simp-beaker-helpers 1.23.3 → 1.23.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/.gitlab-ci.yml +6 -0
  3. data/CHANGELOG.md +8 -0
  4. data/lib/simp/beaker_helpers/ssg.rb +21 -11
  5. data/lib/simp/beaker_helpers/version.rb +1 -1
  6. data/spec/acceptance/nodesets/default.yml +1 -0
  7. data/spec/acceptance/nodesets/oel.yml +42 -0
  8. data/spec/acceptance/suites/ssg/00_default_spec.rb +10 -3
  9. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 88ab91d8bd2eef77e691c0d864999426ba1321f866decc3a867075535fe23c7b
4
- data.tar.gz: 1bf21a9614c1b814ebf80059e60b00c80defd6cc4733bbd421ce6a2620d9e744
3
+ metadata.gz: 4a8f3a3f4dc773c215796e464031e1ab00ed025c9a3346fd4573d12a1a072fd9
4
+ data.tar.gz: 1d55ad88ebae56afe2e807ad1a27d3e6ee5828499ef2f3655770b71f8660d579
5
5
  SHA512:
6
- metadata.gz: 3ebba34024934a95b6e2b343bbdc0bb56859a686d20c9a7053d3ffdeedd528260379a7ba82a5b5dd1914d661f46eb1e64b48aef4ee84e88e5181754a5fc151b9
7
- data.tar.gz: 5a69d66af5c521f0ec19c52dc1501ab5731f54155b9b23ff64b6d145dff18f05e8bfbb154410c2b2e3282da6c639f05a61b4d42f515d55b36166094d8dfecac3
6
+ metadata.gz: 10d292eb75b4bcd9d2bfc2bc5223367ea2706db88cdc29d016b37db9864530d6a923e56339d1f37a5b4e9b9cf1edeb34c179d73d5a56361416145a363c02890e
7
+ data.tar.gz: f877ae87cf79c64786aeaf800cb1d8b839ad251c80664e128b498a7e555d9661a7034e677d1682bcbc91fb8ce00ba504f5ed22035ad6ed877df45d0c8851b241
data/.gitlab-ci.yml CHANGED
@@ -360,6 +360,12 @@ puppet7_collections:
360
360
  script:
361
361
  - bundle exec rake beaker:suites[puppet_collections]
362
362
 
363
+ oel_ssg:
364
+ <<: *pup_6_x
365
+ <<: *acceptance_base
366
+ script:
367
+ - bundle exec rake beaker:suites[ssg,oel]
368
+
363
369
  windows:
364
370
  <<: *pup_6_x
365
371
  <<: *acceptance_base
data/CHANGELOG.md CHANGED
@@ -1,3 +1,11 @@
1
+ ### 1.23.4 / 2021-07-07
2
+ * Fixed:
3
+ * Ensure that the openscap-scanner package is installed during SSG runs
4
+ * Added:
5
+ * A function to fetch the available SSG profiles on a target system
6
+ * Changed:
7
+ * Added OEL nodeset
8
+
1
9
  ### 1.23.3 / 2021-06-30
2
10
  * Fixed:
3
11
  * Removed the Streams kernel update for EL 8.3 since it now causes issues
data/lib/simp/beaker_helpers/ssg.rb CHANGED
@@ -19,10 +19,11 @@ module Simp::BeakerHelpers
19
19
  GIT_BRANCH = ENV['BEAKER_ssg_branch']
20
20
  end
21
21
 
22
- EL_PACKAGES = [
22
+ EL7_PACKAGES = [
23
23
  'PyYAML',
24
24
  'cmake',
25
25
  'git',
26
+ 'openscap-scanner',
26
27
  'openscap-python',
27
28
  'openscap-utils',
28
29
  'python-jinja2',
@@ -35,6 +36,7 @@ module Simp::BeakerHelpers
35
36
  'make',
36
37
  'openscap-python3',
37
38
  'openscap-utils',
39
+ 'openscap-scanner',
38
40
  'python3',
39
41
  'python3-jinja2',
40
42
  'python3-lxml',
@@ -45,7 +47,7 @@ module Simp::BeakerHelpers
45
47
  OS_INFO = {
46
48
  'RedHat' => {
47
49
  '6' => {
48
- 'required_packages' => EL_PACKAGES,
50
+ 'required_packages' => EL7_PACKAGES,
49
51
  'ssg' => {
50
52
  'profile_target' => 'rhel6',
51
53
  'build_target' => 'rhel6',
@@ -53,7 +55,7 @@ module Simp::BeakerHelpers
53
55
  }
54
56
  },
55
57
  '7' => {
56
- 'required_packages' => EL_PACKAGES,
58
+ 'required_packages' => EL7_PACKAGES,
57
59
  'ssg' => {
58
60
  'profile_target' => 'rhel7',
59
61
  'build_target' => 'rhel7',
@@ -71,7 +73,7 @@ module Simp::BeakerHelpers
71
73
  },
72
74
  'CentOS' => {
73
75
  '6' => {
74
- 'required_packages' => EL_PACKAGES,
76
+ 'required_packages' => EL7_PACKAGES,
75
77
  'ssg' => {
76
78
  'profile_target' => 'rhel6',
77
79
  'build_target' => 'centos6',
@@ -79,7 +81,7 @@ module Simp::BeakerHelpers
79
81
  }
80
82
  },
81
83
  '7' => {
82
- 'required_packages' => EL_PACKAGES,
84
+ 'required_packages' => EL7_PACKAGES,
83
85
  'ssg' => {
84
86
  'profile_target' => 'centos7',
85
87
  'build_target' => 'centos7',
@@ -107,12 +109,13 @@ module Simp::BeakerHelpers
107
109
  },
108
110
  'OracleLinux' => {
109
111
  '7' => {
110
- 'required_packages' => EL_PACKAGES,
112
+ 'required_packages' => EL7_PACKAGES,
111
113
  'ssg' => {
112
114
  'profile_target' => 'ol7',
113
115
  'build_target' => 'ol7',
114
116
  'datastream' => 'ssg-ol7-ds.xml'
115
117
  },
118
+ },
116
119
  '8' => {
117
120
  'required_packages' => EL8_PACKAGES,
118
121
  'ssg' => {
@@ -121,7 +124,6 @@ module Simp::BeakerHelpers
121
124
  'datastream' => 'ssg-ol8-ds.xml'
122
125
  }
123
126
  }
124
- }
125
127
  }
126
128
  }
127
129
 
@@ -135,8 +137,8 @@ module Simp::BeakerHelpers
135
137
  def initialize(sut)
136
138
  @sut = sut
137
139
 
138
- @os = fact_on(@sut, 'operatingsystem')
139
- @os_rel = fact_on(@sut, 'operatingsystemmajrelease')
140
+ @os = pfact_on(@sut, 'os.name')
141
+ @os_rel = pfact_on(@sut, 'os.release.major')
140
142
 
141
143
  sut.mkdir_p('scap_working_dir')
142
144
 
@@ -158,7 +160,6 @@ module Simp::BeakerHelpers
158
160
 
159
161
  @result_file = "#{@sut.hostname}-ssg-#{Time.now.to_i}"
160
162
 
161
-
162
163
  get_ssg_datastream
163
164
  end
164
165
 
@@ -166,6 +167,15 @@ module Simp::BeakerHelpers
166
167
  OS_INFO[@os][@os_rel]['ssg']['profile_target']
167
168
  end
168
169
 
170
+ def get_profiles
171
+ cmd = "cd #{@scap_working_dir}; oscap info --profiles"
172
+ on(@sut, "#{cmd} #{OS_INFO[@os][@os_rel]['ssg']['datastream']}")
173
+ .stdout
174
+ .strip
175
+ .lines
176
+ .map{|x| x.split(':').first}
177
+ end
178
+
169
179
  def remediate(profile)
170
180
  evaluate(profile, true)
171
181
  end
@@ -177,7 +187,7 @@ module Simp::BeakerHelpers
177
187
  cmd += ' --remediate'
178
188
  end
179
189
 
180
- cmd += %( --fetch-remote-resources --profile #{profile} --results #{@result_file}.xml --report #{@result_file}.html #{OS_INFO[@os][@os_rel]['ssg']['datastream']})
190
+ cmd += %( --profile #{profile} --results #{@result_file}.xml --report #{@result_file}.html #{OS_INFO[@os][@os_rel]['ssg']['datastream']})
181
191
 
182
192
  # We accept all exit codes here because there have occasionally been
183
193
  # failures in the SSG content and we're not testing that.
data/lib/simp/beaker_helpers/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Simp; end
2
2
 
3
3
  module Simp::BeakerHelpers
4
- VERSION = '1.23.3'
4
+ VERSION = '1.23.4'
5
5
  end
data/spec/acceptance/nodesets/default.yml CHANGED
@@ -33,6 +33,7 @@ CONFIG:
33
33
  log_level: verbose
34
34
  type: aio
35
35
  vagrant_memsize: 256
36
+ vagrant_cpus: 2
36
37
  <% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
37
38
  puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>
38
39
  <% end -%>
data/spec/acceptance/nodesets/oel.yml ADDED
@@ -0,0 +1,42 @@
1
+ <%
2
+ if ENV['BEAKER_HYPERVISOR']
3
+ hypervisor = ENV['BEAKER_HYPERVISOR']
4
+ else
5
+ hypervisor = 'vagrant'
6
+ end
7
+ -%>
8
+ HOSTS:
9
+ oel7:
10
+ roles:
11
+ - el7
12
+ - master
13
+ platform: el-7-x86_64
14
+ box: generic/oracle7
15
+ hypervisor: <%= hypervisor %>
16
+
17
+ oel8:
18
+ roles:
19
+ - el8
20
+ platform: el-8-x86_64
21
+ box: generic/oracle8
22
+ hypervisor: <%= hypervisor %>
23
+
24
+ CONFIG:
25
+ log_level: verbose
26
+ type: aio
27
+ vagrant_memsize: 512
28
+ vagrant_cpus: 2
29
+ <% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
30
+ puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>
31
+ <% end -%>
32
+ ssh:
33
+ keepalive: true
34
+ keepalive_interval: 10
35
+ host_key:
36
+ - <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:host_key].join("\n#{' '*6}- ") %>
37
+ kex:
38
+ - <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:kex].join("\n#{' '*6}- ") %>
39
+ encryption:
40
+ - <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:encryption].join("\n#{' '*6}- ") %>
41
+ hmac:
42
+ - <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:hmac].join("\n#{' '*6}- ") %>
data/spec/acceptance/suites/ssg/00_default_spec.rb CHANGED
@@ -1,8 +1,8 @@
1
1
  require 'spec_helper_acceptance'
2
2
 
3
- test_name 'SSG STIG Validation'
3
+ test_name 'SSG Functionality Validation'
4
4
 
5
- describe 'run the SSG against the STIG profile' do
5
+ describe 'run the SSG against an SCAP profile' do
6
6
 
7
7
  hosts.each do |host|
8
8
  context "on #{host}" do
@@ -14,8 +14,15 @@ describe 'run the SSG against the STIG profile' do
14
14
  end
15
15
 
16
16
  it 'should run the SSG' do
17
- profile = 'xccdf_org.ssgproject.content_profile_stig'
17
+ profiles = @ssg.get_profiles
18
18
 
19
+ profile = profiles.find{|x| x =~ /_stig/} ||
20
+ profiles.find{|x| x =~ /_cui/} ||
21
+ profiles.find{|x| x =~ /_ospp/} ||
22
+ profiles.find{|x| x =~ /_standard/} ||
23
+ profiles.last
24
+
25
+ expect(profile).not_to be_nil
19
26
  @ssg.evaluate(profile)
20
27
  end
21
28
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: simp-beaker-helpers
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.23.3
4
+ version: 1.23.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Tessmer
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2021-06-30 00:00:00.000000000 Z
12
+ date: 2021-07-13 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: beaker
@@ -221,6 +221,7 @@ files:
221
221
  - simp-beaker-helpers.gemspec
222
222
  - spec/acceptance/nodesets/default.yml
223
223
  - spec/acceptance/nodesets/docker.yml
224
+ - spec/acceptance/nodesets/oel.yml
224
225
  - spec/acceptance/nodesets/ubuntu.yml
225
226
  - spec/acceptance/suites/default/check_puppet_version_spec.rb
226
227
  - spec/acceptance/suites/default/enable_fips_spec.rb