Improve the autotailor script #2039
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Instead of repeating the smae string all over the place, let's have a single constant defined and then used.
If the `--new-profile-id` isn't provided by the user, we will create the ID of the customized profile ID by appending the `_customized` suffix to the base profile ID. This change makes the behavior according to the help text of the `--new-profile-id` option: > If left out, the new ID will be obtained by appending '_customized' > to the tailored profile ID.
and fix the failed asserts
We will move the condition that determines the ID of the customized profile into the `Tailoring` class. This move helps encapsulate code and also allows easier unit testing of this feature which we immediately use to write a unit test in this commit as well :)
This patch adds two new command line options `--rule-role` and `--rule-severity` that will allow users to refine rule role and rule seveirty in their customized profile. Using these options will generate `refine-rule` elements within the output tailoring file. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2058168
This patch moves the logic for assigning the XCCDF Values for outer space inside the Tailoring class by defining a method.
Explicitly setting namespaces of elements is the recommended way of using namespaces. It helps prevent namespace errors. Also, it simplifies unit testing of code that works with XML elements.
The new name of the variable better describes its actual contents.
This commit adds an integration test for autotailor. The goal of the test is to verify if the tailoring produced by autotailor can be loaded and consumed by oscap and if the generated tailoring leads to the intended behavior of the profile evaluation.
The result will be that the autotailor unit tests will be executed during the CTest which is run in our CI.
evgenyz
requested changes
Oct 4, 2023
There was a problem hiding this comment.
In general I approve the changes. Awesome! Thank you.
There are a couple of nitpicks, though. See individual notes.
Also I imagined that a new tool could use little bit more of modern syntax sugar. What do you think, should we embrace f-strings in autotailor?
| assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R1"]/result[text()="pass"]' | ||
| assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R2"]/result[text()="pass"]' | ||
| assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R3"]/result[text()="notselected"]' | ||
| assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R4"]/result[text()="notselected"]' |
utils/autotailor.8
Outdated
| @@ -5,7 +5,7 @@ autotailor \- CLI tool for tailoring of SCAP data streams. | |||
| autotailor produces tailoring files that SCAP-compliant scanners can use to complement SCAP data streams. | |||
| A tailoring file adds a new profile, which is supposed to extend a profile that is already present in the data stream. | |||
|
|
|||
| Tailoring can add or remove rules, and it can redefine contents of XCCDF variables. | |||
| Tailoring can add or remove rules, refine rules, and it can redefine contents of XCCDF variables. | |||
There was a problem hiding this comment.
Suggested change
| Tailoring can add or remove rules, refine rules, and it can redefine contents of XCCDF variables. | |
| Tailoring can add, remove or refine rules, and it also can redefine contents of XCCDF variables. |
evgenyz
reviewed
Oct 4, 2023
utils/autotailor
Outdated
| @staticmethod | ||
| def _validate_rule_refinement_params(rule_id, attribute, value): | ||
| if not is_valid_xccdf_id(rule_id): | ||
| msg = "Rule id '{rule_id}' is invalid!".format(rule_id=rule_id) |
There was a problem hiding this comment.
As we operate with Python 3 in 1.3.x we probably can do this:
Suggested change
| msg = "Rule id '{rule_id}' is invalid!".format(rule_id=rule_id) | |
| msg = f"Rule id '{rule_id}' is invalid!" |
evgenyz
reviewed
Oct 4, 2023
| benchmark.set("href", datastream_uri) | ||
|
|
||
| version = ET.SubElement(root, "xccdf-1.2:version") | ||
| version = ET.SubElement(root, "{%s}version" % NS) |
There was a problem hiding this comment.
And this:
Suggested change
| version = ET.SubElement(root, "{%s}version" % NS) | |
| version = ET.SubElement(root, f"{NS}version") |
There was a problem hiding this comment.
You actually need to escape the braces: f"{{{NS}}}version", so here I prefer to use the % form.
evgenyz
reviewed
Oct 4, 2023
| "If left out, the new ID will be obtained " | ||
| "The ID of the new profile can be either its full ID, or the suffix, " | ||
| "in which case the 'xccdf_<id-namespace>_profile_' prefix will be " | ||
| "prepended internally. If left out, the new ID will be obtained " | ||
| "by appending '{suffix}' to the tailored profile ID." | ||
| .format(suffix=DEFAULT_PROFILE_SUFFIX)) |
There was a problem hiding this comment.
But this might not be worthy of converting into a block of f-strings.
evgenyz
reviewed
Oct 4, 2023
utils/autotailor
Outdated
| "Can't refine {attribute} of rule '{rule_id}' to '{value}'. " | ||
| "Allowed {attribute} values are: {allowed}.".format( | ||
| attribute=attribute, rule_id=rule_id, value=value, | ||
| allowed=allowed)) |
There was a problem hiding this comment.
And this: f"Can't refine {attribute} of rule '{rule_id}' to '{value}'. Allowed {attribute} values are: {allowed}.".
|
Test failures are not connected to the autotailor. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request improves the
autotailorutility. The goal of the improvements is that theautotailorcan be used for real-world usage and easily extended in future. Specifically, these are the changes made in this PR:--rule-roleand--rule-severityto refine rules roles and severitiesFor more details, please read commit messages of every commit.
This PR supersedes PR #1877.