Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate profile oriented Ansible Playbooks in a different way #11033

Merged
merged 5 commits into from
Aug 29, 2023
Merged

Generate profile oriented Ansible Playbooks in a different way #11033

merged 5 commits into from
Aug 29, 2023

Conversation

jan-cerny
Copy link
Collaborator

Description:

Extend the abilities of generate_bash_scripts.py to generate also profile oriented Ansible Playbooks. The script now can
generate either profile oriented Bash remediation scripts or profile oriented Ansible Playbooks. Consequently, we need to rename this tool to a more generic name generate_profile_remediations.py. The profile oriented Ansible Playbooks generated by generate_profile_remediations.py are very similar to Playbooks generated by the oscap xccdf generate fix command.

The generate_profile_remediations.py will be used to generate profile oriented Ansible Playbooks during the build instead of using scripts that call oscap xccdf generate fix command.

The PR contains refactoring of the script.

Rationale:

  • the new tool is faster than the old way. It's speed up from 6 seconds to 1.5 seconds.
  • reduces dependency on oscap

Review Hints:

Build the content from master and from this branch. Then, compare contents of the build/ansible directory in the old and new build using meld or diff.

@jan-cerny
Convert code to a class
1b9278a 
This commit converts some of the code to a class. Using class
allows us to write cleaner code and avoids need to passing
data as parameters.
@jan-cerny
Extend generate_bash_scripts.py to build Ansible
76c46c1 
In this commit, we extend the abilities of `generate_bash_scripts.py` to
generate also profile oriented Ansible Playbooks. The script now can
generate either profile oriented Bash remediation scripts or profile
oriented Ansible Playbooks. Consequently, we need to rename this tool to
a more generic name `generate_profile_remediations.py`. The profile
oriented Ansible Playbooks generated by
`generate_profile_remediations.py` are very similar to Playbooks
generated by the `oscap xccdf generate fix` command.
@jan-cerny
Use generate_profile_remediations.py during build
5684c52 
We will generate the profile oriented Ansible Playbooks using
the new script `generate_profile_remediations.py` which is
faster than the current method that calls `oscap` under its
hood.
@jan-cerny jan-cerny added enhancement General enhancements to the project. Infrastructure Our content build system refactoring Improvement which, once completed, will enable the project to progress faster. labels Aug 29, 2023
@jan-cerny jan-cerny added this to the 0.1.70 milestone Aug 29, 2023
@github-actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@codeclimate
Copy link

codeclimate bot commented Aug 29, 2023

Code Climate has analyzed commit 9546960 and detected 3 issues on this pull request.

Here's the issue category breakdown:

Category Count
Duplication 3

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 53.3% (0.0% change).

View more on Code Climate.

@Mab879 Mab879 self-assigned this Aug 29, 2023
Mab879
Mab879 approved these changes Aug 29, 2023
View reviewed changes
Copy link
Member

@Mab879 Mab879 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks for the PR!

@Mab879 Mab879 merged commit 4fa7f40 into ComplianceAsCode:master Aug 29, 2023
37 of 38 checks passed
jan-cerny added a commit to jan-cerny/scap-security-guide that referenced this pull request Sep 14, 2023
@jan-cerny
Fix Ansible Tasks order
b86685b 
In ComplianceAsCode#11033, we
have switched to a new script for generating profile oriented
Ansible Playbooks. Unfortunately, when Python 2 is used the
generated Ansible Playbooks don't preserve the order of Ansible
Tasks in the order defined in the SCAP source data stream.
The wrong order of Ansible Tasks in a Playbook might cause
an unexpected conflict between them during the run, for example
ComplianceAsCode#11104.
The root cause of the problem is that dictionaries in Python 2
don't preserve order of elements but starting from Python 3.6
the dictionaries preserve order of its elements.

Fixes: ComplianceAsCode#11104
@jan-cerny jan-cerny mentioned this pull request Sep 14, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mab879 Mab879 Mab879 approved these changes

Assignees

@Mab879 Mab879

Labels
enhancement General enhancements to the project. Infrastructure Our content build system refactoring Improvement which, once completed, will enable the project to progress faster.
Projects
None yet
Milestone
0.1.70
Development

Successfully merging this pull request may close these issues.
2 participants
@jan-cerny @Mab879