diff --git a/CATALOG.md b/CATALOG.md index fd8b5ff921..a06745ca15 100644 --- a/CATALOG.md +++ b/CATALOG.md @@ -1127,8 +1127,8 @@ Tags|telco,observability Property|Description ---|--- Unique ID|operator-automount-tokens -Description|Tests that check the pods created by the operator ensure that the automount service account token is disabled. -Suggested Remediation|Ensure that the pods created by the operator have the automount service account token disabled. +Description|Tests that check that the pods disable the automount service account token." +Suggested Remediation|Ensure that the pods have the automount service account token disabled. Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-operator-requirements Exception Process|No exceptions Tags|common,operator @@ -1223,8 +1223,8 @@ Tags|common,operator Property|Description ---|--- Unique ID|operator-read-only-file-system -Description|Tests that check the pods created by the operator ensure that the read-only root filesystem setting is enabled. -Suggested Remediation|Ensure that the pods created by the operator have the read-only root filesystem setting enabled. +Description|Tests that check that the pods have the read-only root filesystem setting enabled. +Suggested Remediation|Ensure that the pods have the read-only root filesystem setting enabled. Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-operator-requirements Exception Process|No exceptions Tags|common,operator @@ -1239,8 +1239,8 @@ Tags|common,operator Property|Description ---|--- Unique ID|operator-run-as-non-root -Description|Tests that checks the pods created by the operator is run as non root. -Suggested Remediation|Ensure that the pods created by the operator are run as non-root. +Description|Tests that checks the pods ensure they are run as non root. +Suggested Remediation|Ensure that the pods are running as non root. Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-operator-requirements Exception Process|No exceptions Tags|common,operator @@ -1255,8 +1255,8 @@ Tags|common,operator Property|Description ---|--- Unique ID|operator-run-as-user-id -Description|Tests that checks the user id of the pods created by the operator is not 0 -Suggested Remediation|Ensure that the user ID of the pods created by the operator is not 0. +Description|Tests that checks the user id of the pods ensure it is not 0. +Suggested Remediation|Ensure that the user ID of the pods is not 0. Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-operator-requirements Exception Process|No exceptions Tags|common,operator diff --git a/cnf-certification-test/identifiers/identifiers.go b/cnf-certification-test/identifiers/identifiers.go index 4876055465..1c466d5770 100644 --- a/cnf-certification-test/identifiers/identifiers.go +++ b/cnf-certification-test/identifiers/identifiers.go @@ -937,7 +937,7 @@ that Node's kernel may not have the same hacks.'`, TestOperatorRunAsUserID = AddCatalogEntry( "run-as-user-id", common.OperatorTestKey, - `Tests that checks the user id of the pods created by the operator is not 0`, + `Tests that checks the user id of the pods ensure it is not 0.`, OperatorRunAsUserID, NoExceptions, TestOperatorRunAsUserIDDocLink, @@ -953,7 +953,7 @@ that Node's kernel may not have the same hacks.'`, TestOperatorRunAsNonRoot = AddCatalogEntry( "run-as-non-root", common.OperatorTestKey, - `Tests that checks the pods created by the operator is run as non root.`, + `Tests that checks the pods ensure they are run as non root.`, OperatorRunAsNonRoot, NoExceptions, TestOperatorRunAsNonRootDocLink, @@ -969,7 +969,7 @@ that Node's kernel may not have the same hacks.'`, TestOperatorAutomountTokens = AddCatalogEntry( "automount-tokens", common.OperatorTestKey, - `Tests that check the pods created by the operator ensure that the automount service account token is disabled.`, + `Tests that check that the pods disable the automount service account token."`, OperatorAutomountTokens, NoExceptions, TestOperatorAutomountTokensDocLink, @@ -985,7 +985,7 @@ that Node's kernel may not have the same hacks.'`, TestOperatorReadOnlyFilesystem = AddCatalogEntry( "read-only-file-system", common.OperatorTestKey, - `Tests that check the pods created by the operator ensure that the read-only root filesystem setting is enabled.`, + `Tests that check that the pods have the read-only root filesystem setting enabled.`, OperatorReadOnlyFilesystem, NoExceptions, TestOperatorReadOnlyFilesystemDocLink, diff --git a/cnf-certification-test/identifiers/remediation.go b/cnf-certification-test/identifiers/remediation.go index 88ae2df3df..619cc9498a 100644 --- a/cnf-certification-test/identifiers/remediation.go +++ b/cnf-certification-test/identifiers/remediation.go @@ -83,13 +83,13 @@ const ( OperatorCrdSchemaIdentifierRemediation = `Ensure that the Operator CRD is defined with OpenAPI spec.` - OperatorRunAsUserID = `Ensure that the user ID of the pods created by the operator is not 0.` + OperatorRunAsUserID = `Ensure that the user ID of the pods is not 0.` - OperatorRunAsNonRoot = `Ensure that the pods created by the operator are run as non-root.` + OperatorRunAsNonRoot = `Ensure that the pods are running as non root.` - OperatorAutomountTokens = `Ensure that the pods created by the operator have the automount service account token disabled.` + OperatorAutomountTokens = `Ensure that the pods have the automount service account token disabled.` - OperatorReadOnlyFilesystem = `Ensure that the pods created by the operator have the read-only root filesystem setting enabled.` + OperatorReadOnlyFilesystem = `Ensure that the pods have the read-only root filesystem setting enabled.` OperatorCrdVersioningRemediation = `Ensure that the Operator CRD has a valid version.`