compliance_engine 0.1.2 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fee65bb4492e02e3223e589aa7b567e8b64e1b8140183ad4f8eecab01998ad85
-  data.tar.gz: c259b00c35ffbe1f4bfa0e6878a471ae31ecaeea7ac688222e66aaa9a496a14c
+  metadata.gz: 44cfaff67ac82f027fdab7db4b4b66b268ded7849821d8b9a8593caa6e3c7d67
+  data.tar.gz: c4992a17de18bd49ebbe72e9bec2f56598460e4e20aeb04b50386bf014af8283
 SHA512:
-  metadata.gz: 97c8b3ea7970037515a1af146301b088b7c3c042f6b5e8f0c1c2388287eaa06429fbf5d6bfc5cbaa5a27e214ca904bc2bb9dd647e2d89b08a6d3aa8e52c3f8be
-  data.tar.gz: 87d12eb35f45db3a6e56e69d5038c33f29fd10e6f2a32014dc0d6d44c9c8299aa1c0300599fb527c4189910533b57cf16cc61b58ae2b11cec82d7f0763ad3c29
+  metadata.gz: ce7186407c8ab23404b1b1a075509df73c6ba026587c901d14c8849c1c4f6490a88a7f89a4a575e327f276f39b97ce2ca10fb107fdcb275f1affeac0bf884fbf
+  data.tar.gz: 5ed4621f0623213d00987271328f15177157249e563bc7c0036b6009c339b6579aba8e65971a9a0d9e22020b4af31a31ac4abd92305598a532133b92c6aa51cb

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+### 0.1.3 / 2025-05-20
+* Add dependency on observer gem (#47)
+* Add Ruby 3.4 to testing matrix
+* Sort directory entries to fix GHA test failures
+
 ### 0.1.2 / 2024-12-04
 * Fix environment loading (#35)
 

data/compliance_engine.gemspec

@@ -25,8 +25,9 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
 
   spec.add_dependency 'deep_merge', '~> 1.2'
-  spec.add_dependency 'thor', '~> 1.3'
   spec.add_dependency 'irb', '~> 1.14'
-  spec.add_dependency 'semantic_puppet', '~> 1.1'
+  spec.add_dependency 'observer', '~> 0.1'
   spec.add_dependency 'rubyzip', '~> 2.3'
+  spec.add_dependency 'semantic_puppet', '~> 1.1'
+  spec.add_dependency 'thor', '~> 1.3'
 end

data/lib/compliance_engine/cli.rb

@@ -10,6 +10,8 @@ class ComplianceEngine::CLI < Thor
   class_option :module, type: :array, default: []
   class_option :modulepath, type: :array
   class_option :modulezip, type: :string
+  class_option :verbose, type: :boolean
+  class_option :debug, type: :boolean
 
   desc 'version', 'Print the version'
   def version
@@ -58,7 +60,14 @@ class ComplianceEngine::CLI < Thor
   def data
     return @data unless @data.nil?
 
-    @data = ComplianceEngine::Data.new(facts: facts, enforcement_tolerance: options[:enforcement_tolerance])
+    if options[:debug]
+      ComplianceEngine.log.level = Logger::DEBUG
+    elsif options[:verbose]
+      ComplianceEngine.log.level = Logger::INFO
+    end
+    @data = ComplianceEngine::Data.new
+    @data.facts = facts
+    @data.enforcement_tolerance = options[:enforcement_tolerance]
     if options[:modulezip]
       @data.open_environment_zip(options[:modulezip])
     elsif options[:modulepath]

data/lib/compliance_engine/component.rb

@@ -7,8 +7,8 @@ require 'deep_merge'
 class ComplianceEngine::Component
   # A generic compliance engine data component
   #
-  # @param [String] component The component key
-  # @param [ComplianceEngine::Data, ComplianceEngine::Collection, NilClass] data The data to initialize the object with
+  # @param component [String] The component key
+  # @param data [ComplianceEngine::Data, ComplianceEngine::Collection, NilClass] The data to initialize the object with
   def initialize(name, data: nil)
     context_variables.each { |var| instance_variable_set(var, data&.instance_variable_get(var)) }
     @component ||= { key: name, fragments: {} }
@@ -124,9 +124,9 @@ class ComplianceEngine::Component
 
   # Compare a fact value against a confine value
   #
-  # @param [Object] fact The fact value
-  # @param [Object] confine The confine value
-  # @param [Integer] depth The depth of the recursion
+  # @param fact [Object] The fact value
+  # @param confine [Object] The confine value
+  # @param depth [Integer] The depth of the recursion
   # @return [TrueClass, FalseClass] true if the fact value matches the confine value
   def fact_match?(fact, confine, depth = 0)
     if confine.is_a?(String)
@@ -146,7 +146,7 @@ class ComplianceEngine::Component
 
   # Check if a fragment is confined
   #
-  # @param [Hash] fragment The fragment to check
+  # @param fragment [Hash] The fragment to check
   # @return [TrueClass, FalseClass] true if the fragment should be dropped
   def confine_away?(fragment)
     return false unless fragment.key?('confine')
@@ -161,13 +161,13 @@ class ComplianceEngine::Component
             begin
               return true unless SemanticPuppet::VersionRange.parse(module_version).include?(SemanticPuppet::Version.parse(environment_data[v]))
             rescue => e
-              warn "Failed to compare #{v} #{environment_data[v]} with version confinement #{module_version}: #{e.message}"
+              ComplianceEngine.log.error "Failed to compare #{v} #{environment_data[v]} with version confinement #{module_version}: #{e.message}"
               return true
             end
           end
         end
       elsif k == 'module_version'
-        warn "Missing module name for #{fragment}" unless fragment['confine'].key?('module_name')
+        ComplianceEngine.log.error "Missing module name for #{fragment}" unless fragment['confine'].key?('module_name')
       else
         # Confinement based on Puppet facts
         unless facts.nil?
@@ -215,14 +215,14 @@ class ComplianceEngine::Component
           message = "Remediation disabled for #{fragment}"
           reason = fragment['remediation']['disabled']&.map { |value| value['reason'] }&.reject { |value| value.nil? }&.join("\n")
           message += "\n#{reason}" unless reason.nil?
-          warn message
+          ComplianceEngine.log.info message
           next
         end
 
         if fragment['remediation'].key?('risk')
           risk_level = fragment['remediation']['risk']&.map { |value| value['level'] }&.select { |value| value.is_a?(Integer) }&.max
           if risk_level.is_a?(Integer) && risk_level >= enforcement_tolerance
-            warn "Remediation risk #{risk_level} exceeds enforcement tolerance #{enforcement_tolerance} for #{fragment}"
+            ComplianceEngine.log.info "Remediation risk #{risk_level} exceeds enforcement tolerance #{enforcement_tolerance} for #{fragment}"
             next
           end
         end
@@ -243,7 +243,7 @@ class ComplianceEngine::Component
     @element = {}
 
     fragments.each_value do |fragment|
-      @element = @element.deep_merge!(fragment)
+      @element = DeepMerge.deep_merge!(fragment, @element)
     end
 
     @element

data/lib/compliance_engine/data.rb

@@ -24,9 +24,9 @@ require 'json'
 
 # Work with compliance data
 class ComplianceEngine::Data
-  # @param [Array<String>] paths The paths to the compliance data files
-  # @param [Hash] facts The facts to use while evaluating the data
-  # @param [Integer] enforcement_tolerance The tolerance to use while evaluating the data
+  # @param paths [Array<String>] The paths to the compliance data files
+  # @param facts [Hash] The facts to use while evaluating the data
+  # @param enforcement_tolerance [Integer] The tolerance to use while evaluating the data
   def initialize(*paths, facts: nil, enforcement_tolerance: nil)
     @data ||= {}
     @facts = facts
@@ -38,35 +38,35 @@ class ComplianceEngine::Data
   attr_reader :data, :facts, :enforcement_tolerance, :environment_data, :modulepath
 
   # Set the object data
-  # @param [Hash] data The data to initialize the object with
+  # @param data [Hash] The data to initialize the object with
   def data=(value)
     @data = value
     invalidate_cache
   end
 
   # Set the facts
-  # @param [Hash] facts The facts to initialize the object with
+  # @param facts [Hash] The facts to initialize the object with
   def facts=(value)
     @facts = value
     invalidate_cache
   end
 
   # Set the enforcement tolerance
-  # @param [Hash] enforcement_tolerance The enforcement tolerance to initialize
+  # @param enforcement_tolerance [Hash] The enforcement tolerance to initialize
   def enforcement_tolerance=(value)
     @enforcement_tolerance = value
     invalidate_cache
   end
 
   # Set the environment data
-  # @param [Hash] environment_data The environment data to initialize the object with
+  # @param environment_data [Hash] The environment data to initialize the object with
   def environment_data=(value)
     @environment_data = value
     invalidate_cache
   end
 
   # Set the modulepath
-  # @param [Array<String>] modulepath The Puppet modulepath
+  # @param modulepath [Array<String>] The Puppet modulepath
   def modulepath=(value)
     @modulepath = value
     invalidate_cache
@@ -89,7 +89,7 @@ class ComplianceEngine::Data
   end
 
   # Scan a Puppet environment from a zip file
-  # @param [String] path The Puppet environment archive file
+  # @param path [String] The Puppet environment archive file
   # @return [NilClass]
   def open_environment_zip(path)
     require 'compliance_engine/environment_loader/zip'
@@ -100,7 +100,7 @@ class ComplianceEngine::Data
   end
 
   # Scan a Puppet environment
-  # @param [Array<String>] paths The Puppet modulepath components
+  # @param paths [Array<String>] The Puppet modulepath components
   # @return [NilClass]
   def open_environment(*paths)
     environment = ComplianceEngine::EnvironmentLoader.new(*paths)
@@ -110,9 +110,9 @@ class ComplianceEngine::Data
 
   # Scan paths for compliance data files
   #
-  # @param [Array<String>] paths The paths to the compliance data files
-  # @param [Class] fileclass The class to use for reading files
-  # @param [Class] dirclass The class to use for reading directories
+  # @param paths [Array<String>] The paths to the compliance data files
+  # @param fileclass [Class] The class to use for reading files
+  # @param dirclass [Class] The class to use for reading directories
   # @return [NilClass]
   def open(*paths, fileclass: File, dirclass: Dir)
     modules = {}
@@ -162,11 +162,11 @@ class ComplianceEngine::Data
 
   # Update the data for a given file
   #
-  # @param [String] file The path to the compliance data file
-  # @param [String] key The key to use for the data
-  # @param [Class] fileclass The class to use for reading files
-  # @param [Integer] size The size of the file
-  # @param [Time] mtime The modification time of the file
+  # @param file [String] The path to the compliance data file
+  # @param key [String] The key to use for the data
+  # @param fileclass [Class] The class to use for reading files
+  # @param size [Integer] The size of the file
+  # @param mtime [Time] The modification time of the file
   # @return [NilClass]
   def update(
     filename,
@@ -207,7 +207,7 @@ class ComplianceEngine::Data
 
     reset_collection
   rescue => e
-    warn e.message
+    ComplianceEngine.log.error e.message
   end
 
   # Get a list of files with compliance data
@@ -220,7 +220,7 @@ class ComplianceEngine::Data
 
   # Get the compliance data for a given file
   #
-  # @param [String] file The path to the compliance data file
+  # @param file [String] The path to the compliance data file
   # @return [Hash]
   def get(file)
     data[file][:content]
@@ -268,7 +268,7 @@ class ComplianceEngine::Data
       collection.each_value do |v|
         v.to_a.each do |component|
           next unless component.key?('confine')
-          @confines = @confines.deep_merge!(component['confine'])
+          @confines = DeepMerge.deep_merge!(component['confine'], @confines)
         end
       end
     end
@@ -278,7 +278,7 @@ class ComplianceEngine::Data
 
   # Return all Hiera data from checks that map to the requested profiles
   #
-  # @param [Array<String>] requested_profiles The requested profiles
+  # @param requested_profiles [Array<String>] The requested profiles
   # @return [Hash]
   def hiera(requested_profiles = [])
     # If we have no valid profiles, we won't have any hiera data.
@@ -293,7 +293,7 @@ class ComplianceEngine::Data
     valid_profiles = []
     requested_profiles.each do |profile|
       if profiles[profile].nil?
-        warn "Requested profile '#{profile}' not defined"
+        ComplianceEngine.log.error "Requested profile '#{profile}' not defined"
         next
       end
 
@@ -310,7 +310,7 @@ class ComplianceEngine::Data
 
     valid_profiles.reverse_each do |profile|
       check_mapping(profile).each_value do |check|
-        parameters = parameters.deep_merge!(check.hiera)
+        parameters = DeepMerge.deep_merge!(check.hiera, parameters)
       end
     end
 
@@ -319,7 +319,7 @@ class ComplianceEngine::Data
 
   # Return all checks that map to the requested profile or CE
   #
-  # @param [ComplianceEngine::Profile, ComplianceEngine::Ce] profile_or_ce The requested profile or CE
+  # @param profile_or_ce [ComplianceEngine::Profile, ComplianceEngine::Ce] The requested profile or CE
   # @return [Hash]
   def check_mapping(profile_or_ce)
     raise ArgumentError, 'Argument must be a ComplianceEngine::Profile object' unless profile_or_ce.is_a?(ComplianceEngine::Profile) || profile_or_ce.is_a?(ComplianceEngine::Ce)
@@ -367,8 +367,8 @@ class ComplianceEngine::Data
 
   # Return true if the check is mapped to the profile or CE
   #
-  # @param [ComplianceEngine::Check] check The check
-  # @param [ComplianceEngine::Profile, ComplianceEngine::Ce] profile_or_ce The profile or CE
+  # @param check [ComplianceEngine::Check] The check
+  # @param profile_or_ce [ComplianceEngine::Profile, ComplianceEngine::Ce] The profile or CE
   # @return [TrueClass, FalseClass]
   def mapping?(check, profile_or_ce)
     raise ArgumentError, 'Argument must be a ComplianceEngine::Profile object' unless profile_or_ce.is_a?(ComplianceEngine::Profile) || profile_or_ce.is_a?(ComplianceEngine::Ce)
@@ -404,8 +404,8 @@ class ComplianceEngine::Data
 
   # Correlate between arrays and hashes
   #
-  # @param [Array] a An array
-  # @param [Hash] b A hash
+  # @param a [Array] An array
+  # @param b [Hash] A hash
   # @return [TrueClass, FalseClass]
   def correlate(a, b)
     return false if a.nil? || b.nil?
@@ -416,11 +416,4 @@ class ComplianceEngine::Data
 
     a.any? { |item| b[item] }
   end
-
-  # Print debugging messages to the console.
-  #
-  # @param [String] msg The message to print
-  def debug(msg)
-    warn msg
-  end
 end

data/lib/compliance_engine/data_loader/file.rb

@@ -7,9 +7,9 @@ require 'compliance_engine/data_loader'
 class ComplianceEngine::DataLoader::File < ComplianceEngine::DataLoader
   # Initialize a new instance of the ComplianceEngine::DataLoader::File class
   #
-  # @param [String] file The path to the file to be loaded
-  # @param [Class] fileclass The class to use for file operations, defaults to `::File`
-  # @param [String] key The key to use for identifying the data, defaults to the file path
+  # @param file [String] The path to the file to be loaded
+  # @param fileclass [Class] The class to use for file operations, defaults to `::File`
+  # @param key [String] The key to use for identifying the data, defaults to the file path
   def initialize(file, fileclass: ::File, key: file)
     @fileclass = fileclass
     @filename = file

data/lib/compliance_engine/data_loader.rb

@@ -10,7 +10,7 @@ class ComplianceEngine::DataLoader
   # Initialize a new instance of the ComplianceEngine::DataLoader::File class
   #
   # @param value [Hash] The data to initialize the object with
-  # @param [String] key The key to use for identifying the data
+  # @param key [String] The key to use for identifying the data
   def initialize(value = {}, key: nil)
     self.data = value
     @key = key

data/lib/compliance_engine/environment_loader.rb

@@ -18,6 +18,7 @@ class ComplianceEngine::EnvironmentLoader
               .grep(%r{\A[a-z][a-z0-9_]*\Z})
               .select { |child| fileclass.directory?(File.join(path, child)) }
               .map { |child| File.join(path, child) }
+              .sort
     rescue
       []
     end

data/lib/compliance_engine/module_loader.rb

@@ -26,7 +26,7 @@ class ComplianceEngine::ModuleLoader
         @name = metadata.data['name']
         @version = metadata.data['version']
       rescue => e
-        warn "Could not parse #{metadata_json}: #{e.message}"
+        ComplianceEngine.log.warn "Could not parse #{metadata_json}: #{e.message}"
       end
     end
 
@@ -37,7 +37,6 @@ class ComplianceEngine::ModuleLoader
             .map { |dir|
       ['yaml', 'json'].map { |type| File.join(path, dir, '**', "*.#{type}") }
     }.flatten
-    # debug "Globs: #{globs}"
     # Using .each here to make mocking with rspec easier.
     globs.each do |glob|
       dirclass.glob(glob).each do |file|
@@ -53,7 +52,7 @@ class ComplianceEngine::ModuleLoader
                  end
         @files << loader
       rescue => e
-        warn "Could not load #{file}: #{e.message}"
+        ComplianceEngine.log.warn "Could not load #{file}: #{e.message}"
       end
     end
   end

data/lib/compliance_engine/version.rb

@@ -1,13 +1,13 @@
 # frozen_string_literal: true
 
 module ComplianceEngine
-  VERSION = '0.1.2'
+  VERSION = '0.1.3'
 
   # Handle supported compliance data versions
   class Version
     # Verify that the version is supported
     #
-    # @param [String] version The version to verify
+    # @param version [String] The version to verify
     def initialize(version)
       raise 'Missing version' if version.nil?
       raise "Unsupported version '#{version}'" unless version == '2.0.0'

data/lib/compliance_engine.rb

@@ -2,6 +2,7 @@
 
 require 'compliance_engine/version'
 require 'compliance_engine/data'
+require 'logger'
 
 # Work with compliance data
 module ComplianceEngine
@@ -9,7 +10,7 @@ module ComplianceEngine
 
   # Open compliance data
   #
-  # @param [Array<String>] paths The paths to the compliance data files
+  # @param paths [Array<String>] The paths to the compliance data files
   # @return [ComplianceEngine::Data]
   def self.open(*paths)
     Data.new(*paths)
@@ -17,9 +18,26 @@ module ComplianceEngine
 
   # Open compliance data
   #
-  # @param [Array<String>] paths The paths to the compliance data files
+  # @param paths [Array<String>] The paths to the compliance data files
   # @return [ComplianceEngine::Data]
   def self.new(*paths)
     Data.new(*paths)
   end
+
+  # Get the logger
+  #
+  # @return [Logger]
+  def self.log
+    return @log unless @log.nil?
+
+    @log = Logger.new(STDERR)
+    @log.level = Logger::WARN
+    @log
+  end
+
+  # Set the logger
+  # @param logger [Logger] The logger to use
+  def self.log=(value)
+    @log = value
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: compliance_engine
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors:
 - Steven Pritchard
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-12-04 00:00:00.000000000 Z
+date: 2025-05-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: deep_merge
@@ -25,33 +25,47 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '1.2'
 - !ruby/object:Gem::Dependency
-  name: thor
+  name: irb
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1.14'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1.14'
 - !ruby/object:Gem::Dependency
-  name: irb
+  name: observer
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.14'
+        version: '0.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.14'
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: rubyzip
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
 - !ruby/object:Gem::Dependency
   name: semantic_puppet
   requirement: !ruby/object:Gem::Requirement
@@ -67,20 +81,20 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '1.1'
 - !ruby/object:Gem::Dependency
-  name: rubyzip
+  name: thor
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.3'
+        version: '1.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.3'
-description: 
+        version: '1.3'
+description:
 email:
 - steve@sicura.us
 executables:
@@ -120,9 +134,9 @@ licenses:
 metadata:
   homepage_uri: https://simp-project.com/docs/sce/
   source_code_uri: https://github.com/simp/rubygem-simp-compliance_engine
-  changelog_uri: https://github.com/simp/rubygem-simp-compliance_engine/releases/tag/0.1.2
+  changelog_uri: https://github.com/simp/rubygem-simp-compliance_engine/releases/tag/0.1.3
   bug_tracker_uri: https://github.com/simp/rubygem-simp-compliance_engine/issues
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -138,7 +152,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.1.6
-signing_key: 
+signing_key:
 specification_version: 4
 summary: Parser for Sicura Compliance Engine data
 test_files: []