create a PR on the parent repo

[tmishina]

Description

This PR enables the OCP4 checks for the control-plane components of managed OpenShift services such as HyperShift.

In a managed OpenShift environment, some check target API resources are moved to locations which is not expected in the rules of ComplianceAsCode/content.

This PR solves the issue of the check target location by following changes. After this modification, user can specify the location in XCCDF variables at runtime.

1. a jinja macro to embed a variable which points to a resource
2. a jinja macro to specify a variable which points to the filepath for the resource
3. actural rules for HyperShift clusters

For item 1, as of now, we use a new macro openshift_resource_path_xccdf to embed a reference to a variable. (This part will be replaced a new code because of the discussion in the other PR)

For the item 2, my PR introduces a new element filepath_xccdf_variable in .templates.yamlfile_value of rule.yml. However, is not smart - filepath is still required to avoid error.

I'd like to start discussion from this topics (comment on the CO repo) about filepath_xccdf_variable - how to avoid using two elements in a single yamlfile_value template?

Rationale

• This PR expands the capability of ComplianceAsCode/content and Compliance Operator to various kinds of installations including managed OpenShift Services

Related Topics

• Enable runtime customization of API resource collection paths for HyperShift support by tmishina · Pull Request #750 · openshift/compliance-operator

[tmishina]

https://github.com/ComplianceAsCode/content/pull/7928