Apply suggestions from code review for BSI APP.4.4.A19

Co-authored-by: sluetze <13255307+sluetze@users.noreply.github.com>
ComplianceAsCode · Oct 4, 2024 · b11504b · b11504b
1 parent 029d062
commit b11504b
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 6 deletions.
diff --git a/...ift/high-availability/anti_affinity_or_topology_spread_constraints_in_deployment/rule.yml b/...ift/high-availability/anti_affinity_or_topology_spread_constraints_in_deployment/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-title: 'Ensure deployments have either anti-affinity rules or topology spread constraints'
+title: 'Ensure Deployments have either Anti-Affinity Rules or Topology Spread Constraints'
 
 description: |-
     Distributing Kubernetes pods across nodes and availability zones using pod topology spread
@@ -10,7 +10,7 @@ description: |-
 
     There might be deployments, that do not require high availability or spreading across nodes.
     To limit the number of false positives, this rule only checks deployments with a replica count
-    of more than one. For deployments with one replica neither anti-affinity rules nor topology
+    of more than one. For deployments with one replica, neither anti-affinity rules nor topology
     spread constraints provide any value.
 
     To exclude other deployments from this rule, you can create a regular expression for deployment
@@ -37,7 +37,7 @@ description: |-
     Finally, reference this <tt>TailoredProfile</tt> in a <tt>ScanSettingBinding</tt>
     For more information on Tailoring the Compliance Operator, please consult the
     OpenShift documentation:
-      {{{ weblink(link="https://docs.openshift.com/container-platform/4.16/security/compliance_operator/co-scans/compliance-operator-tailor.html") }}}
+      {{{ weblink(link="https://docs.openshift.com/container-platform/latest/security/compliance_operator/co-scans/compliance-operator-tailor.html") }}}
 
 
 rationale: |-

diff --git a/applications/openshift/high-availability/worker_nodes_in_two_zones_or_more/rule.yml b/applications/openshift/high-availability/worker_nodes_in_two_zones_or_more/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-title: 'Ensure worker nodes are distribute across three failure zones'
+title: 'Ensure Worker Nodes are Distributed Across Three Failure Zones'
 
 description: |- 
     Distributing Kubernetes worker nodes across failure zones enhances security by mitigating

diff --git a/controls/bsi_app_4_4.yml b/controls/bsi_app_4_4.yml
@@ -456,7 +456,8 @@ controls:
       several fire zones based on the location data of the corresponding nodes so that the failure of a
       fire zone will not lead to the failure of an application.
     notes: >-
-      Section 1: OpenShift support topology labels to differentiate between failure zones. To achieve
+      Section 1: OpenShift supports topology labels to differentiate between failure zones. To achieve
+
       continued operation without interruption, nodes of every role need to be spread across zones.
       For quorum-based applications, such as the Kubernetes control plane, three zones are required.
       A sufficient number of control plane nodes and sufficient spreading across zones is checked using
@@ -474,7 +475,8 @@ controls:
       anti-affinity rules or topology spread constraints.
 
       Single Node OpenShift (SNO) is not highly available and therefore incompliant to this control.
-    status: pending
+    status: automated
+
     rules:
       # Section 1, 3
       - multiple_nodes_in_every_role