Implement a tool for parsing profiles and outputing rules

[rhmdnd]

This adds the basic skeleton of a tool that parses CIS profiles using an
XLSX parser and converts controls to rules that we can use in OpenSCAP.

The primary purpose is to help maintain CIS profiles by generating most
of the boilerplate rule template.

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment

Oracle Linux 8 Environment

[Mab879]

Thanks for the PR!

I have few other items that are not in my code comments:

• Please take look at the Code Climate findings. Especially the PEP8 findings.
• Add some documentation about this script in docs/manual/developer/05_tools_and_utilities.md. Explaining what format of spreadsheets is needed would be helpful.

[Mab879]

please move this to a method

[rhmdnd]

Thanks for the review @Mab879 - I still need to get the documentation ironed out.

[rhmdnd]

The Section, Control, and Benchmark classes really could be their own library. That'd actually be pretty useful in other scripts, too.

[jhrozek]

to bring a slack conversation over here and tag @Mab879 - would it be a good idea to merge this class with the control class from srg/controls.py?

[rhmdnd]

There is another version of this in #10469

@Mab879 what are your thoughts on a shared library that modes a benchmark?

[Mab879]

I think that shared library would sense.

[rhmdnd]

Ok - I'll help get the deps squared away in #10474 and #10473. Then I'll start pulling the common bits into a shared library that we can import as a python-specific requirement.

[rhmdnd]

I threw together a quick library https://github.com/rhmdnd/pycompliance

[rhmdnd]

This is based on the latest content in https://github.com/rhmdnd/pycompliance

If folks are ok with that approach, I'll package it and release to PyPI.

[yuumasato]

Is it correct to say that this library will be focused on making compliance content in various formats (xslx, pdf) available in CaC content formats (i.e. controls, profiles, rule in yaml)?

[rhmdnd]

I wasn't sure if we'd want to put all the parsing in the pycompliance library. I kept it pretty limited so that it only focused on the common parts of my script and the script from #10469

[rhmdnd]

The tool currently outputs the following if you have the benchmark available locally:

$ python utils/generate_profile.py -i ~/Downloads/CIS_RedHat_OpenShift_Container_Platform_Benchmark_v1.3.0.xlsx -p ocp generate -c 2.3
documentation_complete: false
prodtype: ocp
title: |-
  Ensure that the --auto-tls argument is not set to true
description: |-
  Do not use self-signed certificates for TLS.
rationale: |-
  etcd is a highly-available key value store used by Kubernetes deployments for persistent storage of all of its REST API objects. These objects are sensitive in nature and should not be available to unauthenticated clients. You should enable the client authentication via valid certificates to secure the access to the etcd service.
severity: PLACEHOLDER
references: PLACEHOLDER
ocil: PLACEHOLDER
ocil_clause: PLACEHOLDER
warnings: PLACEHOLDER
template: PLACEHOLDER

[yuumasato]

I like and support the direction the library and script are going

[yuumasato]

Maybe the XLSXParser should actually be in pycompliance library?

[rhmdnd]

It could be. I figured once we take that step, we may get asked to support parsing additional formats (PDFs).

[yuumasato]

And in the future these columns would be easily customizable for other spreadsheets, not only CIS.

[yuumasato]

Is it correct to say that this library will be focused on making compliance content in various formats (xslx, pdf) available in CaC content formats (i.e. controls, profiles, rule in yaml)?

[yuumasato]

@Mab879 Do you have anything to add?

[Mab879]

@Mab879 Do you have anything to add?

I would like some basic docs before this merged.

[Mab879]

Looks good other than that one code climate issue. Once that is fixed we should be good to merge.

[rhmdnd]

Looks good other than that one code climate issue. Once that is fixed we should be good to merge.

Fixed - thanks for the reviews!

[Mab879]

Thanks!

[codeclimate]

Code Climate has analyzed commit 1c5812d and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 52.4% (0.0% change).

View more on Code Climate.

[rhmdnd]

Thanks!

I'll get a pycompliance release on PyPI tomorrow and we can iterate there.

[Mab879]

/packit build