content
content copied to clipboard
ComplianceAsCode
Add Kubernetes remediation for rule configure_crypto_policy
Added Kubernets auto remediation for rule configure_crypto_policy
Related BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2062530
Start a new ephemeral environment with changes proposed in this pull request:
Fedora Environment
Oracle Linux 8 Environment
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi @Vincent056 it seems like the e2e tests are catching some issue here:
helpers.go:808: Result - Name: e2e-e8-worker-configure-crypto-policy - Status: FAIL - Severity: high
helpers.go:815: E2E-FAILURE: The expected result for the configure_crypto_policy rule didn't match. Expected 'PASS', Got 'FAIL'
Remove e2e test, rhcos4-moderate profile has different default variable for var_system_crypto_policy than rhcos4-e8, this makes the first scan fail on rhcos4-e8 but not on rhcos4-moderate.
Code Climate has analyzed commit e98fb035 and detected 0 issues on this pull request.
The test coverage on the diff in this pull request is 100.0% (50% is the threshold).
This pull request will bring the total coverage in the repository to 42.7% (0.0% change).
View more on Code Climate.
![codeclimate[bot] avatar](https://avatars.githubusercontent.com/in/9403?v=4 "Published by a pub.dev verified publisher"){kind=small}
@Vincent056: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:
| Test name | Commit | Details | Required | Rerun command |
|---|---|---|---|---|
| ci/prow/e2e-aws-rhcos4-high | e98fb035f55a647f89dc241229574dd42e4f8d8b | link | true | /test e2e-aws-rhcos4-high |
| ci/prow/e2e-aws-rhcos4-moderate | e98fb035f55a647f89dc241229574dd42e4f8d8b | link | true | /test e2e-aws-rhcos4-moderate |
Full PR test history. Your PR dashboard.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.
![openshift-ci[bot] avatar](https://avatars.githubusercontent.com/in/91280?v=4 "Published by a pub.dev verified publisher"){kind=small}
So now the tests related to your rule are all passing, but here is this failure:
helpers.go:812: Excluded Rule from counting - Name: e2e-high-master-configure-usbguard-auditbackend
helpers.go:815: E2E-FAILURE: The expected result for the configure_usbguard_auditbackend rule didn't match. Expected 'PASS', Got 'NOT-APPLICABLE'
Because other rhcos4 rules are passing, I wonder if we have an issue with installing usbguard? Does the rule pass manually for you?
So now the tests related to your rule are all passing, but here is this failure:
helpers.go:812: Excluded Rule from counting - Name: e2e-high-master-configure-usbguard-auditbackend helpers.go:815: E2E-FAILURE: The expected result for the configure_usbguard_auditbackend rule didn't match. Expected 'PASS', Got 'NOT-APPLICABLE'Because other rhcos4 rules are passing, I wonder if we have an issue with installing usbguard? Does the rule pass manually for you?
Yes, this rule passes manually for me
@xiaojiey: The label(s) qe-approved cannot be applied, because the repository doesn't have them.
In response to this:
/label qe-approved
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
test cases details could be seen from: https://url.corp.redhat.com/8162b96 @Vincent056 Could you please help to review? Thanks.
test cases details could be seen from: https://url.corp.redhat.com/8162b96 @Vincent056 Could you please help to review? Thanks.
Thanks for adding the test case, it looks good to me
thank you, tested manually. As I said in the other PR, let's add a card and disable the offending test for now