File: complyscribe-cli-compd.sh

package info (click to toggle)
scap-security-guide 0.1.78-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 114,600 kB
  • sloc: xml: 245,305; sh: 84,381; python: 33,093; makefile: 27
file content (55 lines) | stat: -rw-r--r-- 2,317 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
#!/bin/bash

# This script aims to run the complyscribe CLI, which will sync CaC
# content controls/profiles updates to OSCAL component-definition.

# The requirements are as follows:
# 1. The flag, "true" means the second requirement is policy_id.
# 2. The related policy_id or profile id of the CaC updates.
# 3. The product.
# 4. The CaC content PR number.
# 5. The GitHub workspace path.
# 6. The mapping file for the specific product.

# Usage:
# sh utils/complyscribe-cli-compd.sh false anssi_bp28_minimal rhel10 4 "/User/huiwang" rhel10_map.json
# sh utils/complyscribe-cli-compd.sh true anssi rhel10 4 "/User/huiwang" rhel10_map.json

# Get the arguments
flag=$1
policy_or_profile=$2
product=$3
pr_number=$4
workspace_path=$5
product_mapping_file=$6

if [ $# -lt 6 ]; then
    echo "Please provide the necessary inputs."
    exit 1
fi

sed -i "s/'/\"/g" "$product_mapping_file"
while IFS= read -r line; do
  policy_id=$(echo "$line" | jq -r '.policy_id')
  profile=$(echo "$line" | jq -r '.profile_name')
  echo "$line" | jq -r '.levels[]' > levels
  if [ "$flag" = "true" ]; then
    param="$policy_id"
  else
    param="$profile"
  fi
  if [ "$policy_or_profile" = "$param" ]; then
    while IFS= read -r level; do
      oscal_profile=$product-$policy_id-$level
      if echo "$product" | grep -q 'ocp4'; then
        type="service"
      else
        type="software"
      fi
      sed -i "/href/s|\(trestle://\)[^ ]*\(catalogs\)|\1\2|g" "../oscal-content/profiles/$oscal_profile/profile.json"
      poetry run complyscribe sync-cac-content component-definition --repo-path ../oscal-content --committer-email "openscap-ci@gmail.com" --committer-name "openscap-ci" --branch "sync_cac_pr$pr_number" --cac-content-root "$workspace_path/cac-content" --product "$product" --component-definition-type "$type" --cac-profile "$profile" --oscal-profile "$oscal_profile"
      type="validation"
      poetry run complyscribe sync-cac-content component-definition --repo-path ../oscal-content --committer-email "openscap-ci@gmail.com" --committer-name "openscap-ci" --branch "sync_cac_pr$pr_number" --cac-content-root "$workspace_path/cac-content" --product "$product" --component-definition-type "$type" --cac-profile "$profile" --oscal-profile "$oscal_profile"
    done < levels
  fi
done < "$product_mapping_file"