1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
<def-group>
<definition class="inventory" id="installed_app_is_ocp4_node" version="1">
<metadata>
<title>Red Hat OpenShift Container Platform Node</title>
<affected family="unix">
<platform>multi_platform_eks</platform>
<platform>multi_platform_ocp</platform>
</affected>
<reference ref_id="cpe:/o:redhat:openshift_container_platform_node:4" source="CPE" />
<description>The application installed installed on the system is OpenShift 4.</description>
</metadata>
<criteria>
<criterion comment="Kubelet is installed" test_ref="test_kubelet_conf_exists" />
</criteria>
</definition>
<unix:file_test check="all" check_existence="all_exist" comment="Testing if /etc/kubernetes/kubelet.conf exists" id="test_kubelet_conf_exists" version="1">
<unix:object object_ref="object_kubelet_conf_exists" />
</unix:file_test>
<unix:file_object comment="/etc/kubernetes/kubelet.conf" id="object_kubelet_conf_exists" version="1">
<unix:filepath>/etc/kubernetes/kubelet.conf</unix:filepath>
</unix:file_object>
<!-- helpers for ovn/sdn network cpe check-->
<local_variable id="ocp4_node_network_file_location" datatype="string" comment="The actual filepath of the network file to scan." version="1">
<literal_component>/var/run/multus/cni/net.d/10-ovn-kubernetes.conf</literal_component>
</local_variable>
<unix:file_test id="test_file_for_ocp4_node_network" check="only one" comment="Find the actual file for the network to be scanned." version="1">
<unix:object object_ref="object_file_for_ocp4_node_network"/>
</unix:file_test>
<unix:file_object id="object_file_for_ocp4_node_network" version="1">
<unix:filepath var_ref="ocp4_node_network_file_location"/>
</unix:file_object>
<ind:yamlfilecontent_object id="object_ocp4_platform_node_network" version="1">
<ind:filepath var_ref="ocp4_node_network_file_location"/>
<ind:yamlpath>.type</ind:yamlpath>
</ind:yamlfilecontent_object>
<!-- Check for OpenShift Container Platform 4 using specific network type -->
{{% for network in ["OpenShift-SDN", "OpenShift-OVN"] %}}
<definition class="inventory" id="installed_app_is_ocp4_node_on_{{{ network|lower }}}" version="1">
<metadata>
<title>Red Hat OpenShift Container network 4 on {{{ network }}}</title>
<affected family="unix">
<platform>Red Hat OpenShift Container network 4 on {{{ network }}}</platform>
</affected>
<reference ref_id="cpe:/a:redhat:openshift_container_node_network_on_{{{ network|lower }}}:4" source="CPE" />
<description>The application installed installed on the system is OpenShift version 4 on {{{ network }}}.</description>
</metadata>
<criteria operator="AND">
<criterion comment="cluster is OpenShift 4 on {{{ network }}}" test_ref="test_ocp4_on_{{{ network|lower }}}" />
<criterion comment="Make sure OCP4 networkstructure/cluster file is present" test_ref="test_file_for_ocp4_node_network"/>
</criteria>
</definition>
<ind:yamlfilecontent_test id="test_ocp4_on_{{{ network|lower }}}" check="at least one" comment="Find one match" version="1">
<ind:object object_ref="object_ocp4_platform_node_network"/>
<ind:state state_ref="state_ocp4_on_{{{ network|lower }}}"/>
</ind:yamlfilecontent_test>
<ind:yamlfilecontent_state id="state_ocp4_on_{{{ network|lower }}}" version="1">
<ind:value datatype="record">
{{% if network == "OpenShift-OVN" %}}
<field name="#" datatype="string" operation="pattern match">^(OpenShift-OVN|ovn-k8s-cni-overlay)$</field>
{{% else %}}
<field name="#" datatype="string" operation="pattern match">^{{{ network|lower }}}$</field>
{{% endif %}}
</ind:value>
</ind:yamlfilecontent_state>
{{% endfor %}}
</def-group>
|
