foreman_openscap 0.4.3 → 0.5.0

data/db/migrate/20141116170632_remove_xccdf_profile_from_scaptimony_policies.rb

@@ -0,0 +1,5 @@
+class RemoveXccdfProfileFromScaptimonyPolicies < ActiveRecord::Migration
+  def change
+    remove_column :scaptimony_policies, :xccdf_profile
+  end
+end

data/db/migrate/20141116171305_add_profile_to_scaptimony_policies.rb

@@ -0,0 +1,6 @@
+class AddProfileToScaptimonyPolicies < ActiveRecord::Migration
+  def change
+    # add_reference :scaptimony_policies, :scap_content_profile, index: true
+    add_column :scaptimony_policies, :scap_content_profile_id, :integer, references: :scap_content_profile
+  end
+end

data/db/migrate/20141118142954_add_constraint_to_scaptimony_policies.rb

@@ -0,0 +1,5 @@
+class AddConstraintToScaptimonyPolicies < ActiveRecord::Migration
+  def change
+    change_column :scaptimony_policies, :name, :string, :null => false
+  end
+end

data/db/migrate/20141119164918_create_scaptimony_xccdf_results.rb

@@ -0,0 +1,8 @@
+class CreateScaptimonyXccdfResults < ActiveRecord::Migration
+  def change
+    create_table :scaptimony_xccdf_results do |t|
+      t.string :name, :limit => 16, :null => false
+    end
+    add_index :scaptimony_xccdf_results, [:name], :unique => true
+  end
+end

data/db/migrate/20141119175434_create_scaptimony_xccdf_rules.rb

@@ -0,0 +1,8 @@
+class CreateScaptimonyXccdfRules < ActiveRecord::Migration
+  def change
+    create_table :scaptimony_xccdf_rules do |t|
+      t.string :xid, :null => false
+    end
+    add_index :scaptimony_xccdf_rules, [:xid], :unique => true
+  end
+end

data/db/migrate/20141119182606_create_scaptimony_xccdf_rule_results.rb

@@ -0,0 +1,9 @@
+class CreateScaptimonyXccdfRuleResults < ActiveRecord::Migration
+  def change
+    create_table :scaptimony_xccdf_rule_results do |t|
+      t.references :arf_report, index: true, null: false
+      t.references :xccdf_result, index: true, null: false
+      t.references :xccdf_rule, index: true, null: false
+    end
+  end
+end

data/db/migrate/20141121120326_create_scaptimony_arf_report_breakdowns.rb

@@ -0,0 +1,24 @@
+class CreateScaptimonyArfReportBreakdowns < ActiveRecord::Migration
+  def self.up
+    execute <<-SQL
+CREATE VIEW scaptimony_arf_report_breakdowns AS
+  SELECT
+    arf.id as arf_report_id,
+    COUNT(CASE WHEN result.name IN ('pass','fixed') THEN 1 ELSE null END) as passed,
+    COUNT(CASE result.name WHEN 'fail' THEN 1 ELSE null END) as failed,
+    COUNT(CASE WHEN result.name NOT IN ('pass', 'fixed', 'fail', 'notselected', 'notapplicable') THEN 1 ELSE null END) as othered
+  FROM
+    scaptimony_arf_reports arf,
+    scaptimony_xccdf_rule_results rule,
+    scaptimony_xccdf_results result
+  WHERE
+    arf.id = rule.arf_report_id
+    AND rule.xccdf_result_id = result.id
+  GROUP BY arf.id;
+    SQL
+  end
+
+  def self.down
+    execute 'DROP VIEW scaptimony_arf_report_breakdowns' if table_exists? 'scaptimony_arf_report_breakdowns'
+  end
+end

data/db/migrate/20141121164042_replace_arf_report_breakdown_view.rb

@@ -0,0 +1,25 @@
+class ReplaceArfReportBreakdownView < ActiveRecord::Migration
+  def self.up
+    execute 'DROP VIEW IF EXISTS scaptimony_arf_report_breakdowns'
+    execute <<-SQL
+CREATE VIEW scaptimony_arf_report_breakdowns AS
+  SELECT
+    arf.id as arf_report_id,
+    COUNT(CASE WHEN result.name IN ('pass','fixed') THEN 1 ELSE null END) as passed,
+    COUNT(CASE result.name WHEN 'fail' THEN 1 ELSE null END) as failed,
+    COUNT(CASE WHEN result.name NOT IN ('pass', 'fixed', 'fail', 'notselected', 'notapplicable') THEN 1 ELSE null END) as othered
+  FROM
+    scaptimony_arf_reports arf
+  LEFT OUTER JOIN
+    scaptimony_xccdf_rule_results rule
+    ON arf.id = rule.arf_report_id
+  LEFT OUTER JOIN scaptimony_xccdf_results result
+    ON rule.xccdf_result_id = result.id
+  GROUP BY arf.id;
+    SQL
+  end
+
+  def self.down
+    execute 'DROP VIEW scaptimony_arf_report_breakdowns' if table_exists? 'scaptimony_arf_report_breakdowns'
+  end
+end

data/db/migrate/20141206211151_create_scaptimony_assets_policies.rb

@@ -0,0 +1,9 @@
+class CreateScaptimonyAssetsPolicies < ActiveRecord::Migration
+  def change
+    create_table :scaptimony_assets_policies, :id => false do |t|
+      t.references :asset, :index => true, :null => false
+      t.references :policy, :index => true, :null => false
+    end
+    add_index :scaptimony_assets_policies, [:asset_id, :policy_id], :unique => true
+  end
+end

data/db/migrate/20141214112917_add_scap_file_to_scap_content.rb

@@ -0,0 +1,5 @@
+class AddScapFileToScapContent < ActiveRecord::Migration
+  def change
+    add_column :scaptimony_scap_contents, :scap_file, :binary
+  end
+end

data/db/migrate/20141216154502_rename_scaptimony_asset_policies.rb

@@ -0,0 +1,5 @@
+class RenameScaptimonyAssetPolicies < ActiveRecord::Migration
+  def change
+    rename_table(:scaptimony_assets_policies, :scaptimony_asset_policies)
+  end
+end

data/db/migrate/20150111085317_polymorph_asset.rb

@@ -0,0 +1,8 @@
+class PolymorphAsset < ActiveRecord::Migration
+  def change
+    change_table(:scaptimony_assets) do |t|
+      t.references :assetable, :polymorphic => true, :index => true
+      t.remove :name
+    end
+  end
+end

data/db/migrate/20150112152944_create_scaptimony_arf_report_raws.rb

@@ -0,0 +1,10 @@
+class CreateScaptimonyArfReportRaws < ActiveRecord::Migration
+  def change
+    create_table :scaptimony_arf_report_raws, :id => false do |t|
+      t.references :arf_report, :index => true, :null => false
+      t.integer :size
+      t.binary :raw
+    end
+    add_index :scaptimony_arf_report_raws, [:arf_report_id], :unique => true
+  end
+end

data/db/migrate/20150114210634_rename_scaptimony_arf_report_raw_raw.rb

@@ -0,0 +1,5 @@
+class RenameScaptimonyArfReportRawRaw < ActiveRecord::Migration
+  def change
+    rename_column :scaptimony_arf_report_raws, :raw, :bzip_data
+  end
+end

data/db/migrate/20150115155947_add_scaptimony_scap_content_digest.rb

@@ -0,0 +1,21 @@
+require 'digest/sha2'
+
+class AddScaptimonyScapContentDigest < ActiveRecord::Migration
+  def change
+    unless column_exists?(:scaptimony_scap_contents, :digest)
+      add_column :scaptimony_scap_contents, :digest, :string, :limit => 128
+      ScapContentHack.find_each do |content|
+        content.digest
+        content.save!
+      end
+      change_column :scaptimony_scap_contents, :digest, :string, :null => false
+    end
+  end
+
+  class ScapContentHack < ActiveRecord::Base
+    self.table_name = 'scaptimony_scap_contents'
+    def digest
+      self[:digest] ||= Digest::SHA256.hexdigest "#{scap_file}"
+    end
+  end
+end

data/db/migrate/20150116083129_add_day_of_month_and_cron_line_to_scaptimony_policy.rb

@@ -0,0 +1,6 @@
+class AddDayOfMonthAndCronLineToScaptimonyPolicy < ActiveRecord::Migration
+  def change
+    add_column :scaptimony_policies, :day_of_month, :integer
+    add_column :scaptimony_policies, :cron_line, :string
+  end
+end

data/db/migrate/20150821100137_migrate_from_scaptimony.rb

@@ -0,0 +1,59 @@
+class MigrateFromScaptimony < ActiveRecord::Migration
+  def up
+    ActiveRecord::Base.connection.tables.grep(/^scaptimony/).each do |table|
+      rename_table table, table.sub(/^scaptimony/, "foreman_openscap")
+    end
+
+    execute 'DROP VIEW scaptimony_arf_report_breakdowns' if table_exists? 'scaptimony_arf_report_breakdowns'
+    execute 'DROP VIEW foreman_openscap_arf_report_breakdowns' if table_exists? 'foreman_openscap_arf_report_breakdowns'
+
+    execute <<-SQL
+      CREATE VIEW foreman_openscap_arf_report_breakdowns AS
+        SELECT
+          arf.id as arf_report_id,
+          COUNT(CASE WHEN result.name IN ('pass','fixed') THEN 1 ELSE null END) as passed,
+          COUNT(CASE result.name WHEN 'fail' THEN 1 ELSE null END) as failed,
+          COUNT(CASE WHEN result.name NOT IN ('pass', 'fixed', 'fail', 'notselected', 'notapplicable') THEN 1 ELSE null END) as othered
+        FROM
+          foreman_openscap_arf_reports arf
+        LEFT OUTER JOIN
+          foreman_openscap_xccdf_rule_results rule
+          ON arf.id = rule.arf_report_id
+        LEFT OUTER JOIN foreman_openscap_xccdf_results result
+          ON rule.xccdf_result_id = result.id
+        GROUP BY arf.id;
+          SQL
+
+    taxonomies = TaxableTaxonomy.where(:taxable_type => ["Scaptimony::ArfReport", "Scaptimony::Policy", "Scaptimony::ScapContent"])
+    taxonomies.each { |t| t.taxable_type = t.taxable_type.sub(/^Scaptimony/, "ForemanOpenscap")}.map(&:save!)
+  end
+
+  def down
+    ActiveRecord::Base.connection.tables.grep(/^foreman_openscap/).each do |table|
+      rename_table table, table.sub(/^foreman_openscap/, "scaptimony")
+    end
+
+    execute 'DROP VIEW scaptimony_arf_report_breakdowns' if table_exists? 'scaptimony_arf_report_breakdowns'
+    execute 'DROP VIEW foreman_openscap_arf_report_breakdowns' if table_exists? 'foreman_openscap_arf_report_breakdowns'
+
+    execute <<-SQL
+      CREATE VIEW scaptimony_arf_report_breakdowns AS
+        SELECT
+          arf.id as arf_report_id,
+          COUNT(CASE WHEN result.name IN ('pass','fixed') THEN 1 ELSE null END) as passed,
+          COUNT(CASE result.name WHEN 'fail' THEN 1 ELSE null END) as failed,
+          COUNT(CASE WHEN result.name NOT IN ('pass', 'fixed', 'fail', 'notselected', 'notapplicable') THEN 1 ELSE null END) as othered
+        FROM
+          scaptimony_arf_reports arf
+        LEFT OUTER JOIN
+          scaptimony_xccdf_rule_results rule
+          ON arf.id = rule.arf_report_id
+        LEFT OUTER JOIN scaptimony_xccdf_results result
+          ON rule.xccdf_result_id = result.id
+        GROUP BY arf.id;
+          SQL
+
+    taxonomies = TaxableTaxonomy.where(:taxable_type => ["ForemanOpenscap::ArfReport", "ForemanOpenscap::Policy", "ForemanOpenscap::ScapContent"])
+    taxonomies.each { |t| t.taxable_type = t.taxable_type.sub(/^ForemanOpenscap/, "Scaptimony")}.map(&:save!)
+  end
+end

data/db/migrate/20150827123826_remove_scaptimony_permissions.rb

@@ -0,0 +1,21 @@
+class RemoveScaptimonyPermissions < ActiveRecord::Migration
+  def up
+    permissions = Permission.where(:resource_type => ["Scaptimony::Policy", "Scaptimony::ScapContent"])
+    new_type = "ForemanOpenscap"
+    permissions.each do |p|
+      say "Converting permission '#{p.id}' with name '#{p.name}' of type '#{p.resource_type}' to new type '#{new_type}'"
+      p.resource_type = p.resource_type.sub(/^Scaptimony/, new_type)
+      p.save!
+    end
+  end
+
+  def down
+    permissions = Permission.where(:resource_type => ["ForemanOpenscap::Policy", "ForemanOpenscap::ScapContent"])
+    permissions.each do |p|
+      old_type = "Scaptimony"
+      say "Converting permission '#{p.id}' with name '#{p.name}' of type '#{p.resource_type}' to new type '#{old_type}'"
+      p.resource_type = p.resource_type.sub(/^ForemanOpenscap/, old_type)
+      p.save!
+    end
+  end
+end

data/db/migrate/20150925124959_create_policy_arf_reports.rb

@@ -0,0 +1,13 @@
+class CreatePolicyArfReports < ActiveRecord::Migration
+  def up
+    create_table :foreman_openscap_policy_arf_reports do |t|
+      t.integer :policy_id
+      t.integer :arf_report_id
+      t.string :digest, :limit => 128
+    end
+  end
+
+  def down
+    drop_table :foreman_openscap_policy_arf_reports
+  end
+end

data/db/migrate/20150929124853_add_result_to_logs.rb

@@ -0,0 +1,9 @@
+class AddResultToLogs < ActiveRecord::Migration
+  def up
+    add_column :logs, :result, :string
+  end
+
+  def down
+    remove_column :logs, :result
+  end
+end

data/db/migrate/20150929152345_move_arf_reports_to_reports_table.rb

@@ -0,0 +1,179 @@
+class MoveArfReportsToReportsTable < ActiveRecord::Migration
+
+  # rubocop:disable Metrics/MethodLength
+  # rubocop:disable Metrics/AbcSize
+  def up
+    old_arf_reports = execute("SELECT * FROM foreman_openscap_arf_reports;")
+
+    #select only reports with existing host
+    old_arf_reports = old_arf_reports.select do |item|
+      asset = ForemanOpenscap::Asset.find item['asset_id']
+      !asset.host.nil? && asset.assetable_type = "Host::Base"
+    end
+    #and remove assets without assetable
+    ForemanOpenscap::Asset.where(:assetable_type => "Host::Base").select { |a| a.host.nil? }.map(&:destroy)
+    ForemanOpenscap::Asset.where(:assetable_type => "Hostgroup").select { |a| a.hostgroup.nil? }.map(&:destroy)
+
+    old_arf_reports.each do |item|
+      metrics = breakdown_to_metrics item["id"]
+
+      #reported_at attribute must be unique
+      reported_at = DateTime.strptime(item["created_at"], "%Y-%m-%d %H:%M:%S")
+
+      reported_at += 1.seconds until arfs_by_reported(reported_at).empty?
+
+      arf = ForemanOpenscap::ArfReport.create!(:metrics => metrics,
+                                               :reported_at => reported_at,
+                                               :created_at => item["created_at"],
+                                               :updated_at => item["updated_at"],
+                                               :host_id => item["asset_id"],
+                                               :status => metrics)
+
+      ForemanOpenscap::PolicyArfReport.create!(:arf_report_id => arf.id, :policy_id => item["policy_id"], :digest => item["digest"])
+
+      xccdf_rules.each { |rule_item| Source.find_or_create(rule_item["xid"]) }
+
+      xccdf_rule_results(item["id"]).each do |rr_item|
+        message = Message.find_or_create("No message for this log")
+
+        rule_item = xccdf_rule(rr_item['xccdf_rule_id'])
+        source = Source.find_or_create(rule_item['xid'])
+
+        Log.create!(:report_id => arf.id,
+                    :result => xccdf_result(rr_item["xccdf_result_id"])['name'],
+                    :message_id => message.id,
+                    :source_id => source.id,
+                    :level => :info)
+      end
+    end
+
+    execute 'DROP VIEW foreman_openscap_arf_report_breakdowns' if table_exists? 'foreman_openscap_arf_report_breakdowns'
+    drop_table :foreman_openscap_xccdf_results
+    drop_table :foreman_openscap_xccdf_rules
+    drop_table :foreman_openscap_xccdf_rule_results
+    drop_table :foreman_openscap_arf_reports
+    drop_table :foreman_openscap_arf_report_raws
+  end
+
+  def down
+    #warning! we cannot fully revert since arf_report_raws got dropped and we have no way of recreating them
+    create_table :foreman_openscap_arf_reports do |t|
+      t.references :asset, :index => true
+      t.references :policy, :index => true
+      t.datetime :date
+      t.string :digest, :limit => 128
+
+      t.timestamps
+    end
+    add_index :foreman_openscap_arf_reports, :digest, :unique => true
+
+    add_index :foreman_openscap_arf_reports, [:asset_id, :policy_id, :date, :digest],
+              :unique => true, :name => :index_openscap_arf_reports_unique_set
+
+    create_table :foreman_openscap_xccdf_results do |t|
+      t.string :name, :limit => 16, :null => false
+    end
+    add_index :foreman_openscap_xccdf_results, [:name], :unique => true
+
+    create_table :foreman_openscap_xccdf_rules do |t|
+      t.string :xid, :null => false
+    end
+    add_index :foreman_openscap_xccdf_rules, [:xid], :unique => true
+
+    create_table :foreman_openscap_xccdf_rule_results do |t|
+      t.references :arf_report, :index => true, :null => false
+      t.references :xccdf_result, :index => true, :null => false
+      t.references :xccdf_rule, :index => true, :null => false
+    end
+
+    create_table :foreman_openscap_arf_report_raws, :id => false do |t|
+      t.references :arf_report, :index => true, :null => false
+      t.integer :size
+      t.binary :raw
+    end
+    add_index :foreman_openscap_arf_report_raws, [:arf_report_id], :unique => true
+
+    execute <<-SQL
+      CREATE VIEW foreman_openscap_arf_report_breakdowns AS
+        SELECT
+          arf.id as arf_report_id,
+          COUNT(CASE WHEN result.name IN ('pass','fixed') THEN 1 ELSE null END) as passed,
+          COUNT(CASE result.name WHEN 'fail' THEN 1 ELSE null END) as failed,
+          COUNT(CASE WHEN result.name NOT IN ('pass', 'fixed', 'fail', 'notselected', 'notapplicable') THEN 1 ELSE null END) as othered
+        FROM
+          foreman_openscap_arf_reports arf
+        LEFT OUTER JOIN
+          foreman_openscap_xccdf_rule_results rule
+          ON arf.id = rule.arf_report_id
+        LEFT OUTER JOIN foreman_openscap_xccdf_results result
+          ON rule.xccdf_result_id = result.id
+        GROUP BY arf.id;
+    SQL
+
+    ForemanOpenscap::ArfReport::RESULT.each do |n|
+      execute("INSERT INTO foreman_openscap_xccdf_results (name) VALUES ('#{n}');")
+    end
+
+    ForemanOpenscap::ArfReport.order('id').each do |arf|
+      execute("INSERT INTO foreman_openscap_arf_reports (asset_id, policy_id, date, digest, created_at, updated_at)
+                      VALUES ('#{arf.host_id}', '#{arf.policy.id}', '#{arf.reported_at}',
+                             '#{arf.policy_arf_report.digest}', '#{arf.created_at}', '#{arf.updated_at}');")
+      record = report(arf)
+      arf.logs.each do |log|
+        xccdf_result_item = execute("SELECT * FROM foreman_openscap_xccdf_results WHERE name = '#{log.result}';").first
+        xccdf_rule_item = execute("SELECT * FROM foreman_openscap_xccdf_rules WHERE xid = '#{log.source.value}';").first
+        unless xccdf_rule_item
+          execute("INSERT INTO foreman_openscap_xccdf_rules (xid) VALUES ('#{log.source.value}');")
+          xccdf_rule_item = execute("SELECT * FROM foreman_openscap_xccdf_rules WHERE xid = '#{log.source.value}';").first
+        end
+        execute("INSERT INTO foreman_openscap_xccdf_rule_results (arf_report_id, xccdf_result_id, xccdf_rule_id)
+                        VALUES ('#{record['id']}', '#{xccdf_result_item['id']}', '#{xccdf_rule_item['id']}');")
+        msg = log.message
+        src = log.source
+        log.destroy
+        msg.destroy if msg.logs.empty?
+        src.destroy if src.logs.empty?
+      end
+      # arf.destroy fires arf_report_raw.destroy
+      execute("DELETE FROM reports WHERE id = '#{arf.id}';")
+    end
+    ForemanOpenscap::PolicyArfReport.all.map(&:destroy)
+  end
+
+  private
+
+  def breakdown_to_metrics(report_id)
+    execute("SELECT passed, failed, othered FROM foreman_openscap_arf_report_breakdowns WHERE arf_report_id='#{report_id}';").first
+  end
+
+  def xccdf_rule_results(report_id)
+    execute("SELECT arf_report_id, xccdf_result_id, xccdf_rule_id
+             FROM foreman_openscap_xccdf_rule_results
+             WHERE arf_report_id='#{report_id}';")
+  end
+
+  def xccdf_rules
+    execute("SELECT xid FROM foreman_openscap_xccdf_rules;")
+  end
+
+  def xccdf_rule(rule_id)
+    execute("SELECT xid
+             FROM foreman_openscap_xccdf_rules
+             WHERE foreman_openscap_xccdf_rules.id = '#{rule_id}';").first
+  end
+
+  def xccdf_result(result_id)
+    execute("SELECT name FROM foreman_openscap_xccdf_results WHERE id = '#{result_id}';").first
+  end
+
+  def arfs_by_reported(time)
+    ForemanOpenscap::ArfReport.where(:reported_at => time)
+  end
+
+  def report(arf)
+    execute("SELECT id
+             FROM foreman_openscap_arf_reports
+             WHERE date = '#{arf.reported_at}' AND
+                   digest = '#{arf.policy_arf_report.digest}';").first
+  end
+end