9c12812735
Some major changes: * the charm has been rebased (from a Python perspective) to be rooted in the charm directory. This is a single root. * Imports have been changed so that the don't add lots of imports to the namespace of the module doing the import. * The code that used to run at module import time has been made lazy such that it only has to run if the relevant functions are called. This includes restart_on_change parameters, the harden function and the parameters to the guard_map. Appropriate changes will be submitted to charm-helpers. * Several tests had to be re-written as (incorrect) mocking meant that text fixtures didn't actually match what the code was doing. Thus, the tests were meaningless. * This has had a net positive impact on the unit tests wrt to importing modules and mocking. Change-Id: Id07d9d1caaa9b29453a63c2e49ba831071e9457f
55 lines
2.0 KiB
Python
55 lines
2.0 KiB
Python
# Copyright 2016 Canonical Limited.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
|
|
class BaseAudit(object): # NO-QA
|
|
"""Base class for hardening checks.
|
|
|
|
The lifecycle of a hardening check is to first check to see if the system
|
|
is in compliance for the specified check. If it is not in compliance, the
|
|
check method will return a value which will be supplied to the.
|
|
"""
|
|
def __init__(self, *args, **kwargs):
|
|
self.unless = kwargs.get('unless', None)
|
|
super(BaseAudit, self).__init__()
|
|
|
|
def ensure_compliance(self):
|
|
"""Checks to see if the current hardening check is in compliance or
|
|
not.
|
|
|
|
If the check that is performed is not in compliance, then an exception
|
|
should be raised.
|
|
"""
|
|
pass
|
|
|
|
def _take_action(self):
|
|
"""Determines whether to perform the action or not.
|
|
|
|
Checks whether or not an action should be taken. This is determined by
|
|
the truthy value for the unless parameter. If unless is a callback
|
|
method, it will be invoked with no parameters in order to determine
|
|
whether or not the action should be taken. Otherwise, the truthy value
|
|
of the unless attribute will determine if the action should be
|
|
performed.
|
|
"""
|
|
# Do the action if there isn't an unless override.
|
|
if self.unless is None:
|
|
return True
|
|
|
|
# Invoke the callback if there is one.
|
|
if hasattr(self.unless, '__call__'):
|
|
return not self.unless()
|
|
|
|
return not self.unless
|