiftsdn:def:1' evaluated as false.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_10:def:1': Red Hat OpenShift Container Platform 4.10.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_10:def:1' evaluated as false.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_11:def:1': Red Hat OpenShift Container Platform 4.11.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_11:def:1' evaluated as false.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_12:def:1': Red Hat OpenShift Container Platform 4.12.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_12:def:1' evaluated as false.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_13:def:1': Red Hat OpenShift Container Platform 4.13.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_13:def:1' evaluated as false.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_14:def:1': Red Hat OpenShift Container Platform 4.14.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_14:def:1' evaluated as true.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_15:def:1': Red Hat OpenShift Container Platform 4.15.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_15:def:1' evaluated as false.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_16:def:1': Red Hat OpenShift Container Platform 4.16.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_16:def:1' evaluated as false.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_17:def:1': Red Hat OpenShift Container Platform 4.17.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_17:def:1' evaluated as false.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_18:def:1': Red Hat OpenShift Container Platform 4.18.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_18:def:1' evaluated as false.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_6:def:1': Red Hat OpenShift Container Platform 4.6.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_6:def:1' evaluated as false.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_7:def:1': Red Hat OpenShift Container Platform 4.7.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_7:def:1' evaluated as false.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_8:def:1': Red Hat OpenShift Container Platform 4.8.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_8:def:1' evaluated as false.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_9:def:1': Red Hat OpenShift Container Platform 4.9.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_9:def:1' evaluated as false.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4:def:1': Red Hat OpenShift Container Platform.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4:def:1' evaluated as true.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_on_hypershift_hosted:def:1': Red Hat OpenShift Container Platform.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_on_hypershift_hosted:def:1' evaluated as false.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_6:def:1': Red Hat OpenShift Container Platform 4.6.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_6:def:1' evaluated as false.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_7:def:1': Red Hat OpenShift Container Platform 4.7.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_7:def:1' evaluated as false.
I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4_8:def:1': Red Hat OpenShift Container Platform 4.8.
I: oscap: Definition 'oval:ssg-installed_app_is_ocp4_8:def:1' evaluated as false.
I: oscap: Rule 'xccdf_org.ssgproject.content_rule_api_server_kubelet_client_cert_pre_4_9' is not applicable.
Result
	notapplicable

[vincent@node cac-content-fork]$ oc get --raw /apis/config.openshift.io/v1/clusteroperators/openshift-apiserver | jq '[.status.versions[].version]'
[
  "4.14.6",
  "4.14.6"
]

Vincent056 avatar Jan 31 '24 05:01 Vincent056

/test

Vincent056 avatar Jan 31 '24 05:01 Vincent056

@Vincent056: The /test command needs one or more targets. The following commands are available to trigger required jobs:

  • /test 4.14-images
  • /test e2e-aws-ocp4-cis
  • /test e2e-aws-ocp4-cis-node
  • /test e2e-aws-ocp4-e8
  • /test e2e-aws-ocp4-high
  • /test e2e-aws-ocp4-high-node
  • /test e2e-aws-ocp4-moderate
  • /test e2e-aws-ocp4-moderate-node
  • /test e2e-aws-ocp4-pci-dss
  • /test e2e-aws-ocp4-pci-dss-node
  • /test e2e-aws-ocp4-stig
  • /test e2e-aws-ocp4-stig-node
  • /test e2e-aws-rhcos4-e8
  • /test e2e-aws-rhcos4-high
  • /test e2e-aws-rhcos4-moderate
  • /test e2e-aws-rhcos4-stig
  • /test images

Use /test all to run the following jobs that were automatically triggered:

  • pull-ci-ComplianceAsCode-content-master-4.14-images
  • pull-ci-ComplianceAsCode-content-master-images

In response to this:

/test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-ci[bot] avatar Jan 31 '24 05:01 openshift-ci[bot]

/test e2e-aws-ocp4-cis

Vincent056 avatar Jan 31 '24 05:01 Vincent056

/hold for test

xiaojiey avatar Jan 31 '24 06:01 xiaojiey

@Vincent056 The expected result should be there will be test result for ocp4-cis-api-server-kubelet-client-key, and no result for ocp4-cis-api-server-kubelet-client-key-pre-4-9, right? It is weird, I tested with payload 4.14.6 and didn't neither of them with this PR.

xiaojiey avatar Feb 01 '24 03:02 xiaojiey

Verification pass with 4.14.6 and content in https://github.com/ComplianceAsCode/content/pull/11499: $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.14.6 True False 8h Cluster version is 4.14.6

$ oc compliance bind -N test profile/upstream-ocp4-cis Creating ScanSettingBinding test $ oc get suite -w NAME PHASE RESULT test RUNNING NOT-AVAILABLE test AGGREGATING NOT-AVAILABLE test DONE NON-COMPLIANT test DONE NON-COMPLIANT ^C $ oc get ccr | grep kubelet-client upstream-ocp4-cis-api-server-kubelet-client-cert PASS high upstream-ocp4-cis-api-server-kubelet-client-key PASS high

xiaojiey avatar Feb 01 '24 09:02 xiaojiey

/unhold

xiaojiey avatar Feb 01 '24 09:02 xiaojiey

/label qe-approved

xiaojiey avatar Feb 01 '24 09:02 xiaojiey

@xiaojiey: The label(s) qe-approved cannot be applied, because the repository doesn't have them.

In response to this:

/label qe-approved

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-ci[bot] avatar Feb 01 '24 09:02 openshift-ci[bot]

@BhargaviGudi Hi, could you check this PR once again?

yuumasato avatar Feb 06 '24 15:02 yuumasato

/hold for test

BhargaviGudi avatar Feb 07 '24 07:02 BhargaviGudi

Verification passed with 4.14.6 + compliance-operator with compliance-operator code + PR #11499 code

$ oc get clusterversions.config.openshift.io 
NAME      VERSION   AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.14.6    True        False         4h36m   Cluster version is 4.14.6
$ oc compliance bind -N test profile/upstream-ocp4-cis
Creating ScanSettingBinding test
$ oc get suite -w
NAME   PHASE     RESULT
test   RUNNING   NOT-AVAILABLE
test   AGGREGATING   NOT-AVAILABLE
test   DONE          NON-COMPLIANT
test   DONE          NON-COMPLIANT
$ oc get ccr | grep kubelet-client
upstream-ocp4-cis-api-server-kubelet-client-cert                           PASS     high
upstream-ocp4-cis-api-server-kubelet-client-key                            PASS     high

BhargaviGudi avatar Feb 12 '24 15:02 BhargaviGudi

/unhold /label qe-approved

BhargaviGudi avatar Feb 12 '24 15:02 BhargaviGudi

@BhargaviGudi: The label(s) qe-approved cannot be applied, because the repository doesn't have them.

In response to this:

/unhold /label qe-approved

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-ci[bot] avatar Feb 12 '24 15:02 openshift-ci[bot]

/lgtm

BhargaviGudi avatar Feb 12 '24 15:02 BhargaviGudi

/test

rhmdnd avatar Feb 13 '24 18:02 rhmdnd

@rhmdnd: The /test command needs one or more targets. The following commands are available to trigger required jobs:

  • /test 4.13-e2e-aws-ocp4-cis
  • /test 4.13-e2e-aws-ocp4-cis-node
  • /test 4.13-e2e-aws-ocp4-e8
  • /test 4.13-e2e-aws-ocp4-high
  • /test 4.13-e2e-aws-ocp4-high-node
  • /test 4.13-e2e-aws-ocp4-moderate
  • /test 4.13-e2e-aws-ocp4-moderate-node
  • /test 4.13-e2e-aws-ocp4-pci-dss
  • /test 4.13-e2e-aws-ocp4-pci-dss-node
  • /test 4.13-e2e-aws-ocp4-stig
  • /test 4.13-e2e-aws-ocp4-stig-node
  • /test 4.13-e2e-aws-rhcos4-e8
  • /test 4.13-e2e-aws-rhcos4-high
  • /test 4.13-e2e-aws-rhcos4-moderate
  • /test 4.13-e2e-aws-rhcos4-stig
  • /test 4.13-images
  • /test 4.14-images
  • /test 4.15-e2e-aws-ocp4-cis
  • /test 4.15-e2e-aws-ocp4-cis-node
  • /test 4.15-e2e-aws-ocp4-e8
  • /test 4.15-e2e-aws-ocp4-high
  • /test 4.15-e2e-aws-ocp4-high-node
  • /test 4.15-e2e-aws-ocp4-moderate
  • /test 4.15-e2e-aws-ocp4-moderate-node
  • /test 4.15-e2e-aws-ocp4-pci-dss
  • /test 4.15-e2e-aws-ocp4-pci-dss-node
  • /test 4.15-e2e-aws-ocp4-stig
  • /test 4.15-e2e-aws-ocp4-stig-node
  • /test 4.15-e2e-aws-rhcos4-e8
  • /test 4.15-e2e-aws-rhcos4-high
  • /test 4.15-e2e-aws-rhcos4-moderate
  • /test 4.15-e2e-aws-rhcos4-stig
  • /test 4.15-images
  • /test 4.16-e2e-aws-ocp4-cis
  • /test 4.16-e2e-aws-ocp4-cis-node
  • /test 4.16-e2e-aws-ocp4-e8
  • /test 4.16-e2e-aws-ocp4-high
  • /test 4.16-e2e-aws-ocp4-high-node
  • /test 4.16-e2e-aws-ocp4-moderate
  • /test 4.16-e2e-aws-ocp4-moderate-node
  • /test 4.16-e2e-aws-ocp4-pci-dss
  • /test 4.16-e2e-aws-ocp4-pci-dss-node
  • /test 4.16-e2e-aws-ocp4-stig
  • /test 4.16-e2e-aws-ocp4-stig-node
  • /test 4.16-e2e-aws-rhcos4-e8
  • /test 4.16-e2e-aws-rhcos4-high
  • /test 4.16-e2e-aws-rhcos4-moderate
  • /test 4.16-e2e-aws-rhcos4-stig
  • /test 4.16-images
  • /test e2e-aws-ocp4-cis
  • /test e2e-aws-ocp4-cis-node
  • /test e2e-aws-ocp4-e8
  • /test e2e-aws-ocp4-high
  • /test e2e-aws-ocp4-high-node
  • /test e2e-aws-ocp4-moderate
  • /test e2e-aws-ocp4-moderate-node
  • /test e2e-aws-ocp4-pci-dss
  • /test e2e-aws-ocp4-pci-dss-node
  • /test e2e-aws-ocp4-stig
  • /test e2e-aws-ocp4-stig-node
  • /test e2e-aws-rhcos4-e8
  • /test e2e-aws-rhcos4-high
  • /test e2e-aws-rhcos4-moderate
  • /test e2e-aws-rhcos4-stig
  • /test images

Use /test all to run the following jobs that were automatically triggered:

  • pull-ci-ComplianceAsCode-content-master-4.13-images
  • pull-ci-ComplianceAsCode-content-master-4.14-images
  • pull-ci-ComplianceAsCode-content-master-4.15-images
  • pull-ci-ComplianceAsCode-content-master-4.16-images
  • pull-ci-ComplianceAsCode-content-master-images

In response to this:

/test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-ci[bot] avatar Feb 13 '24 18:02 openshift-ci[bot]

/test 4.15-e2e-aws-ocp4-stig /test 4.16-e2e-aws-ocp4-stig

rhmdnd avatar Feb 13 '24 18:02 rhmdnd

Looks like we still have one related failure specifically on 4.16.

helpers.go:808: Result - Name: e2e-stig-api-server-api-priority-flowschema-catch-all - Status: FAIL - Severity: medium
helpers.go:815: E2E-FAILURE: The expected result for the api_server_api_priority_flowschema_catch_all rule didn't match. Expected 'PASS', Got 'FAIL'

It could be that the options we're checking for this rule have changed on 4.16 in a way that fails.

rhmdnd avatar Feb 13 '24 20:02 rhmdnd

/test 4.15-e2e-aws-ocp4-stig /test 4.16-e2e-aws-ocp4-stig

rhmdnd avatar Feb 14 '24 20:02 rhmdnd

@lbragstad I did not observe the issue with 4.16.0 or 4.15.0 or 4.13.0

$ oc get ccr | grep kubelet-client
upstream-ocp4-cis-api-server-kubelet-client-cert                           PASS     high
upstream-ocp4-cis-api-server-kubelet-client-key                            PASS     high
$ oc get clusterversions.config.openshift.io 
NAME      VERSION                              AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.16.0-0.nightly-2024-02-08-073857   True        False         3h4m    Cluster version is 4.16.0-0.nightly-2024-02-08-073857

BhargaviGudi avatar Feb 16 '24 10:02 BhargaviGudi

/test 4.15-e2e-aws-ocp4-stig /test 4.16-e2e-aws-ocp4-stig

rhmdnd avatar Feb 19 '24 01:02 rhmdnd

The 4.16 e2e tests still seem to be failing on:

helpers.go:815: E2E-FAILURE: The expected result for the api_server_api_priority_flowschema_catch_all rule didn't match. Expected 'PASS', Got 'FAIL'

rhmdnd avatar Feb 19 '24 13:02 rhmdnd

The 4.16 e2e tests still seem to be failing on:

helpers.go:815: E2E-FAILURE: The expected result for the api_server_api_priority_flowschema_catch_all rule didn't match. Expected 'PASS', Got 'FAIL'

OCP4.16 has introduced flowcontrol.apiserver.k8s.io/v1 https://kubernetes.io/docs/reference/using-api/deprecation-guide/

Vincent056 avatar Feb 20 '24 04:02 Vincent056

/retest

Vincent056 avatar Feb 20 '24 05:02 Vincent056

/test 4.15-e2e-aws-ocp4-stig /test 4.16-e2e-aws-ocp4-stig

Vincent056 avatar Feb 20 '24 05:02 Vincent056

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff 
New content has different text for rule 'xccdf_org.ssgproject.content_rule_api_server_api_priority_flowschema_catch_all'.
--- xccdf_org.ssgproject.content_rule_api_server_api_priority_flowschema_catch_all
+++ xccdf_org.ssgproject.content_rule_api_server_api_priority_flowschema_catch_all
@@ -17,7 +17,8 @@
 This rule's check operates on the cluster configuration dump.
 Therefore, you need to use a tool that can query the OCP API, retrieve the /apis/flowcontrol.apiserver.k8s.io/v1alpha1/flowschemas/catch-all API endpoint to the local /apis/flowcontrol.apiserver.k8s.io/v1alpha1/flowschemas/catch-all file  true
      /apis/flowcontrol.apiserver.k8s.io/v1beta1/flowschemas/catch-all API endpoint to the local /apis/flowcontrol.apiserver.k8s.io/v1beta1/flowschemas/catch-all file  true
-     /apis/flowcontrol.apiserver.k8s.io/v1beta2/flowschemas/catch-all API endpoint to the local /apis/flowcontrol.apiserver.k8s.io/v1beta2/flowschemas/catch-all file  true .
+     /apis/flowcontrol.apiserver.k8s.io/v1beta2/flowschemas/catch-all API endpoint to the local /apis/flowcontrol.apiserver.k8s.io/v1beta2/flowschemas/catch-all file  true
+     /apis/flowcontrol.apiserver.k8s.io/v1/flowschemas/catch-all API endpoint to the local /apis/flowcontrol.apiserver.k8s.io/v1/flowschemas/catch-all file  true .
 
 [reference]:
 CIP-003-8 R6

OVAL for rule 'xccdf_org.ssgproject.content_rule_api_server_api_priority_flowschema_catch_all' differs.
--- oval:ssg-api_server_api_priority_flowschema_catch_all:def:1
+++ oval:ssg-api_server_api_priority_flowschema_catch_all:def:1
@@ -2,3 +2,4 @@
 extend_definition oval:ssg-api_server_api_priority_v1alpha1_flowschema_catch_all:def:1
 extend_definition oval:ssg-api_server_api_priority_v1beta1_flowschema_catch_all:def:1
 extend_definition oval:ssg-api_server_api_priority_v1beta2_flowschema_catch_all:def:1
+extend_definition oval:ssg-api_server_api_priority_v1_flowschema_catch_all:def:1

Platform has been changed for rule 'xccdf_org.ssgproject.content_rule_api_server_api_priority_v1beta2_flowschema_catch_all'
--- xccdf_org.ssgproject.content_rule_api_server_api_priority_v1beta2_flowschema_catch_all
+++ xccdf_org.ssgproject.content_rule_api_server_api_priority_v1beta2_flowschema_catch_all
@@ -1,3 +1,5 @@
 oval:ssg-installed_app_is_ocp4_11:def:1
 oval:ssg-installed_app_is_ocp4_12:def:1
 oval:ssg-installed_app_is_ocp4_13:def:1
+oval:ssg-installed_app_is_ocp4_14:def:1
+oval:ssg-installed_app_is_ocp4_15:def:1

Platform has been changed for rule 'xccdf_org.ssgproject.content_rule_api_server_kubelet_client_cert'
--- xccdf_org.ssgproject.content_rule_api_server_kubelet_client_cert
+++ xccdf_org.ssgproject.content_rule_api_server_kubelet_client_cert
@@ -3,4 +3,7 @@
 oval:ssg-installed_app_is_ocp4_11:def:1
 oval:ssg-installed_app_is_ocp4_12:def:1
 oval:ssg-installed_app_is_ocp4_13:def:1
+oval:ssg-installed_app_is_ocp4_14:def:1
+oval:ssg-installed_app_is_ocp4_15:def:1
+oval:ssg-installed_app_is_ocp4_16:def:1
 oval:ssg-installed_app_is_ocp4_9:def:1

Platform has been changed for rule 'xccdf_org.ssgproject.content_rule_api_server_kubelet_client_key'
--- xccdf_org.ssgproject.content_rule_api_server_kubelet_client_key
+++ xccdf_org.ssgproject.content_rule_api_server_kubelet_client_key
@@ -3,4 +3,7 @@
 oval:ssg-installed_app_is_ocp4_11:def:1
 oval:ssg-installed_app_is_ocp4_12:def:1
 oval:ssg-installed_app_is_ocp4_13:def:1
+oval:ssg-installed_app_is_ocp4_14:def:1
+oval:ssg-installed_app_is_ocp4_15:def:1
+oval:ssg-installed_app_is_ocp4_16:def:1
 oval:ssg-installed_app_is_ocp4_9:def:1

Platform has been changed for rule 'xccdf_org.ssgproject.content_rule_kubelet_configure_tls_cert'
--- xccdf_org.ssgproject.content_rule_kubelet_configure_tls_cert
+++ xccdf_org.ssgproject.content_rule_kubelet_configure_tls_cert
@@ -3,4 +3,7 @@
 oval:ssg-installed_app_is_ocp4_11:def:1
 oval:ssg-installed_app_is_ocp4_12:def:1
 oval:ssg-installed_app_is_ocp4_13:def:1
+oval:ssg-installed_app_is_ocp4_14:def:1
+oval:ssg-installed_app_is_ocp4_15:def:1
+oval:ssg-installed_app_is_ocp4_16:def:1
 oval:ssg-installed_app_is_ocp4_9:def:1

Platform has been changed for rule 'xccdf_org.ssgproject.content_rule_kubelet_configure_tls_key'
--- xccdf_org.ssgproject.content_rule_kubelet_configure_tls_key
+++ xccdf_org.ssgproject.content_rule_kubelet_configure_tls_key
@@ -3,4 +3,7 @@
 oval:ssg-installed_app_is_ocp4_11:def:1
 oval:ssg-installed_app_is_ocp4_12:def:1
 oval:ssg-installed_app_is_ocp4_13:def:1
+oval:ssg-installed_app_is_ocp4_14:def:1
+oval:ssg-installed_app_is_ocp4_15:def:1
+oval:ssg-installed_app_is_ocp4_16:def:1
 oval:ssg-installed_app_is_ocp4_9:def:1

github-actions[bot] avatar Feb 20 '24 05:02 github-actions[bot]