Add PCI-DSS v4.0 assertion files #12311
Conversation
|
Start a new ephemeral environment with changes proposed in this pull request: Fedora Environment Oracle Linux 8 Environment |
yuumasato
force-pushed
the
add-pci-dss-v4.0-assertion-files
branch
from
98d4f52
to
31043d5
Compare
|
🤖 A k8s content image for this PR is available at: Click here to see how to deploy itIf you alread have Compliance Operator deployed: Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and: |
|
/test 4.13-e2e-aws-ocp4-pci-dss-4-0 |
|
/test |
|
@rhmdnd: The
Use
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/test 4.13-e2e-aws-ocp4-pci-dss-4-0 |
|
/test 4.14-e2e-aws-ocp4-pci-dss-node-4-0 |
yuumasato
force-pushed
the
add-pci-dss-v4.0-assertion-files
branch
from
31043d5
to
0b5e34f
Compare
|
/test 4.13-e2e-aws-ocp4-pci-dss-4-0 |
|
The e2e failures are due to the SPO remediation script not being executable. I proposed a quick fix in #12315 |
rhmdnd
force-pushed
the
add-pci-dss-v4.0-assertion-files
branch
from
0b5e34f
to
c7d7d35
Compare
|
Rebased to pickup the fix in #12315 |
|
/test 4.13-e2e-aws-ocp4-pci-dss-4-0 |
yuumasato
force-pushed
the
add-pci-dss-v4.0-assertion-files
branch
from
c7d7d35
to
7f750af
Compare
|
/test 4.13-e2e-aws-ocp4-pci-dss-4-0 |
|
One minor tweak and we should get a clean e2e run for the PCI-DSS profile. |
These rules are valid and still work on 4.17. The platform notation needs improvements, but this is left for another PR.
Assertion files for pci-dss-4-0 and pci-dss-node-4-0 on ocp > 4.12
The manual remediation was recently fixed. These rules are noow passing after manual remediaiton.
The rule was recently updated to check for a new path on 4.17.
yuumasato
force-pushed
the
add-pci-dss-v4.0-assertion-files
branch
from
7f750af
to
efc1483
Compare
|
/test 4.13-e2e-aws-ocp4-pci-dss-4-0 |
|
Code Climate has analyzed commit efc1483 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 59.4% (0.0% change). View more on Code Climate. |
We recently enabled these rules for 4.17, but didn't update the 4.17 assertion files for STIG, FedRAMP High, FedRAMP Moderate, or CIS. This commit does that so that so the tests assert the correct behavior on 4.17. ComplianceAsCode#12311
We recently enabled these rules for 4.17, but didn't update the 4.17 assertion files for FedRAMP High, FedRAMP Moderate, PCI-DSS, or CIS. This commit does that so that so the tests assert the correct behavior on 4.17. ComplianceAsCode#12311
We recently enabled these rules for 4.17, but didn't update the 4.17 assertion files for FedRAMP High, FedRAMP Moderate, PCI-DSS, or CIS. This commit does that so that so the tests assert the correct behavior on 4.17. ComplianceAsCode#12311
Description:
api_server_kubelet_client_certapi_server_kubelet_client_keykubelet_configure_tls_certkubelet_configure_tls_keyRationale:
Notes