simp-beaker-helpers 2.0.5 → 3.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '01691b723cf1d20c20093a46cc90eaba1f0d3bd947e517388d963c86c086a406'
-  data.tar.gz: 5cdc26846cbefaf342a15200542dd801c00947677b9e553ec741bc0bd62ae71b
+  metadata.gz: 4e51892c7f01f52c49e29840032a8e4b7d5f524a3c3160b3218d3839224bfaf6
+  data.tar.gz: abbce77cea4030bcc802eaa16359e5f53998fb1dda40cd8dbb5aa11e56fff768
 SHA512:
-  metadata.gz: fcfbe6df23fe2fcb941349958cdd4d1645ffc61592c417ad52ce28975de51b44f795e6be786e297b9a8e6ca8a23aaf01898a0ef181f075dea6219ff5a595aa8d
-  data.tar.gz: 1efc45ea2fb279ffa9795c4f31510be99ae565dcb36bdc5366bf8056d11a9d0bf8d6fd5dcbca1d18fc1d38c3a4912c965290ff88489f12bb1a55476fea08e4f0
+  metadata.gz: 3c0c3ef0740aef92c4dcb643b94ac228d5484a0ad524b7b419832f30e28caa63f4ba802bf48d721ae242af7a387cc291582e33e9ad23ef345f6bc88105161f67
+  data.tar.gz: 61829ea33bf1911ee6da64d46b29f270f907631c01b3e681b62ac4650716ccaeba4d3d8dababc07cfea1eb8400b1bd2ab72d8528940e296bf4e35f290f36ddac

data/.github/workflows/pr_acceptance.yml

@@ -17,14 +17,6 @@ jobs:
     strategy:
       matrix:
         puppet:
-          - label: 'Puppet 7.x [SIMP 6.6/PE 2021.7]'
-            puppet_version: '~> 7.0'
-            ruby_version: '2.7'
-            experimental: false
-          - label: 'Puppet 8.x'
-            puppet_version: '~> 8.0'
-            ruby_version: '3.2'
-            experimental: false
           - label: 'OpenVox 8.x'
             puppet_version: '~> 8.0'
             ruby_version: '3.2'
@@ -37,9 +29,6 @@ jobs:
           - label: beaker puppet_collections
             suite: puppet_collections
             allowed_to_fail: false
-          - label: beaker ssg
-            suite: ssg
-            allowed_to_fail: false
           # The inspec suite fails for unclear reasons during an scp.
           # Sicura tests compliance at the framework level, so troubleshooting
           # inspec acceptance tests is not a priority at present.
@@ -51,7 +40,7 @@ jobs:
       PUPPET_VERSION: ${{matrix.puppet.puppet_version}}
     steps:
       - name: checkout repo
-        uses: actions/checkout@v6
+        uses: actions/checkout@v7
       - name: setup ruby
         uses: ruby/setup-ruby@v1
         with:

data/.github/workflows/pr_tests.yml

@@ -32,7 +32,7 @@ jobs:
     runs-on: ubuntu-latest
     continue-on-error: true
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
       - name: "Install Ruby 3.2"
         uses: ruby/setup-ruby@v1
         with:
@@ -48,18 +48,20 @@ jobs:
     strategy:
       matrix:
         puppet:
-          - label: 'Puppet 7.x [SIMP 6.6/PE 2021.7]'
-            puppet_version: '~> 7.0'
-            ruby_version: '2.7'
-            experimental: false
-          - label: 'Puppet 8.x'
+          - label: 'OpenVox 8.x'
             puppet_version: '~> 8.0'
             ruby_version: '3.2'
             experimental: false
+          # OpenVox 9 is unreleased; preview the future Ruby 4.0 / OpenVox 9
+          # combo by running the OpenVox 8 gem on Ruby 4.0.
+          - label: 'OpenVox 9.x preview (Ruby 4.0, OpenVox 8 gem)'
+            puppet_version: '~> 8.0'
+            ruby_version: '4.0'
+            experimental: false
     env:
       PUPPET_VERSION: ${{matrix.puppet.puppet_version}}
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
       - name: 'Install Ruby ${{matrix.puppet.ruby_version}}'
         uses: ruby/setup-ruby@v1
         with:

data/.github/workflows/tag_deploy_rubygem.yml

@@ -48,7 +48,7 @@ on:
       - '[0-9]+\.[0-9]+\.[0-9]+\-[a-z]+[0-9]+'
 
 env:
-  PUPPET_VERSION: '~> 7'
+  PUPPET_VERSION: '~> 8'
   LOCAL_WORKFLOW_CONFIG_FILE: .github/workflows.local.json
 
 jobs:
@@ -63,7 +63,7 @@ jobs:
     steps:
       - name: "Assert '${{ github.ref }}' is a tag"
         run: '[[ "$GITHUB_REF" =~ ^refs/tags/ ]] || { echo "::error ::GITHUB_REF is not a tag: ${GITHUB_REF}"; exit 1 ; }'
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
         with:
           ref: ${{ github.ref }}
           clean: true
@@ -116,7 +116,7 @@ jobs:
       tag: ${{ steps.tag-check.outputs.tag }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v7
         with:
           ref: ${{ github.ref }}
           clean: true
@@ -178,7 +178,7 @@ jobs:
       PKG_DIR: ${{ needs.releng-checks.outputs.pkg_dir }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v7
         with:
           ref: ${{ github.ref }}
           clean: true

data/CHANGELOG.md

@@ -1,7 +1,29 @@
+### 3.0.0 / 2026-06-24
+* Changed (**Breaking**):
+  * Dropped support for Puppet 7 / Ruby 2.7. CI now tests Puppet/OpenVox 8 only,
+    and the default OpenVox gem floor is raised to `>= 8.0.0`.
+  * Replaced the `puppetlabs_spec_helper/tasks/fixtures` dependency with
+    `puppet_fixtures`, enabling Ruby 4.0 support. `puppetlabs_spec_helper` pulls
+    in `puppet-syntax` < 5, which depends on the `puppet` gem and its `facter`
+    dependency that does not support Ruby >= 4.0; `puppet_fixtures` is the
+    OpenVox-ecosystem replacement and supports Ruby 4.0.
+  * The `beaker:suites` task now depends on `fixtures:prep` (from
+    `puppet_fixtures`) instead of `spec_prep`, and `ensure_fixture_modules` now
+    runs `rake fixtures:prep`.
+* Removed (**Breaking**):
+  * Removed the unsupported `Simp::BeakerHelpers::SSG` helpers, the `ssg`
+    acceptance suite, and the `SSG_REPO_URL` constant (#268)
+* Added:
+  * `puppet_fixtures` runtime dependency
+  * OpenVox-named environment variables for `get_puppet_install_info`, taking
+    precedence over the Puppet-named equivalents (which remain as fallbacks):
+    `OPENVOX_VERSION`, `OPENVOX_INSTALL_VERSION`, `OPENVOX_INSTALL_TYPE`,
+    `BEAKER_OPENVOX_AGENT_VERSION`, `BEAKER_OPENVOX_COLLECTION`,
+    `BEAKER_OPENVOX_PACKAGE_NAME`
+
 ### 2.0.5 / 2026-06-06
 * Fixed:
   * Additional cleanup for rubocop
-
 ### 2.0.4 / 2025-10-16
 * Fixed:
   * `install_puppet` failure on Windows (#266)

data/Gemfile

@@ -41,15 +41,14 @@ group :system_tests do
   gem 'ed25519'
   gem 'net-ssh'
   # renovate: datasource=rubygems versioning=ruby
-  gem 'openvox', ENV.fetch('OPENVOX_VERSION', ENV.fetch('PUPPET_VERSION', ['>= 7.0.0', '< 9.0.0']))
-  gem 'pry-byebug', '~> 3.10.0'
-  gem 'puppetlabs_spec_helper', '>= 4.0.0', '< 9.0.0'
+  gem 'openvox', ENV.fetch('OPENVOX_VERSION', ENV.fetch('PUPPET_VERSION', ['>= 8.0.0', '< 9.0.0']))
+  gem 'pry-byebug', '~> 3.12.0'
   gem 'syslog' # Required for Ruby >= 3.4
 end
 
 group :tests do
-  gem 'rubocop', '~> 1.87.0'
+  gem 'rubocop', '~> 1.88.0'
   gem 'rubocop-performance', '~> 1.26.0'
   gem 'rubocop-rake', '~> 0.7.0'
-  gem 'rubocop-rspec', '~> 3.8.0'
+  gem 'rubocop-rspec', '~> 3.10.0'
 end

data/lib/simp/beaker_helpers/constants.rb

@@ -9,8 +9,6 @@ module Simp::BeakerHelpers # rubocop:disable Style/OneClassPerFile
   # oldest system that we support
   DEFAULT_PUPPET_AGENT_VERSION = '~> 8.0'.freeze
 
-  SSG_REPO_URL = ENV['BEAKER_ssg_repo'] || 'https://github.com/ComplianceAsCode/content.git'
-
   if ['true', 'yes'].include?(ENV['BEAKER_online'])
     ONLINE = true
   elsif ['false', 'no'].include?(ENV['BEAKER_online'])

data/lib/simp/beaker_helpers/version.rb

@@ -4,5 +4,5 @@
 module Simp; end
 
 module Simp::BeakerHelpers # rubocop:disable Style/OneClassPerFile
-  VERSION = '2.0.5'
+  VERSION = '3.0.0'
 end

data/lib/simp/beaker_helpers.rb

@@ -14,7 +14,6 @@ module Simp::BeakerHelpers # rubocop:disable Style/OneClassPerFile
   require 'simp/beaker_helpers/constants'
   require 'simp/beaker_helpers/inspec'
   require 'simp/beaker_helpers/snapshot'
-  require 'simp/beaker_helpers/ssg'
   require 'simp/beaker_helpers/version'
   require 'find'
 
@@ -367,8 +366,8 @@ module Simp::BeakerHelpers # rubocop:disable Style/OneClassPerFile
       if missing_modules.empty?
         puts '  == all fixture modules present'
       else
-        cmd = 'bundle exec rake spec_prep'
-        puts "  -- running spec_prep: '#{cmd}'"
+        cmd = 'bundle exec rake fixtures:prep'
+        puts "  -- running fixtures:prep: '#{cmd}'"
         `#{cmd}`
       end
     end
@@ -1426,16 +1425,25 @@ module Simp::BeakerHelpers # rubocop:disable Style/OneClassPerFile
   #       install version and a puppet collection are specified. This is
   #       because the puppet install version can specify more precise
   #       version information than is available from a puppet collection.
+  #
+  #       Each Puppet-named environment variable has an OpenVox-named
+  #       equivalent (e.g. OPENVOX_VERSION, BEAKER_OPENVOX_COLLECTION) that
+  #       takes precedence; the Puppet-named variables are kept as fallbacks
+  #       for backwards compatibility.
   def get_puppet_install_info
-    # The first match is internal Beaker and the second is legacy SIMP
-    puppet_install_version = ENV['BEAKER_PUPPET_AGENT_VERSION'] || ENV['PUPPET_INSTALL_VERSION'] || ENV['PUPPET_VERSION']
+    # OpenVox-named variables win; the Puppet-named ones remain as fallbacks.
+    # Within each pair the first match is internal Beaker, the second legacy SIMP.
+    puppet_install_version =
+      ENV['BEAKER_OPENVOX_AGENT_VERSION'] || ENV['BEAKER_PUPPET_AGENT_VERSION'] ||
+      ENV['OPENVOX_INSTALL_VERSION'] || ENV['PUPPET_INSTALL_VERSION'] ||
+      ENV['OPENVOX_VERSION'] || ENV['PUPPET_VERSION']
 
     if puppet_install_version && !puppet_install_version.strip.empty?
       puppet_agent_version = latest_puppet_agent_version_for(puppet_install_version.strip)
     end
 
     if puppet_agent_version.nil?
-      if (puppet_collection = ENV['BEAKER_PUPPET_COLLECTION'] || host.options['puppet_collection'])
+      if (puppet_collection = ENV['BEAKER_OPENVOX_COLLECTION'] || ENV['BEAKER_PUPPET_COLLECTION'] || host.options['puppet_collection'])
         raise("Error: Puppet Collection '#{puppet_collection}' must match /(puppet|openvox)(\\d+)/") unless puppet_collection =~ %r{(puppet|openvox)(\d+)}
         puppet_collection_name = ::Regexp.last_match(1)
         puppet_install_version = "~> #{::Regexp.last_match(2)}"
@@ -1453,18 +1461,18 @@ module Simp::BeakerHelpers # rubocop:disable Style/OneClassPerFile
     {
       puppet_install_version: puppet_agent_version,
       puppet_collection: puppet_collection,
-      puppet_install_type: ENV.fetch('PUPPET_INSTALL_TYPE', 'agent')
+      puppet_install_type: ENV['OPENVOX_INSTALL_TYPE'] || ENV.fetch('PUPPET_INSTALL_TYPE', 'agent')
     }
   end
 
   def run_puppet_install_helper_on(hosts)
     block_on hosts, run_in_parallel: true do |host|
-      puppet_collection = ENV.fetch('BEAKER_PUPPET_COLLECTION', nil) || host.options['puppet_collection']
+      puppet_collection = ENV['BEAKER_OPENVOX_COLLECTION'] || ENV.fetch('BEAKER_PUPPET_COLLECTION', nil) || host.options['puppet_collection']
       if is_windows?(host)
         install_msi_on(host, puppet_collection)
       else
         BeakerPuppetHelpers::InstallUtils.install_puppet_release_repo_on(host, puppet_collection)
-        package_name = ENV.fetch('BEAKER_PUPPET_PACKAGE_NAME', BeakerPuppetHelpers::InstallUtils.collection2packagename(host, puppet_collection))
+        package_name = ENV['BEAKER_OPENVOX_PACKAGE_NAME'] || ENV.fetch('BEAKER_PUPPET_PACKAGE_NAME', BeakerPuppetHelpers::InstallUtils.collection2packagename(host, puppet_collection))
         host.install_package(package_name)
       end
     end

data/lib/simp/rake/beaker.rb

@@ -4,7 +4,7 @@ require 'rake/tasklib'
 require 'fileutils'
 require 'beaker/tasks/rake_task'
 require 'beaker-rspec/rake_task'
-require 'puppetlabs_spec_helper/tasks/fixtures'
+require 'puppet_fixtures/tasks'
 
 # Simp namespace
 module Simp; end
@@ -111,7 +111,7 @@ class Simp::Rake::Beaker < ::Rake::TaskLib # rubocop:disable Style/OneClassPerFi
               'default_run' : <true|false> => Default: false
               ```
         EOM
-      task :suites, [:suite, :nodeset] => ['spec_prep'] do |_t, args|
+      task :suites, [:suite, :nodeset] => ['fixtures:prep'] do |_t, args|
         suite = args[:suite]
         nodeset = args[:nodeset]
 

data/simp-beaker-helpers.gemspec

@@ -30,6 +30,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'docker-api',            ['>= 2.1.0', '< 3.0.0']
   s.add_runtime_dependency 'highline',              ['>= 2.0', '< 4.0.0']
   s.add_runtime_dependency 'nokogiri',              '~> 1.8'
+  s.add_runtime_dependency 'puppet_fixtures',       ['>= 0.1', '< 3.0.0']
 
   ### s.files = Dir['Rakefile', '{bin,lib,spec}/**/*', 'README*', 'LICENSE*'] & `git ls-files -z .`.split("\0")
   s.files       = %x(git ls-files).split("\n")

data/spec/acceptance/suites/inspec/00_default_spec.rb

@@ -38,7 +38,7 @@ describe 'Inspec STIG Profile' do
 
             it 'has a report' do
               expect(inspec_report_data[:report]).not_to be_nil
-              puts inspec_report_data[:report]
+              puts inspec_report_data[:report] # rubocop:disable RSpec/Output
             end
           else
             # rubocop:disable RSpec/RepeatedDescription

data/spec/lib/simp/beaker_helpers_spec.rb

@@ -131,10 +131,15 @@ describe 'Simp::BeakerHelpers' do
 
   context '#get_puppet_install_info' do
     after(:each) do
+      ENV['BEAKER_OPENVOX_AGENT_VERSION'] = nil
       ENV['BEAKER_PUPPET_AGENT_VERSION'] = nil
+      ENV['OPENVOX_INSTALL_VERSION'] = nil
       ENV['PUPPET_INSTALL_VERSION'] = nil
+      ENV['OPENVOX_VERSION'] = nil
       ENV['PUPPET_VERSION'] = nil
+      ENV['BEAKER_OPENVOX_COLLECTION'] = nil
       ENV['BEAKER_PUPPET_COLLECTION'] = nil
+      ENV['OPENVOX_INSTALL_TYPE'] = nil
       ENV['PUPPET_INSTALL_TYPE'] = nil
     end
 
@@ -222,6 +227,46 @@ describe 'Simp::BeakerHelpers' do
       expect(helper.get_puppet_install_info).to eq expected
     end
 
+    it 'extracts info from OPENVOX_VERSION' do
+      allow(helper).to receive(:`).with('gem search -ra -e puppet').and_return(gem_search_results)
+      ENV['OPENVOX_VERSION'] = '5.5.0'
+      expected = {
+        puppet_install_version: '5.5.0',
+        puppet_collection: 'puppet5',
+        puppet_install_type: 'agent'
+      }
+      expect(helper.get_puppet_install_info).to eq expected
+    end
+
+    it 'extracts openvox info from BEAKER_OPENVOX_COLLECTION' do
+      allow(helper).to receive(:`).with('gem search -ra -e openvox').and_return(openvox_gem_search_results)
+      ENV['BEAKER_OPENVOX_COLLECTION'] = 'openvox8'
+      expected = {
+        puppet_install_version: '8.19.2',
+        puppet_collection: 'openvox8',
+        puppet_install_type: 'agent'
+      }
+      expect(helper.get_puppet_install_info).to eq expected
+    end
+
+    it 'prefers BEAKER_OPENVOX_COLLECTION over BEAKER_PUPPET_COLLECTION' do
+      allow(helper).to receive(:`).with('gem search -ra -e openvox').and_return(openvox_gem_search_results)
+      ENV['BEAKER_OPENVOX_COLLECTION'] = 'openvox8'
+      ENV['BEAKER_PUPPET_COLLECTION'] = 'puppet5'
+      expected = {
+        puppet_install_version: '8.19.2',
+        puppet_collection: 'openvox8',
+        puppet_install_type: 'agent'
+      }
+      expect(helper.get_puppet_install_info).to eq expected
+    end
+
+    it 'extracts info from OPENVOX_INSTALL_TYPE' do
+      ENV['OPENVOX_INSTALL_TYPE'] = 'pe'
+
+      expect(helper.get_puppet_install_info[:puppet_install_type]).to eq('pe')
+    end
+
     it 'extracts info from PUPPET_INSTALL_TYPE' do
       ENV['PUPPET_INSTALL_TYPE'] = 'pe'
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: simp-beaker-helpers
 version: !ruby/object:Gem::Version
-  version: 2.0.5
+  version: 3.0.0
 platform: ruby
 authors:
 - Chris Tessmer
 - Trevor Vaughan
 bindir: bin
 cert_chain: []
-date: 2026-06-07 00:00:00.000000000 Z
+date: 2026-06-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: beaker
@@ -164,6 +164,26 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.8'
+- !ruby/object:Gem::Dependency
+  name: puppet_fixtures
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 3.0.0
 description: 'Beaker helper methods to help scaffold SIMP acceptance tests
 
   '
@@ -196,7 +216,6 @@ files:
 - lib/simp/beaker_helpers/constants.rb
 - lib/simp/beaker_helpers/inspec.rb
 - lib/simp/beaker_helpers/snapshot.rb
-- lib/simp/beaker_helpers/ssg.rb
 - lib/simp/beaker_helpers/version.rb
 - lib/simp/beaker_helpers/windows.rb
 - lib/simp/rake/beaker.rb
@@ -229,9 +248,6 @@ files:
 - spec/acceptance/suites/snapshot/00_snapshot_test_spec.rb
 - spec/acceptance/suites/snapshot/10_general_usage_spec.rb
 - spec/acceptance/suites/snapshot/nodesets
-- spec/acceptance/suites/ssg/00_default_spec.rb
-- spec/acceptance/suites/ssg/metadata.yml
-- spec/acceptance/suites/ssg/nodesets
 - spec/acceptance/suites/windows/00_default_spec.rb
 - spec/acceptance/suites/windows/metadata.yml
 - spec/acceptance/suites/windows/nodesets/default.yml

data/lib/simp/beaker_helpers/ssg.rb

@@ -1,479 +0,0 @@
-# SIMP Beaker helper methods for testing
-module Simp::BeakerHelpers
-  require 'simp/beaker_helpers/constants'
-
-  # Helpers for working with the SCAP Security Guide
-  class SSG
-    if ENV['BEAKER_ssg_repo']
-      GIT_REPO = ENV['BEAKER_ssg_repo']
-    else
-      raise('You are offline: Set BEAKER_ssg_repo to point to the git repo that hosts the SSG content') unless ONLINE
-
-      GIT_REPO = 'https://github.com/ComplianceAsCode/content.git'.freeze
-    end
-
-    # If this is not set, the highest numeric tag will be used
-    GIT_BRANCH = nil
-
-    if ENV['BEAKER_ssg_branch']
-      GIT_BRANCH = ENV['BEAKER_ssg_branch']
-    end
-
-    EL7_PACKAGES = [
-      'PyYAML',
-      'cmake',
-      'git',
-      'openscap-python',
-      'openscap-scanner',
-      'openscap-utils',
-      'python-jinja2',
-      'python-lxml',
-      'python-setuptools',
-    ].freeze
-
-    EL8_PACKAGES = [
-      'cmake',
-      'git',
-      'make',
-      'openscap-python3',
-      'openscap-utils',
-      'openscap-scanner',
-      'python3',
-      'python3-jinja2',
-      'python3-lxml',
-      'python3-pyyaml',
-      'python3-setuptools',
-      'libarchive',
-    ].freeze
-
-    EL9_PACKAGES = [
-      'cmake',
-      'git',
-      'make',
-      'openscap-python3',
-      'openscap-utils',
-      'openscap-scanner',
-      'python3',
-      'python3-jinja2',
-      'python3-lxml',
-      'python3-pyyaml',
-      'python3-setuptools',
-      'libarchive',
-    ].freeze
-
-    OS_INFO = {
-      'RedHat' => {
-        '6' => {
-          'required_packages' => EL7_PACKAGES,
-          'ssg' => {
-            'profile_target' => 'rhel6',
-            'build_target'   => 'rhel6',
-            'datastream'     => 'ssg-rhel6-ds.xml'
-          }
-        },
-        '7' => {
-          'required_packages' => EL7_PACKAGES,
-          'ssg' => {
-            'profile_target' => 'rhel7',
-            'build_target'   => 'rhel7',
-            'datastream'     => 'ssg-rhel7-ds.xml'
-          }
-        },
-        '8' => {
-          'required_packages' => EL8_PACKAGES,
-          'ssg' => {
-            'profile_target' => 'rhel8',
-            'build_target'   => 'rhel8',
-            'datastream'     => 'ssg-rhel8-ds.xml'
-          }
-        },
-        '9' => {
-          'required_packages' => EL9_PACKAGES,
-          'ssg' => {
-            'profile_target' => 'rhel9',
-            'build_target'   => 'rhel9',
-            'datastream'     => 'ssg-rhel9-ds.xml'
-          }
-        }
-      },
-      'CentOS' => {
-        '6' => {
-          'required_packages' => EL7_PACKAGES,
-          'ssg' => {
-            'profile_target' => 'rhel6',
-            'build_target'   => 'centos6',
-            'datastream'     => 'ssg-centos6-ds.xml'
-          }
-        },
-        '7' => {
-          'required_packages' => EL7_PACKAGES,
-          'ssg' => {
-            'profile_target' => 'centos7',
-            'build_target'   => 'centos7',
-            'datastream'     => 'ssg-centos7-ds.xml'
-          }
-        },
-        '8' => {
-          'required_packages' => EL8_PACKAGES,
-          'ssg' => {
-            'profile_target' => 'centos8',
-            'build_target'   => 'centos8',
-            'datastream'     => 'ssg-centos8-ds.xml'
-          }
-        },
-        '9' => {
-          'required_packages' => EL9_PACKAGES,
-          'ssg' => {
-            'profile_target' => 'cs9',
-            'build_target'   => 'cs9',
-            'datastream'     => 'ssg-cs9-ds.xml'
-          }
-        }
-      },
-      'Rocky' => {
-        '8' => {
-          'required_packages' => EL8_PACKAGES,
-          'ssg' => {
-            'profile_target' => 'centos8',
-            'build_target'   => 'centos8',
-            'datastream'     => 'ssg-centos8-ds.xml'
-          }
-        },
-        '9' => {
-          'required_packages' => EL9_PACKAGES,
-          'ssg' => {
-            'profile_target' => 'cs9',
-            'build_target'   => 'cs9',
-            'datastream'     => 'ssg-cs9-ds.xml'
-          }
-        }
-      },
-      'OracleLinux' => {
-        '7' => {
-          'required_packages' => EL7_PACKAGES,
-          'ssg' => {
-            'profile_target' => 'ol7',
-            'build_target'   => 'ol7',
-            'datastream'     => 'ssg-ol7-ds.xml'
-          },
-        },
-        '8' => {
-          'required_packages' => EL8_PACKAGES,
-          'ssg' => {
-            'profile_target' => 'ol8',
-            'build_target'   => 'ol8',
-            'datastream'     => 'ssg-ol8-ds.xml'
-          }
-        },
-        '9' => {
-          'required_packages' => EL9_PACKAGES,
-          'ssg' => {
-            'profile_target' => 'ol9',
-            'build_target'   => 'ol9',
-            'datastream'     => 'ssg-ol9-ds.xml'
-          }
-        }
-      }
-    }.freeze
-
-    attr_accessor :scap_working_dir
-
-    # Create a new SSG helper for the specified host
-    #
-    # @param sut
-    #   The SUT against which to run
-    #
-    def initialize(sut)
-      @sut = sut
-
-      @os = pfact_on(@sut, 'os.name')
-      @os_rel = pfact_on(@sut, 'os.release.major')
-
-      sut.mkdir_p('scap_working_dir')
-
-      @scap_working_dir = on(sut, 'cd scap_working_dir && pwd').stdout.strip
-
-      unless OS_INFO[@os]
-        raise("Error: The '#{@os}' Operating System is not supported")
-      end
-
-      OS_INFO[@os][@os_rel]['required_packages'].each do |pkg|
-        install_latest_package_on(@sut, pkg)
-      end
-
-      @output_dir = File.absolute_path('sec_results/ssg')
-
-      unless File.directory?(@output_dir)
-        FileUtils.mkdir_p(@output_dir)
-      end
-
-      @result_file = "#{@sut.hostname}-ssg-#{Time.now.to_i}"
-
-      get_ssg_datastream
-    end
-
-    def profile_target
-      OS_INFO[@os][@os_rel]['ssg']['profile_target']
-    end
-
-    def get_profiles
-      cmd = "cd #{@scap_working_dir}; oscap info --profiles"
-      on(@sut, "#{cmd} #{OS_INFO[@os][@os_rel]['ssg']['datastream']}")
-        .stdout
-        .strip
-        .lines
-        .map { |x| x.split(':').first }
-    end
-
-    def remediate(profile)
-      evaluate(profile, true)
-    end
-
-    def evaluate(profile, remediate = false)
-      cmd = "cd #{@scap_working_dir}; oscap xccdf eval"
-
-      if remediate
-        cmd += ' --remediate'
-      end
-
-      cmd += %( --profile #{profile} --results #{@result_file}.xml --report #{@result_file}.html #{OS_INFO[@os][@os_rel]['ssg']['datastream']})
-
-      # We accept all exit codes here because there have occasionally been
-      # failures in the SSG content and we're not testing that.
-
-      on(@sut, cmd, accept_all_exit_codes: true)
-
-      ['xml', 'html'].each do |ext|
-        path = "#{@scap_working_dir}/#{@result_file}.#{ext}"
-        scp_from(@sut, path, @output_dir)
-
-        raise("Could not retrieve #{path} from #{@sut}") unless File.exist?(File.join(@output_dir, "#{@result_file}.#{ext}"))
-      end
-    end
-
-    # Output the report
-    #
-    # @param report
-    #   The results Hash
-    #
-    def write_report(report)
-      File.open(File.join(@output_dir, @result_file) + '.report', 'w') do |fh|
-        fh.puts(report[:report].uncolor)
-      end
-    end
-
-    # Retrieve a subset of test results based on a match to filter
-    #
-    # @param filter [String, Array[String]]
-    #   A 'short name' filter that will be matched against the rule ID name
-    #
-    # @param exclusions [String, Array[String]]
-    #   A 'short name' filter of items that will be removed from the `filter`
-    #   matches
-    #
-    # @return [Hash] A Hash of statistics and a formatted report
-    #
-    # FIXME:
-    # - This is a hack! Should be searching for rules based on a set
-    #   set of STIG ids, but don't see those ids in the oscap results xml.
-    #   Further mapping is required...
-    # - Create the same report structure as inspec
-    def process_ssg_results(filter = nil, exclusions = nil)
-      self.class.process_ssg_results(
-        File.join(@output_dir, @result_file) + '.xml',
-        filter,
-        exclusions,
-      )
-    end
-
-    # Process the results of an SSG run
-    #
-    # @param result_file [String]
-    #   The oscap result XML file to process
-    #
-    # @param filter [String, Array[String]]
-    #   A 'short name' filter that will be matched against the rule ID name
-    #
-    # @param exclusions [String, Array[String]]
-    #   A 'short name' filter of items that will be removed from the `filter`
-    #   matches
-    #
-    # @return [Hash] A Hash of statistics and a formatted report
-    #
-    def self.process_ssg_results(result_file, filter = nil, exclusions = nil)
-      require 'highline'
-      require 'nokogiri'
-
-      HighLine.colorize_strings
-
-      raise("Could not find results XML file '#{result_file}'") unless File.exist?(result_file)
-
-      puts "Processing #{result_file}"
-      doc = Nokogiri::XML(File.open(result_file))
-
-      # because I'm lazy
-      doc.remove_namespaces!
-
-      if filter
-        filter = Array(filter)
-
-        xpath_query = [
-          '//rule-result[(',
-        ]
-
-        xpath_query << filter.map { |flt|
-          "contains(@idref,'#{flt}')"
-        }.join(' or ')
-
-        xpath_query << ')' if filter.size > 1
-
-        exclusions = Array(exclusions)
-        unless exclusions.empty?
-          xpath_query << 'and not('
-
-          xpath_query << exclusions.map { |exl|
-            "contains(@idref,'#{exl}')"
-          }.join(' or ')
-
-          xpath_query << ')' unless exclusions.empty?
-        end
-
-        xpath_query << ')]'
-
-        xpath_query = xpath_query.join(' ')
-
-        # XPATH to get the pertinent test results:
-        #   Any node named 'rule-result' for which the attribute 'idref'
-        #   contains any of the `filter` Strings and does not contain any of the
-        #   `exclusions` Strings
-        result_nodes = doc.xpath(xpath_query)
-      else
-        result_nodes = doc.xpath('//rule-result')
-      end
-
-      stats = {
-        failed: [],
-        passed: [],
-        skipped: [],
-        filter: filter.nil? ? 'No Filter' : filter,
-        report: nil,
-        score: 0
-      }
-
-      result_nodes.each do |rule_result|
-        # Results are recorded in a child node named 'result'.
-        # Within the 'result' node, the actual result string is
-        # the content of that node's (only) child node.
-
-        result = rule_result.element_children.at('result')
-        result_id = rule_result.attributes['idref'].value.to_s
-        result_value = [
-          'Title: ' + doc.xpath("//Rule[@id='#{result_id}']/title/text()").first.to_s,
-          '  ID: ' + result_id,
-        ]
-
-        if result.child.content == 'fail'
-          references = {}
-
-          doc.xpath("//Rule[@id='#{result_id}']/reference").each do |ref|
-            references[ref['href']] ||= []
-            references[ref['href']] << ref.text
-          end
-
-          result_value << '  References:'
-          references.each_pair do |src, items|
-            result_value << "    *  #{src}"
-            result_value << "      * #{items.join(', ')}"
-          end
-          result_value << '  Description: ' + doc.xpath("//Rule[@id='#{result_id}']/description").text.gsub("\n", "\n    ")
-        end
-
-        result_value = result_value.join("\n")
-
-        if result.child.content == 'fail'
-          stats[:failed] << result_value.red
-        elsif result.child.content == 'pass'
-          stats[:passed] << result_value.green
-        else
-          stats[:skipped] << result_value.yellow
-        end
-      end
-
-      report = []
-
-      report << '== Skipped =='
-      report << stats[:skipped].join("\n")
-
-      report << '== Passed =='
-      report << stats[:passed].join("\n")
-
-      report << '== Failed =='
-      report << stats[:failed].join("\n")
-
-      report << 'OSCAP Statistics:'
-
-      if filter
-        report << "  * Used Filter: 'idref' ~= '#{stats[:filter]}'"
-      end
-
-      report << "  * Passed: #{stats[:passed].count.to_s.green}"
-      report << "  * Failed: #{stats[:failed].count.to_s.red}"
-      report << "  * Skipped: #{stats[:skipped].count.to_s.yellow}"
-
-      score = 0
-
-      if (stats[:passed].count + stats[:failed].count) > 0
-        score = ((stats[:passed].count.to_f / (stats[:passed].count + stats[:failed].count)) * 100.0).round(0)
-      end
-
-      report << "\n Score: #{score}%"
-
-      stats[:score]  = score
-      stats[:report] = report.join("\n")
-
-      stats
-    end
-
-    private
-
-    def get_ssg_datastream
-      # Allow users to point at a specific SSG release 'tar.bz2' file
-      ssg_release = ENV['BEAKER_ssg_release']
-
-      # Grab the latest SSG release in fixtures if it exists
-      ssg_release ||= Dir.glob('spec/fixtures/ssg_releases/*.bz2').last
-
-      if ssg_release
-        copy_to(@sut, ssg_release, @scap_working_dir)
-
-        on(@sut, %(mkdir -p scap-content && tar -xj -C scap-content --strip-components 1 -f #{ssg_release} && cp scap-content/*ds.xml #{@scap_working_dir}))
-      else
-        on(@sut, %(git clone #{GIT_REPO} scap-content))
-        if GIT_BRANCH
-          on(@sut, %(cd scap-content; git checkout #{GIT_BRANCH}))
-        else
-          tags = on(@sut, %(cd scap-content; git tag -l)).output
-          target_tag = tags.lines.map(&:strip)
-                           .select { |x| x.match?(%r{^v(\d+\.)+\d+$}) }
-                           .sort.last
-
-          on(@sut, %(cd scap-content; git checkout #{target_tag}))
-        end
-
-        # Work around the issue where the profiles now strip out derivative
-        # content that isn't explicitlly approved for that OS. This means that
-        # we are unable to test CentOS builds against the STIG, etc...
-        #
-        # This isn't 100% correct but it's "good enough" for an automated CI
-        # environment to tell us if something is critically out of alignment.
-        safe_sed(
-          @sut,
-          's/ssg.build_derivatives.profile_handling/__simp_dontcare__ = None #ssg.build_derivatives.profile_handling/g',
-          'scap-content/build-scripts/enable_derivatives.py',
-        )
-
-        on(@sut, %(cd scap-content/build; cmake ../; make -j4 #{OS_INFO[@os][@os_rel]['ssg']['build_target']}-content && cp *ds.xml #{@scap_working_dir}))
-      end
-    end
-  end
-end

data/spec/acceptance/suites/ssg/00_default_spec.rb

@@ -1,49 +0,0 @@
-require 'spec_helper_acceptance'
-
-test_name 'SSG Functionality Validation'
-
-describe 'run the SSG against an SCAP profile' do
-  hosts.each do |host|
-    context "on #{host}" do
-      ssg = nil
-      ssg_report = nil
-
-      before(:all) do
-        ssg = Simp::BeakerHelpers::SSG.new(host)
-
-        # If we don't do this, the variable gets reset
-        ssg_report = { data: nil }
-      end
-
-      it 'runs the SSG' do
-        profiles = ssg.get_profiles
-
-        profile = profiles.find { |x| x.include?('_stig') } ||
-                  profiles.find { |x| x.include?('_cui') } ||
-                  profiles.find { |x| x.include?('_ospp') } ||
-                  profiles.find { |x| x.include?('_standard') } ||
-                  profiles.last
-
-        expect(profile).not_to be_nil
-        ssg.evaluate(profile)
-      end
-
-      it 'has an SSG report' do
-        # Validate that the filter works
-        filter = '_rule_audit'
-        host_exclusions = ['ssh_']
-
-        ssg_report[:data] = ssg.process_ssg_results(filter, host_exclusions)
-
-        expect(ssg_report[:data]).not_to be_nil
-
-        ssg.write_report(ssg_report[:data])
-      end
-
-      it 'has a report' do
-        expect(ssg_report[:data][:report]).not_to be_nil
-        puts ssg_report[:data][:report]
-      end
-    end
-  end
-end

data/spec/acceptance/suites/ssg/metadata.yml

@@ -1,2 +0,0 @@
----
-'default_run': true

data/spec/acceptance/suites/ssg/nodesets

@@ -1 +0,0 @@
-../../nodesets