Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.14.0
-
None
-
Moderate
-
No
-
False
-
Description
Description of problem:
even after auto remediation steps the test cases returned fail
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1.oc get ccr |grep FAIL [root@m1326001 content]# oc get ccr|grep FAIL ocp4-pci-dss-api-server-api-priority-gate-enabled FAIL medium ocp4-pci-dss-audit-log-forwarding-enabled FAIL medium ocp4-pci-dss-idp-is-configured FAIL medium ocp4-pci-dss-kubeadmin-removed FAIL medium ocp4-pci-dss-node-master-file-groupowner-ovs-conf-db-lock FAIL medium ocp4-pci-dss-node-master-file-groupowner-ovs-sys-id-conf FAIL medium ocp4-pci-dss-node-master-file-permissions-cni-conf FAIL medium ocp4-pci-dss-node-master-kubelet-anonymous-auth FAIL medium ocp4-pci-dss-node-master-kubelet-authorization-mode FAIL medium ocp4-pci-dss-node-master-kubelet-configure-client-ca FAIL medium ocp4-pci-dss-node-master-kubelet-configure-event-creation FAIL medium ocp4-pci-dss-node-master-kubelet-configure-tls-cipher-suites FAIL medium ocp4-pci-dss-node-master-kubelet-enable-cert-rotation FAIL medium ocp4-pci-dss-node-master-kubelet-enable-iptables-util-chains FAIL medium ocp4-pci-dss-node-master-kubelet-enable-server-cert-rotation FAIL medium ocp4-pci-dss-node-master-kubelet-enable-streaming-connections FAIL medium ocp4-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available FAIL medium ocp4-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-memory-available FAIL medium ocp4-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available FAIL medium ocp4-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree FAIL medium ocp4-pci-dss-node-worker-file-groupowner-ovs-conf-db-lock FAIL medium ocp4-pci-dss-node-worker-file-groupowner-ovs-sys-id-conf FAIL medium ocp4-pci-dss-node-worker-file-permissions-cni-conf FAIL medium ocp4-pci-dss-node-worker-kubelet-anonymous-auth FAIL medium ocp4-pci-dss-node-worker-kubelet-authorization-mode FAIL medium ocp4-pci-dss-node-worker-kubelet-configure-client-ca FAIL medium ocp4-pci-dss-node-worker-kubelet-configure-event-creation FAIL medium ocp4-pci-dss-node-worker-kubelet-configure-tls-cipher-suites FAIL medium ocp4-pci-dss-node-worker-kubelet-enable-cert-rotation FAIL medium ocp4-pci-dss-node-worker-kubelet-enable-iptables-util-chains FAIL medium ocp4-pci-dss-node-worker-kubelet-enable-server-cert-rotation FAIL medium ocp4-pci-dss-node-worker-kubelet-enable-streaming-connections FAIL medium ocp4-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available FAIL medium ocp4-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-memory-available FAIL medium ocp4-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available FAIL medium ocp4-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree FAIL medium ocp4-pci-dss-ocp-allowed-registries FAIL medium ocp4-pci-dss-ocp-allowed-registries-for-import FAIL medium [root@m1326001 content]# oc get cr NAME STATE ocp4-pci-dss-node-master-kubelet-configure-event-creation Applied ocp4-pci-dss-node-master-kubelet-configure-tls-cipher-suites Applied ocp4-pci-dss-node-master-kubelet-enable-iptables-util-chains Applied ocp4-pci-dss-node-master-kubelet-enable-streaming-connections Applied ocp4-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available Applied ocp4-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available-1 Applied ocp4-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-memory-available Applied ocp4-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-memory-available-1 Applied ocp4-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available Applied ocp4-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available-1 Applied ocp4-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree Applied ocp4-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree-1 Applied ocp4-pci-dss-node-worker-kubelet-configure-event-creation Applied ocp4-pci-dss-node-worker-kubelet-configure-tls-cipher-suites Applied ocp4-pci-dss-node-worker-kubelet-enable-iptables-util-chains Applied ocp4-pci-dss-node-worker-kubelet-enable-streaming-connections Applied ocp4-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available Applied ocp4-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available-1 Applied ocp4-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-memory-available Applied ocp4-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-memory-available-1 Applied ocp4-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available Applied ocp4-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available-1 Applied ocp4-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree Applied ocp4-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree-1 Applied one example test case for reference [root@m1326001 content]# oc describe cr/ocp4-pci-dss-node-master-kubelet-configure-event-creation Name: ocp4-pci-dss-node-master-kubelet-configure-event-creation Namespace: openshift-compliance Labels: compliance.openshift.io/scan-name=ocp4-pci-dss-node-master compliance.openshift.io/suite=pci-compliance Annotations: compliance.openshift.io/xccdf-value-used: var-event-record-qps API Version: compliance.openshift.io/v1alpha1 Kind: ComplianceRemediation Metadata: Creation Timestamp: 2023-11-28T07:35:30Z Generation: 2 Owner References: API Version: compliance.openshift.io/v1alpha1 Block Owner Deletion: true Controller: true Kind: ComplianceCheckResult Name: ocp4-pci-dss-node-master-kubelet-configure-event-creation UID: 4ef8ebd9-c2e6-4fe7-8d88-a43ad75abc88 Resource Version: 4161533 UID: 4cd345e8-c907-4589-b5aa-fbfd07234aeb Spec: Apply: true Current: Object: API Version: machineconfiguration.openshift.io/v1 Kind: KubeletConfig Spec: Kubelet Config: Event Record QPS: 50 Outdated: Type: Configuration Status: Application State: Applied Events: <none> [root@m1326001 content]# oc get ccr|grep FAIL ocp4-pci-dss-api-server-api-priority-gate-enabled FAIL medium ocp4-pci-dss-audit-log-forwarding-enabled FAIL medium ocp4-pci-dss-idp-is-configured FAIL medium ocp4-pci-dss-kubeadmin-removed FAIL medium ocp4-pci-dss-node-master-file-groupowner-ovs-conf-db-lock FAIL medium ocp4-pci-dss-node-master-file-groupowner-ovs-sys-id-conf FAIL medium ocp4-pci-dss-node-master-file-permissions-cni-conf FAIL medium ocp4-pci-dss-node-master-kubelet-anonymous-auth FAIL medium ocp4-pci-dss-node-master-kubelet-authorization-mode FAIL medium ocp4-pci-dss-node-master-kubelet-configure-client-ca FAIL medium ocp4-pci-dss-node-master-kubelet-configure-event-creation FAIL medium ocp4-pci-dss-node-master-kubelet-configure-tls-cipher-suites FAIL medium ocp4-pci-dss-node-master-kubelet-enable-cert-rotation FAIL medium ocp4-pci-dss-node-master-kubelet-enable-iptables-util-chains FAIL medium ocp4-pci-dss-node-master-kubelet-enable-server-cert-rotation FAIL medium ocp4-pci-dss-node-master-kubelet-enable-streaming-connections FAIL medium ocp4-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available FAIL medium ocp4-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-memory-available FAIL medium ocp4-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available FAIL medium ocp4-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree FAIL medium ocp4-pci-dss-node-worker-file-groupowner-ovs-conf-db-lock FAIL medium ocp4-pci-dss-node-worker-file-groupowner-ovs-sys-id-conf FAIL medium ocp4-pci-dss-node-worker-file-permissions-cni-conf FAIL medium ocp4-pci-dss-node-worker-kubelet-anonymous-auth FAIL medium ocp4-pci-dss-node-worker-kubelet-authorization-mode FAIL medium ocp4-pci-dss-node-worker-kubelet-configure-client-ca FAIL medium ocp4-pci-dss-node-worker-kubelet-configure-event-creation FAIL medium ocp4-pci-dss-node-worker-kubelet-configure-tls-cipher-suites FAIL medium ocp4-pci-dss-node-worker-kubelet-enable-cert-rotation FAIL medium ocp4-pci-dss-node-worker-kubelet-enable-iptables-util-chains FAIL medium ocp4-pci-dss-node-worker-kubelet-enable-server-cert-rotation FAIL medium ocp4-pci-dss-node-worker-kubelet-enable-streaming-connections FAIL medium ocp4-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available FAIL medium ocp4-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-memory-available FAIL medium ocp4-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available FAIL medium ocp4-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree FAIL medium ocp4-pci-dss-ocp-allowed-registries FAIL medium ocp4-pci-dss-ocp-allowed-registries-for-import FAIL medium [root@m1326001 content]# oc get csv NAME DISPLAY VERSION REPLACES PHASE compliance-operator.v1.3.1 Compliance Operator 1.3.1 Succeeded file-integrity-operator.v1.3.3 File Integrity Operator 1.3.3 Succeeded
Actual results:
returns fail after [oc get ccr]
Expected results:
it should able to pass after autoremediation [oc get ccr]
Additional info:
even oc describe <.....> for each and every test suite applied.