ssg.build_remediations module
- class ssg.build_remediations.AnacondaRemediation(file_path)[source]
Bases:
Remediation
- class ssg.build_remediations.AnsibleRemediation(file_path)[source]
Bases:
Remediation
- class ssg.build_remediations.BashRemediation(file_path)[source]
Bases:
Remediation
- class ssg.build_remediations.BlueprintRemediation(file_path)[source]
Bases:
Remediation
This provides class for OSBuild Blueprint remediations
- class ssg.build_remediations.IgnitionRemediation(file_path)[source]
Bases:
Remediation
- class ssg.build_remediations.KubernetesRemediation(file_path)[source]
Bases:
Remediation
- class ssg.build_remediations.PuppetRemediation(file_path)[source]
Bases:
Remediation
- class ssg.build_remediations.Remediation(file_path, remediation_type)[source]
Bases:
object
- ssg.build_remediations.RemediationObject
alias of
remediation
- ssg.build_remediations.expand_xccdf_subs(fix, remediation_type)[source]
Expand the respective populate keywords of each remediation type with an <xccdf:sub> element
This routine translates any instance of the ‘type-populate’ keyword in the form of:
(type-populate variable_name)
where type can be either ansible, puppet, anaconda or bash, into
<sub idref=”variable_name”/>
- ssg.build_remediations.get_rule_dir_remediations(dir_path, remediation_type, product=None)[source]
Gets a list of remediations of type remediation_type contained in a rule directory. If product is None, returns all such remediations. If product is not None, returns applicable remediations in order of priority:
{{{ product }}}.ext -> shared.ext
Only returns remediations which exist.
- ssg.build_remediations.is_supported_filename(remediation_type, filename)[source]
Checks if filename has a supported extension for remediation_type.
Exits when remediation_type is of an unknown type.
- ssg.build_remediations.parse_from_file_with_jinja(file_path, env_yaml)[source]
Parses a remediation from a file. As remediations contain jinja macros, we need a env_yaml context to process these. In practice, no remediations use jinja in the configuration, so for extracting only the configuration, env_yaml can be an abritrary product.yml dictionary.
If the logic of configuration parsing changes significantly, please also update ssg.fixes.parse_platform(…).
- ssg.build_remediations.parse_from_file_without_jinja(file_path)[source]
Parses a remediation from a file. Doesn’t process the Jinja macros. This function is useful in build phases in which all the Jinja macros are already resolved.