From 08c3f945b8c03a743536494decfc6ea93479d239 Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Mon, 16 Sep 2024 15:58:27 +0200
Subject: [PATCH] Fix jq filters for resource request limits

These changes were probably lost during PR rebase.
---
 .../general/resource_requests_limits_in_deployment/rule.yml     | 2 +-
 .../general/resource_requests_limits_in_statefulset/rule.yml    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/applications/openshift/general/resource_requests_limits_in_deployment/rule.yml b/applications/openshift/general/resource_requests_limits_in_deployment/rule.yml
index ea3927371d3..374e7e73b7e 100644
--- a/applications/openshift/general/resource_requests_limits_in_deployment/rule.yml
+++ b/applications/openshift/general/resource_requests_limits_in_deployment/rule.yml
@@ -26,7 +26,7 @@ identifiers: {}
 references:
   nist: SC-6
 
-{{% set jqfilter = '[ .items[] | select(.metadata.namespace | startswith("kube-") or startswith("openshift-") | not) | select(.metadata.namespace != "rhacs-operator" and ({{if ne .var_deployment_limit_namespaces_exempt_regex "None"}}.metadata.namespace | test("{{.var_deployment_limit_namespaces_exempt_regex}}") | select( .spec.template.spec.containers[].resources.requests.cpu == null  or  .spec.template.spec.containers[].resources.requests.memory == null or .spec.template.spec.containers[].resources.limits.cpu == null  or  .spec.template.spec.containers[].resources.limits.memory == null )  | .metadata.name ]' %}}
+{{% set jqfilter = '[ .items[] | select(.metadata.namespace | startswith("kube-") or startswith("openshift-") | not) | select(.metadata.namespace != "rhacs-operator" and ({{if ne .var_deployment_limit_namespaces_exempt_regex "None"}}.metadata.namespace | test("{{.var_deployment_limit_namespaces_exempt_regex}}") | not{{else}}true{{end}}) | select( .spec.template.spec.containers[].resources.requests.cpu == null  or  .spec.template.spec.containers[].resources.requests.memory == null or .spec.template.spec.containers[].resources.limits.cpu == null  or  .spec.template.spec.containers[].resources.limits.memory == null )  | .metadata.name ]' %}}
 
 ocil_clause: 'Resource requests and limits is not set'
 
diff --git a/applications/openshift/general/resource_requests_limits_in_statefulset/rule.yml b/applications/openshift/general/resource_requests_limits_in_statefulset/rule.yml
index 2aebd4f395b..379041222db 100644
--- a/applications/openshift/general/resource_requests_limits_in_statefulset/rule.yml
+++ b/applications/openshift/general/resource_requests_limits_in_statefulset/rule.yml
@@ -26,7 +26,7 @@ identifiers: {}
 references:
   nist: SC-6
 
-{{% set jqfilter = '[ .items[] | select(.metadata.namespace | startswith("kube-") or startswith("openshift-") | not) | select(.metadata.namespace != "rhacs-operator" and ({{if ne .var_statefulset_limit_namespaces_exempt_regex "None"}}.metadata.namespace | test("{{.var_statefulset_limit_namespaces_exempt_regex}}") | select( .spec.template.spec.containers[].resources.requests.cpu == null  or  .spec.template.spec.containers[].resources.requests.memory == null or .spec.template.spec.containers[].resources.limits.cpu == null  or  .spec.template.spec.containers[].resources.limits.memory == null )  | .metadata.name ]' %}}
+{{% set jqfilter = '[ .items[] | select(.metadata.namespace | startswith("kube-") or startswith("openshift-") | not) | select(.metadata.namespace != "rhacs-operator" and ({{if ne .var_statefulset_limit_namespaces_exempt_regex "None"}}.metadata.namespace | test("{{.var_statefulset_limit_namespaces_exempt_regex}}") | not{{else}}true{{end}}) | select( .spec.template.spec.containers[].resources.requests.cpu == null  or  .spec.template.spec.containers[].resources.requests.memory == null or .spec.template.spec.containers[].resources.limits.cpu == null  or  .spec.template.spec.containers[].resources.limits.memory == null )  | .metadata.name ]' %}}
 
 ocil_clause: 'Resource requests and limits is not set'