From c84045d66f1fce14e0f45413ba0c6d754df28d03 Mon Sep 17 00:00:00 2001 From: Lance Bragstad Date: Fri, 3 Oct 2025 22:47:31 -0500 Subject: [PATCH] CMP-3540: Remove SDN proxy kubeconfig assertions from 4.17+ assertion files OpenShift uses OVN Kubernetes on 4.17, and the SDN rules are not applicable in those versions such that they're not run in profiles that use them. This commit removes the assertions that expect them to be there on those versions. --- tests/assertions/ocp4/ocp4-cis-4.17.yml | 3 --- tests/assertions/ocp4/ocp4-cis-4.18.yml | 6 ------ tests/assertions/ocp4/ocp4-high-4.17.yml | 6 ------ tests/assertions/ocp4/ocp4-high-4.18.yml | 6 ------ tests/assertions/ocp4/ocp4-moderate-4.17.yml | 6 ------ tests/assertions/ocp4/ocp4-moderate-4.18.yml | 6 ------ tests/assertions/ocp4/ocp4-pci-dss-4-0-4.17.yml | 6 ------ tests/assertions/ocp4/ocp4-pci-dss-4-0-4.18.yml | 6 ------ tests/assertions/ocp4/ocp4-pci-dss-4.17.yml | 6 ------ tests/assertions/ocp4/ocp4-pci-dss-4.18.yml | 6 ------ tests/assertions/ocp4/ocp4-stig-4.17.yml | 6 ------ tests/assertions/ocp4/ocp4-stig-4.18.yml | 6 ------ 12 files changed, 69 deletions(-) diff --git a/tests/assertions/ocp4/ocp4-cis-4.17.yml b/tests/assertions/ocp4/ocp4-cis-4.17.yml index dcec7a24267..49a02f83343 100644 --- a/tests/assertions/ocp4/ocp4-cis-4.17.yml +++ b/tests/assertions/ocp4/ocp4-cis-4.17.yml @@ -185,9 +185,6 @@ rule_results: ocp4-cis-file-owner-proxy-kubeconfig: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE - ocp4-cis-file-permissions-proxy-kubeconfig: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE ocp4-cis-general-apply-scc: default_result: MANUAL result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-cis-4.18.yml b/tests/assertions/ocp4/ocp4-cis-4.18.yml index dcec7a24267..4f5244e601e 100644 --- a/tests/assertions/ocp4/ocp4-cis-4.18.yml +++ b/tests/assertions/ocp4/ocp4-cis-4.18.yml @@ -182,12 +182,6 @@ rule_results: ocp4-cis-file-groupowner-proxy-kubeconfig: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE - ocp4-cis-file-owner-proxy-kubeconfig: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE - ocp4-cis-file-permissions-proxy-kubeconfig: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE ocp4-cis-general-apply-scc: default_result: MANUAL result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-high-4.17.yml b/tests/assertions/ocp4/ocp4-high-4.17.yml index 15f2b5488f1..1430a973ff3 100644 --- a/tests/assertions/ocp4/ocp4-high-4.17.yml +++ b/tests/assertions/ocp4/ocp4-high-4.17.yml @@ -236,12 +236,6 @@ rule_results: ocp4-high-file-integrity-notification-enabled: default_result: FAIL or NOT-APPLICABLE result_after_remediation: PASS or NOT-APPLICABLE - ocp4-high-file-owner-proxy-kubeconfig: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE - ocp4-high-file-permissions-proxy-kubeconfig: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE ocp4-high-fips-mode-enabled-on-all-nodes: default_result: PASS result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-high-4.18.yml b/tests/assertions/ocp4/ocp4-high-4.18.yml index 15f2b5488f1..1430a973ff3 100644 --- a/tests/assertions/ocp4/ocp4-high-4.18.yml +++ b/tests/assertions/ocp4/ocp4-high-4.18.yml @@ -236,12 +236,6 @@ rule_results: ocp4-high-file-integrity-notification-enabled: default_result: FAIL or NOT-APPLICABLE result_after_remediation: PASS or NOT-APPLICABLE - ocp4-high-file-owner-proxy-kubeconfig: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE - ocp4-high-file-permissions-proxy-kubeconfig: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE ocp4-high-fips-mode-enabled-on-all-nodes: default_result: PASS result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-moderate-4.17.yml b/tests/assertions/ocp4/ocp4-moderate-4.17.yml index b5cedaef88e..62c64c513bc 100644 --- a/tests/assertions/ocp4/ocp4-moderate-4.17.yml +++ b/tests/assertions/ocp4/ocp4-moderate-4.17.yml @@ -230,12 +230,6 @@ rule_results: ocp4-moderate-file-integrity-notification-enabled: default_result: FAIL or NOT-APPLICABLE result_after_remediation: PASS or NOT-APPLICABLE - ocp4-moderate-file-owner-proxy-kubeconfig: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE - ocp4-moderate-file-permissions-proxy-kubeconfig: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE ocp4-moderate-fips-mode-enabled-on-all-nodes: default_result: PASS result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-moderate-4.18.yml b/tests/assertions/ocp4/ocp4-moderate-4.18.yml index b5cedaef88e..62c64c513bc 100644 --- a/tests/assertions/ocp4/ocp4-moderate-4.18.yml +++ b/tests/assertions/ocp4/ocp4-moderate-4.18.yml @@ -230,12 +230,6 @@ rule_results: ocp4-moderate-file-integrity-notification-enabled: default_result: FAIL or NOT-APPLICABLE result_after_remediation: PASS or NOT-APPLICABLE - ocp4-moderate-file-owner-proxy-kubeconfig: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE - ocp4-moderate-file-permissions-proxy-kubeconfig: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE ocp4-moderate-fips-mode-enabled-on-all-nodes: default_result: PASS result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-pci-dss-4-0-4.17.yml b/tests/assertions/ocp4/ocp4-pci-dss-4-0-4.17.yml index 7faae2998b0..7c7deadaec2 100644 --- a/tests/assertions/ocp4/ocp4-pci-dss-4-0-4.17.yml +++ b/tests/assertions/ocp4/ocp4-pci-dss-4-0-4.17.yml @@ -197,12 +197,6 @@ rule_results: ocp4-pci-dss-4-0-file-integrity-notification-enabled: default_result: FAIL or NOT-APPLICABLE result_after_remediation: PASS or NOT-APPLICABLE - ocp4-pci-dss-4-0-file-owner-proxy-kubeconfig: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE - ocp4-pci-dss-4-0-file-permissions-proxy-kubeconfig: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE ocp4-pci-dss-4-0-general-apply-scc: default_result: MANUAL result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-pci-dss-4-0-4.18.yml b/tests/assertions/ocp4/ocp4-pci-dss-4-0-4.18.yml index 7faae2998b0..7c7deadaec2 100644 --- a/tests/assertions/ocp4/ocp4-pci-dss-4-0-4.18.yml +++ b/tests/assertions/ocp4/ocp4-pci-dss-4-0-4.18.yml @@ -197,12 +197,6 @@ rule_results: ocp4-pci-dss-4-0-file-integrity-notification-enabled: default_result: FAIL or NOT-APPLICABLE result_after_remediation: PASS or NOT-APPLICABLE - ocp4-pci-dss-4-0-file-owner-proxy-kubeconfig: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE - ocp4-pci-dss-4-0-file-permissions-proxy-kubeconfig: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE ocp4-pci-dss-4-0-general-apply-scc: default_result: MANUAL result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-pci-dss-4.17.yml b/tests/assertions/ocp4/ocp4-pci-dss-4.17.yml index 9ab26b3e4d3..fb29913d39f 100644 --- a/tests/assertions/ocp4/ocp4-pci-dss-4.17.yml +++ b/tests/assertions/ocp4/ocp4-pci-dss-4.17.yml @@ -191,12 +191,6 @@ rule_results: ocp4-pci-dss-file-integrity-notification-enabled: default_result: FAIL or NOT-APPLICABLE result_after_remediation: PASS or NOT-APPLICABLE - ocp4-pci-dss-file-owner-proxy-kubeconfig: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE - ocp4-pci-dss-file-permissions-proxy-kubeconfig: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE ocp4-pci-dss-general-apply-scc: default_result: MANUAL result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-pci-dss-4.18.yml b/tests/assertions/ocp4/ocp4-pci-dss-4.18.yml index 9ab26b3e4d3..fb29913d39f 100644 --- a/tests/assertions/ocp4/ocp4-pci-dss-4.18.yml +++ b/tests/assertions/ocp4/ocp4-pci-dss-4.18.yml @@ -191,12 +191,6 @@ rule_results: ocp4-pci-dss-file-integrity-notification-enabled: default_result: FAIL or NOT-APPLICABLE result_after_remediation: PASS or NOT-APPLICABLE - ocp4-pci-dss-file-owner-proxy-kubeconfig: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE - ocp4-pci-dss-file-permissions-proxy-kubeconfig: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE ocp4-pci-dss-general-apply-scc: default_result: MANUAL result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-stig-4.17.yml b/tests/assertions/ocp4/ocp4-stig-4.17.yml index 297056a33cd..0550619eb2e 100644 --- a/tests/assertions/ocp4/ocp4-stig-4.17.yml +++ b/tests/assertions/ocp4/ocp4-stig-4.17.yml @@ -197,12 +197,6 @@ rule_results: ocp4-stig-file-integrity-exists: default_result: FAIL or NOT-APPLICABLE result_after_remediation: PASS or NOT-APPLICABLE - ocp4-stig-file-owner-proxy-kubeconfig: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE - ocp4-stig-file-permissions-proxy-kubeconfig: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE ocp4-stig-fips-mode-enabled-on-all-nodes: default_result: PASS result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-stig-4.18.yml b/tests/assertions/ocp4/ocp4-stig-4.18.yml index 297056a33cd..0550619eb2e 100644 --- a/tests/assertions/ocp4/ocp4-stig-4.18.yml +++ b/tests/assertions/ocp4/ocp4-stig-4.18.yml @@ -197,12 +197,6 @@ rule_results: ocp4-stig-file-integrity-exists: default_result: FAIL or NOT-APPLICABLE result_after_remediation: PASS or NOT-APPLICABLE - ocp4-stig-file-owner-proxy-kubeconfig: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE - ocp4-stig-file-permissions-proxy-kubeconfig: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE ocp4-stig-fips-mode-enabled-on-all-nodes: default_result: PASS result_after_remediation: PASS