-
Notifications
You must be signed in to change notification settings - Fork 266
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enhance Open SCAP tests and add more profiles tests #18136
Conversation
Great PR! Please pay attention to the following items before merging: Files matching
This is an automatically generated QA checklist based on modified files. |
fc3a1a2
to
9f60bfd
Compare
Please squash all the commits in single one or split it in commits that has their own goal and description if apply. |
tests/security/oscap_ansible_anssi_bp_28_high/oscap_security_guide_setup.pm
Outdated
Show resolved
Hide resolved
https://progress.opensuse.org/issues/150863 Fix of test_flags definition Fix make tidy Fix for get tests config Fix sle version scope Adding local sle version to functions Fix slevesion and perlcritic 1 Reverted some code Fixed 2nd perlcritic issue Fix sle version in tests
c1f0db4
to
d4033d6
Compare
It would also be more clear if instead of having so many links in your PR's 1st comment, you would just provide 1 link with the whole matrix, when you use a tool like |
|
||
sub replace_ansible_file { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
functions in this library are extremely long and might need proper function documentation, Perldoc, there are multiple example in the repo, but I would recommend to leave this comment open and do it once all review regarding the library itself is concluded to avoid extra work, because we could consider split some functions but I need to take a closer look...
record_info("Copied ansible file", "Copied file $ansible_profile_ID to $full_ansible_file_path"); | ||
} | ||
# scap-security-guide | ||
elsif ($use_content_type == 1) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
instead of extensive comments, in general in the code some contants could be created on the top of the file in capital letters to represent those numeric values, kind of like enums in other languagues, leaving 0s and 1s like clear booleans or other numberic values as clear counters.
tests/security/oscap_ansible_anssi_bp_28_high/oscap_xccdf_eval.pm
Outdated
Show resolved
Hide resolved
I think this is ok for some 1st review round. In summary:
I'm wondering if it would be better to split this PR in multiple ones, to see single code path, for example focusing on one test, then it would be more feasible to review the library, otherwise it is very tricky, too many cases. But let's see how it looks after addressing the comments you think worth to address. |
I trying to solve complex problem of testing SCAP profiles inside OpenQA. SCAP itself is quite big framework with big functionality. |
Superseded by #18503 which should be the same but with conflicts resolved. |
Enhance Open SCAP tests and add more profiles bash and ansible tests:
xccdf_org.ssgproject.content_profile_stig
xccdf_org.ssgproject.content_profile_cis
xccdf_org.ssgproject.content_profile_pci-dss-4
xccdf_org.ssgproject.content_profile_hipaa
xccdf_org.ssgproject.content_profile_anssi_bp28_high
External configuration, exclusions and expected results.
DS and ansible file modifications.
Better results analysis and display.
Results collection to log file.
Ansible playbook enhanced run and result analysis.
#x86 SP4 POO150863
security/oscap_anssi_bp_28_high.yaml https://openqa.suse.de/tests/12811263
security/oscap_hipaa.yaml https://openqa.suse.de/tests/12811264
security/oscap_cis.yaml https://openqa.suse.de/tests/12811265
security/oscap_pci_dss_4.yaml https://openqa.suse.de/tests/12811266
security/oscap_stig.yaml https://openqa.suse.de/tests/12811267
security/oscap_ansible_pci_dss_4.yaml https://openqa.suse.de/tests/12811268
security/oscap_ansible_anssi_bp_28_high.yaml https://openqa.suse.de/tests/12811269
security/oscap_ansible_hipaa.yaml https://openqa.suse.de/tests/12811270
security/oscap_ansible_stig.yaml https://openqa.suse.de/tests/12811271
security/oscap_ansible_cis.yaml https://openqa.suse.de/tests/12811272
#x86 SP5 POO150863
oscap_anssi_bp_28_high.yaml https://openqa.suse.de/tests/12811273
oscap_hipaa.yaml https://openqa.suse.de/tests/12811274
oscap_cis.yaml https://openqa.suse.de/tests/12811275
oscap_pci_dss_4.yaml https://openqa.suse.de/tests/12811276
oscap_stig.yaml https://openqa.suse.de/tests/12811277
oscap_ansible_pci_dss_4.yaml https://openqa.suse.de/tests/12811278
oscap_ansible_anssi_bp_28_high.yaml https://openqa.suse.de/tests/12811279
oscap_ansible_hipaa.yaml https://openqa.suse.de/tests/12811280
oscap_ansible_stig.yaml https://openqa.suse.de/tests/12811281
oscap_ansible_cis.yaml https://openqa.suse.de/tests/12811282
#ARM SP4 POO150863
oscap_anssi_bp_28_high.yaml https://openqa.suse.de/tests/12811283
oscap_hipaa.yaml https://openqa.suse.de/tests/12811284
oscap_cis.yaml https://openqa.suse.de/tests/12811285
oscap_pci_dss_4.yaml https://openqa.suse.de/tests/12811286
oscap_stig.yaml https://openqa.suse.de/tests/12811287
oscap_ansible_pci_dss_4.yaml https://openqa.suse.de/tests/12811288
oscap_ansible_anssi_bp_28_high.yaml https://openqa.suse.de/tests/12811289
oscap_ansible_hipaa.yaml https://openqa.suse.de/tests/12811291
oscap_ansible_stig.yaml https://openqa.suse.de/tests/12811297
oscap_ansible_cis.yaml https://openqa.suse.de/tests/12811304
#ARM SP5 POO150863
oscap_anssi_bp_28_high.yaml https://openqa.suse.de/tests/12811343
oscap_hipaa.yaml https://openqa.suse.de/tests/12811344
oscap_cis.yaml https://openqa.suse.de/tests/12811345
oscap_pci_dss_4.yaml https://openqa.suse.de/tests/12811346
oscap_stig.yaml https://openqa.suse.de/tests/12811347
oscap_ansible_pci_dss_4.yaml https://openqa.suse.de/tests/12811348
oscap_ansible_anssi_bp_28_high.yaml https://openqa.suse.de/tests/12811349
oscap_ansible_hipaa.yaml https://openqa.suse.de/tests/12811350
oscap_ansible_stig.yaml https://openqa.suse.de/tests/12811351
oscap_ansible_cis.yaml https://openqa.suse.de/tests/12811352
#s390x SP4 POO150863
oscap_anssi_bp_28_high.yaml https://openqa.suse.de/tests/12811353
oscap_hipaa.yaml https://openqa.suse.de/tests/12811354
oscap_cis.yaml https://openqa.suse.de/tests/12811355
oscap_pci_dss_4.yaml https://openqa.suse.de/tests/12811356
oscap_stig.yaml https://openqa.suse.de/tests/12811357
oscap_ansible_pci_dss_4.yaml https://openqa.suse.de/tests/12811358
oscap_ansible_anssi_bp_28_high.yaml https://openqa.suse.de/tests/12811363
oscap_ansible_hipaa.yaml https://openqa.suse.de/tests/12811366
oscap_ansible_stig.yaml https://openqa.suse.de/tests/12811368
oscap_ansible_cis.yaml https://openqa.suse.de/tests/12811369
#s390x SP5 POO150863
oscap_anssi_bp_28_high.yaml https://openqa.suse.de/tests/12811373
oscap_hipaa.yaml https://openqa.suse.de/tests/12811374
oscap_cis.yaml https://openqa.suse.de/tests/12811375
oscap_pci_dss_4.yaml https://openqa.suse.de/tests/12811376
oscap_stig.yaml https://openqa.suse.de/tests/12811377
oscap_ansible_pci_dss_4.yaml https://openqa.suse.de/tests/12811378
oscap_ansible_anssi_bp_28_high.yaml https://openqa.suse.de/tests/12811379
oscap_ansible_hipaa.yaml https://openqa.suse.de/tests/12811380
oscap_ansible_stig.yaml https://openqa.suse.de/tests/12811381
oscap_ansible_cis.yaml https://openqa.suse.de/tests/12811382