Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add OpenSCAP json tailoring (HMS-3826) #798

Merged
merged 5 commits into from
Jul 29, 2024
Merged

Add OpenSCAP json tailoring (HMS-3826) #798

merged 5 commits into from
Jul 29, 2024

Conversation

kingsleyzissou
Copy link
Contributor

This PR adds the ability to consume an JSON tailoring file.

  • create autotailor stage options where the input is a json tailoring file
  • the osbuild stage generates an xml tailoring file which is consumed by the remediation stage.

Depends on: osbuild/osbuild#1794

@kingsleyzissou kingsleyzissou added the WIP+test Work in progress but run Gitlab CI. label Jul 16, 2024
@kingsleyzissou kingsleyzissou force-pushed the oscap-json-tailoring branch 13 times, most recently from ac8773d to 2f611a8 Compare July 19, 2024 13:01
@kingsleyzissou kingsleyzissou marked this pull request as ready for review July 19, 2024 14:20
@kingsleyzissou
Copy link
Contributor Author

For context, Sanne and I had a meeting with compliance and the OpenSCAP team. They are trying to hide and abstract away the xml tailoring completely for future versions of RHEL and Fedora. So we decided we do actually need the json tailoring.

thozza
thozza reviewed Jul 23, 2024
View reviewed changes
Copy link
Member

@thozza thozza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall this looks good. I've added a few comments... 😉

pkg/customizations/oscap/oscap.go Outdated Show resolved Hide resolved
pkg/osbuild/oscap_autotailor_stage.go Outdated Show resolved Hide resolved
pkg/osbuild/oscap_autotailor_stage.go Show resolved Hide resolved
pkg/osbuild/oscap_autotailor_stage.go Outdated Show resolved Hide resolved
@kingsleyzissou kingsleyzissou mentioned this pull request Jul 23, 2024
Merged
4 tasks
@kingsleyzissou kingsleyzissou force-pushed the oscap-json-tailoring branch 4 times, most recently from 2124e40 to 2f030f1 Compare July 25, 2024 11:18
croissanne
croissanne previously approved these changes Jul 26, 2024
View reviewed changes
Copy link
Member

@croissanne croissanne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm! ty

thozza
thozza previously approved these changes Jul 29, 2024
View reviewed changes
Copy link
Member

@thozza thozza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work, thanks!

@kingsleyzissou
pkg/blueprints: remove xml tailoring
163e79f 
Following a meeting with compliance and the OpenSCAP team we decided to
implement the json tailoring. They are trying to hide and abstract away
the xml tailoring completely for future versions of RHEL and Fedora. So
we decided to remove the xml tailoring support - this can easily be
added back in if we need it at a later stage
@kingsleyzissou
pkg/blueprints: add json tailoring
642f2d2 
Add a type for json tailoring configs.
@kingsleyzissou
pkg/oscap: implement json tailoring configs
bffa6ad 
We need to create tailoring configs for the json tailoring config type.
The autotailor stage will consume the json file and then create an xml
tailoring file which is then consumed by the OpenSCAP remediation stage.
@kingsleyzissou
pkg/osbuild: json autotailoring
57058f9 
Create stage autotailor stage options where the stage consumes a json
tailoring file and outputs the `xml` tailored file that will then be
consumed by the remediation stage.
@kingsleyzissou
test/configs: add oscap json tailoring test
fd7b6e3 
Add a test for RHEL9 to check tailoring with a `json` tailoring file.
@kingsleyzissou kingsleyzissou dismissed stale reviews from thozza and croissanne via fd7b6e3 July 29, 2024 13:28
@kingsleyzissou kingsleyzissou added this pull request to the merge queue Jul 29, 2024
Merged via the queue into osbuild:main with commit eff7b17 Jul 29, 2024
18 checks passed
@kingsleyzissou kingsleyzissou deleted the oscap-json-tailoring branch July 29, 2024 15:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thozza thozza thozza approved these changes

@croissanne croissanne croissanne left review comments

@evgenyz evgenyz Awaiting requested review from evgenyz

@achilleas-k achilleas-k Awaiting requested review from achilleas-k

Assignees
No one assigned
Labels
WIP+test Work in progress but run Gitlab CI.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@kingsleyzissou @achilleas-k @thozza @croissanne