Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add remediation support for drush yaml checks #43

Merged
merged 16 commits into from
Feb 13, 2024

Conversation

yusufhm
Copy link
Contributor

@yusufhm yusufhm commented Feb 8, 2024

Another big PR, which introduces a number of changes:

  • Breach is now an interface, with a generator for the common functions.

    • This allows for better handling remediations and the result for a check in general.
    • It also opens up future possibilities of having custom Breach types per Check and so on.
  • Added a Remediation struct and included it in the Result struct.

  • Updated the Remediate() signature in the Check interface to be more generic and without a return value.

    • It now expects the Check's Remediate implementation to loop through all the breaches and update the Remediation inside each one.
  • Updated the logic in ProcessCheck to call Remediate() for each Check after RunCheck() has been called.

    • Also added a DetermineResultStatus() to Result so we can have better logic outside of RunCheck() which determines the result based on the Breaches detected and Remediations performed.
      • This allows for a Check to focus on just analysing the data and reporting Breaches.
      • It also means that almost all tests had to be updated to reflect that change, since the Result.Status is not being manually set in different places now.
  • Finally, added two new attributes to the drush-yaml check, remediate-command & remediate-msg, along with the corresponding Remediate() logic. This allows us to define a check like below:

    checks:
      drush-yaml:
        - name: '[DATABASE] Ensure clamav is enabled'
          severity: high
          command: 'config:get clamav.settings'
          config-name: clamav.settings
          values:
            - key: enabled
              value: true
              truthy: true
          remediate-command: |
            #!/bin/bash
            set -eu
            drush config:set clamav.settings enabled true
          remediate-msg: ClamAV config was remediated by enabling it

    Shipshape will use the command specified to fix the issue and on success output the message specified:

    # Remediations
    
      ### [DATABASE] Ensure clamav is enabled
        -- ClamAV config was remediated by enabling it
    

@yusufhm yusufhm requested a review from steveworley February 8, 2024 08:40
@yusufhm yusufhm self-assigned this Feb 8, 2024
@yusufhm yusufhm merged commit f2615df into main Feb 13, 2024
3 of 4 checks passed
@yusufhm yusufhm deleted the feature/DEVOPS-406-remediate-drush-yaml branch February 13, 2024 03:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants