abide-data-processor 0.3.0 → 1.1.1

data/lib/abide-data-processor/processor.rb

@@ -1,283 +1,12 @@
 # frozen_string_literal: true
 
-require 'deep_merge'
-require 'set'
+require 'abide-data-processor/parser'
 
 module AbideDataProcessor
   module Processor
-    # Here lies the class that will be use to create/extract resources
-    class ResourceCreator
-
-      # @param control_maps: The control mappings to valid IDs
-      # @param module_name: The name of the module
-      # @param logger: The logger that we will use to log information for the user
-      def initialize(control_maps, logger)
-        @control_maps = control_maps
-        @logger = logger
-      end
-
-      # control_key_maps
-      # Gets all control key maps from Hiera for indexed control ID permutation searches
-      # @return An array of four control ID maps, each indexed by one of the four different valid permutations of a control ID
-      def self.control_key_maps(module_name)
-        key_prefix = "#{module_name}::mappings::cis"
-        %w[hiera_title hiera_title_num number title].each_with_object([]) do |key, ary|
-          ary << [key_prefix, key].join('::')
-        end
-      end
-
-      def cis_hiera_key(prefix, key)
-        "#{prefix}::#{key}"
-      end
-
-      # create_resources
-      # @param resources_hash: the hash of controls to be enforces, user will provide this
-      # @param only: the list of controls to be enforce only, pulled from cis.pp
-      # @param ignore: the list of controls to be ignore, pulled from cis.pp
-      # @param control_configs: the custom control configurations pulled from cis.pp
-      # Return a hash to be convert to Puppet code.
-      def create_resources(resources_hash, only, ignore, control_configs)
-        unfreezed_resources = Marshal.load(Marshal.dump(resources_hash))
-        resources = real_resources(unfreezed_resources, only.to_set, ignore.to_set, control_configs)
-        ordered_resources = order_resources(resources)
-
-        mutate_ordering_params!(ordered_resources[1])
-        ordered_resources
-      end
-
-      # Everything else except the create_resource function will be private
-      private
-
-      # real_resources
-      # Formats a Hiera resources hash into a hash used by order_resources()
-      # @param resources_hash The raw resources hash pulled from hiera
-      # @param only The $only parameter from cis.pp
-      # @param ignore The $ignore parameter from cis.pp
-      # @param control_configs The $control_configs parameter from cis.pp
-      def real_resources(resources_hash, only, ignore, control_configs)
-        real_resources = {}
-        all_controls_name = Set.new # subject to change
-
-        # Grabbing all the control name here into a set
-        resources_hash.each do |_title, data|
-          all_controls_name |= data['controls'].keys.to_set
-        end
-
-        resources_hash.each do |title, data|
-          resource_params = if data.key?('controls')
-                              extract_control_params(data['controls'], only, ignore, control_configs, all_controls_name)
-                            else
-                              {}
-                            end
-          if real_resources.key?(data['type']) && real_resources[data['type']].key?(title)
-            real_resources[data['type']][title].deep_merge!(resource_params, merge_hash_arrays: true)
-          else
-            real_resources[data['type']] = { title => resource_params }
-          end
-        end
-        real_resources
-      end
-
-      # extract_control_params
-      # Extracts resource parameters from a Hiera resource hash item's `controls` key
-      # @param control_data The resource hash item's `controls` key-value pair (i.e. data['controls'])
-      # @param only The $only parameter from cis.pp
-      # @param ignore The $ignore parameter from cis.pp
-      # @param control_configs The $control_configs parameter from cis.pp
-      # @param all_controls_name: All of the controls name
-      def extract_control_params(control_data, only, ignore, control_configs, all_controls_name)
-        control_params = {}
-        control_data.each do |name, params|
-          name_map = map_for_control_name(name, @control_maps)
-          next if name_map.nil?
-          # Only and ignore list check
-          # The name_map that got passed in here is a hash
-          next unless only_and_ignore_check(name, name_map, only, ignore)
-
-          # Control dependent check
-          if params.key?('dependent')
-            unless dependent_check(all_controls_name, params['dependent'], ignore, only)
-              # Below is just a sure fire way to make sure that we will never use the resource
-              only.delete(name) # Remove from the only list
-              ignore.add(name) # Add the name of the current control to the ignore list if we're not gonna enforce it
-              @logger.debug("Control #{name} will not be enforced because the controls that it depends on is invalid.")
-              next
-            end
-          end
-          # Find if there are any custom control configs from the cis.pp based on the control's name and its permutation
-          customized = find_control_customization(name, name_map[name], control_configs) # Check for failuer here
-          params.deep_merge!(customized, merge_hash_arrays: true)
-          control_params.deep_merge!(params, merge_hash_arrays: true)
-        end
-        control_params
-      end
-
-      # dependent_check
-      # @param all_controls_name: Set of all controls name that parsed from the hiera data
-      # @param all_dependent_resources: An array of all the resources that is relied upon
-      # @param ignore: List of controls to be ignore
-      # @param only: List of only controls that need to be enforce
-      # return true if a dependent control is
-      def dependent_check(all_controls_name, all_dependent_resources, ignore, only)
-        all_dependent_resources.each do |resource_name|
-          valid_resource_name = map_for_control_name(resource_name, @control_maps)
-          # Bounce immediately if it is not a part of the controls we're enforcing
-          return false unless filter_function(resource_name, valid_resource_name, all_controls_name)
-
-          if !ignore.empty?
-            return false if filter_function(resource_name, valid_resource_name, ignore)
-          elsif !only.empty?
-            return false unless filter_function(resource_name, valid_resource_name, only)
-          end
-        end
-      end
-
-      # order_resources
-      # A work in progress to integrate more metaparamenters in
-      # Checks for and creates resources based off of `before`, `after`, `notify`, `require` parameters
-      # specified in a controls hash
-      # @param resources Output of real_resources()
-      # @return An array of resource hashes indexed in the order their contents should be created
-      def order_resources(resources)
-        before = {}
-        after = {}
-        req = {}
-        notify = {}
-        resources.each do |_, data|
-          create_ordered_resource!('before', before, data)
-          create_ordered_resource!('notify', notify, data)
-          create_ordered_resource!('after', after, data)
-          create_ordered_resource!('require', req, data)
-        end
-
-        before.deep_merge!(notify)
-        after.deep_merge!(req)
-
-        [before, resources, after]
-      end
-
-      # filter_function
-      # A general function to see if a control name is in a supply list of control name
-      # @param name: The name of the control that we have
-      # @param name_map: Hash that contains all valid control ID permutation of the param name
-      # @set_of_control: Either the ignore or the only list to go through
-      # return true if control ID is found in set_of_control
-      def filter_function(name, name_map, set_of_control)
-        name_list = name_map[name] # Grab the array that contain all valid permutation of the ID
-        return true if set_of_control.include?(name)
-
-        name_list.each do |n|
-          return true if set_of_control.include?(n)
-        end
-
-        false
-      end
-
-      # only_and_ignore_check
-      # @param name: name of the control to check if it's in either only or ignore list
-      # @param name_map: a hash of the name map of valid ID permutation for the `name` param
-      # @param only: the list of controls that will get enforced only
-      # @param ignore: the list of controls that will be ignored
-      # @return false when control is either not in the only list or is in the ignore list.
-      # else return true
-      def only_and_ignore_check(name, name_map, only, ignore)
-        if !only.empty? && !filter_function(name, name_map, only)
-          @logger.debug("Control #{name} will be skipped because it is not in the only list.")
-          return false
-        end
-
-        if !ignore.empty? && filter_function(name, name_map, ignore)
-          @logger.debug("Control #{name} will be skipped because it is in the ignore list.")
-          return false
-        end
-        true
-      end
-
-      # create_ordered_resource!
-      # Creates a resource hash from a resource declaration found in a `before`, `after`, `require`, or `notify` parameter
-      # @param order_key Either 'before', 'after', `notify`, or `require`
-      # @param container Either the before hash, the notify hash, the require hash or the after hash.
-      # The container is modified in place.
-      # @param res_data Resource data from the real_resources hash
-      def create_ordered_resource!(order_key, container, res_data)
-        res_data.each do |_, data|
-          next unless data.key?(order_key)
-
-          data[order_key].each do |title, params|
-            container[params['type']] = {} unless container.key?(params['type'])
-            container[params['type']][title] = params.reject { |k, _| k == 'type' }
-          end
-        end
-      end
-
-      # mutate_ordering_params!
-      # This takes the Hiera resource declarations in a `before` or `after` param and transforms
-      # them into and array of Puppet resource references. Puppet resource references take the
-      # form: Resource::Type['<resource title'].
-      # @param resources Output from real_resources()
-      def mutate_ordering_params!(resources)
-        resources.each do |res_type, res_data|
-          %w[before notify after require].each do |order_key|
-            res_data.each do |res_title, params|
-              next unless params.key?(order_key)
-
-              references = []
-              params[order_key].each do |k, v|
-                references << resource_reference(v['type'], k)
-              end
-              resources[res_type][res_title][order_key] = references
-            end
-          end
-        end
-      end
-
-      # resource_reference
-      # Returns a Puppet resource reference string
-      # @param res_type A Puppet resource type
-      # @param title A Puppet resource title
-      def resource_reference(res_type, title)
-        type_ref = res_type.split('::').map(&:capitalize).join('::')
-        "#{type_ref}[#{title}]"
-      end
-
-      # find_control_customization
-      # Finds any control parameter customizations passed in via control_configs
-      # @param name The control name (or other valid permutation)
-      # @param control_configs The $control_configs parameter from cis.pp
-      # @param name_map: The array of valid permutation of name
-      # @return A hash of customized parameters. If none were found, nil
-      def find_control_customization(name, name_map, control_configs)
-        return {} if control_configs.empty?
-
-        mapped_key(control_configs, name, name_map)
-      end
-
-      # map_for_control_name
-      # Returns a hash of all valid permutations of the given control id
-      # @param name The control name or other valid permutation
-      # @param maps All maps
-      def map_for_control_name(name, maps)
-        maps.each do |map|
-          return map if map&.fetch(name, false) # returns the map if fetch returns false
-        end
-        nil
-      end
-
-      # mapped_key
-      # Finds an item in the given hash that matches one of the values in name_map
-      # @param hsh The hash to search i.e the custom config hash
-      # @param name The name of the current control that we're looking to see if it has any custom configs
-      # @param name_map An array name for valid control permutations
-      # @return The value from the hash if found, or nil
-      def mapped_key(hsh, name, name_map)
-        return hsh[name] if hsh&.fetch(name, false)
-
-        name_map.each do |pkey|
-          return hsh[pkey] if hsh&.fetch(pkey, false)
-        end
-        nil
-      end
-
+    def self.create_resources(resources_hash, control_maps, only, ignore, control_configs)
+      unfrozen_resources = Marshal.load(Marshal.dump(resources_hash))
+      AbideDataProcessor::Parser.parse(unfrozen_resources, control_maps, only: only, ignore: ignore, control_configs: control_configs)
     end
   end
 end

data/lib/abide-data-processor/version.rb

@@ -1,3 +1,3 @@
 module AbideDataProcessor
-  VERSION = "0.3.0"
+  VERSION = "1.1.1"
 end

metadata

@@ -1,29 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: abide-data-processor
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 1.1.1
 platform: ruby
 authors:
 - abide-team
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-11-30 00:00:00.000000000 Z
+date: 2022-01-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: puppet
+  name: deep_merge
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.23'
+        version: '1.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: rgl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.23'
+        version: '0.5'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -241,6 +255,7 @@ files:
 - bin/setup
 - lib/abide-data-processor.rb
 - lib/abide-data-processor/logger.rb
+- lib/abide-data-processor/parser.rb
 - lib/abide-data-processor/processor.rb
 - lib/abide-data-processor/version.rb
 homepage: https://github.com/puppetlabs/abide-data-processor