Update grub2_uefi_password & grub2_uefi_admin_username

[Xeicker]

Description:

• Removed for all products the criterion that allows OVAL to pass if <grub2_boot_path>/grub.cfg is missing. And remove unnecessary test accordingly.
• Update OVAL criteria for OL8 and RHEL8 to only look for the GRUB2_PASSWORD configuration in the file <grub2_boot_path>/user.cfg
• Set grub2_uefi_boot_path in OL8 product.yml

Rationale:

• The absence of grub.cfg only make sense if grub is not installed, this situation is already managed by the grub CPE
• For grub2_uefi_password:
  • It is better to check only the user.cfg file since this is the one generated by the command grub2-setpassword
  • The existence and validity of superusers is already addressed by Update grub2_uefi_admin_username and it is not required in the STIG IDs that grub2_uefi_password covers
• The default grub2_uefi_boot_path was wrong

[openshift-ci]

Hi @Xeicker. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

[github-actions]

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff

OVAL definition oval:ssg-grub2_uefi_admin_username:def:1 differs:
--- old datastream
+++ new datastream
- criterion oval:ssg-test_grub2_uefi_admin_username_file_boot_efi_EFI_redhat_grub_cfg_absent:tst:1
OVAL definition oval:ssg-grub2_uefi_password:def:1 differs:
--- old datastream
+++ new datastream
- criterion oval:ssg-test_grub2_uefi_password_file_boot_efi_EFI_redhat_grub_cfg_absent:tst:1
- criteria AND
- criteria OR
- criterion oval:ssg-test_grub2_uefi_password_grubcfg:tst:1
- criterion oval:ssg-test_bootloader_uefi_superuser:tst:1

[Mab879]

/ok-to-test

[openshift-ci]

@Xeicker: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-rhcos4-moderate	2daeb5b	link	true	/test e2e-aws-rhcos4-moderate
ci/prow/e2e-aws-rhcos4-high	2daeb5b	link	true	/test e2e-aws-rhcos4-high

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[jan-cerny]

Thanks!