simp-beaker-helpers 1.23.3 → 1.23.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitlab-ci.yml +6 -0
- data/CHANGELOG.md +8 -0
- data/lib/simp/beaker_helpers/ssg.rb +21 -11
- data/lib/simp/beaker_helpers/version.rb +1 -1
- data/spec/acceptance/nodesets/default.yml +1 -0
- data/spec/acceptance/nodesets/oel.yml +42 -0
- data/spec/acceptance/suites/ssg/00_default_spec.rb +10 -3
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4a8f3a3f4dc773c215796e464031e1ab00ed025c9a3346fd4573d12a1a072fd9
|
4
|
+
data.tar.gz: 1d55ad88ebae56afe2e807ad1a27d3e6ee5828499ef2f3655770b71f8660d579
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 10d292eb75b4bcd9d2bfc2bc5223367ea2706db88cdc29d016b37db9864530d6a923e56339d1f37a5b4e9b9cf1edeb34c179d73d5a56361416145a363c02890e
|
7
|
+
data.tar.gz: f877ae87cf79c64786aeaf800cb1d8b839ad251c80664e128b498a7e555d9661a7034e677d1682bcbc91fb8ce00ba504f5ed22035ad6ed877df45d0c8851b241
|
data/.gitlab-ci.yml
CHANGED
@@ -360,6 +360,12 @@ puppet7_collections:
|
|
360
360
|
script:
|
361
361
|
- bundle exec rake beaker:suites[puppet_collections]
|
362
362
|
|
363
|
+
oel_ssg:
|
364
|
+
<<: *pup_6_x
|
365
|
+
<<: *acceptance_base
|
366
|
+
script:
|
367
|
+
- bundle exec rake beaker:suites[ssg,oel]
|
368
|
+
|
363
369
|
windows:
|
364
370
|
<<: *pup_6_x
|
365
371
|
<<: *acceptance_base
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,11 @@
|
|
1
|
+
### 1.23.4 / 2021-07-07
|
2
|
+
* Fixed:
|
3
|
+
* Ensure that the openscap-scanner package is installed during SSG runs
|
4
|
+
* Added:
|
5
|
+
* A function to fetch the available SSG profiles on a target system
|
6
|
+
* Changed:
|
7
|
+
* Added OEL nodeset
|
8
|
+
|
1
9
|
### 1.23.3 / 2021-06-30
|
2
10
|
* Fixed:
|
3
11
|
* Removed the Streams kernel update for EL 8.3 since it now causes issues
|
@@ -19,10 +19,11 @@ module Simp::BeakerHelpers
|
|
19
19
|
GIT_BRANCH = ENV['BEAKER_ssg_branch']
|
20
20
|
end
|
21
21
|
|
22
|
-
|
22
|
+
EL7_PACKAGES = [
|
23
23
|
'PyYAML',
|
24
24
|
'cmake',
|
25
25
|
'git',
|
26
|
+
'openscap-scanner',
|
26
27
|
'openscap-python',
|
27
28
|
'openscap-utils',
|
28
29
|
'python-jinja2',
|
@@ -35,6 +36,7 @@ module Simp::BeakerHelpers
|
|
35
36
|
'make',
|
36
37
|
'openscap-python3',
|
37
38
|
'openscap-utils',
|
39
|
+
'openscap-scanner',
|
38
40
|
'python3',
|
39
41
|
'python3-jinja2',
|
40
42
|
'python3-lxml',
|
@@ -45,7 +47,7 @@ module Simp::BeakerHelpers
|
|
45
47
|
OS_INFO = {
|
46
48
|
'RedHat' => {
|
47
49
|
'6' => {
|
48
|
-
'required_packages' =>
|
50
|
+
'required_packages' => EL7_PACKAGES,
|
49
51
|
'ssg' => {
|
50
52
|
'profile_target' => 'rhel6',
|
51
53
|
'build_target' => 'rhel6',
|
@@ -53,7 +55,7 @@ module Simp::BeakerHelpers
|
|
53
55
|
}
|
54
56
|
},
|
55
57
|
'7' => {
|
56
|
-
'required_packages' =>
|
58
|
+
'required_packages' => EL7_PACKAGES,
|
57
59
|
'ssg' => {
|
58
60
|
'profile_target' => 'rhel7',
|
59
61
|
'build_target' => 'rhel7',
|
@@ -71,7 +73,7 @@ module Simp::BeakerHelpers
|
|
71
73
|
},
|
72
74
|
'CentOS' => {
|
73
75
|
'6' => {
|
74
|
-
'required_packages' =>
|
76
|
+
'required_packages' => EL7_PACKAGES,
|
75
77
|
'ssg' => {
|
76
78
|
'profile_target' => 'rhel6',
|
77
79
|
'build_target' => 'centos6',
|
@@ -79,7 +81,7 @@ module Simp::BeakerHelpers
|
|
79
81
|
}
|
80
82
|
},
|
81
83
|
'7' => {
|
82
|
-
'required_packages' =>
|
84
|
+
'required_packages' => EL7_PACKAGES,
|
83
85
|
'ssg' => {
|
84
86
|
'profile_target' => 'centos7',
|
85
87
|
'build_target' => 'centos7',
|
@@ -107,12 +109,13 @@ module Simp::BeakerHelpers
|
|
107
109
|
},
|
108
110
|
'OracleLinux' => {
|
109
111
|
'7' => {
|
110
|
-
'required_packages' =>
|
112
|
+
'required_packages' => EL7_PACKAGES,
|
111
113
|
'ssg' => {
|
112
114
|
'profile_target' => 'ol7',
|
113
115
|
'build_target' => 'ol7',
|
114
116
|
'datastream' => 'ssg-ol7-ds.xml'
|
115
117
|
},
|
118
|
+
},
|
116
119
|
'8' => {
|
117
120
|
'required_packages' => EL8_PACKAGES,
|
118
121
|
'ssg' => {
|
@@ -121,7 +124,6 @@ module Simp::BeakerHelpers
|
|
121
124
|
'datastream' => 'ssg-ol8-ds.xml'
|
122
125
|
}
|
123
126
|
}
|
124
|
-
}
|
125
127
|
}
|
126
128
|
}
|
127
129
|
|
@@ -135,8 +137,8 @@ module Simp::BeakerHelpers
|
|
135
137
|
def initialize(sut)
|
136
138
|
@sut = sut
|
137
139
|
|
138
|
-
@os =
|
139
|
-
@os_rel =
|
140
|
+
@os = pfact_on(@sut, 'os.name')
|
141
|
+
@os_rel = pfact_on(@sut, 'os.release.major')
|
140
142
|
|
141
143
|
sut.mkdir_p('scap_working_dir')
|
142
144
|
|
@@ -158,7 +160,6 @@ module Simp::BeakerHelpers
|
|
158
160
|
|
159
161
|
@result_file = "#{@sut.hostname}-ssg-#{Time.now.to_i}"
|
160
162
|
|
161
|
-
|
162
163
|
get_ssg_datastream
|
163
164
|
end
|
164
165
|
|
@@ -166,6 +167,15 @@ module Simp::BeakerHelpers
|
|
166
167
|
OS_INFO[@os][@os_rel]['ssg']['profile_target']
|
167
168
|
end
|
168
169
|
|
170
|
+
def get_profiles
|
171
|
+
cmd = "cd #{@scap_working_dir}; oscap info --profiles"
|
172
|
+
on(@sut, "#{cmd} #{OS_INFO[@os][@os_rel]['ssg']['datastream']}")
|
173
|
+
.stdout
|
174
|
+
.strip
|
175
|
+
.lines
|
176
|
+
.map{|x| x.split(':').first}
|
177
|
+
end
|
178
|
+
|
169
179
|
def remediate(profile)
|
170
180
|
evaluate(profile, true)
|
171
181
|
end
|
@@ -177,7 +187,7 @@ module Simp::BeakerHelpers
|
|
177
187
|
cmd += ' --remediate'
|
178
188
|
end
|
179
189
|
|
180
|
-
cmd += %( --
|
190
|
+
cmd += %( --profile #{profile} --results #{@result_file}.xml --report #{@result_file}.html #{OS_INFO[@os][@os_rel]['ssg']['datastream']})
|
181
191
|
|
182
192
|
# We accept all exit codes here because there have occasionally been
|
183
193
|
# failures in the SSG content and we're not testing that.
|
@@ -0,0 +1,42 @@
|
|
1
|
+
<%
|
2
|
+
if ENV['BEAKER_HYPERVISOR']
|
3
|
+
hypervisor = ENV['BEAKER_HYPERVISOR']
|
4
|
+
else
|
5
|
+
hypervisor = 'vagrant'
|
6
|
+
end
|
7
|
+
-%>
|
8
|
+
HOSTS:
|
9
|
+
oel7:
|
10
|
+
roles:
|
11
|
+
- el7
|
12
|
+
- master
|
13
|
+
platform: el-7-x86_64
|
14
|
+
box: generic/oracle7
|
15
|
+
hypervisor: <%= hypervisor %>
|
16
|
+
|
17
|
+
oel8:
|
18
|
+
roles:
|
19
|
+
- el8
|
20
|
+
platform: el-8-x86_64
|
21
|
+
box: generic/oracle8
|
22
|
+
hypervisor: <%= hypervisor %>
|
23
|
+
|
24
|
+
CONFIG:
|
25
|
+
log_level: verbose
|
26
|
+
type: aio
|
27
|
+
vagrant_memsize: 512
|
28
|
+
vagrant_cpus: 2
|
29
|
+
<% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
|
30
|
+
puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>
|
31
|
+
<% end -%>
|
32
|
+
ssh:
|
33
|
+
keepalive: true
|
34
|
+
keepalive_interval: 10
|
35
|
+
host_key:
|
36
|
+
- <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:host_key].join("\n#{' '*6}- ") %>
|
37
|
+
kex:
|
38
|
+
- <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:kex].join("\n#{' '*6}- ") %>
|
39
|
+
encryption:
|
40
|
+
- <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:encryption].join("\n#{' '*6}- ") %>
|
41
|
+
hmac:
|
42
|
+
- <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:hmac].join("\n#{' '*6}- ") %>
|
@@ -1,8 +1,8 @@
|
|
1
1
|
require 'spec_helper_acceptance'
|
2
2
|
|
3
|
-
test_name 'SSG
|
3
|
+
test_name 'SSG Functionality Validation'
|
4
4
|
|
5
|
-
describe 'run the SSG against
|
5
|
+
describe 'run the SSG against an SCAP profile' do
|
6
6
|
|
7
7
|
hosts.each do |host|
|
8
8
|
context "on #{host}" do
|
@@ -14,8 +14,15 @@ describe 'run the SSG against the STIG profile' do
|
|
14
14
|
end
|
15
15
|
|
16
16
|
it 'should run the SSG' do
|
17
|
-
|
17
|
+
profiles = @ssg.get_profiles
|
18
18
|
|
19
|
+
profile = profiles.find{|x| x =~ /_stig/} ||
|
20
|
+
profiles.find{|x| x =~ /_cui/} ||
|
21
|
+
profiles.find{|x| x =~ /_ospp/} ||
|
22
|
+
profiles.find{|x| x =~ /_standard/} ||
|
23
|
+
profiles.last
|
24
|
+
|
25
|
+
expect(profile).not_to be_nil
|
19
26
|
@ssg.evaluate(profile)
|
20
27
|
end
|
21
28
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: simp-beaker-helpers
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.23.
|
4
|
+
version: 1.23.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Chris Tessmer
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2021-
|
12
|
+
date: 2021-07-13 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: beaker
|
@@ -221,6 +221,7 @@ files:
|
|
221
221
|
- simp-beaker-helpers.gemspec
|
222
222
|
- spec/acceptance/nodesets/default.yml
|
223
223
|
- spec/acceptance/nodesets/docker.yml
|
224
|
+
- spec/acceptance/nodesets/oel.yml
|
224
225
|
- spec/acceptance/nodesets/ubuntu.yml
|
225
226
|
- spec/acceptance/suites/default/check_puppet_version_spec.rb
|
226
227
|
- spec/acceptance/suites/default/enable_fips_spec.rb
|