Automated testing 1.2.34 (#801)

* Automated testing 1.2.34 Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com> * Changed automation status in test Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com> * Changed one more test Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com> * Changed Automated to manual Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
3 years ago · 6262bc79ec
parent ed53e56356
commit 6262bc79ec
1 changed files with 9 additions and 2 deletions
--- a/cfg/cis-1.6/master.yaml
+++ b/cfg/cis-1.6/master.yaml
@ -819,8 +819,15 @@ groups:

      - id: 1.2.34
        text: "Ensure that encryption providers are appropriately configured (Manual)"
-        audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
-        type: "manual"
+        audit: |
+          ENCRYPTION_PROVIDER_CONFIG=$(ps -ef | grep $apiserverbin | grep -- --encryption-provider-config | sed 's%.*encryption-provider-config[= ]\([^ ]*\).*%\1%')
+          if test -e $ENCRYPTION_PROVIDER_CONFIG; then grep -A1 'providers:' $ENCRYPTION_PROVIDER_CONFIG | tail -n1 | grep -o "[A-Za-z]*" | sed 's/^/provider=/'; fi
+        tests:
+          test_items:
+            - flag: "provider"
+              compare:
+                op: valid_elements
+                value: "aescbc,kms,secretbox"
        remediation: |
          Follow the Kubernetes documentation and configure a EncryptionConfig file.
          In this file, choose aescbc, kms or secretbox as the encryption provider.