Add Openscap class
Change-Id: Ie6ac883de1ad0d78cb9ed834546bccb1d67c936c
Related-PROD: https://mirantis.jira.com/browse/PROD-19935
diff --git a/src/com/mirantis/mk/Openscap.groovy b/src/com/mirantis/mk/Openscap.groovy
new file mode 100644
index 0000000..3cce34a
--- /dev/null
+++ b/src/com/mirantis/mk/Openscap.groovy
@@ -0,0 +1,104 @@
+package com.mirantis.mk
+
+/**
+ * Run salt oscap.eval xccdf
+ *
+ * @param target the target where the benchmark will be evaluated
+ * @param evaltype what to evaluate (xccdf or oval)
+ * @param benchmark the benchmark which will be evaluated by openscap
+ * @param results_dir the directory where artifacts will be moved
+ * @param profile the XCCDF profile name
+ * @param xccdf_version XCCDF benchmark version (default 1.2)
+ * @param tailoring_id The id of your tailoring data (from the corresponding pillar)
+ */
+def openscapEval(master, target, evaltype, benchmark, results_dir, profile='default', xccdf_version='1.2', tailoring_id='None') {
+ def salt = new com.mirantis.mk.Salt()
+ def common = new com.mirantis.mk.Common()
+ try {
+ salt.runSaltProcessStep(master, target, 'oscap.eval', [evaltype, benchmark, results_dir="$results_dir", profile="$profile", xccdf_version="$xccdf_version", tailoring_id="$tailoring_id"])
+ } catch (Throwable e) {
+ common.errorMsg("Opescap evaluation have failed")
+ }
+}
+
+/**
+ * Upload results to the security dashboard
+ *
+ * @param url the security dashboard url
+ * @param file the file to upload
+ * @param cloud_name the cloud_name
+ * @param nodename the scanned node name
+ */
+def uploadScanResultsToDashboard(url, file, cloud_name, nodename) {
+ def common = new com.mirantis.mk.Common()
+ try {
+ withCredentials([
+ [$class : 'UsernamePasswordMultiBinding',
+ credentialsId : 'dashboard',
+ passwordVariable : 'DASHBOARD_PASSWORD',
+ usernameVariable : 'DASHBOARD_LOGIN']
+ ]) {
+ sh "bash -c \"curl -X PUT -d@${file} -u ${DASHBOARD_LOGIN}:${DASHBOARD_PASSWORD} \'${url}\'\""
+ }
+ } catch (Throwable e) {
+ common.errorMsg("Can't upload scanning results to the security dashboard")
+ }
+}
+
+/**
+ * Copy evaluation results.xml to the master node
+ *
+ * @param master the salt master
+ * @param target the salt target
+ * @param source the target source directory
+ * @param destination the destination directory on the master
+ */
+def copyResultsXml(master, target, source, destination) {
+ def salt = new com.mirantis.mk.Salt()
+ def common = new com.mirantis.mk.Common()
+ try {
+ writeFile file: destination, text: salt.GetFileContent(master, target, source)
+ } catch (Throwable e) {
+ common.errorMsg("Can't upload scanning results to the security dashboard")
+ }
+}
+
+/**
+ * Archive evaluating results
+ *
+ * @param master the salt master
+ * @param target the salt target
+ * @param source the directory with scanning results
+ * @param destitation the archive output file
+ */
+def archiveScanResults(master, target, source, destination) {
+ def common = new com.mirantis.mk.Common()
+ def salt = new com.mirantis.mk.Salt()
+ def tempArchive = '/tmp/openscap-temp.tar'
+ try {
+ salt.runSaltProcessStep(master, target, 'file.remove', tempArchive)
+ salt.runSaltProcessStep(master, target, 'archive.tar', ['cf', tempArchive, source])
+
+ writeFile file: destination, text: salt.GetFileContent(master, target, tempArchive)
+
+ salt.runSaltProcessStep(master, target, 'file.remove', source)
+ salt.runSaltProcessStep(master, target, 'file.remove', tempArchive)
+ } catch (Throwable e) {
+ common.errorMsg("Can't archive results on ${target}")
+ }
+}
+
+/**
+ * Archive openscap scan results in Artifacts
+ *
+ * @param source the artifacts dir path
+ */
+def archiveOpenscapArtifacts(source) {
+ def common = new com.mirantis.mk.Common()
+ try {
+ archiveArtifacts artifacts: "${source}"
+ } catch (Throwable e) {
+ common.errorMsg("Can't archive artifacts")
+ }
+}
+