From 97bf29d8a13482496159bd66f4b84c0cdc8877da Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Mon, 9 Sep 2024 11:37:29 -0700 Subject: [PATCH 1/2] Update assertions for 4.15 cni conf permissions A change in file permissions landed in 4.15, requiring us to update assertions for `file-permissions-cni-conf`. --- tests/assertions/ocp4/ocp4-cis-node-4.15.yml | 4 ++-- tests/assertions/ocp4/ocp4-high-node-4.15.yml | 4 ++-- tests/assertions/ocp4/ocp4-moderate-node-4.15.yml | 4 ++-- tests/assertions/ocp4/ocp4-pci-dss-node-4-0-4.15.yml | 4 ++-- tests/assertions/ocp4/ocp4-pci-dss-node-4.15.yml | 4 ++-- tests/assertions/ocp4/ocp4-stig-node-4.15.yml | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/tests/assertions/ocp4/ocp4-cis-node-4.15.yml b/tests/assertions/ocp4/ocp4-cis-node-4.15.yml index aed0f223758..7b32115fae7 100644 --- a/tests/assertions/ocp4/ocp4-cis-node-4.15.yml +++ b/tests/assertions/ocp4/ocp4-cis-node-4.15.yml @@ -116,7 +116,7 @@ rule_results: e2e-cis-node-master-file-owner-worker-service: default_result: PASS e2e-cis-node-master-file-permissions-cni-conf: - default_result: FAIL + default_result: PASS e2e-cis-node-master-file-permissions-controller-manager-kubeconfig: default_result: PASS e2e-cis-node-master-file-permissions-etcd-data-dir: @@ -316,7 +316,7 @@ rule_results: e2e-cis-node-worker-file-owner-worker-service: default_result: PASS e2e-cis-node-worker-file-permissions-cni-conf: - default_result: FAIL + default_result: PASS e2e-cis-node-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE e2e-cis-node-worker-file-permissions-etcd-data-dir: diff --git a/tests/assertions/ocp4/ocp4-high-node-4.15.yml b/tests/assertions/ocp4/ocp4-high-node-4.15.yml index b36222caf9e..e578bc5784d 100644 --- a/tests/assertions/ocp4/ocp4-high-node-4.15.yml +++ b/tests/assertions/ocp4/ocp4-high-node-4.15.yml @@ -197,7 +197,7 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-high-node-master-file-permissions-cni-conf: - default_result: FAIL + default_result: PASS e2e-high-node-master-file-permissions-controller-manager-kubeconfig: default_result: PASS result_after_remediation: PASS @@ -548,7 +548,7 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-high-node-worker-file-permissions-cni-conf: - default_result: FAIL + default_result: PASS e2e-high-node-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE diff --git a/tests/assertions/ocp4/ocp4-moderate-node-4.15.yml b/tests/assertions/ocp4/ocp4-moderate-node-4.15.yml index 8d362038d39..689ca7fd9f1 100644 --- a/tests/assertions/ocp4/ocp4-moderate-node-4.15.yml +++ b/tests/assertions/ocp4/ocp4-moderate-node-4.15.yml @@ -197,7 +197,7 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-moderate-node-master-file-permissions-cni-conf: - default_result: FAIL + default_result: PASS e2e-moderate-node-master-file-permissions-controller-manager-kubeconfig: default_result: PASS result_after_remediation: PASS @@ -548,7 +548,7 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-moderate-node-worker-file-permissions-cni-conf: - default_result: FAIL + default_result: PASS e2e-moderate-node-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE diff --git a/tests/assertions/ocp4/ocp4-pci-dss-node-4-0-4.15.yml b/tests/assertions/ocp4/ocp4-pci-dss-node-4-0-4.15.yml index dc7551d9735..96e70bc0462 100644 --- a/tests/assertions/ocp4/ocp4-pci-dss-node-4-0-4.15.yml +++ b/tests/assertions/ocp4/ocp4-pci-dss-node-4-0-4.15.yml @@ -201,7 +201,7 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-pci-dss-node-4-0-master-file-permissions-cni-conf: - default_result: FAIL + default_result: PASS result_after_remediation: FAIL e2e-pci-dss-node-4-0-master-file-permissions-controller-manager-kubeconfig: default_result: PASS @@ -543,7 +543,7 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-pci-dss-node-4-0-worker-file-permissions-cni-conf: - default_result: FAIL + default_result: PASS result_after_remediation: FAIL e2e-pci-dss-node-4-0-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE diff --git a/tests/assertions/ocp4/ocp4-pci-dss-node-4.15.yml b/tests/assertions/ocp4/ocp4-pci-dss-node-4.15.yml index 4b62196d73e..0870e9f36bf 100644 --- a/tests/assertions/ocp4/ocp4-pci-dss-node-4.15.yml +++ b/tests/assertions/ocp4/ocp4-pci-dss-node-4.15.yml @@ -128,7 +128,7 @@ rule_results: e2e-pci-dss-node-master-file-ownership-var-log-ocp-audit: default_result: PASS e2e-pci-dss-node-master-file-permissions-cni-conf: - default_result: FAIL + default_result: PASS e2e-pci-dss-node-master-file-permissions-controller-manager-kubeconfig: default_result: PASS e2e-pci-dss-node-master-file-permissions-etcd-data-dir: @@ -355,7 +355,7 @@ rule_results: e2e-pci-dss-node-worker-file-ownership-var-log-ocp-audit: default_result: NOT-APPLICABLE e2e-pci-dss-node-worker-file-permissions-cni-conf: - default_result: FAIL + default_result: PASS e2e-pci-dss-node-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE e2e-pci-dss-node-worker-file-permissions-etcd-data-dir: diff --git a/tests/assertions/ocp4/ocp4-stig-node-4.15.yml b/tests/assertions/ocp4/ocp4-stig-node-4.15.yml index efbb9ff9c35..86b58b02819 100644 --- a/tests/assertions/ocp4/ocp4-stig-node-4.15.yml +++ b/tests/assertions/ocp4/ocp4-stig-node-4.15.yml @@ -173,7 +173,7 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-stig-node-master-file-permissions-cni-conf: - default_result: FAIL + default_result: PASS e2e-stig-node-master-file-permissions-controller-manager-kubeconfig: default_result: PASS result_after_remediation: PASS @@ -484,7 +484,7 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-stig-node-worker-file-permissions-cni-conf: - default_result: FAIL + default_result: PASS e2e-stig-node-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE From 279dc69be64e922a47a2b2352ad71dae6ad75aae Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Mon, 9 Sep 2024 11:59:07 -0700 Subject: [PATCH 2/2] Update assertions for 4.14 cni conf permissions Update assertions for `file-permissions-cni-conf`. This follows a backport to change file permissions owned by the cluster network operator. --- tests/assertions/ocp4/ocp4-cis-node-4.14.yml | 4 ++-- tests/assertions/ocp4/ocp4-high-node-4.14.yml | 4 ++-- tests/assertions/ocp4/ocp4-moderate-node-4.14.yml | 4 ++-- tests/assertions/ocp4/ocp4-pci-dss-node-4-0-4.14.yml | 4 ++-- tests/assertions/ocp4/ocp4-pci-dss-node-4.14.yml | 4 ++-- tests/assertions/ocp4/ocp4-stig-node-4.14.yml | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/tests/assertions/ocp4/ocp4-cis-node-4.14.yml b/tests/assertions/ocp4/ocp4-cis-node-4.14.yml index aed0f223758..7b32115fae7 100644 --- a/tests/assertions/ocp4/ocp4-cis-node-4.14.yml +++ b/tests/assertions/ocp4/ocp4-cis-node-4.14.yml @@ -116,7 +116,7 @@ rule_results: e2e-cis-node-master-file-owner-worker-service: default_result: PASS e2e-cis-node-master-file-permissions-cni-conf: - default_result: FAIL + default_result: PASS e2e-cis-node-master-file-permissions-controller-manager-kubeconfig: default_result: PASS e2e-cis-node-master-file-permissions-etcd-data-dir: @@ -316,7 +316,7 @@ rule_results: e2e-cis-node-worker-file-owner-worker-service: default_result: PASS e2e-cis-node-worker-file-permissions-cni-conf: - default_result: FAIL + default_result: PASS e2e-cis-node-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE e2e-cis-node-worker-file-permissions-etcd-data-dir: diff --git a/tests/assertions/ocp4/ocp4-high-node-4.14.yml b/tests/assertions/ocp4/ocp4-high-node-4.14.yml index b36222caf9e..e578bc5784d 100644 --- a/tests/assertions/ocp4/ocp4-high-node-4.14.yml +++ b/tests/assertions/ocp4/ocp4-high-node-4.14.yml @@ -197,7 +197,7 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-high-node-master-file-permissions-cni-conf: - default_result: FAIL + default_result: PASS e2e-high-node-master-file-permissions-controller-manager-kubeconfig: default_result: PASS result_after_remediation: PASS @@ -548,7 +548,7 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-high-node-worker-file-permissions-cni-conf: - default_result: FAIL + default_result: PASS e2e-high-node-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE diff --git a/tests/assertions/ocp4/ocp4-moderate-node-4.14.yml b/tests/assertions/ocp4/ocp4-moderate-node-4.14.yml index 8d362038d39..689ca7fd9f1 100644 --- a/tests/assertions/ocp4/ocp4-moderate-node-4.14.yml +++ b/tests/assertions/ocp4/ocp4-moderate-node-4.14.yml @@ -197,7 +197,7 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-moderate-node-master-file-permissions-cni-conf: - default_result: FAIL + default_result: PASS e2e-moderate-node-master-file-permissions-controller-manager-kubeconfig: default_result: PASS result_after_remediation: PASS @@ -548,7 +548,7 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-moderate-node-worker-file-permissions-cni-conf: - default_result: FAIL + default_result: PASS e2e-moderate-node-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE diff --git a/tests/assertions/ocp4/ocp4-pci-dss-node-4-0-4.14.yml b/tests/assertions/ocp4/ocp4-pci-dss-node-4-0-4.14.yml index dc7551d9735..96e70bc0462 100644 --- a/tests/assertions/ocp4/ocp4-pci-dss-node-4-0-4.14.yml +++ b/tests/assertions/ocp4/ocp4-pci-dss-node-4-0-4.14.yml @@ -201,7 +201,7 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-pci-dss-node-4-0-master-file-permissions-cni-conf: - default_result: FAIL + default_result: PASS result_after_remediation: FAIL e2e-pci-dss-node-4-0-master-file-permissions-controller-manager-kubeconfig: default_result: PASS @@ -543,7 +543,7 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-pci-dss-node-4-0-worker-file-permissions-cni-conf: - default_result: FAIL + default_result: PASS result_after_remediation: FAIL e2e-pci-dss-node-4-0-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE diff --git a/tests/assertions/ocp4/ocp4-pci-dss-node-4.14.yml b/tests/assertions/ocp4/ocp4-pci-dss-node-4.14.yml index 4b62196d73e..0870e9f36bf 100644 --- a/tests/assertions/ocp4/ocp4-pci-dss-node-4.14.yml +++ b/tests/assertions/ocp4/ocp4-pci-dss-node-4.14.yml @@ -128,7 +128,7 @@ rule_results: e2e-pci-dss-node-master-file-ownership-var-log-ocp-audit: default_result: PASS e2e-pci-dss-node-master-file-permissions-cni-conf: - default_result: FAIL + default_result: PASS e2e-pci-dss-node-master-file-permissions-controller-manager-kubeconfig: default_result: PASS e2e-pci-dss-node-master-file-permissions-etcd-data-dir: @@ -355,7 +355,7 @@ rule_results: e2e-pci-dss-node-worker-file-ownership-var-log-ocp-audit: default_result: NOT-APPLICABLE e2e-pci-dss-node-worker-file-permissions-cni-conf: - default_result: FAIL + default_result: PASS e2e-pci-dss-node-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE e2e-pci-dss-node-worker-file-permissions-etcd-data-dir: diff --git a/tests/assertions/ocp4/ocp4-stig-node-4.14.yml b/tests/assertions/ocp4/ocp4-stig-node-4.14.yml index efbb9ff9c35..86b58b02819 100644 --- a/tests/assertions/ocp4/ocp4-stig-node-4.14.yml +++ b/tests/assertions/ocp4/ocp4-stig-node-4.14.yml @@ -173,7 +173,7 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-stig-node-master-file-permissions-cni-conf: - default_result: FAIL + default_result: PASS e2e-stig-node-master-file-permissions-controller-manager-kubeconfig: default_result: PASS result_after_remediation: PASS @@ -484,7 +484,7 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-stig-node-worker-file-permissions-cni-conf: - default_result: FAIL + default_result: PASS e2e-stig-node-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE