foreman_openscap 0.2.1 → 0.3.0

data/app/helpers/scaptimony_policy_dashboard_helper.rb

@@ -0,0 +1,43 @@
+#
+# Copyright (c) 2014 Red Hat Inc.
+#
+# This software is licensed to you under the GNU General Public License,
+# version 3 (GPLv3). There is NO WARRANTY for this software, express or
+# implied, including the implied warranties of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv3
+# along with this software; if not, see http://www.gnu.org/licenses/gpl.txt
+#
+
+module ScaptimonyPolicyDashboardHelper
+  Colors = {
+    :compliant_hosts => '#89A54E',
+    :incompliant_hosts => '#AA4643',
+    :inconclusive_hosts => '#DB843D',
+    :report_missing => '#92A8CD',
+  }
+
+  def policy_widget_list
+    Scaptimony::PolicyDashboard::Manager.widgets
+  end
+
+  def host_breakdown_chart(report, options = {})
+    data = []
+    [[:compliant_hosts, _('Compliant hosts')],
+     [:incompliant_hosts, _('Incompliant hosts')],
+     [:inconclusive_hosts, _('Inconclusive')],
+     [:report_missing, _('Not audited')],
+    ].each { |i|
+      data << {:label => i[1], :data => report[i[0]], :color => Colors[i[0]]}
+    }
+    flot_pie_chart 'overview', _('Compliance Status'), data, options
+  end
+
+  def status_link(name, label, path)
+    content_tag :li do
+      content_tag(:i, raw('&nbsp;'), :class=>'label', :style => 'background-color:' + Colors[label]) +
+      raw('&nbsp;') +
+      link_to(name, path, :class=>'dashboard-links') +
+      content_tag(:h4, @report[label])
+    end
+  end
+end

data/app/helpers/scaptimony_report_dashboard_helper.rb

@@ -0,0 +1,20 @@
+module ScaptimonyReportDashboardHelper
+  Colors = {
+      :passed => '#89A54E',
+      :failed => '#AA4643',
+      :othered => '#DB843D',
+  }
+
+
+  def reports_breakdown_chart(report, options = {})
+    data = []
+    [[:failed, _('Failed')],
+     [:passed, _('Passed')],
+     [:othered, _('Othered')],
+    ].each { |i|
+      data << {:label => i[1], :data => report[i[0]], :color => Colors[i[0]]}
+    }
+    flot_pie_chart 'overview', _('Compliance reports breakdown'), data, options
+  end
+
+end

data/app/models/concerns/foreman_openscap/arf_report_extensions.rb

@@ -13,8 +13,37 @@ require 'scaptimony/arf_report'
 module ForemanOpenscap
   module ArfReportExtensions
     extend ActiveSupport::Concern
+    include Taxonomix
     included do
-      scoped_search :in => :asset, :on => :name, :complete_value => :true, :rename => "host"
+      has_one :host, :through => :asset, :as => :assetable, :source => :assetable, :source_type => 'Host::Base'
+
+      after_save :assign_locations_organizations
+
+      scope :hosts, lambda { includes(:policy, :arf_report_breakdown) }
+      scope :latest, lambda { includes(:host, :policy, :arf_report_breakdown).limit(5).order("scaptimony_arf_reports.created_at DESC") }
+
+      scoped_search :in => :host, :on => :name, :complete_value => :true, :rename => "host"
+
+      default_scope {
+        with_taxonomy_scope do
+          order("scaptimony_arf_reports.created_at DESC")
+        end
+      }
+    end
+
+    def assign_locations_organizations
+      if host
+        self.locations = [host.location]
+        self.organizations = [host.organization]
+      end
+    end
+
+    def failed?
+      failed > 0
+    end
+
+    def passed?
+      passed > 0 && !failed?
     end
   end
 end

data/app/models/concerns/foreman_openscap/asset_extensions.rb

@@ -0,0 +1,34 @@
+#
+# Copyright (c) 2014 Red Hat Inc.
+#
+# This software is licensed to you under the GNU General Public License,
+# version 3 (GPLv3). There is NO WARRANTY for this software, express or
+# implied, including the implied warranties of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv3
+# along with this software; if not, see http://www.gnu.org/licenses/gpl.txt
+#
+
+require 'scaptimony/asset'
+
+module ForemanOpenscap
+  module AssetExtensions
+    extend ActiveSupport::Concern
+    included do
+      belongs_to :assetable, :polymorphic => true
+      scope :hosts, where(:assetable_type => 'Host::Base')
+    end
+
+    def host
+      fetch_asset('Host::Base')
+    end
+
+    def name
+      assetable.name
+    end
+
+    private
+    def fetch_asset(type)
+      assetable if assetable_type == type
+    end
+  end
+end

data/app/models/concerns/foreman_openscap/host_extensions.rb

@@ -3,21 +3,52 @@ require 'scaptimony/asset'
 module ForemanOpenscap
   module HostExtensions
     extend ActiveSupport::Concern
+    ::Host::Managed::Jail.allow :policies_enc
 
     included do
-      has_one :auditable_host, :class_name => "::Scaptimony::AuditableHost",
-          :foreign_key => :host_id, :inverse_of => :host
+      has_one :asset, :as => :assetable, :class_name => "::Scaptimony::Asset"
+      has_many :asset_policies, :through => :asset, :class_name => "::Scaptimony::AssetPolicy"
+      has_many :policies, :through => :asset_policies, :class_name => "::Scaptimony::Policy"
+      has_many :arf_reports, :through => :asset, :class_name => '::Scaptimony::ArfReport'
+
+      scoped_search :in => :policies, :on => :name, :complete_value => true, :rename => :'compliance_policy',
+                    :only_explicit => true, :operators => ['= ', '!= '], :ext_method => :search_by_policy_name
+      scoped_search :in => :policies, :on => :name, :complete_value => true, :rename => :'compliance_report_missing_for',
+                    :only_explicit => true, :operators => ['= ', '!= '], :ext_method => :search_by_missing_arf
+    end
+
+    def get_asset
+      Scaptimony::Asset.where(:assetable_type => 'Host::Base', :assetable_id => id).first_or_create!
     end
 
-    # create or overwrite instance methods...
-    def instance_method_name
+    def policies_enc
+      self.policies.map(&:to_enc).to_json
     end
 
     module ClassMethods
-      # create or overwrite class methods...
-      def class_method_name
+      def search_by_policy_name(key, operator, policy_name)
+        cond = sanitize_sql_for_conditions(["scaptimony_policies.name #{operator} ?", value_to_sql(operator, policy_name)])
+        { :conditions => Host::Managed.arel_table[:id].in(
+              Host::Managed.select(Host::Managed.arel_table[:id]).joins(:policies).where(cond).ast
+            ).to_sql }
       end
-    end
 
+      def search_by_missing_arf(key, operator, policy_name)
+        cond = sanitize_sql_for_conditions(["scaptimony_policies.name #{operator} ?", value_to_sql(operator, policy_name)])
+        { :conditions => Host::Managed.arel_table[:id].in(
+             Host::Managed.select(Host::Managed.arel_table[:id])
+               .joins(:policies)
+               .where(cond)
+               .where('scaptimony_assets.id not in (
+				SELECT distinct scaptimony_arf_reports.asset_id
+				FROM scaptimony_arf_reports
+				WHERE scaptimony_arf_reports.asset_id = scaptimony_assets.id
+					AND scaptimony_arf_reports.policy_id = scaptimony_policies.id)
+			')
+               .ast
+             ).to_sql
+        }
+      end
+    end
   end
 end

data/app/models/concerns/foreman_openscap/policy_extensions.rb

@@ -8,13 +8,224 @@
 # along with this software; if not, see http://www.gnu.org/licenses/gpl.txt
 #
 
-require 'scaptimony/policy'
-
 module ForemanOpenscap
   module PolicyExtensions
     extend ActiveSupport::Concern
+
+    include Authorizable
+    include Taxonomix
+
     included do
-      scoped_search :on => :name, :complete_value => true
+      attr_accessible :location_ids, :organization_ids, :current_step, :hostgroup_ids
+      attr_writer :current_step
+
+      SCAP_PUPPET_CLASS = 'foreman_scap_client'
+      POLICIES_CLASS_PARAMETER = 'policies'
+      SERVER_CLASS_PARAMETER = 'server'
+
+      validates :name, :presence => true, :uniqueness => true, :format => { without: /\s/ }
+      validate :ensure_needed_puppetclasses
+      validates :period, :inclusion => {:in => %w[weekly monthly custom]}, :if => Proc.new { | policy | policy.step_index > 3 }
+      validates :weekday, :inclusion => {:in => Date::DAYNAMES.map(&:downcase)},
+                :if => Proc.new { | policy | policy.step_index > 3 && policy.period == 'weekly' }
+      validates :day_of_month, :numericality => {:greater_than => 0, :less_than => 32},
+                :if => Proc.new { | policy | policy.step_index > 3 && policy.period == 'monthly' }
+      validate :valid_cron_line
+      validate :ensure_period_specification_present
+
+
+      after_save :assign_policy_to_hostgroups
+      # before_destroy - ensure that the policy has no hostgroups, or classes
+
+      default_scope {
+        with_taxonomy_scope do
+          order("scaptimony_policies.name")
+        end
+      }
+    end
+
+    def hostgroup_ids
+      assets.where(:assetable_type => 'Hostgroup').pluck(:assetable_id)
+    end
+
+    def hostgroup_ids=(ids)
+      ids.reject(&:empty?).map do |id|
+        self.assets << assets.where(:assetable_type => 'Hostgroup', :assetable_id => id).first_or_create!
+      end
+    end
+
+    def hostgroups
+      Hostgroup.find(hostgroup_ids)
+    end
+
+    def hostgroups=(hostgroups)
+      hostgroup_ids = hostgroups.map(&:id).map(&:to_s)
+    end
+
+    def steps
+      base_steps = ['Create policy', 'SCAP Content', 'Schedule']
+      base_steps << 'Locations' if SETTINGS[:locations_enabled]
+      base_steps << 'Organizations' if SETTINGS[:organizations_enabled]
+      base_steps << 'Hostgroups' #always be last.
+    end
+
+    def current_step
+      @current_step || steps.first
+    end
+
+    def previous_step
+      steps[steps.index(current_step) - 1]
+    end
+
+    def next_step
+      steps[steps.index(current_step) + 1 ]
+    end
+
+    def rewind_step
+      @current_step = previous_step
+    end
+
+    def first_step?
+      current_step == steps.first
+    end
+
+    def last_step?
+      current_step == steps.last
+    end
+
+    def wizard_completed?
+      current_step.blank?
+    end
+
+    def step_index
+      wizard_completed? ? steps.index(steps.last) : steps.index(current_step) + 1
+    end
+
+    def scan_name
+      name
+    end
+
+    def used_location_ids
+      Location.joins(:taxable_taxonomies).where(
+              'taxable_taxonomies.taxable_type' => 'Scaptimony::Policy',
+              'taxable_taxonomies.taxable_id' => id).pluck("#{Location.arel_table.name}.id")
+    end
+
+    def used_organization_ids
+      Organization.joins(:taxable_taxonomies).where(
+              'taxable_taxonomies.taxable_type' => 'Scaptimony::Policy',
+              'taxable_taxonomies.taxable_id' => id).pluck("#{Location.arel_table.name}.id")
+    end
+
+    def used_hostgroup_ids
+      []
+    end
+
+    def assign_hosts(hosts)
+      assign_assets hosts.map &:get_asset
+    end
+
+    def to_enc
+      {
+        'id' => self.id,
+        'profile_id' => self.scap_content_profile.try(:profile_id) || '',
+        'content_path' => "/var/lib/openscap/content/#{self.scap_content.digest}.xml",
+      }.merge(period_enc)
+    end
+
+    private
+
+    def period_enc
+      # get crontab expression as an array (minute hour day_of_month month day_of_week)
+      cron_parts = case period
+        when 'weekly'
+          [ '0', '1', '*', '*', weekday_number.to_s ]
+        when 'monthly'
+          [ '0', '1', day_of_month.to_s, '*', '*']
+        when 'custom'
+          cron_line_split
+        else
+          raise 'invalid period specification'
+      end
+
+      {
+        'minute' => cron_parts[0],
+        'hour' => cron_parts[1],
+        'monthday' => cron_parts[2],
+        'month' => cron_parts[3],
+        'weekday' => cron_parts[4],
+      }
+    end
+
+    def weekday_number
+      # 0 is sunday, 1 is monday in cron, while DAYS_INTO_WEEK has 0 as monday, 6 as sunday
+      (Date::DAYS_INTO_WEEK.with_indifferent_access[weekday] + 1) % 7
+    end
+
+    def ensure_needed_puppetclasses
+      unless puppetclass = Puppetclass.find_by_name(SCAP_PUPPET_CLASS)
+        errors[:base] << _("Required Puppet class %{class} is not found, please ensure it imported first.") % {:class => SCAP_PUPPET_CLASS}
+        return false
+      end
+
+      unless policies_param = puppetclass.class_params.where(:key => POLICIES_CLASS_PARAMETER).first
+        errors[:base] << _("Puppet class %{class} does not have %{parameter} class parameter.") % {:class => SCAP_PUPPET_CLASS, :parameter => POLICIES_CLASS_PARAMETER}
+        return false
+      end
+
+      policies_param.override = true
+      policies_param.key_type = 'array'
+      policies_param.default_value = '<%= @host.policies_enc %>'
+
+      if policies_param.changed? && !policies_param.save
+        errors[:base] << _("%{parameter} class parameter for class %{class} could not be configured.") % {:class => SCAP_PUPPET_CLASS, :parameter => POLICIES_CLASS_PARAMETER}
+        return false
+      end
+    end
+
+    def cron_line_split
+      cron_line.split(' ')
+    end
+
+    def valid_cron_line
+      return true if period != 'custom' || step_index != 4
+
+      unless cron_line_split.size == 5
+        errors[:base] << _("Cron line does not consist of 5 parts separated by space")
+        return false
+      end
+    end
+
+    def ensure_period_specification_present
+      return true if period.blank? || step_index != 4
+
+      error = nil
+      error = _("You must fill weekday") if weekday.blank? && period == 'weekday'
+      error = _("You must fill day of month") if day_of_month.blank? && period == 'monthly'
+      error = _("You must fill cron line") if cron_line.blank? && period == 'custom'
+      if error
+        errors[:base] << error
+        return false
+      end
+    end
+
+    def assign_policy_to_hostgroups
+      if hostgroups.any?
+        puppetclass = Puppetclass.find_by_name(SCAP_PUPPET_CLASS)
+        hostgroups.each do |hostgroup|
+          hostgroup.puppetclasses << puppetclass unless hostgroup.puppetclasses.include? puppetclass
+          populate_overrides(puppetclass, hostgroup)
+        end
+      end
+    end
+
+    def populate_overrides(puppetclass, hostgroup)
+      puppetclass.class_params.where(:override => true, :key => SERVER_CLASS_PARAMETER).each do |override|
+        if hostgroup.puppet_proxy && (url = hostgroup.puppet_proxy.url).present?
+          lookup_value = LookupValue.where(:match => "hostgroup=#{hostgroup.to_label}", :lookup_key_id => override.id).first_or_initialize
+          lookup_value.update_attribute(:value, url)
+        end
+      end
     end
   end
 end

data/app/models/concerns/foreman_openscap/scap_content_extensions.rb

@@ -13,8 +13,28 @@ require 'scaptimony/scap_content'
 module ForemanOpenscap
   module ScapContentExtensions
     extend ActiveSupport::Concern
+    include Authorizable
+    include Taxonomix
     included do
-      scoped_search :on => :digest
+      attr_accessible :location_ids, :organization_ids
+
+      default_scope {
+        with_taxonomy_scope do
+          order("scaptimony_scap_contents.title")
+        end
+      }
+    end
+
+    def used_location_ids
+      Location.joins(:taxable_taxonomies).where(
+          'taxable_taxonomies.taxable_type' => 'Scaptimony::ScapContent',
+          'taxable_taxonomies.taxable_id' => id).pluck("#{Location.arel_table.name}.id")
+    end
+
+    def used_organization_ids
+      Organization.joins(:taxable_taxonomies).where(
+          'taxable_taxonomies.taxable_type' => 'Scaptimony::ScapContent',
+          'taxable_taxonomies.taxable_id' => id).pluck("#{Location.arel_table.name}.id")
     end
   end
 end