Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix jinja comment variable definition in sysctl OVAL template #9400

Merged
merged 1 commit into from
Aug 25, 2022
Merged

Fix jinja comment variable definition in sysctl OVAL template #9400

merged 1 commit into from
Aug 25, 2022
+3 −3

Conversation

ggbecker
Copy link
Member

Description:

  • Fix jinja comment variable definition in sysctl OVAL template

@ggbecker ggbecker added the bugfix Fixes to reported bugs. label Aug 24, 2022
@ggbecker ggbecker added this to the 0.1.64 milestone Aug 24, 2022
@github-actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@codeclimate
Copy link

codeclimate bot commented Aug 24, 2022

Code Climate has analyzed commit 7ed3069 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 42.5% (0.0% change).

View more on Code Climate.

@openshift-ci
Copy link

openshift-ci bot commented Aug 24, 2022

@ggbecker: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-rhcos4-high 7ed3069 link true /test e2e-aws-rhcos4-high
ci/prow/e2e-aws-rhcos4-moderate 7ed3069 link true /test e2e-aws-rhcos4-moderate
ci/prow/e2e-aws-ocp4-pci-dss-node 7ed3069 link true /test e2e-aws-ocp4-pci-dss-node

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

vojtapolasek
vojtapolasek approved these changes Aug 25, 2022
View reviewed changes
Copy link
Collaborator

@vojtapolasek vojtapolasek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, the failing tests are either CI problem or a long standing issue in the content (Pakit).

@vojtapolasek vojtapolasek merged commit faec68f into ComplianceAsCode:master Aug 25, 2022
@marcusburghardt
Copy link
Member

I checked the OVAL output for the sysctl_net_ipv4_ip_local_port_range rule, which uses sysctlval: 32768 65535.
Before the patch it was splitting the entire numbers, like this:
<description>The kernel 'net.ipv4.ip_local_port_range' parameter should be set to 3 or 2 or 7 or 6 or 8 or or 6 or 5 or 5 or 3 or 5 in the system runtime.</description>

With this patch it gets better, like this:
<description>The kernel 'net.ipv4.ip_local_port_range' parameter should be set to 32768 65535 in the system runtime.</description>

However, in this case it is still missing an or between 32768 and 65535. Probably because the value is interpreted as a string instead of a sequence. I think the sequence test should be kept to honor this case.

@ggbecker
Copy link
Member Author

ggbecker commented Aug 25, 2022
edited

I checked the OVAL output for the sysctl_net_ipv4_ip_local_port_range rule, which uses sysctlval: 32768 65535. Before the patch it was splitting the entire numbers, like this: <description>The kernel 'net.ipv4.ip_local_port_range' parameter should be set to 3 or 2 or 7 or 6 or 8 or or 6 or 5 or 5 or 3 or 5 in the system runtime.</description>

With this patch it gets better, like this: <description>The kernel 'net.ipv4.ip_local_port_range' parameter should be set to 32768 65535 in the system runtime.</description>

However, in this case it is still missing an or between 32768 and 65535. Probably because the value is interpreted as a string instead of a sequence. I think the sequence test should be kept to honor this case.

From the template input for sysctl_net_ipv4_ip_local_port_range I don't expect that there would be an or between those two values since both of them should be set there in order to work, it's not one or another case.

The sequence will be valid when you define a list in the template input.

@marcusburghardt
Copy link
Member

I checked the OVAL output for the sysctl_net_ipv4_ip_local_port_range rule, which uses sysctlval: 32768 65535. Before the patch it was splitting the entire numbers, like this: <description>The kernel 'net.ipv4.ip_local_port_range' parameter should be set to 3 or 2 or 7 or 6 or 8 or or 6 or 5 or 5 or 3 or 5 in the system runtime.</description>
With this patch it gets better, like this: <description>The kernel 'net.ipv4.ip_local_port_range' parameter should be set to 32768 65535 in the system runtime.</description>
However, in this case it is still missing an or between 32768 and 65535. Probably because the value is interpreted as a string instead of a sequence. I think the sequence test should be kept to honor this case.

From the template input for sysctl_net_ipv4_ip_local_port_range I don't expect that there would be an or between those two values since both of them should be set there in order to work, it's not one or another case.

The sequence will be valid when you define a list in the template input.

I overlooked the sysctl parameter name, which is indeed expecting a range. All fine so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vojtapolasek vojtapolasek vojtapolasek approved these changes

Assignees

@vojtapolasek vojtapolasek

Labels
bugfix Fixes to reported bugs.
Projects
None yet
Milestone
0.1.64
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ggbecker @marcusburghardt @vojtapolasek