add cis to the cis-profile enum

Signed-off-by: Ashley Dumaine <[email protected]>

Author: AshleyDumaine

bootstrap/api/v1alpha1/rke2config_types.go

@@ -102,7 +102,7 @@ type RKE2AgentConfig struct {
 	Snapshotter string `json:"snapshotter,omitempty"`
 
 	// CISProfile activates CIS compliance of RKE2 for a certain profile
-	// +kubebuilder:validation:Enum=cis-1.23;cis-1.5;cis-1.6
+	// +kubebuilder:validation:Enum=cis;cis-1.23;cis-1.5;cis-1.6
 	//+optional
 	CISProfile CISProfile `json:"cisProfile,omitempty"`
 
@@ -256,6 +256,9 @@ type RKE2ConfigList struct {
 type CISProfile string
 
 const (
+	// CIS references RKE2's CIS Profile "cis".
+	CIS CISProfile = "cis"
+
 	// CIS1_23 references RKE2's CIS Profile "cis-1.23".
 	CIS1_23 CISProfile = "cis-1.23"
 

bootstrap/api/v1beta1/rke2config_types.go

@@ -102,7 +102,7 @@ type RKE2AgentConfig struct {
 	Snapshotter string `json:"snapshotter,omitempty"`
 
 	// CISProfile activates CIS compliance of RKE2 for a certain profile
-	// +kubebuilder:validation:Enum=cis-1.23;cis-1.5;cis-1.6
+	// +kubebuilder:validation:Enum=cis;cis-1.23;cis-1.5;cis-1.6
 	//+optional
 	CISProfile CISProfile `json:"cisProfile,omitempty"`
 
@@ -257,6 +257,9 @@ type RKE2ConfigList struct {
 type CISProfile string
 
 const (
+	// CIS references RKE2's CIS Profile "cis".
+	CIS CISProfile = "cis"
+
 	// CIS1_23 references RKE2's CIS Profile "cis-1.23".
 	CIS1_23 CISProfile = "cis-1.23"
 

bootstrap/config/crd/bases/bootstrap.cluster.x-k8s.io_rke2configs.yaml

@@ -78,6 +78,7 @@ spec:
                     description: CISProfile activates CIS compliance of RKE2 for a
                       certain profile
                     enum:
+                    - cis
                     - cis-1.23
                     - cis-1.5
                     - cis-1.6
@@ -665,6 +666,7 @@ spec:
                     description: CISProfile activates CIS compliance of RKE2 for a
                       certain profile
                     enum:
+                    - cis
                     - cis-1.23
                     - cis-1.5
                     - cis-1.6

bootstrap/config/crd/bases/bootstrap.cluster.x-k8s.io_rke2configtemplates.yaml

@@ -90,6 +90,7 @@ spec:
                             description: CISProfile activates CIS compliance of RKE2
                               for a certain profile
                             enum:
+                            - cis
                             - cis-1.23
                             - cis-1.5
                             - cis-1.6
@@ -640,6 +641,7 @@ spec:
                             description: CISProfile activates CIS compliance of RKE2
                               for a certain profile
                             enum:
+                            - cis
                             - cis-1.23
                             - cis-1.5
                             - cis-1.6

controlplane/config/crd/bases/controlplane.cluster.x-k8s.io_rke2controlplanes.yaml

@@ -78,6 +78,7 @@ spec:
                     description: CISProfile activates CIS compliance of RKE2 for a
                       certain profile
                     enum:
+                    - cis
                     - cis-1.23
                     - cis-1.5
                     - cis-1.6
@@ -1310,6 +1311,7 @@ spec:
                     description: CISProfile activates CIS compliance of RKE2 for a
                       certain profile
                     enum:
+                    - cis
                     - cis-1.23
                     - cis-1.5
                     - cis-1.6

controlplane/config/crd/bases/controlplane.cluster.x-k8s.io_rke2controlplanetemplates.yaml

@@ -133,6 +133,7 @@ spec:
                             description: CISProfile activates CIS compliance of RKE2
                               for a certain profile
                             enum:
+                            - cis
                             - cis-1.23
                             - cis-1.5
                             - cis-1.6

pkg/rke2/config_test.go

@@ -280,7 +280,7 @@ var _ = Describe("RKE2 Agent Config", func() {
 				LoadBalancerPort:      1234,
 				NodeLabels:            []string{"testlabel"},
 				NodeTaints:            []string{"testtaint"},
-				CISProfile:            bootstrapv1.CIS1_23, //nolint:nosnakecase
+				CISProfile:            bootstrapv1.CIS, //nolint:nosnakecase
 				ProtectKernelDefaults: true,
 				ResolvConf: &corev1.ObjectReference{
 					Name:      "test",

pkg/util/util.go

@@ -201,6 +201,8 @@ func ProfileCompliant(profile bootstrapv1.CISProfile, version string) bool {
 	}
 
 	switch profile {
+	case bootstrapv1.CIS:
+		return isAtLeastv125
 	case bootstrapv1.CIS1_23:
 		return isAtLeastv125
 	case bootstrapv1.CIS1_5: