Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate Hiera values #20

Draft
wants to merge 4 commits into
base: master
Choose a base branch
from
Draft

Validate Hiera values #20

wants to merge 4 commits into from

Conversation

silug
Copy link
Collaborator

@silug silug commented Oct 7, 2022

  • Add methods for retrieving profile names and confines
  • Compile data the way that compliance_markup does and validate the results
  • Handle a few error cases

Fixes #14

@silug silug force-pushed the issue_14 branch 3 times, most recently from 1f11b18 to 974cbf4 Compare October 11, 2022 20:11
@silug
Validate Hiera values
c1a84f6 
* Add methods for retrieving profile names and confines
* Compile data the way that compliance_markup does and validate the
  results
* Handle a few error cases

Fixes simp#14
michael-riddle
michael-riddle requested changes Oct 12, 2022
View reviewed changes
Copy link
Member

@michael-riddle michael-riddle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's error out with duplicate parameters with different values. I don't think duplicate parameters setting the same value warrant a warning.

lib/scelint.rb Outdated

if hiera.key?(setting['parameter'])
if setting['value'].class.to_s != hiera[setting['parameter']].class.to_s
warnings << [
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should change this to add the value to the array only if the new setting is different than the old one. We should change also change it to an error rather than a warning of that condition is met. This would be the more appropriate behavior for this type of test in my opinion.

@silug
Copy link
Collaborator Author

silug commented Oct 12, 2022

Historically, errors meant things that would make compliance_markup fall over, and warnings were everything else. That's not exactly as granular as one might like, so I've added notes, but right now there is no real difference between notes and warnings. I think i need to:

  • add option parsing to the script
  • make the expensive validation pass opt-out
  • add a way to suppress output for the notes
  • add an option to make warnings fatal

@michael-riddle
Copy link
Member

Something isn't working as expected. The errors I'm getting point to rsyslog::tls_tcp_server being set to false from true, however, the checks that control that parameter are only mapped to enabled for el8 and only mapped to disabled for el7. This also doesn't appear to be finding some values I was expecting to show up in the list of failures such as useradd::useradd::inactive (same ces mapped to the values of 0, 30, 35, and 90) in rhel 8.

@michael-riddle
Copy link
Member

Historically, errors meant things that would make compliance_markup fall over, and warnings were everything else. That's not exactly as granular as one might like, so I've added notes, but right now there is no real difference between notes and warnings. I think i need to:

  • add option parsing to the script
  • make the expensive validation pass opt-out
  • add a way to suppress output for the notes
  • add an option to make warnings fatal

#23, #24, #25, and #26 created to address these.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michael-riddle michael-riddle michael-riddle requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
Org Triage
Status: In Progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Check for variablized ces being mapped to multiple checks inappropriately
2 participants
@silug @michael-riddle