Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update status for CIS 1.2.31 #12095

Merged
merged 1 commit into from
Aug 8, 2024
Merged

Update status for CIS 1.2.31 #12095

merged 1 commit into from
Aug 8, 2024

Conversation

rhmdnd
Copy link
Collaborator

@rhmdnd rhmdnd commented Jun 26, 2024

We implemented support for checking aesgcm encryption ciphers in
#10974 but never removed
the comment or updated the status in the control file. This commit
updates the status since it's now automated to include both ciphers.

@github-actions GitHub Actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@rhmdnd rhmdnd added OpenShift OpenShift product related. CIS CIS Benchmark related. labels Jun 26, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 26, 2024
edited
Loading

🤖 A k8s content image for this PR is available at:
ghcr.io/complianceascode/k8scontent:12095
This image was built from commit: 61a3a48

Click here to see how to deploy it

If you alread have Compliance Operator deployed:
utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:12095

Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and:
CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:12095 make deploy-local

@yuumasato yuumasato self-assigned this Jun 28, 2024
@yuumasato yuumasato added this to the 0.1.74 milestone Jun 28, 2024
@yuumasato
Copy link
Member

@rhmdnd You'll need to rebase to latest master for testing-farm:centos-stream-9-x86_64:/static-checks to pass.

@BhargaviGudi
Copy link
Collaborator

Verification passed with 4.17.0-0.nightly-2024-07-01-221530 + compliance-operator + pr #12095

$ oc get pb
NAME              CONTENTIMAGE                                 CONTENTFILE         STATUS
ocp4              ghcr.io/complianceascode/k8scontent:latest   ssg-ocp4-ds.xml     VALID
rhcos4            ghcr.io/complianceascode/k8scontent:latest   ssg-rhcos4-ds.xml   VALID
upstream-ocp4     ghcr.io/complianceascode/k8scontent:12095    ssg-ocp4-ds.xml     VALID
upstream-rhcos4   ghcr.io/complianceascode/k8scontent:12095    ssg-rhcos4-ds.xml   VALID
$ oc compliance bind -N test -S default-auto-apply profile/upstream-ocp4-cis
Creating ScanSettingBinding test
$ oc get scan
NAME                PHASE   RESULT
upstream-ocp4-cis   DONE    NON-COMPLIANT
$ oc get suite
NAME   PHASE   RESULT
test   DONE    NON-COMPLIANT
$ oc get ccr | grep api-server-encryption-provider-cipher
upstream-ocp4-cis-api-server-encryption-provider-cipher                    FAIL     medium
$ oc compliance rerun-now scansettingbinding test
Rerunning scans from 'test': upstream-ocp4-cis
Re-running scan 'openshift-compliance/upstream-ocp4-cis'
$ oc get ccr | grep api-server-encryption-provider-cipher
upstream-ocp4-cis-api-server-encryption-provider-cipher                    PASS     medium

@BhargaviGudi
Copy link
Collaborator

/lgtm

@Mab879
Copy link
Member

Mab879 commented Jul 9, 2024

@rhmdnd @yuumasato can this be merged?

@yuumasato
Copy link
Member

@Mab879 go ahead if you are okay with overriding testing-farm:centos-stream-9-x86_64:/static-checks.

@Mab879
Copy link
Member

Mab879 commented Jul 9, 2024

@Mab879 go ahead if you are okay with overriding testing-farm:centos-stream-9-x86_64:/static-checks.

Ah I missed that in the sea of tests, a simple rebase should fix it.

@Mab879 Mab879 modified the milestones: 0.1.74, 0.1.75 Jul 29, 2024
@rhmdnd
Update status for CIS 1.2.31
61a3a48 
We implemented support for checking aesgcm encryption ciphers in
ComplianceAsCode#10974 but never removed
the comment or updated the status in the control file. This commit
updates the status since it's now automated to include both ciphers.
@rhmdnd rhmdnd force-pushed the update-cis-1.2.31 branch from 7049b4f to 61a3a48 Compare July 30, 2024 22:43
@rhmdnd
Copy link
Collaborator Author

rhmdnd commented Jul 30, 2024

@Mab879 @yuumasato should be ready for another look.

@codeclimate CodeClimate
Copy link

codeclimate bot commented Jul 30, 2024

Code Climate has analyzed commit 61a3a48 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 59.4% (0.0% change).

View more on Code Climate.

@rhmdnd
Copy link
Collaborator Author

rhmdnd commented Jul 31, 2024

/test 4.14-images
/test images

Timed out on registry issues.

@rhmdnd
Copy link
Collaborator Author

rhmdnd commented Aug 8, 2024

/test 4.14-images

@rhmdnd rhmdnd merged commit b97b3c6 into ComplianceAsCode:master Aug 8, 2024
96 of 97 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuumasato yuumasato yuumasato approved these changes

@Vincent056 Vincent056 Awaiting requested review from Vincent056

@xiaojiey xiaojiey Awaiting requested review from xiaojiey

@BhargaviGudi BhargaviGudi Awaiting requested review from BhargaviGudi

Assignees

@yuumasato yuumasato

Labels
CIS CIS Benchmark related. OpenShift OpenShift product related.
Projects
None yet
Milestone
0.1.75
Development

Successfully merging this pull request may close these issues.
4 participants
@rhmdnd @yuumasato @BhargaviGudi @Mab879