Module: AbideDevUtils::CEM

Defined in:
lib/abide_dev_utils/cem.rb,
lib/abide_dev_utils/cem/generate.rb,
lib/abide_dev_utils/cem/validate.rb,
lib/abide_dev_utils/cem/benchmark.rb,
lib/abide_dev_utils/cem/hiera_data.rb,
lib/abide_dev_utils/cem/mapping/mapper.rb,
lib/abide_dev_utils/cem/validate/strings.rb,
lib/abide_dev_utils/cem/generate/reference.rb,
lib/abide_dev_utils/cem/validate/resource_data.rb,
lib/abide_dev_utils/cem/hiera_data/mapping_data.rb,
lib/abide_dev_utils/cem/generate/coverage_report.rb,
lib/abide_dev_utils/cem/hiera_data/resource_data.rb,
lib/abide_dev_utils/cem/hiera_data/mapping_data/mixins.rb,
lib/abide_dev_utils/cem/validate/strings/base_validator.rb,
lib/abide_dev_utils/cem/hiera_data/mapping_data/map_data.rb,
lib/abide_dev_utils/cem/hiera_data/resource_data/control.rb,
lib/abide_dev_utils/cem/hiera_data/resource_data/resource.rb,
lib/abide_dev_utils/cem/hiera_data/resource_data/parameters.rb,
lib/abide_dev_utils/cem/validate/strings/validation_finding.rb,
lib/abide_dev_utils/cem/validate/strings/puppet_class_validator.rb,
lib/abide_dev_utils/cem/validate/strings/puppet_defined_type_validator.rb more...

Overview

Methods for working with Compliance Enforcement Modules (CEM)

Defined Under Namespace

Modules: Generate, HieraData, Mapping, Validate Classes: Benchmark, Control, Resource

Class Method Summary collapse

Class Method Details

.rule_id_format(rule_id) ⇒ Object

[View source]

19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/abide_dev_utils/cem.rb', line 19

def self.rule_id_format(rule_id)
  case rule_id
  when /^c[0-9_]+$/
    :hiera_title_num
  when /^[a-z][a-z0-9_]+$/
    :hiera_title
  when /^[0-9.]+$/
    :number
  else
    :title
  end
end

.rule_identifiers(rule_id) ⇒ Object

[View source]

32
33
34
35
36
37
38
 
# File 'lib/abide_dev_utils/cem.rb', line 32

def self.rule_identifiers(rule_id)
  {
    number: xccdf.control_parts(rule_id).first,
    hiera_title: xccdf.name_normalize_control(rule_id),
    hiera_title_num: xccdf.number_normalize_control(rule_id),
  }
end

.update_legacy_config_from_diff(config_hiera, diff) ⇒ Object

[View source]

40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 
# File 'lib/abide_dev_utils/cem.rb', line 40

def self.update_legacy_config_from_diff(config_hiera, diff)
  new_config_hiera = config_hiera.dup
  new_control_configs = {}
  change_report = []
  changes = diff.select { |d| d[:type][0] == :number }
  config_hiera['config']['control_configs'].each do |key, val_hash|
    key_id_format = rule_id_format(key)
    changed = false
    changes.each do |change|
      if key_id_format == :title
        next unless change[:title] == key
      else
        next unless rule_identifiers(change[:self].id)[key_id_format] == key
      end

      changed = true
      new_key = if key_id_format == :title
                  change[:other_title]
                else
                  rule_identifiers(change[:other].id)[key_id_format]
                end
      new_control_configs[new_key] = val_hash
      change_report << {
        type: :identifier_update,
        from: key,
        to: new_key,
      }
    end
    new_control_configs[key] = val_hash unless changed
  end
  new_config_hiera['config']['control_configs'] = new_control_configs
  [new_config_hiera, change_report]
end

.xccdfObject

[View source]

10
11
12
13
14
15
16
17
 
# File 'lib/abide_dev_utils/cem.rb', line 10

def self.xccdf
  return @xccdf if defined?(@xccdf)

  xccdf = Object.new
  xccdf.extend AbideDevUtils::XCCDF::Common
  @xccdf = xccdf
  @xccdf
end