From 787bf6ca4d19ac7d554b0c273099137a836bb493 Mon Sep 17 00:00:00 2001
From: mwwolters <mwwolters@google.com>
Date: Fri, 9 Aug 2019 10:24:20 -0700
Subject: [PATCH] Updated check to pass if flag isn't set (#379)

---
 cfg/1.11/master.yaml | 3 +++
 cfg/1.13/master.yaml | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/cfg/1.11/master.yaml b/cfg/1.11/master.yaml
index 8a44464..8e5b76e 100644
--- a/cfg/1.11/master.yaml
+++ b/cfg/1.11/master.yaml
@@ -441,12 +441,15 @@ groups:
     text: "Ensure that the admission control plugin ServiceAccount is set(Scored)"
     audit: "ps -ef | grep $apiserverbin | grep -v grep"
     tests:
+      bin_op: or
       test_items:
       - flag: "--enable-admission-plugins"
         compare:
           op: has
           value: "ServiceAccount"
         set: true
+      - flag: "--enable-admission-plugins"
+        set: false
     remediation: |
       Follow the documentation and create ServiceAccount objects as per your environment.
       Then, edit the API server pod specification file $apiserverconf
diff --git a/cfg/1.13/master.yaml b/cfg/1.13/master.yaml
index 3662a06..c730319 100644
--- a/cfg/1.13/master.yaml
+++ b/cfg/1.13/master.yaml
@@ -445,12 +445,15 @@ groups:
     text: "Ensure that the admission control plugin ServiceAccount is set(Scored)"
     audit: "ps -ef | grep $apiserverbin | grep -v grep"
     tests:
+      bin_op: or
       test_items:
       - flag: "--enable-admission-plugins"
         compare:
           op: has
           value: "ServiceAccount"
         set: true
+      - flag: "--enable-admission-plugins"
+        set: false
     remediation: |
       Follow the documentation and create ServiceAccount objects as per your environment.
       Then, edit the API server pod specification file $apiserverconf