OCPBUGS-17828: Fix rule instruction

[Vincent056]

This is to fix the rule instruction so that we can display as multiline string instead of pre-wrap text, and user is able to copy and run oc command in the instruction without having to remove escape. The issue was caused by space before newline made it not able to output multiline yaml formate.

[openshift-ci-robot]

@Vincent056: This pull request references Jira Issue OCPBUGS-17828, which is invalid:

• expected the bug to target the "4.17.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to [this](https://github.com/ComplianceAsCode/compliance-operator/pull/537): >This is to fix the rule instruction so that we can display as multiline string instead of pre-wrap text, and user is able to copy and run oc command in the instruction without having to remove escape. The issue was caused by space before newline made it not able to output multiline yaml formate. Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=ComplianceAsCode%2Fcompliance-operator). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.

[Vincent056]

To verify make sure no output for: [vincent@node compliance-operator]$ oc get rule -o yaml | grep "instructions: \""

[openshift-ci[bot]]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Vincent056, yuumasato

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/ComplianceAsCode/compliance-operator/blob/master/OWNERS)~~ [Vincent056] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[xiaojiey]

/hold for test

[xiaojiey]

Verification pass with https://github.com/ComplianceAsCode/compliance-operator/pull/537 + https://github.com/ComplianceAsCode/content/pull/12071:

## instructions
% oc get rule upstream-ocp4-scc-limit-container-allowed-capabilities -o=jsonpath={.instructions}
This rule checks the SCCs with allowedCapabilities set to non-null
and fails if there are more such SCCs than those allowed in the variable
named ocp4-var-sccs-with-allowed-capabilities-regex. To debug the rule,
check the variable value, e.g:
$ oc get variable ocp4-var-sccs-with-allowed-capabilities-regex  -ojsonpath='{.value}'
Then use following command to list the SCCs that would fail the test:
$ oc get  scc -o json | jq '[.items[] | select(.metadata.name | test("^privileged$|^hostnetwork-v2$|^restricted-v2$|^nonroot-v2$"; "") | not) | select(.allowedCapabilities != null) | .metadata.name]'
Please replace the regular expression in the test command with the value read from the variable
ocp4-var-sccs-with-allowed-capabilities-regex. You can read the variable
value with:
$ oc get variable ocp4-var-sccs-with-allowed-capabilities-regex -ojsonpath='{.value}' -n openshift-compliance
Is it the case that allowed capabilities listings in SCCs needs review?%    

###default output for commands in the instruction                                                                                         
% oc get  scc -o json | jq '[.items[] | select(.metadata.name | test("^privileged$|^hostnetwork-v2$|^restricted-v2$|^nonroot-v2$"; "") | not) | select(.allowedCapabilities != null) | .metadata.name]'
[]
% oc get variable ocp4-var-sccs-with-allowed-capabilities-regex -ojsonpath='{.value}' -n openshift-compliance
^privileged$|^hostnetwork-v2$|^restricted-v2$|^nonroot-v2$%  
###output with a cutom scc:
 % cat scc_test.yaml 
allowHostDirVolumePlugin: true
allowHostIPC: false
allowHostNetwork: true
allowHostPID: true
allowHostPorts: true
allowPrivilegeEscalation: true
allowPrivilegedContainer: true
allowedCapabilities:
- NET_BIND_SERVICE
apiVersion: security.openshift.io/v1
defaultAddCapabilities: null
fsGroup:
  type: RunAsAny
groups: []
kind: SecurityContextConstraints
metadata:
  annotations:
    kubernetes.io/description: test-scc scc is used for test purpose
  name: test-scc
priority: null
readOnlyRootFilesystem: false
requiredDropCapabilities: null
runAsUser:
  type: RunAsAny
seLinuxContext:
  type: RunAsAny
seccompProfiles:
- runtime/default
supplementalGroups:
  type: RunAsAny
users: []
volumes:
- '*'
% oc apply -f scc_test.yaml
securitycontextconstraints.security.openshift.io/test-scc created
% oc get  scc -o json | jq '[.items[] | select(.metadata.name | test("^privileged$|^hostnetwork-v2$|^restricted-v2$|^nonroot-v2$"; "") | not) | select(.allowedCapabilities != null) | .metadata.name]'
[
  "test-scc"
]

[xiaojiey]

/unhold /label-qe-approved

[xiaojiey]

/unhold

[xiaojiey]

/label qe-approved

[yuumasato]

/jira refresh

[openshift-ci-robot]

@yuumasato: This pull request references Jira Issue OCPBUGS-17828, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

* bug is open, matching expected state (open) * bug target version (4.17.0) matches configured target version for branch (4.17.0) * bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact: /cc @xiaojiey

In response to [this](https://github.com/ComplianceAsCode/compliance-operator/pull/537#issuecomment-2189098091): >/jira refresh Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=ComplianceAsCode%2Fcompliance-operator). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.

[yuumasato]

This was approved by QE already.

/label qe-approved

[openshift-ci-robot]

@Vincent056: This pull request references Jira Issue OCPBUGS-17828, which is valid.

3 validation(s) were run on this bug

* bug is open, matching expected state (open) * bug target version (4.17.0) matches configured target version for branch (4.17.0) * bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact: /cc @xiaojiey

In response to [this](https://github.com/ComplianceAsCode/compliance-operator/pull/537): >This is to fix the rule instruction so that we can display as multiline string instead of pre-wrap text, and user is able to copy and run oc command in the instruction without having to remove escape. The issue was caused by space before newline made it not able to output multiline yaml formate. Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=ComplianceAsCode%2Fcompliance-operator). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.

[openshift-ci-robot]

@Vincent056: Jira Issue OCPBUGS-17828: All pull requests linked via external trackers have merged:

• ComplianceAsCode/compliance-operator#537

Jira Issue OCPBUGS-17828 has been moved to the MODIFIED state.

In response to [this](https://github.com/ComplianceAsCode/compliance-operator/pull/537): >This is to fix the rule instruction so that we can display as multiline string instead of pre-wrap text, and user is able to copy and run oc command in the instruction without having to remove escape. The issue was caused by space before newline made it not able to output multiline yaml formate. Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=ComplianceAsCode%2Fcompliance-operator). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.