v1/oscap: detect policy customization changes using snapshots (HMS-9058) #1685
+1,027
−122
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mgold1234
force-pushed
the
linting
branch
3 times, most recently
from
4442539 to
27fd842
Compare
mgold1234
force-pushed
the
linting
branch
14 times, most recently
from
65bab69 to
57d698c
Compare
mgold1234
force-pushed
the
linting
branch
7 times, most recently
from
6039715 to
0148f26
Compare
mgold1234
force-pushed
the
linting
branch
13 times, most recently
from
6decdfc to
839d51b
Compare
ondrejbudai
changed the title
mgold1234
force-pushed
the
linting
branch
9 times, most recently
from
7da811f to
ce1860d
Compare
Refactor lintBlueprint to delegate OpenSCAP-specific validation and error handling to lintOpenscap. This simplifies lintBlueprint and improves separation of concerns, making it easier to add other lintable components in the future. Moved: - nil check for Customizations.Openscap - AsOpenSCAPCompliance() validation and error handling - ErrorTailoringNotFound handling logic This change follows review feedback to make lintBlueprint more generic and better structured.
Fix two functions that called 'lintOpenscap' with empty Customizations lacking policy ID context, causing policy data to be ignored and empty results returned. 'GetOscapCustomizationsForPolicy' and 'buildServiceSnapshots' now create an OpenSCAP object with the correct policy ID before invoking lintOpenscap. This ensures policy-specific packages, services, and FIPS settings are properly retrieved and processed. Refactored error handling to a switch statement for improved clarity and maintainability. Without this fix, compliance workflows failed silently with empty customizations, breaking blueprint creation and policy endpoints. Fixes: - TestGetCustomizations/Get_customizations_for_policy_matches - TestGetCustomizations/Get_customizations_for_policy_errors - TestBlueprintCreationRollbackOnPolicyFailure - TestBlueprintComplianceSnapshot
This commit adds comparing the snapshotted policy customizations with the current policy customizations, to generate warnings/ detect when a compliance policy has made a customization no longer required
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commits refactors lintBlueprint and adds snapshot comparison to detect compliance policy changes that add/remove blueprint requirements.
Fixup automatically adds missing items but only warns about items no longer required.
JIRA: HMS-9058