Add a refine-rule tailoring ability to autotailor#1877
Closed
matejak wants to merge 18 commits intoOpenSCAP:maint-1.3from
Closed
Add a refine-rule tailoring ability to autotailor#1877matejak wants to merge 18 commits intoOpenSCAP:maint-1.3from
matejak wants to merge 18 commits intoOpenSCAP:maint-1.3from
Conversation
jan-cerny
reviewed
Jul 28, 2022
utils/autotailor
Outdated
| change = ET.SubElement(profile, "xccdf-1.2:set-value") | ||
| change.set("idref", self._full_var_id(varname)) | ||
| change.text = str(value) | ||
| self._add_rule_select_operations(container_element)(profile) |
Member
There was a problem hiding this comment.
It doesn't look right
[jcerny@thinkpad openscap{pr/1877}]$ utils/autotailor /usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml standard
Traceback (most recent call last):
File "/home/jcerny/work/git/openscap/utils/autotailor", line 205, in <module>
t.to_xml(args.output)
File "/home/jcerny/work/git/openscap/utils/autotailor", line 120, in to_xml
self._add_rule_select_operations(container_element)(profile)
NameError: name 'container_element' is not defined
Member
There was a problem hiding this comment.
I feel like we should start adding unit tests for the autotailor tool.
Instead of repeating the smae string all over the place, let's have a single constant defined and then used.
If the `--new-profile-id` isn't provided by the user, we will create the ID of the customized profile ID by appending the `_customized` suffix to the base profile ID. This change makes the behavior according to the help text of the `--new-profile-id` option: > If left out, the new ID will be obtained by appending '_customized' > to the tailored profile ID.
and fix the failed asserts
We will move the condition that determines the ID of the customized profile into the `Tailoring` class. This move helps encapsulate code and also allows easier unit testing of this feature which we immediately use to write a unit test in this commit as well :)
This patch adds two new command line options `--rule-role` and `--rule-severity` that will allow users to refine rule role and rule seveirty in their customized profile. Using these options will generate `refine-rule` elements within the output tailoring file. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2058168
This patch moves the logic for assigning the XCCDF Values for outer space inside the Tailoring class by defining a method.
Explicitly setting namespaces of elements is the recommended way of using namespaces. It helps prevent namespace errors. Also, it simplifies unit testing of code that works with XML elements.
The new name of the variable better describes its actual contents.
This commit adds an integration test for autotailor. The goal of the test is to verify if the tailoring produced by autotailor can be loaded and consumed by oscap and if the generated tailoring leads to the intended behavior of the profile evaluation.
The result will be that the autotailor unit tests will be executed during the CTest which is run in our CI.
jan-cerny
force-pushed
the
autotailor_refine_rule
branch
from
21df149 to
48c013b
Compare
|
Hello @matejak! Thanks for updating this PR. We checked the lines you've touched for PEP 8 issues, and found:
Comment last updated at 2023-10-03 13:14:53 UTC |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Member
|
This PR has been replaced by #2039 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2058168