foreman_openscap 0.5.3 → 0.5.4

data/app/models/foreman_openscap/policy.rb

@@ -48,14 +48,14 @@ module ForemanOpenscap
 
     def to_html
       if scap_content.nil? || scap_content_profile.nil?
-        return (_('<h2>Cannot generate HTML guide for %{scap_content}/%{profile}</h2>') %
-          { :scap_content => self.scap_content, :profile => self.scap_content_profile }).html_safe
+        return ("<h2>%s</h2>" % (_('Cannot generate HTML guide for %{scap_content}/%{profile}') %
+          { :scap_content => self.scap_content, :profile => self.scap_content_profile })).html_safe
       end
 
       if (proxy = scap_content.proxy_url)
         api = ProxyAPI::Openscap.new(:url => proxy)
       else
-        return _('<h2>No valid OpenScap proxy server found.</h2>').html_safe
+        return ("<h2>%s</h2>" % _('No valid OpenSCAP proxy server found.')).html_safe
       end
 
       api.policy_html_guide(scap_content.scap_file, scap_content_profile.profile_id)

data/app/models/foreman_openscap/scap_content.rb

@@ -6,12 +6,12 @@ module ForemanOpenscap
       return unless scap_content.scap_file_changed?
 
       unless SmartProxy.with_features('Openscap').any?
-        scap_content.errors.add(:base, _('No Proxy with OpenScap features'))
+        scap_content.errors.add(:base, _('No proxy with OpenSCAP features'))
         return false
       end
 
       if scap_content.proxy_url.nil?
-        scap_content.errors.add(:base, _('No Available Proxy to validate SCAP content'))
+        scap_content.errors.add(:base, _('No available proxy to validate SCAP content'))
         return false
       end
 
@@ -29,7 +29,7 @@ module ForemanOpenscap
 
 
       unless (scap_content.scap_content_profiles.map(&:profile_id) - scap_content.fetch_profiles.keys).empty?
-        scap_content.errors.add(:scap_file, _('Changed file does not include existing SCAP Content profiles'))
+        scap_content.errors.add(:scap_file, _('Changed file does not include existing SCAP content profiles'))
         return false
       end
     end
@@ -90,10 +90,11 @@ module ForemanOpenscap
     end
 
     def proxy_url
-      @proxy_url ||= SmartProxy.with_features('Openscap').each do |proxy|
+      @proxy_url ||= SmartProxy.with_features('Openscap').find do |proxy|
         available = ProxyAPI::AvailableProxy.new(:url => proxy.url)
-        break proxy.url if available.available?
-      end
+        available.available?
+      end.try(:url)
+      @proxy_url
     end
 
     def as_json(*args)

data/app/services/foreman_openscap/report_dashboard/data.rb

@@ -31,7 +31,7 @@ module ForemanOpenscap::ReportDashboard
     end
 
     def othered_breakdowns
-      Log.where(:result => ForemanOpenscap::ArfReport::RESULT[2..-1]).joins("INNER JOIN reports ON reports.id = report_id").count(:id).to_f
+      Log.where(:result => Log::SCAP_RESULT[2..-1]).joins("INNER JOIN reports ON reports.id = report_id").count(:id).to_f
     end
   end
 end

data/app/views/api/v2/compliance/arf_reports/base.json.rabl

@@ -1,4 +1,7 @@
 object @arf_report
 
+extends "api/v2/compliance/common/org"
+extends "api/v2/compliance/common/loc"
+
 attributes :id, :passed, :failed, :othered
-node(:host) { |arf_report| arf_report.host.name }
+node(:host) { |arf_report| arf_report.host.name }

data/app/views/api/v2/compliance/arf_reports/main.json.rabl

@@ -2,4 +2,8 @@ object @arf_report
 
 extends "api/v2/compliance/arf_reports/base"
 
-attributes :created_at, :updated_at
+attributes :created_at, :updated_at, :host_id, :openscap_proxy_id, :reported_at
+
+node :openscap_proxy_name do |arf|
+  arf.openscap_proxy.name
+end

data/app/views/api/v2/compliance/common/_loc.json.rabl

@@ -0,0 +1,3 @@
+child :locations => :locations do |loc|
+  attributes :id, :name
+end

data/app/views/api/v2/compliance/common/_org.json.rabl

@@ -0,0 +1,3 @@
+child :organizations => :organizations do |org|
+  attributes :id, :name
+end

data/app/views/api/v2/compliance/policies/base.json.rabl

@@ -1,3 +1,6 @@
 object @policy
 
-attributes :id, :name, :period, :weekday, :description, :scap_content_id, :scap_content_profile_id, :day_of_month, :cron_line
+extends "api/v2/compliance/common/org"
+extends "api/v2/compliance/common/loc"
+
+attributes :id, :name, :period, :weekday, :description, :scap_content_id, :scap_content_profile_id, :day_of_month, :cron_line

data/app/views/api/v2/compliance/scap_contents/base.json.rabl

@@ -1,3 +1,6 @@
 object @scap_content
 
-attributes :id, :title, :original_filename, :digest
+extends "api/v2/compliance/common/org"
+extends "api/v2/compliance/common/loc"
+
+attributes :id, :title, :original_filename, :digest

data/app/views/api/v2/compliance/scap_contents/show.json.rabl

@@ -1 +1,7 @@
-object @scap_content
+object @scap_content
+
+extends "api/v2/compliance/scap_contents/main"
+
+child :scap_content_profiles => :scap_content_profiles do |profile|
+  attributes :id, :profile_id, :title
+end

data/app/views/arf_reports/_list.html.erb

@@ -13,7 +13,13 @@
   <% for arf_report in @arf_reports %>
     <tr>
     <td class="ca">
-          <%= check_box_tag "host_ids[]", nil, false, :id => "host_ids_#{arf_report.id}", :disabled => !authorized?, :class => 'host_select_boxes', :onclick => 'hostChecked(this)' %>
+          <%= check_box_tag "host_ids[]",
+                             nil,
+                             false,
+                             :id => "host_ids_#{arf_report.id}",
+                             :disabled => !authorized_for(:controller => :arf_reports, :action => :destroy),
+                             :class => 'host_select_boxes',
+                             :onclick => 'hostChecked(this)' %>
         </td>
       <td><%= name_column(arf_report.host) %></td>
       <td><%= display_link_if_authorized(_("%s ago") % time_ago_in_words(arf_report.reported_at), hash_for_arf_report_path(:id => arf_report.id)) %></td>

data/app/views/arf_reports/delete_multiple.html.erb

@@ -25,5 +25,5 @@
 
 <%= form_tag submit_delete_multiple_arf_reports_path({:arf_report_ids => params[:arf_report_ids]}) do %>
   <span class="label label-danger"><%= _('Delete') %></span>
-  <%= _('these Complinace reports') %>
+  <%= _('these Complianace reports') %>
 <% end %>

data/app/views/arf_reports/show.html.erb

@@ -1,7 +1,7 @@
 <%= javascript 'foreman_openscap/reports' %>
 <%= stylesheet 'foreman_openscap/reports' %>
 <% title "#{@arf_report.host}" %>
-<p class='ra'> <%= _("Reported at %s ") % @arf_report.reported_at %> </p>
+<p class='ra'> <%= _("Reported at %s") % @arf_report.reported_at %> </p>
 
 <% content_for(:search_bar) {show_logs} %>
 

data/app/views/compliance_hosts/_openscap_proxy.html.erb

@@ -1,8 +1,3 @@
-<%= javascript 'foreman_openscap/openscap_proxy' %>
-<% data_url = @host ? openscap_proxy_changed_hosts_path : openscap_proxy_changed_hostgroups_path%>
 <%= select_f f, :openscap_proxy_id, SmartProxy.with_features("Openscap"), :id, :name,
     { :include_blank => blank_or_inherit_f(f, :openscap_proxy) },
-    { :label => _('Openscap Proxy'),
-      :onchange => 'updateOpenscapProxy(this)',
-      :'data-url' => data_url,
-      :help_inline => :indicator } %>
+    { :label => _('Openscap Proxy') } %>

data/app/views/compliance_hosts/show.html.erb

@@ -1,6 +1,6 @@
 <%= javascript 'dashboard', 'foreman_openscap/scap_hosts_show' %>
 
-<% title _("%s compliance reports by policy") % @host.to_label %>
+<% title n_("%s compliance report by policy", "%s compliance reports by policy"m , host.combined_policies.length) % @host.to_label %>
 <% @host.combined_policies.each do |policy| %>
   <h2 class="center-block"><%= _('Policy %s') % policy %></h2>
   <div class="row">

data/app/views/dashboard/_compliance_host_reports_widget.html.erb

@@ -5,11 +5,7 @@
 <% else %>
   <table class="table table-striped ellipsis">
     <tr>
-      <th><%= _('Host') %></th>
-      <th><%= _('Policy') %></th>
-      <%= translated_header(s_('Passed|P'), _('Passed')).html_safe %>
-      <%= translated_header(s_('Failed|F'), _('Failed')).html_safe %>
-      <%= translated_header(s_('Othered|O'), _('Othered')).html_safe %>
+      <%= latest_headers() %>
     </tr>
     <% latest_reports.each do |report| %>
       <tr>
@@ -21,4 +17,4 @@
       </tr>
     <% end %>
   </table>
-<% end %>
+<% end %>

data/app/views/foreman_openscap/policy_mailer/policy_summary.erb

@@ -6,7 +6,7 @@
     <title> Summary report for OpenScap from Foreman </title>
   </head>
   <body style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; color: #3f3f3f; background-color: #f1f1f1; padding: 10px 24px">
-    <h2 style="font-weight: normal; text-transform: uppercase; font-size: 120%;"><%= _("<b>Foreman</b> OpenScap summary").html_safe %></h2>
+    <h2 style="font-weight: normal; text-transform: uppercase; font-size: 120%;"><%= _("<b>Foreman</b> OpenSCAP summary").html_safe %></h2>
     <h2 style="margin: 5px 0px;"><%= _("Summary from %{time} ago to now") % {:time => distance_of_time_in_words(Time.now - @time)} %></h2>
     <h3 style="margin: 0px;"><%= _("Summary report from Foreman server at %{foreman_url}") % {:foreman_url => Setting[:foreman_url]} %></h3>
     <div style="background: #e1e2e3; padding: 20px 40px; margin: 5px 0px 10px;">

data/app/views/policies/_form.html.erb

@@ -14,7 +14,7 @@
     <% if show_organization_tab? %>
       <li><a href='#organizations' data-toggle='tab'><%= _('Organizations') %></a></li>
     <% end %>
-    <li><a href='#hostgroups' data-toggle='tab'><%= _('Hostgroups') %></a></li>
+    <li><a href='#hostgroups' data-toggle='tab'><%= _('Host Groups') %></a></li>
   </ul>
   <div class="tab-content">
     <div class="tab-pane active" id="primary">

data/app/views/policies/welcome.html.erb

@@ -1,14 +1,15 @@
-<% title_actions display_link_if_authorized(_("New Compliance policy"), hash_for_new_policy_path) %>
+<% title_actions display_link_if_authorized(_("New Compliance Policy"), hash_for_new_policy_path) %>
 
 <% title _("Compliance policy configuration") %>
 <div id="welcome">
   <p>
-    <%= _('A compliance policy is defined by security professionals who specify desired settings
-          (often in the form of a checklist) that are to be used in the computing environment. Compliance audit is a process of figuring out
-          whether a given object follows all the rules written out in a compliance policy.') %>
+    <%= _('A compliance policy is defined by security professionals who specify desired ' +
+          'settings (often in the form of a checklist) that are to be used in the computing ' +
+          'environment. Compliance audit is a process of figuring out whether a given object ' +
+          'follows all the rules written out in a compliance policy.') %>
   </p>
   <p>
-    <%= (_('In Foreman, a compliance policy checklist is defined via %s, once SCAP content is present, you can create a policy,
-            assign select hostgroups and schedule to run.') % link_to(_('SCAP content'), scap_contents_path)).html_safe %>
+    <%= (_('In Foreman, a compliance policy checklist is defined via %s, once SCAP content ' +
+           'is present, you can create a policy, assign select host groups and schedule to run.') % link_to(_('SCAP content'), scap_contents_path)).html_safe %>
   </p>
 </div>

data/app/views/scap_contents/welcome.html.erb

@@ -9,7 +9,7 @@
         and policy compliance evaluation. ') %><small><%= (_('Source: Wikipedia %s') % link_to(_('read more'), 'http://en.wikipedia.org/wiki/Security_Content_Automation_Protocol')).html_safe %></small>
   </p>
   <p>
-    <%= (_("In Foreman, scap_contents represent the SCAP security guides on your hosts, and create SCAP profiles for you to assign to hosts / hostgroups
+    <%= (_("In Foreman, scap_contents represent the SCAP security guides on your hosts, and create SCAP profiles for you to assign to hosts / host groups
           via %s") % link_to('compliance policies', policies_path)).html_safe %>
   </p>
 </div>

data/config/routes.rb

@@ -45,7 +45,11 @@ Rails.application.routes.draw do
     scope "(:apiv)", :module => :v2, :defaults => {:apiv => 'v2'},
           :apiv => /v1|v2/, :constraints => ApiConstraints.new(:version => 2) do
       namespace :compliance do
-        resources :scap_contents, :except => [:new, :edit]
+        resources :scap_contents, :except => [:new, :edit] do
+          member do
+            get 'xml'
+          end
+        end
         resources :policies, :except => [:new, :edit] do
           member do
             get 'content'

data/db/migrate/20150821100137_migrate_from_scaptimony.rb

@@ -6,13 +6,14 @@ class MigrateFromScaptimony < ActiveRecord::Migration
       def rename_table_indexes(a,b)
       end
     end
+
+    execute 'DROP VIEW IF EXISTS scaptimony_arf_report_breakdowns'
+    execute 'DROP VIEW IF EXISTS foreman_openscap_arf_report_breakdowns'
+
     ActiveRecord::Base.connection.tables.grep(/^scaptimony/).each do |table|
       rename_table table, table.sub(/^scaptimony/, "foreman_openscap")
     end
 
-    execute 'DROP VIEW scaptimony_arf_report_breakdowns' if table_exists? 'scaptimony_arf_report_breakdowns'
-    execute 'DROP VIEW foreman_openscap_arf_report_breakdowns' if table_exists? 'foreman_openscap_arf_report_breakdowns'
-
     execute <<-SQL
       CREATE VIEW foreman_openscap_arf_report_breakdowns AS
         SELECT
@@ -39,13 +40,13 @@ class MigrateFromScaptimony < ActiveRecord::Migration
   end
 
   def down
+    execute 'DROP VIEW IF EXISTS scaptimony_arf_report_breakdowns'
+    execute 'DROP VIEW IF EXISTS foreman_openscap_arf_report_breakdowns'
+
     ActiveRecord::Base.connection.tables.grep(/^foreman_openscap/).each do |table|
       rename_table table, table.sub(/^foreman_openscap/, "scaptimony")
     end
 
-    execute 'DROP VIEW scaptimony_arf_report_breakdowns' if table_exists? 'scaptimony_arf_report_breakdowns'
-    execute 'DROP VIEW foreman_openscap_arf_report_breakdowns' if table_exists? 'foreman_openscap_arf_report_breakdowns'
-
     execute <<-SQL
       CREATE VIEW scaptimony_arf_report_breakdowns AS
         SELECT

data/db/migrate/20150929152345_move_arf_reports_to_reports_table.rb

@@ -3,73 +3,13 @@ class MoveArfReportsToReportsTable < ActiveRecord::Migration
   # rubocop:disable Metrics/MethodLength
   # rubocop:disable Metrics/AbcSize
   def up
-    old_arf_reports = execute("SELECT * FROM foreman_openscap_arf_reports;")
-
-    #select only reports with existing host
-    old_arf_reports = old_arf_reports.select do |item|
-      asset = ForemanOpenscap::Asset.find item['asset_id']
-      !asset.host.nil? && asset.assetable_type = "Host::Base"
-    end
-    #and remove assets without assetable
-    ForemanOpenscap::Asset.where(:assetable_type => "Host::Base").select { |a| a.host.nil? }.map(&:destroy)
-    ForemanOpenscap::Asset.where(:assetable_type => "Hostgroup").select { |a| a.hostgroup.nil? }.map(&:destroy)
-
-    old_arf_reports.each do |item|
-      metrics = breakdown_to_metrics item["id"]
-
-      #reported_at attribute must be unique
-      reported_at = DateTime.strptime(item["created_at"], "%Y-%m-%d %H:%M:%S")
-
-      reported_at += 1.second until arfs_by_reported(reported_at).empty?
-
-      arf = ForemanOpenscap::ArfReport.create!(:metrics => metrics,
-                                               :reported_at => reported_at,
-                                               :created_at => item["created_at"],
-                                               :updated_at => item["updated_at"],
-                                               :host_id => item["asset_id"],
-                                               :status => metrics)
-
-      ForemanOpenscap::PolicyArfReport.create!(:arf_report_id => arf.id, :policy_id => item["policy_id"], :digest => item["digest"])
-
-      xccdf_rules.each { |rule_item| Source.find_or_create(rule_item["xid"]) }
-
-      xccdf_rule_results(item["id"]).each do |rr_item|
-        message = Message.find_or_create("No message for this log")
-
-        rule_item = xccdf_rule(rr_item['xccdf_rule_id'])
-        source = Source.find_or_create(rule_item['xid'])
-
-        Log.create!(:report_id => arf.id,
-                    :result => xccdf_result(rr_item["xccdf_result_id"])['name'],
-                    :message_id => message.id,
-                    :source_id => source.id,
-                    :level => :info)
-      end
-    end
-
     execute 'DROP VIEW foreman_openscap_arf_report_breakdowns' if table_exists? 'foreman_openscap_arf_report_breakdowns'
     drop_table :foreman_openscap_xccdf_results
     drop_table :foreman_openscap_xccdf_rules
     drop_table :foreman_openscap_xccdf_rule_results
-    drop_table :foreman_openscap_arf_reports
-    drop_table :foreman_openscap_arf_report_raws
   end
 
   def down
-    #warning! we cannot fully revert since arf_report_raws got dropped and we have no way of recreating them
-    create_table :foreman_openscap_arf_reports do |t|
-      t.references :asset, :index => true
-      t.references :policy, :index => true
-      t.datetime :date
-      t.string :digest, :limit => 128
-
-      t.timestamps
-    end
-    add_index :foreman_openscap_arf_reports, :digest, :unique => true
-
-    add_index :foreman_openscap_arf_reports, [:asset_id, :policy_id, :date, :digest],
-              :unique => true, :name => :index_openscap_arf_reports_unique_set
-
     create_table :foreman_openscap_xccdf_results do |t|
       t.string :name, :limit => 16, :null => false
     end
@@ -139,41 +79,4 @@ class MoveArfReportsToReportsTable < ActiveRecord::Migration
     end
     ForemanOpenscap::PolicyArfReport.all.map(&:destroy)
   end
-
-  private
-
-  def breakdown_to_metrics(report_id)
-    execute("SELECT passed, failed, othered FROM foreman_openscap_arf_report_breakdowns WHERE arf_report_id='#{report_id}';").first
-  end
-
-  def xccdf_rule_results(report_id)
-    execute("SELECT arf_report_id, xccdf_result_id, xccdf_rule_id
-             FROM foreman_openscap_xccdf_rule_results
-             WHERE arf_report_id='#{report_id}';")
-  end
-
-  def xccdf_rules
-    execute("SELECT xid FROM foreman_openscap_xccdf_rules;")
-  end
-
-  def xccdf_rule(rule_id)
-    execute("SELECT xid
-             FROM foreman_openscap_xccdf_rules
-             WHERE foreman_openscap_xccdf_rules.id = '#{rule_id}';").first
-  end
-
-  def xccdf_result(result_id)
-    execute("SELECT name FROM foreman_openscap_xccdf_results WHERE id = '#{result_id}';").first
-  end
-
-  def arfs_by_reported(time)
-    ForemanOpenscap::ArfReport.where(:reported_at => time)
-  end
-
-  def report(arf)
-    execute("SELECT id
-             FROM foreman_openscap_arf_reports
-             WHERE date = '#{arf.reported_at}' AND
-                   digest = '#{arf.policy_arf_report.digest}';").first
-  end
 end

data/db/migrate/20151120090851_add_openscap_proxy_to_host_and_hostgroup.rb

@@ -3,18 +3,6 @@ class AddOpenscapProxyToHostAndHostgroup < ActiveRecord::Migration
     add_column :hostgroups, :openscap_proxy_id, :integer
     add_column :hosts, :openscap_proxy_id, :integer
     add_column :reports, :openscap_proxy_id, :integer
-
-    #to ensure backward compatiblity
-    #this relies on the fact that only one scap proxy was registered
-    #because there has not been support for multiple scap proxies
-    reports = ForemanOpenscap::ArfReport.where(:openscap_proxy_id => nil)
-    scap_proxy = SmartProxy.with_features("Openscap").first
-    unless scap_proxy.nil?
-      reports.each do |report|
-        report.openscap_proxy = scap_proxy
-        report.save!
-      end
-    end
   end
 
   def down

data/db/seeds.d/openscap_policy_notification.rb

@@ -1,6 +1,6 @@
 policy_notification = {
   :name => :openscap_policy_summary,
-  :description => N_('A summary of reports for OpenScap policies'),
+  :description => N_('A summary of reports for OpenSCAP policies'),
   :mailer => 'ForemanOpenscap::PolicyMailer',
   :method => 'policy_summary',
   :subscription_type => 'report',

data/lib/foreman_openscap/bulk_upload.rb

@@ -30,6 +30,7 @@ module ForemanOpenscap
         scap_content.original_filename = filename
         scap_content.location_ids = Location.all.map(&:id) if SETTINGS[:locations_enabled]
         scap_content.organization_ids = Organization.all.map(&:id) if SETTINGS[:organizations_enabled]
+
         next puts "## SCAP content is invalid: #{scap_content.errors.full_messages.uniq.join(',')} ##" unless scap_content.valid?
         if scap_content.save
           puts "Saved #{datastream} as #{scap_content.title}"