Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add xccdf status to profiles #13045

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Add xccdf status to profiles #13045

wants to merge 3 commits into from
+52 −2

Conversation

yuumasato
Copy link
Member

Description:

  • Add optional xccdf:status: element to xccdf:Profile`.
  • Deprecate OCP4 CIS v1.4.0 profiles

Rationale:

  • This will allow us to track the status and maturity of the profile.
  • Newer versions of CIS profiles (v1.7.0) are being implemented.

Review Hints:

  • Check for XCCDF validity
  • Check that OCP4 CIS 1.4.0 profiles are deprecated.

@yuumasato yuumasato added Infrastructure Our content build system OpenShift OpenShift product related. Update Profile Issues or pull requests related to Profiles updates. CIS CIS Benchmark related. labels Feb 13, 2025
@yuumasato yuumasato requested review from Mab879 and rhmdnd February 13, 2025 14:31
jan-cerny
jan-cerny reviewed Feb 13, 2025
View reviewed changes
ssg/entities/profile_base.py
@@ -118,6 +119,8 @@ def to_xml_element(self):

element = ET.Element('{%s}Profile' % XCCDF12_NS)
element.set("id", OSCAP_PROFILE + self.id_)
if self.status:
add_sub_element(element, "status", XCCDF12_NS, str(self.status))
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest testing this feature by a unit test.

You can extend or reuse this test:

content/tests/unit/ssg-module/test_build_yaml.py

Line 507 in 80b195e

def test_profile_to_xml_element(profile_ospp):

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tests addded, thank you for the review.

@yuumasato
Add support for xccdf:status elements in profiles
3d73648 
This allows us to identify a profile as deprecated, can also be used in
other elements, as xccdf:Rule andxccdf:Value.

More info in XCCDF standard item 6.2.8.
@yuumasato
Add tests for Profile status
6fe1dce 
Test that it loads and dumps the status correctly.
Test that invalid statuses raise exception during build.
@yuumasato
Deprecate OCP4 CIS v1.4.0 profiles
2696c29 
They are newwer versions available.
@yuumasato yuumasato force-pushed the add-xccdf-status-to-profiles branch from 47c7a53 to 2696c29 Compare February 14, 2025 10:17
@yuumasato yuumasato requested a review from jan-cerny February 14, 2025 10:17
@jan-cerny jan-cerny self-assigned this Feb 14, 2025
@codeclimate CodeClimate
Copy link

codeclimate bot commented Feb 14, 2025

Code Climate has analyzed commit 2696c29 and detected 2 issues on this pull request.

Here's the issue category breakdown:

Category Count
Complexity 2

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 62.0% (0.1% change).

View more on Code Climate.

jan-cerny
jan-cerny approved these changes Feb 14, 2025
View reviewed changes
Copy link
Collaborator

@jan-cerny jan-cerny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have built the ocp4 product and I have checked in the built data stream that the cis-1-4 and cis-node-1-4 profiles contain <xccdf-1.2:status> element with deprecated.

@jan-cerny jan-cerny added this to the 0.1.77 milestone Feb 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jan-cerny jan-cerny jan-cerny approved these changes

@Mab879 Mab879 Awaiting requested review from Mab879

@rhmdnd rhmdnd Awaiting requested review from rhmdnd

Assignees

@jan-cerny jan-cerny

Labels
CIS CIS Benchmark related. Infrastructure Our content build system OpenShift OpenShift product related. Update Profile Issues or pull requests related to Profiles updates.
Projects
None yet
Milestone
0.1.77
Development

Successfully merging this pull request may close these issues.
2 participants
@yuumasato @jan-cerny