abide_dev_utils 0.17.2 → 0.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yaml +52 -0
- data/Gemfile.lock +14 -6
- data/Rakefile +22 -20
- data/abide_dev_utils.gemspec +2 -3
- data/lib/abide_dev_utils/cli/abstract.rb +18 -1
- data/lib/abide_dev_utils/cli/comply.rb +5 -2
- data/lib/abide_dev_utils/cli/{cem.rb → sce.rb} +38 -35
- data/lib/abide_dev_utils/cli/test.rb +20 -9
- data/lib/abide_dev_utils/cli/xccdf.rb +9 -5
- data/lib/abide_dev_utils/cli.rb +5 -4
- data/lib/abide_dev_utils/comply.rb +7 -9
- data/lib/abide_dev_utils/errors.rb +1 -1
- data/lib/abide_dev_utils/{cem → sce}/benchmark.rb +43 -43
- data/lib/abide_dev_utils/{cem → sce}/generate/coverage_report.rb +15 -12
- data/lib/abide_dev_utils/{cem → sce}/generate/reference.rb +16 -14
- data/lib/abide_dev_utils/sce/generate.rb +11 -0
- data/lib/abide_dev_utils/{cem → sce}/hiera_data/mapping_data/map_data.rb +1 -1
- data/lib/abide_dev_utils/{cem → sce}/hiera_data/mapping_data/mixins.rb +1 -1
- data/lib/abide_dev_utils/{cem → sce}/hiera_data/mapping_data.rb +12 -9
- data/lib/abide_dev_utils/{cem → sce}/hiera_data/resource_data/control.rb +7 -7
- data/lib/abide_dev_utils/{cem → sce}/hiera_data/resource_data/parameters.rb +3 -3
- data/lib/abide_dev_utils/{cem → sce}/hiera_data/resource_data/resource.rb +11 -11
- data/lib/abide_dev_utils/{cem → sce}/hiera_data/resource_data.rb +11 -10
- data/lib/abide_dev_utils/{cem → sce}/hiera_data.rb +1 -1
- data/lib/abide_dev_utils/{cem → sce}/mapping/mapper.rb +12 -9
- data/lib/abide_dev_utils/{cem → sce}/validate/resource_data.rb +3 -3
- data/lib/abide_dev_utils/{cem → sce}/validate/strings/base_validator.rb +1 -1
- data/lib/abide_dev_utils/{cem → sce}/validate/strings/puppet_class_validator.rb +4 -3
- data/lib/abide_dev_utils/{cem → sce}/validate/strings/puppet_defined_type_validator.rb +1 -1
- data/lib/abide_dev_utils/{cem → sce}/validate/strings/validation_finding.rb +1 -1
- data/lib/abide_dev_utils/{cem → sce}/validate/strings.rb +2 -2
- data/lib/abide_dev_utils/{cem → sce}/validate.rb +2 -2
- data/lib/abide_dev_utils/{cem.rb → sce.rb} +6 -6
- data/lib/abide_dev_utils/version.rb +1 -1
- data/lib/abide_dev_utils/xccdf.rb +10 -10
- data/lib/abide_dev_utils.rb +7 -6
- metadata +42 -26
- data/lib/abide_dev_utils/cem/generate.rb +0 -11
- /data/lib/abide_dev_utils/errors/{cem.rb → sce.rb} +0 -0
|
@@ -7,7 +7,7 @@ require_relative '../ppt'
|
|
|
7
7
|
require_relative 'mapping/mapper'
|
|
8
8
|
|
|
9
9
|
module AbideDevUtils
|
|
10
|
-
module
|
|
10
|
+
module Sce
|
|
11
11
|
# Represents a resource data resource statement
|
|
12
12
|
class Resource
|
|
13
13
|
attr_reader :title, :type
|
|
@@ -42,20 +42,20 @@ module AbideDevUtils
|
|
|
42
42
|
@controls || load_controls
|
|
43
43
|
end
|
|
44
44
|
|
|
45
|
-
def
|
|
46
|
-
!
|
|
45
|
+
def sce_options?
|
|
46
|
+
!sce_options.empty?
|
|
47
47
|
end
|
|
48
48
|
|
|
49
|
-
def
|
|
50
|
-
@
|
|
49
|
+
def sce_options
|
|
50
|
+
@sce_options ||= resource_properties('sce_options')
|
|
51
51
|
end
|
|
52
52
|
|
|
53
|
-
def
|
|
54
|
-
!
|
|
53
|
+
def sce_protected?
|
|
54
|
+
!sce_protected.empty?
|
|
55
55
|
end
|
|
56
56
|
|
|
57
|
-
def
|
|
58
|
-
@
|
|
57
|
+
def sce_protected
|
|
58
|
+
@sce_protected ||= resource_properties('sce_protected')
|
|
59
59
|
end
|
|
60
60
|
|
|
61
61
|
def dependent_controls
|
|
@@ -161,11 +161,11 @@ module AbideDevUtils
|
|
|
161
161
|
end
|
|
162
162
|
|
|
163
163
|
def params?
|
|
164
|
-
!(params.nil? || params.empty? || params == 'no_params') || (resource.
|
|
164
|
+
!(params.nil? || params.empty? || params == 'no_params') || (resource.sce_options? || resource.sce_protected?)
|
|
165
165
|
end
|
|
166
166
|
|
|
167
167
|
def resource_properties?
|
|
168
|
-
resource.
|
|
168
|
+
resource.sce_options? || resource.sce_protected?
|
|
169
169
|
end
|
|
170
170
|
|
|
171
171
|
def param_hashes
|
|
@@ -211,19 +211,19 @@ module AbideDevUtils
|
|
|
211
211
|
end
|
|
212
212
|
|
|
213
213
|
def valid_maps?
|
|
214
|
-
valid = AbideDevUtils::
|
|
214
|
+
valid = AbideDevUtils::Sce::Mapping::FRAMEWORK_TYPES[framework].each_with_object([]) do |mtype, arr|
|
|
215
215
|
arr << if @mapper.map_type(id) == mtype
|
|
216
216
|
id
|
|
217
217
|
else
|
|
218
218
|
@mapper.get(id).find { |x| @mapper.map_type(x) == mtype }
|
|
219
219
|
end
|
|
220
220
|
end
|
|
221
|
-
valid.compact.length == AbideDevUtils::
|
|
221
|
+
valid.compact.length == AbideDevUtils::Sce::Mapping::FRAMEWORK_TYPES[framework].length
|
|
222
222
|
end
|
|
223
223
|
|
|
224
224
|
def method_missing(meth, *args, &block)
|
|
225
225
|
meth_s = meth.to_s
|
|
226
|
-
if AbideDevUtils::
|
|
226
|
+
if AbideDevUtils::Sce::Mapping::ALL_TYPES.include?(meth_s)
|
|
227
227
|
@mapper.get(id).find { |x| @mapper.map_type(x) == meth_s }
|
|
228
228
|
else
|
|
229
229
|
super
|
|
@@ -231,7 +231,7 @@ module AbideDevUtils
|
|
|
231
231
|
end
|
|
232
232
|
|
|
233
233
|
def respond_to_missing?(meth, include_private = false)
|
|
234
|
-
AbideDevUtils::
|
|
234
|
+
AbideDevUtils::Sce::Mapping::ALL_TYPES.include?(meth.to_s) || super
|
|
235
235
|
end
|
|
236
236
|
|
|
237
237
|
def to_h
|
|
@@ -242,7 +242,7 @@ module AbideDevUtils
|
|
|
242
242
|
levels: levels,
|
|
243
243
|
profiles: profiles,
|
|
244
244
|
params: param_hashes,
|
|
245
|
-
resource: resource.to_stubbed_h
|
|
245
|
+
resource: resource.to_stubbed_h
|
|
246
246
|
}
|
|
247
247
|
end
|
|
248
248
|
|
|
@@ -260,7 +260,7 @@ module AbideDevUtils
|
|
|
260
260
|
|
|
261
261
|
def validate_id_with_framework(id, framework, mapper)
|
|
262
262
|
mtype = mapper.map_type(id)
|
|
263
|
-
return if AbideDevUtils::
|
|
263
|
+
return if AbideDevUtils::Sce::Mapping::FRAMEWORK_TYPES[framework].include?(mtype)
|
|
264
264
|
|
|
265
265
|
raise AbideDevUtils::Errors::ControlIdFrameworkMismatchError, [id, mtype, framework]
|
|
266
266
|
end
|
|
@@ -312,25 +312,35 @@ module AbideDevUtils
|
|
|
312
312
|
|
|
313
313
|
# Repesents a benchmark based on resource and mapping data
|
|
314
314
|
class Benchmark
|
|
315
|
-
attr_reader :osname, :major_version, :os_facts, :osfamily, :hiera_conf, :module_name, :framework
|
|
315
|
+
attr_reader :osname, :major_version, :os_facts, :osfamily, :hiera_conf, :module_name, :framework, :mapper,
|
|
316
|
+
:resource_data, :resources, :controls
|
|
317
|
+
|
|
318
|
+
alias rules controls
|
|
316
319
|
|
|
317
320
|
def initialize(osname, major_version, hiera_conf, module_name, framework: 'cis')
|
|
318
321
|
@osname = osname
|
|
319
322
|
@major_version = major_version
|
|
320
323
|
@os_facts = AbideDevUtils::Ppt::FacterUtils::FactSets.new.find_by_fact_value_tuples(['os.name', @osname],
|
|
321
|
-
['os.release.major',
|
|
324
|
+
['os.release.major',
|
|
325
|
+
@major_version])
|
|
322
326
|
@osfamily = @os_facts['os']['family']
|
|
323
327
|
@hiera_conf = hiera_conf
|
|
324
328
|
@module_name = module_name
|
|
325
329
|
@framework = framework
|
|
326
330
|
@map_cache = {}
|
|
327
331
|
@rules_in_map = {}
|
|
332
|
+
@mapper = AbideDevUtils::Sce::Mapping::Mapper.new(@module_name, @framework, load_mapping_data)
|
|
333
|
+
@resource_data = load_resource_data
|
|
334
|
+
@resources = @resource_data["#{module_name}::resources"].each_with_object([]) do |(rtitle, rdata), arr|
|
|
335
|
+
arr << Resource.new(rtitle, rdata, framework, mapper)
|
|
336
|
+
end
|
|
337
|
+
@controls = resources.map(&:controls).flatten.sort
|
|
328
338
|
end
|
|
329
339
|
|
|
330
340
|
# Creates Benchmark objects from a Puppet module
|
|
331
341
|
# @param pupmod [AbideDevUtils::Ppt::PuppetModule] A PuppetModule instance
|
|
332
342
|
# @param skip_errors [Boolean] True skips errors and loads non-erroring benchmarks, false raises the error.
|
|
333
|
-
# @return [Array<AbideDevUtils::
|
|
343
|
+
# @return [Array<AbideDevUtils::Sce::Benchmark>] Array of Benchmark instances
|
|
334
344
|
def self.benchmarks_from_puppet_module(pupmod, ignore_all_errors: false, ignore_framework_mismatch: true)
|
|
335
345
|
frameworks = pupmod.hiera_conf.local_hiera_files(hierarchy_name: 'Mapping Data').each_with_object([]) do |hf, ary|
|
|
336
346
|
parts = hf.path.split(pupmod.hiera_conf.default_datadir)[-1].split('/')
|
|
@@ -372,28 +382,10 @@ module AbideDevUtils
|
|
|
372
382
|
end
|
|
373
383
|
end
|
|
374
384
|
|
|
375
|
-
def resources
|
|
376
|
-
@resources ||= resource_data["#{module_name}::resources"].each_with_object([]) do |(rtitle, rdata), arr|
|
|
377
|
-
arr << Resource.new(rtitle, rdata, framework, mapper)
|
|
378
|
-
end
|
|
379
|
-
end
|
|
380
|
-
|
|
381
|
-
def controls
|
|
382
|
-
@controls ||= resources.map(&:controls).flatten.sort
|
|
383
|
-
end
|
|
384
|
-
|
|
385
|
-
def mapper
|
|
386
|
-
@mapper ||= AbideDevUtils::CEM::Mapping::Mapper.new(module_name, framework, load_mapping_data)
|
|
387
|
-
end
|
|
388
|
-
|
|
389
385
|
def map_data
|
|
390
386
|
mapper.map_data
|
|
391
387
|
end
|
|
392
388
|
|
|
393
|
-
def resource_data
|
|
394
|
-
@resource_data ||= load_resource_data
|
|
395
|
-
end
|
|
396
|
-
|
|
397
389
|
def title
|
|
398
390
|
mapper.title
|
|
399
391
|
end
|
|
@@ -438,23 +430,31 @@ module AbideDevUtils
|
|
|
438
430
|
mapper.map_type(control_id)
|
|
439
431
|
end
|
|
440
432
|
|
|
433
|
+
def to_s
|
|
434
|
+
title
|
|
435
|
+
end
|
|
436
|
+
|
|
437
|
+
def inspect
|
|
438
|
+
"#<#{self.class.name}:#{object_id} title: #{title}, version: #{version}, module_name: #{module_name}, framework: #{framework}>"
|
|
439
|
+
end
|
|
440
|
+
|
|
441
441
|
private
|
|
442
442
|
|
|
443
443
|
def load_mapping_data
|
|
444
444
|
files = case module_name
|
|
445
445
|
when /_windows$/
|
|
446
|
-
|
|
446
|
+
sce_windows_mapping_files
|
|
447
447
|
when /_linux$/
|
|
448
|
-
|
|
448
|
+
sce_linux_mapping_files
|
|
449
449
|
else
|
|
450
|
-
raise "Module name '#{module_name}' is not a
|
|
450
|
+
raise "Module name '#{module_name}' is not a SCE module"
|
|
451
451
|
end
|
|
452
452
|
validate_mapping_files_framework(files).each_with_object({}) do |f, h|
|
|
453
453
|
h[File.basename(f.path, '.yaml')] = YAML.load_file(f.path)
|
|
454
454
|
end
|
|
455
455
|
end
|
|
456
456
|
|
|
457
|
-
def
|
|
457
|
+
def sce_linux_mapping_files
|
|
458
458
|
facts = [['os.name', osname], ['os.release.major', major_version]]
|
|
459
459
|
mapping_files = hiera_conf.local_hiera_files_with_facts(*facts, hierarchy_name: 'Mapping Data')
|
|
460
460
|
raise AbideDevUtils::Errors::MappingFilesNotFoundError, facts if mapping_files.nil? || mapping_files.empty?
|
|
@@ -462,7 +462,7 @@ module AbideDevUtils
|
|
|
462
462
|
mapping_files
|
|
463
463
|
end
|
|
464
464
|
|
|
465
|
-
def
|
|
465
|
+
def sce_windows_mapping_files
|
|
466
466
|
facts = ['os.release.major', major_version]
|
|
467
467
|
mapping_files = hiera_conf.local_hiera_files_with_fact(facts[0], facts[1], hierarchy_name: 'Mapping Data')
|
|
468
468
|
raise AbideDevUtils::Errors::MappingFilesNotFoundError, facts if mapping_files.nil? || mapping_files.empty?
|
|
@@ -6,18 +6,18 @@ require 'pathname'
|
|
|
6
6
|
require 'yaml'
|
|
7
7
|
require 'abide_dev_utils/ppt'
|
|
8
8
|
require 'abide_dev_utils/validate'
|
|
9
|
-
require 'abide_dev_utils/
|
|
9
|
+
require 'abide_dev_utils/sce/benchmark'
|
|
10
10
|
|
|
11
11
|
module AbideDevUtils
|
|
12
|
-
module
|
|
12
|
+
module Sce
|
|
13
13
|
module Generate
|
|
14
|
-
# Methods and objects used to construct a report of what
|
|
14
|
+
# Methods and objects used to construct a report of what SCE enforces versus what
|
|
15
15
|
# the various compliance frameworks expect to be enforced.
|
|
16
16
|
module CoverageReport
|
|
17
17
|
def self.generate(format_func: :to_h, opts: {})
|
|
18
18
|
opts = ReportOptions.new(opts)
|
|
19
19
|
pupmod = AbideDevUtils::Ppt::PuppetModule.new
|
|
20
|
-
benchmarks = AbideDevUtils::
|
|
20
|
+
benchmarks = AbideDevUtils::Sce::Benchmark.benchmarks_from_puppet_module(pupmod,
|
|
21
21
|
ignore_all_errors: opts.ignore_all_errors)
|
|
22
22
|
benchmarks.map do |b|
|
|
23
23
|
BenchmarkReport.new(b, opts).run.send(format_func)
|
|
@@ -31,7 +31,7 @@ module AbideDevUtils
|
|
|
31
31
|
level: nil,
|
|
32
32
|
format_func: :to_h,
|
|
33
33
|
ignore_all_errors: false,
|
|
34
|
-
xccdf_dir: nil
|
|
34
|
+
xccdf_dir: nil
|
|
35
35
|
}.freeze
|
|
36
36
|
|
|
37
37
|
attr_reader(*DEFAULTS.keys)
|
|
@@ -52,7 +52,7 @@ module AbideDevUtils
|
|
|
52
52
|
KEY_FACT_MAP = {
|
|
53
53
|
os_family: 'os.family',
|
|
54
54
|
os_name: 'os.name',
|
|
55
|
-
os_release_major: 'os.release.major'
|
|
55
|
+
os_release_major: 'os.release.major'
|
|
56
56
|
}.freeze
|
|
57
57
|
|
|
58
58
|
attr_reader(*KEY_FACT_MAP.keys)
|
|
@@ -89,11 +89,14 @@ module AbideDevUtils
|
|
|
89
89
|
def find_mapping_data
|
|
90
90
|
fact_array = fact_array_for(:os_name, :os_release_major)
|
|
91
91
|
begin
|
|
92
|
-
data_array = @pupmod.hiera_conf.local_hiera_files_with_facts(*fact_array,
|
|
92
|
+
data_array = @pupmod.hiera_conf.local_hiera_files_with_facts(*fact_array,
|
|
93
|
+
hierarchy_name: 'Mapping Data').map do |f|
|
|
93
94
|
YAML.load_file(f.path)
|
|
94
95
|
end
|
|
95
96
|
rescue NoMethodError
|
|
96
|
-
data_array = @pupmod.hiera_conf.local_hiera_files(hierarchy_name: 'Mapping Data').map
|
|
97
|
+
data_array = @pupmod.hiera_conf.local_hiera_files(hierarchy_name: 'Mapping Data').map do |f|
|
|
98
|
+
YAML.load_file(f.path)
|
|
99
|
+
end
|
|
97
100
|
end
|
|
98
101
|
filter_mapping_data_array_by_benchmark!(data_array)
|
|
99
102
|
filter_mapping_data_array_by_profile!(data_array)
|
|
@@ -268,7 +271,7 @@ module AbideDevUtils
|
|
|
268
271
|
title: title,
|
|
269
272
|
timestamp: timestamp,
|
|
270
273
|
benchmark: benchmark_hash,
|
|
271
|
-
coverage: coverage_hash
|
|
274
|
+
coverage: coverage_hash
|
|
272
275
|
}
|
|
273
276
|
end
|
|
274
277
|
|
|
@@ -284,7 +287,7 @@ module AbideDevUtils
|
|
|
284
287
|
{
|
|
285
288
|
title: @benchmark.title,
|
|
286
289
|
version: @benchmark.version,
|
|
287
|
-
framework: @benchmark.framework
|
|
290
|
+
framework: @benchmark.framework
|
|
288
291
|
}
|
|
289
292
|
end
|
|
290
293
|
|
|
@@ -297,7 +300,7 @@ module AbideDevUtils
|
|
|
297
300
|
covered: covered,
|
|
298
301
|
percentage: percentage,
|
|
299
302
|
controls_in_resource_data: controls_in_resource_data,
|
|
300
|
-
rules_in_map: rules_in_map
|
|
303
|
+
rules_in_map: rules_in_map
|
|
301
304
|
}
|
|
302
305
|
end
|
|
303
306
|
end
|
|
@@ -334,7 +337,7 @@ module AbideDevUtils
|
|
|
334
337
|
private
|
|
335
338
|
|
|
336
339
|
def find_controls_in_resource_data
|
|
337
|
-
controls = @benchmark.resource_data["#{@benchmark.module_name}::resources"].each_with_object([]) do |(
|
|
340
|
+
controls = @benchmark.resource_data["#{@benchmark.module_name}::resources"].each_with_object([]) do |(_rname, rval), arr|
|
|
338
341
|
arr << case rval['controls'].class.to_s
|
|
339
342
|
when 'Hash'
|
|
340
343
|
rval['controls'].keys
|
|
@@ -9,10 +9,10 @@ require 'yaml'
|
|
|
9
9
|
require 'abide_dev_utils/markdown'
|
|
10
10
|
require 'abide_dev_utils/output'
|
|
11
11
|
require 'abide_dev_utils/ppt'
|
|
12
|
-
require 'abide_dev_utils/
|
|
12
|
+
require 'abide_dev_utils/sce/benchmark'
|
|
13
13
|
|
|
14
14
|
module AbideDevUtils
|
|
15
|
-
module
|
|
15
|
+
module Sce
|
|
16
16
|
module Generate
|
|
17
17
|
# Holds objects and methods for generating a reference doc
|
|
18
18
|
module Reference
|
|
@@ -22,14 +22,14 @@ module AbideDevUtils
|
|
|
22
22
|
def self.generate(data = {})
|
|
23
23
|
pupmod = AbideDevUtils::Ppt::PuppetModule.new
|
|
24
24
|
doc_title = case pupmod.name
|
|
25
|
-
when 'puppetlabs-
|
|
26
|
-
'
|
|
27
|
-
when 'puppetlabs-
|
|
28
|
-
'
|
|
25
|
+
when 'puppetlabs-sce_linux'
|
|
26
|
+
'SCE for Linux Reference'
|
|
27
|
+
when 'puppetlabs-sce_windows'
|
|
28
|
+
'SCE for Windows Reference'
|
|
29
29
|
else
|
|
30
30
|
'Reference'
|
|
31
31
|
end
|
|
32
|
-
benchmarks = AbideDevUtils::
|
|
32
|
+
benchmarks = AbideDevUtils::Sce::Benchmark.benchmarks_from_puppet_module(pupmod)
|
|
33
33
|
case data.fetch(:format, 'markdown')
|
|
34
34
|
when 'markdown'
|
|
35
35
|
file = data[:out_file] || 'REFERENCE.md'
|
|
@@ -44,7 +44,7 @@ module AbideDevUtils
|
|
|
44
44
|
end
|
|
45
45
|
|
|
46
46
|
def self.config_example(control, params_array)
|
|
47
|
-
out_str = ['
|
|
47
|
+
out_str = ['sce_windows::config:', ' control_configs:', " \"#{control}\":"]
|
|
48
48
|
indent = ' '
|
|
49
49
|
params_array.each do |param_hash|
|
|
50
50
|
val = case param_hash[:type]
|
|
@@ -61,7 +61,7 @@ module AbideDevUtils
|
|
|
61
61
|
|
|
62
62
|
# Generates a markdown reference doc
|
|
63
63
|
class MarkdownGenerator
|
|
64
|
-
SPECIAL_CONTROL_IDS = %w[dependent
|
|
64
|
+
SPECIAL_CONTROL_IDS = %w[dependent sce_options sce_protected].freeze
|
|
65
65
|
|
|
66
66
|
def initialize(benchmarks, module_name, file: 'REFERENCE.md', opts: {})
|
|
67
67
|
@benchmarks = benchmarks
|
|
@@ -194,7 +194,7 @@ module AbideDevUtils
|
|
|
194
194
|
providers: providers,
|
|
195
195
|
puppet_functions: puppet_functions,
|
|
196
196
|
puppet_tasks: puppet_tasks,
|
|
197
|
-
puppet_plans: puppet_plans
|
|
197
|
+
puppet_plans: puppet_plans
|
|
198
198
|
}
|
|
199
199
|
end
|
|
200
200
|
|
|
@@ -312,7 +312,7 @@ module AbideDevUtils
|
|
|
312
312
|
end
|
|
313
313
|
|
|
314
314
|
def control_has_valid_params?
|
|
315
|
-
return true if @control.params? || @control.resource.
|
|
315
|
+
return true if @control.params? || @control.resource.sce_options? || @control.resource.sce_protected?
|
|
316
316
|
return true if @control.resource.manifest? && @control.resource.manifest.declaration.parameters?
|
|
317
317
|
|
|
318
318
|
false
|
|
@@ -326,7 +326,8 @@ module AbideDevUtils
|
|
|
326
326
|
|
|
327
327
|
def param_type_expr(ctrl_param, rsrc_param)
|
|
328
328
|
@control_data[ctrl_param[:name]] = {} unless @control_data.key?(ctrl_param[:name])
|
|
329
|
-
@control_data[ctrl_param[:name]][:type_expr] =
|
|
329
|
+
@control_data[ctrl_param[:name]][:type_expr] =
|
|
330
|
+
rsrc_param&.type_expr? ? rsrc_param&.type_expr : ctrl_param[:type]
|
|
330
331
|
return unless @control_data[ctrl_param[:name]][:type_expr]
|
|
331
332
|
|
|
332
333
|
" - [ #{@md.code(@control_data[ctrl_param[:name]][:type_expr])} ]"
|
|
@@ -365,7 +366,7 @@ module AbideDevUtils
|
|
|
365
366
|
return unless control_has_valid_params?
|
|
366
367
|
|
|
367
368
|
@md.add_ul('Parameters:')
|
|
368
|
-
[@control.param_hashes, @control.resource.
|
|
369
|
+
[@control.param_hashes, @control.resource.sce_options, @control.resource.sce_protected].each do |collection|
|
|
369
370
|
collection.each do |hsh|
|
|
370
371
|
rparam = resource_param(hsh)
|
|
371
372
|
str_array = [@md.code(hsh[:name]), param_type_expr(hsh, rparam), param_default_value(hsh, rparam)]
|
|
@@ -473,7 +474,8 @@ module AbideDevUtils
|
|
|
473
474
|
@md.add_ul('Hiera Configuration Example:')
|
|
474
475
|
@md.add_code_block(out_str.join("\n"), language: 'yaml')
|
|
475
476
|
rescue StandardError => e
|
|
476
|
-
require 'pry'
|
|
477
|
+
require 'pry'
|
|
478
|
+
binding.pry
|
|
477
479
|
err_msg = [
|
|
478
480
|
"Failed to generate config example for control #{@control.id}",
|
|
479
481
|
"Error: #{e.message}",
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'abide_dev_utils/sce/generate/reference'
|
|
4
|
+
require 'abide_dev_utils/sce/generate/coverage_report'
|
|
5
|
+
|
|
6
|
+
module AbideDevUtils
|
|
7
|
+
module Sce
|
|
8
|
+
# Namespace for objects and methods used in `abide sce generate` subcommands
|
|
9
|
+
module Generate; end
|
|
10
|
+
end
|
|
11
|
+
end
|
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require 'abide_dev_utils/
|
|
4
|
-
require 'abide_dev_utils/
|
|
3
|
+
require 'abide_dev_utils/sce/hiera_data/mapping_data/map_data'
|
|
4
|
+
require 'abide_dev_utils/sce/hiera_data/mapping_data/mixins'
|
|
5
5
|
|
|
6
6
|
module AbideDevUtils
|
|
7
|
-
module
|
|
7
|
+
module Sce
|
|
8
8
|
module HieraData
|
|
9
9
|
module MappingData
|
|
10
10
|
ALL_TYPES = %w[hiera_title_num number hiera_title vulnid title].freeze
|
|
11
11
|
FRAMEWORK_TYPES = {
|
|
12
12
|
'cis' => %w[hiera_title_num number hiera_title title],
|
|
13
|
-
'stig' => %w[hiera_title_num number hiera_title vulnid title]
|
|
13
|
+
'stig' => %w[hiera_title_num number hiera_title vulnid title]
|
|
14
14
|
}.freeze
|
|
15
15
|
CIS_TYPES = %w[hiera_title_num number hiera_title title].freeze
|
|
16
16
|
STIG_TYPES = %w[hiera_title_num number hiera_title vulnid title].freeze
|
|
@@ -78,11 +78,11 @@ module AbideDevUtils
|
|
|
78
78
|
def load_framework(framework)
|
|
79
79
|
case framework.downcase
|
|
80
80
|
when 'cis'
|
|
81
|
-
self.class.include AbideDevUtils::
|
|
82
|
-
extend AbideDevUtils::
|
|
81
|
+
self.class.include AbideDevUtils::Sce::HieraData::MappingData::MixinCIS
|
|
82
|
+
extend AbideDevUtils::Sce::HieraData::MappingData::MixinCIS
|
|
83
83
|
when 'stig'
|
|
84
|
-
self.class.include AbideDevUtils::
|
|
85
|
-
extend AbideDevUtils::
|
|
84
|
+
self.class.include AbideDevUtils::Sce::HieraData::MappingData::MixinSTIG
|
|
85
|
+
extend AbideDevUtils::Sce::HieraData::MappingData::MixinSTIG
|
|
86
86
|
else
|
|
87
87
|
raise "Invalid framework: #{framework}"
|
|
88
88
|
end
|
|
@@ -90,7 +90,10 @@ module AbideDevUtils
|
|
|
90
90
|
|
|
91
91
|
def map_data_by_type(map_type)
|
|
92
92
|
found_map_data = map_data.find { |x| x.type == map_type }
|
|
93
|
-
|
|
93
|
+
unless found_map_data
|
|
94
|
+
raise "Failed to find map data with type #{map_type}; Meta: #{{ framework: framework,
|
|
95
|
+
module_name: module_name }}"
|
|
96
|
+
end
|
|
94
97
|
|
|
95
98
|
found_map_data
|
|
96
99
|
end
|
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
require 'abide_dev_utils/dot_number_comparable'
|
|
4
4
|
require 'abide_dev_utils/errors'
|
|
5
|
-
require 'abide_dev_utils/
|
|
6
|
-
require 'abide_dev_utils/
|
|
5
|
+
require 'abide_dev_utils/sce/hiera_data/mapping_data'
|
|
6
|
+
require 'abide_dev_utils/sce/hiera_data/resource_data/parameters'
|
|
7
7
|
|
|
8
8
|
module AbideDevUtils
|
|
9
|
-
module
|
|
9
|
+
module Sce
|
|
10
10
|
module HieraData
|
|
11
11
|
module ResourceData
|
|
12
12
|
# Represents a singular rule in a benchmark
|
|
@@ -58,7 +58,7 @@ module AbideDevUtils
|
|
|
58
58
|
|
|
59
59
|
def method_missing(meth, *args, &block)
|
|
60
60
|
meth_s = meth.to_s
|
|
61
|
-
if AbideDevUtils::
|
|
61
|
+
if AbideDevUtils::Sce::HieraData::MappingData::ALL_TYPES.include?(meth_s)
|
|
62
62
|
@mapper.get(id).find { |x| @mapper.map_type(x) == meth_s }
|
|
63
63
|
else
|
|
64
64
|
super
|
|
@@ -66,7 +66,7 @@ module AbideDevUtils
|
|
|
66
66
|
end
|
|
67
67
|
|
|
68
68
|
def respond_to_missing?(meth, include_private = false)
|
|
69
|
-
AbideDevUtils::
|
|
69
|
+
AbideDevUtils::Sce::HieraData::MappingData::ALL_TYPES.include?(meth.to_s) || super
|
|
70
70
|
end
|
|
71
71
|
|
|
72
72
|
def to_h
|
|
@@ -76,7 +76,7 @@ module AbideDevUtils
|
|
|
76
76
|
alternate_ids: alternate_ids,
|
|
77
77
|
levels: levels,
|
|
78
78
|
profiles: profiles,
|
|
79
|
-
resource: resource
|
|
79
|
+
resource: resource
|
|
80
80
|
}.merge(parameters.to_h)
|
|
81
81
|
end
|
|
82
82
|
|
|
@@ -94,7 +94,7 @@ module AbideDevUtils
|
|
|
94
94
|
|
|
95
95
|
def validate_id_with_framework(id, framework, mapper)
|
|
96
96
|
mtype = mapper.map_type(id)
|
|
97
|
-
return if AbideDevUtils::
|
|
97
|
+
return if AbideDevUtils::Sce::HieraData::MappingData::FRAMEWORK_TYPES[framework].include?(mtype)
|
|
98
98
|
|
|
99
99
|
raise AbideDevUtils::Errors::ControlIdFrameworkMismatchError, [id, mtype, framework]
|
|
100
100
|
end
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
require 'set'
|
|
4
4
|
|
|
5
5
|
module AbideDevUtils
|
|
6
|
-
module
|
|
6
|
+
module Sce
|
|
7
7
|
module HieraData
|
|
8
8
|
module ResourceData
|
|
9
9
|
class Parameters
|
|
@@ -40,7 +40,7 @@ module AbideDevUtils
|
|
|
40
40
|
collection.each_with_object({}) do |(param, param_val), hsh|
|
|
41
41
|
hsh[param] = {
|
|
42
42
|
raw_value: param_val,
|
|
43
|
-
display_value: param_display(param, param_val)
|
|
43
|
+
display_value: param_display(param, param_val)
|
|
44
44
|
}
|
|
45
45
|
end
|
|
46
46
|
end
|
|
@@ -49,7 +49,7 @@ module AbideDevUtils
|
|
|
49
49
|
{
|
|
50
50
|
name: param,
|
|
51
51
|
type: ruby_class_to_puppet_type(param_val.class.to_s),
|
|
52
|
-
default: param_val
|
|
52
|
+
default: param_val
|
|
53
53
|
}
|
|
54
54
|
end
|
|
55
55
|
|
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
require 'set'
|
|
4
4
|
require 'abide_dev_utils/errors'
|
|
5
|
-
require 'abide_dev_utils/
|
|
6
|
-
require 'abide_dev_utils/
|
|
5
|
+
require 'abide_dev_utils/sce/hiera_data/resource_data/control'
|
|
6
|
+
require 'abide_dev_utils/sce/hiera_data/resource_data/parameters'
|
|
7
7
|
|
|
8
8
|
module AbideDevUtils
|
|
9
|
-
module
|
|
9
|
+
module Sce
|
|
10
10
|
module HieraData
|
|
11
11
|
module ResourceData
|
|
12
12
|
# Represents a resource data resource statement
|
|
@@ -25,21 +25,21 @@ module AbideDevUtils
|
|
|
25
25
|
@controls ||= load_controls
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
def
|
|
29
|
-
@
|
|
28
|
+
def sce_options
|
|
29
|
+
@sce_options ||= Parameters.new(data['sce_options'])
|
|
30
30
|
end
|
|
31
31
|
|
|
32
|
-
def
|
|
33
|
-
@
|
|
32
|
+
def sce_protected
|
|
33
|
+
@sce_protected ||= Parameters.new(data['sce_protected'])
|
|
34
34
|
end
|
|
35
35
|
|
|
36
36
|
def to_stubbed_h
|
|
37
37
|
{
|
|
38
38
|
title: title,
|
|
39
39
|
type: type,
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
reference: to_reference
|
|
40
|
+
sce_options: sce_options.to_h,
|
|
41
|
+
sce_protected: sce_protected.to_h,
|
|
42
|
+
reference: to_reference
|
|
43
43
|
}
|
|
44
44
|
end
|
|
45
45
|
|
|
@@ -51,7 +51,7 @@ module AbideDevUtils
|
|
|
51
51
|
parray = controls.map { |x| x.parameters.to_puppet_code if x.parameters.exist? }.flatten.compact.uniq
|
|
52
52
|
return "#{type} { '#{title}': }" if parray.empty? || parray.all?(&:empty?) || parray.all?("\n")
|
|
53
53
|
|
|
54
|
-
# if title == '
|
|
54
|
+
# if title == 'sce_linux::utils::packages::linux::auditd::time_change'
|
|
55
55
|
# require 'pry'
|
|
56
56
|
# binding.pry
|
|
57
57
|
# end
|