foreman_openscap 0.4.3 → 0.5.0

data/app/helpers/compliance_hosts_helper.rb

@@ -0,0 +1,25 @@
+module ComplianceHostsHelper
+
+  def host_policy_breakdown_chart(report, options = {})
+    data = []
+    [[:passed, _('Passed')],
+     [:failed, _('Failed')],
+     [:othered, _('Other')],
+    ].each { |i|
+      data << {:label => i[1], :data => report[i[0]], :color => ArfReportDashboardHelper::COLORS[i[0]]}
+    }
+    flot_pie_chart 'overview', _('Compliance reports breakdown'), data, options
+  end
+
+  def host_arf_reports_chart(policy_id)
+    passed, failed, othered, = [], [], []
+    @host.arf_reports.of_policy(policy_id).each do |report|
+      passed  << [report.created_at.to_i*1000, report.passed]
+      failed  << [report.created_at.to_i*1000, report.failed]
+      othered << [report.created_at.to_i*1000, report.othered]
+    end
+    [{:label => _("Passed"), :data => passed, :color => ArfReportDashboardHelper::COLORS[:passed]},
+     {:label => _("Failed"), :data => failed, :color => ArfReportDashboardHelper::COLORS[:failed]},
+     {:label => _("Othered"), :data => othered, :color => ArfReportDashboardHelper::COLORS[:othered]}]
+  end
+end

data/app/helpers/concerns/foreman_openscap/hosts_helper_extensions.rb

@@ -7,39 +7,9 @@ module ForemanOpenscap
       alias_method_chain :name_column, :scap
     end
 
-    Colors = {
-        :passed  => '#89A54E',
-        :failed  => '#AA4643',
-        :othered => '#DB843D',
-    }
-
     def multiple_actions_with_scap
-      multiple_actions_without_scap + [[_('Assign Compliance Policy'), select_multiple_hosts_scaptimony_policies_path],
-                                       [_('Unassign Compliance Policy'), disassociate_multiple_hosts_scaptimony_policies_path]]
-
-    end
-
-    def host_policy_breakdown_chart(report, options = {})
-      data = []
-      [[:passed, _('Passed')],
-       [:failed, _('Failed')],
-       [:othered, _('Other')],
-      ].each { |i|
-        data << {:label => i[1], :data => report[i[0]], :color => Colors[i[0]]}
-      }
-      flot_pie_chart 'overview', _('Compliance reports breakdown'), data, options
-    end
-
-    def host_arf_reports_chart(policy_id)
-      passed, failed, othered, = [], [], []
-      @host.arf_reports.of_policy(policy_id).each do |report|
-        passed  << [report.created_at.to_i*1000, report.passed]
-        failed  << [report.created_at.to_i*1000, report.failed]
-        othered << [report.created_at.to_i*1000, report.othered]
-      end
-      [{:label => _("Passed"), :data => passed, :color => Colors[:passed]},
-       {:label => _("Failed"), :data => failed, :color => Colors[:failed]},
-       {:label => _("Othered"), :data => othered, :color => Colors[:othered]}]
+      multiple_actions_without_scap + [[_('Assign Compliance Policy'), select_multiple_hosts_policies_path],
+                                       [_('Unassign Compliance Policy'), disassociate_multiple_hosts_policies_path]]
     end
 
     def name_column_with_scap(record)

data/app/helpers/{scaptimony_policies_helper.rb → policies_helper.rb}

@@ -1,4 +1,4 @@
-module ScaptimonyPoliciesHelper
+module PoliciesHelper
   def profiles_selection
     return @scap_content.scap_content_profiles unless @scap_content.blank?
     return @policy.scap_content.scap_content_profiles unless @policy.scap_content.blank?
@@ -6,7 +6,7 @@ module ScaptimonyPoliciesHelper
   end
 
   def scap_content_selector(form)
-    scap_contents = Scaptimony::ScapContent.all
+    scap_contents = ::ForemanOpenscap::ScapContent.all
     if scap_contents.length > 1
       select_f form, :scap_content_id, scap_contents, :id, :title,
                {:include_blank => _("Choose existing SCAP Content")} ,
@@ -65,4 +65,8 @@ module ScaptimonyPoliciesHelper
       link_to((previous).html_safe, '#', :class => 'btn btn-default', :onclick => "previous_step('#{@policy.previous_step}')")
     end
   end
+
+  def days_of_week_hash
+    Hash[*Date::DAYNAMES.map{ |day| [day.downcase, day]}.flatten]
+  end
 end

data/app/helpers/{scaptimony_policy_dashboard_helper.rb → policy_dashboard_helper.rb}

@@ -8,16 +8,16 @@
 # along with this software; if not, see http://www.gnu.org/licenses/gpl.txt
 #
 
-module ScaptimonyPolicyDashboardHelper
-  Colors = {
-    :compliant_hosts => '#89A54E',
-    :incompliant_hosts => '#AA4643',
-    :inconclusive_hosts => '#DB843D',
+module PolicyDashboardHelper
+  COLORS = {
+    :compliant_hosts => ArfReportDashboardHelper::COLORS[:passed],
+    :incompliant_hosts => ArfReportDashboardHelper::COLORS[:failed],
+    :inconclusive_hosts => ArfReportDashboardHelper::COLORS[:othered],
     :report_missing => '#92A8CD',
   }
 
   def policy_widget_list
-    Scaptimony::PolicyDashboard::Manager.widgets
+    ForemanOpenscap::PolicyDashboard::Manager.widgets
   end
 
   def host_breakdown_chart(report, options = {})
@@ -27,14 +27,14 @@ module ScaptimonyPolicyDashboardHelper
      [:inconclusive_hosts, _('Inconclusive')],
      [:report_missing, _('Not audited')],
     ].each { |i|
-      data << {:label => i[1], :data => report[i[0]], :color => Colors[i[0]]}
+      data << {:label => i[1], :data => report[i[0]], :color => COLORS[i[0]]}
     }
     flot_pie_chart 'overview', _('Compliance Status'), data, options
   end
 
   def status_link(name, label, path)
     content_tag :li do
-      content_tag(:i, raw('&nbsp;'), :class=>'label', :style => 'background-color:' + Colors[label]) +
+      content_tag(:i, raw('&nbsp;'), :class=>'label', :style => 'background-color:' + COLORS[label]) +
       raw('&nbsp;') +
       link_to(name, path, :class=>'dashboard-links') +
       content_tag(:h4, @report[label])

data/app/lib/proxy_api/available_proxy.rb

@@ -0,0 +1,26 @@
+module ::ProxyAPI
+  class AvailableProxy
+
+    HTTP_ERRORS = [
+        EOFError,
+        Errno::ECONNRESET,
+        Errno::EINVAL,
+        Net::HTTPBadResponse,
+        Net::HTTPHeaderSyntaxError,
+        Net::ProtocolError,
+        Timeout::Error
+    ]
+
+    def initialize(args)
+      @features = ::ProxyAPI::Features.new(args).features
+    end
+
+    def available?
+      begin
+        return true if @features.include?('openscap')
+      rescue *HTTP_ERRORS
+        return false
+      end
+    end
+  end
+end

data/app/lib/proxy_api/openscap.rb

@@ -0,0 +1,40 @@
+module ::ProxyAPI
+  class Openscap < ::ProxyAPI::Resource
+    def initialize(args)
+      @url = args[:url] + '/compliance/'
+      super args
+      @connect_params[:headers].merge!(:content_type => :xml)
+    end
+
+    def fetch_policies_for_scap_content(scap_file)
+      parse(post(scap_file, "scap_content/policies"))
+    end
+
+    def validate_scap_content(scap_file)
+      parse(post(scap_file, "scap_content/validator"))
+    end
+
+    def policy_html_guide(scap_file, policy)
+      guide = parse(post(scap_file, "scap_content/guide/#{policy}"))
+      guide['html']
+    end
+
+    def arf_report_html(report, cname)
+      begin
+        @connect_params[:headers] = { :accept => 'application/html' }
+        get "/arf/#{report.id}/#{cname}/#{report.reported_at.to_i}/#{report.policy_arf_report.digest}/html"
+      rescue => e
+        raise ::ProxyAPI::ProxyException.new(url, e, N_("Unable to get html version of requested report from Smart Proxy"))
+      end
+    end
+
+    def arf_report_bzip(report, cname)
+      begin
+        @connect_params[:headers] = { :content_type => 'application/arf-bzip2', :content_encoding => 'x-bzip2' }
+        get "/arf/#{report.id}/#{cname}/#{report.reported_at.to_i}/#{report.policy_arf_report.digest}/xml"
+      rescue => e
+        raise ::ProxyAPI::ProxyException.new(url, e, N_("Unable to get xml version of requested report from Smart Proxy"))
+      end
+    end
+  end
+end

data/app/mailers/foreman_openscap/policy_mailer.rb

@@ -0,0 +1,42 @@
+module ForemanOpenscap
+  class PolicyMailer  < ::ApplicationMailer
+
+    def policy_summary(options = {})
+      set_url
+      user = ::User.find(options[:user])
+      @time = options[:time] || 1.day.ago
+
+      @policies = ::ForemanOpenscap::Policy.all.reject {|policy| policy.assets.map(&:host).compact.empty?}
+      @compliant_hosts = @policies.map { |policy| Host.where(:id => policy.assets.comply_with(policy).map(&:assetable_id)) }.flatten
+      @incompliant_hosts = @policies.map { |policy| Host.where(:id => policy.assets.incomply_with(policy).map(&:assetable_id)) }.flatten
+      changed_hosts_of_policies(@policies)
+
+      if user.nil? || user.mail.nil?
+        logger.warn "User with valid email not supplied, mail report will not be sent"
+      else
+        set_locale_for(user) do
+          subject = _("Scap policies summary")
+          mail(:to => user.mail, :subject => subject)
+        end
+      end
+    end
+
+    private
+
+    def changed_hosts_of_policies(policies)
+      hash = @policies.inject({}) do |result, policy|
+        result[policy.id] = policy.hosts
+        result
+      end
+
+      @changed_hosts = []
+      hash.each do |key, values|
+        values.each do |host|
+          @changed_hosts << host if host.scap_status_changed?(::ForemanOpenscap::Policy.find key)
+        end
+      end
+      @changed_hosts.uniq
+    end
+
+  end
+end

data/app/models/concerns/foreman_openscap/compliance_status_scoped_search.rb

@@ -0,0 +1,91 @@
+module ForemanOpenscap
+  module ComplianceStatusScopedSearch
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+      def compliance_status_scoped_search(status, options = {})
+        options.merge!(:offset => ArfReport::METRIC.index(status.to_s), :word_size => ArfReport::BIT_NUM)
+        scoped_search options
+      end
+
+      def search_by_policy_name(_key, _operator, policy_name)
+        cond = sanitize_policy_name(policy_name)
+        { :conditions => ArfReport.arel_table[:id].in(
+            PolicyArfReport.select(PolicyArfReport.arel_table[:arf_report_id])
+              .of_policy(Policy.find_by_name(cond).id).ast
+          ).to_sql
+        }
+      end
+
+      def search_by_comply_with(_key, _operator, policy_name)
+        search_by_policy_results policy_name, &:passed
+      end
+
+      def search_by_not_comply_with(_key, _operator, policy_name)
+        search_by_policy_results policy_name, &:failed
+      end
+
+      def search_by_inconclusive_with(_key, _operator, policy_name)
+        search_by_policy_results policy_name, &:othered
+      end
+
+       def search_by_policy_results(policy_name, &selection)
+        cond = sanitize_policy_name(policy_name)
+        { :conditions => ArfReport.arel_table[:id].in(
+          ArfReport.select(ArfReport.arel_table[:id])
+              .latest_of_policy(Policy.find_by_name cond).instance_eval(&selection).ast
+          ).to_sql
+        }
+      end
+
+      def search_by_last_for(key, operator, by)
+        by.gsub!(/[^[:alnum:]]/, '')
+        case by.downcase
+        when 'host'
+          { :conditions => 'reports.id IN (
+                SELECT MAX(id) FROM reports sub
+                WHERE sub.host_id = reports.host_id)' }
+        when 'policy'
+          { :conditions => 'reports.id IN (
+              SELECT latest.id
+              FROM foreman_openscap_policies
+                INNER JOIN (SELECT policy_id, MAX(reports.id) AS id
+                            FROM reports INNER JOIN foreman_openscap_policy_arf_reports
+                              ON reports.id = foreman_openscap_policy_arf_reports.arf_report_id
+                            GROUP BY policy_id
+                           ) latest
+                ON foreman_openscap_policies.id = latest.policy_id)' }
+        else
+          fail "Cannot search last by #{by}"
+        end
+      end
+
+      private
+
+      def sanitize_policy_name(policy_name)
+        sanitize_sql_for_conditions('foreman_openscap_policies.name' => policy_name)
+      end
+    end
+
+    included do
+      scoped_search :in => :policy, :on => :name, :complete_value => true, :rename => :compliance_policy,
+                    :ext_method => :search_by_policy_name
+
+      scoped_search :on => :id, :rename => :last_for, :complete_value => { :host => 0, :policy => 1 },
+        :only_explicit => true, :ext_method => :search_by_last_for
+
+      scoped_search :in => :policy, :on => :name, :complete_value => true, :rename => :comply_with,
+        :only_explicit => true, :operators => ['= '], :ext_method => :search_by_comply_with
+
+      scoped_search :in => :policy, :on => :name, :complete_value => true, :rename => :not_comply_with,
+        :only_explicit => true, :operators => ['= '], :ext_method => :search_by_not_comply_with
+
+      scoped_search :in => :policy, :on => :name, :complete_value => true, :rename => :inconclusive_with,
+        :only_explicit => true, :operators => ['= '], :ext_method => :search_by_inconclusive_with
+
+      compliance_status_scoped_search 'passed', :on => :status, :rename => :compliance_passed
+      compliance_status_scoped_search 'failed', :on => :status, :rename => :compliance_failed
+      compliance_status_scoped_search 'othered', :on => :status, :rename => :compliance_othered
+    end
+  end
+end

data/app/models/concerns/foreman_openscap/host_extensions.rb

@@ -1,24 +1,53 @@
-require 'scaptimony/asset'
-
 module ForemanOpenscap
   module HostExtensions
     extend ActiveSupport::Concern
     ::Host::Managed::Jail.allow :policies_enc
 
     included do
-      has_one :asset, :as => :assetable, :class_name => "::Scaptimony::Asset"
-      has_many :asset_policies, :through => :asset, :class_name => "::Scaptimony::AssetPolicy"
-      has_many :policies, :through => :asset_policies, :class_name => "::Scaptimony::Policy"
-      has_many :arf_reports, :through => :asset, :class_name => '::Scaptimony::ArfReport'
+      has_one :asset, :as => :assetable, :class_name => "::ForemanOpenscap::Asset"
+      has_many :asset_policies, :through => :asset, :class_name => "::ForemanOpenscap::AssetPolicy"
+      has_many :policies, :through => :asset_policies, :class_name => "::ForemanOpenscap::Policy"
+      has_many :arf_reports, :class_name => '::ForemanOpenscap::ArfReport', :foreign_key => :host_id
+      has_one :compliance_status_object, :class_name => '::ForemanOpenscap::ComplianceStatus', :foreign_key => 'host_id'
 
       scoped_search :in => :policies, :on => :name, :complete_value => true, :rename => :'compliance_policy',
                     :only_explicit => true, :operators => ['= ', '!= '], :ext_method => :search_by_policy_name
+
       scoped_search :in => :policies, :on => :name, :complete_value => true, :rename => :'compliance_report_missing_for',
                     :only_explicit => true, :operators => ['= ', '!= '], :ext_method => :search_by_missing_arf
+
+      scoped_search :in => :compliance_status_object, :on => :status, :rename => :compliance_status,
+                    :complete_value => {:compliant => ::ForemanOpenscap::ComplianceStatus::COMPLIANT,
+                                        :incompliant => ::ForemanOpenscap::ComplianceStatus::INCOMPLIANT,
+                                        :inconclusive => ::ForemanOpenscap::ComplianceStatus::INCONCLUSIVE}
+
+      scope :comply_with, lambda { |policy|
+        joins(:arf_reports).merge(ArfReport.latest_of_policy policy).merge(ArfReport.passed)
+      }
+
+      scope :incomply_with, lambda { |policy|
+        joins(:arf_reports).merge(ArfReport.latest_of_policy policy).merge(ArfReport.failed)
+      }
+
+      scope :inconclusive_with, lambda { |policy|
+        joins(:arf_reports).merge(ArfReport.latest_of_policy policy).merge(ArfReport.othered)
+      }
+
+      scope :policy_reports_missing, lambda { |policy|
+        where("id NOT IN (SELECT host_id
+                          FROM reports INNER JOIN foreman_openscap_policy_arf_reports
+                              ON reports.id = foreman_openscap_policy_arf_reports.arf_report_id
+                          WHERE policy_id = #{policy.id})
+              AND id IN (SELECT assetable_id
+                         FROM foreman_openscap_asset_policies INNER JOIN foreman_openscap_assets
+                              ON foreman_openscap_asset_policies.asset_id = foreman_openscap_assets.id
+                         WHERE foreman_openscap_assets.assetable_type = 'Host::Base'
+                               AND foreman_openscap_asset_policies.policy_id = '#{policy.id}')")
+      }
     end
 
     def get_asset
-      Scaptimony::Asset.where(:assetable_type => 'Host::Base', :assetable_id => id).first_or_create!
+      ForemanOpenscap::Asset.where(:assetable_type => 'Host::Base', :assetable_id => id).first_or_create!
     end
 
     def policies_enc
@@ -30,30 +59,57 @@ module ForemanOpenscap
       combined.uniq
     end
 
+    def scap_status_changed?(policy)
+      last_reports = reports_for_policy(policy, 2)
+      return false if last_reports.length != 2
+      !last_reports.first.equal? last_reports.last
+    end
+
+    def last_report_for_policy(policy)
+      reports_for_policy(policy, 1)
+    end
+
+    def reports_for_policy(policy, limit = nil)
+      if limit
+        ForemanOpenscap::ArfReport.joins(:policy_arf_report)
+          .merge(ForemanOpenscap::PolicyArfReport.of_policy policy.id).where(:host_id => id).limit limit
+      else
+        ForemanOpenscap::ArfReport.joins(:policy_arf_report)
+          .merge(ForemanOpenscap::PolicyArfReport.of_policy policy.id).where(:host_id => id)
+      end
+    end
+
+    def compliance_status(options = {})
+      @compliance_status ||= get_status(ForemanOpenscap::ComplianceStatus).to_status(options)
+    end
+
+    def compliance_status_label(options = {})
+      @compliance_status_label ||= get_status(ForemanOpenscap::ComplianceStatus).to_label(options)
+    end
+
     module ClassMethods
       def search_by_policy_name(key, operator, policy_name)
-        cond = sanitize_sql_for_conditions(["scaptimony_policies.name #{operator} ?", value_to_sql(operator, policy_name)])
+        cond = sanitize_sql_for_conditions(["foreman_openscap_policies.name #{operator} ?", value_to_sql(operator, policy_name)])
         { :conditions => Host::Managed.arel_table[:id].in(
               Host::Managed.select(Host::Managed.arel_table[:id]).joins(:policies).where(cond).ast
             ).to_sql }
       end
 
       def search_by_missing_arf(key, operator, policy_name)
-        cond = sanitize_sql_for_conditions(["scaptimony_policies.name #{operator} ?", value_to_sql(operator, policy_name)])
+        cond = sanitize_sql_for_conditions(["foreman_openscap_policies.name #{operator} ?", value_to_sql(operator, policy_name)])
         { :conditions => Host::Managed.arel_table[:id].in(
              Host::Managed.select(Host::Managed.arel_table[:id])
                .joins(:policies)
                .where(cond)
-               .where('scaptimony_assets.id not in (
-				SELECT distinct scaptimony_arf_reports.asset_id
-				FROM scaptimony_arf_reports
-				WHERE scaptimony_arf_reports.asset_id = scaptimony_assets.id
-					AND scaptimony_arf_reports.policy_id = scaptimony_policies.id)
-			')
-               .ast
-             ).to_sql
+               .where("foreman_openscap_assets.id NOT IN (
+                        SELECT DISTINCT foreman_openscap_arf_reports.asset_id
+                        FROM foreman_openscap_arf_reports
+                        WHERE foreman_openscap_arf_reports.asset_id = foreman_openscap_assets.id
+                            AND foreman_openscap_arf_reports.policy_id = foreman_openscap_policies.id)
+                      ").ast).to_sql
         }
       end
+
     end
   end
 end