commit c58a2b0af3c8094446df1850cb1c943d51b2ec5f
Author: Gabriel Becker <ggasparb@redhat.com>
Date: Tue Jun 8 13:40:28 2021 +0200
Add option to enable installation of individual ansible playbooks per rule.
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6995944..bd317c0 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -46,6 +46,7 @@ option(SSG_SHELLCHECK_BASH_FIXES_VALIDATION_ENABLED "If enabled, shellcheck vali
option(SSG_LINKCHECKER_VALIDATION_ENABLED "If enabled, linkchecker will be used to validate URLs in all the HTML guides and tables." TRUE)
option(SSG_SVG_IN_XCCDF_ENABLED "If enabled, the built XCCDFs will include the SVG SCAP Security Guide logo." TRUE)
option(SSG_SEPARATE_SCAP_FILES_ENABLED "If enabled, separate SCAP files (OVAL, XCCDF, CPE dict, ...) will be installed alongside the source data-streams" TRUE)
+option(SSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED "If enabled, Ansible Playbooks for each rule will be built and installed." FALSE)
option(SSG_JINJA2_CACHE_ENABLED "If enabled, the jinja2 templating files will be cached into bytecode. Also see SSG_JINJA2_CACHE_DIR." TRUE)
option(SSG_BATS_TESTS_ENABLED "If enabled, bats will be used to run unit-tests of bash remediations." TRUE)
set(SSG_JINJA2_CACHE_DIR "${CMAKE_BINARY_DIR}/jinja2_cache" CACHE PATH "Where the jinja2 cached bytecode should be stored. This speeds up builds at the expense of disk space. You can use one location for multiple SSG builds for performance improvements.")
@@ -231,6 +232,7 @@ message(STATUS "OVAL schematron validation: ${SSG_OVAL_SCHEMATRON_VALIDATION_ENA
message(STATUS "shellcheck bash fixes validation: ${SSG_SHELLCHECK_BASH_FIXES_VALIDATION_ENABLED}")
message(STATUS "SVG logo in XCCDFs: ${SSG_SVG_IN_XCCDF_ENABLED}")
message(STATUS "Separate SCAP files: ${SSG_SEPARATE_SCAP_FILES_ENABLED}")
+message(STATUS "Ansible Playbooks Per Rule: ${SSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED}")
if (SSG_JINJA2_CACHE_ENABLED)
message(STATUS "jinja2 cache: enabled")
message(STATUS "jinja2 cache dir: ${SSG_JINJA2_CACHE_DIR}")
diff --git a/cmake/SSGCommon.cmake b/cmake/SSGCommon.cmake
index b487a0b..b7db7fd 100644
--- a/cmake/SSGCommon.cmake
+++ b/cmake/SSGCommon.cmake
@@ -746,8 +746,12 @@ macro(ssg_build_product PRODUCT)
ssg_build_xccdf_unlinked(${PRODUCT})
ssg_build_ocil_unlinked(${PRODUCT})
ssg_build_remediations(${PRODUCT})
- if ("${PRODUCT_ANSIBLE_REMEDIATION_ENABLED}")
+ if ("${PRODUCT_ANSIBLE_REMEDIATION_ENABLED}" AND SSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED)
ssg_build_ansible_playbooks(${PRODUCT})
+ add_dependencies(
+ ${PRODUCT}-content
+ generate-${PRODUCT}-ansible-playbooks
+ )
endif()
ssg_build_xccdf_with_remediations(${PRODUCT})
ssg_build_oval_unlinked(${PRODUCT})
@@ -778,10 +782,6 @@ macro(ssg_build_product PRODUCT)
add_dependencies(zipfile "generate-ssg-${PRODUCT}-ds.xml")
if ("${PRODUCT_ANSIBLE_REMEDIATION_ENABLED}")
- add_dependencies(
- ${PRODUCT}-content
- generate-${PRODUCT}-ansible-playbooks
- )
ssg_build_profile_playbooks(${PRODUCT})
add_custom_target(
${PRODUCT}-profile-playbooks
@@ -885,6 +885,20 @@ macro(ssg_build_product PRODUCT)
endif()
"
)
+ if(SSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED)
+ install(
+ CODE "
+ file(GLOB PLAYBOOK_PER_RULE_FILES \"${CMAKE_BINARY_DIR}/${PRODUCT}/playbooks/*\") \n
+ if(NOT IS_ABSOLUTE ${SSG_ANSIBLE_ROLE_INSTALL_DIR}/rule_playbooks)
+ file(INSTALL DESTINATION \"\${CMAKE_INSTALL_PREFIX}/${SSG_ANSIBLE_ROLE_INSTALL_DIR}/rule_playbooks/${PRODUCT}\"
+ TYPE FILE FILES \${PLAYBOOK_PER_RULE_FILES})
+ else()
+ file(INSTALL DESTINATION \"${SSG_ANSIBLE_ROLE_INSTALL_DIR}/rule_playbooks/${PRODUCT}\"
+ TYPE FILE FILES \${PLAYBOOK_PER_RULE_FILES})
+ endif()
+ "
+ )
+ endif()
# grab all the kickstarts (if any) and install them
file(GLOB KICKSTART_FILES "${CMAKE_CURRENT_SOURCE_DIR}/kickstart/ssg-${PRODUCT}-*-ks.cfg")