Add support for disa stig version v2r4

Author: AleksandarSavchev

docs/providers/garden.md

@@ -8,9 +8,9 @@ The `Garden` provider is capable of accessing a Garden cluster environment and r
 
 The `Garden` provider implements the following `rulesets`:
 - [Security Hardened Shoot Cluster](../rulesets/security-hardened-shoot-cluster/ruleset.md)
-    - v0.2.1
-    - v0.2.0
-    - v0.1.0
+  - v0.2.1
+  - v0.2.0
+  - v0.1.0
 
 ### Configuration
 

docs/providers/gardener.md

@@ -8,9 +8,9 @@ The `Gardener` provider is capable of accessing a `seed/shoot` environment and r
 
 The `Gardener` provider implements the following `rulesets`:
 - [DISA Kubernetes Security Technical Implementation Guide](../rulesets/disa-k8s-stig/ruleset.md)
-    - v2r3
-    - v2r2
-    
+  - v2r4
+  - v2r3
+
 ### Configuration
 
 See an [example Diki configuration](../../example/config/gardener.yaml) for this provider.

docs/providers/managedk8s.md

@@ -10,8 +10,8 @@ The `Managed Kubernetes` provider is capable of accessing a managed Kubernetes e
 The `Managed Kubernetes` provider implements the following `rulesets`:
 
 - [DISA Kubernetes Security Technical Implementation Guide](../rulesets/disa-k8s-stig/ruleset.md)
+  - v2r4
   - v2r3
-  - v2r2
 
 - [Security Hardened Kubernetes Cluster](../rulesets/security-hardened-k8s/ruleset.md)
   - v0.1.0

docs/providers/virtualgarden.md

@@ -8,9 +8,8 @@ The `Virtual Garden` provider is capable of accessing a `runtime/virtual garden`
 
 The `Gardener` provider implements the following `rulesets`:
 - [DISA Kubernetes Security Technical Implementation Guide](../rulesets/disa-k8s-stig/ruleset.md)
-    - v2r3
-    - v2r2
-    
+  - v2r4
+  - v2r3
 
 ### Configuration
 

example/config/gardener.yaml

@@ -15,7 +15,7 @@ providers:             # contains information about known providers
   rulesets:
   - id: disa-kubernetes-stig
     name: DISA Kubernetes Security Technical Implementation Guide
-    version: v2r3
+    version: v2r4
     # args:
     #   maxRetries: 1 # number of maximum rule run retries. Defaults to 1 
     ruleOptions:

example/config/managedk8s.yaml

@@ -11,7 +11,7 @@ providers:                   # contains information about known providers
   rulesets:
   - id: disa-kubernetes-stig
     name: DISA Kubernetes Security Technical Implementation Guide
-    version: v2r3
+    version: v2r4
     # args:
     #   maxRetries: 1 # number of maximum rule run retries. Defaults to 1
     ruleOptions:

example/config/virtualgarden.yaml

@@ -10,7 +10,7 @@ providers:               # contains information about known providers
   rulesets:
   - id: disa-kubernetes-stig
     name: DISA Kubernetes Security Technical Implementation Guide
-    version: v2r3
+    version: v2r4
     # args:
     #   maxRetries: 1 # number of maximum rule run retries. Defaults to 1 
     ruleOptions:

hack/run.sh

@@ -9,7 +9,7 @@ set -e
 rule_id=""
 provider="gardener"
 ruleset_id="disa-kubernetes-stig"
-ruleset_version="v2r3"
+ruleset_version="v2r4"
 run_all="false"
 
 
@@ -29,7 +29,7 @@ This command runs diki with a specified config file.
                       specified ruleset are executed.
     --provider        Ruleset provider. Defaults to "gardener".
     --ruleset-id      ID of ruleset that will be ran. Defaults to "disa-kubernetes-stig".
-    --ruleset-version Version of ruleset that will be ran. Defaults to "v2r3".
+    --ruleset-version Version of ruleset that will be ran. Defaults to "v2r4".
     
   environment variables:
     IMAGEVECTOR_OVERWRITE Overwrites diki/imagesvector/images.yaml file with specified file path.

pkg/provider/gardener/ruleset/disak8sstig/ruleset.go

@@ -33,7 +33,7 @@ var (
 	_ ruleset.Ruleset = &Ruleset{}
 	// SupportedVersions is a list of available versions for the DISA Kubernetes STIG Ruleset.
 	// Versions are sorted from newest to oldest.
-	SupportedVersions = []string{"v2r3", "v2r2"}
+	SupportedVersions = []string{"v2r4", "v2r3"}
 )
 
 // Ruleset implements DISA Kubernetes STIG.
@@ -128,18 +128,18 @@ func FromGenericConfig(rulesetConfig config.RulesetConfig, additionalOpsPodLabel
 	}
 
 	switch rulesetConfig.Version {
-	case "v2r2":
-		if err := ruleset.validateV2R2RuleOptions(indexedRuleOptions, fldPath.Child("ruleOptions")); err != nil {
+	case "v2r3":
+		if err := ruleset.validateV2R3RuleOptions(indexedRuleOptions, fldPath.Child("ruleOptions")); err != nil {
 			return nil, err
 		}
-		if err := ruleset.registerV2R2Rules(ruleOptions); err != nil {
+		if err := ruleset.registerV2R3Rules(ruleOptions); err != nil {
 			return nil, err
 		}
-	case "v2r3":
-		if err := ruleset.validateV2R3RuleOptions(indexedRuleOptions, fldPath.Child("ruleOptions")); err != nil {
+	case "v2r4":
+		if err := ruleset.validateV2R4RuleOptions(indexedRuleOptions, fldPath.Child("ruleOptions")); err != nil {
 			return nil, err
 		}
-		if err := ruleset.registerV2R3Rules(ruleOptions); err != nil {
+		if err := ruleset.registerV2R4Rules(ruleOptions); err != nil {
 			return nil, err
 		}
 	default:

pkg/provider/gardener/ruleset/disak8sstig/v2r3_ruleset.go

@@ -112,7 +112,7 @@ func (r *Ruleset) registerV2R3Rules(ruleOptions map[string]config.RuleOptionsCon
 		return err
 	}
 
-	opts242390, err := getV2R2OptionOrNil[sharedrules.Options242390](ruleOptions[sharedrules.ID242390].Args)
+	opts242390, err := getV2R3OptionOrNil[sharedrules.Options242390](ruleOptions[sharedrules.ID242390].Args)
 	if err != nil {
 		return fmt.Errorf("rule option 242390 error: %s", err.Error())
 	}