abide_dev_utils 0.17.2 → 0.18.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yaml +52 -0
- data/Gemfile.lock +14 -6
- data/Rakefile +22 -20
- data/abide_dev_utils.gemspec +2 -3
- data/lib/abide_dev_utils/cli/abstract.rb +18 -1
- data/lib/abide_dev_utils/cli/comply.rb +5 -2
- data/lib/abide_dev_utils/cli/{cem.rb → sce.rb} +38 -35
- data/lib/abide_dev_utils/cli/test.rb +20 -9
- data/lib/abide_dev_utils/cli/xccdf.rb +9 -5
- data/lib/abide_dev_utils/cli.rb +5 -4
- data/lib/abide_dev_utils/comply.rb +7 -9
- data/lib/abide_dev_utils/errors.rb +1 -1
- data/lib/abide_dev_utils/{cem → sce}/benchmark.rb +43 -43
- data/lib/abide_dev_utils/{cem → sce}/generate/coverage_report.rb +15 -12
- data/lib/abide_dev_utils/{cem → sce}/generate/reference.rb +16 -14
- data/lib/abide_dev_utils/sce/generate.rb +11 -0
- data/lib/abide_dev_utils/{cem → sce}/hiera_data/mapping_data/map_data.rb +1 -1
- data/lib/abide_dev_utils/{cem → sce}/hiera_data/mapping_data/mixins.rb +1 -1
- data/lib/abide_dev_utils/{cem → sce}/hiera_data/mapping_data.rb +12 -9
- data/lib/abide_dev_utils/{cem → sce}/hiera_data/resource_data/control.rb +7 -7
- data/lib/abide_dev_utils/{cem → sce}/hiera_data/resource_data/parameters.rb +3 -3
- data/lib/abide_dev_utils/{cem → sce}/hiera_data/resource_data/resource.rb +11 -11
- data/lib/abide_dev_utils/{cem → sce}/hiera_data/resource_data.rb +11 -10
- data/lib/abide_dev_utils/{cem → sce}/hiera_data.rb +1 -1
- data/lib/abide_dev_utils/{cem → sce}/mapping/mapper.rb +12 -9
- data/lib/abide_dev_utils/{cem → sce}/validate/resource_data.rb +3 -3
- data/lib/abide_dev_utils/{cem → sce}/validate/strings/base_validator.rb +1 -1
- data/lib/abide_dev_utils/{cem → sce}/validate/strings/puppet_class_validator.rb +4 -3
- data/lib/abide_dev_utils/{cem → sce}/validate/strings/puppet_defined_type_validator.rb +1 -1
- data/lib/abide_dev_utils/{cem → sce}/validate/strings/validation_finding.rb +1 -1
- data/lib/abide_dev_utils/{cem → sce}/validate/strings.rb +2 -2
- data/lib/abide_dev_utils/{cem → sce}/validate.rb +2 -2
- data/lib/abide_dev_utils/{cem.rb → sce.rb} +6 -6
- data/lib/abide_dev_utils/version.rb +1 -1
- data/lib/abide_dev_utils/xccdf.rb +10 -10
- data/lib/abide_dev_utils.rb +7 -6
- metadata +42 -26
- data/lib/abide_dev_utils/cem/generate.rb +0 -11
- /data/lib/abide_dev_utils/errors/{cem.rb → sce.rb} +0 -0
@@ -7,7 +7,7 @@ require_relative '../ppt'
|
|
7
7
|
require_relative 'mapping/mapper'
|
8
8
|
|
9
9
|
module AbideDevUtils
|
10
|
-
module
|
10
|
+
module Sce
|
11
11
|
# Represents a resource data resource statement
|
12
12
|
class Resource
|
13
13
|
attr_reader :title, :type
|
@@ -42,20 +42,20 @@ module AbideDevUtils
|
|
42
42
|
@controls || load_controls
|
43
43
|
end
|
44
44
|
|
45
|
-
def
|
46
|
-
!
|
45
|
+
def sce_options?
|
46
|
+
!sce_options.empty?
|
47
47
|
end
|
48
48
|
|
49
|
-
def
|
50
|
-
@
|
49
|
+
def sce_options
|
50
|
+
@sce_options ||= resource_properties('sce_options')
|
51
51
|
end
|
52
52
|
|
53
|
-
def
|
54
|
-
!
|
53
|
+
def sce_protected?
|
54
|
+
!sce_protected.empty?
|
55
55
|
end
|
56
56
|
|
57
|
-
def
|
58
|
-
@
|
57
|
+
def sce_protected
|
58
|
+
@sce_protected ||= resource_properties('sce_protected')
|
59
59
|
end
|
60
60
|
|
61
61
|
def dependent_controls
|
@@ -161,11 +161,11 @@ module AbideDevUtils
|
|
161
161
|
end
|
162
162
|
|
163
163
|
def params?
|
164
|
-
!(params.nil? || params.empty? || params == 'no_params') || (resource.
|
164
|
+
!(params.nil? || params.empty? || params == 'no_params') || (resource.sce_options? || resource.sce_protected?)
|
165
165
|
end
|
166
166
|
|
167
167
|
def resource_properties?
|
168
|
-
resource.
|
168
|
+
resource.sce_options? || resource.sce_protected?
|
169
169
|
end
|
170
170
|
|
171
171
|
def param_hashes
|
@@ -211,19 +211,19 @@ module AbideDevUtils
|
|
211
211
|
end
|
212
212
|
|
213
213
|
def valid_maps?
|
214
|
-
valid = AbideDevUtils::
|
214
|
+
valid = AbideDevUtils::Sce::Mapping::FRAMEWORK_TYPES[framework].each_with_object([]) do |mtype, arr|
|
215
215
|
arr << if @mapper.map_type(id) == mtype
|
216
216
|
id
|
217
217
|
else
|
218
218
|
@mapper.get(id).find { |x| @mapper.map_type(x) == mtype }
|
219
219
|
end
|
220
220
|
end
|
221
|
-
valid.compact.length == AbideDevUtils::
|
221
|
+
valid.compact.length == AbideDevUtils::Sce::Mapping::FRAMEWORK_TYPES[framework].length
|
222
222
|
end
|
223
223
|
|
224
224
|
def method_missing(meth, *args, &block)
|
225
225
|
meth_s = meth.to_s
|
226
|
-
if AbideDevUtils::
|
226
|
+
if AbideDevUtils::Sce::Mapping::ALL_TYPES.include?(meth_s)
|
227
227
|
@mapper.get(id).find { |x| @mapper.map_type(x) == meth_s }
|
228
228
|
else
|
229
229
|
super
|
@@ -231,7 +231,7 @@ module AbideDevUtils
|
|
231
231
|
end
|
232
232
|
|
233
233
|
def respond_to_missing?(meth, include_private = false)
|
234
|
-
AbideDevUtils::
|
234
|
+
AbideDevUtils::Sce::Mapping::ALL_TYPES.include?(meth.to_s) || super
|
235
235
|
end
|
236
236
|
|
237
237
|
def to_h
|
@@ -242,7 +242,7 @@ module AbideDevUtils
|
|
242
242
|
levels: levels,
|
243
243
|
profiles: profiles,
|
244
244
|
params: param_hashes,
|
245
|
-
resource: resource.to_stubbed_h
|
245
|
+
resource: resource.to_stubbed_h
|
246
246
|
}
|
247
247
|
end
|
248
248
|
|
@@ -260,7 +260,7 @@ module AbideDevUtils
|
|
260
260
|
|
261
261
|
def validate_id_with_framework(id, framework, mapper)
|
262
262
|
mtype = mapper.map_type(id)
|
263
|
-
return if AbideDevUtils::
|
263
|
+
return if AbideDevUtils::Sce::Mapping::FRAMEWORK_TYPES[framework].include?(mtype)
|
264
264
|
|
265
265
|
raise AbideDevUtils::Errors::ControlIdFrameworkMismatchError, [id, mtype, framework]
|
266
266
|
end
|
@@ -312,25 +312,35 @@ module AbideDevUtils
|
|
312
312
|
|
313
313
|
# Repesents a benchmark based on resource and mapping data
|
314
314
|
class Benchmark
|
315
|
-
attr_reader :osname, :major_version, :os_facts, :osfamily, :hiera_conf, :module_name, :framework
|
315
|
+
attr_reader :osname, :major_version, :os_facts, :osfamily, :hiera_conf, :module_name, :framework, :mapper,
|
316
|
+
:resource_data, :resources, :controls
|
317
|
+
|
318
|
+
alias rules controls
|
316
319
|
|
317
320
|
def initialize(osname, major_version, hiera_conf, module_name, framework: 'cis')
|
318
321
|
@osname = osname
|
319
322
|
@major_version = major_version
|
320
323
|
@os_facts = AbideDevUtils::Ppt::FacterUtils::FactSets.new.find_by_fact_value_tuples(['os.name', @osname],
|
321
|
-
['os.release.major',
|
324
|
+
['os.release.major',
|
325
|
+
@major_version])
|
322
326
|
@osfamily = @os_facts['os']['family']
|
323
327
|
@hiera_conf = hiera_conf
|
324
328
|
@module_name = module_name
|
325
329
|
@framework = framework
|
326
330
|
@map_cache = {}
|
327
331
|
@rules_in_map = {}
|
332
|
+
@mapper = AbideDevUtils::Sce::Mapping::Mapper.new(@module_name, @framework, load_mapping_data)
|
333
|
+
@resource_data = load_resource_data
|
334
|
+
@resources = @resource_data["#{module_name}::resources"].each_with_object([]) do |(rtitle, rdata), arr|
|
335
|
+
arr << Resource.new(rtitle, rdata, framework, mapper)
|
336
|
+
end
|
337
|
+
@controls = resources.map(&:controls).flatten.sort
|
328
338
|
end
|
329
339
|
|
330
340
|
# Creates Benchmark objects from a Puppet module
|
331
341
|
# @param pupmod [AbideDevUtils::Ppt::PuppetModule] A PuppetModule instance
|
332
342
|
# @param skip_errors [Boolean] True skips errors and loads non-erroring benchmarks, false raises the error.
|
333
|
-
# @return [Array<AbideDevUtils::
|
343
|
+
# @return [Array<AbideDevUtils::Sce::Benchmark>] Array of Benchmark instances
|
334
344
|
def self.benchmarks_from_puppet_module(pupmod, ignore_all_errors: false, ignore_framework_mismatch: true)
|
335
345
|
frameworks = pupmod.hiera_conf.local_hiera_files(hierarchy_name: 'Mapping Data').each_with_object([]) do |hf, ary|
|
336
346
|
parts = hf.path.split(pupmod.hiera_conf.default_datadir)[-1].split('/')
|
@@ -372,28 +382,10 @@ module AbideDevUtils
|
|
372
382
|
end
|
373
383
|
end
|
374
384
|
|
375
|
-
def resources
|
376
|
-
@resources ||= resource_data["#{module_name}::resources"].each_with_object([]) do |(rtitle, rdata), arr|
|
377
|
-
arr << Resource.new(rtitle, rdata, framework, mapper)
|
378
|
-
end
|
379
|
-
end
|
380
|
-
|
381
|
-
def controls
|
382
|
-
@controls ||= resources.map(&:controls).flatten.sort
|
383
|
-
end
|
384
|
-
|
385
|
-
def mapper
|
386
|
-
@mapper ||= AbideDevUtils::CEM::Mapping::Mapper.new(module_name, framework, load_mapping_data)
|
387
|
-
end
|
388
|
-
|
389
385
|
def map_data
|
390
386
|
mapper.map_data
|
391
387
|
end
|
392
388
|
|
393
|
-
def resource_data
|
394
|
-
@resource_data ||= load_resource_data
|
395
|
-
end
|
396
|
-
|
397
389
|
def title
|
398
390
|
mapper.title
|
399
391
|
end
|
@@ -438,23 +430,31 @@ module AbideDevUtils
|
|
438
430
|
mapper.map_type(control_id)
|
439
431
|
end
|
440
432
|
|
433
|
+
def to_s
|
434
|
+
title
|
435
|
+
end
|
436
|
+
|
437
|
+
def inspect
|
438
|
+
"#<#{self.class.name}:#{object_id} title: #{title}, version: #{version}, module_name: #{module_name}, framework: #{framework}>"
|
439
|
+
end
|
440
|
+
|
441
441
|
private
|
442
442
|
|
443
443
|
def load_mapping_data
|
444
444
|
files = case module_name
|
445
445
|
when /_windows$/
|
446
|
-
|
446
|
+
sce_windows_mapping_files
|
447
447
|
when /_linux$/
|
448
|
-
|
448
|
+
sce_linux_mapping_files
|
449
449
|
else
|
450
|
-
raise "Module name '#{module_name}' is not a
|
450
|
+
raise "Module name '#{module_name}' is not a SCE module"
|
451
451
|
end
|
452
452
|
validate_mapping_files_framework(files).each_with_object({}) do |f, h|
|
453
453
|
h[File.basename(f.path, '.yaml')] = YAML.load_file(f.path)
|
454
454
|
end
|
455
455
|
end
|
456
456
|
|
457
|
-
def
|
457
|
+
def sce_linux_mapping_files
|
458
458
|
facts = [['os.name', osname], ['os.release.major', major_version]]
|
459
459
|
mapping_files = hiera_conf.local_hiera_files_with_facts(*facts, hierarchy_name: 'Mapping Data')
|
460
460
|
raise AbideDevUtils::Errors::MappingFilesNotFoundError, facts if mapping_files.nil? || mapping_files.empty?
|
@@ -462,7 +462,7 @@ module AbideDevUtils
|
|
462
462
|
mapping_files
|
463
463
|
end
|
464
464
|
|
465
|
-
def
|
465
|
+
def sce_windows_mapping_files
|
466
466
|
facts = ['os.release.major', major_version]
|
467
467
|
mapping_files = hiera_conf.local_hiera_files_with_fact(facts[0], facts[1], hierarchy_name: 'Mapping Data')
|
468
468
|
raise AbideDevUtils::Errors::MappingFilesNotFoundError, facts if mapping_files.nil? || mapping_files.empty?
|
@@ -6,18 +6,18 @@ require 'pathname'
|
|
6
6
|
require 'yaml'
|
7
7
|
require 'abide_dev_utils/ppt'
|
8
8
|
require 'abide_dev_utils/validate'
|
9
|
-
require 'abide_dev_utils/
|
9
|
+
require 'abide_dev_utils/sce/benchmark'
|
10
10
|
|
11
11
|
module AbideDevUtils
|
12
|
-
module
|
12
|
+
module Sce
|
13
13
|
module Generate
|
14
|
-
# Methods and objects used to construct a report of what
|
14
|
+
# Methods and objects used to construct a report of what SCE enforces versus what
|
15
15
|
# the various compliance frameworks expect to be enforced.
|
16
16
|
module CoverageReport
|
17
17
|
def self.generate(format_func: :to_h, opts: {})
|
18
18
|
opts = ReportOptions.new(opts)
|
19
19
|
pupmod = AbideDevUtils::Ppt::PuppetModule.new
|
20
|
-
benchmarks = AbideDevUtils::
|
20
|
+
benchmarks = AbideDevUtils::Sce::Benchmark.benchmarks_from_puppet_module(pupmod,
|
21
21
|
ignore_all_errors: opts.ignore_all_errors)
|
22
22
|
benchmarks.map do |b|
|
23
23
|
BenchmarkReport.new(b, opts).run.send(format_func)
|
@@ -31,7 +31,7 @@ module AbideDevUtils
|
|
31
31
|
level: nil,
|
32
32
|
format_func: :to_h,
|
33
33
|
ignore_all_errors: false,
|
34
|
-
xccdf_dir: nil
|
34
|
+
xccdf_dir: nil
|
35
35
|
}.freeze
|
36
36
|
|
37
37
|
attr_reader(*DEFAULTS.keys)
|
@@ -52,7 +52,7 @@ module AbideDevUtils
|
|
52
52
|
KEY_FACT_MAP = {
|
53
53
|
os_family: 'os.family',
|
54
54
|
os_name: 'os.name',
|
55
|
-
os_release_major: 'os.release.major'
|
55
|
+
os_release_major: 'os.release.major'
|
56
56
|
}.freeze
|
57
57
|
|
58
58
|
attr_reader(*KEY_FACT_MAP.keys)
|
@@ -89,11 +89,14 @@ module AbideDevUtils
|
|
89
89
|
def find_mapping_data
|
90
90
|
fact_array = fact_array_for(:os_name, :os_release_major)
|
91
91
|
begin
|
92
|
-
data_array = @pupmod.hiera_conf.local_hiera_files_with_facts(*fact_array,
|
92
|
+
data_array = @pupmod.hiera_conf.local_hiera_files_with_facts(*fact_array,
|
93
|
+
hierarchy_name: 'Mapping Data').map do |f|
|
93
94
|
YAML.load_file(f.path)
|
94
95
|
end
|
95
96
|
rescue NoMethodError
|
96
|
-
data_array = @pupmod.hiera_conf.local_hiera_files(hierarchy_name: 'Mapping Data').map
|
97
|
+
data_array = @pupmod.hiera_conf.local_hiera_files(hierarchy_name: 'Mapping Data').map do |f|
|
98
|
+
YAML.load_file(f.path)
|
99
|
+
end
|
97
100
|
end
|
98
101
|
filter_mapping_data_array_by_benchmark!(data_array)
|
99
102
|
filter_mapping_data_array_by_profile!(data_array)
|
@@ -268,7 +271,7 @@ module AbideDevUtils
|
|
268
271
|
title: title,
|
269
272
|
timestamp: timestamp,
|
270
273
|
benchmark: benchmark_hash,
|
271
|
-
coverage: coverage_hash
|
274
|
+
coverage: coverage_hash
|
272
275
|
}
|
273
276
|
end
|
274
277
|
|
@@ -284,7 +287,7 @@ module AbideDevUtils
|
|
284
287
|
{
|
285
288
|
title: @benchmark.title,
|
286
289
|
version: @benchmark.version,
|
287
|
-
framework: @benchmark.framework
|
290
|
+
framework: @benchmark.framework
|
288
291
|
}
|
289
292
|
end
|
290
293
|
|
@@ -297,7 +300,7 @@ module AbideDevUtils
|
|
297
300
|
covered: covered,
|
298
301
|
percentage: percentage,
|
299
302
|
controls_in_resource_data: controls_in_resource_data,
|
300
|
-
rules_in_map: rules_in_map
|
303
|
+
rules_in_map: rules_in_map
|
301
304
|
}
|
302
305
|
end
|
303
306
|
end
|
@@ -334,7 +337,7 @@ module AbideDevUtils
|
|
334
337
|
private
|
335
338
|
|
336
339
|
def find_controls_in_resource_data
|
337
|
-
controls = @benchmark.resource_data["#{@benchmark.module_name}::resources"].each_with_object([]) do |(
|
340
|
+
controls = @benchmark.resource_data["#{@benchmark.module_name}::resources"].each_with_object([]) do |(_rname, rval), arr|
|
338
341
|
arr << case rval['controls'].class.to_s
|
339
342
|
when 'Hash'
|
340
343
|
rval['controls'].keys
|
@@ -9,10 +9,10 @@ require 'yaml'
|
|
9
9
|
require 'abide_dev_utils/markdown'
|
10
10
|
require 'abide_dev_utils/output'
|
11
11
|
require 'abide_dev_utils/ppt'
|
12
|
-
require 'abide_dev_utils/
|
12
|
+
require 'abide_dev_utils/sce/benchmark'
|
13
13
|
|
14
14
|
module AbideDevUtils
|
15
|
-
module
|
15
|
+
module Sce
|
16
16
|
module Generate
|
17
17
|
# Holds objects and methods for generating a reference doc
|
18
18
|
module Reference
|
@@ -22,14 +22,14 @@ module AbideDevUtils
|
|
22
22
|
def self.generate(data = {})
|
23
23
|
pupmod = AbideDevUtils::Ppt::PuppetModule.new
|
24
24
|
doc_title = case pupmod.name
|
25
|
-
when 'puppetlabs-
|
26
|
-
'
|
27
|
-
when 'puppetlabs-
|
28
|
-
'
|
25
|
+
when 'puppetlabs-sce_linux'
|
26
|
+
'SCE for Linux Reference'
|
27
|
+
when 'puppetlabs-sce_windows'
|
28
|
+
'SCE for Windows Reference'
|
29
29
|
else
|
30
30
|
'Reference'
|
31
31
|
end
|
32
|
-
benchmarks = AbideDevUtils::
|
32
|
+
benchmarks = AbideDevUtils::Sce::Benchmark.benchmarks_from_puppet_module(pupmod)
|
33
33
|
case data.fetch(:format, 'markdown')
|
34
34
|
when 'markdown'
|
35
35
|
file = data[:out_file] || 'REFERENCE.md'
|
@@ -44,7 +44,7 @@ module AbideDevUtils
|
|
44
44
|
end
|
45
45
|
|
46
46
|
def self.config_example(control, params_array)
|
47
|
-
out_str = ['
|
47
|
+
out_str = ['sce_windows::config:', ' control_configs:', " \"#{control}\":"]
|
48
48
|
indent = ' '
|
49
49
|
params_array.each do |param_hash|
|
50
50
|
val = case param_hash[:type]
|
@@ -61,7 +61,7 @@ module AbideDevUtils
|
|
61
61
|
|
62
62
|
# Generates a markdown reference doc
|
63
63
|
class MarkdownGenerator
|
64
|
-
SPECIAL_CONTROL_IDS = %w[dependent
|
64
|
+
SPECIAL_CONTROL_IDS = %w[dependent sce_options sce_protected].freeze
|
65
65
|
|
66
66
|
def initialize(benchmarks, module_name, file: 'REFERENCE.md', opts: {})
|
67
67
|
@benchmarks = benchmarks
|
@@ -194,7 +194,7 @@ module AbideDevUtils
|
|
194
194
|
providers: providers,
|
195
195
|
puppet_functions: puppet_functions,
|
196
196
|
puppet_tasks: puppet_tasks,
|
197
|
-
puppet_plans: puppet_plans
|
197
|
+
puppet_plans: puppet_plans
|
198
198
|
}
|
199
199
|
end
|
200
200
|
|
@@ -312,7 +312,7 @@ module AbideDevUtils
|
|
312
312
|
end
|
313
313
|
|
314
314
|
def control_has_valid_params?
|
315
|
-
return true if @control.params? || @control.resource.
|
315
|
+
return true if @control.params? || @control.resource.sce_options? || @control.resource.sce_protected?
|
316
316
|
return true if @control.resource.manifest? && @control.resource.manifest.declaration.parameters?
|
317
317
|
|
318
318
|
false
|
@@ -326,7 +326,8 @@ module AbideDevUtils
|
|
326
326
|
|
327
327
|
def param_type_expr(ctrl_param, rsrc_param)
|
328
328
|
@control_data[ctrl_param[:name]] = {} unless @control_data.key?(ctrl_param[:name])
|
329
|
-
@control_data[ctrl_param[:name]][:type_expr] =
|
329
|
+
@control_data[ctrl_param[:name]][:type_expr] =
|
330
|
+
rsrc_param&.type_expr? ? rsrc_param&.type_expr : ctrl_param[:type]
|
330
331
|
return unless @control_data[ctrl_param[:name]][:type_expr]
|
331
332
|
|
332
333
|
" - [ #{@md.code(@control_data[ctrl_param[:name]][:type_expr])} ]"
|
@@ -365,7 +366,7 @@ module AbideDevUtils
|
|
365
366
|
return unless control_has_valid_params?
|
366
367
|
|
367
368
|
@md.add_ul('Parameters:')
|
368
|
-
[@control.param_hashes, @control.resource.
|
369
|
+
[@control.param_hashes, @control.resource.sce_options, @control.resource.sce_protected].each do |collection|
|
369
370
|
collection.each do |hsh|
|
370
371
|
rparam = resource_param(hsh)
|
371
372
|
str_array = [@md.code(hsh[:name]), param_type_expr(hsh, rparam), param_default_value(hsh, rparam)]
|
@@ -473,7 +474,8 @@ module AbideDevUtils
|
|
473
474
|
@md.add_ul('Hiera Configuration Example:')
|
474
475
|
@md.add_code_block(out_str.join("\n"), language: 'yaml')
|
475
476
|
rescue StandardError => e
|
476
|
-
require 'pry'
|
477
|
+
require 'pry'
|
478
|
+
binding.pry
|
477
479
|
err_msg = [
|
478
480
|
"Failed to generate config example for control #{@control.id}",
|
479
481
|
"Error: #{e.message}",
|
@@ -0,0 +1,11 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'abide_dev_utils/sce/generate/reference'
|
4
|
+
require 'abide_dev_utils/sce/generate/coverage_report'
|
5
|
+
|
6
|
+
module AbideDevUtils
|
7
|
+
module Sce
|
8
|
+
# Namespace for objects and methods used in `abide sce generate` subcommands
|
9
|
+
module Generate; end
|
10
|
+
end
|
11
|
+
end
|
@@ -1,16 +1,16 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require 'abide_dev_utils/
|
4
|
-
require 'abide_dev_utils/
|
3
|
+
require 'abide_dev_utils/sce/hiera_data/mapping_data/map_data'
|
4
|
+
require 'abide_dev_utils/sce/hiera_data/mapping_data/mixins'
|
5
5
|
|
6
6
|
module AbideDevUtils
|
7
|
-
module
|
7
|
+
module Sce
|
8
8
|
module HieraData
|
9
9
|
module MappingData
|
10
10
|
ALL_TYPES = %w[hiera_title_num number hiera_title vulnid title].freeze
|
11
11
|
FRAMEWORK_TYPES = {
|
12
12
|
'cis' => %w[hiera_title_num number hiera_title title],
|
13
|
-
'stig' => %w[hiera_title_num number hiera_title vulnid title]
|
13
|
+
'stig' => %w[hiera_title_num number hiera_title vulnid title]
|
14
14
|
}.freeze
|
15
15
|
CIS_TYPES = %w[hiera_title_num number hiera_title title].freeze
|
16
16
|
STIG_TYPES = %w[hiera_title_num number hiera_title vulnid title].freeze
|
@@ -78,11 +78,11 @@ module AbideDevUtils
|
|
78
78
|
def load_framework(framework)
|
79
79
|
case framework.downcase
|
80
80
|
when 'cis'
|
81
|
-
self.class.include AbideDevUtils::
|
82
|
-
extend AbideDevUtils::
|
81
|
+
self.class.include AbideDevUtils::Sce::HieraData::MappingData::MixinCIS
|
82
|
+
extend AbideDevUtils::Sce::HieraData::MappingData::MixinCIS
|
83
83
|
when 'stig'
|
84
|
-
self.class.include AbideDevUtils::
|
85
|
-
extend AbideDevUtils::
|
84
|
+
self.class.include AbideDevUtils::Sce::HieraData::MappingData::MixinSTIG
|
85
|
+
extend AbideDevUtils::Sce::HieraData::MappingData::MixinSTIG
|
86
86
|
else
|
87
87
|
raise "Invalid framework: #{framework}"
|
88
88
|
end
|
@@ -90,7 +90,10 @@ module AbideDevUtils
|
|
90
90
|
|
91
91
|
def map_data_by_type(map_type)
|
92
92
|
found_map_data = map_data.find { |x| x.type == map_type }
|
93
|
-
|
93
|
+
unless found_map_data
|
94
|
+
raise "Failed to find map data with type #{map_type}; Meta: #{{ framework: framework,
|
95
|
+
module_name: module_name }}"
|
96
|
+
end
|
94
97
|
|
95
98
|
found_map_data
|
96
99
|
end
|
@@ -2,11 +2,11 @@
|
|
2
2
|
|
3
3
|
require 'abide_dev_utils/dot_number_comparable'
|
4
4
|
require 'abide_dev_utils/errors'
|
5
|
-
require 'abide_dev_utils/
|
6
|
-
require 'abide_dev_utils/
|
5
|
+
require 'abide_dev_utils/sce/hiera_data/mapping_data'
|
6
|
+
require 'abide_dev_utils/sce/hiera_data/resource_data/parameters'
|
7
7
|
|
8
8
|
module AbideDevUtils
|
9
|
-
module
|
9
|
+
module Sce
|
10
10
|
module HieraData
|
11
11
|
module ResourceData
|
12
12
|
# Represents a singular rule in a benchmark
|
@@ -58,7 +58,7 @@ module AbideDevUtils
|
|
58
58
|
|
59
59
|
def method_missing(meth, *args, &block)
|
60
60
|
meth_s = meth.to_s
|
61
|
-
if AbideDevUtils::
|
61
|
+
if AbideDevUtils::Sce::HieraData::MappingData::ALL_TYPES.include?(meth_s)
|
62
62
|
@mapper.get(id).find { |x| @mapper.map_type(x) == meth_s }
|
63
63
|
else
|
64
64
|
super
|
@@ -66,7 +66,7 @@ module AbideDevUtils
|
|
66
66
|
end
|
67
67
|
|
68
68
|
def respond_to_missing?(meth, include_private = false)
|
69
|
-
AbideDevUtils::
|
69
|
+
AbideDevUtils::Sce::HieraData::MappingData::ALL_TYPES.include?(meth.to_s) || super
|
70
70
|
end
|
71
71
|
|
72
72
|
def to_h
|
@@ -76,7 +76,7 @@ module AbideDevUtils
|
|
76
76
|
alternate_ids: alternate_ids,
|
77
77
|
levels: levels,
|
78
78
|
profiles: profiles,
|
79
|
-
resource: resource
|
79
|
+
resource: resource
|
80
80
|
}.merge(parameters.to_h)
|
81
81
|
end
|
82
82
|
|
@@ -94,7 +94,7 @@ module AbideDevUtils
|
|
94
94
|
|
95
95
|
def validate_id_with_framework(id, framework, mapper)
|
96
96
|
mtype = mapper.map_type(id)
|
97
|
-
return if AbideDevUtils::
|
97
|
+
return if AbideDevUtils::Sce::HieraData::MappingData::FRAMEWORK_TYPES[framework].include?(mtype)
|
98
98
|
|
99
99
|
raise AbideDevUtils::Errors::ControlIdFrameworkMismatchError, [id, mtype, framework]
|
100
100
|
end
|
@@ -3,7 +3,7 @@
|
|
3
3
|
require 'set'
|
4
4
|
|
5
5
|
module AbideDevUtils
|
6
|
-
module
|
6
|
+
module Sce
|
7
7
|
module HieraData
|
8
8
|
module ResourceData
|
9
9
|
class Parameters
|
@@ -40,7 +40,7 @@ module AbideDevUtils
|
|
40
40
|
collection.each_with_object({}) do |(param, param_val), hsh|
|
41
41
|
hsh[param] = {
|
42
42
|
raw_value: param_val,
|
43
|
-
display_value: param_display(param, param_val)
|
43
|
+
display_value: param_display(param, param_val)
|
44
44
|
}
|
45
45
|
end
|
46
46
|
end
|
@@ -49,7 +49,7 @@ module AbideDevUtils
|
|
49
49
|
{
|
50
50
|
name: param,
|
51
51
|
type: ruby_class_to_puppet_type(param_val.class.to_s),
|
52
|
-
default: param_val
|
52
|
+
default: param_val
|
53
53
|
}
|
54
54
|
end
|
55
55
|
|
@@ -2,11 +2,11 @@
|
|
2
2
|
|
3
3
|
require 'set'
|
4
4
|
require 'abide_dev_utils/errors'
|
5
|
-
require 'abide_dev_utils/
|
6
|
-
require 'abide_dev_utils/
|
5
|
+
require 'abide_dev_utils/sce/hiera_data/resource_data/control'
|
6
|
+
require 'abide_dev_utils/sce/hiera_data/resource_data/parameters'
|
7
7
|
|
8
8
|
module AbideDevUtils
|
9
|
-
module
|
9
|
+
module Sce
|
10
10
|
module HieraData
|
11
11
|
module ResourceData
|
12
12
|
# Represents a resource data resource statement
|
@@ -25,21 +25,21 @@ module AbideDevUtils
|
|
25
25
|
@controls ||= load_controls
|
26
26
|
end
|
27
27
|
|
28
|
-
def
|
29
|
-
@
|
28
|
+
def sce_options
|
29
|
+
@sce_options ||= Parameters.new(data['sce_options'])
|
30
30
|
end
|
31
31
|
|
32
|
-
def
|
33
|
-
@
|
32
|
+
def sce_protected
|
33
|
+
@sce_protected ||= Parameters.new(data['sce_protected'])
|
34
34
|
end
|
35
35
|
|
36
36
|
def to_stubbed_h
|
37
37
|
{
|
38
38
|
title: title,
|
39
39
|
type: type,
|
40
|
-
|
41
|
-
|
42
|
-
reference: to_reference
|
40
|
+
sce_options: sce_options.to_h,
|
41
|
+
sce_protected: sce_protected.to_h,
|
42
|
+
reference: to_reference
|
43
43
|
}
|
44
44
|
end
|
45
45
|
|
@@ -51,7 +51,7 @@ module AbideDevUtils
|
|
51
51
|
parray = controls.map { |x| x.parameters.to_puppet_code if x.parameters.exist? }.flatten.compact.uniq
|
52
52
|
return "#{type} { '#{title}': }" if parray.empty? || parray.all?(&:empty?) || parray.all?("\n")
|
53
53
|
|
54
|
-
# if title == '
|
54
|
+
# if title == 'sce_linux::utils::packages::linux::auditd::time_change'
|
55
55
|
# require 'pry'
|
56
56
|
# binding.pry
|
57
57
|
# end
|