RubyGems - foreman_openscap - Versions diffs - 0.2.1 → 0.3.0 - Mend

foreman_openscap 0.2.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

data/app/helpers/scaptimony_policy_dashboard_helper.rb ADDED

@@ -0,0 +1,43 @@
+#
+# Copyright (c) 2014 Red Hat Inc.
+#
+# This software is licensed to you under the GNU General Public License,
+# version 3 (GPLv3). There is NO WARRANTY for this software, express or
+# implied, including the implied warranties of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv3
+# along with this software; if not, see http://www.gnu.org/licenses/gpl.txt
+#
+module ScaptimonyPolicyDashboardHelper
+  Colors = {
+    :compliant_hosts => '#89A54E',
+    :incompliant_hosts => '#AA4643',
+    :inconclusive_hosts => '#DB843D',
+    :report_missing => '#92A8CD',
+  }
+  def policy_widget_list
+    Scaptimony::PolicyDashboard::Manager.widgets
+  end
+  def host_breakdown_chart(report, options = {})
+    data = []
+    [[:compliant_hosts, _('Compliant hosts')],
+     [:incompliant_hosts, _('Incompliant hosts')],
+     [:inconclusive_hosts, _('Inconclusive')],
+     [:report_missing, _('Not audited')],
+    ].each { |i|
+      data << {:label => i[1], :data => report[i[0]], :color => Colors[i[0]]}
+    }
+    flot_pie_chart 'overview', _('Compliance Status'), data, options
+  end
+  def status_link(name, label, path)
+    content_tag :li do
+      content_tag(:i, raw('&nbsp;'), :class=>'label', :style => 'background-color:' + Colors[label]) +
+      raw('&nbsp;') +
+      link_to(name, path, :class=>'dashboard-links') +
+      content_tag(:h4, @report[label])
+    end
+  end
+end

data/app/helpers/scaptimony_report_dashboard_helper.rb ADDED

@@ -0,0 +1,20 @@
+module ScaptimonyReportDashboardHelper
+  Colors = {
+      :passed => '#89A54E',
+      :failed => '#AA4643',
+      :othered => '#DB843D',
+  }
+  def reports_breakdown_chart(report, options = {})
+    data = []
+    [[:failed, _('Failed')],
+     [:passed, _('Passed')],
+     [:othered, _('Othered')],
+    ].each { |i|
+      data << {:label => i[1], :data => report[i[0]], :color => Colors[i[0]]}
+    }
+    flot_pie_chart 'overview', _('Compliance reports breakdown'), data, options
+  end
+end

data/app/models/concerns/foreman_openscap/arf_report_extensions.rb CHANGED

@@ -13,8 +13,37 @@ require 'scaptimony/arf_report'
 module ForemanOpenscap
   module ArfReportExtensions
     extend ActiveSupport::Concern
+    include Taxonomix
     included do
-      scoped_search :in => :asset, :on => :name, :complete_value => :true, :rename => "host"
+      has_one :host, :through => :asset, :as => :assetable, :source => :assetable, :source_type => 'Host::Base'
+      after_save :assign_locations_organizations
+      scope :hosts, lambda { includes(:policy, :arf_report_breakdown) }
+      scope :latest, lambda { includes(:host, :policy, :arf_report_breakdown).limit(5).order("scaptimony_arf_reports.created_at DESC") }
+      scoped_search :in => :host, :on => :name, :complete_value => :true, :rename => "host"
+      default_scope {
+        with_taxonomy_scope do
+          order("scaptimony_arf_reports.created_at DESC")
+        end
+      }
+    end
+    def assign_locations_organizations
+      if host
+        self.locations = [host.location]
+        self.organizations = [host.organization]
+      end
+    end
+    def failed?
+      failed > 0
+    end
+    def passed?
+      passed > 0 && !failed?
     end
   end
 end

data/app/models/concerns/foreman_openscap/asset_extensions.rb ADDED

@@ -0,0 +1,34 @@
+#
+# Copyright (c) 2014 Red Hat Inc.
+#
+# This software is licensed to you under the GNU General Public License,
+# version 3 (GPLv3). There is NO WARRANTY for this software, express or
+# implied, including the implied warranties of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv3
+# along with this software; if not, see http://www.gnu.org/licenses/gpl.txt
+#
+require 'scaptimony/asset'
+module ForemanOpenscap
+  module AssetExtensions
+    extend ActiveSupport::Concern
+    included do
+      belongs_to :assetable, :polymorphic => true
+      scope :hosts, where(:assetable_type => 'Host::Base')
+    end
+    def host
+      fetch_asset('Host::Base')
+    end
+    def name
+      assetable.name
+    end
+    private
+    def fetch_asset(type)
+      assetable if assetable_type == type
+    end
+  end
+end

data/app/models/concerns/foreman_openscap/host_extensions.rb CHANGED

@@ -3,21 +3,52 @@ require 'scaptimony/asset'
 module ForemanOpenscap
   module HostExtensions
     extend ActiveSupport::Concern
+    ::Host::Managed::Jail.allow :policies_enc
     included do
-      has_one :auditable_host, :class_name => "::Scaptimony::AuditableHost",
-          :foreign_key => :host_id, :inverse_of => :host
+      has_one :asset, :as => :assetable, :class_name => "::Scaptimony::Asset"
+      has_many :asset_policies, :through => :asset, :class_name => "::Scaptimony::AssetPolicy"
+      has_many :policies, :through => :asset_policies, :class_name => "::Scaptimony::Policy"
+      has_many :arf_reports, :through => :asset, :class_name => '::Scaptimony::ArfReport'
+      scoped_search :in => :policies, :on => :name, :complete_value => true, :rename => :'compliance_policy',
+                    :only_explicit => true, :operators => ['= ', '!= '], :ext_method => :search_by_policy_name
+      scoped_search :in => :policies, :on => :name, :complete_value => true, :rename => :'compliance_report_missing_for',
+                    :only_explicit => true, :operators => ['= ', '!= '], :ext_method => :search_by_missing_arf
+    end
+    def get_asset
+      Scaptimony::Asset.where(:assetable_type => 'Host::Base', :assetable_id => id).first_or_create!
     end
-    # create or overwrite instance methods...
-    def instance_method_name
+    def policies_enc
+      self.policies.map(&:to_enc).to_json
     end
     module ClassMethods
-      # create or overwrite class methods...
-      def class_method_name
+      def search_by_policy_name(key, operator, policy_name)
+        cond = sanitize_sql_for_conditions(["scaptimony_policies.name #{operator} ?", value_to_sql(operator, policy_name)])
+        { :conditions => Host::Managed.arel_table[:id].in(
+              Host::Managed.select(Host::Managed.arel_table[:id]).joins(:policies).where(cond).ast
+            ).to_sql }
       end
-    end
+      def search_by_missing_arf(key, operator, policy_name)
+        cond = sanitize_sql_for_conditions(["scaptimony_policies.name #{operator} ?", value_to_sql(operator, policy_name)])
+        { :conditions => Host::Managed.arel_table[:id].in(
+             Host::Managed.select(Host::Managed.arel_table[:id])
+               .joins(:policies)
+               .where(cond)
+               .where('scaptimony_assets.id not in (
+				SELECT distinct scaptimony_arf_reports.asset_id
+				FROM scaptimony_arf_reports
+				WHERE scaptimony_arf_reports.asset_id = scaptimony_assets.id
+					AND scaptimony_arf_reports.policy_id = scaptimony_policies.id)
+			')
+               .ast
+             ).to_sql
+        }
+      end
+    end
   end
 end

data/app/models/concerns/foreman_openscap/policy_extensions.rb CHANGED

@@ -8,13 +8,224 @@
 # along with this software; if not, see http://www.gnu.org/licenses/gpl.txt
 #
-require 'scaptimony/policy'
 module ForemanOpenscap
   module PolicyExtensions
     extend ActiveSupport::Concern
+    include Authorizable
+    include Taxonomix
     included do
-      scoped_search :on => :name, :complete_value => true
+      attr_accessible :location_ids, :organization_ids, :current_step, :hostgroup_ids
+      attr_writer :current_step
+      SCAP_PUPPET_CLASS = 'foreman_scap_client'
+      POLICIES_CLASS_PARAMETER = 'policies'
+      SERVER_CLASS_PARAMETER = 'server'
+      validates :name, :presence => true, :uniqueness => true, :format => { without: /\s/ }
+      validate :ensure_needed_puppetclasses
+      validates :period, :inclusion => {:in => %w[weekly monthly custom]}, :if => Proc.new { | policy | policy.step_index > 3 }
+      validates :weekday, :inclusion => {:in => Date::DAYNAMES.map(&:downcase)},
+                :if => Proc.new { | policy | policy.step_index > 3 && policy.period == 'weekly' }
+      validates :day_of_month, :numericality => {:greater_than => 0, :less_than => 32},
+                :if => Proc.new { | policy | policy.step_index > 3 && policy.period == 'monthly' }
+      validate :valid_cron_line
+      validate :ensure_period_specification_present
+      after_save :assign_policy_to_hostgroups
+      # before_destroy - ensure that the policy has no hostgroups, or classes
+      default_scope {
+        with_taxonomy_scope do
+          order("scaptimony_policies.name")
+        end
+      }
+    end
+    def hostgroup_ids
+      assets.where(:assetable_type => 'Hostgroup').pluck(:assetable_id)
+    end
+    def hostgroup_ids=(ids)
+      ids.reject(&:empty?).map do |id|
+        self.assets << assets.where(:assetable_type => 'Hostgroup', :assetable_id => id).first_or_create!
+      end
+    end
+    def hostgroups
+      Hostgroup.find(hostgroup_ids)
+    end
+    def hostgroups=(hostgroups)
+      hostgroup_ids = hostgroups.map(&:id).map(&:to_s)
+    end
+    def steps
+      base_steps = ['Create policy', 'SCAP Content', 'Schedule']
+      base_steps << 'Locations' if SETTINGS[:locations_enabled]
+      base_steps << 'Organizations' if SETTINGS[:organizations_enabled]
+      base_steps << 'Hostgroups' #always be last.
+    end
+    def current_step
+      @current_step || steps.first
+    end
+    def previous_step
+      steps[steps.index(current_step) - 1]
+    end
+    def next_step
+      steps[steps.index(current_step) + 1 ]
+    end
+    def rewind_step
+      @current_step = previous_step
+    end
+    def first_step?
+      current_step == steps.first
+    end
+    def last_step?
+      current_step == steps.last
+    end
+    def wizard_completed?
+      current_step.blank?
+    end
+    def step_index
+      wizard_completed? ? steps.index(steps.last) : steps.index(current_step) + 1
+    end
+    def scan_name
+      name
+    end
+    def used_location_ids
+      Location.joins(:taxable_taxonomies).where(
+              'taxable_taxonomies.taxable_type' => 'Scaptimony::Policy',
+              'taxable_taxonomies.taxable_id' => id).pluck("#{Location.arel_table.name}.id")
+    end
+    def used_organization_ids
+      Organization.joins(:taxable_taxonomies).where(
+              'taxable_taxonomies.taxable_type' => 'Scaptimony::Policy',
+              'taxable_taxonomies.taxable_id' => id).pluck("#{Location.arel_table.name}.id")
+    end
+    def used_hostgroup_ids
+      []
+    end
+    def assign_hosts(hosts)
+      assign_assets hosts.map &:get_asset
+    end
+    def to_enc
+      {
+        'id' => self.id,
+        'profile_id' => self.scap_content_profile.try(:profile_id) || '',
+        'content_path' => "/var/lib/openscap/content/#{self.scap_content.digest}.xml",
+      }.merge(period_enc)
+    end
+    private
+    def period_enc
+      # get crontab expression as an array (minute hour day_of_month month day_of_week)
+      cron_parts = case period
+        when 'weekly'
+          [ '0', '1', '*', '*', weekday_number.to_s ]
+        when 'monthly'
+          [ '0', '1', day_of_month.to_s, '*', '*']
+        when 'custom'
+          cron_line_split
+        else
+          raise 'invalid period specification'
+      end
+      {
+        'minute' => cron_parts[0],
+        'hour' => cron_parts[1],
+        'monthday' => cron_parts[2],
+        'month' => cron_parts[3],
+        'weekday' => cron_parts[4],
+      }
+    end
+    def weekday_number
+      # 0 is sunday, 1 is monday in cron, while DAYS_INTO_WEEK has 0 as monday, 6 as sunday
+      (Date::DAYS_INTO_WEEK.with_indifferent_access[weekday] + 1) % 7
+    end
+    def ensure_needed_puppetclasses
+      unless puppetclass = Puppetclass.find_by_name(SCAP_PUPPET_CLASS)
+        errors[:base] << _("Required Puppet class %{class} is not found, please ensure it imported first.") % {:class => SCAP_PUPPET_CLASS}
+        return false
+      end
+      unless policies_param = puppetclass.class_params.where(:key => POLICIES_CLASS_PARAMETER).first
+        errors[:base] << _("Puppet class %{class} does not have %{parameter} class parameter.") % {:class => SCAP_PUPPET_CLASS, :parameter => POLICIES_CLASS_PARAMETER}
+        return false
+      end
+      policies_param.override = true
+      policies_param.key_type = 'array'
+      policies_param.default_value = '<%= @host.policies_enc %>'
+      if policies_param.changed? && !policies_param.save
+        errors[:base] << _("%{parameter} class parameter for class %{class} could not be configured.") % {:class => SCAP_PUPPET_CLASS, :parameter => POLICIES_CLASS_PARAMETER}
+        return false
+      end
+    end
+    def cron_line_split
+      cron_line.split(' ')
+    end
+    def valid_cron_line
+      return true if period != 'custom' || step_index != 4
+      unless cron_line_split.size == 5
+        errors[:base] << _("Cron line does not consist of 5 parts separated by space")
+        return false
+      end
+    end
+    def ensure_period_specification_present
+      return true if period.blank? || step_index != 4
+      error = nil
+      error = _("You must fill weekday") if weekday.blank? && period == 'weekday'
+      error = _("You must fill day of month") if day_of_month.blank? && period == 'monthly'
+      error = _("You must fill cron line") if cron_line.blank? && period == 'custom'
+      if error
+        errors[:base] << error
+        return false
+      end
+    end
+    def assign_policy_to_hostgroups
+      if hostgroups.any?
+        puppetclass = Puppetclass.find_by_name(SCAP_PUPPET_CLASS)
+        hostgroups.each do |hostgroup|
+          hostgroup.puppetclasses << puppetclass unless hostgroup.puppetclasses.include? puppetclass
+          populate_overrides(puppetclass, hostgroup)
+        end
+      end
+    end
+    def populate_overrides(puppetclass, hostgroup)
+      puppetclass.class_params.where(:override => true, :key => SERVER_CLASS_PARAMETER).each do |override|
+        if hostgroup.puppet_proxy && (url = hostgroup.puppet_proxy.url).present?
+          lookup_value = LookupValue.where(:match => "hostgroup=#{hostgroup.to_label}", :lookup_key_id => override.id).first_or_initialize
+          lookup_value.update_attribute(:value, url)
+        end
+      end
     end
   end
 end

data/app/models/concerns/foreman_openscap/scap_content_extensions.rb CHANGED

@@ -13,8 +13,28 @@ require 'scaptimony/scap_content'
 module ForemanOpenscap
   module ScapContentExtensions
     extend ActiveSupport::Concern
+    include Authorizable
+    include Taxonomix
     included do
-      scoped_search :on => :digest
+      attr_accessible :location_ids, :organization_ids
+      default_scope {
+        with_taxonomy_scope do
+          order("scaptimony_scap_contents.title")
+        end
+      }
+    end
+    def used_location_ids
+      Location.joins(:taxable_taxonomies).where(
+          'taxable_taxonomies.taxable_type' => 'Scaptimony::ScapContent',
+          'taxable_taxonomies.taxable_id' => id).pluck("#{Location.arel_table.name}.id")
+    end
+    def used_organization_ids
+      Organization.joins(:taxable_taxonomies).where(
+          'taxable_taxonomies.taxable_type' => 'Scaptimony::ScapContent',
+          'taxable_taxonomies.taxable_id' => id).pluck("#{Location.arel_table.name}.id")
     end
   end
 end