particle-os/debian-image-builder-frontend
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

v2Wizrd: add kernel and services data

Browse source 
this commit adds kernel arguments and enabled/disabled services to Oscap step.
and also add to Review step, add some tests to kernel and services as well.
This commit is contained in:
mgold1234 2024-01-30 17:38:07 +02:00 committed by Lucas Garfield
parent 74f71f2dca
commit 40b1d4de57
6 changed files with 204 additions and 89 deletions
Download patch file Download diff file Expand all files Collapse all files

37
src/Components/CreateImageWizardV2/steps/Oscap/Oscap.tsx
View file

@ -26,12 +26,23 @@ import {
} from '../../../../store/imageBuilderApi';
import {
changeOscapProfile,
changeKernel,
selectDistribution,
selectProfile,
selectKernel,
selectDisabledServices,
selectEnabledServices,
changeDisabledServices,
changeEnabledServices,
} from '../../../../store/wizardSlice';
const ProfileSelector = () => {
const oscapProfile = useAppSelector((state) => selectProfile(state));
let kernel = useAppSelector((state) => selectKernel(state));
let disabledServices = useAppSelector((state) =>
selectDisabledServices(state)
);
let enabledServices = useAppSelector((state) => selectEnabledServices(state));
const release = useAppSelector((state) => selectDistribution(state));
const dispatch = useAppDispatch();
const [profileName, setProfileName] = useState<string | undefined>('None');
@ -56,6 +67,26 @@ const ProfileSelector = () => {
skip: !oscapProfile,
}
);
kernel = data?.kernel?.append;
disabledServices = data?.services?.disabled;
enabledServices = data?.services?.enabled;
useEffect(() => {
if (isFetching || !isSuccess) return;
dispatch(changeKernel(kernel));
dispatch(changeDisabledServices(disabledServices));
dispatch(changeEnabledServices(enabledServices));
}, [
isFetching,
isSuccess,
dispatch,
data?.kernel?.append,
data?.services?.disabled,
data?.services?.enabled,
disabledServices,
enabledServices,
kernel,
]);
useEffect(() => {
if (
@ -76,6 +107,9 @@ const ProfileSelector = () => {
const handleClear = () => {
dispatch(changeOscapProfile(undefined));
dispatch(changeKernel(undefined));
dispatch(changeDisabledServices(undefined));
dispatch(changeEnabledServices(undefined));
setProfileName(undefined);
};
@ -84,6 +118,9 @@ const ProfileSelector = () => {
selection: DistributionProfileItem
) => {
dispatch(changeOscapProfile(selection));
dispatch(changeKernel(kernel));
dispatch(changeDisabledServices(disabledServices));
dispatch(changeEnabledServices(enabledServices));
setIsOpen(false);
};

64
src/Components/CreateImageWizardV2/steps/Oscap/OscapProfileInformation.tsx
View file

@ -1,6 +1,9 @@
import React from 'react';
import {
Alert,
CodeBlock,
CodeBlockCode,
Spinner,
TextContent,
TextList,
@ -17,7 +20,7 @@ import {
selectProfile,
} from '../../../../store/wizardSlice';
const OscapProfileInformation = (): JSX.Element => {
export const OscapProfileInformation = (): JSX.Element => {
const release = useAppSelector((state) => selectDistribution(state));
const oscapProfile = useAppSelector((state) => selectProfile(state));
@ -36,10 +39,16 @@ const OscapProfileInformation = (): JSX.Element => {
}
);
const enabledServicesDisplayString =
oscapProfileInfo?.services?.enabled?.join(' ');
const disableServicesDisplayString =
oscapProfileInfo?.services?.disabled?.join(' ');
return (
<>
{isFetchingOscapProfileInfo && <Spinner size="lg" />}
{isSuccessOscapProfileInfo && (
<>
<TextContent>
<br />
<TextList component={TextListVariants.dl}>
@ -52,8 +61,7 @@ const OscapProfileInformation = (): JSX.Element => {
<TextListItem component={TextListItemVariants.dd}>
{oscapProfileInfo.openscap?.profile_description}
</TextListItem>
</TextList>
<TextList component={TextListVariants.dl}>
component={TextListVariants.dl}
<TextListItem
component={TextListItemVariants.dt}
className="pf-u-min-width"
@ -63,8 +71,7 @@ const OscapProfileInformation = (): JSX.Element => {
<TextListItem component={TextListItemVariants.dd}>
{RELEASES.get(release)}
</TextListItem>
</TextList>
<TextList component={TextListVariants.dl}>
component={TextListVariants.dl}
<TextListItem
component={TextListItemVariants.dt}
className="pf-u-min-width"
@ -74,8 +81,55 @@ const OscapProfileInformation = (): JSX.Element => {
<TextListItem component={TextListItemVariants.dd}>
{oscapProfileInfo.openscap?.profile_id}
</TextListItem>
<TextListItem
component={TextListItemVariants.dt}
className="pf-u-min-width"
>
Kernel arguments:
</TextListItem>
<TextListItem component={TextListItemVariants.dd}>
<CodeBlock>
<CodeBlockCode>
{oscapProfileInfo?.kernel?.append}
</CodeBlockCode>
</CodeBlock>
</TextListItem>
<TextListItem
component={TextListItemVariants.dt}
className="pf-u-min-width"
>
Disabled services:
</TextListItem>
<TextListItem component={TextListItemVariants.dd}>
<CodeBlock>
<CodeBlockCode>{disableServicesDisplayString}</CodeBlockCode>
</CodeBlock>
</TextListItem>
<TextListItem
component={TextListItemVariants.dt}
className="pf-u-min-width"
>
Enabled services:
</TextListItem>
<TextListItem component={TextListItemVariants.dd}>
<CodeBlock>
<CodeBlockCode>{enabledServicesDisplayString}</CodeBlockCode>
</CodeBlock>
</TextListItem>
</TextList>
</TextContent>
<Alert
variant="info"
isInline
isPlain
title="Additional customizations"
>
Selecting an OpenSCAP profile will cause the appropriate packages,
file system configuration, kernel arguments, and services to be
added to your image.
</Alert>
</>
)}
</>
);

54
src/Components/CreateImageWizardV2/steps/Review/ReviewStepTextLists.tsx
View file

@ -30,7 +30,6 @@ import {
} from '../../../../constants';
import { extractProvisioningList } from '../../../../store/helpers';
import { useAppSelector } from '../../../../store/hooks';
import { useGetOscapCustomizationsQuery } from '../../../../store/imageBuilderApi';
import { useGetSourceListQuery } from '../../../../store/provisioningApi';
import { useShowActivationKeyQuery } from '../../../../store/rhsmApi';
import {
@ -45,12 +44,12 @@ import {
selectGcpAccountType,
selectGcpEmail,
selectGcpShareMethod,
selectProfile,
selectRegistrationType,
} from '../../../../store/wizardSlice';
import { toMonthAndYear } from '../../../../Utilities/time';
import { useGetEnvironment } from '../../../../Utilities/useGetEnvironment';
import { MajorReleasesLifecyclesChart } from '../../../CreateImageWizard/formComponents/ReleaseLifecycle';
import OscapProfileInformation from '../Oscap/OscapProfileInformation';
const ExpirationWarning = () => {
return (
@ -501,54 +500,5 @@ export const ImageDetailsList = () => {
};
export const OscapList = () => {
const oscapProfile = useAppSelector((state) => selectProfile(state));
const release = useAppSelector((state) => selectDistribution(state));
const { data } = useGetOscapCustomizationsQuery(
{
distribution: release,
// @ts-ignore if oscapProfile is undefined the query is going to get skipped, so it's safe here to ignore the linter here
profile: oscapProfile,
},
{
skip: !oscapProfile,
}
);
return (
<TextContent>
<TextList component={TextListVariants.dl}>
<TextListItem
component={TextListItemVariants.dt}
className="pf-u-min-width"
>
Profile name:
</TextListItem>
<TextListItem component={TextListItemVariants.dd}>
{data?.openscap?.profile_name}
</TextListItem>
</TextList>
<TextList component={TextListVariants.dl}>
<TextListItem
component={TextListItemVariants.dt}
className="pf-u-min-width"
>
Profile description:
</TextListItem>
<TextListItem component={TextListItemVariants.dd}>
{data?.openscap?.profile_description}
</TextListItem>
</TextList>
<TextList component={TextListVariants.dl}>
<TextListItem
component={TextListItemVariants.dt}
className="pf-u-min-width"
>
Reference ID:
</TextListItem>
<TextListItem component={TextListItemVariants.dd}>
{oscapProfile}
</TextListItem>
</TextList>
<br />
</TextContent>
);
return <OscapProfileInformation />;
};

46
src/store/wizardSlice.ts
View file

@ -45,7 +45,15 @@ type wizardState = {
};
openScap: {
profile: DistributionProfileItem | undefined;
kernel: {
kernelAppend: string | undefined;
};
services: {
disabled: string[] | undefined;
enabled: string[] | undefined;
};
};
repositories: {
customRepositories: CustomRepository[];
};
@ -79,6 +87,13 @@ const initialState: wizardState = {
},
openScap: {
profile: undefined,
kernel: {
kernelAppend: '',
},
services: {
disabled: [],
enabled: [],
},
},
repositories: {
customRepositories: [],
@ -147,6 +162,18 @@ export const selectProfile = (state: RootState) => {
return state.wizard.openScap.profile;
};
export const selectKernel = (state: RootState) => {
return state.wizard.openScap.kernel.kernelAppend;
};
export const selectDisabledServices = (state: RootState) => {
return state.wizard.openScap.services.disabled;
};
export const selectEnabledServices = (state: RootState) => {
return state.wizard.openScap.services.enabled;
};
export const selectCustomRepositories = (state: RootState) => {
return state.wizard.repositories.customRepositories;
};
@ -238,6 +265,22 @@ export const wizardSlice = createSlice({
) => {
state.openScap.profile = action.payload;
},
changeKernel: (state, action: PayloadAction<string | undefined>) => {
state.openScap.kernel.kernelAppend = action.payload;
},
changeDisabledServices: (
state,
action: PayloadAction<string[] | undefined>
) => {
state.openScap.services.disabled = action.payload;
},
changeEnabledServices: (
state,
action: PayloadAction<string[] | undefined>
) => {
state.openScap.services.enabled = action.payload;
},
changeCustomRepositories: (
state,
action: PayloadAction<CustomRepository[]>
@ -271,6 +314,9 @@ export const {
changeRegistrationType,
changeActivationKey,
changeOscapProfile,
changeKernel,
changeDisabledServices,
changeEnabledServices,
changeCustomRepositories,
changeBlueprintName,
changeBlueprintDescription,

7
src/test/Components/CreateImageWizardV2/CreateImageWizard.compliance.test.tsx
View file

@ -154,6 +154,13 @@ describe('Step Compliance', () => {
/cis red hat enterprise linux 8 benchmark for level 1 - workstation/i
)
);
await screen.findByText(/kernel arguments:/i);
await screen.findByText(/audit_backlog_limit=8192 audit=1/i);
await screen.findByText(/disabled services:/i);
await screen.findByText(/nfs-server/i);
await screen.findByText(/enabled services:/i);
await screen.findByText(/crond/i);
// check that the FSC contains a /tmp partition
await clickNext();
// await screen.findByRole('heading', { name: /File system configuration/i });

21
src/test/fixtures/oscap.ts vendored
View file

@ -32,6 +32,13 @@ export const oscapCustomizations = (
'nftables',
'libselinux',
],
kernel: {
append: 'audit_backlog_limit=8192 audit=1',
},
services: {
disabled: ['nfs-server'],
enabled: ['crond'],
},
};
}
if (profile === 'xccdf_org.ssgproject.content_profile_cis_workstation_l2') {
@ -52,6 +59,13 @@ export const oscapCustomizations = (
'nftables',
'libselinux',
],
kernel: {
append: 'audit_backlog_limit=8192 audit=1',
},
services: {
disabled: ['nfs-server', 'nftables'],
enabled: ['crond', 'firewalld'],
},
};
}
return {
@ -70,5 +84,12 @@ export const oscapCustomizations = (
'nftables',
'libselinux',
],
kernel: {
append: 'audit_backlog_limit=8192 audit=1',
},
services: {
disabled: ['nfs-server', 'rpcbind', 'autofs', 'nftables'],
enabled: ['crond', 'firewalld', 'systemd-journald', 'rsyslog', 'auditd'],
},
};
};