abide_dev_utils 0.8.0 → 0.9.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3978f655b9053e54d4fd63d456d3d65b9079c7684c6fcc88a3f764ead1aa012a
-  data.tar.gz: 746265daf86c8095a0f4ddbf9909d85a30ba2495b2b449e19896584c6e88da2b
+  metadata.gz: 3b3a74b07a3c45d7177fa8b2dd24f4c6eb0943f6ac9c907ab9d28878e628b990
+  data.tar.gz: 03de5f44f3150377e738bd7bb3f732136a956e463601f6b555b0ec5da1a3e574
 SHA512:
-  metadata.gz: a6bbb36782aff2d06e4fd55ea66582cf64c4414c2e13f1c3cca76c8b1c33c420f76474b058c2e2ce49bb294efc01b677588957fa8f745d3b2fa022683253281f
-  data.tar.gz: 78f92a917f547ba04f17610e0bca9cc5816efaadf7b066645cc75e40c303173a9b0d3e27ea0d7a741219f88c5e479810e14f180fc813cd5a31e3d6f0ee4bf65e
+  metadata.gz: bd522c8469aa8c96a75891366b636ef0c1ece9296c16e973896d8cb8e2c897a3d1b475ef98648a4be052085c8f7e681d708b2987df87e1fedaf2fa4a16d40011
+  data.tar.gz: 63720ae69e2ff22423f9ae2a6d217b6ccdbd0ce90f4fd79a8762579a9e1398bd5ea75e244aec64783029c74d9b9a76358ef5251c927a510684e4425f488cfb05

data/.gitignore

@@ -10,4 +10,3 @@ w10_20h2.xml
 w10_2004.xml
 # rspec failure tracking
 .rspec_status
-Gemfile.lock

data/Gemfile.lock

@@ -0,0 +1,273 @@
+PATH
+  remote: .
+  specs:
+    abide_dev_utils (0.9.3)
+      cmdparse (~> 3.0)
+      google-cloud-storage (~> 1.34)
+      hashdiff (~> 1.0)
+      jira-ruby (~> 2.1)
+      nokogiri (~> 1.11)
+      puppet (>= 6.23)
+      ruby-progressbar (~> 1.11)
+      selenium-webdriver (~> 4.0.0.beta4)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (7.0.1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    addressable (2.8.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    ast (2.4.2)
+    async (1.30.1)
+      console (~> 1.10)
+      nio4r (~> 2.3)
+      timers (~> 4.1)
+    async-http (0.56.5)
+      async (>= 1.25)
+      async-io (>= 1.28)
+      async-pool (>= 0.2)
+      protocol-http (~> 0.22.0)
+      protocol-http1 (~> 0.14.0)
+      protocol-http2 (~> 0.14.0)
+    async-http-faraday (0.11.0)
+      async-http (~> 0.42)
+      faraday
+    async-io (1.32.2)
+      async
+    async-pool (0.3.9)
+      async (>= 1.25)
+    atlassian-jwt (0.2.1)
+      jwt (~> 2.1)
+    childprocess (4.1.0)
+    cmdparse (3.0.7)
+    coderay (1.1.3)
+    concurrent-ruby (1.1.9)
+    console (1.14.0)
+      fiber-local
+    declarative (0.0.20)
+    deep_merge (1.2.2)
+    diff-lcs (1.5.0)
+    digest-crc (0.6.4)
+      rake (>= 12.0.0, < 14.0.0)
+    facter (4.2.7)
+      hocon (~> 1.3)
+      thor (>= 1.0.1, < 2.0)
+    faraday (1.9.3)
+      faraday-em_http (~> 1.0)
+      faraday-em_synchrony (~> 1.0)
+      faraday-excon (~> 1.1)
+      faraday-httpclient (~> 1.0)
+      faraday-multipart (~> 1.0)
+      faraday-net_http (~> 1.0)
+      faraday-net_http_persistent (~> 1.0)
+      faraday-patron (~> 1.0)
+      faraday-rack (~> 1.0)
+      faraday-retry (~> 1.0)
+      ruby2_keywords (>= 0.0.4)
+    faraday-em_http (1.0.0)
+    faraday-em_synchrony (1.0.0)
+    faraday-excon (1.1.0)
+    faraday-http-cache (2.2.0)
+      faraday (>= 0.8)
+    faraday-httpclient (1.0.1)
+    faraday-multipart (1.0.3)
+      multipart-post (>= 1.2, < 3)
+    faraday-net_http (1.0.1)
+    faraday-net_http_persistent (1.2.0)
+    faraday-patron (1.0.0)
+    faraday-rack (1.0.0)
+    faraday-retry (1.0.3)
+    fast_gettext (1.8.0)
+    fiber-local (1.0.0)
+    gem-release (2.2.2)
+    github_changelog_generator (1.16.4)
+      activesupport
+      async (>= 1.25.0)
+      async-http-faraday
+      faraday-http-cache
+      multi_json
+      octokit (~> 4.6)
+      rainbow (>= 2.2.1)
+      rake (>= 10.0)
+    google-apis-core (0.4.1)
+      addressable (~> 2.5, >= 2.5.1)
+      googleauth (>= 0.16.2, < 2.a)
+      httpclient (>= 2.8.1, < 3.a)
+      mini_mime (~> 1.0)
+      representable (~> 3.0)
+      retriable (>= 2.0, < 4.a)
+      rexml
+      webrick
+    google-apis-iamcredentials_v1 (0.10.0)
+      google-apis-core (>= 0.4, < 2.a)
+    google-apis-storage_v1 (0.11.0)
+      google-apis-core (>= 0.4, < 2.a)
+    google-cloud-core (1.6.0)
+      google-cloud-env (~> 1.0)
+      google-cloud-errors (~> 1.0)
+    google-cloud-env (1.5.0)
+      faraday (>= 0.17.3, < 2.0)
+    google-cloud-errors (1.2.0)
+    google-cloud-storage (1.36.0)
+      addressable (~> 2.8)
+      digest-crc (~> 0.4)
+      google-apis-iamcredentials_v1 (~> 0.1)
+      google-apis-storage_v1 (~> 0.1)
+      google-cloud-core (~> 1.6)
+      googleauth (>= 0.16.2, < 2.a)
+      mini_mime (~> 1.0)
+    googleauth (1.1.0)
+      faraday (>= 0.17.3, < 2.0)
+      jwt (>= 1.4, < 3.0)
+      memoist (~> 0.16)
+      multi_json (~> 1.11)
+      os (>= 0.9, < 2.0)
+      signet (>= 0.16, < 2.a)
+    hashdiff (1.0.1)
+    hiera (3.8.0)
+    hocon (1.3.1)
+    httpclient (2.8.3)
+    i18n (1.8.11)
+      concurrent-ruby (~> 1.0)
+    jira-ruby (2.2.0)
+      activesupport
+      atlassian-jwt
+      multipart-post
+      oauth (~> 0.5, >= 0.5.0)
+    jwt (2.3.0)
+    locale (2.1.3)
+    memoist (0.16.2)
+    method_source (1.0.0)
+    mini_mime (1.1.2)
+    mini_portile2 (2.7.1)
+    minitest (5.15.0)
+    multi_json (1.15.0)
+    multipart-post (2.1.1)
+    nio4r (2.5.8)
+    nokogiri (1.13.1)
+      mini_portile2 (~> 2.7.0)
+      racc (~> 1.4)
+    oauth (0.5.8)
+    octokit (4.22.0)
+      faraday (>= 0.9)
+      sawyer (~> 0.8.0, >= 0.5.3)
+    os (1.1.4)
+    parallel (1.21.0)
+    parser (3.1.0.0)
+      ast (~> 2.4.1)
+    protocol-hpack (1.4.2)
+    protocol-http (0.22.5)
+    protocol-http1 (0.14.2)
+      protocol-http (~> 0.22)
+    protocol-http2 (0.14.2)
+      protocol-hpack (~> 1.4)
+      protocol-http (~> 0.18)
+    pry (0.14.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    public_suffix (4.0.6)
+    puppet (7.13.1)
+      concurrent-ruby (~> 1.0)
+      deep_merge (~> 1.0)
+      facter (> 2.0.1, < 5)
+      fast_gettext (>= 1.1, < 3)
+      hiera (>= 3.2.1, < 4)
+      locale (~> 2.1)
+      multi_json (~> 1.10)
+      puppet-resource_api (~> 1.5)
+      scanf (~> 1.0)
+      semantic_puppet (~> 1.0)
+    puppet-resource_api (1.8.14)
+      hocon (>= 1.0)
+    racc (1.6.0)
+    rainbow (3.1.1)
+    rake (13.0.6)
+    regexp_parser (2.2.0)
+    representable (3.1.1)
+      declarative (< 0.1.0)
+      trailblazer-option (>= 0.1.1, < 0.2.0)
+      uber (< 0.2.0)
+    retriable (3.1.2)
+    rexml (3.2.5)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.1)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-support (3.10.3)
+    rubocop (1.24.1)
+      parallel (~> 1.10)
+      parser (>= 3.0.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml
+      rubocop-ast (>= 1.15.1, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.15.1)
+      parser (>= 3.0.1.1)
+    rubocop-i18n (3.0.0)
+      rubocop (~> 1.0)
+    rubocop-performance (1.13.1)
+      rubocop (>= 1.7.0, < 2.0)
+      rubocop-ast (>= 0.4.0)
+    rubocop-rspec (2.7.0)
+      rubocop (~> 1.19)
+    ruby-progressbar (1.11.0)
+    ruby2_keywords (0.0.5)
+    rubyzip (2.3.2)
+    sawyer (0.8.2)
+      addressable (>= 2.3.5)
+      faraday (> 0.8, < 2.0)
+    scanf (1.0.0)
+    selenium-webdriver (4.0.3)
+      childprocess (>= 0.5, < 5.0)
+      rexml (~> 3.2, >= 3.2.5)
+      rubyzip (>= 1.2.2)
+    semantic_puppet (1.0.4)
+    signet (0.16.0)
+      addressable (~> 2.8)
+      faraday (>= 0.17.3, < 2.0)
+      jwt (>= 1.5, < 3.0)
+      multi_json (~> 1.10)
+    thor (1.2.1)
+    timers (4.3.3)
+    trailblazer-option (0.1.2)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+    uber (0.1.0)
+    unicode-display_width (2.1.0)
+    webrick (1.7.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  abide_dev_utils!
+  bundler
+  console
+  fast_gettext (~> 1.8)
+  gem-release
+  github_changelog_generator
+  pry
+  rake
+  rspec (~> 3.10)
+  rubocop (~> 1.8)
+  rubocop-ast (~> 1.4)
+  rubocop-i18n (~> 3.0)
+  rubocop-performance (~> 1.9)
+  rubocop-rspec (~> 2.1)
+
+BUNDLED WITH
+   2.1.4

data/lib/abide_dev_utils/cli/comply.rb

@@ -71,6 +71,9 @@ module Abide
         options.on('--ignore [X,Y,Z]', Array, OPT_IGNORE_NODES) do |i|
           @data[:ignorelist] = i
         end
+        options.on('--page-source-on-error', 'Dump page source to file on error') do
+          @data[:page_source_on_error] = true
+        end
       end
 
       def help_arguments

data/lib/abide_dev_utils/cli/xccdf.rb

@@ -16,17 +16,64 @@ module Abide
         add_command(CmdParse::HelpCommand.new, default: true)
         add_command(XccdfToHieraCommand.new)
         add_command(XccdfDiffCommand.new)
+        add_command(XccdfGenMapCommand.new)
       end
     end
 
-    class XccdfToHieraCommand < CmdParse::Command
+    class XccdfGenMapCommand < AbideCommand
+      CMD_NAME = 'gen-map'
+      CMD_SHORT = 'Generates mappings from XCCDF files'
+      CMD_LONG = 'Generates mappings for CEM modules from 1 or more XCCDF files as YAML'
+      CMD_XCCDF_FILES_ARG = 'One or more paths to XCCDF files'
+      def initialize
+        super(CMD_NAME, CMD_SHORT, CMD_LONG, takes_commands: false)
+        argument_desc(XCCDF_FILES: CMD_XCCDF_FILES_ARG)
+        options.on('-b [TYPE]', '--benchmark-type [TYPE]', 'XCCDF Benchmark type CIS by default') do |b|
+          @data[:type] = b
+        end
+        options.on('-d [DIR]', '--files-output-directory [DIR]', 'Directory to save files data/mappings by default') do |d|
+          @data[:dir] = d
+        end
+        options.on('-q', '--quiet', 'Show no output in the terminal') { @data[:quiet] = true }
+        options.on('-p [PREFIX]', '--parent-key-prefix [PREFIX]', 'A prefix to append to the parent key') do |p|
+          @data[:parent_key_prefix] = p
+        end
+      end
+
+      def execute(*xccdf_files)
+        if @data[:quiet] && @data[:dir].nil?
+          AbideDevUtils::Output.simple("I don\'t know how to quietly output to the console\n¯\\_(ツ)_/¯")
+          exit 1
+        end
+        xccdf_files.each do |xccdf_file|
+          other_kwarg_syms = %i[type dir quiet parent_key_prefix]
+          other_kwargs = @data.reject { |k, _| other_kwarg_syms.include?(k) }
+          hfile = AbideDevUtils::XCCDF.gen_map(
+            File.expand_path(xccdf_file),
+            dir: @data[:dir],
+            type: @data.fetch(:type, 'cis'),
+            parent_key_prefix: @data.fetch(:parent_key_prefix, ''),
+            **other_kwargs
+          )
+          mapping_dir = File.dirname(hfile.keys[0]) unless @data[:dir].nil?
+          unless @data[:quiet] || @data[:dir].nil? || File.directory?(mapping_dir)
+            AbideDevUtils::Output.simple("Creating directory #{mapping_dir}")
+          end
+          FileUtils.mkdir_p(mapping_dir) unless @data[:dir].nil?
+          hfile.each do |key, val|
+            file_path = @data[:dir].nil? ? nil : key
+            AbideDevUtils::Output.yaml(val, console: @data[:dir].nil?, file: file_path)
+          end
+        end
+      end
+    end
+
+    class XccdfToHieraCommand < AbideCommand
       CMD_NAME = 'to-hiera'
       CMD_SHORT = 'Generates control coverage report'
       CMD_LONG = 'Generates report of valid Puppet classes that match with Hiera controls'
       def initialize
-        super(CMD_NAME, takes_commands: false)
-        short_desc(CMD_SHORT)
-        long_desc(CMD_LONG)
+        super(CMD_NAME, CMD_SHORT, CMD_LONG, takes_commands: false)
         options.on('-b [TYPE]', '--benchmark-type [TYPE]', 'XCCDF Benchmark type') { |b| @data[:type] = b }
         options.on('-o [FILE]', '--out-file [FILE]', 'Path to save file') { |f| @data[:file] = f }
         options.on('-p [PREFIX]', '--parent-key-prefix [PREFIX]', 'A prefix to append to the parent key') do |p|

data/lib/abide_dev_utils/comply.rb

@@ -135,6 +135,11 @@ module AbideDevUtils
         subject.find_element(**kwargs)
       end
 
+      def find_elements(subject = driver, **kwargs)
+        driver.manage.window.resize_to(1920, 1080)
+        subject.find_elements(**kwargs)
+      end
+
       def wait_on(timeout: @timeout,
                   ignore_nse: false,
                   quit_driver: true,
@@ -231,7 +236,7 @@ module AbideDevUtils
         error_text = wait_on(ignore_nse: true) { find_element(class: 'kc-feedback-text').text }
         return if error_text.nil? || error_text.empty?
 
-        raise ComplyLoginFailedError, error_text
+        raise AbideDevUtils::Comply::ComplyLoginFailedError, error_text
       end
 
       def filter_node_report_links(node_report_links)
@@ -301,6 +306,18 @@ module AbideDevUtils
         nstr
       end
 
+      def wait_on_element_and_increment(subject = driver, **element_id)
+        element = wait_on { find_element(subject, **element_id) }
+        progress.increment
+        element
+      end
+
+      def wait_on_elements_and_increment(subject = driver, **element_id)
+        elements = wait_on { find_elements(subject, **element_id) }
+        progress.increment
+        elements
+      end
+
       def scrape_report
         output.simple 'Building scan reports, this may take a while...'
         all_checks = {}
@@ -315,17 +332,14 @@ module AbideDevUtils
           progress.increment
           driver.switch_to.window driver.window_handles[1]
           driver.get(link_url)
-          wait_on { find_element(class: 'details-scan-info') }
-          progress.increment
-          wait_on { find_element(class: 'details-table') }
-          progress.increment
+          wait_on_element_and_increment(class: 'details-header')
+          wait_on_element_and_increment(class: 'details-scan-info')
+          wait_on_element_and_increment(class: 'details-table')
           report = { 'scan_results' => {} }
-          scan_info_table = find_element(class: 'details-scan-info')
-          scan_info_table_rows = scan_info_table.find_elements(tag_name: 'tr')
-          progress.increment
-          check_table_body = find_element(tag_name: 'tbody')
-          check_table_rows = check_table_body.find_elements(tag_name: 'tr')
-          progress.increment
+          scan_info_table = wait_on_element_and_increment(class: 'details-scan-info')
+          scan_info_table_rows = wait_on_elements_and_increment(scan_info_table, tag_name: 'tr')
+          check_table_body = wait_on_element_and_increment(tag_name: 'tbody')
+          check_table_rows = wait_on_elements_and_increment(check_table_body, tag_name: 'tr')
           scan_info_table_rows.each do |row|
             key = find_element(row, tag_name: 'h5').text
             value = find_element(row, tag_name: 'strong').text

data/lib/abide_dev_utils/errors/general.rb

@@ -53,5 +53,9 @@ module AbideDevUtils
     class NotHashableError < GenericError
       @default = 'Object does not respond to #to_hash or #to_h:'
     end
+
+    class CliOptionsConflict < GenericError
+      @default = "Console options conflict."
+    end
   end
 end

data/lib/abide_dev_utils/errors/xccdf.rb

@@ -20,5 +20,9 @@ module AbideDevUtils
     class ProfilePartsError < GenericError
       @default = 'Failed to extract parts from profile name:'
     end
+
+    class UnsupportedXCCDFError < GenericError
+      @default = "XCCDF type is unsupported!"
+    end
   end
 end

data/lib/abide_dev_utils/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module AbideDevUtils
-  VERSION = "0.8.0"
+  VERSION = "0.9.4"
 end

data/lib/abide_dev_utils/xccdf.rb

@@ -10,6 +10,17 @@ require 'abide_dev_utils/output'
 module AbideDevUtils
   # Contains modules and classes for working with XCCDF files
   module XCCDF
+    # Generate map for CEM
+    def self.gen_map(xccdf_file, **opts)
+      type = opts.fetch(:type, 'cis')
+      case type.downcase
+      when 'cis'
+        Benchmark.new(xccdf_file).gen_map(**opts)
+      else
+        raise AbideDevUtils::Errors::UnsupportedXCCDFError, "XCCDF type #{type} is unsupported!"
+      end
+    end
+
     # Converts and xccdf file to a Hiera representation
     def self.to_hiera(xccdf_file, opts)
       type = opts.fetch(:type, 'cis')
@@ -17,7 +28,7 @@ module AbideDevUtils
       when 'cis'
         Benchmark.new(xccdf_file).to_hiera(**opts)
       else
-        AbideDevUtils::Output.simple("XCCDF type #{type} is unsupported!")
+        raise AbideDevUtils::Errors::UnsupportedXCCDFError, "XCCDF type #{type} is unsupported!"
       end
     end
 
@@ -181,6 +192,8 @@ module AbideDevUtils
     class Benchmark
       include AbideDevUtils::XCCDF::Common
 
+      MAP_INDICES = %w[title hiera_title hiera_title_num number].freeze
+
       attr_reader :xml, :title, :version, :diff_properties
 
       def initialize(path)
@@ -218,6 +231,16 @@ module AbideDevUtils
         profiles.select { |x| x.title == profile_title }.controls
       end
 
+      def gen_map(dir: nil, type: 'CIS', parent_key_prefix: '', **_)
+        os, ver = facter_platform
+        mapping_dir = dir ? File.expand_path(File.join(dir, type, os, ver)) : ''
+        parent_key_prefix = '' if parent_key_prefix.nil?
+        MAP_INDICES.each_with_object({}) do |idx, h|
+          map_file_path = "#{mapping_dir}/#{idx}.yaml"
+          h[map_file_path] = map_indexed(index: idx, framework: type, key_prefix: parent_key_prefix)
+        end
+      end
+
       def find_cis_recommendation(name, number_format: false)
         profiles.each do |profile|
           profile.controls.each do |ctrl|
@@ -261,6 +284,23 @@ module AbideDevUtils
         controls.diff(other.controls)
       end
 
+      def map_indexed(index: 'title', framework: 'cis', key_prefix: '')
+        c_map = profiles.each_with_object({}) do |profile, obj|
+          obj[profile.level.downcase] = {} unless obj[profile.level.downcase].is_a?(Hash)
+          obj[profile.level.downcase][profile.title.downcase] = map_controls_hash(profile, index).sort_by { |k, _| k }.to_h
+        end
+
+        c_map['benchmark'] = { 'title' => title, 'version' => version }
+        mappings = [framework, index]
+        mappings.unshift(key_prefix) unless key_prefix.empty?
+        { mappings.join('::') => c_map }.to_yaml
+      end
+
+      def facter_platform
+        cpe = xpath('xccdf:Benchmark/xccdf:platform')[0]['idref'].split(':')
+        [cpe[4].split('_')[0], cpe[5].split('.')[0]]
+      end
+
       # Converts object to Hiera-formatted YAML
       # @return [String] YAML-formatted string
       def to_hiera(parent_key_prefix: nil, num: false, levels: [], titles: [], **_kwargs)
@@ -284,6 +324,29 @@ module AbideDevUtils
 
       private
 
+      def format_map_control_index(index, control)
+        case index
+        when 'hiera_title_num'
+          control.hiera_title(number_format: true)
+        when 'title'
+          resolve_control_reference(control).xpath('./xccdf:title').text
+        else
+          control.send(index.to_sym)
+        end
+      end
+
+      def map_controls_hash(profile, index)
+        profile.controls.each_with_object({}) do |ctrl, hsh|
+          control_array = MAP_INDICES.each_with_object([]) do |idx_sym, ary|
+            next if idx_sym == index
+
+            item = format_map_control_index(idx_sym, ctrl)
+            ary << item.to_s
+          end
+          hsh[format_map_control_index(index, ctrl)] = control_array.sort
+        end
+      end
+
       def parse(path)
         validate_xccdf(path)
         Nokogiri::XML.parse(File.open(File.expand_path(path))) do |config|

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: abide_dev_utils
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.9.4
 platform: ruby
 authors:
 - abide-team
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-10-14 00:00:00.000000000 Z
+date: 2022-01-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -313,15 +313,14 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- ".dockerignore"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
 - ".rubocop_todo.yml"
 - CHANGELOG.md
 - CODEOWNERS
-- Dockerfile
 - Gemfile
+- Gemfile.lock
 - LICENSE.txt
 - README.md
 - Rakefile
@@ -330,7 +329,6 @@ files:
 - bin/console
 - bin/setup
 - exe/abide
-- itests.rb
 - lib/abide_dev_utils.rb
 - lib/abide_dev_utils/cli.rb
 - lib/abide_dev_utils/cli/abstract.rb
@@ -388,7 +386,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: Helper utilities for developing compliance Puppet code

data/.dockerignore

@@ -1 +0,0 @@
-Gemfile.lock

data/Dockerfile

@@ -1,23 +0,0 @@
-FROM ruby:2.7.3-alpine
-
-ARG version
-
-RUN mkdir /extvol && \
-    apk update && \
-    apk add git build-base
-
-VOLUME /extvol
-
-WORKDIR /usr/src/app
-
-RUN mkdir -p ./lib/abide_dev_utils/
-COPY Gemfile abide_dev_utils.gemspec ./
-COPY lib/abide_dev_utils/version.rb lib/abide_dev_utils
-RUN bundle install
-
-COPY . .
-
-RUN bundle exec rake build && \
-    gem install pkg/abide_dev_utils-${version}.gem
-
-ENTRYPOINT [ "abide" ]

data/itests.rb

@@ -1,138 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-
-require 'json'
-require 'yaml'
-require 'abide_dev_utils/comply'
-require 'abide_dev_utils/ppt/api'
-
-OS_BENCHMARK_MAP = {
-  'centos-7' => 'CIS_CentOS_Linux_7_Benchmark_v3.1.1-xccdf.xml',
-  'centos-8' => 'CIS_CentOS_Linux_8_Benchmark_v1.0.1-xccdf.xml',
-  'rhel-7' => 'CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v3.1.1-xccdf.xml',
-  'rhel-8' => 'CIS_Red_Hat_Enterprise_Linux_8_Benchmark_v1.0.1-xccdf.xml',
-  'serv-2016' => 'CIS_Microsoft_Windows_Server_2016_RTM_(Release_1607)_Benchmark_v1.3.0-xccdf.xml',
-  'serv-2019' => 'CIS_Microsoft_Windows_Server_2019_Benchmark_v1.2.1-xccdf.xml'
-}
-EL_PROFILE_1_SERVER = 'xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Server'
-WIN_PROFILE_1_MS = 'xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Member_Server'
-NIX_SCAN_HASH = {
-  'nix-centos-7.c.team-sse.internal' => {
-    'benchmark' => OS_BENCHMARK_MAP['centos-7'],
-    'profile' => EL_PROFILE_1_SERVER
-  },
-  'nix-centos-8.c.team-sse.internal' => {
-    'benchmark' => OS_BENCHMARK_MAP['centos-8'],
-    'profile' => EL_PROFILE_1_SERVER
-  },
-  'nix-rhel-7.c.team-sse.internal' => {
-    'benchmark' => OS_BENCHMARK_MAP['rhel-7'],
-    'profile' => EL_PROFILE_1_SERVER
-  },
-  'nix-rhel-8.c.team-sse.internal' => {
-    'benchmark' => OS_BENCHMARK_MAP['rhel-8'],
-    'profile' => EL_PROFILE_1_SERVER
-  }
-}.freeze
-WIN_SCAN_HASH = {
-  'win-server-2016.c.team-sse.internal' => {
-    'benchmark' => OS_BENCHMARK_MAP['serv-2016'],
-    'profile' => EL_PROFILE_1_SERVER
-  },
-  'win-serv-2019.c.team-sse.internal' => {
-    'benchmark' => OS_BENCHMARK_MAP['serv-2019'],
-    'profile' => WIN_PROFILE_1_MS
-  }
-}.freeze
-
-scan_hash = ENV['ABIDE_OS'] == 'nix' ? NIX_SCAN_HASH : WIN_SCAN_HASH
-node_group_name = ENV['ABIDE_OS'] == 'nix' ? 'CEM Linux Nodes' : 'CEM Windows Nodes'
-
-puts 'Creating client...'
-client = AbideDevUtils::Ppt::ApiClient.new(ENV['PUPPET_HOST'], auth_token: ENV['PE_ACCESS_TOKEN'])
-puts 'Starting code deploy...'
-code_manager_deploy = client.post_codemanager_deploys('environments' => ['production'], 'wait' => true)
-raise 'Code manager deployment failed!' unless code_manager_deploy['status'] == 'complete'
-
-puts 'Code deploy successful...'
-puts 'Gathering node group ID...'
-node_groups = client.get_classifier1_groups
-node_group_id = nil
-node_groups.each { |x| node_group_id = x['id'] if x['name'] == node_group_name }
-raise 'Failed to find requested node group!' if node_group_id.nil?
-
-puts 'Running Puppet on nodes...'
-puppet_run = client.post_orchestrator_command_deploy('environment' => 'production', 'scope' => { 'node_group' => node_group_id })
-puts "Started job #{puppet_run['job']['name']}..."
-timeout = 0
-run_complete = false
-until run_complete || timeout >= 30
-  puts "Waiting on job #{puppet_run['job']['name']} to complete..."
-  status = client.get_orchestrator_jobs(puppet_run['job']['name'])
-  case status['state']
-  when 'failed'
-    raise "Job #{puppet_run['job']['name']} finished with failures!"
-  when 'finished'
-    run_complete = true
-    break
-  else
-    timeout += 1
-    sleep(10)
-  end
-end
-raise 'Job timed out waiting for completion' unless run_complete
-
-puts 'Starting node scans...'
-scan_job = client.post_orchestrator_command_task(
-  'environment' => 'production',
-  'task' => 'comply::ciscat_scan',
-  'params' => {
-    'comply_port' => '443',
-    'comply_server' => ENV['COMPLY_FQDN'],
-    'ssl_verify_mode' => 'none',
-    'scan_type' => 'desired',
-    'scan_hash' => JSON.generate(scan_hash)
-  },
-  'scope' => {
-    'node_group' => node_group_id
-  }
-)
-puts "Started scan #{scan_job['job']['name']}..."
-timeout = 0
-scan_complete = false
-until scan_complete || timeout >= 30
-  puts "Waiting on scan #{scan_job['job']['name']} to complete..."
-  status = client.get_orchestrator_jobs(scan_job['job']['name'])
-  case status['state']
-  when 'failed'
-    raise "Task #{scan_job['job']['name']} finished with failures!"
-  when 'finished'
-    scan_complete = true
-    break
-  else
-    timeout += 1
-    sleep(10)
-  end
-end
-raise 'Job timed out waiting for completion' unless scan_complete
-
-puts 'Collecting scan report from Comply...'
-onlylist = scan_hash.keys
-scan_report = AbideDevUtils::Comply.build_report("https://#{ENV['COMPLY_FQDN']}", ENV['COMPLY_PASSWORD'], nil, onlylist: onlylist)
-puts 'Saving report to nix_report.yaml...'
-File.open('nix_report.yaml', 'w') { |f| f.write(scan_report.to_yaml) }
-
-puts 'Comparing current report to last report...'
-opts = {
-  report_name: 'nix_report.yaml',
-  remote_storage: 'gcloud',
-  upload: true
-}
-result = AbideDevUtils::Comply.compare_reports(File.expand_path('./nix_report.yaml'), 'nix_report.yaml', opts)
-if result
-  puts 'Success!'
-  exit(0)
-else
-  puts 'Failure!'
-  exit(1)
-end