Add support for client in Bash installation

manifests/init.pp

@@ -24,10 +24,7 @@
 # path to host private key, usually puppet agent private key
 # May be overriden if the rh_certificate_consumer_host_key fact is found
 #
-# @param package_name
-# Package name for Ruby foreman_scap_client package
-#
-# @param package_provider 
+# @param package_provider
 # provider for the package, defaults to yum but can be set to gem, or any other valid
 # puppet package provider
 #
@@ -80,6 +77,9 @@
 # @param timeout
 # Timeout when sending reports to proxy
 #
+# @param obsolete
+# Whether to use the obsolete client wrapper in Ruby
+#
 # @example Run a weekly SCAP audit
 # class { foreman_scap_client:
 # server => 'proxy.example.com',
@@ -110,7 +110,6 @@
  Stdlib::Absolutepath $ca_file = $foreman_scap_client::params::ca_file,
  Stdlib::Absolutepath $host_certificate = $foreman_scap_client::params::host_certificate,
  Stdlib::Absolutepath $host_private_key = $foreman_scap_client::params::host_private_key,
- String $package_name = 'rubygem-foreman_scap_client',
  Optional[String] $package_provider = undef,
  Optional[String] $foreman_repo_rel = undef,
  String $foreman_repo_key = 'https://yum.theforeman.org/RPM-GPG-KEY-foreman',
@@ -120,9 +119,21 @@
  String $cron_template = 'foreman_scap_client/cron.erb',
  Integer[0] $cron_splay = 600,
  Integer[0] $timeout = 60,
+ Boolean $obsolete = true,
 ) inherits foreman_scap_client::params {
  $cron_sleep = fqdn_rand($cron_splay)
 
+ if $obsolete {
+ $package_name = 'rubygem-foreman_scap_client'
+ $config_path = '/etc/foreman_scap_client/config.yaml'
+ $template_path = 'foreman_scap_client/config.yaml.erb'
+ }
+ else {
+ $package_name = 'rubygem-foreman_scap_client_bash'
+ $config_path = '/etc/foreman_scap_client/config'
+ $template_path = 'foreman_scap_client/config.erb'
+ }
+
  if $foreman_repo_rel {
  if $foreman_repo_key =~ /^http/ {
  $gpgkey = $foreman_repo_key
@@ -176,8 +187,8 @@
 
  file { 'foreman_scap_client':
  ensure => file,
- path => '/etc/foreman_scap_client/config.yaml',
- content => template('foreman_scap_client/config.yaml.erb'),
+ path => $config_path,
+ content => template($template_path),
  owner => 'root',
  }
 

spec/acceptance/basic_spec.rb

@@ -17,4 +17,22 @@
  describe package('rubygem-foreman_scap_client') do
  it { is_expected.to be_installed }
  end
+
+ it_behaves_like 'an idempotent resource' do
+ let(:manifest) do
+ <<~PUPPET
+ class { 'foreman_scap_client':
+ foreman_repo_rel => 'nightly',
+ server => 'foreman.example.com',
+ port => 8443,
+ policies => [ { id: 1, profile_id: 'default', content_path: '/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml' } ],
+ obsolete => false,
+ }
+ PUPPET
+ end
+ end
+
+ describe package('rubygem-foreman_scap_client_bash') do
+ it { is_expected.to be_installed }
+ end
 end

spec/classes/init_spec.rb

@@ -41,6 +41,29 @@
  .with_content(%r{^:host_private_key: '/etc/rhsm/host/key\.pem'$})
  end
  end
+
+ context 'with flag to install bash version' do
+ let(:params) do
+ super().merge({
+ obsolete: false,
+ policies: [
+ {
+ id: 1,
+ profile_id: 'default',
+ content_path: '/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml',
+ }
+ ]
+ })
+ end
+
+ it { is_expected.to compile.with_all_deps }
+ it do
+ is_expected.to contain_file('foreman_scap_client')
+ .with_path('/etc/foreman_scap_client/config')
+ .with_content(%r{^POLICY_1_PROFILE="default"$})
+ .with_content(%r{^POLICY_1_CONTENT_PATH="/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml"$})
+ end
+ end
  end
  end
  end

templates/config.erb

@@ -0,0 +1,41 @@
+# DO NOT EDIT THIS FILE MANUALLY
+# IT IS MANAGED BY PUPPET
+
+# Foreman proxy to which reports should be uploaded
+SERVER="<%= @server %>"
+PORT=<%= @port %>
+
+# Timeout for sending reports to proxy
+TIMEOUT=<%= @timeout %>
+
+# Should --fetch-remote-resources be added to `oscap xccdf eval` command
+FETCH_REMOTE_RESOURCES="<%= @fetch_remote_resources %>"
+
+# HTTP proxy server for downloading remote resources
+HTTP_PROXY_SERVER="<%= @http_proxy_server %>"
+HTTP_PROXY_PORT="<%= @http_proxy_port %>"
+
+## SSL specific options ##
+# Client CA file.
+# It could be Puppet CA certificate (e.g., '/var/lib/puppet/ssl/certs/ca.pem')
+# Or (recommended for client reporting to Katello) subscription manager CA file, (e.g., '/etc/rhsm/ca/katello-server-ca.pem')
+CA_FILE="<%= @ca_file %>"
+# Client host certificate.
+# It could be Puppet agent host certificate (e.g., '/var/lib/puppet/ssl/certs/myhost.example.com.pem')
+# Or (recommended for client reporting to Katello) consumer certificate (e.g., '/etc/pki/consumer/cert.pem')
+HOST_CERTIFICATE="<%= @host_certificate %>"
+# Client private key
+# It could be Puppet agent private key (e.g., '/var/lib/puppet/ssl/private_keys/myhost.example.com.pem')
+# Or (recommended for client reporting to Katello) consumer private key (e.g., '/etc/pki/consumer/key.pem')
+HOST_PRIVATE_KEY="<%= @host_private_key %>"
+
+# policy (key is id as in Foreman)
+<% @policies.each do |policy| %>
+POLICY_<%= policy['id'] -%>_PROFILE="<%= policy['profile_id'] -%>"
+POLICY_<%= policy['id'] -%>_CONTENT_PATH="<%= policy['content_path'] -%>"
+# Download path
+# A path to download SCAP content from proxy
+POLICY_<%= policy['id'] -%>_DOWNLOAD_PATH="<%= policy['download_path'] -%>"
+POLICY_<%= policy['id'] -%>_TAILORING_PATH="<%= policy['tailoring_path'] -%>"
+POLICY_<%= policy['id'] -%>_TAILORING_DOWNLOAD_PATH="<%= policy['tailoring_download_path'] -%>"
+<% end %>