cem_data_processor 1.1.1

data/lib/cem_data_processor/parser.rb

@@ -0,0 +1,741 @@
+# frozen_string_literal: true
+
+require 'deep_merge'
+require 'rgl/adjacency'
+require 'rgl/topsort'
+require 'rgl/traversal'
+require 'set'
+
+module CemDataProcessor
+  # This module contains the logic for creating resource data from Hiera data.
+  module Parser
+    MAP_TYPES = %w[hiera_title hiera_title_num number title].freeze
+    METAPARAMS = %w[dependent before require subscribe notify].freeze
+
+    # Parse Hiera data into a resource data Hash
+    # @param hiera_data [Hash] Hiera data to parse
+    # @param control_maps [Array] Control maps to use
+    # @return [Hash] Parsed resource data
+    def self.parse(hiera_data, control_maps, control_configs: {}, ignore: [], only: [])
+      ResourceDataParser.new(
+        hiera_data,
+        control_maps,
+        control_configs: control_configs,
+        ignore: ignore,
+        only: only
+      ).parse
+    end
+
+    # This module handles data validation for the CIS data parser
+    module Validation
+      # Validates the hiera_data parameter and either raises an ArgumentError or returns the hiera_data parameter.
+      # @param hiera_data [Hash] The Hiera data to be parsed.
+      # @return [Hash] The Hiera data to be parsed.
+      # @raise [ArgumentError] If the hiera_data parameter is not a non-empty Hash.
+      def validate_hiera_data(hiera_data)
+        return hiera_data if hiera_data == :no_params
+
+        unless not_nil_or_empty?(hiera_data) && hiera_data.is_a?(Hash)
+          raise ArgumentError, 'hiera_data must be a non-nil, non-empty Hash'
+        end
+
+        hiera_data
+      end
+
+      # Validates the control_maps parameter and either raises an ArgumentError or returns the control_maps parameter.
+      # @param control_maps [Array] The control maps to be parsed.
+      # @return [Array] The control maps to be parsed.
+      # @raise [ArgumentError] If the control_maps parameter is not a non-empty Array of Hashes.
+      def validate_control_maps(control_maps)
+        unless not_nil_or_empty?(control_maps) && array_of_hashes?(control_maps)
+          raise ArgumentError, 'control_maps must be a non-nil, non-empty Array of Hashes'
+        end
+
+        control_maps
+      end
+
+      # Checks if the value is not nil or empty.
+      # @param value [Any] The value to be checked.
+      # @return [Boolean] True if the value is not nil or empty, false otherwise.
+      def not_nil_or_empty?(value)
+        !value.nil? && !value.empty?
+      end
+
+      # Checks if the value is an Array of Hashes.
+      # @param value [Any] The value to be checked.
+      # @return [Boolean] True if the value is an Array of Hashes, false otherwise.
+      def array_of_hashes?(value)
+        value.is_a?(Array) && value.all? { |h| h.is_a?(Hash) }
+      end
+    end
+
+    # Parser class for resource Hiera data.
+    # rubocop:disable Metrics/ClassLength
+    class ResourceDataParser
+      include Validation
+      attr_reader :hiera_data, :control_maps, :resources
+
+      def initialize(hiera_data, control_maps, control_configs: {}, ignore: [], only: [])
+        @hiera_data = validate_hiera_data(hiera_data)
+        @control_maps = validate_control_maps(control_maps)
+        @control_configs = control_configs
+        @ignore = ignore
+        @only = only
+        @resources = RGL::DirectedAdjacencyGraph.new
+        @controls = Set.new
+        @filtered = Set.new
+        @dependent = {}
+      end
+
+      # Parse the Hiera data into a Hash used by Puppet to create the resources.
+      # The way this works is by first creating a DAG and adding all resources to the graph
+      # as vertices, with an edge for each resource pointing from a dummy node, :root, to the
+      # resource. We then add edges to the graph based on the `before_me` and `after_me` lists
+      # of each resource and remove the :root-connected edges for each resource that has a
+      # `before_me` list, and remove the :root-connected edges for each resource in a `after_me`
+      # list. Finally, we sort the graph into an Array populated with a single Hash of ordered
+      # resources and return that Hash.
+      # @return [Array] A sorted array of resource hashes.
+      # rubocop:disable Metrics/MethodLength
+      def parse
+        @hiera_data.each do |name, data|
+          resource = CemDataProcessor::Parser.new_resource(name, data, @control_maps)
+          add_control_names(resource)
+          add_dependent_mapping(resource) # Map any controls this resource depends on
+          @resources.add_vertex(resource) # Add all the resources to the graph
+          @resources.add_edge(:root, resource) # Establish the root -> resource edges
+          add_edge_ordering(resource) # Add resource ordering edges
+        end
+        # If the resource should be filtered (i.e. only or ignore), remove it from the graph.
+        filter_resources!
+        # Verify that all dependent resources are in the graph, remove them if not.
+        remove_unsatisfied_dependents!
+        # Sort the graph and return the array of ordered resource hashes
+        sort_resources.map do |r|
+          r.add_control_configs(@control_configs)
+          resource_data(r)
+        end
+      end
+      # rubocop:enable Metrics/MethodLength
+
+      private
+
+      # Adds control neames for the given resource to the @controls set.
+      # @param resource [Resource] The resource to add control names for.
+      def add_control_names(resource)
+        return unless resource.controls
+
+        @controls.merge(resource.control_names).flatten!
+        @controls.merge(resource.mapped_control_names).flatten!
+      end
+
+      # Calls the given Resource's `resource_data` method, filters out any resource references
+      # in metaparameters that references filtered resources, and returns the result.
+      # @param resource [Resource] The resource to be filtered.
+      # @return [Hash] The filtered resource data.
+      # rubocop:disable Metrics/MethodLength, Metrics/CyclomaticComplexity
+      def resource_data(resource)
+        data = resource.resource_data.dup
+        data.each do |_, res_data|
+          res_data.each do |_, params|
+            METAPARAMS.each do |param|
+              next unless params.key?(param)
+
+              params[param].reject! { |r| @filtered.to_a.map(&:resource_reference).include?(r) }
+              params.delete(param) if params[param].empty?
+            end
+          end
+        end
+        data
+      end
+      # rubocop:enable Metrics/MethodLength, Metrics/CyclomaticComplexity
+
+      # Removes Resources from the graph if they should be filtered.
+      def filter_resources!
+        @resources.depth_first_search do |resource|
+          next if resource == :root
+
+          if filter_resource?(resource)
+            @resources.remove_vertex(resource) # Remove resource's graph vertex
+            @filtered.add(resource) # Add resource to filtered set
+          end
+        end
+      end
+
+      # Checks whether the resource should be filtered out based on the ignore and only lists.
+      # @param resource [Resource] The resource to check.
+      # @return [Boolean] True if the resource should be filtered out, false otherwise.
+      def filter_resource?(resource)
+        return true if control_in?(resource, @ignore)
+        return true unless @only.empty? || control_in?(resource, @only)
+
+        false
+      end
+
+      # Adds a mapping for a dependent control and the resources that depend on it.
+      # @param resource [Resource] The resource to add the mapping for.
+      def add_dependent_mapping(resource)
+        return unless resource.dependent
+
+        resource.dependent.each do |control_name|
+          @dependent[control_name] = [] unless @dependent.key?(control_name)
+          @dependent[control_name] << resource
+        end
+      end
+
+      # Checks the dependent controls against all controls after filtered resource controls are removed
+      # and removes any dependent resources that are not satisfied.
+      # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
+      def remove_unsatisfied_dependents!
+        dependent_set = Set.new(@dependent.keys)
+        filtered_set = Set.new(@filtered.to_a.map(&:control_names)).flatten
+        filtered_mapped = Set.new(@filtered.to_a.map(&:mapped_control_names)).flatten
+
+        all_controls = @controls.subtract(filtered_set + filtered_mapped)
+        return if dependent_set.proper_subset?(all_controls) # All dependent controls exist in the graph
+
+        (dependent_set - all_controls).each do |control_name|
+          @dependent[control_name].each do |resource|
+            @resources.remove_vertex(resource)
+            @filtered.add(resource)
+          end
+        end
+      end
+      # rubocop:enable Metrics/MethodLength, Metrics/AbcSize
+
+      # Gets all verticies in the graph that have the associated control
+      # @param control_name [String] The name of the control to check.
+      # @return [Array] The verticies that have the associated control.
+      def collect_verticies_by_control(control_name)
+        @resources.vertices.select { |r| r.control?(control_name) }
+      end
+
+      # Checks if the given Resource has a control in the given list.
+      # @param resource [Resource] The resource to check.
+      # @param control_list [Array] The list of controls to check against.
+      # @return [Boolean] True if the resource is in the control list, false otherwise.
+      def control_in?(resource, control_list)
+        return false if control_list.empty?
+
+        control_list.each do |ignored_control|
+          return true if resource.control?(ignored_control)
+        end
+        false
+      end
+
+      # Adds edges to the graph based on the given Resource's `before_me` and `after_me` lists.
+      # @param resource [Resource] The Resource to add edges for.
+      def add_edge_ordering(resource)
+        add_before_me_edge(resource)
+        add_after_me_edge(resource)
+      end
+
+      # Adds edges to the graph based on the given Resource's `before_me` list.
+      # @param resource [Resource] The Resource to add edges for.
+      def add_before_me_edge(resource)
+        resource.before_me.flatten.each do |before|
+          next unless before # Skip if this `before` is nil, empty, or falsy (e.g. false, 0, etc.)
+          next if before.equal?(resource) # Skip if this `before` is the same as the current resource
+
+          # We remove the edge from root to this resource if it exists because this resource is no longer
+          # attached to the root of the graph as it has other resources before it.
+          @resources.remove_edge(:root, resource) if @resources.has_edge?(:root, resource)
+          # Add the edge from the before resource to this resource
+          @resources.add_edge(before, resource) unless @resources.has_edge?(before, resource)
+        end
+      end
+
+      # Adds edges to the graph based on the given Resource's `after_me` list.
+      # @param resource [Resource] The Resource to add edges for.
+      def add_after_me_edge(resource)
+        resource.after_me.flatten.each do |after|
+          next unless after # Skip if this `after` is nil, empty, or falsy (e.g. false, 0, etc.)
+          next if after.equal?(resource) # Skip if this `after` is the same as the current resource
+
+          # We remove the edge from root to the `after` resource if it exists because the `after` resource
+          # is no longer attached to the root of the graph as this resources comes before it.
+          @resources.remove_edge(:root, after) if @resources.has_edge?(:root, after)
+          # Add the edge from this resource to the after resource
+          @resources.add_edge(resource, after) unless @resources.has_edge?(resource, after)
+        end
+      end
+
+      # This method validates that the resources graph has no cycles and then returns a topological sort of the graph
+      # as an Array of Resource objects.
+      # @return [Array] The sorted Resources.
+      # @raise [ArgumentError] If the resources graph has any cycles.
+      def sort_resources
+        raise "Resource cyclic ordering detected: #{@resources.cycles}" unless @resources.acyclic?
+
+        # We call topsort on the graph to get the sorted list of resources, convert it to an array, and
+        # remove the root node.
+        @resources.topsort_iterator.to_a.flatten.uniq.reject { |r| r == :root }
+      end
+    end
+    # rubocop:enable Metrics/ClassLength
+
+    # This class holds all base attributes and methods for every syntax object.
+    # rubocop:disable Metrics/ClassLength
+    class ProcessorObject
+      include Validation
+      attr_reader :name, *METAPARAMS.map(&:to_sym)
+
+      def initialize(name, data, control_maps)
+        @name = name
+        @data = validate_hiera_data(data)
+        @control_maps = validate_control_maps(control_maps)
+        @dependent = Set.new
+        initialize_metaparams(@data, @control_maps)
+      end
+
+      # Determines if the name supplied is equal to the name of the object.
+      # This is overridden by subclasses to implement name mapped matches.
+      # @param name [String] The name to be compared to the object's name.
+      # @return [Boolean] True if the name is equal to the object's name, false otherwise.
+      def name?(_name)
+        raise NotImplementedError, 'This method must be implemented by a subclass'
+      end
+
+      # Abstract method to be implemented by subclasses.
+      # Returns a representation of this object as a Hash usable by Puppet's
+      # create_resources function.
+      def resource_data
+        raise NotImplementedError, 'This method must be implemented by a subclass'
+      end
+
+      # Returns any Resource objects that must be ordered before this object.
+      # @return [Array] The Resources that must be ordered before this object.
+      def before_me
+        defined?(@before_me) ? @before_me : initialize_before_me
+      end
+
+      # Returns any Resource objects that must be ordered after this object.
+      # @return [Array] The Resources that must be ordered after this object.
+      def after_me
+        defined?(@after_me) ? @after_me : initialize_after_me
+      end
+
+      # Converts this object to a String.
+      # @return [String] The class and name of this object.
+      def to_s
+        "#{self.class.name}('#{@name}')"
+      end
+
+      # Gives a more detailed String representation of this object.
+      # @return [String] The class, object id, and name of this object.
+      def inspect
+        "#<#{self.class.name}:#{object_id} '#{@name}'>"
+      end
+
+      private
+
+      # This method normalizes an array of Resources, or anything really, by
+      # flattening it, removing any nil values, removing any duplicates, and
+      # rejecting any empty objects if they respond to `empty?`. It then
+      # returns the new array.
+      # @param resources [Array] The array of Resources to be normalized.
+      # @return [Array] The normalized array of Resources.
+      def normalize_resource_array(array)
+        array.flatten.compact.uniq.reject { |r| r.empty? if r.respond_to?(:empty?) }
+      end
+
+      # This method normalizes an array of Resources, or anything really, by
+      # flattening it, removing any nil values, removing any duplicates, and
+      # rejecting any empty objects if they respond to `empty?`. It does this
+      # in place, directly modifying the input array.
+      # @param resources [Array] The array of Resources to be normalized.
+      def normalize_resource_array!(array)
+        array.flatten!
+        array.compact!
+        array.uniq!
+        array.reject! { |r| r.empty? if r.respond_to?(:empty?) }
+      end
+
+      # Initializes any relevant metaparameters based on the data supplied.
+      # @param data [Hash] The resource data to be parsed.
+      # @param control_maps [Array] The control maps to be used.
+      def initialize_metaparams(data, control_maps)
+        METAPARAMS.each do |param|
+          metaparam_data = data == :no_params ? {} : data[param]
+          raw_mdata = data == :no_params ? {} : data
+          value, bool_value = parse_metaparam(metaparam_data, control_maps)
+          raw_value, raw_bool_value = parse_raw_metaparam(raw_mdata, param)
+          set_metaparam_instance_vars(param, value, raw_value)
+          define_metaparam_bool_methods(param, raw_bool_value, bool_value)
+        end
+      end
+
+      # Initilizes the before_me instance variable with a list of Resources
+      # that must be ordered before this object.
+      # @return [Array] The list of Resources that must be ordered before this object.
+      def initialize_before_me
+        ctrls = @controls ? calculate_ordered_controls('before_me') : []
+        this = calculate_self_ordering('require', 'subscribe')
+        @before_me = normalize_resource_array(this.concat(ctrls))
+        @before_me
+      end
+
+      # Initializes the after_me instance variable with a list of Resources
+      # that must be ordered after this object.
+      # @return [Array] The list of Resources that must be ordered after this object.
+      def initialize_after_me
+        ctrls = @controls ? calculate_ordered_controls('after_me') : []
+        this = calculate_self_ordering('notify', 'subscribe')
+        @after_me = normalize_resource_array(this.concat(ctrls))
+        @after_me
+      end
+
+      # This method adds the supplied Resource to the inverse ordering list of this
+      # object based on the supplied metaparameter. This method is never directly used
+      # by an object on itself, rather it is called by other objects when they establish
+      # ordering relationships with this object. Because this method is private, other
+      # objects must use `send` to call it.
+      # @param metaparam [String] The metaparameter to inverse
+      # @param resource [Resource] The Resource to be added to the inverse ordering list.
+      def add_inverse_ordered_resource(metaparam, resource)
+        if %w[require subscribe].include?(metaparam)
+          add_after_me(resource)
+        elsif %w[before notify].include?(metaparam)
+          add_before_me(resource)
+        end
+      end
+
+      # This method calculates the ordering of this object based on the
+      # ordering of the controls that are defined for this object.
+      # @param order_function [String] The function to use to calculate the ordering (before_me or after_me).
+      # @return [Array] The list of Resources gathered from the order function return of all controls.
+      def calculate_ordered_controls(order_function)
+        @controls.each_with_object([]) do |control, ary|
+          ary << control.send(order_function.to_sym)
+        end
+      end
+
+      # This method calculates the ordering of this object based on the
+      # the supplied metaparameters. This function is used with "like pairs"
+      # of metaparameters, such as "require" and "subscribe".
+      # @param metaparameters [Array] The metaparameters to use to calculate the ordering.
+      # @return [Array] The list of Resources gathered from this object's metaparameters.
+      def calculate_self_ordering(*metaparams)
+        ordered = metaparams.each_with_object([]) do |mparam, ary|
+          next unless send("#{mparam}?".to_sym)
+
+          ordered_resources = send(mparam.to_sym)
+          ordered_resources.each { |r| r.send(:add_inverse_ordered_resource, mparam, self) }
+
+          ary << ordered_resources
+        end
+        normalize_resource_array(ordered)
+      end
+
+      # Returns appropriate values for instance variables of the given metaparam based off the supplied value.
+      # @param value [Array] The metaparameter declaration value from Hiera.
+      # @param control_maps [Array] The relevant control maps used in Resource creation.
+      # @return [Array] Values for the instance variables of the given metaparam. The order of the values
+      #   is: Resource collection value, boolean value.
+      def parse_metaparam(value, control_maps)
+        return [nil, false] unless not_nil_or_empty?(value)
+
+        return parse_dependent_param(value) if value.is_a?(Array)
+
+        objects = value.each_with_object([]) do |(k, v), a|
+          a << CemDataProcessor::Parser.new_resource(k, v, control_maps)
+        end
+        [normalize_resource_array(objects), !objects.empty?]
+      end
+
+      # Adds a each dependent control from a list of dependent controls to the
+      # @dependent instance variable.
+      # @param value [Array] The dependent controls to be added to the @dependent instance variable.
+      def parse_dependent_param(value)
+        value.each { |x| @dependent.add(x) }
+      end
+
+      # Returns appropriate raw value for instance variables of the given metaparam based off the supplied value.
+      # The raw value is the text values for the metaparameter declaration supplied via the resource data.
+      # @param data [Hash] The resource data to be parsed.
+      # @param param [String] The metaparameter to be parsed.
+      # @return [Array] Values for the instance variables of the given metaparam. The order of the values
+      #   is: raw value, boolean raw value.
+      def parse_raw_metaparam(data, param)
+        raw_value = data.fetch(param, nil)
+        [raw_value, (!raw_value.nil? && !raw_value.empty?)]
+      end
+
+      # Sets the instance variables of the given metaparam based off the supplied values.
+      # @param param [String] The metaparameter to be set.
+      # @param value [Array] The Resource value to be set.
+      # @param raw_value [Array] The raw value to be set.
+      def set_metaparam_instance_vars(param, value, raw_value)
+        instance_variable_set("@#{param}", value)
+        instance_variable_set("@#{param}_raw", raw_value)
+      end
+
+      # Defines singleton methods for this instance of ProcessorObject that are used to determine
+      # if the metaparameter is set.
+      # @param param [String] The metaparameter that will have boolean methods defined.
+      # @param raw_value [Boolean] The boolean value for the <metaparam>_raw? method.
+      # @param value [Boolean] The boolean value for the <metaparam>? method.
+      def define_metaparam_bool_methods(param, raw_value, value)
+        define_singleton_method("#{param}_raw?".to_sym) { raw_value }
+        define_singleton_method("#{param}?".to_sym) { value }
+      end
+
+      # Returns the mapped names for the given control identifier.
+      # @param identifier [String] The control identifier to be mapped.
+      # @return [Array] The mapped names for the given control identifier.
+      def find_mapped_names(identifier)
+        @control_maps.each do |control_map|
+          return control_map[identifier] if control_map.include?(identifier)
+        end
+        []
+      end
+    end
+
+    # This class represents a single control in the data structure.
+    class Control < ProcessorObject
+      attr_reader :mapped_names, :params, :param_names, :resource_params
+
+      def initialize(name, data, control_maps)
+        super(name, data, control_maps)
+        @mapped_names = find_mapped_names(@name)
+        @params = @data == :no_params ? {} : @data
+        @resource_params = @data == :no_params ? {} : @data.reject { |k, _v| METAPARAMS.include?(k) }
+        @param_names = @data == :no_params ? Set.new : Set.new(@params.keys)
+      end
+
+      def name?(name)
+        @name == name || @mapped_names.include?(name)
+      end
+
+      def param?(param_name)
+        @param_names.include?(param_name)
+      end
+
+      def param(param_name)
+        @params[param_name]
+      end
+
+      def resource_data
+        @resource_params
+      end
+    end
+    # rubocop:enable Metrics/ClassLength
+
+    # This class represents a single Puppet resource (class, defined type, etc.)
+    class Resource < ProcessorObject
+      attr_reader :name, :type, :controls, :control_names, :mapped_control_names
+
+      def initialize(name, data, control_maps)
+        super(name, data, control_maps)
+        @type = @data['type']
+        @controls = create_control_classes(@data['controls'])
+        @control_names = Set.new(@controls.map(&:name)).flatten
+        @mapped_control_names = Set.new(@controls.map(&:mapped_names).flatten).flatten
+        initialize_control_metaparams
+      end
+
+      # Adds overriding parameter values to controls in this resource
+      # if this resource has a matching control.
+      # @param data [Hash] The resource data to be parsed.
+      def add_control_configs(control_configs)
+        control_configs.each do |control, configs|
+          next unless control?(control)
+
+          @controls.each do |control_class|
+            next unless control_class.name?(control)
+
+            control_class.resource_params.deep_merge!(configs)
+          end
+        end
+      end
+
+      # Outputs a representation of this object as a Hash usable by Puppet's
+      # create_resources function.
+      def resource_data
+        control_params = control_parameters
+        METAPARAMS.each do |mparam|
+          next if mparam == 'dependent'
+
+          refs = resource_references(mparam, control_params)
+          next if refs.nil?
+
+          control_params[mparam] = refs
+        end
+        { @type => { @name => control_params } }
+      end
+
+      # This method returns a string representation of this Resource in the resource reference
+      # format used by Puppet.
+      # @return [String] A string representation of this Resource in the resource reference format.
+      def resource_reference
+        type_ref = @type.split('::').map(&:capitalize).join('::')
+        "#{type_ref}['#{@name}']"
+      end
+
+      # This method checks if this Resource contains the given control.
+      # @param control [String] The control to be checked.
+      # @return [Boolean] True if this Resource contains the given control, false otherwise.
+      def control?(control_name)
+        @control_names.include?(control_name) || @mapped_control_names.include?(control_name)
+      end
+
+      # This method checks if this Resource contains the given parameter.
+      # @param param_name [String] The parameter to be checked.
+      # @return [Boolean] True if this Resource contains the given parameter, false otherwise.
+      def param?(param_name)
+        if param_name.respond_to?(:each)
+          param_name.all? { |name| param?(name) }
+        else
+          @param_names.include?(param_name)
+        end
+      end
+
+      private
+
+      # This method gathers the resource data for each control this Resource contains.
+      # @return [Hash] The resource data for each control this Resource contains.
+      def control_parameters
+        @controls.each_with_object({}) do |control, h|
+          h.deep_merge(control.resource_data)
+        end
+      end
+
+      # This method gets the resource references for the given metaparameter and control parameters.
+      # @param mparam [String] The metaparameter to be checked.
+      # @param control_params [Hash] The control parameters to be checked.
+      # @return [Array] The resource references for the given metaparameter and control parameters.
+      # @return [nil] If the given metaparameter is not set on this Resource.
+      def resource_references(mparam, control_params)
+        # rubocop:disable Style/RedundantSelf
+        # we use self here because `require` is a metaparam and we don't want to
+        # call `Kernel#require` accidentally.
+        this_mparam = self.send(mparam.to_sym)
+        # rubocop:enable Style/RedundantSelf
+        return if this_mparam.nil? || this_mparam.compact.empty?
+
+        if control_params.key?(mparam)
+          control_params[mparam].concat(this_mparam.map(&:resource_reference))
+        else
+          this_mparam.map(&:resource_reference)
+        end
+      end
+
+      # Adds a Resource to the before_me list.
+      # @param resource [Resource] The Resource to be added to the before_me list.
+      def add_before_me(resource)
+        before_me.append(resource)
+      end
+
+      # Adds a Resource to the after_me list.
+      # @param resource [Resource] The Resource to be added to the after_me list.
+      def add_after_me(resource)
+        after_me.append(resource)
+      end
+
+      # Initializes all metaparameter values of all controls that this Resource contains
+      # and brings those values into the scope of this Resource. Also initializes the
+      # @before_me and @after_me instance variables.
+      def initialize_control_metaparams
+        METAPARAMS.each { |mparam| initialize_control_metaparameter(mparam) }
+        @before_me = initialize_before_me
+        @after_me = initialize_after_me
+      end
+
+      # Initializes a single supplied metaparameter for all controls that this Resource
+      # contains and brings those values into the scope of this Resource.
+      # @param mparam [String] The metaparameter to be initialized.
+      def initialize_control_metaparameter(mparam)
+        ctrl_objects = @controls.map { |c| c.send(mparam.to_sym) }.flatten
+        return if ctrl_objects.empty?
+
+        current_objects = instance_variable_get("@#{mparam}") || []
+        all_meta_objects = ctrl_objects.concat(current_objects)
+        instance_variable_set("@#{mparam}", all_meta_objects.flatten.compact.uniq)
+        define_singleton_method("#{mparam}?".to_sym) { all_meta_objects.any? }
+      end
+
+      # Creates a new Control class for each control in the data structure if that Control class
+      # does not already exist in the cache.
+      # @param control_data [Array] The control data of the resource from the Hiera data.
+      def create_control_classes(control_data)
+        case control_data.class.to_s
+        when 'Hash'
+          control_data.map { |cname, cdata| CemDataProcessor::Parser.new_control(cname, cdata, @control_maps) }
+        when 'Array'
+          control_data.map { |cname| CemDataProcessor::Parser.new_control(cname, :no_params, @control_maps) }
+        else
+          raise ArgumentError, "Cannot create control because control data is not the expected type. Data type is #{control_data.class}"
+        end
+      end
+    end
+
+    class << self
+      # Creates a new Resource object. If an object with the same resource name, resource data, and control maps
+      # already exists, it will be returned instead of creating a new one.
+      # @param resource_name [String] The name of the resource.
+      # @param resource_data [Hash] The data for the resource.
+      # @param control_maps [Array] The control maps for the resource.
+      # @return [Resource] The new or cached Resource object.
+      def new_resource(resource_name, resource_data, control_maps)
+        cache_key = [Resource.name, resource_name, resource_data, control_maps]
+        cached = cache_get(cache_key)
+        return cached unless cached.nil?
+
+        begin
+          new_resource = Resource.new(resource_name, resource_data, control_maps)
+        rescue ArgumentError => e
+          raise ArgumentError, "Failed to create resource #{resource_name}: #{e.message}"
+        end
+        cache_add(cache_key, new_resource)
+        new_resource
+      end
+
+      # Creates a new Control object. If an object with the same control name, control data, and control maps
+      # already exists, it will be returned instead of creating a new one.
+      # @param control_name [String] The name of the control.
+      # @param control_data [Hash] The data for the control.
+      # @param control_maps [Array] The control maps for the control.
+      # @return [Control] The new or cached Control object.
+      def new_control(control_name, control_data, control_maps)
+        cache_key = [Control.name, control_name, control_data, control_maps]
+        cached = cache_get(cache_key)
+        return cached unless cached.nil?
+
+        begin
+          new_control = Control.new(control_name, control_data, control_maps)
+        rescue ArgumentError => e
+          raise ArgumentError, "Failed to create control #{control_name}: #{e.message}"
+        end
+        cache_add(cache_key, new_control)
+        new_control
+      end
+
+      # Clears the current cache. Used in testing.
+      def clear_cache
+        @object_cache = {}
+      end
+
+      private
+
+      # Helper method to add a ProcessorObject (or subclass of one) to the cache.
+      # @param key [Array] The key for the cache. An array comprised of the object name, object data,
+      # and control maps.
+      # @param resource [ProcessorObject] The object to add to the cache.
+      def cache_add(key, object)
+        object_cache[key] = object
+      end
+
+      # Helper method to retrieve a ProcessorObject from the cache.
+      # @param key [Array] The key for the cache. An array comprised of the resource name, resource data, and control maps.
+      # @return [ProcessorObject] The object from the cache, or nil if the object doesn't exist.
+      def cache_get(key)
+        object_cache.fetch(key, nil)
+      end
+
+      # Holds the object cache. If the object cache doesn't exist, it will be created.
+      def object_cache
+        @object_cache ||= {}
+      end
+    end
+  end
+end