src/com/mirantis/mk/Openscap.groovy

package com.mirantis.mk

/**
 * Run salt oscap.eval xccdf
 *
 * @param target            the target where the benchmark will be evaluated
 * @param evaltype          what to evaluate (xccdf or oval)
 * @param benchmark         the benchmark which will be evaluated by openscap
 * @param results_dir       the directory where artifacts will be moved
 * @param profile           the XCCDF profile name
 * @param xccdf_version     XCCDF benchmark version (default 1.2)
 * @param tailoring_id      The id of your tailoring data (from the corresponding pillar)
 */
def openscapEval(master, target, evaltype, benchmark, results_dir, profile='default', xccdf_version='1.2', tailoring_id='None') {
    def salt = new com.mirantis.mk.Salt()
    def common = new com.mirantis.mk.Common()
    try {
        salt.runSaltProcessStep(master, target, 'oscap.eval', [evaltype, benchmark, results_dir="$results_dir", profile="$profile", xccdf_version="$xccdf_version", tailoring_id="$tailoring_id"])
    } catch (Throwable e) {
        common.errorMsg("Opescap evaluation have failed")
    }
}

/**
 * Upload results to the security dashboard
 *
 * @param url           the security dashboard url
 * @param file          the file to upload
 * @param cloud_name    the cloud_name
 * @param nodename      the scanned node name
 */
def uploadScanResultsToDashboard(url, file, cloud_name, nodename) {
    def common = new com.mirantis.mk.Common()
    try {
        withCredentials([
            [$class             : 'UsernamePasswordMultiBinding',
             credentialsId      : 'dashboard',
             passwordVariable   : 'DASHBOARD_PASSWORD',
             usernameVariable   : 'DASHBOARD_LOGIN']
        ]) {
            sh "bash -c \"curl -X PUT -d@${file} -u ${DASHBOARD_LOGIN}:${DASHBOARD_PASSWORD} \'${url}\'\""
        }
    } catch (Throwable e) {
        common.errorMsg("Can't upload scanning results to the security dashboard")
    }
}

/**
 * Copy evaluation results.xml to the master node
 *
 * @param master        the salt master
 * @param target        the salt target
 * @param source        the target source directory
 * @param destination   the destination directory on the master
 */
def copyResultsXml(master, target, source, destination) {
    def salt = new com.mirantis.mk.Salt()
    def common = new com.mirantis.mk.Common()
    try {
        writeFile file: destination, text: salt.GetFileContent(master, target, source)
    } catch (Throwable e) {
        common.errorMsg("Can't upload scanning results to the security dashboard")
    }
}

/**
 * Archive evaluating results
 *
 * @param master        the salt master
 * @param target        the salt target
 * @param source        the directory with scanning results
 * @param destitation   the archive output file
 */
def archiveScanResults(master, target, source, destination) {
    def common = new com.mirantis.mk.Common()
    def salt = new com.mirantis.mk.Salt()
    def tempArchive = '/tmp/openscap-temp.tar'
    try {
        salt.runSaltProcessStep(master, target, 'file.remove', tempArchive)
        salt.runSaltProcessStep(master, target, 'archive.tar', ['cf', tempArchive, source])

        writeFile file: destination, text: salt.GetFileContent(master, target, tempArchive)

        salt.runSaltProcessStep(master, target, 'file.remove', source)
        salt.runSaltProcessStep(master, target, 'file.remove', tempArchive)
    } catch (Throwable e) {
        common.errorMsg("Can't archive results on ${target}")
    }
}

/**
 * Archive openscap scan results in Artifacts
 *
 * @param source    the artifacts dir path
 */
def archiveOpenscapArtifacts(source) {
    def common = new com.mirantis.mk.Common()
    try {
        archiveArtifacts artifacts: "${source}"
    } catch (Throwable e) {
        common.errorMsg("Can't archive artifacts")
    }
}