File enhance-openscap-module-add-xccdf_eval-call-397... of Package py26-compat-salt

Overview Repositories Revisions Requests Users Attributes Meta

File enhance-openscap-module-add-xccdf_eval-call-397.patch of Package py26-compat-salt

From 82c7af91fc630aac976bbc9362417493ae302327 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Su=C3=A1rez=20Hern=C3=A1ndez?=
 <psuarezhernandez@suse.com>
Date: Wed, 7 Jul 2021 15:42:11 +0100
Subject: [PATCH] Enhance openscap module: add xccdf_eval call (#397)

Allow 'tailoring_file' and 'tailoring_id' parameters

Fix wrong reference to subprocess.PIPE in openscap unit tests

Co-authored-by: Michael Calmer <mc@suse.de>
---
 salt/modules/openscap.py | 112 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 112 insertions(+)

diff --git a/salt/modules/openscap.py b/salt/modules/openscap.py
index 2061550012..52d77a5395 100644
--- a/salt/modules/openscap.py
+++ b/salt/modules/openscap.py
@@ -1,6 +1,8 @@
 # -*- coding: utf-8 -*-
 from __future__ import absolute_import
+
 import tempfile
+import os.path
 import shlex
 import shutil
 from subprocess import Popen, PIPE
@@ -56,6 +58,116 @@ _OSCAP_EXIT_CODES_MAP = {
 }
 
 
+def xccdf_eval(xccdffile, ovalfiles=None, **kwargs):
+    """
+    Run ``oscap xccdf eval`` commands on minions.
+    It uses cp.push_dir to upload the generated files to the salt master
+    in the master's minion files cachedir
+    (defaults to ``/var/cache/salt/master/minions/minion-id/files``)
+
+    It needs ``file_recv`` set to ``True`` in the master configuration file.
+
+    xccdffile
+        the path to the xccdf file to evaluate
+
+    ovalfiles
+        additional oval definition files
+
+    profile
+        the name of Profile to be evaluated
+
+    rule
+        the name of a single rule to be evaluated
+
+    oval_results
+        save OVAL results as well (True or False)
+
+    results
+        write XCCDF Results into given file
+
+    report
+        write HTML report into given file
+
+    fetch_remote_resources
+        download remote content referenced by XCCDF (True or False)
+
+    tailoring_file
+        use given XCCDF Tailoring file
+
+    tailoring_id
+        use given DS component as XCCDF Tailoring file
+
+    remediate
+        automatically execute XCCDF fix elements for failed rules.
+        Use of this option is always at your own risk. (True or False)
+
+    CLI Example:
+
+    .. code-block:: bash
+
+        salt '*'  openscap.xccdf_eval /usr/share/openscap/scap-yast2sec-xccdf.xml profile=Default
+
+    """
+    success = True
+    error = None
+    upload_dir = None
+    returncode = None
+    if not ovalfiles:
+        ovalfiles = []
+
+    cmd_opts = ["oscap", "xccdf", "eval"]
+    if kwargs.get("oval_results"):
+        cmd_opts.append("--oval-results")
+    if "results" in kwargs:
+        cmd_opts.append("--results")
+        cmd_opts.append(kwargs["results"])
+    if "report" in kwargs:
+        cmd_opts.append("--report")
+        cmd_opts.append(kwargs["report"])
+    if "profile" in kwargs:
+        cmd_opts.append("--profile")
+        cmd_opts.append(kwargs["profile"])
+    if "rule" in kwargs:
+        cmd_opts.append("--rule")
+        cmd_opts.append(kwargs["rule"])
+    if "tailoring_file" in kwargs:
+        cmd_opts.append("--tailoring-file")
+        cmd_opts.append(kwargs["tailoring_file"])
+    if "tailoring_id" in kwargs:
+        cmd_opts.append("--tailoring-id")
+        cmd_opts.append(kwargs["tailoring_id"])
+    if kwargs.get("fetch_remote_resources"):
+        cmd_opts.append("--fetch-remote-resources")
+    if kwargs.get("remediate"):
+        cmd_opts.append("--remediate")
+    cmd_opts.append(xccdffile)
+    cmd_opts.extend(ovalfiles)
+
+    if not os.path.exists(xccdffile):
+        success = False
+        error = "XCCDF File '{0}' does not exist".format(xccdffile)
+    for ofile in ovalfiles:
+        if success and not os.path.exists(ofile):
+            success = False
+            error = "Oval File '{0}' does not exist".format(ofile)
+
+    if success:
+        tempdir = tempfile.mkdtemp()
+        proc = Popen(cmd_opts, stdout=PIPE, stderr=PIPE, cwd=tempdir)
+        (stdoutdata, error) = proc.communicate()
+        success = _OSCAP_EXIT_CODES_MAP[proc.returncode]
+        returncode = proc.returncode
+        if success:
+            caller = Caller()
+            caller.cmd('cp.push_dir', tempdir)
+            upload_dir = tempdir
+        shutil.rmtree(tempdir, ignore_errors=True)
+
+    return dict(
+        success=success, upload_dir=upload_dir, error=error, returncode=returncode
+    )
+
+
 def xccdf(params):
     '''
     Run ``oscap xccdf`` commands on minions.
-- 
2.32.0

Places

File enhance-openscap-module-add-xccdf_eval-call-397.patch of Package py26-compat-salt

Places