diff --git a/src/api/json/catalog.json b/src/api/json/catalog.json index 749036a2ee8..ceba69329af 100644 --- a/src/api/json/catalog.json +++ b/src/api/json/catalog.json @@ -5776,6 +5776,12 @@ "rivet.*.json" ], "url": "https://rivet.gg/rivet.schema.json" + }, + { + "name": "Rudder techniques", + "description": "Rudder techniques", + "fileMatch": ["technique.yml", "technique.ids.yml"], + "url": "https://json.schemastore.org/rudder-techniques.json" } ] } diff --git a/src/negative_test/rudder-techniques/1.yml b/src/negative_test/rudder-techniques/1.yml new file mode 100644 index 00000000000..2fd02cab9e3 --- /dev/null +++ b/src/negative_test/rudder-techniques/1.yml @@ -0,0 +1,21 @@ +--- +id: malformed_technique +name: Malformed technique +version: '0.1' +params: + - id: 3439bbb0-d8f1-4c43-95a9-0c56bfb8c27e + name: server + description: 'The server hostname' +items: + - name: 'my block' + method: 'package_install' + params: + name: 'htop' + version: '2.3.4' + items: + - name: 'NTP service' + id: cf06e919-02b7-41a7-a03f-4239592f3c12 + condition: fedora + method: package_install + params: + name: '/bin/true "# ${node.inventory[os][fullName]}"' diff --git a/src/schema-validation.json b/src/schema-validation.json index 2bf7f63b7d0..87cd4eb2966 100644 --- a/src/schema-validation.json +++ b/src/schema-validation.json @@ -1021,6 +1021,12 @@ "unknownFormat": [" "] } }, + { + "rudder-techniques.json": { + "unknownFormat": ["markdown"], + "unknownKeywords": ["defaultSnippets", "markdownDescription"] + } + }, { "sarif-external-property-file-2.1.0-rtm.0.json": { "unknownKeywords": ["index"], diff --git a/src/schemas/json/rudder-techniques.json b/src/schemas/json/rudder-techniques.json new file mode 100644 index 00000000000..4141ba002fd --- /dev/null +++ b/src/schemas/json/rudder-techniques.json @@ -0,0 +1,456 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://json.schemastore.org/rudder-techniques.json", + "$defs": { + "uuid": { + "type": "string", + "format": "uuid" + }, + "techniqueParameter": { + "type": "object", + "title": "technique parameter", + "defaultSnippets": [ + { + "label": "- (technique parameter)", + "type": "object", + "description": "add a new technique parameter", + "suggestionKind": 9, + "body": { + "name": "\"internal_name\"", + "description": "\"Friendly name\"", + "constraints": { + "allow_empty": false + } + } + } + ], + "required": ["name"], + "additionalProperties": false, + "properties": { + "id": { + "$ref": "#/$defs/uuid", + "title": "technique parameter id", + "description": "UUID identifying the parameter", + "markdownDescription": "```Optional```\n\nUUID identifying the parameter" + }, + "description": { + "title": "technique parameter description", + "description": "Technique parameter description", + "markdownDescription": "```Optional```\n\nTechnique parameter description", + "type": "string" + }, + "documentation": { + "title": "technique parameter documentation", + "type": "string", + "description": "Technique parameter documentation, nor in Markdown format", + "markdownDescription": "```Optional```\n\nTechnique parameter documentation, not in markdown format" + }, + "name": { + "title": "technique parameter name", + "description": "Technique parameter name, must match the '^[a-zA-Z0-9_]+$' pattern", + "markdownDescription": "```Optional```\n\nTechnique parameter name, must match the `^[a-zA-Z0-9_]+$` pattern", + "type": "string", + "pattern": "^[a-zA-Z0-9_]+$" + }, + "type": { + "type": "string", + "title": "technique parameter type", + "description": "Technique parameter type, only 'multiline-string' is currently supported for techniques visible in the technique editor", + "markdownDescription": "```Optional```\n\nTechnique parameter type, only 'multiline-string' is currently supported for techniques visible in the technique editor", + "enum": [ + null, + "string", + "multiline-string", + "json", + "yaml", + "boolean", + "mail", + "ip", + "ipv4", + "ipv6", + "integer", + "size-b", + "size-kb", + "size-mb", + "size-gb", + "size-tb", + "permissions", + "shared-file", + "password" + ] + }, + "default": { + "title": "technique parameter default value", + "description": "Default value of the parameter", + "markdownDescription": "```Optional```\n\nDefault value of the parameter", + "anyOf": [ + { + "type": "string" + }, + { + "type": "boolean" + }, + { + "type": "number" + } + ] + }, + "constraints": { + "type": "object", + "title": "technique parameter constraint", + "description": "Additional checks on the parameter value when directives are computed", + "markdownDescription": "```Optional```\n\nAdditional checks on the parameter value when directives are computed", + "additionalProperties": false, + "properties": { + "allow_empty": { + "title": "technique parameter allow empty constraint", + "type": "boolean" + }, + "password_hashes": { + "type": "array", + "title": "technique parameter password hashes constraint", + "items": { + "type": "string", + "enum": [ + null, + "pre-hashed", + "plain", + "unix-crypt-des", + "md5", + "sha1", + "sha256", + "sha512", + "md5-crypt", + "sha256-crypt", + "sha512-crypt", + "md5-crypt-aix", + "sha256-crypt-aix", + "sha512-crypt-aix" + ] + } + }, + "regex": { + "type": "object", + "title": "technique parameter regex constraint", + "required": ["value"], + "properties": { + "value": { + "type": "string", + "format": "regex", + "title": "technique parameter regex constraint pattern" + }, + "error_message": { + "title": "technique parameter regex constraint error message", + "type": "string" + } + } + }, + "select": { + "type": "array", + "title": "technique parameter select constraint", + "items": { + "type": "object", + "required": ["value"], + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + } + } + } + } + }, + "tags": { + "type": "object" + }, + "policyMode": { + "type": "string", + "enum": ["audit", "enforce", "default"] + }, + "methodReportingMode": { + "type": "object", + "title": "method reporting mode", + "properties": { + "mode": { + "enum": ["disabled", "enabled"] + } + } + }, + "blockReportingMode": { + "title": "block reporting mode", + "examples": [ + { + "mode": "focus", + "id": "\"8f00b173-826e-46a3-9f57-7416de9b1b02\"" + }, + { + "mode": "weighted" + } + ], + "oneOf": [ + { + "type": "object", + "properties": { + "mode": { + "enum": [ + "worst-case-weighted-one", + "worst-case-weighted-sum", + "disabled", + "enabled", + "weighted" + ] + } + }, + "required": ["mode"], + "additionalProperties": false + }, + { + "type": "object", + "properties": { + "id": { + "$ref": "#/$defs/uuid" + }, + "mode": { + "const": "focus" + } + }, + "required": ["mode", "id"], + "additionalProperties": false + } + ] + }, + "methodCall": { + "type": "object", + "title": "method call", + "additionalProperties": false, + "defaultSnippets": [ + { + "label": "- (method call)", + "type": "object", + "description": "add a new method call", + "suggestionKind": 9, + "body": { + "name": "\"My method title\"", + "method": "package_present", + "params": { + "name": "vim" + } + } + } + ], + "properties": { + "name": { + "title": "method call name", + "type": "string" + }, + "method": { + "title": "name of the method to call", + "type": "string" + }, + "params": { + "title": "technique params", + "description": "parameters passed to the method", + "markdownDescription": "See the [methods documentation](https://docs.rudder.io/techniques/8.0/audit_from_command.html) to know which parameters are needed", + "type": "object" + }, + "id": { + "$ref": "#/$defs/uuid", + "title": "method call id" + }, + "tags": { + "$ref": "#/$defs/tags", + "title": "method call tags" + }, + "policy_mode": { + "$ref": "#/$defs/policyMode", + "title": "method call policy mode override" + }, + "condition": { + "title": "condition", + "description": "Method call optional condition", + "anyOf": [ + { + "type": "string" + }, + { + "type": "boolean" + } + ], + "examples": ["debian|rhel", "SuSE.!sles_10"] + }, + "reporting": { + "$ref": "#/$defs/methodReportingMode" + } + }, + "required": ["method", "params"] + }, + "blockCall": { + "type": "object", + "title": "block call", + "additionalProperties": false, + "defaultSnippets": [ + { + "label": "- (block call)", + "type": "object", + "description": "add a new block call", + "suggestionKind": 8, + "body": { + "name": "\"My block title\"", + "condition": "any", + "items": [] + } + } + ], + "properties": { + "items": { + "type": "array", + "items": { + "$ref": "#/$defs/item" + } + }, + "name": { + "title": "name", + "description": "Block call name", + "type": "string", + "examples": ["My block title"] + }, + "id": { + "$ref": "#/$defs/uuid", + "title": "block call id" + }, + "tags": { + "$ref": "#/$defs/tags", + "title": "block call tags" + }, + "policy_mode": { + "$ref": "#/$defs/policyMode", + "title": "block call policy mode" + }, + "condition": { + "title": "block call condition", + "anyOf": [ + { + "type": "string" + }, + { + "type": "boolean" + } + ], + "examples": ["debian|rhel", "SuSE.!sles_10"] + }, + "reporting": { + "$ref": "#/$defs/blockReportingMode" + } + }, + "required": ["items"] + }, + "item": { + "type": "object", + "title": "block or method call", + "anyOf": [ + { + "$ref": "#/$defs/blockCall" + }, + { + "$ref": "#/$defs/methodCall" + } + ] + } + }, + "title": "Rudder Technique", + "description": "A Rudder technique", + "type": "object", + "required": ["id", "name", "version", "items"], + "additionalProperties": false, + "properties": { + "format": { + "title": "technique format", + "type": "number" + }, + "id": { + "type": "string", + "title": "id", + "description": "Technique id, must match the '^[a-zA-Z][a-zA-Z0-9_]+$' pattern", + "markdownDescription": "```Mandatory```\n\nTechnique id, must respect the ```^[a-zA-Z][a-zA-Z0-9_]+$``` pattern.\n\nUsed implicitly in technique parameters and resource folder variable definitions:\n\n* ```${.}```\n* ```${.resources_dir}```", + "pattern": "^[a-zA-Z][a-zA-Z0-9_]+$", + "default": "my_new_technique", + "examples": ["my_new_technique"] + }, + "name": { + "title": "name", + "description": "Human readable technique name", + "markdownDescription": "```Mandatory```\n\nHuman readable technique name", + "type": "string", + "default": "My new technique", + "examples": ["My new technique"] + }, + "description": { + "title": "description", + "description": "Single line description of what the technique does", + "markdownDescription": "```Optional```\n\nHuman readable technique name", + "type": "string" + }, + "documentation": { + "type": "string", + "title": "documentation", + "description": "Technique documentation in Markdown format", + "markdownDescription": "```Optional```\n\nTechnique documentation in Markdown format", + "format": "markdown" + }, + "tags": { + "$ref": "#/$defs/tags", + "description": "Optional key-value metadata", + "markdownDescription": "```Optional```\n\nOptional key-value metadata", + "examples": [ + { + "cve": "\"CVE-2023-3456\"" + } + ] + }, + "params": { + "type": "array", + "title": "params", + "description": "List of the technique parameters", + "markdownDescription": "```Optional```\n\nList of technique parameters. See [the dedicated documentation](https://docs.rudder.io/techniques/8.0/syntax.html#parameters)", + "items": { + "$ref": "#/$defs/techniqueParameter" + } + }, + "category": { + "title": "category", + "description": "Rudder category to put the technique in", + "markdownDescription": "```Optional```\n\nRudder category to put the technique in.\n\nIf empty, default to `ncf_techniques`, used by default by the technique editor.", + "type": "string", + "examples": [ + "ncf_techniques", + "fileConfiguration", + "fileDistribution", + "jobScheduling" + ] + }, + "version": { + "type": "string", + "title": "version", + "description": "Technique version in the 'X.Y' format", + "markdownDescription": "```Mandatory```\n\nTechnique version in the 'X.Y' format", + "pattern": "^[0-9]+\\.[0-9]+$", + "default": "1.0", + "examples": ["1.0"] + }, + "items": { + "type": "array", + "minItems": 1, + "title": "items", + "description": "List of block or method calls, can not be empty", + "markdownDescription": "```Mandatory```\n\nList of block or method calls, can not be empty", + "items": { + "$ref": "#/$defs/item" + } + } + } +} diff --git a/src/test/rudder-techniques/1.yml b/src/test/rudder-techniques/1.yml new file mode 100644 index 00000000000..b7d80c6a511 --- /dev/null +++ b/src/test/rudder-techniques/1.yml @@ -0,0 +1,33 @@ +id: escaping +name: "Test various escaping cases ${sys.host} . | / ${sys.${host}} ' '' ''' $ $$ \" \"\" \\ \\\\😋aà3\r\n\t" +version: '0.1' +description: "${sys.host} . | / ${sys.${host}} ' '' ''' $ $$ \" \"\" \\ \\\\😋aà3\r\n\t" +items: + - name: "${sys.host} . | / ${sys.${host}} ' '' ''' $ $$ \" \"\" \\ \\\\😋aà3\r\n\t" + condition: ${my_cond}.debian|${sys.${plouf}} + params: + version: if(Get-Service "Zabbix agent") { write-output "exists" } + architecture: '' + name: "${sys.host} . | / ${sys.${host}} ' '' ''' $ $$ \" \"\" \\ \\\\😋aà3\r\n\t" + provider: '' + method: package_present + id: a86ce2e5-d5b6-45cc-87e8-c11cca71d966 + reporting: + mode: enabled + - name: "${sys.host} . | / ${sys.${host}} ' '' ''' $ $$ \" \"\" \\ \\\\😋aà3\r\n\t" + params: + name: "${sys.host} . | / ${sys.${host}} ' '' ''' $ $$ \" \"\" \\ \\\\😋aà3\r\n\t" + provider: '' + architecture: '' + version: if(Get-Service "Zabbix agent") { write-output "exists" } + method: package_present + id: a86ce2e5-d5b6-45cc-87e8-c11cca71d977 + reporting: + mode: enabled +params: + - id: 3439bbb0-d8f1-4c43-95a9-0c56bfb8c27e + name: server + documentation: "${sys.host} . | / ${sys.${host}} ' '' ''' $ $$ \" \"\" \\ \\\\😋aà3\r\n\t" + type: multiline-string + constraints: + allow_empty: false diff --git a/src/test/rudder-techniques/10.yml b/src/test/rudder-techniques/10.yml new file mode 100644 index 00000000000..81df7a595f4 --- /dev/null +++ b/src/test/rudder-techniques/10.yml @@ -0,0 +1,27 @@ +id: param_in_condition +name: Param in conditions +version: '1.0' +category: ncf_techniques +items: + - name: Check if a file exists + params: + path: /tmp/${file} + method: file_check_exists + id: 9e763779-9f33-44bc-ad73-1c5d5732301c + reporting: + mode: enabled + - name: Execute only if... + condition: file_check_exists__tmp_${file}_kept + params: + command: echo "May be executed or not" + method: command_execution + id: e8362340-dc50-4231-9b7f-748b51e9fa07 + reporting: + mode: enabled +params: + - id: 2f415dc5-9f9e-4fbe-b836-8960af613ec9 + name: file + description: file + type: multiline-string + constraints: + allow_empty: false diff --git a/src/test/rudder-techniques/11.yml b/src/test/rudder-techniques/11.yml new file mode 100644 index 00000000000..8d27a6376db --- /dev/null +++ b/src/test/rudder-techniques/11.yml @@ -0,0 +1,12 @@ +id: Windows_long_param_names +name: Windows long param names +version: '0.1' +items: + - name: Report if condition + params: + report_message: This should be ReportMessage + condition: it_generates_properly + method: report_if_condition + id: d86ce2e5-d5b6-45cc-87e8-c11cca71d907 + reporting: + mode: enabled diff --git a/src/test/rudder-techniques/12.yml b/src/test/rudder-techniques/12.yml new file mode 100644 index 00000000000..3576c582f49 --- /dev/null +++ b/src/test/rudder-techniques/12.yml @@ -0,0 +1,10 @@ +--- +id: Windows_long_param_names +name: Windows long param names +version: '0.1' +items: + - id: d86ce2e5-d5b6-45cc-87e8-c11cca71d907 + method: report_if_condition + params: + condition: 'it_generates_properly' + report_message: 'This should be ReportMessage' diff --git a/src/test/rudder-techniques/13.yml b/src/test/rudder-techniques/13.yml new file mode 100644 index 00000000000..c18e14873aa --- /dev/null +++ b/src/test/rudder-techniques/13.yml @@ -0,0 +1,43 @@ +id: test_audit +name: test audit +version: '1.0' +category: ncf_techniques +items: + - name: In audit mode + params: + path: /tmp/1 + enforce: 'true' + lines: foobar + method: file_content + id: 46b8025a-0b06-485c-9127-50e4258ee7e6 + reporting: + mode: enabled + policy_mode: audit + - name: In omit mode + params: + lines: foobar + enforce: 'true' + path: /tmp/1 + method: file_content + id: 1eedce7b-3441-4251-bdd6-706fda3ec7a8 + reporting: + mode: enabled + - name: In enforce mode + params: + path: /tmp/1 + lines: foobar + enforce: 'true' + method: file_content + id: dbd5ba50-8dfc-11ee-a57e-84a938c470d4 + reporting: + mode: enabled + policy_mode: enforce + - name: In default mode + params: + lines: foobar + path: /tmp/1 + enforce: 'true' + method: file_content + id: 1d809592-808e-4177-8351-8b7b7769af69 + reporting: + mode: enabled diff --git a/src/test/rudder-techniques/14.yml b/src/test/rudder-techniques/14.yml new file mode 100644 index 00000000000..39551e33c92 --- /dev/null +++ b/src/test/rudder-techniques/14.yml @@ -0,0 +1,116 @@ +id: test_audit +name: test audit +version: '1.0' +category: ncf_techniques +items: + - id: 46b8025a-0b06-485c-9127-50e4258ee7e6 + name: 'In audit mode' + method: file_content + params: + path: /tmp/1 + lines: 'foobar' + enforce: 'true' + policy_mode: audit + - id: 1eedce7b-3441-4251-bdd6-706fda3ec7a8 + name: 'In omit mode' + method: file_content + params: + path: /tmp/1 + lines: 'foobar' + enforce: 'true' + - id: dbd5ba50-8dfc-11ee-a57e-84a938c470d4 + name: 'In enforce mode' + method: file_content + params: + path: /tmp/1 + lines: 'foobar' + enforce: 'true' + policy_mode: enforce + - id: 1d809592-808e-4177-8351-8b7b7769af69 + name: 'In default mode' + method: file_content + params: + path: /tmp/1 + lines: 'foobar' + enforce: 'true' + policy_mode: default + - id: 57f54359-2b2e-49f9-ab61-a77705615302 + name: 'A block in audit mode' + policy_mode: audit + items: + - id: ea274579-40fc-4545-b384-8d5576a7c69b + name: 'Resolve to audit' + method: file_content + params: + path: /tmp/1 + lines: 'foobar' + enforce: 'true' + policy_mode: audit + - id: 85659b7e-968c-458c-b566-c90108c50833 + name: 'Resolve to enforce' + method: file_content + params: + path: /tmp/1 + lines: 'foobar' + enforce: 'true' + policy_mode: enforce + - id: d8def455-cd43-441f-8dba-1ebae3a29389 + name: 'Resolve to audit' + method: file_content + params: + path: /tmp/1 + lines: 'foobar' + enforce: 'true' + policy_mode: default + - id: 1ff82fc2-38fc-4324-92ab-3de5fafcdc14 + name: 'A block in enforce mode' + policy_mode: enforce + items: + - id: f9417d97-3a18-4db6-85c3-72e28618bff1 + name: 'Resolve to audit' + method: file_content + params: + path: /tmp/1 + lines: 'foobar' + enforce: 'true' + policy_mode: audit + - id: c4b4faa1-85e5-4922-b713-c198bf99226e + name: 'Resolve to enforce' + method: file_content + params: + path: /tmp/1 + lines: 'foobar' + enforce: 'true' + policy_mode: enforce + - id: cce62a59-bd17-4858-ba06-6ae41f39b15a + name: 'Resolve to enforce' + method: file_content + params: + path: /tmp/1 + lines: 'foobar' + enforce: 'true' + policy_mode: default + - id: 7def389a-78d2-4104-b6fc-19c74f14fe93 + name: 'An audit block' + policy_mode: enforce + items: + - id: 9fca6ca8-ccaa-4688-a5fc-e2a0d9d60165 + name: 'A nested block in audit' + policy_mode: audit + items: + - id: 0a4299dd-0902-48b2-85ee-13dfe6fc3af6 + name: 'Resolve to audit' + method: file_content + params: + path: /tmp/1 + lines: 'foobar' + enforce: 'true' + policy_mode: default + - id: 3b8352df-1329-4956-a019-bb9c072bc830 + name: 'Resolve to enforce' + method: file_content + params: + path: /tmp/1 + lines: 'foobar' + enforce: 'true' + policy_mode: default diff --git a/src/test/rudder-techniques/2.yml b/src/test/rudder-techniques/2.yml new file mode 100644 index 00000000000..aabd87c7767 --- /dev/null +++ b/src/test/rudder-techniques/2.yml @@ -0,0 +1,23 @@ +--- +id: escaping +name: "Test various escaping cases ${sys.host} . | / ${sys.${host}} ' '' ''' $ $$ \" \"\" \\ \\\\😋aà3\r\n\t" +description: "${sys.host} . | / ${sys.${host}} ' '' ''' $ $$ \" \"\" \\ \\\\😋aà3\r\n\t" +version: '0.1' +params: + - id: 3439bbb0-d8f1-4c43-95a9-0c56bfb8c27e + name: 'server' + documentation: "${sys.host} . | / ${sys.${host}} ' '' ''' $ $$ \" \"\" \\ \\\\😋aà3\r\n\t" +items: + - name: "${sys.host} . | / ${sys.${host}} ' '' ''' $ $$ \" \"\" \\ \\\\😋aà3\r\n\t" + id: a86ce2e5-d5b6-45cc-87e8-c11cca71d966 + method: package_present + condition: '${my_cond} . debian | ${sys.${plouf}}' + params: + name: "${sys.host} . | / ${sys.${host}} ' '' ''' $ $$ \" \"\" \\ \\\\😋aà3\r\n\t" + version: if(Get-Service "Zabbix agent") { write-output "exists" } + - name: "${sys.host} . | / ${sys.${host}} ' '' ''' $ $$ \" \"\" \\ \\\\😋aà3\r\n\t" + id: a86ce2e5-d5b6-45cc-87e8-c11cca71d977 + method: package_present + params: + name: "${sys.host} . | / ${sys.${host}} ' '' ''' $ $$ \" \"\" \\ \\\\😋aà3\r\n\t" + version: if(Get-Service "Zabbix agent") { write-output "exists" } diff --git a/src/test/rudder-techniques/3.yml b/src/test/rudder-techniques/3.yml new file mode 100644 index 00000000000..47ca1b82c4a --- /dev/null +++ b/src/test/rudder-techniques/3.yml @@ -0,0 +1,10 @@ +--- +id: min +name: NTP +version: '0.1' +items: + - id: d86ce2e5-d5b6-45cc-87e8-c11cca71d907 + method: package_present + params: + name: 'htop' + version: '2.3.4' diff --git a/src/test/rudder-techniques/4.yml b/src/test/rudder-techniques/4.yml new file mode 100644 index 00000000000..bbcc743e7fa --- /dev/null +++ b/src/test/rudder-techniques/4.yml @@ -0,0 +1,14 @@ +id: min +name: NTP +version: '0.1' +items: + - name: Package present + params: + name: htop + version: 2.3.4 + architecture: '' + provider: '' + method: package_present + id: d86ce2e5-d5b6-45cc-87e8-c11cca71d907 + reporting: + mode: enabled diff --git a/src/test/rudder-techniques/5.yml b/src/test/rudder-techniques/5.yml new file mode 100644 index 00000000000..037368a5041 --- /dev/null +++ b/src/test/rudder-techniques/5.yml @@ -0,0 +1,40 @@ +id: ntp_technique +name: NTP +version: '0.1' +description: Short description +documentation: Long documentation +items: + - name: Ensure correct ntp configuration + tags: + cve: CVE-2022-3456 + condition: 'false' + params: + name: htop + version: 2.3.4 + architecture: '' + provider: '' + method: package_present + id: d86ce2e5-d5b6-45cc-87e8-c11cca71d907 + reporting: + mode: enabled + - condition: linux + name: my block + items: + - name: NTP service + condition: fedora + params: + name: /bin/true "# ${node.inventory[os][fullName]}" + method: package_install + id: cf06e919-02b7-41a7-a03f-4239592f3c12 + reporting: + mode: enabled + id: b9e259a1-51c5-40b3-98ef-0eeaf52dca98 + reporting: + mode: worst-case-weighted-one +params: + - id: 3439bbb0-d8f1-4c43-95a9-0c56bfb8c27e + name: server + description: The server hostname + type: multiline-string + constraints: + allow_empty: false diff --git a/src/test/rudder-techniques/6.yml b/src/test/rudder-techniques/6.yml new file mode 100644 index 00000000000..9186a3796ef --- /dev/null +++ b/src/test/rudder-techniques/6.yml @@ -0,0 +1,33 @@ +--- +id: ntp_technique +name: NTP +version: '0.1' +description: 'Short description' +documentation: 'Long documentation' +params: + - id: 3439bbb0-d8f1-4c43-95a9-0c56bfb8c27e + name: server + description: 'The server hostname' +items: + - name: 'Ensure correct ntp configuration' + id: d86ce2e5-d5b6-45cc-87e8-c11cca71d907 + tags: + cve: CVE-2022-3456 + condition: false + # TODO method.package_present: + method: package_present + params: + name: 'htop' + version: '2.3.4' + - name: 'my block' + id: b9e259a1-51c5-40b3-98ef-0eeaf52dca98 + condition: linux + reporting: + mode: worst-case-weighted-one + items: + - name: 'NTP service' + id: cf06e919-02b7-41a7-a03f-4239592f3c12 + condition: fedora + method: package_install + params: + name: '/bin/true "# ${node.inventory[os][fullName]}"' diff --git a/src/test/rudder-techniques/7.yml b/src/test/rudder-techniques/7.yml new file mode 100644 index 00000000000..8fd9b871abe --- /dev/null +++ b/src/test/rudder-techniques/7.yml @@ -0,0 +1,116 @@ +id: reporting +name: Test various reporting options +version: '0.1' +items: + - name: No block without condition + params: + provider: '' + name: htop + architecture: '' + version: '' + method: package_present + id: a86ce2e5-d5b6-45cc-87e8-c11cca71d908 + reporting: + mode: enabled + - name: No block with condition + condition: debian + params: + name: htop + provider: '' + version: '' + architecture: '' + method: package_present + id: b86ce2e5-d5b6-45cc-87e8-c11cca71d907 + reporting: + mode: enabled + - name: A simpl block + items: + - name: NTP service + params: + architecture: '' + provider: '' + name: ntp + version: '' + method: package_present + id: df06e919-02b7-41a7-a03f-4239592f3c12 + reporting: + mode: enabled + id: c9e259a1-51c5-40b3-98ef-0eeaf52dca99 + reporting: + mode: worst-case-weighted-one + - name: A simple block + items: + - name: NTP service + params: + provider: '' + architecture: '' + name: ntp + version: '' + method: package_present + id: df06e919-02b7-41a7-a03f-4239592f3c45 + reporting: + mode: enabled + id: c9e259a1-51c5-40b3-98ef-0eeaf52dca98 + reporting: + mode: worst-case-weighted-one + - name: A nested block + items: + - name: A simple block inside + items: + - name: NTP service + params: + name: ntp + provider: '' + version: '' + architecture: '' + method: package_present + id: cf06e919-02b7-41a7-a03f-4239592f3c14 + reporting: + mode: enabled + id: b9e259a1-51c5-40b3-98ef-0eeaf52dca96 + reporting: + mode: worst-case-weighted-one + - name: Another block inside + items: + - name: NTP service + params: + architecture: '' + name: ntp + version: '' + provider: '' + method: package_present + id: cf06e919-02b7-41a7-a03f-4239592f3c13 + reporting: + mode: enabled + id: b9e259a1-51c5-40b3-98ef-0eeaf52dca97 + reporting: + mode: worst-case-weighted-sum + - name: Another block inside + items: + - name: Enabled reporting + params: + version: '' + provider: '' + name: ntp + architecture: '' + method: package_present + id: cf06e919-02b7-41a7-a03f-4239592f3c21 + reporting: + mode: enabled + - name: Disabled reporting + params: + version: '' + name: ntp + architecture: '' + provider: '' + method: package_present + id: c76686bb-79ab-4ae5-b45f-108492ab4101 + reporting: + mode: disabled + id: 074d64ca-10ec-4c50-b0e1-4c85903f8b4c + reporting: + mode: focus + id: cf06e919-02b7-41a7-a03f-4239592f3c21 + id: b9e259a1-51c5-40b3-98ef-0eeaf52dca45 + reporting: + mode: worst-case-weighted-one diff --git a/src/test/rudder-techniques/8.yml b/src/test/rudder-techniques/8.yml new file mode 100644 index 00000000000..2d8131ee4bc --- /dev/null +++ b/src/test/rudder-techniques/8.yml @@ -0,0 +1,79 @@ +--- +id: reporting +name: Test various reporting options +version: '0.1' +items: + - name: 'No block without condition' + id: a86ce2e5-d5b6-45cc-87e8-c11cca71d908 + method: package_present + params: + name: 'htop' + - name: 'No block with condition' + id: b86ce2e5-d5b6-45cc-87e8-c11cca71d907 + condition: 'debian' + method: package_present + params: + name: 'htop' + - name: 'A simpl block' + id: c9e259a1-51c5-40b3-98ef-0eeaf52dca99 + reporting: + mode: worst-case-weighted-one + items: + - name: 'NTP service' + id: df06e919-02b7-41a7-a03f-4239592f3c12 + method: package_present + params: + name: ntp + - name: 'A simple block' + id: c9e259a1-51c5-40b3-98ef-0eeaf52dca98 + reporting: + mode: worst-case-weighted-one + items: + - name: 'NTP service' + id: df06e919-02b7-41a7-a03f-4239592f3c45 + method: package_present + params: + name: ntp + - name: 'A nested block' + id: b9e259a1-51c5-40b3-98ef-0eeaf52dca45 + reporting: + mode: worst-case-weighted-one + items: + - name: 'A simple block inside' + id: b9e259a1-51c5-40b3-98ef-0eeaf52dca96 + reporting: + mode: worst-case-weighted-one + items: + - name: 'NTP service' + id: cf06e919-02b7-41a7-a03f-4239592f3c14 + method: package_present + params: + name: ntp + - name: 'Another block inside' + id: b9e259a1-51c5-40b3-98ef-0eeaf52dca97 + reporting: + mode: worst-case-weighted-sum + items: + - name: 'NTP service' + id: cf06e919-02b7-41a7-a03f-4239592f3c13 + method: package_present + params: + name: ntp + - name: 'Another block inside' + id: 074d64ca-10ec-4c50-b0e1-4c85903f8b4c + reporting: + mode: 'focus' + id: cf06e919-02b7-41a7-a03f-4239592f3c21 + items: + - name: 'Enabled reporting' + id: cf06e919-02b7-41a7-a03f-4239592f3c21 + method: package_present + params: + name: ntp + - name: 'Disabled reporting' + id: c76686bb-79ab-4ae5-b45f-108492ab4101 + method: package_present + reporting: + mode: disabled + params: + name: ntp diff --git a/src/test/rudder-techniques/9.yml b/src/test/rudder-techniques/9.yml new file mode 100644 index 00000000000..9b74f91ac31 --- /dev/null +++ b/src/test/rudder-techniques/9.yml @@ -0,0 +1,22 @@ +id: param_in_condition +name: Param in conditions +version: '1.0' +category: ncf_techniques +params: + - id: 2f415dc5-9f9e-4fbe-b836-8960af613ec9 + name: file + description: file + constraints: + allow_empty: false +items: + - id: 9e763779-9f33-44bc-ad73-1c5d5732301c + name: 'Check if a file exists' + method: file_check_exists + params: + path: /tmp/${file} + - id: e8362340-dc50-4231-9b7f-748b51e9fa07 + name: 'Execute only if...' + condition: file_check_exists__tmp_${file}_kept + method: command_execution + params: + command: echo "May be executed or not"