CMP-2366: Update service_autofs_disabled default e2e result

[rhmdnd]

Since
1ce0c75
landed, this rule is only invoked if the autofs package is installed. By
default, at least with OpenShift 4.13+, it isn't installed which means
the default result is NOT-APPLICABLE.

This commit updates the default testing result for the rule to match
what happens in real clusters since we're being more selective about
when to run the rule.

[rhmdnd]

/test

[openshift-ci]

@rhmdnd: The /test command needs one or more targets.
The following commands are available to trigger required jobs:

• /test 4.13-images
• /test 4.14-images
• /test 4.15-images
• /test 4.16-images
• /test e2e-aws-ocp4-cis
• /test e2e-aws-ocp4-cis-node
• /test e2e-aws-ocp4-e8
• /test e2e-aws-ocp4-high
• /test e2e-aws-ocp4-high-node
• /test e2e-aws-ocp4-moderate
• /test e2e-aws-ocp4-moderate-node
• /test e2e-aws-ocp4-pci-dss
• /test e2e-aws-ocp4-pci-dss-node
• /test e2e-aws-ocp4-stig
• /test e2e-aws-ocp4-stig-node
• /test e2e-aws-rhcos4-e8
• /test e2e-aws-rhcos4-high
• /test e2e-aws-rhcos4-moderate
• /test e2e-aws-rhcos4-stig
• /test images

Use /test all to run the following jobs that were automatically triggered:

• pull-ci-ComplianceAsCode-content-master-4.13-images
• pull-ci-ComplianceAsCode-content-master-4.14-images
• pull-ci-ComplianceAsCode-content-master-4.15-images
• pull-ci-ComplianceAsCode-content-master-4.16-images
• pull-ci-ComplianceAsCode-content-master-images

In response to this:

/test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[rhmdnd]

/test e2e-aws-rhcos4-high

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment

Oracle Linux 8 Environment

[codeclimate]

Code Climate has analyzed commit c970da7 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 58.3% (0.0% change).

View more on Code Climate.

[openshift-ci]

@rhmdnd: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-rhcos4-high	c970da7	link	true	/test e2e-aws-rhcos4-high

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[rhmdnd]

Seems to work as expected:

helpers.go:808: Result - Name: e2e-high-master-service-autofs-disabled - Status: NOT-APPLICABLE - Severity: medium
helpers.go:881: Rule service_autofs_disabled matched expected result 

The other failures in the high profile run are unrelated to this patch and being fixed separately.

[Vincent056]

it looks like it passed the test here, I wonder if we need to change the expected test result to versioned Test result. To have test for OCP 4.12 before it reaches end of life, actually since we are not testing CI on 4.12 I think this should be fine.

[Vincent056]

Title
	Disable the Automounter
Rule
	xccdf_org.ssgproject.content_rule_service_autofs_disabled
Ident
	CCE-82663-6
I: oscap: Evaluating XCCDF rule 'xccdf_org.ssgproject.content_rule_service_autofs_disabled'.
I: oscap: Evaluating definition 'oval:ssg-installed_OS_is_rhcos4:def:1': Red Hat Enterprise Linux CoreOS.
I: oscap: Definition 'oval:ssg-installed_OS_is_rhcos4:def:1' evaluated as true.
I: oscap: Evaluating definition 'oval:ssg-installed_env_is_a_machine:def:1': Check if the scan target is a machine.
I: oscap: Definition 'oval:ssg-installed_env_is_a_machine:def:1' evaluated as true.
I: oscap: Evaluating definition 'oval:ssg-package_autofs:def:1': Package autofs is installed.
I: oscap: Evaluating rpminfo test 'oval:ssg-inventory_test_package_autofs_installed:tst:1': package autofs is installed.
I: oscap: Querying rpminfo object 'oval:ssg-obj_inventory_test_package_autofs_installed:obj:1', flags: 0.
I: oscap: Creating new syschar for rpminfo_object 'oval:ssg-obj_inventory_test_package_autofs_installed:obj:1'.
I: oscap: Switching probe to PROBE_OFFLINE_CHROOT mode.
I: oscap: I will run rpminfo_probe_main:
I: oscap: Package "autofs" not found.
I: oscap: Leaving chroot mode
I: oscap: Test 'oval:ssg-inventory_test_package_autofs_installed:tst:1' requires that every object defined by 'oval:ssg-obj_inventory_test_package_autofs_installed:obj:1' exists on the system.
I: oscap: 0 objects defined by 'oval:ssg-obj_inventory_test_package_autofs_installed:obj:1' exist on the system.
I: oscap: Test 'oval:ssg-inventory_test_package_autofs_installed:tst:1' does not contain any state to compare object with.
I: oscap: No item matching object 'oval:ssg-obj_inventory_test_package_autofs_installed:obj:1' was found on the system. (flag=does not exist)
I: oscap: Test 'oval:ssg-inventory_test_package_autofs_installed:tst:1' evaluated as false.
I: oscap: Definition 'oval:ssg-package_autofs:def:1' evaluated as false.
I: oscap: Rule 'xccdf_org.ssgproject.content_rule_service_autofs_disabled' is not applicable.
Result
	notapplicable

working as expected here

[Vincent056]

/lgtm

[rhmdnd]

Adding @BhargaviGudi for review.

[BhargaviGudi]

/hold for test

[BhargaviGudi]

/unhold

[BhargaviGudi]

/lgtm