Skip to content

Commit

Permalink
manifest: support openscap and compliance facts
Browse files Browse the repository at this point in the history
Allows registered systems to be coupled to existing compliance policies.
  • Loading branch information
croissanne committed Sep 4, 2024
1 parent 715c4ca commit d317e3b
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 8 deletions.
2 changes: 1 addition & 1 deletion pkg/distro/rhel/images.go
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,7 @@ func osCustomizations(
}

if t.IsRHEL() && options.Facts != nil {
osc.FactAPIType = &options.Facts.APIType
osc.RHSMFacts = options.Facts
}

var err error
Expand Down
26 changes: 21 additions & 5 deletions pkg/manifest/os.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ import (
"path/filepath"
"strings"

"github.com/google/uuid"

"github.com/osbuild/images/internal/common"
"github.com/osbuild/images/internal/environment"
"github.com/osbuild/images/internal/workload"
Expand Down Expand Up @@ -124,7 +126,6 @@ type OSCustomizations struct {
UdevRules *osbuild.UdevRulesStageOptions
WSLConfig *osbuild.WSLConfStageOptions
LeapSecTZ *string
FactAPIType *facts.APIType
Presets []osbuild.Preset
ContainersStorage *string

Expand All @@ -135,6 +136,11 @@ type OSCustomizations struct {
// The final RHSM config to be applied to the image
RHSMConfig *subscription.RHSMConfig

// Facts
RHSMFacts *facts.ImageOptions
// FactCompliancePolicyID *uuid.UUID
// FactOpenSCAPProfileID *string

// Custom directories and files to create in the image
Directories []*fsnode.Directory
Files []*fsnode.File
Expand Down Expand Up @@ -747,11 +753,21 @@ func (p *OS) serialize() osbuild.Pipeline {
pipeline.AddStage(bootloader)
}

if p.FactAPIType != nil {
if p.RHSMFacts != nil {
rhsmFacts := osbuild.RHSMFacts{
ApiType: p.RHSMFacts.APIType.String(),
}

if p.RHSMFacts.OpenSCAPProfileID != "" {
rhsmFacts.OpenSCAPProfileID = p.RHSMFacts.OpenSCAPProfileID
}

if p.RHSMFacts.CompliancePolicyID != uuid.Nil {
rhsmFacts.CompliancePolicyID = p.RHSMFacts.CompliancePolicyID.String()
}

pipeline.AddStage(osbuild.NewRHSMFactsStage(&osbuild.RHSMFactsStageOptions{
Facts: osbuild.RHSMFacts{
ApiType: p.FactAPIType.String(),
},
Facts: rhsmFacts,
}))
}

Expand Down
10 changes: 8 additions & 2 deletions pkg/rhsm/facts/facts.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
package facts

import "fmt"
import (
"fmt"

"github.com/google/uuid"
)

type APIType uint64

Expand All @@ -25,5 +29,7 @@ const (
// The ImageOptions specify things to be stored into the Insights facts
// storage. This mostly relates to how the build of the image was performed.
type ImageOptions struct {
APIType APIType
APIType APIType
OpenSCAPProfileID string
CompliancePolicyID uuid.UUID
}

0 comments on commit d317e3b

Please sign in to comment.