simp-beaker-helpers 1.23.3 → 1.23.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitlab-ci.yml +6 -0
- data/CHANGELOG.md +8 -0
- data/lib/simp/beaker_helpers/ssg.rb +21 -11
- data/lib/simp/beaker_helpers/version.rb +1 -1
- data/spec/acceptance/nodesets/default.yml +1 -0
- data/spec/acceptance/nodesets/oel.yml +42 -0
- data/spec/acceptance/suites/ssg/00_default_spec.rb +10 -3
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4a8f3a3f4dc773c215796e464031e1ab00ed025c9a3346fd4573d12a1a072fd9
|
|
4
|
+
data.tar.gz: 1d55ad88ebae56afe2e807ad1a27d3e6ee5828499ef2f3655770b71f8660d579
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 10d292eb75b4bcd9d2bfc2bc5223367ea2706db88cdc29d016b37db9864530d6a923e56339d1f37a5b4e9b9cf1edeb34c179d73d5a56361416145a363c02890e
|
|
7
|
+
data.tar.gz: f877ae87cf79c64786aeaf800cb1d8b839ad251c80664e128b498a7e555d9661a7034e677d1682bcbc91fb8ce00ba504f5ed22035ad6ed877df45d0c8851b241
|
data/.gitlab-ci.yml
CHANGED
|
@@ -360,6 +360,12 @@ puppet7_collections:
|
|
|
360
360
|
script:
|
|
361
361
|
- bundle exec rake beaker:suites[puppet_collections]
|
|
362
362
|
|
|
363
|
+
oel_ssg:
|
|
364
|
+
<<: *pup_6_x
|
|
365
|
+
<<: *acceptance_base
|
|
366
|
+
script:
|
|
367
|
+
- bundle exec rake beaker:suites[ssg,oel]
|
|
368
|
+
|
|
363
369
|
windows:
|
|
364
370
|
<<: *pup_6_x
|
|
365
371
|
<<: *acceptance_base
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,11 @@
|
|
|
1
|
+
### 1.23.4 / 2021-07-07
|
|
2
|
+
* Fixed:
|
|
3
|
+
* Ensure that the openscap-scanner package is installed during SSG runs
|
|
4
|
+
* Added:
|
|
5
|
+
* A function to fetch the available SSG profiles on a target system
|
|
6
|
+
* Changed:
|
|
7
|
+
* Added OEL nodeset
|
|
8
|
+
|
|
1
9
|
### 1.23.3 / 2021-06-30
|
|
2
10
|
* Fixed:
|
|
3
11
|
* Removed the Streams kernel update for EL 8.3 since it now causes issues
|
|
@@ -19,10 +19,11 @@ module Simp::BeakerHelpers
|
|
|
19
19
|
GIT_BRANCH = ENV['BEAKER_ssg_branch']
|
|
20
20
|
end
|
|
21
21
|
|
|
22
|
-
|
|
22
|
+
EL7_PACKAGES = [
|
|
23
23
|
'PyYAML',
|
|
24
24
|
'cmake',
|
|
25
25
|
'git',
|
|
26
|
+
'openscap-scanner',
|
|
26
27
|
'openscap-python',
|
|
27
28
|
'openscap-utils',
|
|
28
29
|
'python-jinja2',
|
|
@@ -35,6 +36,7 @@ module Simp::BeakerHelpers
|
|
|
35
36
|
'make',
|
|
36
37
|
'openscap-python3',
|
|
37
38
|
'openscap-utils',
|
|
39
|
+
'openscap-scanner',
|
|
38
40
|
'python3',
|
|
39
41
|
'python3-jinja2',
|
|
40
42
|
'python3-lxml',
|
|
@@ -45,7 +47,7 @@ module Simp::BeakerHelpers
|
|
|
45
47
|
OS_INFO = {
|
|
46
48
|
'RedHat' => {
|
|
47
49
|
'6' => {
|
|
48
|
-
'required_packages' =>
|
|
50
|
+
'required_packages' => EL7_PACKAGES,
|
|
49
51
|
'ssg' => {
|
|
50
52
|
'profile_target' => 'rhel6',
|
|
51
53
|
'build_target' => 'rhel6',
|
|
@@ -53,7 +55,7 @@ module Simp::BeakerHelpers
|
|
|
53
55
|
}
|
|
54
56
|
},
|
|
55
57
|
'7' => {
|
|
56
|
-
'required_packages' =>
|
|
58
|
+
'required_packages' => EL7_PACKAGES,
|
|
57
59
|
'ssg' => {
|
|
58
60
|
'profile_target' => 'rhel7',
|
|
59
61
|
'build_target' => 'rhel7',
|
|
@@ -71,7 +73,7 @@ module Simp::BeakerHelpers
|
|
|
71
73
|
},
|
|
72
74
|
'CentOS' => {
|
|
73
75
|
'6' => {
|
|
74
|
-
'required_packages' =>
|
|
76
|
+
'required_packages' => EL7_PACKAGES,
|
|
75
77
|
'ssg' => {
|
|
76
78
|
'profile_target' => 'rhel6',
|
|
77
79
|
'build_target' => 'centos6',
|
|
@@ -79,7 +81,7 @@ module Simp::BeakerHelpers
|
|
|
79
81
|
}
|
|
80
82
|
},
|
|
81
83
|
'7' => {
|
|
82
|
-
'required_packages' =>
|
|
84
|
+
'required_packages' => EL7_PACKAGES,
|
|
83
85
|
'ssg' => {
|
|
84
86
|
'profile_target' => 'centos7',
|
|
85
87
|
'build_target' => 'centos7',
|
|
@@ -107,12 +109,13 @@ module Simp::BeakerHelpers
|
|
|
107
109
|
},
|
|
108
110
|
'OracleLinux' => {
|
|
109
111
|
'7' => {
|
|
110
|
-
'required_packages' =>
|
|
112
|
+
'required_packages' => EL7_PACKAGES,
|
|
111
113
|
'ssg' => {
|
|
112
114
|
'profile_target' => 'ol7',
|
|
113
115
|
'build_target' => 'ol7',
|
|
114
116
|
'datastream' => 'ssg-ol7-ds.xml'
|
|
115
117
|
},
|
|
118
|
+
},
|
|
116
119
|
'8' => {
|
|
117
120
|
'required_packages' => EL8_PACKAGES,
|
|
118
121
|
'ssg' => {
|
|
@@ -121,7 +124,6 @@ module Simp::BeakerHelpers
|
|
|
121
124
|
'datastream' => 'ssg-ol8-ds.xml'
|
|
122
125
|
}
|
|
123
126
|
}
|
|
124
|
-
}
|
|
125
127
|
}
|
|
126
128
|
}
|
|
127
129
|
|
|
@@ -135,8 +137,8 @@ module Simp::BeakerHelpers
|
|
|
135
137
|
def initialize(sut)
|
|
136
138
|
@sut = sut
|
|
137
139
|
|
|
138
|
-
@os =
|
|
139
|
-
@os_rel =
|
|
140
|
+
@os = pfact_on(@sut, 'os.name')
|
|
141
|
+
@os_rel = pfact_on(@sut, 'os.release.major')
|
|
140
142
|
|
|
141
143
|
sut.mkdir_p('scap_working_dir')
|
|
142
144
|
|
|
@@ -158,7 +160,6 @@ module Simp::BeakerHelpers
|
|
|
158
160
|
|
|
159
161
|
@result_file = "#{@sut.hostname}-ssg-#{Time.now.to_i}"
|
|
160
162
|
|
|
161
|
-
|
|
162
163
|
get_ssg_datastream
|
|
163
164
|
end
|
|
164
165
|
|
|
@@ -166,6 +167,15 @@ module Simp::BeakerHelpers
|
|
|
166
167
|
OS_INFO[@os][@os_rel]['ssg']['profile_target']
|
|
167
168
|
end
|
|
168
169
|
|
|
170
|
+
def get_profiles
|
|
171
|
+
cmd = "cd #{@scap_working_dir}; oscap info --profiles"
|
|
172
|
+
on(@sut, "#{cmd} #{OS_INFO[@os][@os_rel]['ssg']['datastream']}")
|
|
173
|
+
.stdout
|
|
174
|
+
.strip
|
|
175
|
+
.lines
|
|
176
|
+
.map{|x| x.split(':').first}
|
|
177
|
+
end
|
|
178
|
+
|
|
169
179
|
def remediate(profile)
|
|
170
180
|
evaluate(profile, true)
|
|
171
181
|
end
|
|
@@ -177,7 +187,7 @@ module Simp::BeakerHelpers
|
|
|
177
187
|
cmd += ' --remediate'
|
|
178
188
|
end
|
|
179
189
|
|
|
180
|
-
cmd += %( --
|
|
190
|
+
cmd += %( --profile #{profile} --results #{@result_file}.xml --report #{@result_file}.html #{OS_INFO[@os][@os_rel]['ssg']['datastream']})
|
|
181
191
|
|
|
182
192
|
# We accept all exit codes here because there have occasionally been
|
|
183
193
|
# failures in the SSG content and we're not testing that.
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
<%
|
|
2
|
+
if ENV['BEAKER_HYPERVISOR']
|
|
3
|
+
hypervisor = ENV['BEAKER_HYPERVISOR']
|
|
4
|
+
else
|
|
5
|
+
hypervisor = 'vagrant'
|
|
6
|
+
end
|
|
7
|
+
-%>
|
|
8
|
+
HOSTS:
|
|
9
|
+
oel7:
|
|
10
|
+
roles:
|
|
11
|
+
- el7
|
|
12
|
+
- master
|
|
13
|
+
platform: el-7-x86_64
|
|
14
|
+
box: generic/oracle7
|
|
15
|
+
hypervisor: <%= hypervisor %>
|
|
16
|
+
|
|
17
|
+
oel8:
|
|
18
|
+
roles:
|
|
19
|
+
- el8
|
|
20
|
+
platform: el-8-x86_64
|
|
21
|
+
box: generic/oracle8
|
|
22
|
+
hypervisor: <%= hypervisor %>
|
|
23
|
+
|
|
24
|
+
CONFIG:
|
|
25
|
+
log_level: verbose
|
|
26
|
+
type: aio
|
|
27
|
+
vagrant_memsize: 512
|
|
28
|
+
vagrant_cpus: 2
|
|
29
|
+
<% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
|
|
30
|
+
puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>
|
|
31
|
+
<% end -%>
|
|
32
|
+
ssh:
|
|
33
|
+
keepalive: true
|
|
34
|
+
keepalive_interval: 10
|
|
35
|
+
host_key:
|
|
36
|
+
- <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:host_key].join("\n#{' '*6}- ") %>
|
|
37
|
+
kex:
|
|
38
|
+
- <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:kex].join("\n#{' '*6}- ") %>
|
|
39
|
+
encryption:
|
|
40
|
+
- <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:encryption].join("\n#{' '*6}- ") %>
|
|
41
|
+
hmac:
|
|
42
|
+
- <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:hmac].join("\n#{' '*6}- ") %>
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
require 'spec_helper_acceptance'
|
|
2
2
|
|
|
3
|
-
test_name 'SSG
|
|
3
|
+
test_name 'SSG Functionality Validation'
|
|
4
4
|
|
|
5
|
-
describe 'run the SSG against
|
|
5
|
+
describe 'run the SSG against an SCAP profile' do
|
|
6
6
|
|
|
7
7
|
hosts.each do |host|
|
|
8
8
|
context "on #{host}" do
|
|
@@ -14,8 +14,15 @@ describe 'run the SSG against the STIG profile' do
|
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
it 'should run the SSG' do
|
|
17
|
-
|
|
17
|
+
profiles = @ssg.get_profiles
|
|
18
18
|
|
|
19
|
+
profile = profiles.find{|x| x =~ /_stig/} ||
|
|
20
|
+
profiles.find{|x| x =~ /_cui/} ||
|
|
21
|
+
profiles.find{|x| x =~ /_ospp/} ||
|
|
22
|
+
profiles.find{|x| x =~ /_standard/} ||
|
|
23
|
+
profiles.last
|
|
24
|
+
|
|
25
|
+
expect(profile).not_to be_nil
|
|
19
26
|
@ssg.evaluate(profile)
|
|
20
27
|
end
|
|
21
28
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: simp-beaker-helpers
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.23.
|
|
4
|
+
version: 1.23.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Tessmer
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2021-
|
|
12
|
+
date: 2021-07-13 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: beaker
|
|
@@ -221,6 +221,7 @@ files:
|
|
|
221
221
|
- simp-beaker-helpers.gemspec
|
|
222
222
|
- spec/acceptance/nodesets/default.yml
|
|
223
223
|
- spec/acceptance/nodesets/docker.yml
|
|
224
|
+
- spec/acceptance/nodesets/oel.yml
|
|
224
225
|
- spec/acceptance/nodesets/ubuntu.yml
|
|
225
226
|
- spec/acceptance/suites/default/check_puppet_version_spec.rb
|
|
226
227
|
- spec/acceptance/suites/default/enable_fips_spec.rb
|