Skip to content

Commit 2186746

Browse files
rhmdndrhmdnd
committed
Add kubelet tls ingresscontroller rule to CIS benchmarks
This rule was originally written for CIS benchmarks, but somewhere along the way it was refactored out. This could have been due to a re-indexing of the controls from the benchmark. This commit adds the rule back into the CIS profiles so that it's run with all supports CIS benchmarks. We should be able to prevent against regressions by including it to the e2e rule assertion files.
1 parent 79db347 commit 2186746

File tree

6 files changed

+16
-0
lines changed

6 files changed

+16
-0
lines changed

controls/cis_ocp_1_4_0/section-4.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -157,5 +157,6 @@ controls:
157157
status: automated
158158
rules:
159159
- kubelet_configure_tls_cipher_suites
160+
- kubelet_configure_tls_cipher_suites_ingresscontroller
160161
levels: [ level_1, ]
161162

tests/assertions/ocp4/ocp4-cis-4.12.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,9 @@ rule_results:
8989
e2e-cis-api-server-kubelet-client-key-pre-4-9:
9090
default_result: NOT-APPLICABLE
9191
result_after_remediation: NOT-APPLICABLE
92+
e2e-cis-kubelet-configure-tls-cipher-suites-ingresscontroller:
93+
default_result: FAIL
94+
result_after_remediation: PASS
9295
e2e-cis-api-server-oauth-https-serving-cert:
9396
default_result: PASS
9497
result_after_remediation: PASS

tests/assertions/ocp4/ocp4-cis-4.13.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -87,6 +87,9 @@ rule_results:
8787
e2e-cis-api-server-kubelet-client-key-pre-4-9:
8888
default_result: NOT-APPLICABLE
8989
result_after_remediation: NOT-APPLICABLE
90+
e2e-cis-kubelet-configure-tls-cipher-suites-ingresscontroller:
91+
default_result: FAIL
92+
result_after_remediation: PASS
9093
e2e-cis-api-server-oauth-https-serving-cert:
9194
default_result: PASS
9295
result_after_remediation: PASS

tests/assertions/ocp4/ocp4-cis-4.14.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -87,6 +87,9 @@ rule_results:
8787
e2e-cis-api-server-kubelet-client-key-pre-4-9:
8888
default_result: NOT-APPLICABLE
8989
result_after_remediation: NOT-APPLICABLE
90+
e2e-cis-kubelet-configure-tls-cipher-suites-ingresscontroller:
91+
default_result: FAIL
92+
result_after_remediation: PASS
9093
e2e-cis-api-server-oauth-https-serving-cert:
9194
default_result: PASS
9295
result_after_remediation: PASS

tests/assertions/ocp4/ocp4-cis-4.15.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,9 @@ rule_results:
8989
e2e-cis-api-server-kubelet-client-key-pre-4-9:
9090
default_result: NOT-APPLICABLE
9191
result_after_remediation: NOT-APPLICABLE
92+
e2e-cis-kubelet-configure-tls-cipher-suites-ingresscontroller:
93+
default_result: FAIL
94+
result_after_remediation: PASS
9295
e2e-cis-api-server-oauth-https-serving-cert:
9396
default_result: PASS
9497
result_after_remediation: PASS

tests/assertions/ocp4/ocp4-cis-4.16.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -207,6 +207,9 @@ rule_results:
207207
e2e-cis-kubelet-disable-readonly-port:
208208
default_result: PASS
209209
result_after_remediation: PASS
210+
e2e-cis-kubelet-configure-tls-cipher-suites-ingresscontroller:
211+
default_result: FAIL
212+
result_after_remediation: PASS
210213
e2e-cis-ocp-allowed-registries:
211214
default_result: FAIL
212215
e2e-cis-ocp-allowed-registries-for-import:

0 commit comments

Comments
 (0)