From 7a538068635ae8bcb1ed3f580f2b31d2c704c8c1 Mon Sep 17 00:00:00 2001
From: Roberto Rojas <robertojrojas@gmail.com>
Date: Fri, 30 Aug 2019 03:56:48 -0400
Subject: [PATCH] fixes issue #346 by explicitly only checking read-only
 property (#404)

---
 cfg/1.11-json/node.yaml | 3 ---
 cfg/1.13-json/node.yaml | 3 ---
 2 files changed, 6 deletions(-)

diff --git a/cfg/1.11-json/node.yaml b/cfg/1.11-json/node.yaml
index 9f0b454..7c1b035 100644
--- a/cfg/1.11-json/node.yaml
+++ b/cfg/1.11-json/node.yaml
@@ -96,10 +96,7 @@ groups:
     text: "Ensure that the --read-only-port argument is set to 0 (Scored)"
     audit: "cat $kubeletconf"
     tests:
-      bin_op: or
       test_items:
-      - path: "{.readOnlyPort}"
-        set: false
       - path: "{.readOnlyPort}"
         compare:
           op: eq
diff --git a/cfg/1.13-json/node.yaml b/cfg/1.13-json/node.yaml
index 574b567..e4fde58 100644
--- a/cfg/1.13-json/node.yaml
+++ b/cfg/1.13-json/node.yaml
@@ -74,15 +74,12 @@ groups:
     text: "Ensure that the --read-only-port argument is set to 0 (Scored)"
     audit: "cat $kubeletconf"
     tests:
-      bin_op: or
       test_items:
       - path: "{.readOnlyPort}"
         compare:
           op: eq
           value: 0
         set: true
-      - path: "{.readOnlyPort}"
-        set: false
     remediation: |
       If using a Kubelet config file, edit the file to set readOnlyPort to 0 .
       If using command line arguments, edit the kubelet service file
-- 
GitLab