-
Notifications
You must be signed in to change notification settings - Fork 685
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added a new rule accounts_password_set_warn_age_existing #10006
Added a new rule accounts_password_set_warn_age_existing #10006
Conversation
Hi @rumch-se. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
47c5977
to
2a16324
Compare
2a16324
to
75ccb1b
Compare
...s/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml
Outdated
Show resolved
Hide resolved
...s/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml
Show resolved
Hide resolved
...-restrictions/password_expiration/accounts_password_set_warn_age_existing/ansible/shared.yml
Outdated
Show resolved
Hide resolved
...-restrictions/password_expiration/accounts_password_set_warn_age_existing/ansible/shared.yml
Show resolved
Hide resolved
...nts-restrictions/password_expiration/accounts_password_set_warn_age_existing/oval/shared.xml
Outdated
Show resolved
Hide resolved
...word_expiration/accounts_password_set_warn_age_existing/tests/incorrect_pas_warn_age.fail.sh
Outdated
Show resolved
Hide resolved
...s/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml
Outdated
Show resolved
Hide resolved
...-restrictions/password_expiration/accounts_password_set_warn_age_existing/ansible/shared.yml
Outdated
Show resolved
Hide resolved
...s/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml
Outdated
Show resolved
Hide resolved
...ssword_expiration/accounts_password_set_warn_age_existing/tests/correct_pas_warn_age.pass.sh
Outdated
Show resolved
Hide resolved
Besides the comments, also rebase and resolve the conflict, please. |
75ccb1b
to
d9061bd
Compare
d9061bd
to
04cdada
Compare
Hello @marcusburghardt Thank you for your feedback. |
...s/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml
Outdated
Show resolved
Hide resolved
ocil: |- | ||
Verify that {{{ full_name }}} has configured the warning that a password will be expiring for each user account | ||
is number of days or greater, according to the days specified with the variable | ||
var_accounts_password_warn_age_login_defs, with the following command: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also here, I believe the previous text was better. It was only necessary to change 7
by {{{ xccdf_value("var_accounts_password_warn_age_login_defs") }}}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here was not updated in the last commit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rumch-se , did you note this comment from my first review? We already know the value of var_accounts_password_warn_age_login_defs
at this point. So, we can inform the value itself instead of mentioning the variable name literally. If the user is reading this, he has to stop the flow and go to another place to consult the variable value. I believe this experience is improved by promptly providing the necessary information. This is also valid for the description.
...s/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml
Outdated
Show resolved
Hide resolved
...s/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml
Outdated
Show resolved
Hide resolved
Hello @marcusburghardt The proposed changes were done. |
...s/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml
Outdated
Show resolved
Hide resolved
...s/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are still some small details pending from the last review.
ocil: |- | ||
Verify that {{{ full_name }}} has configured the warning that a password will be expiring for each user account | ||
is number of days or greater, according to the days specified with the variable | ||
var_accounts_password_warn_age_login_defs, with the following command: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here was not updated in the last commit.
...s/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml
Outdated
Show resolved
Hide resolved
Hello @marcusburghardt I hope that now the last commit is correct 3342b9b Have a nice day |
...s/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml
Outdated
Show resolved
Hide resolved
Hello @marcusburghardt $ sudo chage --warndays $var_accounts_password_warn_age_login_defs USER |
Hi @rumch-se , this approach of explicitly informing the variable name in the rule description and other sections is not wrong, but is not a practice in the project. I would recommend to keep this rule aligned to the project practices. It would also make the description shorter and easier to read, IMO. Please, take a look in some examples of rules which uses a variable to dynamically render the description and other sections: |
Hello @marcusburghardt |
Code Climate has analyzed commit b02737e and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 51.7% (2.2% change). View more on Code Climate. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the rule @rumch-se .
Automatus CS8 and CS9 are failing because the rule is restricted to sle products in its |
Overriding CODEOWNERS since a SUSE approver is not currently available. |
Description:
Rationale: