Carry over refvals and setval's to extended profiles. Also added checks to warn about refvals and setvals referencing non-existant values. Fixes bugs #8152,8153 --- src/secstate/main.py | 48 +++++++++++++++++++++++++++++++++++------------- 1 files changed, 35 insertions(+), 13 deletions(-) diff --git a/src/secstate/main.py b/src/secstate/main.py index c8a603e..ea0425f 100644 --- a/src/secstate/main.py +++ b/src/secstate/main.py @@ -267,25 +267,47 @@ class Secstate: val_instance = val.instances[0] benchmark.vals[val.id] = value_instance_to_value(val_instance) + profiles = [] current_profile = benchmark.config.get(benchmark.id, 'profile') prof_item = benchmark.get_item(current_profile) if prof_item == None: self.log.error("Import failed: profile '%(prof)s' does not exist" % {'prof':current_profile}) return None + profiles.append(prof_item.to_profile()) - profile = prof_item.to_profile() - prof_sel = get_profile_selections(benchmark, profile) - for key,val in prof_sel.items(): - benchmark.selections[key] = val + tmp_prof = profiles[0] + while tmp_prof.extends != None: + tmp_prof_item = benchmark.get_item(tmp_prof.extends) + if tmp_prof_item == None: + self.log.error("Import failed: profile '%(prof)s does not exist" % {'prof':tmp_prof}) + return None + tmp_prof = tmp_prof_item.to_profile() + profiles.append(tmp_prof) + + # Start with the base profile first + profiles.reverse() + for profile in profiles: + prof_sel = get_profile_selections(benchmark, profile) + for key,val in prof_sel.items(): + benchmark.selections[key] = val + + for setval in profile.setvalues: + if not benchmark.get_item(setval.item) != None: + if not benchmark.get_item(setval.item).prohibit_changes: + benchmark.vals[setval.item] = setval.value + else: + self.log.error("Set value references non-existant value: %(val)s" % {'val':setval.item}) + continue - for setval in profile.setvalues: - if not benchmark.get_item(setval.item).prohibit_changes: - benchmark.vals[setval.item] = setval.value + for refval in profile.refine_values: + value_item = benchmark.get_item(refval.item) + if value_item == None: + self.log.error("Refine value references non-existant value: %(val)s" % {'val':refval.item}) + continue + value = value_item.to_value() - for refval in profile.refine_values: - value = benchmark.get_item(refval.item).to_value() - if not value.prohibit_changes: - benchmark.vals[refval.item] = value_instance_to_value(value.get_instance_by_selector(refval.selector)) + if not value.prohibit_changes: + benchmark.vals[refval.item] = value_instance_to_value(value.get_instance_by_selector(refval.selector)) puppet_files = get_puppet_files(benchmark) if store_path == None and self.content.has_key(benchmark.id): -- 1.7.2.3