Skip to content

Commit 1fa6a84

Browse files
balavigneshVMwareraja021084ramurugesanrjew-bc
authored
Adding state and execution modules for compliance workflows. (#404)
* Add salt state and execution modules for compliance check PoC. (#396) * Add salt state and execution modules for compliance check use cases. * Add vcenter state module * rename module names. * incorporate new config module changes. --------- Co-authored-by: ramurugesan <ramurugesan@vmware.com> * Compliance control state and execution module refactoring (#397) * VCFSC-42: Add salt state and execution modules for jpmc compliance check use cases. * Add vcenter state module * rename module names. * incorporate new config module changes. * refactoring modules. --------- Co-authored-by: ramurugesan <ramurugesan@vmware.com> * change version to dev * Multi product auth support. * fix error message. * Compliance check changes to handle exceptions (#399) * Compliance check changes to handle exceptions * Fix pre-commit issue * Minor fix for compliance check response * Fix unit test cases. --------- Co-authored-by: ramurugesan <ramurugesan@vmware.com> * Minor fix to read config from pillar information and then grain (#400) * Incrementing version * Fix priority of importing credentials from pillar first * Adding support for NSX product (#401) * Incrementing version * Fix priority of importing credentials from pillar first * Adding support for product NSX * Add more product support * ESXi Context changes and response format changes. * set results to True for dry-run. * Incorporated config module framework changes. * hostname from grains ('fqdn') if available and then fallback to pillars. * Retrieve hostname from grains and fallback to pillar * Reading ssl verification flag from pillar * Adding product filtering * Optional ssl_thumbprint for esxi context * Fix skipped remediation status for compliance controls * Add controller metadata module (#403) Add controller metadata module --------- Co-authored-by: Russell Jew <171984014+rjew-bc@users.noreply.github.com> * Cleanup code and adding unit test cases * Adding config-module dependency and resolving comment * Ignoring linkcheck for broken links due to migration * Remove docs for invalid modules * Updating tests to run on 3006.9 and python version to 3.10 * Removing python < 3.10 from tests; remove cython dependency from windows; update pytest-salt-factories dependency version * Upgrading salt requires * Test pipeline with previous changes --------- Co-authored-by: Raja Murugesan <rajagopal.it@gmail.com> Co-authored-by: ramurugesan <ramurugesan@vmware.com> Co-authored-by: rjew-bc <171984014+rjew-bc@users.noreply.github.com>
1 parent 2a5b0f7 commit 1fa6a84

21 files changed

Lines changed: 933 additions & 12 deletions

.github/workflows/test.yml

Lines changed: 4 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ jobs:
3333
steps:
3434
- uses: actions/checkout@v2
3535

36-
- name: Set up Python 3.7 For Nox
36+
- name: Set up Python 3.10 For Nox
3737
uses: actions/setup-python@v4
3838
with:
3939
python-version: "3.10"
@@ -64,12 +64,9 @@ jobs:
6464
max-parallel: 4
6565
matrix:
6666
python-version:
67-
- 3.7
68-
- 3.8
69-
- 3.9
7067
- "3.10"
7168
salt-version:
72-
- 3006.4
69+
- 3006.9
7370

7471
steps:
7572
- uses: actions/checkout@v2
@@ -187,7 +184,7 @@ jobs:
187184
python-version:
188185
- "3.10"
189186
salt-version:
190-
- 3006.4
187+
- 3006.9
191188

192189
steps:
193190
- uses: actions/checkout@v2
@@ -206,7 +203,6 @@ jobs:
206203
shell: bash
207204
env:
208205
SALT_REQUIREMENT: salt==${{ matrix.salt-version }}
209-
EXTRA_REQUIREMENTS_INSTALL: Cython
210206
run: |
211207
export PATH="/C/Program Files (x86)/Windows Kits/10/bin/10.0.18362.0/x64;$PATH"
212208
nox --force-color -e tests-3 --install-only
@@ -310,7 +306,7 @@ jobs:
310306
python-version:
311307
- "3.10"
312308
salt-version:
313-
- 3006.4
309+
- 3006.9
314310

315311
steps:
316312
- uses: actions/checkout@v2

docs/conf.py

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -148,8 +148,17 @@
148148
# <---- Autodoc Config -----------------------------------------------------------------------------------------------
149149

150150
linkcheck_timeout = 10
151+
152+
# Ignoring linkcheck for links migrated from vmware to broadcom
153+
linkcheck_ignore = [
154+
r"https://developer\.vmware\.com/.*",
155+
r"http://pubs\.vmware\.com/.*",
156+
r"https://code\.vmware\.com/.*",
157+
]
151158
if not os.environ.get("SKIP_LINKCHECK_IGNORE"):
152-
linkcheck_ignore = ["https://docs.github.com/en/authentication/connecting-to-github-with-ssh"]
159+
linkcheck_ignore.append(
160+
"https://docs.github.com/en/authentication/connecting-to-github-with-ssh"
161+
)
153162

154163

155164
def setup(app):

docs/ref/modules/all.rst

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,8 @@ Execution Modules
1111
saltext.vmware.modules.cluster
1212
saltext.vmware.modules.cluster_drs
1313
saltext.vmware.modules.cluster_ha
14+
saltext.vmware.modules.compliance_control
15+
saltext.vmware.modules.controller_metadata
1416
saltext.vmware.modules.datacenter
1517
saltext.vmware.modules.datastore
1618
saltext.vmware.modules.dvportgroup

docs/ref/modules/saltext.vmware.modules.compliance_control.rst

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
2+
saltext.vmware.modules.compliance_control
3+
=========================================
4+
5+
.. automodule:: saltext.vmware.modules.compliance_control
6+
:members:

docs/ref/modules/saltext.vmware.modules.controller_metadata.rst

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
2+
saltext.vmware.modules.controller_metadata
3+
==========================================
4+
5+
.. automodule:: saltext.vmware.modules.controller_metadata
6+
:members:

docs/ref/states/all.rst

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@ State Modules
88
.. autosummary::
99
:toctree:
1010

11+
saltext.vmware.states.compliance_control
12+
saltext.vmware.states.controller_metadata
1113
saltext.vmware.states.datacenter
1214
saltext.vmware.states.datastore
1315
saltext.vmware.states.esxi

docs/ref/states/saltext.vmware.states.compliance_control.rst

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
2+
saltext.vmware.states.compliance_control
3+
========================================
4+
5+
.. automodule:: saltext.vmware.states.compliance_control
6+
:members:

docs/ref/states/saltext.vmware.states.controller_metadata.rst

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
2+
saltext.vmware.states.controller_metadata
3+
=========================================
4+
5+
.. automodule:: saltext.vmware.states.controller_metadata
6+
:members:

setup.cfg

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,12 +43,13 @@ install_requires =
4343
pyvmomi==7.0.3
4444
importlib_metadata; python_version < "3.8"
4545
jinja2>=3.1.0
46+
config_modules_vmware
4647

4748
[options.extras_require]
4849
tests =
4950
pytest>=6.1.0
5051
pytest-cov
51-
pytest-salt-factories>=1.0.0rc27
52+
pytest-salt-factories>=1.0.1
5253
dev =
5354
nox
5455
towncrier==21.9.0rc1

src/saltext/vmware/modules/compliance_control.py

Lines changed: 77 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,77 @@
1+
# SPDX-License: Apache-2.0
2+
import logging
3+
4+
import salt.exceptions
5+
import saltext.vmware.utils.compliance_control as compliance_control_util
6+
from config_modules_vmware.interfaces.controller_interface import ControllerInterface
7+
8+
log = logging.getLogger(__name__)
9+
10+
__virtualname__ = "vmware_compliance_control"
11+
12+
13+
def __virtual__():
14+
return __virtualname__
15+
16+
17+
def control_config_compliance_check(control_config, product, auth_context=None):
18+
"""
19+
Checks compliance of control config. Control config can be ntp, dns, syslog, etc.
20+
Returns control compliance response object.
21+
22+
control_config
23+
control config dict object.
24+
product
25+
appliance name - vcenter, sddc-manager, etc.
26+
auth_context
27+
optional auth context to access product.
28+
"""
29+
30+
log.info("Checking compliance %s", control_config)
31+
if not auth_context:
32+
config = __opts__
33+
auth_context = compliance_control_util.create_auth_context(config=config, product=product)
34+
35+
try:
36+
controller_interface_obj = ControllerInterface(auth_context)
37+
response_check_compliance = controller_interface_obj.check_compliance(
38+
desired_state_spec=control_config
39+
)
40+
log.debug("Response for compliance check %s", response_check_compliance)
41+
return response_check_compliance
42+
except Exception as exc:
43+
log.error("Compliance check encountered an error: %s", str(exc))
44+
raise salt.exceptions.VMwareRuntimeError(str(exc))
45+
46+
47+
def control_config_remediate(control_config, product, auth_context=None):
48+
"""
49+
Remediate given compliance control config. Control config can be ntp, dns, syslog, etc.
50+
Returns remediation response object.
51+
52+
control_config
53+
control config dict object.
54+
product
55+
appliance name. vcenter, sddc-manager, etc.
56+
auth_context
57+
Optional auth context to access product.
58+
"""
59+
60+
log.info("Remediation : %s", control_config)
61+
62+
if not auth_context:
63+
config = __opts__
64+
auth_context = compliance_control_util.create_auth_context(config=config, product=product)
65+
66+
try:
67+
controller_interface_obj = ControllerInterface(auth_context)
68+
response_remediate = controller_interface_obj.remediate_with_desired_state(
69+
desired_state_spec=control_config
70+
)
71+
log.debug("Remediation response %s", response_remediate)
72+
return response_remediate
73+
74+
except Exception as exc:
75+
# Handle exceptions by setting status as false and including exception details
76+
log.error("Remediation encountered an error: %s", str(exc))
77+
raise salt.exceptions.VMwareRuntimeError(str(exc))

0 commit comments

Comments
 (0)