add cis to the cis-profile enum

AshleyDumaine · AshleyDumaine · commit b7a21fb0c7e4 · 2024-04-19T13:25:30.000-04:00
Signed-off-by: Ashley Dumaine &lt;ashley.dumaine@gmail.com&gt;
diff --git a/bootstrap/api/v1alpha1/rke2config_types.go b/bootstrap/api/v1alpha1/rke2config_types.go
@@ -102,7 +102,7 @@ type RKE2AgentConfig struct {
 	Snapshotter string `json:"snapshotter,omitempty"`
 
 	// CISProfile activates CIS compliance of RKE2 for a certain profile
-	// +kubebuilder:validation:Enum=cis-1.23;cis-1.5;cis-1.6
+	// +kubebuilder:validation:Enum=cis;cis-1.23;cis-1.5;cis-1.6
 	//+optional
 	CISProfile CISProfile `json:"cisProfile,omitempty"`
 
@@ -256,6 +256,9 @@ type RKE2ConfigList struct {
 type CISProfile string
 
 const (
+	// CIS references RKE2's CIS Profile "cis".
+	CIS CISProfile = "cis"
+
 	// CIS1_23 references RKE2's CIS Profile "cis-1.23".
 	CIS1_23 CISProfile = "cis-1.23"
 
diff --git a/bootstrap/api/v1beta1/rke2config_types.go b/bootstrap/api/v1beta1/rke2config_types.go
@@ -102,7 +102,7 @@ type RKE2AgentConfig struct {
 	Snapshotter string `json:"snapshotter,omitempty"`
 
 	// CISProfile activates CIS compliance of RKE2 for a certain profile
-	// +kubebuilder:validation:Enum=cis-1.23;cis-1.5;cis-1.6
+	// +kubebuilder:validation:Enum=cis;cis-1.23;cis-1.5;cis-1.6
 	//+optional
 	CISProfile CISProfile `json:"cisProfile,omitempty"`
 
@@ -256,6 +256,9 @@ type RKE2ConfigList struct {
 type CISProfile string
 
 const (
+	// CIS references RKE2's CIS Profile "cis".
+	CIS CISProfile = "cis"
+
 	// CIS1_23 references RKE2's CIS Profile "cis-1.23".
 	CIS1_23 CISProfile = "cis-1.23"
 
diff --git a/bootstrap/config/crd/bases/bootstrap.cluster.x-k8s.io_rke2configs.yaml b/bootstrap/config/crd/bases/bootstrap.cluster.x-k8s.io_rke2configs.yaml
@@ -74,6 +74,7 @@ spec:
                     description: CISProfile activates CIS compliance of RKE2 for a
                       certain profile
                     enum:
+                    - cis
                     - cis-1.23
                     - cis-1.5
                     - cis-1.6
@@ -632,6 +633,7 @@ spec:
                     description: CISProfile activates CIS compliance of RKE2 for a
                       certain profile
                     enum:
+                    - cis
                     - cis-1.23
                     - cis-1.5
                     - cis-1.6
diff --git a/bootstrap/config/crd/bases/bootstrap.cluster.x-k8s.io_rke2configtemplates.yaml b/bootstrap/config/crd/bases/bootstrap.cluster.x-k8s.io_rke2configtemplates.yaml
@@ -88,6 +88,7 @@ spec:
                             description: CISProfile activates CIS compliance of RKE2
                               for a certain profile
                             enum:
+                            - cis
                             - cis-1.23
                             - cis-1.5
                             - cis-1.6
@@ -635,6 +636,7 @@ spec:
                             description: CISProfile activates CIS compliance of RKE2
                               for a certain profile
                             enum:
+                            - cis
                             - cis-1.23
                             - cis-1.5
                             - cis-1.6
diff --git a/controlplane/config/crd/bases/controlplane.cluster.x-k8s.io_rke2controlplanes.yaml b/controlplane/config/crd/bases/controlplane.cluster.x-k8s.io_rke2controlplanes.yaml
@@ -74,6 +74,7 @@ spec:
                     description: CISProfile activates CIS compliance of RKE2 for a
                       certain profile
                     enum:
+                    - cis
                     - cis-1.23
                     - cis-1.5
                     - cis-1.6
@@ -1254,6 +1255,7 @@ spec:
                     description: CISProfile activates CIS compliance of RKE2 for a
                       certain profile
                     enum:
+                    - cis
                     - cis-1.23
                     - cis-1.5
                     - cis-1.6
diff --git a/controlplane/config/crd/bases/controlplane.cluster.x-k8s.io_rke2controlplanetemplates.yaml b/controlplane/config/crd/bases/controlplane.cluster.x-k8s.io_rke2controlplanetemplates.yaml
@@ -120,6 +120,7 @@ spec:
                             description: CISProfile activates CIS compliance of RKE2
                               for a certain profile
                             enum:
+                            - cis
                             - cis-1.23
                             - cis-1.5
                             - cis-1.6
diff --git a/pkg/rke2/config_test.go b/pkg/rke2/config_test.go
@@ -280,7 +280,7 @@ var _ = Describe("RKE2 Agent Config", func() {
 				LoadBalancerPort:      1234,
 				NodeLabels:            []string{"testlabel"},
 				NodeTaints:            []string{"testtaint"},
-				CISProfile:            bootstrapv1.CIS1_23, //nolint:nosnakecase
+				CISProfile:            bootstrapv1.CIS, //nolint:nosnakecase
 				ProtectKernelDefaults: true,
 				ResolvConf: &corev1.ObjectReference{
 					Name:      "test",
diff --git a/pkg/util/util.go b/pkg/util/util.go
@@ -192,6 +192,8 @@ func ProfileCompliant(profile bootstrapv1.CISProfile, version string) bool {
 	}
 
 	switch profile {
+	case bootstrapv1.CIS:
+		return isAtLeastv125
 	case bootstrapv1.CIS1_23:
 		return isAtLeastv125
 	case bootstrapv1.CIS1_5:

Original file line number	Diff line number	Diff line change
`@@ -192,6 +192,8 @@ func ProfileCompliant(profile bootstrapv1.CISProfile, version string) bool {`
`192`	`192`	`}`
`193`	`193`
`194`	`194`	`switch profile {`
	`195`	`+ case bootstrapv1.CIS:`
	`196`	`+ return isAtLeastv125`
`195`	`197`	`case bootstrapv1.CIS1_23:`
`196`	`198`	`return isAtLeastv125`
`197`	`199`	`case bootstrapv1.CIS1_5:`