From 896385bcde69e4f8eacda60b51fa7593c207b831 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Wed, 7 Oct 2020 12:21:47 +0300
Subject: [PATCH] ocp4: fix basic-auth check

The check is now done through an API check.
---
 .../oval/{shared.xml => ocp3.xml}             |  8 -------
 .../api-server/api_server_basic_auth/rule.yml | 21 ++++++++++++++++++-
 2 files changed, 20 insertions(+), 9 deletions(-)
 rename applications/openshift/api-server/api_server_basic_auth/oval/{shared.xml => ocp3.xml} (71%)

diff --git a/applications/openshift/api-server/api_server_basic_auth/oval/shared.xml b/applications/openshift/api-server/api_server_basic_auth/oval/ocp3.xml
similarity index 71%
rename from applications/openshift/api-server/api_server_basic_auth/oval/shared.xml
rename to applications/openshift/api-server/api_server_basic_auth/oval/ocp3.xml
index a75221bf490..7dbd9cfb97d 100644
--- a/applications/openshift/api-server/api_server_basic_auth/oval/shared.xml
+++ b/applications/openshift/api-server/api_server_basic_auth/oval/ocp3.xml
@@ -14,17 +14,9 @@
     <ind:object object_ref="object_api_server_basic_auth" />
   </ind:textfilecontent54_test>
 
-{{%- if product == "ocp4" %}}
-  <ind:textfilecontent54_object id="object_api_server_basic_auth" version="1">
-    <ind:filepath>/etc/kubernetes/static-pod-resources/configmaps/config/config.yaml</ind:filepath>
-    <ind:pattern operation="pattern match">^.*"basic-auth-file"\:[\s]*\[.*"(\S+)".*\][,]*.*$</ind:pattern>
-    <ind:instance datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-{{% else %}}
   <ind:textfilecontent54_object id="object_api_server_basic_auth" version="1">
     <ind:filepath>/etc/origin/master/master-config.yaml</ind:filepath>
     <ind:pattern operation="pattern match">^[\s]*basic-auth-file\:[\n]+[\s*]-[\s]*(\S+)[\s]*$</ind:pattern>
     <ind:instance datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
-{{%- endif %}}
 </def-group>
diff --git a/applications/openshift/api-server/api_server_basic_auth/rule.yml b/applications/openshift/api-server/api_server_basic_auth/rule.yml
index a6fb01e36a6..858e0f0a774 100644
--- a/applications/openshift/api-server/api_server_basic_auth/rule.yml
+++ b/applications/openshift/api-server/api_server_basic_auth/rule.yml
@@ -48,8 +48,27 @@ ocil: |-
     Run the following command on the master node(s):
 {{%- if product == "ocp4" %}}
     <pre>$ oc get configmap config -n openshift-kube-apiserver -ojson | jq -r '.data["config.yaml"]' | jq '.apiServerArguments["basic-auth-file"]'</pre>
-    The output should return <pre>false</pre>.
+    The output should return <pre>null</pre>.
 {{% else %}}
     <pre>$ sudo grep -A2 basic-auth-file /etc/origin/master/master-config.yaml</pre>
 {{%- endif %}}
     The output should return no output.
+
+{{%- if product == "ocp4" %}}
+warnings:
+    - general: |-
+        {{{ openshift_cluster_setting("/api/v1/namespaces/openshift-kube-apiserver/configmaps/config") | indent(8) }}}
+{{%- endif %}}
+
+# This is updated for OCP4
+template:
+    name: yamlfile_value
+    vars:
+        filepath: '/api/v1/namespaces/openshift-kube-apiserver/configmaps/config'
+        yamlpath: ".data['config.yaml']"
+        value: "basic-auth"
+        type: "string"
+        operation: "pattern match"
+        entity_check: "none satisfy"
+        ocp_data: "true"
+