Add fixes in node and etcd TCs

2025-02-21 12:02:30 +00:00 · 2024-09-18 23:00:53 +05:30 · 2024-09-18 23:00:53 +05:30 · ff650d04fd
commit ff650d04fd
parent 1ae58e3e97
2 changed files with 7 additions and 6 deletions
--- a/cfg/rh-1.6/etcd.yaml
+++ b/cfg/rh-1.6/etcd.yaml
@ -28,7 +28,8 @@ groups:
            - flag: "file"
              compare:
                op: regex
-                value: '\/etc\/kubernetes\/static-pod-certs\/secrets\/etcd-all-serving\/etcd-serving-.*\.(?:crt|key)'
+                # some systems have certs in directory '/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs'
                value: \/etc\/kubernetes\/static-pod-certs\/secrets\/etcd-all-(?:serving|certs)\/etcd-serving-.*\.(?:crt|key)
        remediation: |
          OpenShift does not use the etcd-certfile or etcd-keyfile flags.
          Certificates for etcd are managed by the etcd cluster operator.
@ -103,7 +104,8 @@ groups:
            - flag: "file"
              compare:
                op: regex
-                value: '\/etc\/kubernetes\/static-pod-certs\/secrets\/etcd-all-peer\/etcd-peer-.*\.(?:crt|key)'
+                # some systems have certs in directory '/etc/kubernetes/static-pod-certs/secrets/etcd-all-certs'
                value: '\/etc\/kubernetes\/static-pod-certs\/secrets\/etcd-all-(?:peer|certs)\/etcd-peer-.*\.(?:crt|key)'
        remediation: |
          None. This configuration is managed by the etcd operator.
        scored: false
--- a/cfg/rh-1.6/node.yaml
+++ b/cfg/rh-1.6/node.yaml
@ -349,15 +349,14 @@ groups:
          echo RotateKubeletServerCertificate=$(oc get --raw /api/v1/nodes/$NODE_NAME/proxy/configz | jq '.kubeletconfig.featureGates.RotateKubeletServerCertificate' 2> /dev/null)
          # Verify the rotateCertificates argument is set to true
          echo rotateCertificates=$(oc get --raw /api/v1/nodes/$NODE_NAME/proxy/configz | jq -r '.kubeletconfig.rotateCertificates' 2> /dev/null)
        use_multiple_values: true
        tests:
-          bin_op: or
+          bin_op: and
          test_items:
-            - flag: rotateCertificates
+            - flag: RotateKubeletServerCertificate
              compare:
                op: eq
                value: true
-            - flag: RotateKubeletServerCertificate
+            - flag: rotateCertificates
              compare:
                op: eq
                value: true