search

RHSecurityCompliance / contest

Content Testing for ComplianceAsCode/content
Other
4 stars 7 forks source link

Ansible playbook syntax check test #191

Closed mildas closed 2 months ago

mildas commented 3 months ago

To check syntax of generated (oscap xccdf generate fix) and shipped playbooks.

comps commented 3 months ago

Regarding shipped playbooks - what about replacing the playbooks-related section of util/content.py with something like this (untested)?

def _find_playbooks():
    if user_content:
        build_content(user_content)
        return user_content / 'build' / 'ansible'
    else:
        return Path('/usr/share/scap-security-guide/ansible')

def get_playbook(profile):
    if rhel.is_true_rhel():
        name = f'rhel{rhel.major}-playbook-{profile}.yml'
    elif rhel.is_centos():
        if rhel <= 8:
            name = f'centos{rhel.major}-playbook-{profile}.yml'
        else:
            name = f'cs{rhel.major}-playbook-{profile}.yml'
    playbook = _find_playbooks() / name
    if not playbook.exists():
        raise RuntimeError(f"cound not find playbook as {playbook}")
    return playbook

def iter_playbooks():
    for name in _find_playbooks.iterdir():
        if name.endswith('.yml'):
            yield name

and then just calling for playbook in util.iter_playbooks() ?

Maybe iter_playbooks() should iterate only playbooks relevant to {rhel.major}, using the logic from get_playbook(profile)? ... I don't know.