Make accounts password pam pwhistory remember rule use template for SLE etc #13343

teacup-on-rockingchair · 2025-04-16T14:29:06Z

Description:

Rename accounts_password_pam_pwhistory_remember/oval/shared.xml to ubuntu2404.xml

Rationale:

If we have accounts_password_pam_pwhistory_remember/oval/shared.xml file it is also built for other platforms like SLE for sure, and it also overwrites the oval check generated by the template. So having in mind that the accounts_password_pam_pwhistory_remember rule not using the template code seem to be valid only for ubuntu2404 the oval check script looks bet to be named after that particular platform
Simplify the condition in which the template will be used or not in the accounts_password_pam_pwhistory_remember/rule.yml

Review Hints:

According to my checks seems like rule is relevant for ubuntu platforms ubuntu2004 and ubuntu2404, for which the latter doesn't use the template so figured better explicitely use ubuntu2404 both for the rule jinja condition and the naming of the oval check

If we have accounts_password_pam_pwhistory_remember/oval/shared.xml file it is also built for other platforms like SLE for sure, and it also overwrites the oval check generated by the template So having in mind that the accounts_password_pam_pwhistory_remember rule not using the template code seem to be valid only for ubuntu2404 the oval check script looks bet to be named after that particular platform

According to basic checks seems like rule is relevant for ubuntu platforms ubuntu2004 and ubuntu2404, for which the latter doesn't use the template so figured if condition will look simpler that way

openshift-ci · 2025-04-16T14:29:10Z

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

codeclimate · 2025-04-16T14:59:29Z

Code Climate has analyzed commit fb9a129 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 61.9% (0.0% change).

View more on Code Climate.

jan-cerny · 2025-04-17T06:14:18Z

/test

openshift-ci · 2025-04-17T06:14:22Z

@jan-cerny: The /test command needs one or more targets.
The following commands are available to trigger required jobs:

/test 4.12-e2e-aws-ocp4-cis

/test 4.12-e2e-aws-ocp4-cis-node

/test 4.12-e2e-aws-ocp4-e8

/test 4.12-e2e-aws-ocp4-high

/test 4.12-e2e-aws-ocp4-high-node

/test 4.12-e2e-aws-ocp4-moderate

/test 4.12-e2e-aws-ocp4-moderate-node

/test 4.12-e2e-aws-ocp4-pci-dss

/test 4.12-e2e-aws-ocp4-pci-dss-4-0

/test 4.12-e2e-aws-ocp4-pci-dss-node

/test 4.12-e2e-aws-ocp4-pci-dss-node-4-0

/test 4.12-e2e-aws-ocp4-stig

/test 4.12-e2e-aws-ocp4-stig-node

/test 4.12-e2e-aws-rhcos4-e8

/test 4.12-e2e-aws-rhcos4-high

/test 4.12-e2e-aws-rhcos4-moderate

/test 4.12-e2e-aws-rhcos4-stig

/test 4.12-images

/test 4.13-e2e-aws-ocp4-bsi

/test 4.13-e2e-aws-ocp4-bsi-node

/test 4.13-e2e-aws-ocp4-cis

/test 4.13-e2e-aws-ocp4-cis-node

/test 4.13-e2e-aws-ocp4-e8

/test 4.13-e2e-aws-ocp4-high

/test 4.13-e2e-aws-ocp4-high-node

/test 4.13-e2e-aws-ocp4-moderate

/test 4.13-e2e-aws-ocp4-moderate-node

/test 4.13-e2e-aws-ocp4-pci-dss

/test 4.13-e2e-aws-ocp4-pci-dss-4-0

/test 4.13-e2e-aws-ocp4-pci-dss-node

/test 4.13-e2e-aws-ocp4-pci-dss-node-4-0

/test 4.13-e2e-aws-ocp4-stig

/test 4.13-e2e-aws-ocp4-stig-node

/test 4.13-e2e-aws-rhcos4-bsi

/test 4.13-e2e-aws-rhcos4-e8

/test 4.13-e2e-aws-rhcos4-high

/test 4.13-e2e-aws-rhcos4-moderate

/test 4.13-e2e-aws-rhcos4-stig

/test 4.13-images

/test 4.14-e2e-aws-ocp4-bsi

/test 4.14-e2e-aws-ocp4-bsi-node

/test 4.14-e2e-aws-ocp4-pci-dss-4-0

/test 4.14-e2e-aws-ocp4-pci-dss-node-4-0

/test 4.14-e2e-aws-rhcos4-bsi

/test 4.14-images

/test 4.15-e2e-aws-ocp4-bsi

/test 4.15-e2e-aws-ocp4-bsi-node

/test 4.15-e2e-aws-ocp4-cis

/test 4.15-e2e-aws-ocp4-cis-node

/test 4.15-e2e-aws-ocp4-e8

/test 4.15-e2e-aws-ocp4-high

/test 4.15-e2e-aws-ocp4-high-node

/test 4.15-e2e-aws-ocp4-moderate

/test 4.15-e2e-aws-ocp4-moderate-node

/test 4.15-e2e-aws-ocp4-pci-dss

/test 4.15-e2e-aws-ocp4-pci-dss-4-0

/test 4.15-e2e-aws-ocp4-pci-dss-node

/test 4.15-e2e-aws-ocp4-pci-dss-node-4-0

/test 4.15-e2e-aws-ocp4-stig

/test 4.15-e2e-aws-ocp4-stig-node

/test 4.15-e2e-aws-rhcos4-bsi

/test 4.15-e2e-aws-rhcos4-e8

/test 4.15-e2e-aws-rhcos4-high

/test 4.15-e2e-aws-rhcos4-moderate

/test 4.15-e2e-aws-rhcos4-stig

/test 4.15-e2e-rosa-ocp4-cis-node

/test 4.15-e2e-rosa-ocp4-pci-dss-node

/test 4.15-images

/test 4.16-e2e-aws-ocp4-bsi

/test 4.16-e2e-aws-ocp4-bsi-node

/test 4.16-e2e-aws-ocp4-cis

/test 4.16-e2e-aws-ocp4-cis-node

/test 4.16-e2e-aws-ocp4-e8

/test 4.16-e2e-aws-ocp4-high

/test 4.16-e2e-aws-ocp4-high-node

/test 4.16-e2e-aws-ocp4-moderate

/test 4.16-e2e-aws-ocp4-moderate-node

/test 4.16-e2e-aws-ocp4-pci-dss

/test 4.16-e2e-aws-ocp4-pci-dss-4-0

/test 4.16-e2e-aws-ocp4-pci-dss-node

/test 4.16-e2e-aws-ocp4-pci-dss-node-4-0

/test 4.16-e2e-aws-ocp4-stig

/test 4.16-e2e-aws-ocp4-stig-node

/test 4.16-e2e-aws-rhcos4-bsi

/test 4.16-e2e-aws-rhcos4-e8

/test 4.16-e2e-aws-rhcos4-high

/test 4.16-e2e-aws-rhcos4-moderate

/test 4.16-e2e-aws-rhcos4-stig

/test 4.16-images

/test 4.17-e2e-aws-ocp4-bsi

/test 4.17-e2e-aws-ocp4-bsi-node

/test 4.17-e2e-aws-ocp4-cis

/test 4.17-e2e-aws-ocp4-cis-node

/test 4.17-e2e-aws-ocp4-e8

/test 4.17-e2e-aws-ocp4-high

/test 4.17-e2e-aws-ocp4-high-node

/test 4.17-e2e-aws-ocp4-moderate

/test 4.17-e2e-aws-ocp4-moderate-node

/test 4.17-e2e-aws-ocp4-pci-dss

/test 4.17-e2e-aws-ocp4-pci-dss-4-0

/test 4.17-e2e-aws-ocp4-pci-dss-node

/test 4.17-e2e-aws-ocp4-pci-dss-node-4-0

/test 4.17-e2e-aws-ocp4-stig

/test 4.17-e2e-aws-ocp4-stig-node

/test 4.17-e2e-aws-rhcos4-bsi

/test 4.17-e2e-aws-rhcos4-e8

/test 4.17-e2e-aws-rhcos4-high

/test 4.17-e2e-aws-rhcos4-moderate

/test 4.17-e2e-aws-rhcos4-stig

/test 4.17-images

/test 4.18-e2e-aws-ocp4-bsi

/test 4.18-e2e-aws-ocp4-bsi-node

/test 4.18-e2e-aws-ocp4-cis

/test 4.18-e2e-aws-ocp4-cis-node

/test 4.18-e2e-aws-ocp4-e8

/test 4.18-e2e-aws-ocp4-high

/test 4.18-e2e-aws-ocp4-high-node

/test 4.18-e2e-aws-ocp4-moderate

/test 4.18-e2e-aws-ocp4-moderate-node

/test 4.18-e2e-aws-ocp4-pci-dss

/test 4.18-e2e-aws-ocp4-pci-dss-4-0

/test 4.18-e2e-aws-ocp4-pci-dss-node

/test 4.18-e2e-aws-ocp4-pci-dss-node-4-0

/test 4.18-e2e-aws-ocp4-stig

/test 4.18-e2e-aws-ocp4-stig-node

/test 4.18-e2e-aws-rhcos4-bsi

/test 4.18-e2e-aws-rhcos4-e8

/test 4.18-e2e-aws-rhcos4-high

/test 4.18-e2e-aws-rhcos4-moderate

/test 4.18-e2e-aws-rhcos4-stig

/test 4.18-images

/test e2e-aws-ocp4-bsi

/test e2e-aws-ocp4-bsi-node

/test e2e-aws-ocp4-cis

/test e2e-aws-ocp4-cis-arm

/test e2e-aws-ocp4-cis-node

/test e2e-aws-ocp4-cis-node-arm

/test e2e-aws-ocp4-e8

/test e2e-aws-ocp4-high

/test e2e-aws-ocp4-high-node

/test e2e-aws-ocp4-moderate

/test e2e-aws-ocp4-moderate-arm

/test e2e-aws-ocp4-moderate-node

/test e2e-aws-ocp4-moderate-node-arm

/test e2e-aws-ocp4-pci-dss

/test e2e-aws-ocp4-pci-dss-4-0

/test e2e-aws-ocp4-pci-dss-node

/test e2e-aws-ocp4-pci-dss-node-4-0

/test e2e-aws-ocp4-stig

/test e2e-aws-ocp4-stig-node

/test e2e-aws-rhcos4-bsi

/test e2e-aws-rhcos4-e8

/test e2e-aws-rhcos4-high

/test e2e-aws-rhcos4-moderate

/test e2e-aws-rhcos4-moderate-arm

/test e2e-aws-rhcos4-stig

/test images

Use /test all to run the following jobs that were automatically triggered:

pull-ci-ComplianceAsCode-content-master-4.12-images

pull-ci-ComplianceAsCode-content-master-4.13-images

pull-ci-ComplianceAsCode-content-master-4.14-images

pull-ci-ComplianceAsCode-content-master-4.15-images

pull-ci-ComplianceAsCode-content-master-4.16-images

pull-ci-ComplianceAsCode-content-master-4.17-images

pull-ci-ComplianceAsCode-content-master-4.18-images

pull-ci-ComplianceAsCode-content-master-images

In response to this:

/test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

dodys

lgtm, thanks!

teacup-on-rockingchair added 2 commits April 16, 2025 17:11

Simplify the condition in which the template will be used or not

fb9a129

According to basic checks seems like rule is relevant for ubuntu platforms ubuntu2004 and ubuntu2404, for which the latter doesn't use the template so figured if condition will look simpler that way

openshift-ci bot added the do-not-merge/work-in-progress Used by openshift-ci bot. label Apr 16, 2025

teacup-on-rockingchair added this to the 0.1.77 milestone Apr 16, 2025

teacup-on-rockingchair added OVAL OVAL update. Related to the systems assessments. Update Rule Issues or pull requests related to Rules updates. Ubuntu Ubuntu product related. labels Apr 16, 2025

teacup-on-rockingchair requested a review from dodys April 16, 2025 14:49

teacup-on-rockingchair marked this pull request as ready for review April 16, 2025 14:50

openshift-ci bot removed the do-not-merge/work-in-progress Used by openshift-ci bot. label Apr 16, 2025

dodys self-assigned this Apr 17, 2025

dodys approved these changes Apr 17, 2025

View reviewed changes

dodys merged commit 19f597a into ComplianceAsCode:master Apr 17, 2025
101 of 110 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Make accounts password pam pwhistory remember rule use template for SLE etc #13343

Make accounts password pam pwhistory remember rule use template for SLE etc #13343

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Make accounts password pam pwhistory remember rule use template for SLE etc #13343

Make accounts password pam pwhistory remember rule use template for SLE etc #13343

Uh oh!

Conversation

Description:

Rationale:

Review Hints:

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!