Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenSCAP tailoring: add key/value rule overrides #300

Closed
wants to merge 9 commits into from
Closed

OpenSCAP tailoring: add key/value rule overrides #300

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
68fdf42
schutz: update `osbuild` commit
kingsleyzissou Dec 4, 2023
2e725fc
pkg/distro: generalise default datastream
kingsleyzissou Dec 13, 2023
bd12442
pkg/distro: simplify directory creation
kingsleyzissou Dec 13, 2023
ee3e8c3
pkg/distro: simplify tailoring stage options
kingsleyzissou Dec 13, 2023
a03aaa8
pkg/distro: simplify remediation stage options
kingsleyzissou Dec 13, 2023
770a6c7
pkg/blueprints: add tailoring overrides
kingsleyzissou Dec 4, 2023
fefcc4c
pkg/osbuild: enable OpenSCAP tailoring overrides
kingsleyzissou Dec 4, 2023
be317b5
pkg/customizations: enable tailor overrides
kingsleyzissou Dec 13, 2023
3b6b310
test/configs: update OpenSCAP tests
kingsleyzissou Dec 4, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion pkg/blueprint/customizations.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ type ServicesCustomization struct {
}

type OpenSCAPCustomization struct {
DataStream string `json:"datastream,omitempty" toml:"datastream,omitempty"`
Datastream string `json:"datastream,omitempty" toml:"datastream,omitempty"`
ProfileID string `json:"profile_id,omitempty" toml:"profile_id,omitempty"`
Tailoring *OpenSCAPTailoringCustomizations `json:"tailoring,omitempty" toml:"tailoring,omitempty"`
}
Expand Down
2 changes: 1 addition & 1 deletion pkg/blueprint/customizations_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -375,7 +375,7 @@ func TestGetFilesystemsMinSizeNonSectorSize(t *testing.T) {
func TestGetOpenSCAPConfig(t *testing.T) {

expectedOscap := OpenSCAPCustomization{
DataStream: "test-data-stream.xml",
Datastream: "test-data-stream.xml",
ProfileID: "test_profile",
Tailoring: &OpenSCAPTailoringCustomizations{
Selected: []string{"quick_rule"},
Expand Down
34 changes: 24 additions & 10 deletions pkg/customizations/oscap/oscap.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"strings"

"github.com/osbuild/images/pkg/customizations/fsnode"
"github.com/osbuild/images/pkg/distro"
)

type Profile string
Expand Down Expand Up @@ -44,24 +45,37 @@ const (
tailoringDirPath string = "/usr/share/xml/osbuild-openscap-data"
)

func DefaultFedoraDatastream() string {
return defaultFedoraDatastream
}
func GetDatastream(datastream string, d distro.Distro) string {
if datastream != "" {
return datastream
}

func DefaultRHEL8Datastream(isRHEL bool) string {
if isRHEL {
return defaultRHEL8Datastream
s := strings.ToLower(d.Name())
if strings.HasPrefix(s, "fedora") {
return defaultFedoraDatastream
}

if strings.HasPrefix(s, "centos") {
return defaultCentosDatastream(d.Releasever())
}
return defaultCentos8Datastream

return defaultRHELDatastream(d.Releasever())
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a thought, not sure if of any value: Would it make sense to check also rhel as the prefix and maybe panic() in the default case when the distro is not explicitly supported?

}

func DefaultRHEL9Datastream(isRHEL bool) string {
if isRHEL {
return defaultRHEL9Datastream
func defaultCentosDatastream(releaseVer string) string {
if releaseVer == "8" {
return defaultCentos8Datastream
}
return defaultCentos9Datastream
}

func defaultRHELDatastream(releaseVer string) string {
if releaseVer == "8" {
return defaultRHEL8Datastream
}
return defaultRHEL9Datastream
}

func IsProfileAllowed(profile string, allowlist []Profile) bool {
for _, a := range allowlist {
if a.String() == profile {
Expand Down
5 changes: 1 addition & 4 deletions pkg/distro/fedora/images.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,10 +175,7 @@ func osCustomizations(

osc.Directories = append(osc.Directories, dataDirNode)

var datastream = oscapConfig.DataStream
if datastream == "" {
datastream = oscap.DefaultFedoraDatastream()
}
datastream := oscap.GetDatastream(oscapConfig.Datastream, t.arch.distro)

oscapStageOptions := osbuild.OscapConfig{
Datastream: datastream,
Expand Down
2 changes: 1 addition & 1 deletion pkg/distro/rhel7/images.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ func osCustomizations(
osc.OpenSCAPConfig = osbuild.NewOscapRemediationStageOptions(
oscapDataDir,
osbuild.OscapConfig{
Datastream: oscapConfig.DataStream,
Datastream: oscapConfig.Datastream,
ProfileID: oscapConfig.ProfileID,
Compression: true,
},
Expand Down
5 changes: 1 addition & 4 deletions pkg/distro/rhel8/images.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -196,10 +196,7 @@ func osCustomizations(

osc.Directories = append(osc.Directories, dataDirNode)

var datastream = oscapConfig.DataStream
if datastream == "" {
datastream = oscap.DefaultRHEL8Datastream(t.arch.distro.isRHEL())
}
datastream := oscap.GetDatastream(oscapConfig.Datastream, t.arch.distro)

oscapStageOptions := osbuild.OscapConfig{
Datastream: datastream,
Expand Down
5 changes: 1 addition & 4 deletions pkg/distro/rhel9/images.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -193,10 +193,7 @@ func osCustomizations(

osc.Directories = append(osc.Directories, dataDirNode)

var datastream = oscapConfig.DataStream
if datastream == "" {
datastream = oscap.DefaultRHEL9Datastream(t.arch.distro.isRHEL())
}
var datastream = oscap.GetDatastream(oscapConfig.Datastream, t.arch.distro)

oscapStageOptions := osbuild.OscapConfig{
Datastream: datastream,
Expand Down