From 9c8cbfcdb71811886f228ea81980b864c3a74c92 Mon Sep 17 00:00:00 2001
From: Gianluca Zuccarelli <gzuccare@redhat.com>
Date: Thu, 20 Jun 2024 11:24:10 +0100
Subject: [PATCH] pkg/manifest: use internal configs for oscap

Since we have introduced an internal abstraction for the OpenSCAP
configs, we should use this in the `manifest/os` package instead of
directly using the stage options.
---
 pkg/distro/fedora/images.go |  4 +-
 pkg/distro/rhel/images.go   |  4 +-
 pkg/manifest/os.go          | 80 ++++++++++++++++++++-----------------
 3 files changed, 47 insertions(+), 41 deletions(-)

diff --git a/pkg/distro/fedora/images.go b/pkg/distro/fedora/images.go
index b9f43d6bff..2337a49f43 100644
--- a/pkg/distro/fedora/images.go
+++ b/pkg/distro/fedora/images.go
@@ -219,8 +219,8 @@ func osCustomizations(
 			remediationConfig.ProfileID = tailoringConfig.TailoredProfileID
 		}
 
-		osc.OpenSCAPTailorConfig = osbuild.NewOscapAutotailorStageOptions(tailoringConfig)
-		osc.OpenSCAPConfig = osbuild.NewOscapRemediationStageOptions(oscap.DataDir, &remediationConfig)
+		osc.OpenSCAPTailorConfig = tailoringConfig
+		osc.OpenSCAPRemediationConfig = &remediationConfig
 	}
 
 	osc.ShellInit = imageConfig.ShellInit
diff --git a/pkg/distro/rhel/images.go b/pkg/distro/rhel/images.go
index 7c6746fe9b..962b7cfaa3 100644
--- a/pkg/distro/rhel/images.go
+++ b/pkg/distro/rhel/images.go
@@ -240,8 +240,8 @@ func osCustomizations(
 			remediationConfig.ProfileID = tailoringConfig.TailoredProfileID
 		}
 
-		osc.OpenSCAPTailorConfig = osbuild.NewOscapAutotailorStageOptions(tailoringConfig)
-		osc.OpenSCAPConfig = osbuild.NewOscapRemediationStageOptions(oscap.DataDir, &remediationConfig)
+		osc.OpenSCAPTailorConfig = tailoringConfig
+		osc.OpenSCAPRemediationConfig = &remediationConfig
 	}
 
 	osc.ShellInit = imageConfig.ShellInit
diff --git a/pkg/manifest/os.go b/pkg/manifest/os.go
index 321049ffa4..3cd176ce55 100644
--- a/pkg/manifest/os.go
+++ b/pkg/manifest/os.go
@@ -12,6 +12,7 @@ import (
 	"github.com/osbuild/images/pkg/container"
 	"github.com/osbuild/images/pkg/customizations/bootc"
 	"github.com/osbuild/images/pkg/customizations/fsnode"
+	"github.com/osbuild/images/pkg/customizations/oscap"
 	"github.com/osbuild/images/pkg/customizations/shell"
 	"github.com/osbuild/images/pkg/customizations/users"
 	"github.com/osbuild/images/pkg/disk"
@@ -96,38 +97,40 @@ type OSCustomizations struct {
 	ShellInit []shell.InitFile
 
 	// TODO: drop osbuild types from the API
-	Firewall             *osbuild.FirewallStageOptions
-	Grub2Config          *osbuild.GRUB2Config
-	Sysconfig            []*osbuild.SysconfigStageOptions
-	SystemdLogind        []*osbuild.SystemdLogindStageOptions
-	CloudInit            []*osbuild.CloudInitStageOptions
-	Modprobe             []*osbuild.ModprobeStageOptions
-	DracutConf           []*osbuild.DracutConfStageOptions
-	SystemdUnit          []*osbuild.SystemdUnitStageOptions
-	Authselect           *osbuild.AuthselectStageOptions
-	SELinuxConfig        *osbuild.SELinuxConfigStageOptions
-	Tuned                *osbuild.TunedStageOptions
-	Tmpfilesd            []*osbuild.TmpfilesdStageOptions
-	PamLimitsConf        []*osbuild.PamLimitsConfStageOptions
-	Sysctld              []*osbuild.SysctldStageOptions
-	DNFConfig            []*osbuild.DNFConfigStageOptions
-	DNFAutomaticConfig   *osbuild.DNFAutomaticConfigStageOptions
-	YUMConfig            *osbuild.YumConfigStageOptions
-	YUMRepos             []*osbuild.YumReposStageOptions
-	SshdConfig           *osbuild.SshdConfigStageOptions
-	GCPGuestAgentConfig  *osbuild.GcpGuestAgentConfigOptions
-	AuthConfig           *osbuild.AuthconfigStageOptions
-	PwQuality            *osbuild.PwqualityConfStageOptions
-	OpenSCAPTailorConfig *osbuild.OscapAutotailorStageOptions
-	OpenSCAPConfig       *osbuild.OscapRemediationStageOptions
-	NTPServers           []osbuild.ChronyConfigServer
-	WAAgentConfig        *osbuild.WAAgentConfStageOptions
-	UdevRules            *osbuild.UdevRulesStageOptions
-	WSLConfig            *osbuild.WSLConfStageOptions
-	LeapSecTZ            *string
-	FactAPIType          *facts.APIType
-	Presets              []osbuild.Preset
-	ContainersStorage    *string
+	Firewall            *osbuild.FirewallStageOptions
+	Grub2Config         *osbuild.GRUB2Config
+	Sysconfig           []*osbuild.SysconfigStageOptions
+	SystemdLogind       []*osbuild.SystemdLogindStageOptions
+	CloudInit           []*osbuild.CloudInitStageOptions
+	Modprobe            []*osbuild.ModprobeStageOptions
+	DracutConf          []*osbuild.DracutConfStageOptions
+	SystemdUnit         []*osbuild.SystemdUnitStageOptions
+	Authselect          *osbuild.AuthselectStageOptions
+	SELinuxConfig       *osbuild.SELinuxConfigStageOptions
+	Tuned               *osbuild.TunedStageOptions
+	Tmpfilesd           []*osbuild.TmpfilesdStageOptions
+	PamLimitsConf       []*osbuild.PamLimitsConfStageOptions
+	Sysctld             []*osbuild.SysctldStageOptions
+	DNFConfig           []*osbuild.DNFConfigStageOptions
+	DNFAutomaticConfig  *osbuild.DNFAutomaticConfigStageOptions
+	YUMConfig           *osbuild.YumConfigStageOptions
+	YUMRepos            []*osbuild.YumReposStageOptions
+	SshdConfig          *osbuild.SshdConfigStageOptions
+	GCPGuestAgentConfig *osbuild.GcpGuestAgentConfigOptions
+	AuthConfig          *osbuild.AuthconfigStageOptions
+	PwQuality           *osbuild.PwqualityConfStageOptions
+	NTPServers          []osbuild.ChronyConfigServer
+	WAAgentConfig       *osbuild.WAAgentConfStageOptions
+	UdevRules           *osbuild.UdevRulesStageOptions
+	WSLConfig           *osbuild.WSLConfStageOptions
+	LeapSecTZ           *string
+	FactAPIType         *facts.APIType
+	Presets             []osbuild.Preset
+	ContainersStorage   *string
+
+	// OpenSCAP config
+	OpenSCAPTailorConfig      *oscap.TailoringConfig
+	OpenSCAPRemediationConfig *oscap.RemediationConfig
 
 	Subscription *subscription.ImageOptions
 	RHSMConfig   map[subscription.RHSMStatus]*osbuild.RHSMStageOptions
@@ -230,7 +233,7 @@ func (p *OS) getPackageSetChain(Distro) []rpmmd.PackageSet {
 		packages = append(packages, fmt.Sprintf("selinux-policy-%s", p.SElinux))
 	}
 
-	if p.OpenSCAPConfig != nil {
+	if p.OpenSCAPRemediationConfig != nil {
 		packages = append(packages, "openscap-scanner", "scap-security-guide", "xz")
 	}
 
@@ -805,19 +808,22 @@ func (p *OS) serialize() osbuild.Pipeline {
 	}
 
 	if p.OpenSCAPTailorConfig != nil {
-		if p.OpenSCAPConfig == nil {
+		if p.OpenSCAPRemediationConfig == nil {
 			// This is a programming error, since it doesn't make sense
 			// to have tailoring configs without openscap config.
 			panic(fmt.Errorf("OpenSCAP autotailoring cannot be set if no OpenSCAP config has been provided"))
 		}
-		pipeline.AddStage(osbuild.NewOscapAutotailorStage(p.OpenSCAPTailorConfig))
+
+		tailoringStageOpts := osbuild.NewOscapAutotailorStageOptions(p.OpenSCAPTailorConfig)
+		pipeline.AddStage(osbuild.NewOscapAutotailorStage(tailoringStageOpts))
 	}
 
 	// NOTE: We need to run the OpenSCAP stages as the last stage before SELinux
 	// since the remediation may change file permissions and other aspects of the
 	// hardened image
-	if p.OpenSCAPConfig != nil {
-		pipeline.AddStage(osbuild.NewOscapRemediationStage(p.OpenSCAPConfig))
+	if p.OpenSCAPRemediationConfig != nil {
+		remediationStageOpts := osbuild.NewOscapRemediationStageOptions(oscap.DataDir, p.OpenSCAPRemediationConfig)
+		pipeline.AddStage(osbuild.NewOscapRemediationStage(remediationStageOpts))
 	}
 
 	if len(p.Presets) != 0 {