Some rules scan the hypershift management cluster

[smrtrfszm]

Description of problem:

Some rules don't respect the ocp4-hypershift-cluster and ocp4-hypershift-namespace-prefix variables, so they scan the management cluster and not the guest one, thus produce incorrect results.

List of rules:

• ocp4-api-server-anonymous-auth
• ocp4-api-server-oauth-https-serving-cert
• ocp4-api-server-openshift-https-serving-cert
• ocp4-api-server-profiling-protected-by-rbac
• ocp4-api-server-tls-security-profile-custom-min-tls-version
• ocp4-api-server-tls-security-profile-not-old
• ocp4-audit-logging-enabled
• ocp4-audit-profile-set
• ocp4-kubelet-configure-tls-cipher-suites-ingresscontroller
• ocp4-ocp-allowed-registries
• ocp4-ocp-allowed-registries-for-import
• ocp4-ocp-insecure-allowed-registries-for-import
• ocp4-ocp-insecure-registries
• ocp4-rbac-debug-role-protects-pprof
• ocp4-scc-limit-container-allowed-capabilities
• ocp4-scheduler-profiling-protected-by-rbac
• ocp4-scheduler-service-protected-by-rbac

SCAP Security Guide Version:

0.1.78

Operating System Version:

RHCOS 9.6.20251013-1

Steps to Reproduce:

1. Create a Hypershift hosted cluster
2. Set for example the audit profile to "None" on the HostedCluster
3. Make sure the audit profile is not set to "None" on the management cluster
4. Follow the usage docs here to run a scan: https://github.com/ComplianceAsCode/compliance-operator/blob/master/doc/usage.md#how-to-use-compliance-operator-with-hypershift-management-cluster

Actual Results:

The ocp4-audit-logging-enabled check will succeed

Expected Results:

The ocp4-audit-logging-enabled check should fail

Additional Information/Debugging Steps:

N/A