content icon indicating copy to clipboard operation
content copied to clipboard
verified publisher icon ComplianceAsCode

Update status for CIS 1.2.31

Open rhmdnd opened this issue 1 year ago • 4 comments

We implemented support for checking aesgcm encryption ciphers in https://github.com/ComplianceAsCode/content/pull/10974 but never removed the comment or updated the status in the control file. This commit updates the status since it's now automated to include both ciphers.

rhmdnd avatar Jun 26 '24 19:06 rhmdnd

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment Open in Gitpod

Oracle Linux 8 Environment Open in Gitpod

github-actions[bot] avatar Jun 26 '24 19:06 github-actions[bot]

:robot: A k8s content image for this PR is available at: ghcr.io/complianceascode/k8scontent:12095 This image was built from commit: 61a3a48023d8e3629dd987c612fc773252ee2e37

Click here to see how to deploy it

If you alread have Compliance Operator deployed: utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:12095

Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and: CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:12095 make deploy-local

github-actions[bot] avatar Jun 26 '24 19:06 github-actions[bot]

@rhmdnd You'll need to rebase to latest master for testing-farm:centos-stream-9-x86_64:/static-checks to pass.

yuumasato avatar Jun 28 '24 11:06 yuumasato

Verification passed with 4.17.0-0.nightly-2024-07-01-221530 + compliance-operator + pr #12095

$ oc get pb
NAME              CONTENTIMAGE                                 CONTENTFILE         STATUS
ocp4              ghcr.io/complianceascode/k8scontent:latest   ssg-ocp4-ds.xml     VALID
rhcos4            ghcr.io/complianceascode/k8scontent:latest   ssg-rhcos4-ds.xml   VALID
upstream-ocp4     ghcr.io/complianceascode/k8scontent:12095    ssg-ocp4-ds.xml     VALID
upstream-rhcos4   ghcr.io/complianceascode/k8scontent:12095    ssg-rhcos4-ds.xml   VALID
$ oc compliance bind -N test -S default-auto-apply profile/upstream-ocp4-cis
Creating ScanSettingBinding test
$ oc get scan
NAME                PHASE   RESULT
upstream-ocp4-cis   DONE    NON-COMPLIANT
$ oc get suite
NAME   PHASE   RESULT
test   DONE    NON-COMPLIANT
$ oc get ccr | grep api-server-encryption-provider-cipher
upstream-ocp4-cis-api-server-encryption-provider-cipher                    FAIL     medium
$ oc compliance rerun-now scansettingbinding test
Rerunning scans from 'test': upstream-ocp4-cis
Re-running scan 'openshift-compliance/upstream-ocp4-cis'
$ oc get ccr | grep api-server-encryption-provider-cipher
upstream-ocp4-cis-api-server-encryption-provider-cipher                    PASS     medium

BhargaviGudi avatar Jul 03 '24 07:07 BhargaviGudi

/lgtm

BhargaviGudi avatar Jul 03 '24 07:07 BhargaviGudi

@rhmdnd @yuumasato can this be merged?

Mab879 avatar Jul 09 '24 15:07 Mab879

@Mab879 go ahead if you are okay with overriding testing-farm:centos-stream-9-x86_64:/static-checks.

yuumasato avatar Jul 09 '24 16:07 yuumasato

@Mab879 go ahead if you are okay with overriding testing-farm:centos-stream-9-x86_64:/static-checks.

Ah I missed that in the sea of tests, a simple rebase should fix it.

Mab879 avatar Jul 09 '24 20:07 Mab879

@Mab879 @yuumasato should be ready for another look.

rhmdnd avatar Jul 30 '24 22:07 rhmdnd

Code Climate has analyzed commit 61a3a480 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 59.4% (0.0% change).

View more on Code Climate.

qlty-cloud-legacy[bot] avatar Jul 30 '24 23:07 qlty-cloud-legacy[bot]

/test 4.14-images /test images

Timed out on registry issues.

rhmdnd avatar Jul 31 '24 12:07 rhmdnd

/test 4.14-images

rhmdnd avatar Aug 08 '24 14:08 rhmdnd