Remove machine pruning from gating

.github/workflows/automatus-cs8.yaml

@@ -135,7 +135,7 @@ jobs:
           name: ${{ env.DATASTREAM }}
       - name: Run tests in a container - Bash
         if: ${{steps.bash.outputs.prop == 'True' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
-        run: tests/test_rule_in_container.sh --dontclean --logdir logs_bash --remediate-using bash --name ssg_test_suite --datastream $DATASTREAM ${{join(steps.rules.outputs.prop)}}
+        run: tests/test_rule_in_container.sh --no-remove-machine-only --dontclean --logdir logs_bash --remediate-using bash --name ssg_test_suite --datastream $DATASTREAM ${{join(steps.rules.outputs.prop)}}
         env:
           ADDITIONAL_TEST_OPTIONS: "--duplicate-templates --add-product-to-fips-certified centos8 --product rhel8"
       - name: Check for ERROR in logs
@@ -156,7 +156,7 @@ jobs:
           path: logs_bash/
       - name: Run tests in a container - Ansible
         if: ${{ steps.ansible.outputs.prop == 'True' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
-        run: tests/test_rule_in_container.sh --dontclean --logdir logs_ansible --remediate-using ansible --name ssg_test_suite --datastream $DATASTREAM ${{join(steps.rules.outputs.prop)}}
+        run: tests/test_rule_in_container.sh --no-remove-machine-only --dontclean --logdir logs_ansible --remediate-using ansible --name ssg_test_suite --datastream $DATASTREAM ${{join(steps.rules.outputs.prop)}}
         env:
           ADDITIONAL_TEST_OPTIONS: "--duplicate-templates --add-product-to-fips-certified centos8 --product rhel8"
       - name: Check for ERROR in logs

.github/workflows/automatus-cs9.yaml

@@ -135,7 +135,7 @@ jobs:
           name: ${{ env.DATASTREAM }}
       - name: Run tests in a container - Bash
         if: ${{steps.bash.outputs.prop == 'True' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
-        run: tests/test_rule_in_container.sh --dontclean --logdir logs_bash --remediate-using bash --name ssg_test_suite --datastream $DATASTREAM ${{join(steps.rules.outputs.prop)}}
+        run: tests/test_rule_in_container.sh --no-remove-machine-only --dontclean --logdir logs_bash --remediate-using bash --name ssg_test_suite --datastream $DATASTREAM ${{join(steps.rules.outputs.prop)}}
         env:
           ADDITIONAL_TEST_OPTIONS: "--duplicate-templates --add-product-to-fips-certified centos9 --product rhel9"
       - name: Check for ERROR in logs
@@ -156,7 +156,7 @@ jobs:
           path: logs_bash/
       - name: Run tests in a container - Ansible
         if: ${{ steps.ansible.outputs.prop == 'True' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
-        run: tests/test_rule_in_container.sh --dontclean --logdir logs_ansible --remediate-using ansible --name ssg_test_suite --datastream $DATASTREAM ${{join(steps.rules.outputs.prop)}}
+        run: tests/test_rule_in_container.sh --no-remove-machine-only --dontclean --logdir logs_ansible --remediate-using ansible --name ssg_test_suite --datastream $DATASTREAM ${{join(steps.rules.outputs.prop)}}
         env:
           ADDITIONAL_TEST_OPTIONS: "--duplicate-templates --add-product-to-fips-certified centos9 --product rhel9"
       - name: Check for ERROR in logs

.github/workflows/automatus.yaml

@@ -133,7 +133,7 @@ jobs:
           name: ssg-${{steps.product.outputs.prop}}-ds.xml
       - name: Run tests in a container - Bash
         if: ${{steps.bash.outputs.prop == 'True' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
-        run: tests/test_rule_in_container.sh --dontclean --logdir logs_bash --remediate-using bash --name ssg_test_suite --datastream ssg-${{steps.product.outputs.prop}}-ds.xml ${{join(steps.rules.outputs.prop)}}
+        run: tests/test_rule_in_container.sh --no-remove-machine-only --dontclean --logdir logs_bash --remediate-using bash --name ssg_test_suite --datastream ssg-${{steps.product.outputs.prop}}-ds.xml ${{join(steps.rules.outputs.prop)}}
         env:
           ADDITIONAL_TEST_OPTIONS: "--duplicate-templates --add-product-to-fips-certified fedora"
       - name: Check for ERROR in logs
@@ -154,7 +154,7 @@ jobs:
           path: logs_bash/
       - name: Run tests in a container - Ansible
         if: ${{ steps.ansible.outputs.prop == 'True' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
-        run: tests/test_rule_in_container.sh --dontclean --logdir logs_ansible --remediate-using ansible --name ssg_test_suite --datastream ssg-${{steps.product.outputs.prop}}-ds.xml ${{join(steps.rules.outputs.prop)}}
+        run: tests/test_rule_in_container.sh --no-remove-machine-only --dontclean --logdir logs_ansible --remediate-using ansible --name ssg_test_suite --datastream ssg-${{steps.product.outputs.prop}}-ds.xml ${{join(steps.rules.outputs.prop)}}
         env:
           ADDITIONAL_TEST_OPTIONS: "--duplicate-templates --add-product-to-fips-certified fedora"
       - name: Check for ERROR in logs

linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml

@@ -56,3 +56,4 @@ template:
     name: service_enabled
     vars:
         servicename: rsyslog
+        servicename@rhel8: rsyslog

tests/test_rule_in_container.sh

@@ -6,7 +6,8 @@
 # ARG_OPTIONAL_SINGLE([datastream],[d],[Path to the datastream to use in tests. Autodetected by default.])
 # ARG_OPTIONAL_SINGLE([remediate-using],[r],[What to remediate with],[oscap])
 # ARG_OPTIONAL_SINGLE([logdir],[l],[Directory where logs will be stored])
-# ARG_OPTIONAL_BOOLEAN([dontclean],[],[Dont remove HTML reports from the log directory.])
+# ARG_OPTIONAL_BOOLEAN([dontclean],[],[Don't remove HTML reports from the log directory.])
+# ARG_OPTIONAL_BOOLEAN([remove-machine-only],[],[Don't remove machine platforms.],[on])
 # ARG_OPTIONAL_BOOLEAN([dry-run],[],[Just print the test suite command-line.])
 # ARG_OPTIONAL_BOOLEAN([docker],[],[Use Docker instead of Podman as container backend.])
 # ARG_USE_ENV([ADDITIONAL_SSGTS_OPTIONS],[],[Deprecated, use ADDITIONAL_TEST_OPTIONS])
@@ -64,21 +65,23 @@ _arg_datastream=
 _arg_remediate_using="oscap"
 _arg_logdir=
 _arg_dontclean="off"
+_arg_remove_machine_only="on"
 _arg_dry_run="off"
 _arg_docker="off"
 
 
 print_help()
 {
 	printf '%s\n' "Test a rule using the container backend."
-	printf 'Usage: %s [-n|--name <arg>] [-s|--scenarios <arg>] [-d|--datastream <arg>] [-r|--remediate-using <REMEDIATION>] [-l|--logdir <arg>] [--(no-)dontclean] [--(no-)dry-run] [--(no-)docker] [-h|--help] <rule-1> [<rule-2>] ... [<rule-n>] ...\n' "$0"
+	printf 'Usage: %s [-n|--name <arg>] [-s|--scenarios <arg>] [-d|--datastream <arg>] [-r|--remediate-using <REMEDIATION>] [-l|--logdir <arg>] [--(no-)dontclean] [--(no-)remove-machine-only] [--(no-)dry-run] [--(no-)docker] [-h|--help] <rule-1> [<rule-2>] ... [<rule-n>] ...\n' "$0"
 	printf '\t%s\n' "<rule>: The short rule ID. Wildcards are supported."
 	printf '\t%s\n' "-n, --name: Name of the test image (default: 'ssg_test_suite')"
 	printf '\t%s\n' "-s, --scenarios: Regex to reduce selection of tested scenarios (no default)"
 	printf '\t%s\n' "-d, --datastream: Path to the datastream to use in tests. Autodetected by default. (no default)"
 	printf '\t%s\n' "-r, --remediate-using: What to remediate with. Can be one of: 'oscap', 'bash' and 'ansible' (default: 'oscap')"
 	printf '\t%s\n' "-l, --logdir: Directory where logs will be stored (no default)"
-	printf '\t%s\n' "--dontclean, --no-dontclean: Dont remove HTML reports from the log directory. (off by default)"
+	printf '\t%s\n' "--dontclean, --no-dontclean: Don't remove HTML reports from the log directory. (off by default)"
+	printf '\t%s\n' "--remove-machine-only, --no-remove-machine-only: Remove machine platforms. (on by default)"
 	printf '\t%s\n' "--dry-run, --no-dry-run: Just print the test suite command-line. (off by default)"
 	printf '\t%s\n' "--docker, --no-docker: Use Docker instead of Podman as container backend. (off by default)"
 	printf '\t%s\n' "-h, --help: Prints help"
@@ -155,6 +158,10 @@ parse_commandline()
 				_arg_dontclean="on"
 				test "${1:0:5}" = "--no-" && _arg_dontclean="off"
 				;;
+			--no-remove-machine-only|--remove-machine-only)
+				_arg_remove_machine_only="on"
+				test "${1:0:5}" = "--no-" && _arg_remove_machine_only="off"
+				;;
 			--no-dry-run|--dry-run)
 				_arg_dry_run="on"
 				test "${1:0:5}" = "--no-" && _arg_dry_run="off"
@@ -230,6 +237,7 @@ $CONTAINER_BACKEND images | grep -q "$_arg_name" || die "Couldn't find the $CONT
 
 additional_args=()
 test "$_arg_dontclean" = on && additional_args+=(--dontclean)
+test "$_arg_remove_machine_only" = on && additional_args+=(--remove-machine-only)
 
 # Don't act on the default value.
 test -n "$_arg_scenarios" && additional_args+=(--scenario "$_arg_scenarios")
@@ -240,13 +248,14 @@ test -n "$_arg_remediate_using" && additional_args+=(--remediate-using "$_arg_re
 
 test -n "$_arg_logdir" && additional_args+=(--logdir "$_arg_logdir")
 
+
 if test -n "$ADDITIONAL_SSGTS_OPTIONS"; then
 	test -n "$ADDITIONAL_TEST_OPTIONS" && die "Specify additional options preferably using ADDITIONAL_TEST_OPTIONS env var, or by ADDITIONAL_SSGTS_OPTIONS, but not by both."
 	echo "Detected usage of ADDITIONAL_SSGTS_OPTIONS, please prefer the ADDITIONAL_TEST_OPTIONS environment variable interface." >&2
 	ADDITIONAL_TEST_OPTIONS="$ADDITIONAL_SSGTS_OPTIONS"
 fi
 
-command=(python3 "${script_dir}/automatus.py" rule ${ADDITIONAL_TEST_OPTIONS} --remove-platforms --remove-machine-only --remove-ocp4-only "${additional_args[@]}" "$CONTAINER_OPT" "$_arg_name" -- "${_arg_rule[@]}")
+command=(python3 "${script_dir}/automatus.py" rule ${ADDITIONAL_TEST_OPTIONS} --remove-platforms --remove-ocp4-only "${additional_args[@]}" "$CONTAINER_OPT" "$_arg_name" -- "${_arg_rule[@]}")
 if test "$_arg_dry_run" = on; then
 	printf '%s\n' "${command[*]}"
 else