Rename option

Rename automatus.py option `--remove-machine-only` to
`--make-applicable-in-containers`. The new name better expresses the
actual purpose of this option. Renaming it also removes the confusion
about the "machine" platform.  Consequently, rename this option also in
the wrapper script test_rule_in_container.sh.

.github/workflows/automatus-cs9.yaml

@@ -136,7 +136,7 @@ jobs:
  name: ${{ env.DATASTREAM }}
  - name: Run tests in a container - Bash
  if: ${{steps.bash.outputs.prop == 'True' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
- run: tests/test_rule_in_container.sh --no-remove-machine-only --dontclean --logdir logs_bash --remediate-using bash --name ssg_test_suite --datastream $DATASTREAM ${{join(fromJSON(steps.rules.outputs.prop))}}
+ run: tests/test_rule_in_container.sh --no-make-applicable-in-containers --dontclean --logdir logs_bash --remediate-using bash --name ssg_test_suite --datastream $DATASTREAM ${{join(fromJSON(steps.rules.outputs.prop))}}
  env:
  ADDITIONAL_TEST_OPTIONS: "--duplicate-templates --remove-fips-certified --product rhel9"
  - name: Check for ERROR in logs
@@ -157,7 +157,7 @@ jobs:
  path: logs_bash/
  - name: Run tests in a container - Ansible
  if: ${{ steps.ansible.outputs.prop == 'True' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
- run: tests/test_rule_in_container.sh --no-remove-machine-only --dontclean --logdir logs_ansible --remediate-using ansible --name ssg_test_suite --datastream $DATASTREAM ${{join(fromJSON(steps.rules.outputs.prop))}}
+ run: tests/test_rule_in_container.sh --no-make-applicable-in-containers --dontclean --logdir logs_ansible --remediate-using ansible --name ssg_test_suite --datastream $DATASTREAM ${{join(fromJSON(steps.rules.outputs.prop))}}
  env:
  ADDITIONAL_TEST_OPTIONS: "--duplicate-templates --remove-fips-certified --product rhel9"
  - name: Check for ERROR in logs

.github/workflows/automatus-debian12.yaml

@@ -152,7 +152,7 @@ jobs:
  name: ${{ env.DATASTREAM }}
  - name: Run tests in a container - Bash
  if: ${{steps.bash.outputs.prop == 'True' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
- run: tests/test_rule_in_container.sh --no-remove-machine-only --dontclean --logdir logs_bash --remediate-using bash --name ssg_test_suite --datastream $DATASTREAM ${{join(fromJSON(steps.rules.outputs.prop))}}
+ run: tests/test_rule_in_container.sh --no-make-applicable-in-containers --dontclean --logdir logs_bash --remediate-using bash --name ssg_test_suite --datastream $DATASTREAM ${{join(fromJSON(steps.rules.outputs.prop))}}
  env:
  ADDITIONAL_TEST_OPTIONS: "--duplicate-templates --remove-fips-certified"
  - name: Check for ERROR in logs
@@ -173,7 +173,7 @@ jobs:
  path: logs_bash/
  - name: Run tests in a container - Ansible
  if: ${{ steps.ansible.outputs.prop == 'True' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
- run: tests/test_rule_in_container.sh --no-remove-machine-only --dontclean --logdir logs_ansible --remediate-using ansible --name ssg_test_suite --datastream $DATASTREAM ${{join(fromJSON(steps.rules.outputs.prop))}}
+ run: tests/test_rule_in_container.sh --no-make-applicable-in-containers --dontclean --logdir logs_ansible --remediate-using ansible --name ssg_test_suite --datastream $DATASTREAM ${{join(fromJSON(steps.rules.outputs.prop))}}
  env:
  ADDITIONAL_TEST_OPTIONS: "--duplicate-templates --remove-fips-certified --product debian12"
  - name: Check for ERROR in logs

.github/workflows/automatus-sanity.yaml

@@ -53,13 +53,13 @@ jobs:
  with:
  name: ${{ env.DATASTREAM }}
  - name: Check One Rule
- run: ./tests/automatus.py rule --remove-platforms --remove-machine-only --logdir log_rule --datastream ssg-fedora-ds.xml --container ssg_test_suite package_sudo_installed
+ run: ./tests/automatus.py rule --remove-platforms --make-applicable-in-containers --logdir log_rule --datastream ssg-fedora-ds.xml --container ssg_test_suite package_sudo_installed
  - name: Check One Rule - Ansible
- run: ./tests/automatus.py rule --remove-platforms --remove-machine-only --logdir log_rule_ansible --remediate-using ansible --datastream ssg-fedora-ds.xml --container ssg_test_suite package_sudo_installed
+ run: ./tests/automatus.py rule --remove-platforms --make-applicable-in-containers --logdir log_rule_ansible --remediate-using ansible --datastream ssg-fedora-ds.xml --container ssg_test_suite package_sudo_installed
  - name: Check Profile Mode
- run: ./tests/automatus.py profile --remove-platforms --remove-machine-only --logdir log_profile --datastream ssg-fedora-ds.xml --container ssg_test_suite test
+ run: ./tests/automatus.py profile --remove-platforms --make-applicable-in-containers --logdir log_profile --datastream ssg-fedora-ds.xml --container ssg_test_suite test
  - name: Check Combined Mode
- run: ./tests/automatus.py combined --remove-platforms --remove-machine-only --logdir log_combined --datastream ssg-fedora-ds.xml --container ssg_test_suite test
+ run: ./tests/automatus.py combined --remove-platforms --make-applicable-in-containers --logdir log_combined --datastream ssg-fedora-ds.xml --container ssg_test_suite test
  - name: Check Template Mode
  run: ./tests/automatus.py template --logdir log_template --datastream ssg-fedora-ds.xml --container ssg_test_suite --slice 1 15 file_owner
  - name: Check for ERROR in logs

.github/workflows/automatus-sle15.yaml

@@ -144,7 +144,7 @@ jobs:
  name: ${{ env.DATASTREAM }}
  - name: Run tests in a container - Bash
  if: ${{steps.bash.outputs.prop == 'True' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
- run: tests/test_rule_in_container.sh --no-remove-machine-only --dontclean --logdir logs_bash --remediate-using bash --name ssg_test_suite --datastream $DATASTREAM ${{join(fromJSON(steps.rules.outputs.prop))}}
+ run: tests/test_rule_in_container.sh --no-make-applicable-in-containers --dontclean --logdir logs_bash --remediate-using bash --name ssg_test_suite --datastream $DATASTREAM ${{join(fromJSON(steps.rules.outputs.prop))}}
  env:
  ADDITIONAL_TEST_OPTIONS: "--duplicate-templates --remove-fips-certified --product sle15"
  - name: Check for ERROR in logs
@@ -165,7 +165,7 @@ jobs:
  path: logs_bash/
  - name: Run tests in a container - Ansible
  if: ${{ steps.ansible.outputs.prop == 'True' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
- run: tests/test_rule_in_container.sh --no-remove-machine-only --dontclean --logdir logs_ansible --remediate-using ansible --name ssg_test_suite --datastream $DATASTREAM ${{join(fromJSON(steps.rules.outputs.prop))}}
+ run: tests/test_rule_in_container.sh --no-make-applicable-in-containers --dontclean --logdir logs_ansible --remediate-using ansible --name ssg_test_suite --datastream $DATASTREAM ${{join(fromJSON(steps.rules.outputs.prop))}}
  env:
  ADDITIONAL_TEST_OPTIONS: "--duplicate-templates --remove-fips-certified --product sle15"
  - name: Check for ERROR in logs

.github/workflows/automatus-ubi8.yaml

@@ -136,7 +136,7 @@ jobs:
  name: ${{ env.DATASTREAM }}
  - name: Run tests in a container - Bash
  if: ${{steps.bash.outputs.prop == 'True' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
- run: tests/test_rule_in_container.sh --no-remove-machine-only --dontclean --logdir logs_bash --remediate-using bash --name ssg_test_suite --datastream $DATASTREAM ${{join(fromJSON(steps.rules.outputs.prop))}}
+ run: tests/test_rule_in_container.sh --no-make-applicable-in-containers --dontclean --logdir logs_bash --remediate-using bash --name ssg_test_suite --datastream $DATASTREAM ${{join(fromJSON(steps.rules.outputs.prop))}}
  env:
  ADDITIONAL_TEST_OPTIONS: "--duplicate-templates --remove-fips-certified --product rhel8"
  - name: Check for ERROR in logs
@@ -157,7 +157,7 @@ jobs:
  path: logs_bash/
  - name: Run tests in a container - Ansible
  if: ${{ steps.ansible.outputs.prop == 'True' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
- run: tests/test_rule_in_container.sh --no-remove-machine-only --dontclean --logdir logs_ansible --remediate-using ansible --name ssg_test_suite --datastream $DATASTREAM ${{join(fromJSON(steps.rules.outputs.prop))}}
+ run: tests/test_rule_in_container.sh --no-make-applicable-in-containers --dontclean --logdir logs_ansible --remediate-using ansible --name ssg_test_suite --datastream $DATASTREAM ${{join(fromJSON(steps.rules.outputs.prop))}}
  env:
  ADDITIONAL_TEST_OPTIONS: "--duplicate-templates --remove-fips-certified --product rhel8"
  - name: Check for ERROR in logs

.github/workflows/automatus-ubuntu2204.yaml

@@ -152,7 +152,7 @@ jobs:
  name: ${{ env.DATASTREAM }}
  - name: Run tests in a container - Bash
  if: ${{steps.bash.outputs.prop == 'True' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
- run: tests/test_rule_in_container.sh --no-remove-machine-only --dontclean --logdir logs_bash --remediate-using bash --name ssg_test_suite --datastream $DATASTREAM ${{join(fromJSON(steps.rules.outputs.prop))}}
+ run: tests/test_rule_in_container.sh --no-make-applicable-in-containers --dontclean --logdir logs_bash --remediate-using bash --name ssg_test_suite --datastream $DATASTREAM ${{join(fromJSON(steps.rules.outputs.prop))}}
  env:
  ADDITIONAL_TEST_OPTIONS: "--duplicate-templates --remove-fips-certified"
  - name: Check for ERROR in logs
@@ -173,7 +173,7 @@ jobs:
  path: logs_bash/
  - name: Run tests in a container - Ansible
  if: ${{ steps.ansible.outputs.prop == 'True' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
- run: tests/test_rule_in_container.sh --no-remove-machine-only --dontclean --logdir logs_ansible --remediate-using ansible --name ssg_test_suite --datastream $DATASTREAM ${{join(fromJSON(steps.rules.outputs.prop))}}
+ run: tests/test_rule_in_container.sh --no-make-applicable-in-containers --dontclean --logdir logs_ansible --remediate-using ansible --name ssg_test_suite --datastream $DATASTREAM ${{join(fromJSON(steps.rules.outputs.prop))}}
  env:
  ADDITIONAL_TEST_OPTIONS: "--duplicate-templates --remove-fips-certified --product ubuntu2204"
  - name: Check for ERROR in logs

.github/workflows/automatus.yaml

@@ -134,7 +134,7 @@ jobs:
  name: ssg-${{steps.product.outputs.prop}}-ds.xml
  - name: Run tests in a container - Bash
  if: ${{steps.bash.outputs.prop == 'True' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
- run: tests/test_rule_in_container.sh --no-remove-machine-only --dontclean --logdir logs_bash --remediate-using bash --name ssg_test_suite --datastream ssg-${{steps.product.outputs.prop}}-ds.xml ${{join(fromJSON(steps.rules.outputs.prop))}}
+ run: tests/test_rule_in_container.sh --no-make-applicable-in-containers --dontclean --logdir logs_bash --remediate-using bash --name ssg_test_suite --datastream ssg-${{steps.product.outputs.prop}}-ds.xml ${{join(fromJSON(steps.rules.outputs.prop))}}
  env:
  ADDITIONAL_TEST_OPTIONS: "--duplicate-templates --remove-fips-certified"
  - name: Check for ERROR in logs
@@ -155,7 +155,7 @@ jobs:
  path: logs_bash/
  - name: Run tests in a container - Ansible
  if: ${{ steps.ansible.outputs.prop == 'True' && steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
- run: tests/test_rule_in_container.sh --no-remove-machine-only --dontclean --logdir logs_ansible --remediate-using ansible --name ssg_test_suite --datastream ssg-${{steps.product.outputs.prop}}-ds.xml ${{join(fromJSON(steps.rules.outputs.prop))}}
+ run: tests/test_rule_in_container.sh --no-make-applicable-in-containers --dontclean --logdir logs_ansible --remediate-using ansible --name ssg_test_suite --datastream ssg-${{steps.product.outputs.prop}}-ds.xml ${{join(fromJSON(steps.rules.outputs.prop))}}
  env:
  ADDITIONAL_TEST_OPTIONS: "--duplicate-templates --remove-fips-certified"
  - name: Check for ERROR in logs

.gitpod.launch.json

@@ -57,7 +57,7 @@
  "${workspaceFolder}/build/ssg-${input:pickProductName}-ds.xml",
  "--remediate-using",
  "${input:pickRemediationType}",
- "--remove-machine-only",
+ "--make-applicable-in-containers",
  "--remove-ocp4-only",
  "--remove-fips-certified",
  "--remove-platforms",

docs/workshop/lab3_profiles.adoc

@@ -645,7 +645,7 @@ You also add arguments to turn on full reporting, which generates XML and HTML r
  --docker {container_name} \
  --datastream build/ssg-rhel8-ds.xml \
  --remediate-using bash \
- --remove-machine-only \
+ --make-applicable-in-containers \
  --remove-platforms \
  --logdir profile-log \
  travel

docs/workshop/lab5_oval.adoc

@@ -275,7 +275,7 @@ With that in mind, execute the test suite:
  --docker {container_name} \
  --datastream build/ssg-rhel8-ds.xml \
  --remediate-using bash \
- --remove-machine-only \
+ --make-applicable-in-containers \
  --remove-platforms \
  accounts_tmout
 ----
@@ -431,7 +431,7 @@ TIP: You can use the `Up` arrow key to browse the command history so you do not
  --docker {container_name} \
  --datastream build/ssg-rhel8-ds.xml \
  --remediate-using bash \
- --remove-machine-only \
+ --make-applicable-in-containers \
  --remove-platforms \
  accounts_tmout
 ----
@@ -571,7 +571,7 @@ This way, you do not have to worry about possibly introducing those link:https:/
 [... ]$ SSH_ADDITIONAL_OPTIONS="-o IdentityFile=/workspace/content/.ssh/id_rsa" tests/automatus.py rule \
  --docker {container_name} \
  --remediate-using bash \
- --remove-machine-only \
+ --make-applicable-in-containers \
  --remove-platforms \
  accounts_tmout
 ----
@@ -654,7 +654,7 @@ fi
 [... ]$ SSH_ADDITIONAL_OPTIONS="-o IdentityFile=/workspace/content/.ssh/id_rsa" tests/automatus.py rule \
  --docker {container_name} \
  --remediate-using bash \
- --remove-machine-only \
+ --make-applicable-in-containers \
  --remove-platforms \
  accounts_tmout
 ----
@@ -703,7 +703,7 @@ This time, when rebuilt and executed again, the tests pass:
 [... ]$ SSH_ADDITIONAL_OPTIONS="-o IdentityFile=/workspace/content/.ssh/id_rsa" tests/automatus.py rule \
  --docker {container_name} \
  --remediate-using bash \
- --remove-machine-only \
+ --make-applicable-in-containers \
  --remove-platforms \
  accounts_tmout
 ----
@@ -755,7 +755,7 @@ Execute the test suite again and expect the `ERROR - Script correct_value.pass.s
 [... ]$ SSH_ADDITIONAL_OPTIONS="-o IdentityFile=/workspace/content/.ssh/id_rsa" tests/automatus.py rule \
  --docker {container_name} \
  --remediate-using bash \
- --remove-machine-only \
+ --make-applicable-in-containers \
  --remove-platforms \
  accounts_tmout
 ----
@@ -802,7 +802,7 @@ The non-capturing group that consists of `export` followed by at least one white
 [... ]$ SSH_ADDITIONAL_OPTIONS="-o IdentityFile=/workspace/content/.ssh/id_rsa" tests/automatus.py rule \
  --docker {container_name} \
  --remediate-using bash \
- --remove-machine-only \
+ --make-applicable-in-containers \
  --remove-platforms \
  accounts_tmout
 ----

tests/README.md

@@ -406,7 +406,7 @@ Using Podman:
 ```
 
 or just call the `test_rule_in_container.sh` script that passes the backend options for you
-in addition to `--remove-machine-only` and `--remove-platforms`
+in addition to `--make-applicable-in-containers` and `--remove-platforms`
 that remove some testing limitations of the container backend.
 
 Using Docker:

tests/automatus.py

@@ -92,10 +92,10 @@ def parse_args():
  "Although more low level platforms such as packages or container/machine "
  "CPE are still applicable.")
  common_parser.add_argument(
- "--remove-machine-only",
+ "--make-applicable-in-containers",
  default=False,
  action="store_true",
- help="Removes machine-only platform constraint from rules "
+ help="Removes platform constraints from rules "
  "to enable testing these rules on container backends.")
  common_parser.add_argument(
  "--remove-ocp4-only",
@@ -501,9 +501,8 @@ def main():
  with xml_operations.datastream_root(stashed_datastream, stashed_datastream) as root:
  if options.remove_platforms:
  xml_operations.remove_platforms(root)
- if options.remove_machine_only:
- xml_operations.remove_machine_platform(root)
- xml_operations.remove_machine_remediation_condition(root)
+ if options.make_applicable_in_containers:
+ xml_operations.make_applicable_in_containers(root)
  if options.remove_ocp4_only:
  xml_operations.remove_ocp4_platforms(root)
  if options.add_platform:

tests/ssg_test_suite/xml_operations.py

@@ -107,6 +107,11 @@ def instance_in_platforms(inst, platforms):
  (hasattr(platforms, "__iter__") and inst.get("idref") in platforms)
 
 
+def make_applicable_in_containers(root):
+ remove_machine_platform(root)
+ remove_machine_remediation_condition(root)
+
+
 def remove_machine_platform(root):
  remove_platforms_from_element(root, "xccdf-1.2:Rule", "cpe:/a:machine")
  remove_platforms_from_element(root, "xccdf-1.2:Group", "cpe:/a:machine")