Only check for ccg on Azure for now

kubernetes-sigs · Mar 17, 2022 · fae7863 · fae7863
1 parent e5e610f
commit fae7863
Showing 1 changed file with 10 additions and 11 deletions.
diff --git a/images/capi/packer/goss/goss-command.yaml b/images/capi/packer/goss/goss-command.yaml
@@ -164,7 +164,16 @@ command:
     timeout: 30000
 {{end}}
 
-{{ if ne .Vars.gmsa_keyvault_url "" }}
+{{if eq .Vars.PROVIDER "azure"}}
+  Verify firewall rule to block 168.63.129.16:80 for cve-2021-27075:
+    exit-status: 0
+    exec: powershell -command "(Get-NetFirewallRule -ErrorAction Stop -DisplayName 'Block-Outbound-168.63.129.16-port-80-for-cve-2021-27075').Enabled"
+    stdout:
+    - True
+    stderr: []
+    timeout: 30000
+
+  # this could be moved to place for other providers if they want to install it
   Key Vault gMSA binary is installed:
     exec: powershell -command "Test-Path -Path  C:\Windows\System32\CCGAKVPlugin.dll"
     exit-status: 0
@@ -190,14 +199,4 @@ command:
     - "ICcgDomainAuthCredentials"
     timeout: 30000
 {{end}}
-
-{{if eq .Vars.PROVIDER "azure"}}
-  Verify firewall rule to block 168.63.129.16:80 for cve-2021-27075:
-    exit-status: 0
-    exec: powershell -command "(Get-NetFirewallRule -ErrorAction Stop -DisplayName 'Block-Outbound-168.63.129.16-port-80-for-cve-2021-27075').Enabled"
-    stdout:
-    - True
-    stderr: []
-    timeout: 30000
-{{end}}
 {{end}} #end windows