particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

internal/distro: default oscap datastreams

Browse source 
Set fallback datastreams for openscap if no datastream is provided by
the user. This will also simplify the cloudapi experience by not
exposing the `datastream`
This commit is contained in:
Gianluca Zuccarelli 2023-06-28 12:09:28 +01:00 committed by Gianluca Zuccarelli
parent c32fac7169
commit 12e7b806b6
7 changed files with 46 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

7
internal/distro/fedora/images.go
View file

@ -12,6 +12,7 @@ import (
"github.com/osbuild/osbuild-composer/internal/image"
"github.com/osbuild/osbuild-composer/internal/manifest"
"github.com/osbuild/osbuild-composer/internal/osbuild"
"github.com/osbuild/osbuild-composer/internal/oscap"
"github.com/osbuild/osbuild-composer/internal/ostree"
"github.com/osbuild/osbuild-composer/internal/rpmmd"
"github.com/osbuild/osbuild-composer/internal/users"
@ -121,9 +122,13 @@ func osCustomizations(
if t.rpmOstree {
panic("unexpected oscap options for ostree image type")
}
var datastream = oscapConfig.DataStream
if datastream == "" {
datastream = oscap.DefaultFedoraDatastream()
}
osc.OpenSCAPConfig = osbuild.NewOscapRemediationStageOptions(
osbuild.OscapConfig{
Datastream: oscapConfig.DataStream,
Datastream: datastream,
ProfileID: oscapConfig.ProfileID,
},
)

3
internal/distro/fedora/imagetype.go
View file

@ -308,9 +308,6 @@ func (t *imageType) checkOptions(bp *blueprint.Blueprint, options distro.ImageOp
if t.rpmOstree {
return nil, fmt.Errorf("OpenSCAP customizations are not supported for ostree types")
}
if osc.DataStream == "" {
return nil, fmt.Errorf("OpenSCAP datastream cannot be empty")
}
if osc.ProfileID == "" {
return nil, fmt.Errorf("OpenSCAP profile cannot be empty")
}

7
internal/distro/rhel8/images.go
View file

@ -12,6 +12,7 @@ import (
"github.com/osbuild/osbuild-composer/internal/image"
"github.com/osbuild/osbuild-composer/internal/manifest"
"github.com/osbuild/osbuild-composer/internal/osbuild"
"github.com/osbuild/osbuild-composer/internal/oscap"
"github.com/osbuild/osbuild-composer/internal/ostree"
"github.com/osbuild/osbuild-composer/internal/platform"
"github.com/osbuild/osbuild-composer/internal/rpmmd"
@ -136,9 +137,13 @@ func osCustomizations(
if t.rpmOstree {
panic("unexpected oscap options for ostree image type")
}
var datastream = oscapConfig.DataStream
if datastream == "" {
datastream = oscap.DefaultRHEL8Datastream(t.arch.distro.isRHEL())
}
osc.OpenSCAPConfig = osbuild.NewOscapRemediationStageOptions(
osbuild.OscapConfig{
Datastream: oscapConfig.DataStream,
Datastream: datastream,
ProfileID: oscapConfig.ProfileID,
},
)

3
internal/distro/rhel8/imagetype.go
View file

@ -384,9 +384,6 @@ func (t *imageType) checkOptions(bp *blueprint.Blueprint, options distro.ImageOp
if t.rpmOstree {
return warnings, fmt.Errorf("OpenSCAP customizations are not supported for ostree types")
}
if osc.DataStream == "" {
return warnings, fmt.Errorf("OpenSCAP datastream cannot be empty")
}
if osc.ProfileID == "" {
return warnings, fmt.Errorf("OpenSCAP profile cannot be empty")
}

7
internal/distro/rhel9/images.go
View file

@ -13,6 +13,7 @@ import (
"github.com/osbuild/osbuild-composer/internal/image"
"github.com/osbuild/osbuild-composer/internal/manifest"
"github.com/osbuild/osbuild-composer/internal/osbuild"
"github.com/osbuild/osbuild-composer/internal/oscap"
"github.com/osbuild/osbuild-composer/internal/ostree"
"github.com/osbuild/osbuild-composer/internal/rpmmd"
"github.com/osbuild/osbuild-composer/internal/users"
@ -133,9 +134,13 @@ func osCustomizations(
if t.rpmOstree {
panic("unexpected oscap options for ostree image type")
}
var datastream = oscapConfig.DataStream
if datastream == "" {
datastream = oscap.DefaultRHEL9Datastream(t.arch.distro.isRHEL())
}
osc.OpenSCAPConfig = osbuild.NewOscapRemediationStageOptions(
osbuild.OscapConfig{
Datastream: oscapConfig.DataStream,
Datastream: datastream,
ProfileID: oscapConfig.ProfileID,
},
)

3
internal/distro/rhel9/imagetype.go
View file

@ -396,9 +396,6 @@ func (t *imageType) checkOptions(bp *blueprint.Blueprint, options distro.ImageOp
if t.rpmOstree {
return warnings, fmt.Errorf("OpenSCAP customizations are not supported for ostree types")
}
if osc.DataStream == "" {
return warnings, fmt.Errorf("OpenSCAP datastream cannot be empty")
}
if osc.ProfileID == "" {
return warnings, fmt.Errorf("OpenSCAP profile cannot be empty")
}

29
internal/oscap/oscap.go
View file

@ -1,6 +1,8 @@
package oscap
import "strings"
import (
"strings"
)
type Profile string
@ -26,8 +28,33 @@ const (
Standard Profile = "xccdf_org.ssgproject.content_profile_standard"
Stig Profile = "xccdf_org.ssgproject.content_profile_stig"
StigGui Profile = "xccdf_org.ssgproject.content_profile_stig_gui"
// datastream fallbacks
defaultFedoraDatastream string = "/usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml"
defaultCentos8Datastream string = "/usr/share/xml/scap/ssg/content/ssg-centos8-ds.xml"
defaultCentos9Datastream string = "/usr/share/xml/scap/ssg/content/ssg-cs9-ds.xml"
defaultRHEL8Datastream string = "/usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml"
defaultRHEL9Datastream string = "/usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml"
)
func DefaultFedoraDatastream() string {
return defaultFedoraDatastream
}
func DefaultRHEL8Datastream(isRHEL bool) string {
if isRHEL {
return defaultRHEL8Datastream
}
return defaultCentos8Datastream
}
func DefaultRHEL9Datastream(isRHEL bool) string {
if isRHEL {
return defaultRHEL9Datastream
}
return defaultCentos9Datastream
}
func IsProfileAllowed(profile string, allowlist []Profile) bool {
for _, a := range allowlist {
if a.String() == profile {