abide_dev_utils 0.6.0 → 0.9.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +2 -2
- data/.rubocop.yml +1 -1
- data/CODEOWNERS +1 -0
- data/Gemfile.lock +273 -0
- data/abide_dev_utils.gemspec +7 -6
- data/lib/abide_dev_utils/cli/comply.rb +26 -7
- data/lib/abide_dev_utils/cli/puppet.rb +18 -0
- data/lib/abide_dev_utils/cli/xccdf.rb +77 -11
- data/lib/abide_dev_utils/comply.rb +240 -169
- data/lib/abide_dev_utils/errors/comply.rb +4 -0
- data/lib/abide_dev_utils/errors/general.rb +9 -0
- data/lib/abide_dev_utils/errors/xccdf.rb +12 -0
- data/lib/abide_dev_utils/gcloud.rb +2 -1
- data/lib/abide_dev_utils/output.rb +7 -3
- data/lib/abide_dev_utils/ppt/api.rb +219 -0
- data/lib/abide_dev_utils/ppt/score_module.rb +162 -0
- data/lib/abide_dev_utils/ppt.rb +22 -19
- data/lib/abide_dev_utils/validate.rb +5 -1
- data/lib/abide_dev_utils/version.rb +1 -1
- data/lib/abide_dev_utils/xccdf.rb +627 -11
- metadata +30 -16
- data/.dockerignore +0 -1
- data/Dockerfile +0 -23
- data/lib/abide_dev_utils/xccdf/cis/hiera.rb +0 -166
- data/lib/abide_dev_utils/xccdf/cis.rb +0 -3
- data/lib/abide_dev_utils/xccdf/utils.rb +0 -85
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 58b9c3d67642e83959b356c30cef87f408ec18e6887c34f66b7d967b2b106cb8
|
4
|
+
data.tar.gz: 0c03f8ccf88bbd5e3c12d0d50ff3eea3a83f34e1d93b4773844bfb74a4bca271
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a7e66797f4b3d3d44512a1b7dad92539cc75e4d219a4dd14f6fe4548714305ce067cc1a5aafb26316f64a25a3186905bb33bc86b53370b0bb2c30b084fdebcc3
|
7
|
+
data.tar.gz: 774f4b5dd24e1dc9c5ecfa5e9cb23ae528bb607b5bfcbb87da2bfa30549526c13909868c1e4cc55db58f64e14e577f5a5a562a0ed21f58ed71ae68a1139fc349
|
data/.gitignore
CHANGED
data/.rubocop.yml
CHANGED
data/CODEOWNERS
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
* @puppetlabs/abide-team
|
data/Gemfile.lock
ADDED
@@ -0,0 +1,273 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
abide_dev_utils (0.9.3)
|
5
|
+
cmdparse (~> 3.0)
|
6
|
+
google-cloud-storage (~> 1.34)
|
7
|
+
hashdiff (~> 1.0)
|
8
|
+
jira-ruby (~> 2.1)
|
9
|
+
nokogiri (~> 1.11)
|
10
|
+
puppet (>= 6.23)
|
11
|
+
ruby-progressbar (~> 1.11)
|
12
|
+
selenium-webdriver (~> 4.0.0.beta4)
|
13
|
+
|
14
|
+
GEM
|
15
|
+
remote: https://rubygems.org/
|
16
|
+
specs:
|
17
|
+
activesupport (7.0.1)
|
18
|
+
concurrent-ruby (~> 1.0, >= 1.0.2)
|
19
|
+
i18n (>= 1.6, < 2)
|
20
|
+
minitest (>= 5.1)
|
21
|
+
tzinfo (~> 2.0)
|
22
|
+
addressable (2.8.0)
|
23
|
+
public_suffix (>= 2.0.2, < 5.0)
|
24
|
+
ast (2.4.2)
|
25
|
+
async (1.30.1)
|
26
|
+
console (~> 1.10)
|
27
|
+
nio4r (~> 2.3)
|
28
|
+
timers (~> 4.1)
|
29
|
+
async-http (0.56.5)
|
30
|
+
async (>= 1.25)
|
31
|
+
async-io (>= 1.28)
|
32
|
+
async-pool (>= 0.2)
|
33
|
+
protocol-http (~> 0.22.0)
|
34
|
+
protocol-http1 (~> 0.14.0)
|
35
|
+
protocol-http2 (~> 0.14.0)
|
36
|
+
async-http-faraday (0.11.0)
|
37
|
+
async-http (~> 0.42)
|
38
|
+
faraday
|
39
|
+
async-io (1.32.2)
|
40
|
+
async
|
41
|
+
async-pool (0.3.9)
|
42
|
+
async (>= 1.25)
|
43
|
+
atlassian-jwt (0.2.1)
|
44
|
+
jwt (~> 2.1)
|
45
|
+
childprocess (4.1.0)
|
46
|
+
cmdparse (3.0.7)
|
47
|
+
coderay (1.1.3)
|
48
|
+
concurrent-ruby (1.1.9)
|
49
|
+
console (1.14.0)
|
50
|
+
fiber-local
|
51
|
+
declarative (0.0.20)
|
52
|
+
deep_merge (1.2.2)
|
53
|
+
diff-lcs (1.5.0)
|
54
|
+
digest-crc (0.6.4)
|
55
|
+
rake (>= 12.0.0, < 14.0.0)
|
56
|
+
facter (4.2.7)
|
57
|
+
hocon (~> 1.3)
|
58
|
+
thor (>= 1.0.1, < 2.0)
|
59
|
+
faraday (1.9.3)
|
60
|
+
faraday-em_http (~> 1.0)
|
61
|
+
faraday-em_synchrony (~> 1.0)
|
62
|
+
faraday-excon (~> 1.1)
|
63
|
+
faraday-httpclient (~> 1.0)
|
64
|
+
faraday-multipart (~> 1.0)
|
65
|
+
faraday-net_http (~> 1.0)
|
66
|
+
faraday-net_http_persistent (~> 1.0)
|
67
|
+
faraday-patron (~> 1.0)
|
68
|
+
faraday-rack (~> 1.0)
|
69
|
+
faraday-retry (~> 1.0)
|
70
|
+
ruby2_keywords (>= 0.0.4)
|
71
|
+
faraday-em_http (1.0.0)
|
72
|
+
faraday-em_synchrony (1.0.0)
|
73
|
+
faraday-excon (1.1.0)
|
74
|
+
faraday-http-cache (2.2.0)
|
75
|
+
faraday (>= 0.8)
|
76
|
+
faraday-httpclient (1.0.1)
|
77
|
+
faraday-multipart (1.0.3)
|
78
|
+
multipart-post (>= 1.2, < 3)
|
79
|
+
faraday-net_http (1.0.1)
|
80
|
+
faraday-net_http_persistent (1.2.0)
|
81
|
+
faraday-patron (1.0.0)
|
82
|
+
faraday-rack (1.0.0)
|
83
|
+
faraday-retry (1.0.3)
|
84
|
+
fast_gettext (1.8.0)
|
85
|
+
fiber-local (1.0.0)
|
86
|
+
gem-release (2.2.2)
|
87
|
+
github_changelog_generator (1.16.4)
|
88
|
+
activesupport
|
89
|
+
async (>= 1.25.0)
|
90
|
+
async-http-faraday
|
91
|
+
faraday-http-cache
|
92
|
+
multi_json
|
93
|
+
octokit (~> 4.6)
|
94
|
+
rainbow (>= 2.2.1)
|
95
|
+
rake (>= 10.0)
|
96
|
+
google-apis-core (0.4.1)
|
97
|
+
addressable (~> 2.5, >= 2.5.1)
|
98
|
+
googleauth (>= 0.16.2, < 2.a)
|
99
|
+
httpclient (>= 2.8.1, < 3.a)
|
100
|
+
mini_mime (~> 1.0)
|
101
|
+
representable (~> 3.0)
|
102
|
+
retriable (>= 2.0, < 4.a)
|
103
|
+
rexml
|
104
|
+
webrick
|
105
|
+
google-apis-iamcredentials_v1 (0.10.0)
|
106
|
+
google-apis-core (>= 0.4, < 2.a)
|
107
|
+
google-apis-storage_v1 (0.11.0)
|
108
|
+
google-apis-core (>= 0.4, < 2.a)
|
109
|
+
google-cloud-core (1.6.0)
|
110
|
+
google-cloud-env (~> 1.0)
|
111
|
+
google-cloud-errors (~> 1.0)
|
112
|
+
google-cloud-env (1.5.0)
|
113
|
+
faraday (>= 0.17.3, < 2.0)
|
114
|
+
google-cloud-errors (1.2.0)
|
115
|
+
google-cloud-storage (1.36.0)
|
116
|
+
addressable (~> 2.8)
|
117
|
+
digest-crc (~> 0.4)
|
118
|
+
google-apis-iamcredentials_v1 (~> 0.1)
|
119
|
+
google-apis-storage_v1 (~> 0.1)
|
120
|
+
google-cloud-core (~> 1.6)
|
121
|
+
googleauth (>= 0.16.2, < 2.a)
|
122
|
+
mini_mime (~> 1.0)
|
123
|
+
googleauth (1.1.0)
|
124
|
+
faraday (>= 0.17.3, < 2.0)
|
125
|
+
jwt (>= 1.4, < 3.0)
|
126
|
+
memoist (~> 0.16)
|
127
|
+
multi_json (~> 1.11)
|
128
|
+
os (>= 0.9, < 2.0)
|
129
|
+
signet (>= 0.16, < 2.a)
|
130
|
+
hashdiff (1.0.1)
|
131
|
+
hiera (3.8.0)
|
132
|
+
hocon (1.3.1)
|
133
|
+
httpclient (2.8.3)
|
134
|
+
i18n (1.8.11)
|
135
|
+
concurrent-ruby (~> 1.0)
|
136
|
+
jira-ruby (2.2.0)
|
137
|
+
activesupport
|
138
|
+
atlassian-jwt
|
139
|
+
multipart-post
|
140
|
+
oauth (~> 0.5, >= 0.5.0)
|
141
|
+
jwt (2.3.0)
|
142
|
+
locale (2.1.3)
|
143
|
+
memoist (0.16.2)
|
144
|
+
method_source (1.0.0)
|
145
|
+
mini_mime (1.1.2)
|
146
|
+
mini_portile2 (2.7.1)
|
147
|
+
minitest (5.15.0)
|
148
|
+
multi_json (1.15.0)
|
149
|
+
multipart-post (2.1.1)
|
150
|
+
nio4r (2.5.8)
|
151
|
+
nokogiri (1.13.1)
|
152
|
+
mini_portile2 (~> 2.7.0)
|
153
|
+
racc (~> 1.4)
|
154
|
+
oauth (0.5.8)
|
155
|
+
octokit (4.22.0)
|
156
|
+
faraday (>= 0.9)
|
157
|
+
sawyer (~> 0.8.0, >= 0.5.3)
|
158
|
+
os (1.1.4)
|
159
|
+
parallel (1.21.0)
|
160
|
+
parser (3.1.0.0)
|
161
|
+
ast (~> 2.4.1)
|
162
|
+
protocol-hpack (1.4.2)
|
163
|
+
protocol-http (0.22.5)
|
164
|
+
protocol-http1 (0.14.2)
|
165
|
+
protocol-http (~> 0.22)
|
166
|
+
protocol-http2 (0.14.2)
|
167
|
+
protocol-hpack (~> 1.4)
|
168
|
+
protocol-http (~> 0.18)
|
169
|
+
pry (0.14.1)
|
170
|
+
coderay (~> 1.1)
|
171
|
+
method_source (~> 1.0)
|
172
|
+
public_suffix (4.0.6)
|
173
|
+
puppet (7.13.1)
|
174
|
+
concurrent-ruby (~> 1.0)
|
175
|
+
deep_merge (~> 1.0)
|
176
|
+
facter (> 2.0.1, < 5)
|
177
|
+
fast_gettext (>= 1.1, < 3)
|
178
|
+
hiera (>= 3.2.1, < 4)
|
179
|
+
locale (~> 2.1)
|
180
|
+
multi_json (~> 1.10)
|
181
|
+
puppet-resource_api (~> 1.5)
|
182
|
+
scanf (~> 1.0)
|
183
|
+
semantic_puppet (~> 1.0)
|
184
|
+
puppet-resource_api (1.8.14)
|
185
|
+
hocon (>= 1.0)
|
186
|
+
racc (1.6.0)
|
187
|
+
rainbow (3.1.1)
|
188
|
+
rake (13.0.6)
|
189
|
+
regexp_parser (2.2.0)
|
190
|
+
representable (3.1.1)
|
191
|
+
declarative (< 0.1.0)
|
192
|
+
trailblazer-option (>= 0.1.1, < 0.2.0)
|
193
|
+
uber (< 0.2.0)
|
194
|
+
retriable (3.1.2)
|
195
|
+
rexml (3.2.5)
|
196
|
+
rspec (3.10.0)
|
197
|
+
rspec-core (~> 3.10.0)
|
198
|
+
rspec-expectations (~> 3.10.0)
|
199
|
+
rspec-mocks (~> 3.10.0)
|
200
|
+
rspec-core (3.10.1)
|
201
|
+
rspec-support (~> 3.10.0)
|
202
|
+
rspec-expectations (3.10.2)
|
203
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
204
|
+
rspec-support (~> 3.10.0)
|
205
|
+
rspec-mocks (3.10.2)
|
206
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
207
|
+
rspec-support (~> 3.10.0)
|
208
|
+
rspec-support (3.10.3)
|
209
|
+
rubocop (1.24.1)
|
210
|
+
parallel (~> 1.10)
|
211
|
+
parser (>= 3.0.0.0)
|
212
|
+
rainbow (>= 2.2.2, < 4.0)
|
213
|
+
regexp_parser (>= 1.8, < 3.0)
|
214
|
+
rexml
|
215
|
+
rubocop-ast (>= 1.15.1, < 2.0)
|
216
|
+
ruby-progressbar (~> 1.7)
|
217
|
+
unicode-display_width (>= 1.4.0, < 3.0)
|
218
|
+
rubocop-ast (1.15.1)
|
219
|
+
parser (>= 3.0.1.1)
|
220
|
+
rubocop-i18n (3.0.0)
|
221
|
+
rubocop (~> 1.0)
|
222
|
+
rubocop-performance (1.13.1)
|
223
|
+
rubocop (>= 1.7.0, < 2.0)
|
224
|
+
rubocop-ast (>= 0.4.0)
|
225
|
+
rubocop-rspec (2.7.0)
|
226
|
+
rubocop (~> 1.19)
|
227
|
+
ruby-progressbar (1.11.0)
|
228
|
+
ruby2_keywords (0.0.5)
|
229
|
+
rubyzip (2.3.2)
|
230
|
+
sawyer (0.8.2)
|
231
|
+
addressable (>= 2.3.5)
|
232
|
+
faraday (> 0.8, < 2.0)
|
233
|
+
scanf (1.0.0)
|
234
|
+
selenium-webdriver (4.0.3)
|
235
|
+
childprocess (>= 0.5, < 5.0)
|
236
|
+
rexml (~> 3.2, >= 3.2.5)
|
237
|
+
rubyzip (>= 1.2.2)
|
238
|
+
semantic_puppet (1.0.4)
|
239
|
+
signet (0.16.0)
|
240
|
+
addressable (~> 2.8)
|
241
|
+
faraday (>= 0.17.3, < 2.0)
|
242
|
+
jwt (>= 1.5, < 3.0)
|
243
|
+
multi_json (~> 1.10)
|
244
|
+
thor (1.2.1)
|
245
|
+
timers (4.3.3)
|
246
|
+
trailblazer-option (0.1.2)
|
247
|
+
tzinfo (2.0.4)
|
248
|
+
concurrent-ruby (~> 1.0)
|
249
|
+
uber (0.1.0)
|
250
|
+
unicode-display_width (2.1.0)
|
251
|
+
webrick (1.7.0)
|
252
|
+
|
253
|
+
PLATFORMS
|
254
|
+
ruby
|
255
|
+
|
256
|
+
DEPENDENCIES
|
257
|
+
abide_dev_utils!
|
258
|
+
bundler
|
259
|
+
console
|
260
|
+
fast_gettext (~> 1.8)
|
261
|
+
gem-release
|
262
|
+
github_changelog_generator
|
263
|
+
pry
|
264
|
+
rake
|
265
|
+
rspec (~> 3.10)
|
266
|
+
rubocop (~> 1.8)
|
267
|
+
rubocop-ast (~> 1.4)
|
268
|
+
rubocop-i18n (~> 3.0)
|
269
|
+
rubocop-performance (~> 1.9)
|
270
|
+
rubocop-rspec (~> 2.1)
|
271
|
+
|
272
|
+
BUNDLED WITH
|
273
|
+
2.1.4
|
data/abide_dev_utils.gemspec
CHANGED
@@ -7,14 +7,14 @@ require "abide_dev_utils/version"
|
|
7
7
|
Gem::Specification.new do |spec|
|
8
8
|
spec.name = "abide_dev_utils"
|
9
9
|
spec.version = AbideDevUtils::VERSION
|
10
|
-
spec.authors = ["
|
11
|
-
spec.email = ["
|
10
|
+
spec.authors = ["abide-team"]
|
11
|
+
spec.email = ["abide-team@puppet.com"]
|
12
12
|
|
13
|
-
spec.summary = "Helper utilities for developing
|
14
|
-
spec.description = "Provides a CLI with helpful utilities for developing
|
15
|
-
spec.homepage = "https://github.com/
|
13
|
+
spec.summary = "Helper utilities for developing compliance Puppet code"
|
14
|
+
spec.description = "Provides a CLI with helpful utilities for developing compliance Puppet code"
|
15
|
+
spec.homepage = "https://github.com/puppetlabs/abide_dev_utils"
|
16
16
|
spec.license = "MIT"
|
17
|
-
spec.required_ruby_version = Gem::Requirement.new(">= 2.
|
17
|
+
spec.required_ruby_version = Gem::Requirement.new(">= 2.7.0")
|
18
18
|
|
19
19
|
# spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
|
20
20
|
|
@@ -39,6 +39,7 @@ Gem::Specification.new do |spec|
|
|
39
39
|
spec.add_dependency 'ruby-progressbar', '~> 1.11'
|
40
40
|
spec.add_dependency 'selenium-webdriver', '~> 4.0.0.beta4'
|
41
41
|
spec.add_dependency 'google-cloud-storage', '~> 1.34'
|
42
|
+
spec.add_dependency 'hashdiff', '~> 1.0'
|
42
43
|
|
43
44
|
# Dev dependencies
|
44
45
|
spec.add_development_dependency 'bundler'
|
@@ -12,6 +12,7 @@ module Abide
|
|
12
12
|
def initialize
|
13
13
|
super(CMD_NAME, CMD_SHORT, CMD_LONG, takes_commands: true)
|
14
14
|
add_command(ComplyReportCommand.new)
|
15
|
+
add_command(ComplyCompareReportCommand.new)
|
15
16
|
end
|
16
17
|
end
|
17
18
|
|
@@ -57,23 +58,22 @@ module Abide
|
|
57
58
|
options.on('-t [SECONDS]', '--timeout [SECONDS]', OPT_TIMEOUT_DESC) do |t|
|
58
59
|
@data[:timeout] = t
|
59
60
|
end
|
60
|
-
options.on('-s
|
61
|
+
options.on('-s [X,Y,Z]', '--status [X,Y,Z]',
|
61
62
|
%w[pass fail error notapplicable notchecked unknown informational],
|
62
63
|
Array,
|
63
64
|
OPT_STATUS_DESC) do |s|
|
64
65
|
s&.map! { |i| i == 'notchecked' ? 'not checked' : i }
|
65
66
|
@data[:status] = s
|
66
67
|
end
|
67
|
-
options.on('--only
|
68
|
+
options.on('--only [X,Y,Z]', Array, OPT_ONLY_NODES) do |o|
|
68
69
|
@data[:onlylist] = o
|
69
70
|
end
|
70
|
-
options.on('--ignore
|
71
|
+
options.on('--ignore [X,Y,Z]', Array, OPT_IGNORE_NODES) do |i|
|
71
72
|
@data[:ignorelist] = i
|
72
73
|
end
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
# options.on('--')
|
74
|
+
options.on('--page-source-on-error', 'Dump page source to file on error') do
|
75
|
+
@data[:page_source_on_error] = true
|
76
|
+
end
|
77
77
|
end
|
78
78
|
|
79
79
|
def help_arguments
|
@@ -95,5 +95,24 @@ module Abide
|
|
95
95
|
Abide::CLI::OUTPUT.yaml(report, file: outfile)
|
96
96
|
end
|
97
97
|
end
|
98
|
+
|
99
|
+
class ComplyCompareReportCommand < AbideCommand
|
100
|
+
CMD_NAME = 'compare-report'
|
101
|
+
CMD_SHORT = 'Compare two Comply reports and get the differences.'
|
102
|
+
CMD_LONG = 'Compare two Comply reports and get the differences. Report A is compared to report B, showing what changes it would take for A to equal B.'
|
103
|
+
CMD_REPORT_A = 'The current Comply report yaml file'
|
104
|
+
CMD_REPORT_B = 'The old Comply report yaml file name or full path'
|
105
|
+
def initialize
|
106
|
+
super(CMD_NAME, CMD_SHORT, CMD_LONG, takes_commands: false)
|
107
|
+
argument_desc(REPORT_A: CMD_REPORT_A, REPORT_B: CMD_REPORT_B)
|
108
|
+
options.on('-u', '--upload-new', 'If you want to upload the new scan report') { @data[:upload] = true }
|
109
|
+
options.on('-s [STORAGE]', '--remote-storage [STORAGE]', 'Remote storage to upload the report to. (Only supports "gcloud")') { |x| @data[:remote_storage] = x }
|
110
|
+
options.on('-r [NAME]', '--name [NAME]', 'The name to upload the report as') { |x| @data[:report_name] = x }
|
111
|
+
end
|
112
|
+
|
113
|
+
def execute(report_a, report_b)
|
114
|
+
AbideDevUtils::Comply.compare_reports(report_a, report_b, @data)
|
115
|
+
end
|
116
|
+
end
|
98
117
|
end
|
99
118
|
end
|
@@ -217,5 +217,23 @@ module Abide
|
|
217
217
|
AbideDevUtils::Ppt.add_cis_comment(path, xccdf, number_format: @data.fetch(:number_format, false))
|
218
218
|
end
|
219
219
|
end
|
220
|
+
|
221
|
+
class PuppetScoreModuleCommand < AbideCommand
|
222
|
+
CMD_NAME = 'score'
|
223
|
+
CMD_SHORT = 'Scores a Puppet module just like Puppet Forge'
|
224
|
+
CMD_LONG = 'Scores a Puppet module just like Puppet Forge. This is a useful quality-check before publishing a module.'
|
225
|
+
def initialize
|
226
|
+
super(CMD_NAME, CMD_SHORT, CMD_LONG, takes_commands: false)
|
227
|
+
options.on('-o [PATH]', '--outfile [PATH]', 'Save results to a file') { |x| @data[:outfile] = x }
|
228
|
+
options.on('-q', '--quiet', FalseClass, 'Do not print results to console') { |x| @data[:quiet] = x }
|
229
|
+
options.on('-c', '--checks', Array, 'Comma-separated list of individual checks to run. Defaults to running all checks.') { |x| @data[:check] = x }
|
230
|
+
options.on('-m [PATH]', '--module [PATH]', 'Path to a Puppet module to score. Defaults to using the current directory.') { |x| @data[:module] = x }
|
231
|
+
end
|
232
|
+
|
233
|
+
def execute
|
234
|
+
module_path = @data.fetch(:module, nil)
|
235
|
+
AbideDevUtils::Ppt.score_module(module_path, **@data)
|
236
|
+
end
|
237
|
+
end
|
220
238
|
end
|
221
239
|
end
|
@@ -1,5 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require 'abide_dev_utils/cli/abstract'
|
3
4
|
require 'abide_dev_utils/xccdf'
|
4
5
|
|
5
6
|
module Abide
|
@@ -14,17 +15,65 @@ module Abide
|
|
14
15
|
long_desc(CMD_LONG)
|
15
16
|
add_command(CmdParse::HelpCommand.new, default: true)
|
16
17
|
add_command(XccdfToHieraCommand.new)
|
18
|
+
add_command(XccdfDiffCommand.new)
|
19
|
+
add_command(XccdfGenMapCommand.new)
|
17
20
|
end
|
18
21
|
end
|
19
22
|
|
20
|
-
class
|
21
|
-
CMD_NAME = '
|
23
|
+
class XccdfGenMapCommand < AbideCommand
|
24
|
+
CMD_NAME = 'gen-map'
|
25
|
+
CMD_SHORT = 'Generates mappings from XCCDF files'
|
26
|
+
CMD_LONG = 'Generates mappings for CEM modules from 1 or more XCCDF files as YAML'
|
27
|
+
CMD_XCCDF_FILES_ARG = 'One or more paths to XCCDF files'
|
28
|
+
def initialize
|
29
|
+
super(CMD_NAME, CMD_SHORT, CMD_LONG, takes_commands: false)
|
30
|
+
argument_desc(XCCDF_FILES: CMD_XCCDF_FILES_ARG)
|
31
|
+
options.on('-b [TYPE]', '--benchmark-type [TYPE]', 'XCCDF Benchmark type CIS by default') do |b|
|
32
|
+
@data[:type] = b
|
33
|
+
end
|
34
|
+
options.on('-d [DIR]', '--files-output-directory [DIR]', 'Directory to save files data/mappings by default') do |d|
|
35
|
+
@data[:dir] = d
|
36
|
+
end
|
37
|
+
options.on('-q', '--quiet', 'Show no output in the terminal') { @data[:quiet] = true }
|
38
|
+
options.on('-p [PREFIX]', '--parent-key-prefix [PREFIX]', 'A prefix to append to the parent key') do |p|
|
39
|
+
@data[:parent_key_prefix] = p
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
def execute(*xccdf_files)
|
44
|
+
if @data[:quiet] && @data[:dir].nil?
|
45
|
+
AbideDevUtils::Output.simple("I don\'t know how to quietly output to the console\n¯\\_(ツ)_/¯")
|
46
|
+
exit 1
|
47
|
+
end
|
48
|
+
xccdf_files.each do |xccdf_file|
|
49
|
+
other_kwarg_syms = %i[type dir quiet parent_key_prefix]
|
50
|
+
other_kwargs = @data.reject { |k, _| other_kwarg_syms.include?(k) }
|
51
|
+
hfile = AbideDevUtils::XCCDF.gen_map(
|
52
|
+
File.expand_path(xccdf_file),
|
53
|
+
dir: @data[:dir],
|
54
|
+
type: @data.fetch(:type, 'cis'),
|
55
|
+
parent_key_prefix: @data.fetch(:parent_key_prefix, ''),
|
56
|
+
**other_kwargs
|
57
|
+
)
|
58
|
+
mapping_dir = File.dirname(hfile.keys[0]) unless @data[:dir].nil?
|
59
|
+
unless @data[:quiet] || @data[:dir].nil? || File.directory?(mapping_dir)
|
60
|
+
AbideDevUtils::Output.simple("Creating directory #{mapping_dir}")
|
61
|
+
end
|
62
|
+
FileUtils.mkdir_p(mapping_dir) unless @data[:dir].nil?
|
63
|
+
hfile.each do |key, val|
|
64
|
+
file_path = @data[:dir].nil? ? nil : key
|
65
|
+
AbideDevUtils::Output.yaml(val, console: @data[:dir].nil?, file: file_path)
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
class XccdfToHieraCommand < AbideCommand
|
72
|
+
CMD_NAME = 'to-hiera'
|
22
73
|
CMD_SHORT = 'Generates control coverage report'
|
23
74
|
CMD_LONG = 'Generates report of valid Puppet classes that match with Hiera controls'
|
24
75
|
def initialize
|
25
|
-
super(CMD_NAME, takes_commands: false)
|
26
|
-
short_desc(CMD_SHORT)
|
27
|
-
long_desc(CMD_LONG)
|
76
|
+
super(CMD_NAME, CMD_SHORT, CMD_LONG, takes_commands: false)
|
28
77
|
options.on('-b [TYPE]', '--benchmark-type [TYPE]', 'XCCDF Benchmark type') { |b| @data[:type] = b }
|
29
78
|
options.on('-o [FILE]', '--out-file [FILE]', 'Path to save file') { |f| @data[:file] = f }
|
30
79
|
options.on('-p [PREFIX]', '--parent-key-prefix [PREFIX]', 'A prefix to append to the parent key') do |p|
|
@@ -37,15 +86,32 @@ module Abide
|
|
37
86
|
|
38
87
|
def execute(xccdf_file)
|
39
88
|
@data[:type] = 'cis' if @data[:type].nil?
|
40
|
-
|
41
|
-
|
89
|
+
hfile = AbideDevUtils::XCCDF.to_hiera(xccdf_file, @data)
|
90
|
+
AbideDevUtils::Output.yaml(hfile, console: @data[:file].nil?, file: @data[:file])
|
42
91
|
end
|
92
|
+
end
|
43
93
|
|
44
|
-
|
94
|
+
class XccdfDiffCommand < AbideCommand
|
95
|
+
CMD_NAME = 'diff'
|
96
|
+
CMD_SHORT = 'Generates a diff report between two XCCDF files'
|
97
|
+
CMD_LONG = 'Generates a diff report between two XCCDF files'
|
98
|
+
CMD_FILE1_ARG = 'path to first XCCDF file'
|
99
|
+
CMD_FILE2_ARG = 'path to second XCCDF file'
|
100
|
+
def initialize
|
101
|
+
super(CMD_NAME, CMD_SHORT, CMD_LONG, takes_commands: false)
|
102
|
+
argument_desc(FILE1: CMD_FILE1_ARG, FILE2: CMD_FILE2_ARG)
|
103
|
+
options.on('-o [PATH]', '--out-file', 'Save the report as a yaml file') { |x| @data[:outfile] = x }
|
104
|
+
options.on('-p [PROFILE]', '--profile', 'Only diff and specific profile in the benchmarks') do |x|
|
105
|
+
@data[:profile] = x
|
106
|
+
end
|
107
|
+
options.on('-q', '--quiet', 'Show no output in the terminal') { @data[:quiet] = false }
|
108
|
+
options.on('--no-diff-profiles', 'Do not diff the profiles in the XCCDF files') { @data[:diff_profiles] = false }
|
109
|
+
options.on('--no-diff-controls', 'Do not diff the controls in the XCCDF files') { @data[:diff_controls] = false }
|
110
|
+
end
|
45
111
|
|
46
|
-
def
|
47
|
-
|
48
|
-
|
112
|
+
def execute(file1, file2)
|
113
|
+
diffreport = AbideDevUtils::XCCDF.diff(file1, file2, @data)
|
114
|
+
AbideDevUtils::Output.yaml(diffreport, console: @data.fetch(:quiet, true), file: @data.fetch(:outfile, nil))
|
49
115
|
end
|
50
116
|
end
|
51
117
|
end
|