Create openscap formula
This formula allows to install openscap schemas and utils.
Also, here is a simple oscap execution module.
Change-Id: Ib113f9a739deafbc4cf85c97b071636d0161cb54
Closes-PROD: https://mirantis.jira.com/browse/PROD-20392
diff --git a/_modules/oscap/commands.py b/_modules/oscap/commands.py
new file mode 100644
index 0000000..44c703d
--- /dev/null
+++ b/_modules/oscap/commands.py
@@ -0,0 +1,51 @@
+from __future__ import absolute_import
+import tempfile
+import os
+from oscap.utils import build_tailoring, normalize_id, run
+
+def oscap_has_sce():
+ (stdout, _, _) = run('oscap -V')
+ return any([x for x in stdout.splitlines() if x.startswith('SCE Vers')])
+
+def xccdf(benchmark,
+ pillar_data=None,
+ xccdf_version='1.2',
+ profile='default',
+ tailoring_id=None):
+
+ tailoring_file = None
+ profile = normalize_id(profile, xccdf_version=xccdf_version)
+
+ tempdir = tempfile.mkdtemp(prefix='oscap-')
+
+ if pillar_data:
+ if not tailoring_id:
+ raise Exception('Tailoring id must be set!')
+ profile = normalize_id(pillar_data['profile'], typeof='profile')
+ tailoring_file = os.path.join(tempdir, 'tailoring.xml')
+
+ cmd = 'oscap xccdf eval --profile {profile} ' +\
+ '--results results.xml --report report.html'
+ if oscap_has_sce():
+ cmd += ' --sce-results'
+ if tailoring_file:
+ cmd += ' --tailoring-file {tailoring_file}'
+ cmd += ' {benchmark}'
+ cmd = cmd.format(profile=profile,
+ tailoring_file=tailoring_file,
+ benchmark=benchmark)
+
+ if tailoring_file:
+ with open(tailoring_file, 'w') as f:
+ f.write(build_tailoring(pillar_data, tailoring_id))
+
+ stdout, stderr, rc = run(cmd, tempdir)
+ return stdout, stderr, rc, tempdir
+
+def oval(benchmark):
+ tempdir = tempfile.mkdtemp(prefix='oscap-')
+ cmd = 'oscap oval eval --results results.xml --report report.html {}'
+ cmd = cmd.format(benchmark)
+
+ stdout, stderr, rc = run(cmd, tempdir)
+ return stdout, stderr, rc, tempdir