OCPBUGS-17828 Improve ocp4-cis-scc-limit-container-allowed-capabiliti…

…es instructions Update the ocil so the instruction for rule ocp4-cis-scc-limit-container-allowed-capabilities is correctly rendered
ComplianceAsCode · Jun 17, 2024 · fafd758 · fafd758
1 parent 3363a2e
commit fafd758
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/applications/openshift/scc/scc_limit_container_allowed_capabilities/rule.yml b/applications/openshift/scc/scc_limit_container_allowed_capabilities/rule.yml
@@ -25,10 +25,10 @@ description: |-
     spec:
       description: Allows an additional scc
       setValues:
-      - name: upstream-ocp4-var-sccs-with-allowed-capabilities-regex
+      - name: ocp4-var-sccs-with-allowed-capabilities-regex
         rationale: Allow our own custom SCC
         value: ^privileged$|^hostnetwork-v2$|^restricted-v2$|^nonroot-v2$|^additional$
-      extends: upstream-ocp4-cis
+      extends: ocp4-cis
       title: Modified CIS allowing one more SCC
     </pre>
     <p>
@@ -65,7 +65,7 @@ ocil: |-
     check the variable value, e.g:
     <pre>$ oc get variable ocp4-var-sccs-with-allowed-capabilities-regex  -ojsonpath='{.value}' </pre>
     Then use following command to list the SCCs that would fail the test:
-    <pre>$ oc get scc -o json | jq '{{{ jqfilter }}}'</pre>
+    <tt>{{{ ocil_oc_pipe_jq_filter('scc', networkpolicies_for_non_ctlplane_namespaces_filter) }}}</tt>
     Please replace the regular expression in the test command with the value read from the variable
     <pre>ocp4-var-sccs-with-allowed-capabilities-regex</pre>. You can read the variable
     value with: