-
Notifications
You must be signed in to change notification settings - Fork 671
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add utils/controlrefcheck.py #10096
Add utils/controlrefcheck.py #10096
Conversation
Skipping CI for Draft Pull Request. |
a7f39a0
to
0c3fd65
Compare
This is great! I already used the script to find bugs in OCP4 PCI-DSS (PR #10098). |
And a question: This seems like something that should be ran in CI after we fix the initial issues. Is that what the hunk that modifies ctest does? |
Yes, I can work on that.
That is correct. |
0c3fd65
to
02d307e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
I tried running the tool against the RHEL profiles that you fixed and verified that they are indeed fixed. Running against OCP4 profiles that have issues does produce meaningful messages.
ship it :-)
rule_object.references[reference].split(',') | ||
|
||
|
||
def main(): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the function is too complex
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we want to lower the threshold in Code Climate, as this function passed the complexity before I changed it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
probably not because in other situations I find Codeclimate strict enough
/packit test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have tried to run it and I also tried to break reference consistency in some rule.ymls and the script has shown the expected output. I have also executed the CTest locally and I have seen that it runs in the upstream GitHub Actions in the Fedora latest and other jobs.
cec3248
to
fbaefaf
Compare
fbaefaf
to
ba3056f
Compare
Code Climate has analyzed commit ba3056f and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 49.5% (0.0% change). View more on Code Climate. |
Description:
Add a script to test if the control id equals the reference of a rule.
Rationale:
To ensure that the control file and the rules are in sync.
Review Hints:
$ ./utils/controlrefcheck.py rhel8 cis_rhel8 cis
Example output: