Use yamlfile_value template for api_server_request_timeout.

applications/openshift/api-server/api_server_request_timeout/rule.yml

@@ -40,3 +40,17 @@ ocil: |-
     Run the following command:
     <pre>$ oc get configmap config -n openshift-kube-apiserver -ojson | jq -r '.data["config.yaml"]' | jq '.apiServerArguments["min-request-timeout"]'</pre>
     The output should return <pre>300</pre>.
+
+template:
+  name: yamlfile_value
+  vars:
+    ocp_data: "true"
+    entity_check: "at least one"
+    filepath: /api/v1/namespaces/openshift-kube-apiserver/configmaps/config
+    yamlpath: '.data["config.yaml"]'
+    xccdf_variable: var_api_min_request_timeout
+    embedded_data: "true"
+    values:
+    - value: '"apiServerArguments":{.*"min-request-timeout":\["(\d*)"\]'
+      operation: "pattern match"
+      type: "string"

applications/openshift/api-server/api_server_request_timeout/tests/ocp4/e2e.yml

@@ -0,0 +1,2 @@
+---
+default_result: PASS

applications/openshift/api-server/var_api_min_request_timeout.var

@@ -0,0 +1,15 @@
+documentation_complete: true
+
+title: 'API Server Request Timeout'
+
+description: 'Enter API Server Request Timeout'
+
+type: string
+
+operator: equals
+
+interactive: false
+
+options:
+    300: "300"
+    default: "3600"

ocp4/profiles/cis.profile

@@ -93,7 +93,7 @@ selections:
     # (jhrozek) Temporarily disabling the rule because the benchmark
     #           specifies one value (60) for the request-timeout parameter, while we
     #           use 3600 in OCP. It is unclear if this value is appropriate...
-    # - api_server_request_timeout
+    - api_server_request_timeout
   # 1.2.27 Ensure that the --service-account-lookup argument is set to true
     - api_server_service_account_lookup
   # 1.2.28 Ensure that the --service-account-key-file argument is set as appropriate