abide-data-processor 0.0.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +2 -2
- data/lib/abide-data-processor/processor.rb +14 -14
- data/lib/abide-data-processor/version.rb +2 -2
- data/lib/abide-data-processor.rb +2 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b04940d641ff075df44bad1d44db0c5cfb4498c0aacd69c79baf5af9234d5533
|
|
4
|
+
data.tar.gz: 4ccc87ba94466281cb4ed8656b3734f07063ada8c113abc2c50e6c9b61d5bed7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2cc5c8a4f39c318f635b84e2413435b0e5e39ce2dfa6c9acee8e1d912b7f4936dbfb131281f571c1de44b7a41d37b6f3650e45eb0ebdd3e6eec75245bad1aac0
|
|
7
|
+
data.tar.gz: dc18ff5f2a6c0bb41d5213969643d71261df6b36d9e31af10bd4e1d40bd532633b8bc988e33142af693983cdc1f0deda7f363096fb9e2e5b154f1f2bcaca20d8
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
abide-data-processor (0.
|
|
4
|
+
abide-data-processor (0.3.0)
|
|
5
5
|
puppet (>= 6.23)
|
|
6
6
|
|
|
7
7
|
GEM
|
|
@@ -107,7 +107,7 @@ GEM
|
|
|
107
107
|
byebug (~> 11.0)
|
|
108
108
|
pry (~> 0.10)
|
|
109
109
|
public_suffix (4.0.6)
|
|
110
|
-
puppet (7.12.
|
|
110
|
+
puppet (7.12.1)
|
|
111
111
|
concurrent-ruby (~> 1.0)
|
|
112
112
|
deep_merge (~> 1.0)
|
|
113
113
|
facter (> 2.0.1, < 5)
|
|
@@ -2,7 +2,6 @@
|
|
|
2
2
|
|
|
3
3
|
require 'deep_merge'
|
|
4
4
|
require 'set'
|
|
5
|
-
require 'pry'
|
|
6
5
|
|
|
7
6
|
module AbideDataProcessor
|
|
8
7
|
module Processor
|
|
@@ -12,8 +11,7 @@ module AbideDataProcessor
|
|
|
12
11
|
# @param control_maps: The control mappings to valid IDs
|
|
13
12
|
# @param module_name: The name of the module
|
|
14
13
|
# @param logger: The logger that we will use to log information for the user
|
|
15
|
-
def initialize(control_maps,
|
|
16
|
-
@module_name = module_name
|
|
14
|
+
def initialize(control_maps, logger)
|
|
17
15
|
@control_maps = control_maps
|
|
18
16
|
@logger = logger
|
|
19
17
|
end
|
|
@@ -21,8 +19,8 @@ module AbideDataProcessor
|
|
|
21
19
|
# control_key_maps
|
|
22
20
|
# Gets all control key maps from Hiera for indexed control ID permutation searches
|
|
23
21
|
# @return An array of four control ID maps, each indexed by one of the four different valid permutations of a control ID
|
|
24
|
-
def control_key_maps
|
|
25
|
-
key_prefix = "#{
|
|
22
|
+
def self.control_key_maps(module_name)
|
|
23
|
+
key_prefix = "#{module_name}::mappings::cis"
|
|
26
24
|
%w[hiera_title hiera_title_num number title].each_with_object([]) do |key, ary|
|
|
27
25
|
ary << [key_prefix, key].join('::')
|
|
28
26
|
end
|
|
@@ -39,7 +37,8 @@ module AbideDataProcessor
|
|
|
39
37
|
# @param control_configs: the custom control configurations pulled from cis.pp
|
|
40
38
|
# Return a hash to be convert to Puppet code.
|
|
41
39
|
def create_resources(resources_hash, only, ignore, control_configs)
|
|
42
|
-
|
|
40
|
+
unfreezed_resources = Marshal.load(Marshal.dump(resources_hash))
|
|
41
|
+
resources = real_resources(unfreezed_resources, only.to_set, ignore.to_set, control_configs)
|
|
43
42
|
ordered_resources = order_resources(resources)
|
|
44
43
|
|
|
45
44
|
mutate_ordering_params!(ordered_resources[1])
|
|
@@ -90,8 +89,9 @@ module AbideDataProcessor
|
|
|
90
89
|
control_params = {}
|
|
91
90
|
control_data.each do |name, params|
|
|
92
91
|
name_map = map_for_control_name(name, @control_maps)
|
|
93
|
-
|
|
92
|
+
next if name_map.nil?
|
|
94
93
|
# Only and ignore list check
|
|
94
|
+
# The name_map that got passed in here is a hash
|
|
95
95
|
next unless only_and_ignore_check(name, name_map, only, ignore)
|
|
96
96
|
|
|
97
97
|
# Control dependent check
|
|
@@ -100,12 +100,12 @@ module AbideDataProcessor
|
|
|
100
100
|
# Below is just a sure fire way to make sure that we will never use the resource
|
|
101
101
|
only.delete(name) # Remove from the only list
|
|
102
102
|
ignore.add(name) # Add the name of the current control to the ignore list if we're not gonna enforce it
|
|
103
|
-
@logger.
|
|
103
|
+
@logger.debug("Control #{name} will not be enforced because the controls that it depends on is invalid.")
|
|
104
104
|
next
|
|
105
105
|
end
|
|
106
106
|
end
|
|
107
107
|
# Find if there are any custom control configs from the cis.pp based on the control's name and its permutation
|
|
108
|
-
customized = find_control_customization(name, name_map[name], control_configs)
|
|
108
|
+
customized = find_control_customization(name, name_map[name], control_configs) # Check for failuer here
|
|
109
109
|
params.deep_merge!(customized, merge_hash_arrays: true)
|
|
110
110
|
control_params.deep_merge!(params, merge_hash_arrays: true)
|
|
111
111
|
end
|
|
@@ -159,11 +159,11 @@ module AbideDataProcessor
|
|
|
159
159
|
# filter_function
|
|
160
160
|
# A general function to see if a control name is in a supply list of control name
|
|
161
161
|
# @param name: The name of the control that we have
|
|
162
|
-
# @param name_map:
|
|
162
|
+
# @param name_map: Hash that contains all valid control ID permutation of the param name
|
|
163
163
|
# @set_of_control: Either the ignore or the only list to go through
|
|
164
164
|
# return true if control ID is found in set_of_control
|
|
165
165
|
def filter_function(name, name_map, set_of_control)
|
|
166
|
-
name_list = name_map[name]
|
|
166
|
+
name_list = name_map[name] # Grab the array that contain all valid permutation of the ID
|
|
167
167
|
return true if set_of_control.include?(name)
|
|
168
168
|
|
|
169
169
|
name_list.each do |n|
|
|
@@ -175,19 +175,19 @@ module AbideDataProcessor
|
|
|
175
175
|
|
|
176
176
|
# only_and_ignore_check
|
|
177
177
|
# @param name: name of the control to check if it's in either only or ignore list
|
|
178
|
-
# @param name_map: the name map of valid ID permutation for the `name` param
|
|
178
|
+
# @param name_map: a hash of the name map of valid ID permutation for the `name` param
|
|
179
179
|
# @param only: the list of controls that will get enforced only
|
|
180
180
|
# @param ignore: the list of controls that will be ignored
|
|
181
181
|
# @return false when control is either not in the only list or is in the ignore list.
|
|
182
182
|
# else return true
|
|
183
183
|
def only_and_ignore_check(name, name_map, only, ignore)
|
|
184
184
|
if !only.empty? && !filter_function(name, name_map, only)
|
|
185
|
-
@logger.
|
|
185
|
+
@logger.debug("Control #{name} will be skipped because it is not in the only list.")
|
|
186
186
|
return false
|
|
187
187
|
end
|
|
188
188
|
|
|
189
189
|
if !ignore.empty? && filter_function(name, name_map, ignore)
|
|
190
|
-
@logger.
|
|
190
|
+
@logger.debug("Control #{name} will be skipped because it is in the ignore list.")
|
|
191
191
|
return false
|
|
192
192
|
end
|
|
193
193
|
true
|
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
module AbideDataProcessor
|
|
2
|
-
VERSION = "0.
|
|
3
|
-
end
|
|
2
|
+
VERSION = "0.3.0"
|
|
3
|
+
end
|
data/lib/abide-data-processor.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: abide-data-processor
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- abide-team
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-11-
|
|
11
|
+
date: 2021-11-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: puppet
|