Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change rule prodtype search and make tests more content change proof #49

Merged
merged 3 commits into from
Feb 5, 2024

Conversation

mildas
Copy link
Collaborator

@mildas mildas commented Jan 31, 2024

Previously, CTF was taking products only from prodtype. That was wrong as it ignored implicit "all products".

Now, with ComplianceAsCode/content#11378 prodtype removal, all rules must be part of some profile (at least the default.profile) to get to benchmark. And to get to profile, they might get there via controls (that was ignored as well by CTF).

This PR adds support for searching rules in control files (works with control_dirs as well) and changes the prodtype search to new approach - products are determined based on used profiles.

Test changes come from #47

For testing, you can for example try:

$ python3 content_test_filtering.py pr --verbose --repository /home/mlysonek/SCAP/content 11501

to check that ocp4 product is selected (the rule introduced in this PR is only in controls file). (related to ComplianceAsCode/content#11501 (comment))

No prodtype, now rule must be a part of some profile.
Use rpm_verify_* rule changes as they are not expected to be templated
because of their specificity.
@ggbecker ggbecker linked an issue Feb 1, 2024 that may be closed by this pull request
for control in self.find_rule_controls(rule):
for product in self.find_control_products(control):
products.append(product)

products = sorted(products, key=lambda k: (k!="rhel8", k!="rhel7", k!="ocp4", k))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not related to this pull request, but I believe we will need to reevaluate this priority list at some point.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for example, do we want to give priority to RHEL9, (and RHEL10 in the future)

@ggbecker
Copy link
Member

ggbecker commented Feb 1, 2024

PR looks good to me. That's a great improvement.

Copy link
Contributor

@jan-cerny jan-cerny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have tried various recent ComplianceAsCode PRs and the output always seems reasonable. Thanks for this update.

@mildas mildas merged commit ba6392c into master Feb 5, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

product will always be rhel8 // replace prodtype logic
3 participants