From 7649cf617fc10ea0593e981f95d57260d00c6d1d Mon Sep 17 00:00:00 2001 From: Vincent Shen Date: Wed, 27 Mar 2024 03:35:43 -0700 Subject: [PATCH] OCP4: Fix rules with both platform and platforms We have two rules that contains both platforms and platform in the rule file, this PR fixes that. --- .../api-server/api_server_api_priority_gate_enabled/rule.yml | 5 ++--- .../api_server_api_priority_gate_enabled/tests/ocp4/4.12.yml | 3 +++ .../api_server_api_priority_gate_enabled/tests/ocp4/4.13.yml | 3 +++ .../api_server_api_priority_gate_enabled/tests/ocp4/4.14.yml | 3 +++ .../api_server_api_priority_gate_enabled/tests/ocp4/4.15.yml | 3 +++ .../api_server_api_priority_gate_enabled/tests/ocp4/4.16.yml | 3 +++ .../openshift/scheduler/scheduler_no_bind_address/rule.yml | 5 +---- .../scheduler/scheduler_no_bind_address/tests/ocp4/4.14.yml | 3 +++ .../scheduler/scheduler_no_bind_address/tests/ocp4/4.15.yml | 3 +++ .../scheduler/scheduler_no_bind_address/tests/ocp4/4.16.yml | 3 +++ 10 files changed, 27 insertions(+), 7 deletions(-) create mode 100644 applications/openshift/api-server/api_server_api_priority_gate_enabled/tests/ocp4/4.12.yml create mode 100644 applications/openshift/api-server/api_server_api_priority_gate_enabled/tests/ocp4/4.13.yml create mode 100644 applications/openshift/api-server/api_server_api_priority_gate_enabled/tests/ocp4/4.14.yml create mode 100644 applications/openshift/api-server/api_server_api_priority_gate_enabled/tests/ocp4/4.15.yml create mode 100644 applications/openshift/api-server/api_server_api_priority_gate_enabled/tests/ocp4/4.16.yml create mode 100644 applications/openshift/scheduler/scheduler_no_bind_address/tests/ocp4/4.14.yml create mode 100644 applications/openshift/scheduler/scheduler_no_bind_address/tests/ocp4/4.15.yml create mode 100644 applications/openshift/scheduler/scheduler_no_bind_address/tests/ocp4/4.16.yml diff --git a/applications/openshift/api-server/api_server_api_priority_gate_enabled/rule.yml b/applications/openshift/api-server/api_server_api_priority_gate_enabled/rule.yml index ded1dfa9015..1084c88c32e 100644 --- a/applications/openshift/api-server/api_server_api_priority_gate_enabled/rule.yml +++ b/applications/openshift/api-server/api_server_api_priority_gate_enabled/rule.yml @@ -28,8 +28,7 @@ rationale: |- identifiers: cce@ocp4: CCE-83656-9 -platforms: - - ocp4.6 + severity: medium @@ -40,7 +39,7 @@ references: pcidss: Req-2.2 srg: SRG-APP-000516-CTR-001325 -platform: not ocp4-on-hypershift-hosted +platform: not ocp4-on-hypershift-hosted and ocp4.6 ocil_clause: '.apiServerArguments["feature-gates"] does not include APIPriorityAndFairness' diff --git a/applications/openshift/api-server/api_server_api_priority_gate_enabled/tests/ocp4/4.12.yml b/applications/openshift/api-server/api_server_api_priority_gate_enabled/tests/ocp4/4.12.yml new file mode 100644 index 00000000000..26875d6e9f6 --- /dev/null +++ b/applications/openshift/api-server/api_server_api_priority_gate_enabled/tests/ocp4/4.12.yml @@ -0,0 +1,3 @@ +--- +default_result: NOT-APPLICABLE + diff --git a/applications/openshift/api-server/api_server_api_priority_gate_enabled/tests/ocp4/4.13.yml b/applications/openshift/api-server/api_server_api_priority_gate_enabled/tests/ocp4/4.13.yml new file mode 100644 index 00000000000..26875d6e9f6 --- /dev/null +++ b/applications/openshift/api-server/api_server_api_priority_gate_enabled/tests/ocp4/4.13.yml @@ -0,0 +1,3 @@ +--- +default_result: NOT-APPLICABLE + diff --git a/applications/openshift/api-server/api_server_api_priority_gate_enabled/tests/ocp4/4.14.yml b/applications/openshift/api-server/api_server_api_priority_gate_enabled/tests/ocp4/4.14.yml new file mode 100644 index 00000000000..26875d6e9f6 --- /dev/null +++ b/applications/openshift/api-server/api_server_api_priority_gate_enabled/tests/ocp4/4.14.yml @@ -0,0 +1,3 @@ +--- +default_result: NOT-APPLICABLE + diff --git a/applications/openshift/api-server/api_server_api_priority_gate_enabled/tests/ocp4/4.15.yml b/applications/openshift/api-server/api_server_api_priority_gate_enabled/tests/ocp4/4.15.yml new file mode 100644 index 00000000000..26875d6e9f6 --- /dev/null +++ b/applications/openshift/api-server/api_server_api_priority_gate_enabled/tests/ocp4/4.15.yml @@ -0,0 +1,3 @@ +--- +default_result: NOT-APPLICABLE + diff --git a/applications/openshift/api-server/api_server_api_priority_gate_enabled/tests/ocp4/4.16.yml b/applications/openshift/api-server/api_server_api_priority_gate_enabled/tests/ocp4/4.16.yml new file mode 100644 index 00000000000..26875d6e9f6 --- /dev/null +++ b/applications/openshift/api-server/api_server_api_priority_gate_enabled/tests/ocp4/4.16.yml @@ -0,0 +1,3 @@ +--- +default_result: NOT-APPLICABLE + diff --git a/applications/openshift/scheduler/scheduler_no_bind_address/rule.yml b/applications/openshift/scheduler/scheduler_no_bind_address/rule.yml index 1390bc4647d..120d09335f4 100644 --- a/applications/openshift/scheduler/scheduler_no_bind_address/rule.yml +++ b/applications/openshift/scheduler/scheduler_no_bind_address/rule.yml @@ -35,12 +35,9 @@ references: identifiers: cce@ocp4: CCE-83674-2 -platforms: - - ocp4.8 or ocp4.9 - severity: medium -platform: not ocp4-on-hypershift-hosted +platform: not ocp4-on-hypershift-hosted and (ocp4.8 or ocp4.9) ocil_clause: 'kube-scheduler-pod sets --bind-address' diff --git a/applications/openshift/scheduler/scheduler_no_bind_address/tests/ocp4/4.14.yml b/applications/openshift/scheduler/scheduler_no_bind_address/tests/ocp4/4.14.yml new file mode 100644 index 00000000000..26875d6e9f6 --- /dev/null +++ b/applications/openshift/scheduler/scheduler_no_bind_address/tests/ocp4/4.14.yml @@ -0,0 +1,3 @@ +--- +default_result: NOT-APPLICABLE + diff --git a/applications/openshift/scheduler/scheduler_no_bind_address/tests/ocp4/4.15.yml b/applications/openshift/scheduler/scheduler_no_bind_address/tests/ocp4/4.15.yml new file mode 100644 index 00000000000..26875d6e9f6 --- /dev/null +++ b/applications/openshift/scheduler/scheduler_no_bind_address/tests/ocp4/4.15.yml @@ -0,0 +1,3 @@ +--- +default_result: NOT-APPLICABLE + diff --git a/applications/openshift/scheduler/scheduler_no_bind_address/tests/ocp4/4.16.yml b/applications/openshift/scheduler/scheduler_no_bind_address/tests/ocp4/4.16.yml new file mode 100644 index 00000000000..26875d6e9f6 --- /dev/null +++ b/applications/openshift/scheduler/scheduler_no_bind_address/tests/ocp4/4.16.yml @@ -0,0 +1,3 @@ +--- +default_result: NOT-APPLICABLE +