abide-data-processor 0.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 1cf0d51193e415d28a53c2a7df576732981eb3f1c29525c0a44877f2e93e72c9
+  data.tar.gz: cd92db097e219d4c11fa72ee7d170d31e3b19681aba9344d8fb2ef0ba18add43
+SHA512:
+  metadata.gz: 42c937bf2d75784db736ab8a13e9e0bc5295efa897c33a6bf9c9a4e0c89504860864b4f12db8632017e6cdce9e8ba339885df01e4271eacacc6244c68cb6858f
+  data.tar.gz: 2fe1ef9eeaeaa77ff578e3d53f41a46c73f181d81db0b4e133823c961ec8d1cd2c04f12ebbfb048d53d7caa0f67c6cabd2ce80270a0ac4875b4f97e0f7e3f919

data/.gitignore

@@ -0,0 +1,11 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at abide-team@puppet.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [https://contributor-covenant.org/version/1/4][version]
+
+[homepage]: https://contributor-covenant.org
+[version]: https://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -0,0 +1,8 @@
+source ENV['GEM_SOURCE'] || "https://rubygems.org"
+
+# Specify your gem's dependencies in abide-data-processor.gemspec
+gemspec
+
+gem "rake", "~> 12.0"
+gem "rspec", "~> 3.0"
+

data/Gemfile.lock

@@ -0,0 +1,193 @@
+PATH
+  remote: .
+  specs:
+    abide-data-processor (0.0.0)
+      puppet (>= 6.23)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (6.1.4.1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
+    addressable (2.8.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    ast (2.4.2)
+    async (1.30.1)
+      console (~> 1.10)
+      nio4r (~> 2.3)
+      timers (~> 4.1)
+    async-http (0.56.5)
+      async (>= 1.25)
+      async-io (>= 1.28)
+      async-pool (>= 0.2)
+      protocol-http (~> 0.22.0)
+      protocol-http1 (~> 0.14.0)
+      protocol-http2 (~> 0.14.0)
+    async-http-faraday (0.11.0)
+      async-http (~> 0.42)
+      faraday
+    async-io (1.32.2)
+      async
+    async-pool (0.3.9)
+      async (>= 1.25)
+    byebug (11.1.3)
+    coderay (1.1.3)
+    concurrent-ruby (1.1.9)
+    console (1.13.1)
+      fiber-local
+    deep_merge (1.2.1)
+    diff-lcs (1.4.4)
+    facter (4.2.5)
+      hocon (~> 1.3)
+      thor (>= 1.0.1, < 2.0)
+    faraday (1.8.0)
+      faraday-em_http (~> 1.0)
+      faraday-em_synchrony (~> 1.0)
+      faraday-excon (~> 1.1)
+      faraday-httpclient (~> 1.0.1)
+      faraday-net_http (~> 1.0)
+      faraday-net_http_persistent (~> 1.1)
+      faraday-patron (~> 1.0)
+      faraday-rack (~> 1.0)
+      multipart-post (>= 1.2, < 3)
+      ruby2_keywords (>= 0.0.4)
+    faraday-em_http (1.0.0)
+    faraday-em_synchrony (1.0.0)
+    faraday-excon (1.1.0)
+    faraday-http-cache (2.2.0)
+      faraday (>= 0.8)
+    faraday-httpclient (1.0.1)
+    faraday-net_http (1.0.1)
+    faraday-net_http_persistent (1.2.0)
+    faraday-patron (1.0.0)
+    faraday-rack (1.0.0)
+    fast_gettext (1.8.0)
+    fiber-local (1.0.0)
+    gem-release (2.2.2)
+    github_changelog_generator (1.16.4)
+      activesupport
+      async (>= 1.25.0)
+      async-http-faraday
+      faraday-http-cache
+      multi_json
+      octokit (~> 4.6)
+      rainbow (>= 2.2.1)
+      rake (>= 10.0)
+    hiera (3.7.0)
+    hocon (1.3.1)
+    i18n (1.8.10)
+      concurrent-ruby (~> 1.0)
+    locale (2.1.3)
+    method_source (1.0.0)
+    minitest (5.14.4)
+    multi_json (1.15.0)
+    multipart-post (2.1.1)
+    nio4r (2.5.8)
+    octokit (4.21.0)
+      faraday (>= 0.9)
+      sawyer (~> 0.8.0, >= 0.5.3)
+    parallel (1.21.0)
+    parser (3.0.2.0)
+      ast (~> 2.4.1)
+    protocol-hpack (1.4.2)
+    protocol-http (0.22.5)
+    protocol-http1 (0.14.2)
+      protocol-http (~> 0.22)
+    protocol-http2 (0.14.2)
+      protocol-hpack (~> 1.4)
+      protocol-http (~> 0.18)
+    pry (0.14.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    pry-byebug (3.8.0)
+      byebug (~> 11.0)
+      pry (~> 0.10)
+    public_suffix (4.0.6)
+    puppet (7.12.0)
+      concurrent-ruby (~> 1.0)
+      deep_merge (~> 1.0)
+      facter (> 2.0.1, < 5)
+      fast_gettext (~> 1.1)
+      hiera (>= 3.2.1, < 4)
+      locale (~> 2.1)
+      multi_json (~> 1.10)
+      puppet-resource_api (~> 1.5)
+      scanf (~> 1.0)
+      semantic_puppet (~> 1.0)
+    puppet-resource_api (1.8.14)
+      hocon (>= 1.0)
+    rainbow (3.0.0)
+    rake (12.3.3)
+    regexp_parser (2.1.1)
+    rexml (3.2.5)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.1)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-support (3.10.2)
+    rubocop (1.22.3)
+      parallel (~> 1.10)
+      parser (>= 3.0.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml
+      rubocop-ast (>= 1.12.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.12.0)
+      parser (>= 3.0.1.1)
+    rubocop-i18n (3.0.0)
+      rubocop (~> 1.0)
+    rubocop-performance (1.11.5)
+      rubocop (>= 1.7.0, < 2.0)
+      rubocop-ast (>= 0.4.0)
+    rubocop-rspec (2.5.0)
+      rubocop (~> 1.19)
+    ruby-progressbar (1.11.0)
+    ruby2_keywords (0.0.5)
+    sawyer (0.8.2)
+      addressable (>= 2.3.5)
+      faraday (> 0.8, < 2.0)
+    scanf (1.0.0)
+    semantic_puppet (1.0.4)
+    thor (1.1.0)
+    timers (4.3.3)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (2.1.0)
+    zeitwerk (2.5.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  abide-data-processor!
+  bundler
+  console
+  fast_gettext (~> 1.8)
+  gem-release
+  github_changelog_generator
+  pry
+  pry-byebug
+  rake (~> 12.0)
+  rspec (~> 3.0)
+  rubocop (~> 1.8)
+  rubocop-ast (~> 1.4)
+  rubocop-i18n (~> 3.0)
+  rubocop-performance (~> 1.9)
+  rubocop-rspec (~> 2.1)
+
+BUNDLED WITH
+   2.1.4

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2021 Tu2607
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,37 @@
+# Abide-Data-Processor
+
+This gem provides the functionality to process data parsed from a Hiera file for Puppetlabs CEM modules.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'abide-data-processor'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install abide-data-processor
+
+## Usage
+
+Since this gem is more of a library, there is no executable to run it.  This gem is designed to be use by Puppetlabs CEM modules to process the data that those modules generate.
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/puppetlabs/abide-data-processor.
+
+## Code of Conduct
+
+Everyone interacting in the Abide-Data-Processor project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/puppetlabs/abide-data-processor/blob/main/CODE_OF_CONDUCT.md).

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/abide-data-processor.gemspec

@@ -0,0 +1,49 @@
+require_relative 'lib/abide-data-processor/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "abide-data-processor"
+  spec.version       = AbideDataProcessor::VERSION
+  spec.authors       = ["abide-team"]
+  spec.email         = ["abide-team@puppet.com"]
+
+  spec.summary       = "Helper to process data for Puppetlabs CEM modules."
+  spec.description   = "Provides functions that help with extracting out information from Hiera file."
+  spec.homepage      = "https://github.com/puppetlabs/abide-data-processor"
+  spec.license       = "Proprietary"
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
+
+  # spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
+
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = spec.homepage
+  spec.metadata["changelog_uri"] = spec.homepage
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  # Prod dependencies
+  # I'm not too sure about this version
+  spec.add_dependency 'puppet', '>= 6.23'
+
+  # Dev dependencies
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'console'
+  spec.add_development_dependency 'github_changelog_generator'
+  spec.add_development_dependency 'gem-release'
+  spec.add_development_dependency 'pry'
+  spec.add_development_dependency 'pry-byebug'
+  spec.add_development_dependency 'rspec', '~> 3.10'
+  spec.add_development_dependency 'rubocop', '~> 1.8'
+  spec.add_development_dependency 'rubocop-rspec', '~> 2.1'
+  spec.add_development_dependency 'rubocop-ast', '~> 1.4'
+  spec.add_development_dependency 'rubocop-performance', '~> 1.9'
+  spec.add_development_dependency 'rubocop-i18n', '~> 3.0'
+  spec.add_development_dependency 'fast_gettext', '~> 1.8'
+end

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "abide/data/processor"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/abide-data-processor/logger.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module AbideDataProcessor
+  module Processor
+    class Logger
+      LEVELS = {error: 1, warning: 2, info: 3, debug: 4}
+
+      def initialize(level = :info, out = STDOUT, err = STDERR)
+        @level = LEVELS[level]
+        if @level.nil?
+          raise ArgumentError, "Unknown log level at #{level}"
+        end
+
+        @out = out
+        @err = err
+      end
+
+      def debug(message)
+        if @level >= LEVELS[:debug]
+          @out.puts(message)
+        end
+      end
+
+      def inform(message)
+        if @level >= LEVELS[:info]
+          @out.puts(message)
+        end
+      end
+
+      def warn(message)
+        if @level >= LEVELS[:warning]
+          @out.puts(message)
+        end
+      end
+
+      def err(message)
+        if @level >= LEVELS[:error]
+          @err.puts(message)
+        end
+      end
+    end
+  end
+end

data/lib/abide-data-processor/processor.rb

@@ -0,0 +1,283 @@
+# frozen_string_literal: true
+
+require 'deep_merge'
+require 'set'
+require 'pry'
+
+module AbideDataProcessor
+  module Processor
+    # Here lies the class that will be use to create/extract resources
+    class ResourceCreator
+
+      # @param control_maps: The control mappings to valid IDs
+      # @param module_name: The name of the module
+      # @param logger: The logger that we will use to log information for the user
+      def initialize(control_maps, module_name, logger)
+        @module_name = module_name
+        @control_maps = control_maps
+        @logger = logger
+      end
+
+      # control_key_maps
+      # Gets all control key maps from Hiera for indexed control ID permutation searches
+      # @return An array of four control ID maps, each indexed by one of the four different valid permutations of a control ID
+      def control_key_maps
+        key_prefix = "#{@module_name}::mappings::cis"
+        %w[hiera_title hiera_title_num number title].each_with_object([]) do |key, ary|
+          ary << [key_prefix, key].join('::')
+        end
+      end
+
+      def cis_hiera_key(prefix, key)
+        "#{prefix}::#{key}"
+      end
+
+      # create_resources
+      # @param resources_hash: the hash of controls to be enforces, user will provide this
+      # @param only: the list of controls to be enforce only, pulled from cis.pp
+      # @param ignore: the list of controls to be ignore, pulled from cis.pp
+      # @param control_configs: the custom control configurations pulled from cis.pp
+      # Return a hash to be convert to Puppet code.
+      def create_resources(resources_hash, only, ignore, control_configs)
+        resources = real_resources(resources_hash, only.to_set, ignore.to_set, control_configs)
+        ordered_resources = order_resources(resources)
+
+        mutate_ordering_params!(ordered_resources[1])
+        ordered_resources
+      end
+
+      # Everything else except the create_resource function will be private
+      private
+
+      # real_resources
+      # Formats a Hiera resources hash into a hash used by order_resources()
+      # @param resources_hash The raw resources hash pulled from hiera
+      # @param only The $only parameter from cis.pp
+      # @param ignore The $ignore parameter from cis.pp
+      # @param control_configs The $control_configs parameter from cis.pp
+      def real_resources(resources_hash, only, ignore, control_configs)
+        real_resources = {}
+        all_controls_name = Set.new # subject to change
+
+        # Grabbing all the control name here into a set
+        resources_hash.each do |_title, data|
+          all_controls_name |= data['controls'].keys.to_set
+        end
+
+        resources_hash.each do |title, data|
+          resource_params = if data.key?('controls')
+                              extract_control_params(data['controls'], only, ignore, control_configs, all_controls_name)
+                            else
+                              {}
+                            end
+          if real_resources.key?(data['type']) && real_resources[data['type']].key?(title)
+            real_resources[data['type']][title].deep_merge!(resource_params, merge_hash_arrays: true)
+          else
+            real_resources[data['type']] = { title => resource_params }
+          end
+        end
+        real_resources
+      end
+
+      # extract_control_params
+      # Extracts resource parameters from a Hiera resource hash item's `controls` key
+      # @param control_data The resource hash item's `controls` key-value pair (i.e. data['controls'])
+      # @param only The $only parameter from cis.pp
+      # @param ignore The $ignore parameter from cis.pp
+      # @param control_configs The $control_configs parameter from cis.pp
+      # @param all_controls_name: All of the controls name
+      def extract_control_params(control_data, only, ignore, control_configs, all_controls_name)
+        control_params = {}
+        control_data.each do |name, params|
+          name_map = map_for_control_name(name, @control_maps)
+
+          # Only and ignore list check
+          next unless only_and_ignore_check(name, name_map, only, ignore)
+
+          # Control dependent check
+          if params.key?('dependent')
+            unless dependent_check(all_controls_name, params['dependent'], ignore, only)
+              # Below is just a sure fire way to make sure that we will never use the resource
+              only.delete(name) # Remove from the only list
+              ignore.add(name) # Add the name of the current control to the ignore list if we're not gonna enforce it
+              @logger.inform("Control #{name} will not be enforced because the controls that it depends on is invalid.")
+              next
+            end
+          end
+          # Find if there are any custom control configs from the cis.pp based on the control's name and its permutation
+          customized = find_control_customization(name, name_map[name], control_configs)
+          params.deep_merge!(customized, merge_hash_arrays: true)
+          control_params.deep_merge!(params, merge_hash_arrays: true)
+        end
+        control_params
+      end
+
+      # dependent_check
+      # @param all_controls_name: Set of all controls name that parsed from the hiera data
+      # @param all_dependent_resources: An array of all the resources that is relied upon
+      # @param ignore: List of controls to be ignore
+      # @param only: List of only controls that need to be enforce
+      # return true if a dependent control is
+      def dependent_check(all_controls_name, all_dependent_resources, ignore, only)
+        all_dependent_resources.each do |resource_name|
+          valid_resource_name = map_for_control_name(resource_name, @control_maps)
+          # Bounce immediately if it is not a part of the controls we're enforcing
+          return false unless filter_function(resource_name, valid_resource_name, all_controls_name)
+
+          if !ignore.empty?
+            return false if filter_function(resource_name, valid_resource_name, ignore)
+          elsif !only.empty?
+            return false unless filter_function(resource_name, valid_resource_name, only)
+          end
+        end
+      end
+
+      # order_resources
+      # A work in progress to integrate more metaparamenters in
+      # Checks for and creates resources based off of `before`, `after`, `notify`, `require` parameters
+      # specified in a controls hash
+      # @param resources Output of real_resources()
+      # @return An array of resource hashes indexed in the order their contents should be created
+      def order_resources(resources)
+        before = {}
+        after = {}
+        req = {}
+        notify = {}
+        resources.each do |_, data|
+          create_ordered_resource!('before', before, data)
+          create_ordered_resource!('notify', notify, data)
+          create_ordered_resource!('after', after, data)
+          create_ordered_resource!('require', req, data)
+        end
+
+        before.deep_merge!(notify)
+        after.deep_merge!(req)
+
+        [before, resources, after]
+      end
+
+      # filter_function
+      # A general function to see if a control name is in a supply list of control name
+      # @param name: The name of the control that we have
+      # @param name_map: All valid control ID permutation of the param name
+      # @set_of_control: Either the ignore or the only list to go through
+      # return true if control ID is found in set_of_control
+      def filter_function(name, name_map, set_of_control)
+        name_list = name_map[name]
+        return true if set_of_control.include?(name)
+
+        name_list.each do |n|
+          return true if set_of_control.include?(n)
+        end
+
+        false
+      end
+
+      # only_and_ignore_check
+      # @param name: name of the control to check if it's in either only or ignore list
+      # @param name_map: the name map of valid ID permutation for the `name` param
+      # @param only: the list of controls that will get enforced only
+      # @param ignore: the list of controls that will be ignored
+      # @return false when control is either not in the only list or is in the ignore list.
+      # else return true
+      def only_and_ignore_check(name, name_map, only, ignore)
+        if !only.empty? && !filter_function(name, name_map, only)
+          @logger.inform("Control #{name} will be skipped because it is not in the only list.")
+          return false
+        end
+
+        if !ignore.empty? && filter_function(name, name_map, ignore)
+          @logger.inform("Control #{name} will be skipped because it is in the ignore list.")
+          return false
+        end
+        true
+      end
+
+      # create_ordered_resource!
+      # Creates a resource hash from a resource declaration found in a `before`, `after`, `require`, or `notify` parameter
+      # @param order_key Either 'before', 'after', `notify`, or `require`
+      # @param container Either the before hash, the notify hash, the require hash or the after hash.
+      # The container is modified in place.
+      # @param res_data Resource data from the real_resources hash
+      def create_ordered_resource!(order_key, container, res_data)
+        res_data.each do |_, data|
+          next unless data.key?(order_key)
+
+          data[order_key].each do |title, params|
+            container[params['type']] = {} unless container.key?(params['type'])
+            container[params['type']][title] = params.reject { |k, _| k == 'type' }
+          end
+        end
+      end
+
+      # mutate_ordering_params!
+      # This takes the Hiera resource declarations in a `before` or `after` param and transforms
+      # them into and array of Puppet resource references. Puppet resource references take the
+      # form: Resource::Type['<resource title'].
+      # @param resources Output from real_resources()
+      def mutate_ordering_params!(resources)
+        resources.each do |res_type, res_data|
+          %w[before notify after require].each do |order_key|
+            res_data.each do |res_title, params|
+              next unless params.key?(order_key)
+
+              references = []
+              params[order_key].each do |k, v|
+                references << resource_reference(v['type'], k)
+              end
+              resources[res_type][res_title][order_key] = references
+            end
+          end
+        end
+      end
+
+      # resource_reference
+      # Returns a Puppet resource reference string
+      # @param res_type A Puppet resource type
+      # @param title A Puppet resource title
+      def resource_reference(res_type, title)
+        type_ref = res_type.split('::').map(&:capitalize).join('::')
+        "#{type_ref}[#{title}]"
+      end
+
+      # find_control_customization
+      # Finds any control parameter customizations passed in via control_configs
+      # @param name The control name (or other valid permutation)
+      # @param control_configs The $control_configs parameter from cis.pp
+      # @param name_map: The array of valid permutation of name
+      # @return A hash of customized parameters. If none were found, nil
+      def find_control_customization(name, name_map, control_configs)
+        return {} if control_configs.empty?
+
+        mapped_key(control_configs, name, name_map)
+      end
+
+      # map_for_control_name
+      # Returns a hash of all valid permutations of the given control id
+      # @param name The control name or other valid permutation
+      # @param maps All maps
+      def map_for_control_name(name, maps)
+        maps.each do |map|
+          return map if map&.fetch(name, false) # returns the map if fetch returns false
+        end
+        nil
+      end
+
+      # mapped_key
+      # Finds an item in the given hash that matches one of the values in name_map
+      # @param hsh The hash to search i.e the custom config hash
+      # @param name The name of the current control that we're looking to see if it has any custom configs
+      # @param name_map An array name for valid control permutations
+      # @return The value from the hash if found, or nil
+      def mapped_key(hsh, name, name_map)
+        return hsh[name] if hsh&.fetch(name, false)
+
+        name_map.each do |pkey|
+          return hsh[pkey] if hsh&.fetch(pkey, false)
+        end
+        nil
+      end
+
+    end
+  end
+end

data/lib/abide-data-processor/version.rb

@@ -0,0 +1,3 @@
+module AbideDataProcessor
+  VERSION = "0.0.0"
+end

data/lib/abide-data-processor.rb

@@ -0,0 +1,4 @@
+require 'abide-data-processor/version'
+require 'abide-data-processor/processor'
+# Root namespace for all modules / classes
+module AbideDataProcessor; end

metadata

@@ -0,0 +1,272 @@
+--- !ruby/object:Gem::Specification
+name: abide-data-processor
+version: !ruby/object:Gem::Version
+  version: 0.0.0
+platform: ruby
+authors:
+- abide-team
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2021-11-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: puppet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.23'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.23'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: console
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: github_changelog_generator
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: gem-release
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.10'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+- !ruby/object:Gem::Dependency
+  name: rubocop-ast
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: rubocop-i18n
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: fast_gettext
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+description: Provides functions that help with extracting out information from Hiera
+  file.
+email:
+- abide-team@puppet.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- abide-data-processor.gemspec
+- bin/console
+- bin/setup
+- lib/abide-data-processor.rb
+- lib/abide-data-processor/logger.rb
+- lib/abide-data-processor/processor.rb
+- lib/abide-data-processor/version.rb
+homepage: https://github.com/puppetlabs/abide-data-processor
+licenses:
+- Proprietary
+metadata:
+  homepage_uri: https://github.com/puppetlabs/abide-data-processor
+  source_code_uri: https://github.com/puppetlabs/abide-data-processor
+  changelog_uri: https://github.com/puppetlabs/abide-data-processor
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.6
+signing_key: 
+specification_version: 4
+summary: Helper to process data for Puppetlabs CEM modules.
+test_files: []