foreman_openscap 0.5.0 → 0.5.1

data/app/helpers/policy_dashboard_helper.rb

@@ -26,9 +26,9 @@ module PolicyDashboardHelper
      [:incompliant_hosts, _('Incompliant hosts')],
      [:inconclusive_hosts, _('Inconclusive')],
      [:report_missing, _('Not audited')],
-    ].each { |i|
+    ].each do |i|
       data << {:label => i[1], :data => report[i[0]], :color => COLORS[i[0]]}
-    }
+    end
     flot_pie_chart 'overview', _('Compliance Status'), data, options
   end
 

data/app/lib/proxy_api/available_proxy.rb

@@ -2,13 +2,13 @@ module ::ProxyAPI
   class AvailableProxy
 
     HTTP_ERRORS = [
-        EOFError,
-        Errno::ECONNRESET,
-        Errno::EINVAL,
-        Net::HTTPBadResponse,
-        Net::HTTPHeaderSyntaxError,
-        Net::ProtocolError,
-        Timeout::Error
+      EOFError,
+      Errno::ECONNRESET,
+      Errno::EINVAL,
+      Net::HTTPBadResponse,
+      Net::HTTPHeaderSyntaxError,
+      Net::ProtocolError,
+      Timeout::Error
     ]
 
     def initialize(args)

data/app/lib/proxy_api/openscap.rb

@@ -36,5 +36,15 @@ module ::ProxyAPI
         raise ::ProxyAPI::ProxyException.new(url, e, N_("Unable to get xml version of requested report from Smart Proxy"))
       end
     end
+
+    def destroy_report(report, cname)
+      begin
+        parse(delete("arf/#{report.id}/#{cname}/#{report.reported_at.to_i}/#{report.policy_arf_report.digest}"))
+      rescue => e
+        logger.error "Failed to destroy arf report with id #{report.id} on Smart Proxy"
+        logger.debug e.backtrace.join("\n\t")
+        false
+      end
+    end
   end
 end

data/app/mailers/foreman_openscap/policy_mailer.rb

@@ -1,12 +1,12 @@
 module ForemanOpenscap
-  class PolicyMailer  < ::ApplicationMailer
+  class PolicyMailer < ::ApplicationMailer
 
     def policy_summary(options = {})
       set_url
       user = ::User.find(options[:user])
       @time = options[:time] || 1.day.ago
 
-      @policies = ::ForemanOpenscap::Policy.all.reject {|policy| policy.assets.map(&:host).compact.empty?}
+      @policies = ::ForemanOpenscap::Policy.all.reject { |policy| policy.assets.map(&:host).compact.empty? }
       @compliant_hosts = @policies.map { |policy| Host.where(:id => policy.assets.comply_with(policy).map(&:assetable_id)) }.flatten
       @incompliant_hosts = @policies.map { |policy| Host.where(:id => policy.assets.incomply_with(policy).map(&:assetable_id)) }.flatten
       changed_hosts_of_policies(@policies)

data/app/models/concerns/foreman_openscap/compliance_status_scoped_search.rb

@@ -11,9 +11,9 @@ module ForemanOpenscap
       def search_by_policy_name(_key, _operator, policy_name)
         cond = sanitize_policy_name(policy_name)
         { :conditions => ArfReport.arel_table[:id].in(
-            PolicyArfReport.select(PolicyArfReport.arel_table[:arf_report_id])
-              .of_policy(Policy.find_by_name(cond).id).ast
-          ).to_sql
+          PolicyArfReport.select(PolicyArfReport.arel_table[:arf_report_id])
+            .of_policy(Policy.find_by_name(cond).id).ast
+        ).to_sql
         }
       end
 
@@ -29,12 +29,12 @@ module ForemanOpenscap
         search_by_policy_results policy_name, &:othered
       end
 
-       def search_by_policy_results(policy_name, &selection)
+      def search_by_policy_results(policy_name, &selection)
         cond = sanitize_policy_name(policy_name)
         { :conditions => ArfReport.arel_table[:id].in(
           ArfReport.select(ArfReport.arel_table[:id])
               .latest_of_policy(Policy.find_by_name cond).instance_eval(&selection).ast
-          ).to_sql
+        ).to_sql
         }
       end
 

data/app/models/concerns/foreman_openscap/host_extensions.rb

@@ -10,16 +10,17 @@ module ForemanOpenscap
       has_many :arf_reports, :class_name => '::ForemanOpenscap::ArfReport', :foreign_key => :host_id
       has_one :compliance_status_object, :class_name => '::ForemanOpenscap::ComplianceStatus', :foreign_key => 'host_id'
 
-      scoped_search :in => :policies, :on => :name, :complete_value => true, :rename => :'compliance_policy',
+      scoped_search :in => :policies, :on => :name, :complete_value => true, :rename => :compliance_policy,
                     :only_explicit => true, :operators => ['= ', '!= '], :ext_method => :search_by_policy_name
 
-      scoped_search :in => :policies, :on => :name, :complete_value => true, :rename => :'compliance_report_missing_for',
+      scoped_search :in => :policies, :on => :name, :complete_value => true, :rename => :compliance_report_missing_for,
                     :only_explicit => true, :operators => ['= ', '!= '], :ext_method => :search_by_missing_arf
 
       scoped_search :in => :compliance_status_object, :on => :status, :rename => :compliance_status,
                     :complete_value => {:compliant => ::ForemanOpenscap::ComplianceStatus::COMPLIANT,
                                         :incompliant => ::ForemanOpenscap::ComplianceStatus::INCOMPLIANT,
                                         :inconclusive => ::ForemanOpenscap::ComplianceStatus::INCONCLUSIVE}
+      after_save :puppetrun!, :if => :openscap_proxy_id_changed?
 
       scope :comply_with, lambda { |policy|
         joins(:arf_reports).merge(ArfReport.latest_of_policy policy).merge(ArfReport.passed)
@@ -44,6 +45,14 @@ module ForemanOpenscap
                          WHERE foreman_openscap_assets.assetable_type = 'Host::Base'
                                AND foreman_openscap_asset_policies.policy_id = '#{policy.id}')")
       }
+
+      alias_method_chain :set_hostgroup_defaults, :openscap
+    end
+
+    def set_hostgroup_defaults_with_openscap
+      set_hostgroup_defaults_without_openscap
+      return unless hostgroup
+      assign_hostgroup_attributes %w(openscap_proxy_id)
     end
 
     def get_asset
@@ -91,25 +100,24 @@ module ForemanOpenscap
       def search_by_policy_name(key, operator, policy_name)
         cond = sanitize_sql_for_conditions(["foreman_openscap_policies.name #{operator} ?", value_to_sql(operator, policy_name)])
         { :conditions => Host::Managed.arel_table[:id].in(
-              Host::Managed.select(Host::Managed.arel_table[:id]).joins(:policies).where(cond).ast
-            ).to_sql }
+          Host::Managed.select(Host::Managed.arel_table[:id]).joins(:policies).where(cond).ast
+        ).to_sql }
       end
 
       def search_by_missing_arf(key, operator, policy_name)
         cond = sanitize_sql_for_conditions(["foreman_openscap_policies.name #{operator} ?", value_to_sql(operator, policy_name)])
         { :conditions => Host::Managed.arel_table[:id].in(
-             Host::Managed.select(Host::Managed.arel_table[:id])
-               .joins(:policies)
-               .where(cond)
-               .where("foreman_openscap_assets.id NOT IN (
-                        SELECT DISTINCT foreman_openscap_arf_reports.asset_id
-                        FROM foreman_openscap_arf_reports
-                        WHERE foreman_openscap_arf_reports.asset_id = foreman_openscap_assets.id
-                            AND foreman_openscap_arf_reports.policy_id = foreman_openscap_policies.id)
-                      ").ast).to_sql
+          Host::Managed.select(Host::Managed.arel_table[:id])
+            .joins(:policies)
+            .where(cond)
+            .where("foreman_openscap_assets.id NOT IN (
+                     SELECT DISTINCT foreman_openscap_arf_reports.asset_id
+                     FROM foreman_openscap_arf_reports
+                     WHERE foreman_openscap_arf_reports.asset_id = foreman_openscap_assets.id
+                         AND foreman_openscap_arf_reports.policy_id = foreman_openscap_policies.id)
+                   ").ast).to_sql
         }
       end
-
     end
   end
 end

data/app/models/concerns/foreman_openscap/hostgroup_extensions.rb

@@ -7,5 +7,17 @@ module ForemanOpenscap
       has_many :asset_policies, :through => :asset, :class_name => "::ForemanOpenscap::AssetPolicy"
       has_many :policies, :through => :asset_policies, :class_name => "::ForemanOpenscap::Policy"
     end
+
+    unless defined?(Katello::System)
+      private
+
+      def inherited_ancestry_attribute(attribute)
+        if ancestry.present?
+          self[attribute] || self.class.sort_by_ancestry(ancestors.where("#{attribute} is not NULL")).last.try(attribute)
+        else
+          self.send(attribute)
+        end
+      end
+    end
   end
 end

data/app/models/concerns/foreman_openscap/log_extensions.rb

@@ -0,0 +1,8 @@
+module ForemanOpenscap
+  module LogExtensions
+    extend ActiveSupport::Concern
+    included do
+      attr_accessible :result
+    end
+  end
+end

data/app/models/concerns/foreman_openscap/openscap_proxy_core_extensions.rb

@@ -0,0 +1,55 @@
+module ForemanOpenscap
+  module OpenscapProxyCoreExtensions
+    extend ActiveSupport::Concern
+
+    included do
+      validate :openscap_proxy_has_feature
+    end
+
+    def update_scap_client_params(proxy_id)
+      new_proxy = SmartProxy.find proxy_id
+      model_match = self.class.name.underscore.match(/\Ahostgroup\z/) ? "hostgroup" : "fqdn"
+      puppetclass = Puppetclass.find_by_name("foreman_scap_client")
+      fail _("Puppetclass 'foreman_scap_client' not found, make sure it is imported form Puppetmaster") if puppetclass.nil?
+      scap_params = puppetclass.class_params
+      server_lookup_key = scap_params.find { |param| param.key == "server" }
+      port_lookup_key = scap_params.find { |param| param.key == "port" }
+      pairs = scap_client_lookup_values_for([server_lookup_key, port_lookup_key], model_match)
+      mapping = { "server" => new_proxy.hostname, "port" => new_proxy.port }
+      update_scap_client_lookup_values(pairs, model_match, mapping)
+    end
+
+    def inherited_openscap_proxy_id
+      inherited_ancestry_attribute(:openscap_proxy_id)
+    end
+
+    private
+
+    def scap_client_lookup_values_for(lookup_keys, model_match)
+      lookup_keys.inject({}) do |result, key|
+        result[key] = key.lookup_values.find { |value| value.match == "#{lookup_matcher(model_match)}" }
+        result
+      end
+    end
+
+    def update_scap_client_lookup_values(pairs, model_match, mapping)
+      pairs.each do |k, v|
+        if v.nil?
+          LookupValue.create(:match => lookup_matcher(model_match), :value => mapping[k.key], :lookup_key_id => k.id)
+        else
+          v.value = mapping[k.key]
+          v.save
+        end
+      end
+    end
+
+    def lookup_matcher(model_match)
+      model_match == "fqdn" ? "#{model_match}=#{name}" : "#{model_match}=#{title}"
+    end
+
+    def openscap_proxy_has_feature
+      return true unless openscap_proxy_id
+      openscap_proxy.has_feature? "Openscap"
+    end
+  end
+end

data/app/models/concerns/foreman_openscap/openscap_proxy_extensions.rb

@@ -0,0 +1,17 @@
+module ForemanOpenscap
+  module OpenscapProxyExtensions
+    extend ActiveSupport::Concern
+
+    included do
+      belongs_to :openscap_proxy, :class_name => "SmartProxy"
+      attr_accessible :openscap_proxy_id
+    end
+
+    def openscap_proxy_api
+      return @openscap_api if @openscap_api
+      proxy_url = openscap_proxy.url if openscap_proxy
+      fail(_("No openscap proxy found for %s") % id) unless proxy_url
+      @openscap_api = ::ProxyAPI::Openscap.new(:url => proxy_url)
+    end
+  end
+end

data/app/models/concerns/foreman_openscap/smart_proxy_extensions.rb

@@ -0,0 +1,23 @@
+module ForemanOpenscap
+  module SmartProxyExtensions
+    extend ActiveSupport::Concern
+
+    included do
+      has_many :openscap_hostgroups, :foreign_key => 'openscap_proxy_id', :class_name => "::Hostgroup"
+      has_many :openscap_hosts, :foreign_key => 'openscap_proxy_id', :class_name => "::Host"
+      has_many :arf_reports, :foreign_key => 'openscap_proxy_id', :class_name => "ForemanOpenscap::ArfReport"
+      PORT_MATCH = /:(\d+)\z/
+      after_destroy :delete_associated_arf_reports
+    end
+
+    def port
+      url.match(PORT_MATCH)[1]
+    end
+
+    private
+
+    def delete_associated_arf_reports
+      ForemanOpenscap::ArfReport.where(:openscap_proxy_id => id).delete_all
+    end
+  end
+end

data/app/models/foreman_openscap/arf_report.rb

@@ -3,7 +3,9 @@ require 'foreman_openscap/helper'
 module ForemanOpenscap
   class ArfReport < ::Report
     include Taxonomix
+    include OpenscapProxyExtensions
 
+    # attr_accessible :host_id, :reported_at, :status, :metrics
     RESULT = %w(pass fail error unknown notapplicable notchecked notselected informational fixed)
     METRIC = %w(passed othered failed)
     BIT_NUM = 10
@@ -11,15 +13,15 @@ module ForemanOpenscap
 
     has_one :policy_arf_report, :dependent => :destroy
     has_one :policy, :through => :policy_arf_report
-    has_one :asset, :through => :host, :class_name => 'ForemanOpenscap::Asset'
+    has_one :asset, :through => :host, :class_name => 'ForemanOpenscap::Asset', :as => :assetable
     after_save :assign_locations_organizations
     validate :result, :inclusion => { :in => RESULT }
 
-    default_scope {
+    default_scope do
       with_taxonomy_scope do
         order("#{self.table_name}.created_at DESC")
       end
-    }
+    end
 
     scope :hosts, lambda { includes(:policy) }
     scope :of_policy, lambda { |policy_id| joins(:policy_arf_report).merge(PolicyArfReport.of_policy(policy_id)) }
@@ -40,13 +42,13 @@ module ForemanOpenscap
              ON reports.id = latest.id")
     }
 
-    scope :failed, lambda { where("(#{report_status_column} >> #{ bit_mask 'failed' }) > 0") }
-    scope :not_failed, lambda { where("(#{report_status_column} >> #{ bit_mask 'failed' }) = 0") }
+    scope :failed, lambda { where("(#{report_status_column} >> #{bit_mask 'failed'}) > 0") }
+    scope :not_failed, lambda { where("(#{report_status_column} >> #{bit_mask 'failed'}) = 0") }
 
-    scope :othered, lambda { where("(#{report_status_column} >> #{ bit_mask 'othered' }) > 0").merge(not_failed) }
-    scope :not_othered, lambda { where("(#{report_status_column} >> #{ bit_mask 'othered' }) = 0") }
+    scope :othered, lambda { where("(#{report_status_column} >> #{bit_mask 'othered'}) > 0").merge(not_failed) }
+    scope :not_othered, lambda { where("(#{report_status_column} >> #{bit_mask 'othered'}) = 0") }
 
-    scope :passed, lambda { where("(#{report_status_column} >> #{ bit_mask 'passed' }) > 0").merge(not_failed).merge(not_othered) }
+    scope :passed, lambda { where("(#{report_status_column} >> #{bit_mask 'passed'}) > 0").merge(not_failed).merge(not_othered) }
 
     def self.bit_mask(status)
       ComplianceStatus.bit_mask(status)
@@ -97,21 +99,25 @@ module ForemanOpenscap
       policy = Policy.find(params[:policy_id])
       ArfReport.transaction do
         # TODO:RAILS-4.0: This should become arf_report = ArfReport.find_or_create_by! ...
-        arf_report = ArfReport.create!(:host_id => asset.host.id,
+        arf_report = ArfReport.create!(:host => asset.host,
                                        :reported_at => Time.at(params[:date].to_i),
                                        :status => params[:metrics],
-                                       :metrics => params[:metrics])
+                                       :metrics => params[:metrics],
+                                       :openscap_proxy => asset.host.openscap_proxy)
         PolicyArfReport.where(:arf_report_id => arf_report.id, :policy_id => policy.id, :digest => params[:digest]).first_or_create!
         if params[:logs]
           params[:logs].each do |log|
             src = Source.find_or_create(log[:source])
-            msg = Message.find_or_create(N_(log[:title]))
+            digest = Digest::SHA1.hexdigest(log[:title])
+            msg = Message.where(:value => N_(log[:title]), :digest => digest, :severity => log[:severity],
+                                :description => newline_to_space(log[:description]), :rationale => newline_to_space(log[:rationale]),
+                                :scap_references => references_links(log[:references])).first_or_create
             #TODO: log level
             Log.create!(:source_id => src.id,
                         :message_id => msg.id,
-                        :level_id => 1,
+                        :level => :info,
                         :result => log[:result],
-                        :report_id => arf_report.id)
+                        :report => arf_report)
           end
         end
       end
@@ -138,11 +144,11 @@ module ForemanOpenscap
     end
 
     def to_html
-      proxy.arf_report_html(self, ForemanOpenscap::Helper::find_name_or_uuid_by_host(host))
+      openscap_proxy_api.arf_report_html(self, ForemanOpenscap::Helper::find_name_or_uuid_by_host(host))
     end
 
     def to_bzip
-      proxy.arf_report_bzip(self, ForemanOpenscap::Helper::find_name_or_uuid_by_host(host))
+      openscap_proxy_api.arf_report_bzip(self, ForemanOpenscap::Helper::find_name_or_uuid_by_host(host))
     end
 
     def equal?(other)
@@ -154,12 +160,27 @@ module ForemanOpenscap
         policy.id == other.policy.id
     end
 
-    def proxy
-      return @proxy if @proxy
-      scap_class = host.info['classes']['foreman_scap_client']
-      port = scap_class['port']
-      server = scap_class['server']
-      @proxy = ::ProxyAPI::Openscap.new(:url => "https://#{server}:#{port}")
+    def destroy
+      if openscap_proxy_api.destroy_report(self, ForemanOpenscap::Helper::find_name_or_uuid_by_host(host))
+        super
+      else
+        false
+      end
+    end
+
+    def self.newline_to_space(string)
+      string.gsub(/ *\n+/, " ")
+    end
+
+    def self.references_links(references)
+      return if references.nil?
+      html_links = []
+      references.each do |reference|
+        next if reference['title'] == 'test_attestation' # A blank url created by OpenSCAP
+        reference['html_link'] = "<a href='#{reference['href']}'>#{reference['href']}</a>" if reference['title'].blank?
+        html_links << reference['html_link']
+      end
+      html_links.join(', ')
     end
   end
 end

data/app/models/foreman_openscap/policy.rb

@@ -21,9 +21,9 @@ module ForemanOpenscap
     SERVER_CLASS_PARAMETER   = 'server'
     PORT_CLASS_PARAMETER     = 'port'
 
-    validates :name, :presence => true, :uniqueness => true, :format => {without: /\s/}
+    validates :name, :presence => true, :uniqueness => true, :format => { :without => /\s/ }
     validate :ensure_needed_puppetclasses
-    validates :period, :inclusion => {:in => %w[weekly monthly custom]},
+    validates :period, :inclusion => {:in => %w(weekly monthly custom)},
               :if                 => Proc.new { |policy| policy.new_record? ? policy.step_index > 3 : !policy.id.blank? }
     validates :weekday, :inclusion => {:in => Date::DAYNAMES.map(&:downcase)},
               :if                  => Proc.new { |policy| policy.period == 'weekly' && (policy.new_record? ? policy.step_index > 3 : !policy.id.blank?) }
@@ -36,11 +36,11 @@ module ForemanOpenscap
     after_save :assign_policy_to_hostgroups
     # before_destroy - ensure that the policy has no hostgroups, or classes
 
-    default_scope {
+    default_scope do
       with_taxonomy_scope do
         order("foreman_openscap_policies.name")
       end
-    }
+    end
 
     def assign_assets(a)
       self.asset_ids = (self.asset_ids + a.collect(&:id)).uniq
@@ -138,14 +138,14 @@ module ForemanOpenscap
 
     def used_location_ids
       Location.joins(:taxable_taxonomies).where(
-          'taxable_taxonomies.taxable_type' => 'ForemanOpenscap::Policy',
-          'taxable_taxonomies.taxable_id'   => id).pluck("#{Location.arel_table.name}.id")
+        'taxable_taxonomies.taxable_type' => 'ForemanOpenscap::Policy',
+        'taxable_taxonomies.taxable_id'   => id).pluck("#{Location.arel_table.name}.id")
     end
 
     def used_organization_ids
       Organization.joins(:taxable_taxonomies).where(
-          'taxable_taxonomies.taxable_type' => 'ForemanOpenscap::Policy',
-          'taxable_taxonomies.taxable_id'   => id).pluck("#{Location.arel_table.name}.id")
+        'taxable_taxonomies.taxable_type' => 'ForemanOpenscap::Policy',
+        'taxable_taxonomies.taxable_id'   => id).pluck("#{Location.arel_table.name}.id")
     end
 
     def used_hostgroup_ids
@@ -163,10 +163,10 @@ module ForemanOpenscap
 
     def to_enc
       {
-          'id'            => self.id,
-          'profile_id'    => self.scap_content_profile.try(:profile_id) || '',
-          'content_path'  => "/var/lib/openscap/content/#{self.scap_content.digest}.xml",
-          'download_path' => "/compliance/policies/#{self.id}/content" # default to proxy path
+        'id'            => self.id,
+        'profile_id'    => self.scap_content_profile.try(:profile_id) || '',
+        'content_path'  => "/var/lib/openscap/content/#{self.scap_content.digest}.xml",
+        'download_path' => "/compliance/policies/#{self.id}/content" # default to proxy path
       }.merge(period_enc)
     end
 
@@ -175,22 +175,22 @@ module ForemanOpenscap
     def period_enc
       # get crontab expression as an array (minute hour day_of_month month day_of_week)
       cron_parts = case period
-                     when 'weekly'
-                       ['0', '1', '*', '*', weekday_number.to_s]
-                     when 'monthly'
-                       ['0', '1', day_of_month.to_s, '*', '*']
-                     when 'custom'
-                       cron_line_split
-                     else
-                       raise 'invalid period specification'
+                   when 'weekly'
+                     ['0', '1', '*', '*', weekday_number.to_s]
+                   when 'monthly'
+                     ['0', '1', day_of_month.to_s, '*', '*']
+                   when 'custom'
+                     cron_line_split
+                   else
+                     fail 'invalid period specification'
                    end
 
       {
-          'minute'   => cron_parts[0],
-          'hour'     => cron_parts[1],
-          'monthday' => cron_parts[2],
-          'month'    => cron_parts[3],
-          'weekday'  => cron_parts[4],
+        'minute'   => cron_parts[0],
+        'hour'     => cron_parts[1],
+        'monthday' => cron_parts[2],
+        'month'    => cron_parts[3],
+        'weekday'  => cron_parts[4],
       }
     end
 
@@ -205,7 +205,7 @@ module ForemanOpenscap
         return false
       end
 
-      unless policies_param = puppetclass.class_params.where(:key => POLICIES_CLASS_PARAMETER).first
+      unless policies_param = puppetclass.class_params.find_by_key(POLICIES_CLASS_PARAMETER)
         errors[:base] << _("Puppet class %{class} does not have %{parameter} class parameter.") % {:class => SCAP_PUPPET_CLASS, :parameter => POLICIES_CLASS_PARAMETER}
         return false
       end
@@ -257,18 +257,18 @@ module ForemanOpenscap
     end
 
     def populate_overrides(puppetclass, hostgroup)
-      puppetclass.class_params.where(:override => true).each do |override|
-        if hostgroup.puppet_proxy && (url = hostgroup.puppet_proxy.url).present?
-          case override.key
-            when SERVER_CLASS_PARAMETER
-              lookup_value      = LookupValue.where(:match => "hostgroup=#{hostgroup.to_label}", :lookup_key_id => override.id).first_or_initialize
-              puppet_proxy_fqdn = URI.parse(url).host
-              lookup_value.update_attribute(:value, puppet_proxy_fqdn)
-            when PORT_CLASS_PARAMETER
-              lookup_value      = LookupValue.where(:match => "hostgroup=#{hostgroup.to_label}", :lookup_key_id => override.id).first_or_initialize
-              puppet_proxy_port = URI.parse(url).port
-              lookup_value.update_attribute(:value, puppet_proxy_port)
-          end
+      puppetclass.class_params.where(:override => true).find_each do |override|
+        next unless hostgroup.puppet_proxy && (url = hostgroup.puppet_proxy.url).present?
+
+        case override.key
+        when SERVER_CLASS_PARAMETER
+          lookup_value      = LookupValue.where(:match => "hostgroup=#{hostgroup.to_label}", :lookup_key_id => override.id).first_or_initialize
+          puppet_proxy_fqdn = URI.parse(url).host
+          lookup_value.update_attribute(:value, puppet_proxy_fqdn)
+        when PORT_CLASS_PARAMETER
+          lookup_value      = LookupValue.where(:match => "hostgroup=#{hostgroup.to_label}", :lookup_key_id => override.id).first_or_initialize
+          puppet_proxy_port = URI.parse(url).port
+          lookup_value.update_attribute(:value, puppet_proxy_port)
         end
       end
     end