Inquiry About Upstreaming Modifications

[samirMhn]

Dear complianceAsCode Maintainers,

I hope this message finds you well. I am writing to discuss some modifications I have made to the original complianceAsCode project rules in order to be able to use these rules with my product. I would like to inquire if these changes can be upstreamed or if there is a better way to implement them to ensure compatibility and usability for my product while also contributing back to the main project.

As an example I have included the original code and my modification for one rule but we have several rules with the same behavior.

Original Code:
In the enable_ldap_client/oval/shared.yml file, /etc/sysconfig/authconfig and USELDAPAUTH=yes were hardcoded :

  <ind:textfilecontent54_object id="obj_enable_ldap_client" version="1">
    <ind:filepath>/etc/sysconfig/authconfig</ind:filepath>
    <ind:pattern operation="pattern match">^[\s]*USELDAPAUTH=yes[\s]*$</ind:pattern>
    <ind:instance datatype="int">1</ind:instance>
  </ind:textfilecontent54_object>

Modified Code:
I modified the original code in order to be able to use the same rule in case a product has a path other than etc/sysconfig/authconfig also I replaced the hardcoded regex USELDAPAUTH=yes with a configurable one

{{%- if 'MyProduct' in product %}}
  {{%- set PATH="/etc/pam.d/ldap/ldap" %}}
  {{%- set REGEX="account required pam_ldap.so ignore_authinfo_unavail ignore_unknown_user" %}}
{{%- else %}}
  {{%- set PATH = "/etc/sysconfig/authconfig" %}}
  {{%- set REGEX="USELDAPAUTH=yes" %}}
{{%- endif %}}
.
.
.
.
  <ind:textfilecontent54_object id="obj_enable_ldap_client" version="1">
    <ind:filepath>{{{PATH}}}</ind:filepath>
    <ind:pattern operation="pattern match">^[\s]*{{{REGEX}}}[\s]*$</ind:pattern>
    <ind:instance datatype="int">1</ind:instance>
  </ind:textfilecontent54_object>

These changes allow the rule to support my product, which uses a different configuration file path. I am looking forward to your guidance on whether these modifications are suitable for upstreaming or if there are alternative approaches that you recommend.

Thank you for your time and assistance. I look forward to your response.

[Mab879]

Thanks for your comment.

We are fairly up to new products in upstream.

I would also note that maybe this might be case for XCCDF and tailoring. Something else to think about.