| from lxml.etree import Element, SubElement, tostring |
| from subprocess import Popen, PIPE |
| import shlex |
| import re |
| import datetime |
| |
| import salt.ext.six as six |
| |
| def normalize_id(id, |
| xccdf_version='1.2', |
| typeof='profile', |
| vendor='mirantis'): |
| |
| if xccdf_version == '1.2': |
| if not re.match('^xccdf_[^_]+_{}_.+'.format(typeof), id): |
| return 'xccdf_org.{0}.content_{1}_{2}'.format(vendor, typeof, id) |
| return id |
| |
| def build_tailoring(data, id): |
| xccdf_version = data.get('xccdf_version', '1.2') |
| ns = {None: 'http://checklists.nist.gov/xccdf/{}'.format(xccdf_version)} |
| tid = normalize_id(id, xccdf_version, typeof='tailoring') |
| pid = normalize_id(data['profile'], xccdf_version, vendor='customer') |
| ext = normalize_id(data['extends'], xccdf_version) |
| tailoring = Element('Tailoring', nsmap=ns, id=tid) |
| tailoring.append(Element('benchmark', {'href': ext})) |
| |
| now = datetime.datetime.now().isoformat() |
| version = SubElement(tailoring, 'version', time=now).text = '1' |
| |
| profile = SubElement(tailoring, 'Profile', id=pid, extends=ext) |
| |
| title = SubElement(profile, 'title').text = \ |
| 'Extends {}'.format(ext) |
| |
| for key, value in six.iteritems(data.get('values', {})): |
| idref = normalize_id(key, xccdf_version, typeof='value') |
| elem = SubElement(profile, 'set-value', idref=idref) |
| elem.text = str(value) |
| return tostring(tailoring, pretty_print=True) |
| |
| def run(cmd, cwd=None): |
| # The Popen used here because the __salt__['cmd.run'] returns only stdout |
| proc = Popen(shlex.split(cmd), stdout=PIPE, stderr=PIPE, cwd=cwd) |
| (stdout, stderr) = proc.communicate() |
| return stdout, stderr, proc.returncode |