abide_dev_utils 0.18.7 → 0.18.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +2 -1
- data/Gemfile.lock +1 -1
- data/lib/abide_dev_utils/sce/benchmark.rb +1 -1
- data/lib/abide_dev_utils/sce/generate/reference.rb +8 -0
- data/lib/abide_dev_utils/version.rb +1 -1
- data/specifications/CEM-6541.md +111 -0
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2cb0e7cb6db8088427a363ca729869313ff57f0ebcdec8540682701fa2931215
|
|
4
|
+
data.tar.gz: c0e17b9d42924997146bf6b222ca39cab6ce6799b4d0bee4d0bd94186b0da307
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7a7eea4740d5d5a5c7429d8b6b474fe144f6e768117e9f00eed7d87ad76f9a8cfd8cde76ab9ca5e97ac224f99131872db21922036a1321d14d4eee2dab99665e
|
|
7
|
+
data.tar.gz: d1ffabdb664b9d431d2e0ed65c5d32442829359f8bcb2c866b6c3f89a8e44a224631bc40b85f90ff6ce31646fa22b68254f606f6d7e5394a43520a062ec328cc
|
data/.gitignore
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -222,7 +222,7 @@ module AbideDevUtils
|
|
|
222
222
|
def filtered_profiles_levels(prof: nil, lvl: nil)
|
|
223
223
|
return profiles_levels if (prof.nil? || prof.empty?) && (lvl.nil? || lvl.empty?)
|
|
224
224
|
if prof && lvl && !prof.empty? && !lvl.empty?
|
|
225
|
-
return profiles_levels_by_profile(prof)
|
|
225
|
+
return profiles_levels_by_profile(prof) & profiles_levels_by_level(lvl)
|
|
226
226
|
end
|
|
227
227
|
return profiles_levels_by_profile(prof) unless prof&.empty?
|
|
228
228
|
|
|
@@ -78,6 +78,7 @@ module AbideDevUtils
|
|
|
78
78
|
end
|
|
79
79
|
|
|
80
80
|
def generate(doc_title = 'Reference')
|
|
81
|
+
default_profile_for_sce_linux!
|
|
81
82
|
@strings = Strings.new(opts: @opts)
|
|
82
83
|
md.add_title(doc_title)
|
|
83
84
|
benchmarks.each do |benchmark|
|
|
@@ -121,6 +122,13 @@ module AbideDevUtils
|
|
|
121
122
|
private
|
|
122
123
|
|
|
123
124
|
attr_reader :benchmarks, :md
|
|
125
|
+
|
|
126
|
+
def default_profile_for_sce_linux!
|
|
127
|
+
return unless @module_name.split('-').last == 'sce_linux'
|
|
128
|
+
return unless @opts[:select_profile].nil? || @opts[:select_profile].empty?
|
|
129
|
+
|
|
130
|
+
@opts[:select_profile] = ['server']
|
|
131
|
+
end
|
|
124
132
|
end
|
|
125
133
|
|
|
126
134
|
class ConfigExampleError < StandardError; end
|
|
@@ -0,0 +1,111 @@
|
|
|
1
|
+
## Background
|
|
2
|
+
|
|
3
|
+
The `REFERENCE.md` generated for `sce_linux` on the Forge lists `workstation` profile entries for
|
|
4
|
+
many controls. SCE documentation explicitly states that only the `server` profile is supported;
|
|
5
|
+
`workstation` is neither tested nor supported.
|
|
6
|
+
|
|
7
|
+
Two bugs in `abide_dev_utils` cause this:
|
|
8
|
+
|
|
9
|
+
**Bug 1 — `filtered_profiles_levels` uses OR logic instead of AND (`benchmark.rb:225`).**
|
|
10
|
+
When both `--select-profile` (`-p`) and `--select-level` (`-l`) are passed, the method returns
|
|
11
|
+
the *union* of profile-filtered and level-filtered entries:
|
|
12
|
+
|
|
13
|
+
```ruby
|
|
14
|
+
return profiles_levels_by_profile(prof).concat(profiles_levels_by_level(lvl))
|
|
15
|
+
```
|
|
16
|
+
|
|
17
|
+
`profiles_levels_by_level` returns every profile at the requested levels — including
|
|
18
|
+
`workstation` — regardless of what was passed via `-p`. So even when running:
|
|
19
|
+
|
|
20
|
+
```
|
|
21
|
+
bundle exec abide sce generate reference -p server,classified,public,sensitive -l level_1,level_2,...
|
|
22
|
+
```
|
|
23
|
+
|
|
24
|
+
`workstation` entries at `level_1` and `level_2` are included because they are matched by the
|
|
25
|
+
level filter and then concatenated in.
|
|
26
|
+
|
|
27
|
+
**Bug 2 — No default profile filter for `sce_linux` when `-p` is omitted (`reference.rb`).**
|
|
28
|
+
When `abide sce generate reference` is run without `-p`, `@opts[:select_profile]` is `nil`.
|
|
29
|
+
`Control#filtered_profiles_levels` treats `nil` as "no filter", returning all profiles including
|
|
30
|
+
`workstation`.
|
|
31
|
+
|
|
32
|
+
## Change
|
|
33
|
+
|
|
34
|
+
**File:** `lib/abide_dev_utils/sce/benchmark.rb` (modified)
|
|
35
|
+
|
|
36
|
+
Change `concat` to array intersection (`&`) in `Control#filtered_profiles_levels` so that when
|
|
37
|
+
both `prof` and `lvl` are given, only entries matching *both* filters are returned:
|
|
38
|
+
|
|
39
|
+
```ruby
|
|
40
|
+
# before
|
|
41
|
+
return profiles_levels_by_profile(prof).concat(profiles_levels_by_level(lvl))
|
|
42
|
+
|
|
43
|
+
# after
|
|
44
|
+
return profiles_levels_by_profile(prof) & profiles_levels_by_level(lvl)
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
**File:** `lib/abide_dev_utils/sce/generate/reference.rb` (modified)
|
|
48
|
+
|
|
49
|
+
In `MarkdownGenerator#generate`, default `@opts[:select_profile]` to `['server']` for `sce_linux`
|
|
50
|
+
when no profile was explicitly provided. This covers invocations that omit `-p` entirely:
|
|
51
|
+
|
|
52
|
+
```ruby
|
|
53
|
+
def generate(doc_title = 'Reference')
|
|
54
|
+
if @module_name.split('-').last == 'sce_linux' &&
|
|
55
|
+
(@opts[:select_profile].nil? || @opts[:select_profile].empty?)
|
|
56
|
+
@opts[:select_profile] = ['server']
|
|
57
|
+
end
|
|
58
|
+
@strings = Strings.new(opts: @opts)
|
|
59
|
+
...
|
|
60
|
+
```
|
|
61
|
+
|
|
62
|
+
**File:** `spec/abide_dev_utils/sce/benchmark_spec.rb` (modified)
|
|
63
|
+
|
|
64
|
+
Add a test that verifies `filtered_profiles_levels` with both `prof` and `lvl` excludes profiles
|
|
65
|
+
not in the filter (i.e., does not include `workstation` when only `server` is requested).
|
|
66
|
+
|
|
67
|
+
**File:** `spec/abide_dev_utils/sce/generate/reference/markdown_generator_spec.rb` (new)
|
|
68
|
+
|
|
69
|
+
Unit tests for the `MarkdownGenerator` opts-defaulting behavior:
|
|
70
|
+
|
|
71
|
+
```ruby
|
|
72
|
+
RSpec.describe(AbideDevUtils::Sce::Generate::Reference::MarkdownGenerator) do
|
|
73
|
+
context 'with puppetlabs-sce_linux and no select_profile' do
|
|
74
|
+
it 'defaults select_profile to server' do ...
|
|
75
|
+
end
|
|
76
|
+
context 'with puppetlabs-sce_linux and explicit select_profile' do
|
|
77
|
+
it 'does not override select_profile' do ...
|
|
78
|
+
end
|
|
79
|
+
context 'with a non-sce_linux module and no select_profile' do
|
|
80
|
+
it 'does not set a default select_profile' do ...
|
|
81
|
+
end
|
|
82
|
+
end
|
|
83
|
+
```
|
|
84
|
+
|
|
85
|
+
**File:** `lib/abide_dev_utils/version.rb` (modified)
|
|
86
|
+
|
|
87
|
+
Bump version from `0.18.7` to `0.18.8`.
|
|
88
|
+
|
|
89
|
+
## Functional behavior
|
|
90
|
+
|
|
91
|
+
After these changes:
|
|
92
|
+
|
|
93
|
+
- Running with both `-p server,...` and `-l level_1,...` returns only controls that match both
|
|
94
|
+
filters — `workstation` entries at the requested levels are no longer included.
|
|
95
|
+
- Running without `-p` against `sce_linux` defaults the profile filter to `['server']`, so
|
|
96
|
+
`workstation` entries are excluded in that case too.
|
|
97
|
+
- Passing `-p server,workstation` explicitly still includes `workstation` (escape hatch preserved).
|
|
98
|
+
|
|
99
|
+
## Non-goals
|
|
100
|
+
|
|
101
|
+
- Removing `workstation` profile data from the `sce_linux` mapping YAML files.
|
|
102
|
+
- Applying the `sce_linux` default profile to `sce_windows` (separate ticket if needed).
|
|
103
|
+
|
|
104
|
+
## Acceptance criteria
|
|
105
|
+
|
|
106
|
+
- [ ] Running `bundle exec abide sce generate reference -p server,classified,public,sensitive -l level_1,level_2,mac-1,mac-2,mac-3` against `sce_linux` produces a REFERENCE.md with no `workstation` entries.
|
|
107
|
+
- [ ] Running `bundle exec abide sce generate reference` against `sce_linux` without `-p` produces a REFERENCE.md with no `workstation` entries.
|
|
108
|
+
- [ ] Running with `-p server,workstation` still includes `workstation` entries (escape hatch not broken).
|
|
109
|
+
- [ ] `bundle exec rspec spec/abide_dev_utils/sce/benchmark_spec.rb` passes including the new `filtered_profiles_levels` intersection test.
|
|
110
|
+
- [ ] `bundle exec rspec spec/abide_dev_utils/sce/generate/reference/markdown_generator_spec.rb` passes with all three unit tests.
|
|
111
|
+
- [ ] `lib/abide_dev_utils/version.rb` reads `VERSION = "0.18.8"`.
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: abide_dev_utils
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.18.
|
|
4
|
+
version: 0.18.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- abide-team
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2026-06-
|
|
11
|
+
date: 2026-06-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nokogiri
|
|
@@ -468,6 +468,7 @@ files:
|
|
|
468
468
|
- lib/abide_dev_utils/xccdf/parser/objects/numbered_object.rb
|
|
469
469
|
- lib/abide_dev_utils/xccdf/utils.rb
|
|
470
470
|
- new_diff.rb
|
|
471
|
+
- specifications/CEM-6541.md
|
|
471
472
|
- specifications/CEM-6763.md
|
|
472
473
|
homepage: https://github.com/puppetlabs/abide_dev_utils
|
|
473
474
|
licenses:
|
|
@@ -492,7 +493,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
492
493
|
- !ruby/object:Gem::Version
|
|
493
494
|
version: '0'
|
|
494
495
|
requirements: []
|
|
495
|
-
rubygems_version: 3.
|
|
496
|
+
rubygems_version: 3.5.22
|
|
496
497
|
signing_key:
|
|
497
498
|
specification_version: 4
|
|
498
499
|
summary: Helper utilities for developing compliance Puppet code
|