abide-data-processor 0.3.0 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b04940d641ff075df44bad1d44db0c5cfb4498c0aacd69c79baf5af9234d5533
-  data.tar.gz: 4ccc87ba94466281cb4ed8656b3734f07063ada8c113abc2c50e6c9b61d5bed7
+  metadata.gz: d0c06067b1e8e9d9fd97a99a4a006fbe5f194103783b086d7be46053468a0f7e
+  data.tar.gz: 10b23ed882b6ae68e057c2bde2c31ee7d46b5bee3e28b11223b96d1342666bc8
 SHA512:
-  metadata.gz: 2cc5c8a4f39c318f635b84e2413435b0e5e39ce2dfa6c9acee8e1d912b7f4936dbfb131281f571c1de44b7a41d37b6f3650e45eb0ebdd3e6eec75245bad1aac0
-  data.tar.gz: dc18ff5f2a6c0bb41d5213969643d71261df6b36d9e31af10bd4e1d40bd532633b8bc988e33142af693983cdc1f0deda7f363096fb9e2e5b154f1f2bcaca20d8
+  metadata.gz: f1774914d0700a4afdaf9c9f4dc7d92da3811ef9e37a271b1b517d9a37920f7d7c2fd778302c369daab51c28c25f7ac51ddf92cf530ba31190ac06b06017d410
+  data.tar.gz: 9f7fcffebc49eb7590b36d2b38caf7fe1126de54414c2267f2b4544928c4c165c862ac345058a08f15fade7a74133c0e232943c0c4ac00e0b8fff6fbb1ee9a07

data/Gemfile.lock

@@ -1,8 +1,9 @@
 PATH
   remote: .
   specs:
-    abide-data-processor (0.3.0)
-      puppet (>= 6.23)
+    abide-data-processor (1.0.0)
+      deep_merge (~> 1.2)
+      rgl (~> 0.5)
 
 GEM
   remote: https://rubygems.org/
@@ -39,11 +40,8 @@ GEM
     concurrent-ruby (1.1.9)
     console (1.13.1)
       fiber-local
-    deep_merge (1.2.1)
+    deep_merge (1.2.2)
     diff-lcs (1.4.4)
-    facter (4.2.5)
-      hocon (~> 1.3)
-      thor (>= 1.0.1, < 2.0)
     faraday (1.8.0)
       faraday-em_http (~> 1.0)
       faraday-em_synchrony (~> 1.0)
@@ -68,6 +66,7 @@ GEM
     fast_gettext (1.8.0)
     fiber-local (1.0.0)
     gem-release (2.2.2)
+    generator (0.0.1)
     github_changelog_generator (1.16.4)
       activesupport
       async (>= 1.25.0)
@@ -77,11 +76,9 @@ GEM
       octokit (~> 4.6)
       rainbow (>= 2.2.1)
       rake (>= 10.0)
-    hiera (3.7.0)
-    hocon (1.3.1)
     i18n (1.8.10)
       concurrent-ruby (~> 1.0)
-    locale (2.1.3)
+    lazy_priority_queue (0.1.1)
     method_source (1.0.0)
     minitest (5.14.4)
     multi_json (1.15.0)
@@ -107,23 +104,13 @@ GEM
       byebug (~> 11.0)
       pry (~> 0.10)
     public_suffix (4.0.6)
-    puppet (7.12.1)
-      concurrent-ruby (~> 1.0)
-      deep_merge (~> 1.0)
-      facter (> 2.0.1, < 5)
-      fast_gettext (~> 1.1)
-      hiera (>= 3.2.1, < 4)
-      locale (~> 2.1)
-      multi_json (~> 1.10)
-      puppet-resource_api (~> 1.5)
-      scanf (~> 1.0)
-      semantic_puppet (~> 1.0)
-    puppet-resource_api (1.8.14)
-      hocon (>= 1.0)
     rainbow (3.0.0)
     rake (12.3.3)
     regexp_parser (2.1.1)
     rexml (3.2.5)
+    rgl (0.5.7)
+      lazy_priority_queue (~> 0.1.0)
+      stream (~> 0.5.3)
     rspec (3.10.0)
       rspec-core (~> 3.10.0)
       rspec-expectations (~> 3.10.0)
@@ -160,9 +147,8 @@ GEM
     sawyer (0.8.2)
       addressable (>= 2.3.5)
       faraday (> 0.8, < 2.0)
-    scanf (1.0.0)
-    semantic_puppet (1.0.4)
-    thor (1.1.0)
+    stream (0.5.3)
+      generator
     timers (4.3.3)
     tzinfo (2.0.4)
       concurrent-ruby (~> 1.0)

data/abide-data-processor.gemspec

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'lib/abide-data-processor/version'
 
 Gem::Specification.new do |spec|
@@ -28,8 +30,8 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   # Prod dependencies
-  # I'm not too sure about this version
-  spec.add_dependency 'puppet', '>= 6.23'
+  spec.add_dependency 'deep_merge', '~> 1.2'
+  spec.add_dependency 'rgl', '~> 0.5'
 
   # Dev dependencies
   spec.add_development_dependency 'bundler'

data/lib/abide-data-processor/parser.rb

@@ -0,0 +1,722 @@
+# frozen_string_literal: true
+
+require 'deep_merge'
+require 'rgl/adjacency'
+require 'rgl/topsort'
+require 'rgl/traversal'
+require 'set'
+
+module AbideDataProcessor
+  # This module contains the logic for creating resource data from Hiera data.
+  module Parser
+    MAP_TYPES = %w[hiera_title hiera_title_num number title].freeze
+    METAPARAMS = %w[dependent before require subscribe notify].freeze
+
+    # Parse Hiera data into a resource data Hash
+    # @param hiera_data [Hash] Hiera data to parse
+    # @param control_maps [Array] Control maps to use
+    # @return [Hash] Parsed resource data
+    def self.parse(hiera_data, control_maps, control_configs: {}, ignore: [], only: [])
+      ResourceDataParser.new(
+        hiera_data,
+        control_maps,
+        control_configs: control_configs,
+        ignore: ignore,
+        only: only
+      ).parse
+    end
+
+    # This module handles data validation for the CIS data parser
+    module Validation
+      # Validates the hiera_data parameter and either raises an ArgumentError or returns the hiera_data parameter.
+      # @param hiera_data [Hash] The Hiera data to be parsed.
+      # @return [Hash] The Hiera data to be parsed.
+      # @raise [ArgumentError] If the hiera_data parameter is not a non-empty Hash.
+      def validate_hiera_data(hiera_data)
+        unless not_nil_or_empty?(hiera_data) && hiera_data.is_a?(Hash)
+          raise ArgumentError, 'hiera_data must be a non-nil, non-empty Hash'
+        end
+
+        hiera_data
+      end
+
+      # Validates the control_maps parameter and either raises an ArgumentError or returns the control_maps parameter.
+      # @param control_maps [Array] The control maps to be parsed.
+      # @return [Array] The control maps to be parsed.
+      # @raise [ArgumentError] If the control_maps parameter is not a non-empty Array of Hashes.
+      def validate_control_maps(control_maps)
+        unless not_nil_or_empty?(control_maps) && array_of_hashes?(control_maps)
+          raise ArgumentError, 'control_maps must be a non-nil, non-empty Array of Hashes'
+        end
+
+        control_maps
+      end
+
+      # Checks if the value is not nil or empty.
+      # @param value [Any] The value to be checked.
+      # @return [Boolean] True if the value is not nil or empty, false otherwise.
+      def not_nil_or_empty?(value)
+        !value.nil? && !value.empty?
+      end
+
+      # Checks if the value is an Array of Hashes.
+      # @param value [Any] The value to be checked.
+      # @return [Boolean] True if the value is an Array of Hashes, false otherwise.
+      def array_of_hashes?(value)
+        value.is_a?(Array) && value.all? { |h| h.is_a?(Hash) }
+      end
+    end
+
+    # Parser class for resource Hiera data.
+    # rubocop:disable Metrics/ClassLength
+    class ResourceDataParser
+      include Validation
+      attr_reader :hiera_data, :control_maps, :resources
+
+      def initialize(hiera_data, control_maps, control_configs: {}, ignore: [], only: [])
+        @hiera_data = validate_hiera_data(hiera_data)
+        @control_maps = validate_control_maps(control_maps)
+        @control_configs = control_configs
+        @ignore = ignore
+        @only = only
+        @resources = RGL::DirectedAdjacencyGraph.new
+        @controls = Set.new
+        @filtered = Set.new
+        @dependent = {}
+      end
+
+      # Parse the Hiera data into a Hash used by Puppet to create the resources.
+      # The way this works is by first creating a DAG and adding all resources to the graph
+      # as vertices, with an edge for each resource pointing from a dummy node, :root, to the
+      # resource. We then add edges to the graph based on the `before_me` and `after_me` lists
+      # of each resource and remove the :root-connected edges for each resource that has a
+      # `before_me` list, and remove the :root-connected edges for each resource in a `after_me`
+      # list. Finally, we sort the graph into an Array populated with a single Hash of ordered
+      # resources and return that Hash.
+      # @return [Array] A sorted array of resource hashes.
+      # rubocop:disable Metrics/MethodLength
+      def parse
+        @hiera_data.each do |name, data|
+          resource = AbideDataProcessor::Parser.new_resource(name, data, @control_maps)
+          add_control_names(resource)
+          add_dependent_mapping(resource) # Map any controls this resource depends on
+          @resources.add_vertex(resource) # Add all the resources to the graph
+          @resources.add_edge(:root, resource) # Establish the root -> resource edges
+          add_edge_ordering(resource) # Add resource ordering edges
+        end
+        # If the resource should be filtered (i.e. only or ignore), remove it from the graph.
+        filter_resources!
+        # Verify that all dependent resources are in the graph, remove them if not.
+        remove_unsatisfied_dependents!
+        # Sort the graph and return the array of ordered resource hashes
+        sort_resources.map do |r|
+          r.add_control_configs(@control_configs)
+          resource_data(r)
+        end
+      end
+      # rubocop:enable Metrics/MethodLength
+
+      private
+
+      # Adds control neames for the given resource to the @controls set.
+      # @param resource [Resource] The resource to add control names for.
+      def add_control_names(resource)
+        return unless resource.controls
+
+        @controls.merge(resource.control_names).flatten!
+        @controls.merge(resource.mapped_control_names).flatten!
+      end
+
+      # Calls the given Resource's `resource_data` method, filters out any resource references
+      # in metaparameters that references filtered resources, and returns the result.
+      # @param resource [Resource] The resource to be filtered.
+      # @return [Hash] The filtered resource data.
+      # rubocop:disable Metrics/MethodLength, Metrics/CyclomaticComplexity
+      def resource_data(resource)
+        data = resource.resource_data.dup
+        data.each do |_, res_data|
+          res_data.each do |_, params|
+            METAPARAMS.each do |param|
+              next unless params.key?(param)
+
+              params[param].reject! { |r| @filtered.to_a.map(&:resource_reference).include?(r) }
+              params.delete(param) if params[param].empty?
+            end
+          end
+        end
+        data
+      end
+      # rubocop:enable Metrics/MethodLength, Metrics/CyclomaticComplexity
+
+      # Removes Resources from the graph if they should be filtered.
+      def filter_resources!
+        @resources.depth_first_search do |resource|
+          next if resource == :root
+
+          if filter_resource?(resource)
+            @resources.remove_vertex(resource) # Remove resource's graph vertex
+            @filtered.add(resource) # Add resource to filtered set
+          end
+        end
+      end
+
+      # Checks whether the resource should be filtered out based on the ignore and only lists.
+      # @param resource [Resource] The resource to check.
+      # @return [Boolean] True if the resource should be filtered out, false otherwise.
+      def filter_resource?(resource)
+        return true if control_in?(resource, @ignore)
+        return true unless @only.empty? || control_in?(resource, @only)
+
+        false
+      end
+
+      # Adds a mapping for a dependent control and the resources that depend on it.
+      # @param resource [Resource] The resource to add the mapping for.
+      def add_dependent_mapping(resource)
+        return unless resource.dependent
+
+        resource.dependent.each do |control_name|
+          @dependent[control_name] = [] unless @dependent.key?(control_name)
+          @dependent[control_name] << resource
+        end
+      end
+
+      # Checks the dependent controls against all controls after filtered resource controls are removed
+      # and removes any dependent resources that are not satisfied.
+      # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
+      def remove_unsatisfied_dependents!
+        dependent_set = Set.new(@dependent.keys)
+        filtered_set = Set.new(@filtered.to_a.map(&:control_names)).flatten
+        filtered_mapped = Set.new(@filtered.to_a.map(&:mapped_control_names)).flatten
+
+        all_controls = @controls.subtract(filtered_set + filtered_mapped)
+        return if dependent_set.proper_subset?(all_controls) # All dependent controls exist in the graph
+
+        (dependent_set - all_controls).each do |control_name|
+          @dependent[control_name].each do |resource|
+            @resources.remove_vertex(resource)
+            @filtered.add(resource)
+          end
+        end
+      end
+      # rubocop:enable Metrics/MethodLength, Metrics/AbcSize
+
+      # Gets all verticies in the graph that have the associated control
+      # @param control_name [String] The name of the control to check.
+      # @return [Array] The verticies that have the associated control.
+      def collect_verticies_by_control(control_name)
+        @resources.vertices.select { |r| r.control?(control_name) }
+      end
+
+      # Checks if the given Resource has a control in the given list.
+      # @param resource [Resource] The resource to check.
+      # @param control_list [Array] The list of controls to check against.
+      # @return [Boolean] True if the resource is in the control list, false otherwise.
+      def control_in?(resource, control_list)
+        return false if control_list.empty?
+
+        control_list.each do |ignored_control|
+          return true if resource.control?(ignored_control)
+        end
+        false
+      end
+
+      # Adds edges to the graph based on the given Resource's `before_me` and `after_me` lists.
+      # @param resource [Resource] The Resource to add edges for.
+      def add_edge_ordering(resource)
+        add_before_me_edge(resource)
+        add_after_me_edge(resource)
+      end
+
+      # Adds edges to the graph based on the given Resource's `before_me` list.
+      # @param resource [Resource] The Resource to add edges for.
+      def add_before_me_edge(resource)
+        resource.before_me.flatten.each do |before|
+          next unless before # Skip if this `before` is nil, empty, or falsy (e.g. false, 0, etc.)
+          next if before.equal?(resource) # Skip if this `before` is the same as the current resource
+
+          # We remove the edge from root to this resource if it exists because this resource is no longer
+          # attached to the root of the graph as it has other resources before it.
+          @resources.remove_edge(:root, resource) if @resources.has_edge?(:root, resource)
+          # Add the edge from the before resource to this resource
+          @resources.add_edge(before, resource) unless @resources.has_edge?(before, resource)
+        end
+      end
+
+      # Adds edges to the graph based on the given Resource's `after_me` list.
+      # @param resource [Resource] The Resource to add edges for.
+      def add_after_me_edge(resource)
+        resource.after_me.flatten.each do |after|
+          next unless after # Skip if this `after` is nil, empty, or falsy (e.g. false, 0, etc.)
+          next if after.equal?(resource) # Skip if this `after` is the same as the current resource
+
+          # We remove the edge from root to the `after` resource if it exists because the `after` resource
+          # is no longer attached to the root of the graph as this resources comes before it.
+          @resources.remove_edge(:root, after) if @resources.has_edge?(:root, after)
+          # Add the edge from this resource to the after resource
+          @resources.add_edge(resource, after) unless @resources.has_edge?(resource, after)
+        end
+      end
+
+      # This method validates that the resources graph has no cycles and then returns a topological sort of the graph
+      # as an Array of Resource objects.
+      # @return [Array] The sorted Resources.
+      # @raise [ArgumentError] If the resources graph has any cycles.
+      def sort_resources
+        raise "Resource cyclic ordering detected: #{@resources.cycles}" unless @resources.acyclic?
+
+        # We call topsort on the graph to get the sorted list of resources, convert it to an array, and
+        # remove the root node.
+        @resources.topsort_iterator.to_a.flatten.uniq.reject { |r| r == :root }
+      end
+    end
+    # rubocop:enable Metrics/ClassLength
+
+    # This class holds all base attributes and methods for every syntax object.
+    # rubocop:disable Metrics/ClassLength
+    class ProcessorObject
+      include Validation
+      attr_reader :name, *METAPARAMS.map(&:to_sym)
+
+      def initialize(name, data, control_maps)
+        @name = name
+        @data = validate_hiera_data(data)
+        @control_maps = validate_control_maps(control_maps)
+        @dependent = Set.new
+        initialize_metaparams(@data, @control_maps)
+      end
+
+      # Determines if the name supplied is equal to the name of the object.
+      # This is overridden by subclasses to implement name mapped matches.
+      # @param name [String] The name to be compared to the object's name.
+      # @return [Boolean] True if the name is equal to the object's name, false otherwise.
+      def name?(_name)
+        raise NotImplementedError, 'This method must be implemented by a subclass'
+      end
+
+      # Abstract method to be implemented by subclasses.
+      # Returns a representation of this object as a Hash usable by Puppet's
+      # create_resources function.
+      def resource_data
+        raise NotImplementedError, 'This method must be implemented by a subclass'
+      end
+
+      # Returns any Resource objects that must be ordered before this object.
+      # @return [Array] The Resources that must be ordered before this object.
+      def before_me
+        defined?(@before_me) ? @before_me : initialize_before_me
+      end
+
+      # Returns any Resource objects that must be ordered after this object.
+      # @return [Array] The Resources that must be ordered after this object.
+      def after_me
+        defined?(@after_me) ? @after_me : initialize_after_me
+      end
+
+      # Converts this object to a String.
+      # @return [String] The class and name of this object.
+      def to_s
+        "#{self.class.name}('#{@name}')"
+      end
+
+      # Gives a more detailed String representation of this object.
+      # @return [String] The class, object id, and name of this object.
+      def inspect
+        "#<#{self.class.name}:#{object_id} '#{@name}'>"
+      end
+
+      private
+
+      # This method normalizes an array of Resources, or anything really, by
+      # flattening it, removing any nil values, removing any duplicates, and
+      # rejecting any empty objects if they respond to `empty?`. It then
+      # returns the new array.
+      # @param resources [Array] The array of Resources to be normalized.
+      # @return [Array] The normalized array of Resources.
+      def normalize_resource_array(array)
+        array.flatten.compact.uniq.reject { |r| r.empty? if r.respond_to?(:empty?) }
+      end
+
+      # This method normalizes an array of Resources, or anything really, by
+      # flattening it, removing any nil values, removing any duplicates, and
+      # rejecting any empty objects if they respond to `empty?`. It does this
+      # in place, directly modifying the input array.
+      # @param resources [Array] The array of Resources to be normalized.
+      def normalize_resource_array!(array)
+        array.flatten!
+        array.compact!
+        array.uniq!
+        array.reject! { |r| r.empty? if r.respond_to?(:empty?) }
+      end
+
+      # Initializes any relevant metaparameters based on the data supplied.
+      # @param data [Hash] The resource data to be parsed.
+      # @param control_maps [Array] The control maps to be used.
+      def initialize_metaparams(data, control_maps)
+        METAPARAMS.each do |param|
+          value, bool_value = parse_metaparam(data[param], control_maps)
+          raw_value, raw_bool_value = parse_raw_metaparam(data, param)
+          set_metaparam_instance_vars(param, value, raw_value)
+          define_metaparam_bool_methods(param, raw_bool_value, bool_value)
+        end
+      end
+
+      # Initilizes the before_me instance variable with a list of Resources
+      # that must be ordered before this object.
+      # @return [Array] The list of Resources that must be ordered before this object.
+      def initialize_before_me
+        ctrls = @controls ? calculate_ordered_controls('before_me') : []
+        this = calculate_self_ordering('require', 'subscribe')
+        @before_me = normalize_resource_array(this.concat(ctrls))
+        @before_me
+      end
+
+      # Initializes the after_me instance variable with a list of Resources
+      # that must be ordered after this object.
+      # @return [Array] The list of Resources that must be ordered after this object.
+      def initialize_after_me
+        ctrls = @controls ? calculate_ordered_controls('after_me') : []
+        this = calculate_self_ordering('notify', 'subscribe')
+        @after_me = normalize_resource_array(this.concat(ctrls))
+        @after_me
+      end
+
+      # This method adds the supplied Resource to the inverse ordering list of this
+      # object based on the supplied metaparameter. This method is never directly used
+      # by an object on itself, rather it is called by other objects when they establish
+      # ordering relationships with this object. Because this method is private, other
+      # objects must use `send` to call it.
+      # @param metaparam [String] The metaparameter to inverse
+      # @param resource [Resource] The Resource to be added to the inverse ordering list.
+      def add_inverse_ordered_resource(metaparam, resource)
+        if %w[require subscribe].include?(metaparam)
+          add_after_me(resource)
+        elsif %w[before notify].include?(metaparam)
+          add_before_me(resource)
+        end
+      end
+
+      # This method calculates the ordering of this object based on the
+      # ordering of the controls that are defined for this object.
+      # @param order_function [String] The function to use to calculate the ordering (before_me or after_me).
+      # @return [Array] The list of Resources gathered from the order function return of all controls.
+      def calculate_ordered_controls(order_function)
+        @controls.each_with_object([]) do |control, ary|
+          ary << control.send(order_function.to_sym)
+        end
+      end
+
+      # This method calculates the ordering of this object based on the
+      # the supplied metaparameters. This function is used with "like pairs"
+      # of metaparameters, such as "require" and "subscribe".
+      # @param metaparameters [Array] The metaparameters to use to calculate the ordering.
+      # @return [Array] The list of Resources gathered from this object's metaparameters.
+      def calculate_self_ordering(*metaparams)
+        ordered = metaparams.each_with_object([]) do |mparam, ary|
+          next unless send("#{mparam}?".to_sym)
+
+          ordered_resources = send(mparam.to_sym)
+          ordered_resources.each { |r| r.send(:add_inverse_ordered_resource, mparam, self) }
+
+          ary << ordered_resources
+        end
+        normalize_resource_array(ordered)
+      end
+
+      # Returns appropriate values for instance variables of the given metaparam based off the supplied value.
+      # @param value [Array] The metaparameter declaration value from Hiera.
+      # @param control_maps [Array] The relevant control maps used in Resource creation.
+      # @return [Array] Values for the instance variables of the given metaparam. The order of the values
+      #   is: Resource collection value, boolean value.
+      def parse_metaparam(value, control_maps)
+        return [nil, false] unless not_nil_or_empty?(value)
+
+        return parse_dependent_param(value) if value.is_a?(Array)
+
+        objects = value.each_with_object([]) do |(k, v), a|
+          a << AbideDataProcessor::Parser.new_resource(k, v, control_maps)
+        end
+        [normalize_resource_array(objects), !objects.empty?]
+      end
+
+      # Adds a each dependent control from a list of dependent controls to the
+      # @dependent instance variable.
+      # @param value [Array] The dependent controls to be added to the @dependent instance variable.
+      def parse_dependent_param(value)
+        value.each { |x| @dependent.add(x) }
+      end
+
+      # Returns appropriate raw value for instance variables of the given metaparam based off the supplied value.
+      # The raw value is the text values for the metaparameter declaration supplied via the resource data.
+      # @param data [Hash] The resource data to be parsed.
+      # @param param [String] The metaparameter to be parsed.
+      # @return [Array] Values for the instance variables of the given metaparam. The order of the values
+      #   is: raw value, boolean raw value.
+      def parse_raw_metaparam(data, param)
+        raw_value = data.fetch(param, nil)
+        [raw_value, (!raw_value.nil? && !raw_value.empty?)]
+      end
+
+      # Sets the instance variables of the given metaparam based off the supplied values.
+      # @param param [String] The metaparameter to be set.
+      # @param value [Array] The Resource value to be set.
+      # @param raw_value [Array] The raw value to be set.
+      def set_metaparam_instance_vars(param, value, raw_value)
+        instance_variable_set("@#{param}", value)
+        instance_variable_set("@#{param}_raw", raw_value)
+      end
+
+      # Defines singleton methods for this instance of ProcessorObject that are used to determine
+      # if the metaparameter is set.
+      # @param param [String] The metaparameter that will have boolean methods defined.
+      # @param raw_value [Boolean] The boolean value for the <metaparam>_raw? method.
+      # @param value [Boolean] The boolean value for the <metaparam>? method.
+      def define_metaparam_bool_methods(param, raw_value, value)
+        define_singleton_method("#{param}_raw?".to_sym) { raw_value }
+        define_singleton_method("#{param}?".to_sym) { value }
+      end
+
+      # Returns the mapped names for the given control identifier.
+      # @param identifier [String] The control identifier to be mapped.
+      # @return [Array] The mapped names for the given control identifier.
+      def find_mapped_names(identifier)
+        @control_maps.each do |control_map|
+          return control_map[identifier] if control_map.include?(identifier)
+        end
+        []
+      end
+    end
+
+    # This class represents a single control in the data structure.
+    class Control < ProcessorObject
+      attr_reader :mapped_names, :params, :param_names, :resource_params
+
+      def initialize(name, data, control_maps)
+        super(name, data, control_maps)
+        @mapped_names = find_mapped_names(@name)
+        @params = @data
+        @resource_params = @data.reject { |k, _v| METAPARAMS.include?(k) }
+        @param_names = Set.new(@params.keys)
+      end
+
+      def name?(name)
+        @name == name || @mapped_names.include?(name)
+      end
+
+      def param?(param_name)
+        @param_names.include?(param_name)
+      end
+
+      def param(param_name)
+        @params[param_name]
+      end
+
+      def resource_data
+        @resource_params
+      end
+    end
+    # rubocop:enable Metrics/ClassLength
+
+    # This class represents a single Puppet resource (class, defined type, etc.)
+    class Resource < ProcessorObject
+      attr_reader :name, :type, :controls, :control_names, :mapped_control_names
+
+      def initialize(name, data, control_maps)
+        super(name, data, control_maps)
+        @type = @data['type']
+        @controls = create_control_classes(@data['controls'])
+        @control_names = Set.new(@controls.map(&:name)).flatten
+        @mapped_control_names = Set.new(@controls.map(&:mapped_names).flatten).flatten
+        initialize_control_metaparams
+      end
+
+      # Adds overriding parameter values to controls in this resource
+      # if this resource has a matching control.
+      # @param data [Hash] The resource data to be parsed.
+      def add_control_configs(control_configs)
+        control_configs.each do |control, configs|
+          next unless control?(control)
+
+          @controls.each do |control_class|
+            next unless control_class.name?(control)
+
+            control_class.resource_params.deep_merge!(configs)
+          end
+        end
+      end
+
+      # Outputs a representation of this object as a Hash usable by Puppet's
+      # create_resources function.
+      def resource_data
+        control_params = control_parameters
+        METAPARAMS.each do |mparam|
+          next if mparam == 'dependent'
+
+          refs = resource_references(mparam, control_params)
+          next if refs.nil?
+
+          control_params[mparam] = refs
+        end
+        { @type => { @name => control_params } }
+      end
+
+      # This method returns a string representation of this Resource in the resource reference
+      # format used by Puppet.
+      # @return [String] A string representation of this Resource in the resource reference format.
+      def resource_reference
+        type_ref = @type.split('::').map(&:capitalize).join('::')
+        "#{type_ref}['#{@name}']"
+      end
+
+      # This method checks if this Resource contains the given control.
+      # @param control [String] The control to be checked.
+      # @return [Boolean] True if this Resource contains the given control, false otherwise.
+      def control?(control_name)
+        @control_names.include?(control_name) || @mapped_control_names.include?(control_name)
+      end
+
+      # This method checks if this Resource contains the given parameter.
+      # @param param_name [String] The parameter to be checked.
+      # @return [Boolean] True if this Resource contains the given parameter, false otherwise.
+      def param?(param_name)
+        if param_name.respond_to?(:each)
+          param_name.all? { |name| param?(name) }
+        else
+          @param_names.include?(param_name)
+        end
+      end
+
+      private
+
+      # This method gathers the resource data for each control this Resource contains.
+      # @return [Hash] The resource data for each control this Resource contains.
+      def control_parameters
+        @controls.each_with_object({}) do |control, h|
+          h.deep_merge(control.resource_data)
+        end
+      end
+
+      # This method gets the resource references for the given metaparameter and control parameters.
+      # @param mparam [String] The metaparameter to be checked.
+      # @param control_params [Hash] The control parameters to be checked.
+      # @return [Array] The resource references for the given metaparameter and control parameters.
+      # @return [nil] If the given metaparameter is not set on this Resource.
+      def resource_references(mparam, control_params)
+        # rubocop:disable Style/RedundantSelf
+        # we use self here because `require` is a metaparam and we don't want to
+        # call `Kernel#require` accidentally.
+        this_mparam = self.send(mparam.to_sym)
+        # rubocop:enable Style/RedundantSelf
+        return if this_mparam.nil? || this_mparam.compact.empty?
+
+        if control_params.key?(mparam)
+          control_params[mparam].concat(this_mparam.map(&:resource_reference))
+        else
+          this_mparam.map(&:resource_reference)
+        end
+      end
+
+      # Adds a Resource to the before_me list.
+      # @param resource [Resource] The Resource to be added to the before_me list.
+      def add_before_me(resource)
+        before_me.append(resource)
+      end
+
+      # Adds a Resource to the after_me list.
+      # @param resource [Resource] The Resource to be added to the after_me list.
+      def add_after_me(resource)
+        after_me.append(resource)
+      end
+
+      # Initializes all metaparameter values of all controls that this Resource contains
+      # and brings those values into the scope of this Resource. Also initializes the
+      # @before_me and @after_me instance variables.
+      def initialize_control_metaparams
+        METAPARAMS.each { |mparam| initialize_control_metaparameter(mparam) }
+        @before_me = initialize_before_me
+        @after_me = initialize_after_me
+      end
+
+      # Initializes a single supplied metaparameter for all controls that this Resource
+      # contains and brings those values into the scope of this Resource.
+      # @param mparam [String] The metaparameter to be initialized.
+      def initialize_control_metaparameter(mparam)
+        ctrl_objects = @controls.map { |c| c.send(mparam.to_sym) }.flatten
+        return if ctrl_objects.empty?
+
+        current_objects = instance_variable_get("@#{mparam}") || []
+        all_meta_objects = ctrl_objects.concat(current_objects)
+        instance_variable_set("@#{mparam}", all_meta_objects.flatten.compact.uniq)
+        define_singleton_method("#{mparam}?".to_sym) { all_meta_objects.any? }
+      end
+
+      # Creates a new Control class for each control in the data structure if that Control class
+      # does not already exist in the cache.
+      # @param control_data [Array] The control data of the resource from the Hiera data.
+      def create_control_classes(control_data)
+        control_data.map { |cname, cdata| AbideDataProcessor::Parser.new_control(cname, cdata, @control_maps) }
+      end
+    end
+
+    class << self
+      # Creates a new Resource object. If an object with the same resource name, resource data, and control maps
+      # already exists, it will be returned instead of creating a new one.
+      # @param resource_name [String] The name of the resource.
+      # @param resource_data [Hash] The data for the resource.
+      # @param control_maps [Array] The control maps for the resource.
+      # @return [Resource] The new or cached Resource object.
+      def new_resource(resource_name, resource_data, control_maps)
+        cache_key = [Resource.name, resource_name, resource_data, control_maps]
+        cached = cache_get(cache_key)
+        return cached unless cached.nil?
+
+        new_resource = Resource.new(resource_name, resource_data, control_maps)
+        cache_add(cache_key, new_resource)
+        new_resource
+      end
+
+      # Creates a new Control object. If an object with the same control name, control data, and control maps
+      # already exists, it will be returned instead of creating a new one.
+      # @param control_name [String] The name of the control.
+      # @param control_data [Hash] The data for the control.
+      # @param control_maps [Array] The control maps for the control.
+      # @return [Control] The new or cached Control object.
+      def new_control(control_name, control_data, control_maps)
+        cache_key = [Control.name, control_name, control_data, control_maps]
+        cached = cache_get(cache_key)
+        return cached unless cached.nil?
+
+        new_control = Control.new(control_name, control_data, control_maps)
+        cache_add(cache_key, new_control)
+        new_control
+      end
+
+      # Clears the current cache. Used in testing.
+      def clear_cache
+        @object_cache = {}
+      end
+
+      private
+
+      # Helper method to add a ProcessorObject (or subclass of one) to the cache.
+      # @param key [Array] The key for the cache. An array comprised of the object name, object data,
+      # and control maps.
+      # @param resource [ProcessorObject] The object to add to the cache.
+      def cache_add(key, object)
+        object_cache[key] = object
+      end
+
+      # Helper method to retrieve a ProcessorObject from the cache.
+      # @param key [Array] The key for the cache. An array comprised of the resource name, resource data, and control maps.
+      # @return [ProcessorObject] The object from the cache, or nil if the object doesn't exist.
+      def cache_get(key)
+        object_cache.fetch(key, nil)
+      end
+
+      # Holds the object cache. If the object cache doesn't exist, it will be created.
+      def object_cache
+        @object_cache ||= {}
+      end
+    end
+  end
+end

data/lib/abide-data-processor/processor.rb

@@ -1,283 +1,12 @@
 # frozen_string_literal: true
 
-require 'deep_merge'
-require 'set'
+require 'abide-data-processor/parser'
 
 module AbideDataProcessor
   module Processor
-    # Here lies the class that will be use to create/extract resources
-    class ResourceCreator
-
-      # @param control_maps: The control mappings to valid IDs
-      # @param module_name: The name of the module
-      # @param logger: The logger that we will use to log information for the user
-      def initialize(control_maps, logger)
-        @control_maps = control_maps
-        @logger = logger
-      end
-
-      # control_key_maps
-      # Gets all control key maps from Hiera for indexed control ID permutation searches
-      # @return An array of four control ID maps, each indexed by one of the four different valid permutations of a control ID
-      def self.control_key_maps(module_name)
-        key_prefix = "#{module_name}::mappings::cis"
-        %w[hiera_title hiera_title_num number title].each_with_object([]) do |key, ary|
-          ary << [key_prefix, key].join('::')
-        end
-      end
-
-      def cis_hiera_key(prefix, key)
-        "#{prefix}::#{key}"
-      end
-
-      # create_resources
-      # @param resources_hash: the hash of controls to be enforces, user will provide this
-      # @param only: the list of controls to be enforce only, pulled from cis.pp
-      # @param ignore: the list of controls to be ignore, pulled from cis.pp
-      # @param control_configs: the custom control configurations pulled from cis.pp
-      # Return a hash to be convert to Puppet code.
-      def create_resources(resources_hash, only, ignore, control_configs)
-        unfreezed_resources = Marshal.load(Marshal.dump(resources_hash))
-        resources = real_resources(unfreezed_resources, only.to_set, ignore.to_set, control_configs)
-        ordered_resources = order_resources(resources)
-
-        mutate_ordering_params!(ordered_resources[1])
-        ordered_resources
-      end
-
-      # Everything else except the create_resource function will be private
-      private
-
-      # real_resources
-      # Formats a Hiera resources hash into a hash used by order_resources()
-      # @param resources_hash The raw resources hash pulled from hiera
-      # @param only The $only parameter from cis.pp
-      # @param ignore The $ignore parameter from cis.pp
-      # @param control_configs The $control_configs parameter from cis.pp
-      def real_resources(resources_hash, only, ignore, control_configs)
-        real_resources = {}
-        all_controls_name = Set.new # subject to change
-
-        # Grabbing all the control name here into a set
-        resources_hash.each do |_title, data|
-          all_controls_name |= data['controls'].keys.to_set
-        end
-
-        resources_hash.each do |title, data|
-          resource_params = if data.key?('controls')
-                              extract_control_params(data['controls'], only, ignore, control_configs, all_controls_name)
-                            else
-                              {}
-                            end
-          if real_resources.key?(data['type']) && real_resources[data['type']].key?(title)
-            real_resources[data['type']][title].deep_merge!(resource_params, merge_hash_arrays: true)
-          else
-            real_resources[data['type']] = { title => resource_params }
-          end
-        end
-        real_resources
-      end
-
-      # extract_control_params
-      # Extracts resource parameters from a Hiera resource hash item's `controls` key
-      # @param control_data The resource hash item's `controls` key-value pair (i.e. data['controls'])
-      # @param only The $only parameter from cis.pp
-      # @param ignore The $ignore parameter from cis.pp
-      # @param control_configs The $control_configs parameter from cis.pp
-      # @param all_controls_name: All of the controls name
-      def extract_control_params(control_data, only, ignore, control_configs, all_controls_name)
-        control_params = {}
-        control_data.each do |name, params|
-          name_map = map_for_control_name(name, @control_maps)
-          next if name_map.nil?
-          # Only and ignore list check
-          # The name_map that got passed in here is a hash
-          next unless only_and_ignore_check(name, name_map, only, ignore)
-
-          # Control dependent check
-          if params.key?('dependent')
-            unless dependent_check(all_controls_name, params['dependent'], ignore, only)
-              # Below is just a sure fire way to make sure that we will never use the resource
-              only.delete(name) # Remove from the only list
-              ignore.add(name) # Add the name of the current control to the ignore list if we're not gonna enforce it
-              @logger.debug("Control #{name} will not be enforced because the controls that it depends on is invalid.")
-              next
-            end
-          end
-          # Find if there are any custom control configs from the cis.pp based on the control's name and its permutation
-          customized = find_control_customization(name, name_map[name], control_configs) # Check for failuer here
-          params.deep_merge!(customized, merge_hash_arrays: true)
-          control_params.deep_merge!(params, merge_hash_arrays: true)
-        end
-        control_params
-      end
-
-      # dependent_check
-      # @param all_controls_name: Set of all controls name that parsed from the hiera data
-      # @param all_dependent_resources: An array of all the resources that is relied upon
-      # @param ignore: List of controls to be ignore
-      # @param only: List of only controls that need to be enforce
-      # return true if a dependent control is
-      def dependent_check(all_controls_name, all_dependent_resources, ignore, only)
-        all_dependent_resources.each do |resource_name|
-          valid_resource_name = map_for_control_name(resource_name, @control_maps)
-          # Bounce immediately if it is not a part of the controls we're enforcing
-          return false unless filter_function(resource_name, valid_resource_name, all_controls_name)
-
-          if !ignore.empty?
-            return false if filter_function(resource_name, valid_resource_name, ignore)
-          elsif !only.empty?
-            return false unless filter_function(resource_name, valid_resource_name, only)
-          end
-        end
-      end
-
-      # order_resources
-      # A work in progress to integrate more metaparamenters in
-      # Checks for and creates resources based off of `before`, `after`, `notify`, `require` parameters
-      # specified in a controls hash
-      # @param resources Output of real_resources()
-      # @return An array of resource hashes indexed in the order their contents should be created
-      def order_resources(resources)
-        before = {}
-        after = {}
-        req = {}
-        notify = {}
-        resources.each do |_, data|
-          create_ordered_resource!('before', before, data)
-          create_ordered_resource!('notify', notify, data)
-          create_ordered_resource!('after', after, data)
-          create_ordered_resource!('require', req, data)
-        end
-
-        before.deep_merge!(notify)
-        after.deep_merge!(req)
-
-        [before, resources, after]
-      end
-
-      # filter_function
-      # A general function to see if a control name is in a supply list of control name
-      # @param name: The name of the control that we have
-      # @param name_map: Hash that contains all valid control ID permutation of the param name
-      # @set_of_control: Either the ignore or the only list to go through
-      # return true if control ID is found in set_of_control
-      def filter_function(name, name_map, set_of_control)
-        name_list = name_map[name] # Grab the array that contain all valid permutation of the ID
-        return true if set_of_control.include?(name)
-
-        name_list.each do |n|
-          return true if set_of_control.include?(n)
-        end
-
-        false
-      end
-
-      # only_and_ignore_check
-      # @param name: name of the control to check if it's in either only or ignore list
-      # @param name_map: a hash of the name map of valid ID permutation for the `name` param
-      # @param only: the list of controls that will get enforced only
-      # @param ignore: the list of controls that will be ignored
-      # @return false when control is either not in the only list or is in the ignore list.
-      # else return true
-      def only_and_ignore_check(name, name_map, only, ignore)
-        if !only.empty? && !filter_function(name, name_map, only)
-          @logger.debug("Control #{name} will be skipped because it is not in the only list.")
-          return false
-        end
-
-        if !ignore.empty? && filter_function(name, name_map, ignore)
-          @logger.debug("Control #{name} will be skipped because it is in the ignore list.")
-          return false
-        end
-        true
-      end
-
-      # create_ordered_resource!
-      # Creates a resource hash from a resource declaration found in a `before`, `after`, `require`, or `notify` parameter
-      # @param order_key Either 'before', 'after', `notify`, or `require`
-      # @param container Either the before hash, the notify hash, the require hash or the after hash.
-      # The container is modified in place.
-      # @param res_data Resource data from the real_resources hash
-      def create_ordered_resource!(order_key, container, res_data)
-        res_data.each do |_, data|
-          next unless data.key?(order_key)
-
-          data[order_key].each do |title, params|
-            container[params['type']] = {} unless container.key?(params['type'])
-            container[params['type']][title] = params.reject { |k, _| k == 'type' }
-          end
-        end
-      end
-
-      # mutate_ordering_params!
-      # This takes the Hiera resource declarations in a `before` or `after` param and transforms
-      # them into and array of Puppet resource references. Puppet resource references take the
-      # form: Resource::Type['<resource title'].
-      # @param resources Output from real_resources()
-      def mutate_ordering_params!(resources)
-        resources.each do |res_type, res_data|
-          %w[before notify after require].each do |order_key|
-            res_data.each do |res_title, params|
-              next unless params.key?(order_key)
-
-              references = []
-              params[order_key].each do |k, v|
-                references << resource_reference(v['type'], k)
-              end
-              resources[res_type][res_title][order_key] = references
-            end
-          end
-        end
-      end
-
-      # resource_reference
-      # Returns a Puppet resource reference string
-      # @param res_type A Puppet resource type
-      # @param title A Puppet resource title
-      def resource_reference(res_type, title)
-        type_ref = res_type.split('::').map(&:capitalize).join('::')
-        "#{type_ref}[#{title}]"
-      end
-
-      # find_control_customization
-      # Finds any control parameter customizations passed in via control_configs
-      # @param name The control name (or other valid permutation)
-      # @param control_configs The $control_configs parameter from cis.pp
-      # @param name_map: The array of valid permutation of name
-      # @return A hash of customized parameters. If none were found, nil
-      def find_control_customization(name, name_map, control_configs)
-        return {} if control_configs.empty?
-
-        mapped_key(control_configs, name, name_map)
-      end
-
-      # map_for_control_name
-      # Returns a hash of all valid permutations of the given control id
-      # @param name The control name or other valid permutation
-      # @param maps All maps
-      def map_for_control_name(name, maps)
-        maps.each do |map|
-          return map if map&.fetch(name, false) # returns the map if fetch returns false
-        end
-        nil
-      end
-
-      # mapped_key
-      # Finds an item in the given hash that matches one of the values in name_map
-      # @param hsh The hash to search i.e the custom config hash
-      # @param name The name of the current control that we're looking to see if it has any custom configs
-      # @param name_map An array name for valid control permutations
-      # @return The value from the hash if found, or nil
-      def mapped_key(hsh, name, name_map)
-        return hsh[name] if hsh&.fetch(name, false)
-
-        name_map.each do |pkey|
-          return hsh[pkey] if hsh&.fetch(pkey, false)
-        end
-        nil
-      end
-
+    def self.create_resources(resources_hash, control_maps, only, ignore, control_configs)
+      unfrozen_resources = Marshal.load(Marshal.dump(resources_hash))
+      AbideDataProcessor::Parser.parse(unfrozen_resources, control_maps, only, ignore, control_configs)
     end
   end
 end

data/lib/abide-data-processor/version.rb

@@ -1,3 +1,3 @@
 module AbideDataProcessor
-  VERSION = "0.3.0"
+  VERSION = "1.0.0"
 end

metadata

@@ -1,29 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: abide-data-processor
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 1.0.0
 platform: ruby
 authors:
 - abide-team
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-11-30 00:00:00.000000000 Z
+date: 2022-01-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: puppet
+  name: deep_merge
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.23'
+        version: '1.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: rgl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.23'
+        version: '0.5'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -241,6 +255,7 @@ files:
 - bin/setup
 - lib/abide-data-processor.rb
 - lib/abide-data-processor/logger.rb
+- lib/abide-data-processor/parser.rb
 - lib/abide-data-processor/processor.rb
 - lib/abide-data-processor/version.rb
 homepage: https://github.com/puppetlabs/abide-data-processor