From 01ee110ac40153883dfc6f40a9d9da950baba40e Mon Sep 17 00:00:00 2001 From: Prem Kumar Date: Sat, 26 Oct 2019 05:42:56 +0530 Subject: [PATCH] Fix repetitive flags in some ocp-3.11 tests (#462) * fix flag repetition in ocp-3.11/node.yaml * fix flag repetition in ocp-3.11/master.yaml --- cfg/ocp-3.11/master.yaml | 56 ++++++++++++++++++++-------------------- cfg/ocp-3.11/node.yaml | 12 ++++----- 2 files changed, 34 insertions(+), 34 deletions(-) diff --git a/cfg/ocp-3.11/master.yaml b/cfg/ocp-3.11/master.yaml index 7f82a5d..3be26b6 100644 --- a/cfg/ocp-3.11/master.yaml +++ b/cfg/ocp-3.11/master.yaml @@ -50,17 +50,17 @@ groups: op: eq value: "kubeletClientInfo:" set: true - - flag: "ca: ca-bundle.crt" + - flag: "ca" compare: op: has value: "ca-bundle.crt" set: true - - flag: "certFile: master.kubelet-client.crt" + - flag: "certFile" compare: op: has value: "master.kubelet-client.crt" set: true - - flag: "keyFile: master.kubelet-client.key" + - flag: "keyFile" compare: op: has value: "master.kubelet-client.key" @@ -185,7 +185,7 @@ groups: audit: "grep -A4 AlwaysPullImages /etc/origin/master/master-config.yaml" tests: test_items: - - flag: "disable: false" + - flag: "disable" compare: op: has value: "false" @@ -236,7 +236,7 @@ groups: audit: "grep -A5 auditConfig /etc/origin/master/master-config.yaml" tests: test_items: - - flag: "enabled: true" + - flag: "enabled" compare: op: has value: "true" @@ -387,15 +387,15 @@ groups: tests: bin_op: and test_items: - - flag: "keyFile: master.kubelet-client.key" + - flag: "keyFile" compare: op: has - value: "keyFile: master.kubelet-client.key" + value: "master.kubelet-client.key" set: true - - flag: "certFile: master.kubelet-client.crt" + - flag: "certFile" compare: op: has - value: "certFile: master.kubelet-client.crt" + value: "master.kubelet-client.crt" set: true remediation: | Edit the Openshift master config file /etc/origin/master/master-config.yaml and add the following @@ -424,10 +424,10 @@ groups: tests: bin_op: and test_items: - - flag: "privateKeyFile: serviceaccounts.private.key" + - flag: "privateKeyFile" compare: op: has - value: "privateKeyFile: serviceaccounts.private.key" + value: "serviceaccounts.private.key" set: true - flag: "serviceaccounts.public.key" compare: @@ -464,15 +464,15 @@ groups: tests: bin_op: and test_items: - - flag: "certFile: master.etcd-client.crt" + - flag: "certFile" compare: op: has - value: "certFile: master.etcd-client.crt" + value: "master.etcd-client.crt" set: true - - flag: "keyFile: master.etcd-client.key" + - flag: "keyFile" compare: op: has - value: "keyFile: master.etcd-client.key" + value: "master.etcd-client.key" set: true remediation: | Edit the Openshift master config file /etc/origin/master/master-config.yaml and set keyFile and certFile @@ -492,10 +492,10 @@ groups: test_items: - flag: "ServiceAccount" set: false - - flag: "disable: false" + - flag: "disable" compare: op: has - value: "disable: false" + value: "false" set: true remediation: | Edit the Openshift master config file /etc/origin/master/master-config.yaml and enable ServiceAccount @@ -514,15 +514,15 @@ groups: tests: bin_op: and test_items: - - flag: "certFile: master.server.crt" + - flag: "certFile" compare: op: has - value: "certFile: master.server.crt" + value: "master.server.crt" set: true - - flag: "keyFile: master.server.key" + - flag: "keyFile" compare: op: has - value: "keyFile: master.server.key" + value: "master.server.key" set: true remediation: | Edit the Openshift master config file /etc/origin/master/master-config.yaml and set keyFile and certFile under servingInfo. @@ -562,10 +562,10 @@ groups: audit: "grep -A3 etcdClientInfo /etc/origin/master/master-config.yaml" tests: test_items: - - flag: "ca: master.etcd-ca.crt" + - flag: "ca" compare: op: has - value: "ca: master.etcd-ca.crt" + value: "master.etcd-ca.crt" set: true remediation: | Edit the Openshift master config file /etc/origin/master/master-config.yaml and set ca under etcdClientInfo. @@ -589,10 +589,10 @@ groups: test_items: - flag: "NodeRestriction" set: false - - flag: "disable: false" + - flag: "disable" compare: op: has - value: "disable: false" + value: "false" set: true remediation: | Edit the Openshift master config file /etc/origin/master/master-config.yaml and enable NodeRestriction ca under etcdClientInfo. @@ -639,10 +639,10 @@ groups: audit: "grep -A4 EventRateLimit /etc/origin/master/master-config.yaml" tests: test_items: - - flag: "disable: false" + - flag: "disable" compare: op: has - value: "disable: false" + value: "false" set: true remediation: | Follow the documentation to enable the EventRateLimit plugin. @@ -775,7 +775,7 @@ groups: value: "/etc/origin/master/ca-bundle.crt" set: true test_items: - - flag: "masterCA: ca-bundle.crt" + - flag: "masterCA" compare: op: has value: "ca-bundle.crt" diff --git a/cfg/ocp-3.11/node.yaml b/cfg/ocp-3.11/node.yaml index cc894c5..7fcd8ec 100644 --- a/cfg/ocp-3.11/node.yaml +++ b/cfg/ocp-3.11/node.yaml @@ -25,7 +25,7 @@ groups: test_items: - flag: "authorization-mode" set: false - - flag: "authorization-mode: Webhook" + - flag: "authorization-mode" compare: op: has value: "Webhook" @@ -59,7 +59,7 @@ groups: test_items: - flag: "read-only-port" set: false - - flag: "read-only-port: 0" + - flag: "read-only-port" compare: op: has value: "0" @@ -100,7 +100,7 @@ groups: test_items: - flag: "make-iptables-util-chains" set: false - - flag: "make-iptables-util-chains: true" + - flag: "make-iptables-util-chains" compare: op: has value: "true" @@ -115,7 +115,7 @@ groups: audit: "grep -A1 keep-terminated-pod-volumes /etc/origin/node/node-config.yaml" tests: test_items: - - flag: "keep-terminated-pod-volumes: false" + - flag: "keep-terminated-pod-volumes" compare: op: has value: "false" @@ -137,7 +137,7 @@ groups: test_items: - flag: "event-qps" set: false - - flag: "event-qps: 0" + - flag: "event-qps" compare: op: has value: "0" @@ -169,7 +169,7 @@ groups: test_items: - flag: "cadvisor-port" set: false - - flag: "cadvisor-port: 0" + - flag: "cadvisor-port" compare: op: has value: "0"