Merge branch 'complytime:main' into CPLYTM-224-2

tests/data/content_dir/shared/macros/test-macros.jinja

@@ -0,0 +1,66 @@
+{{#
+    Create an XCCDF :code:`<sub>` element
+
+:param varname: The name of the variable to reference
+:type varname: str
+
+#}}
+{{% macro xccdf_value(varname) -%}}
+<sub idref="{{{ varname }}}" />
+{{%- endmacro %}}
+
+
+{{#
+    Creates an HTML :code:`<a>` element for the given link and text. If no text is given the
+    link will be the text
+
+:param link: The url the link should have
+:type link: str
+:param text: Optional, text for the link
+:type text: str
+
+#}}
+{{% macro weblink(link, text=none) -%}}
+    {{% if text is not none -%}}
+        <a xmlns='http://www.w3.org/1999/xhtml' href='{{{ link }}}'>{{{ text }}}</a>
+    {{%- else %}}
+        <a xmlns='http://www.w3.org/1999/xhtml' href='{{{ link }}}'>{{{ link }}}</a>
+    {{%- endif %}}
+{{%- endmacro %}}
+
+
+{{#
+    OCIL clause for file group owner
+
+:param file: File to change
+:type file: str
+:param group: the group owner for the file
+:type group: str
+
+#}}
+{{%- macro ocil_clause_file_group_owner(file, group) -%}}
+    {{{ file }}} does not have a group owner of {{{ group }}}
+{{%- endmacro %}}
+
+
+{{#
+    OCIL how to check the file group owner of a file.
+
+:param file: File to change
+:type file: str
+:param group: the group owner for the file
+:type group: str
+
+#}}
+{{%- macro ocil_file_group_owner(file, group) -%}}
+    To check the group ownership of <code>{{{ file }}}</code>,
+    {{% if product in ["ocp4", "rhcos4"] -%}}
+    you'll need to log into a node in the cluster.
+    {{{ rhcos_node_login_instructions() }}}
+    Then,
+    {{%- endif -%}}
+    run the command:
+    <pre>$ ls -lL {{{ file }}}</pre>
+    If properly configured, the output should indicate the following group-owner:
+    <code>{{{ group }}}</code>
+{{%- endmacro %}}

tests/trestlebot/cli/test_sync_cac_content_cmd.py

@@ -123,13 +123,19 @@ def test_sync_product(tmp_repo: Tuple[str, Repo]) -> None:
     component = compdef.components[0]
     assert component.title == "rhel8"
     # Check rules component props
-    assert len(component.props) == 6
+    assert len(component.props) == 24
     rule_ids = [p.value for p in component.props if p.name == "Rule_Id"]
-    assert rule_ids == [
+    assert sorted(rule_ids) == [
         "configure_crypto_policy",
         "file_groupownership_sshd_private_key",
         "sshd_set_keepalive",
     ]
+    # Check parameters props
+    param_ids = [p.value for p in component.props if p.name == "Parameter_Id"]
+    assert sorted(list(set(param_ids))) == [
+        "var_sshd_set_keepalive",
+        "var_system_crypto_policy",
+    ]
 
 
 def test_sync_product_create_validation_component(tmp_repo: Tuple[str, Repo]) -> None:
@@ -167,11 +173,12 @@ def test_sync_product_create_validation_component(tmp_repo: Tuple[str, Repo]) ->
     # Check the CLI sync-cac-content is successful
     component_definition = repo_path.joinpath(test_comp_path)
     assert result.exit_code == 0
+
     # Check if the component definition is created
     assert component_definition.exists()
     compdef = ComponentDefinition.oscal_read(component_definition)
     component = compdef.components[0]
-    assert len(component.props) == 12
+    assert len(component.props) == 30
     assert component.title == "openscap"
     assert component.type == "validation"
 

trestlebot/tasks/sync_cac_content_task.py

@@ -65,6 +65,7 @@ def _get_rules_properties(self) -> List[Property]:
         rules_transformer = RulesTransformer(
             self.cac_content_root,
             self.product,
+            self.cac_profile,
         )
         rules_transformer.add_rules(self.rules)
         rules: List[RuleInfo] = rules_transformer.get_all_rules()