Skip to content

Remove unnecessary Jinja2 macros in control files #13592

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Jun 23, 2025
Merged

Remove unnecessary Jinja2 macros in control files #13592

merged 13 commits into from
Jun 23, 2025

Conversation

marcusburghardt
Copy link
Member

@marcusburghardt marcusburghardt commented Jun 18, 2025
edited
Loading

Description:

Remove unnecessary Jinja2 macros in control files so we can make the profiles more transparent, consistent and it also enable us to automatically process control files without bringing avoidable complexity to integrations.

It also ensure indentation consistence in profiles that were touched.

Rationale:

There is already a better mechanism to manage differences between selections in product agnostic control files and specific products using product profiles. This mechanism makes the profiles more transparent and removing Jinja2 macros from control files also allow us to use automation to process control files.

Review Hints:

CI tests should be enough to validate the changes.
Jinja2 macros were removed and the same outcome was achieved by updating the relevant product profiles when necessary.

The commits are organized by control files and produces, so it may be easier to review one by one.

UPDATE: The first 8 commits are part of the initial PR. The others are about fixing YAML lint issues.

A similar effort was already made in the past: #13180

@marcusburghardt marcusburghardt requested review from a team as code owners June 18, 2025 07:53
@marcusburghardt marcusburghardt added this to the 0.1.78 milestone Jun 18, 2025
@jan-cerny
Copy link
Collaborator

There is already a better mechanism to manage differences between selections in product agnostic control files and specific products using product profiles.

An alternative could be to introduce more structured schema for control YAML files, allowing us to define product-specific rules without having to involve Jinja2:

rules:
  - generic_rule_for_all
  - product=rhel9: rhel9_specific_rule
  - product_family=debian: debian_family_rule

@marcusburghardt
Copy link
Member Author

marcusburghardt commented Jun 18, 2025
edited
Loading

There is already a better mechanism to manage differences between selections in product agnostic control files and specific products using product profiles.

An alternative could be to introduce more structured schema for control YAML files, allowing us to define product-specific rules without having to involve Jinja2:

rules:
  - generic_rule_for_all
  - product=rhel9: rhel9_specific_rule
  - product_family=debian: debian_family_rule

That is a nice idea @jan-cerny . I think that for now it is simpler to just remove the macros and manage the deltas in profiles. They are usually exceptions and not a big deal to edit few files. Actually, I personally like the simplicity of centralizing the profiles particularities in profile files. In any case, any mechanism that maintain the YAML syntax integer, so external scripts and integrations can process these files without needing to load and render Jinja2 macros would work.

@marcusburghardt
Remove Jinja2 in ANSSI control file R32
5e5efd2 
ANSSI is a product agnostic profile and should include rules applicable
to multiple products. If a rule in a product agnostic profile is not
applicable to a specific product, it should be unselected on profile
level.

Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
@marcusburghardt
Unselect rhel and ol rules in ANSSI profiles for debian
433769b 
Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
@marcusburghardt
Unselect rhel and ol rules in ANSSI profiles for sle
0b90b6c 
Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
@marcusburghardt
Remove Jinja2 in ANSSI control file R62
74cfc46 
It is not necessary to use Jinja2. The exceptions can be treated in
profile level. It is more readable and a way easier to work with
automation when there is no Jinja2 in controls.

Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
@marcusburghardt
Treat ANSSI exceptions for rhel in profiles
3db02af 
Most of the exceptions were already in profiles. Treating only a few
cases with Jinja2 is not consistent and make it harder to integrate
automation.

Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
@marcusburghardt
Remove unnecessary Jinja2 in e8 control file
adbd49f 
The same result can be better treated in profile files without jinja2.

Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
@marcusburghardt
Treat e8 exceptions for rhel in profiles
22489bb 
Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
@marcusburghardt
Remove unnecessary Jinja2 macro in HIPAA control file
a791219 
This macro is useless since the rules are already excluded in rhel
profiles.

Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
@marcusburghardt marcusburghardt force-pushed the jinja2_in_controls_nr2 branch from af53fd8 to a791219 Compare June 19, 2025 10:03
@marcusburghardt
Copy link
Member Author

Rebased and force-pushed to resolve the conflicts.

@marcusburghardt
chore: fix indentation in anssi control file
6a9bdf4 
Aligned the YAML indentation with the project style guides since we have
now CI tests checking YAML format consistencies.

Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
@marcusburghardt
chore: fix indentation in e8 control file
fd1af05 
Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
@marcusburghardt
chore: fix indentation in hipaa control file
ca19ea1 
The control file was introduced with many extra spaces. This was fixed
now.

Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
@marcusburghardt
chore: fix yaml lint issues in debian13 profile
54474a0 
Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
@marcusburghardt
chore: fix yaml lint issues in sle profiles
965030c 
Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
@marcusburghardt
Copy link
Member Author

Included more commits to fix the YAML lint issues caught by CI Lint test. PR description updated in Review Hints section.

@marcusburghardt marcusburghardt requested a review from Mab879 June 19, 2025 19:06
@qlty-cloud-legacy Qlty Cloud (Legacy)
Copy link

Code Climate has analyzed commit 965030c and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 61.9% (0.0% change).

View more on Code Climate.

@marcusburghardt marcusburghardt mentioned this pull request Jun 19, 2025
Merged
@jan-cerny
Copy link
Collaborator

/test 4.12-images

@marcusburghardt
Copy link
Member Author

FYI @teacup-on-rockingchair

@jan-cerny jan-cerny self-assigned this Jun 23, 2025
@jan-cerny jan-cerny merged commit f1c404c into ComplianceAsCode:master Jun 23, 2025
131 checks passed
@marcusburghardt marcusburghardt deleted the jinja2_in_controls_nr2 branch June 23, 2025 11:01
@marcusburghardt marcusburghardt added the Highlight This PR/Issue should make it to the featured changelog. label Jun 23, 2025
@marcusburghardt marcusburghardt mentioned this pull request Jun 25, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@teacup-on-rockingchair teacup-on-rockingchair teacup-on-rockingchair approved these changes

@jan-cerny jan-cerny jan-cerny approved these changes

@vojtapolasek vojtapolasek Awaiting requested review from vojtapolasek

@Mab879 Mab879 Awaiting requested review from Mab879

Assignees

@jan-cerny jan-cerny

Labels

Highlight This PR/Issue should make it to the featured changelog.

Projects

None yet

Milestone

0.1.78

Development

Successfully merging this pull request may close these issues.

3 participants

@marcusburghardt @jan-cerny @teacup-on-rockingchair