foreman_openscap 0.6.3 → 0.6.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +4 -0
- data/app/assets/javascripts/foreman_openscap/openscap_proxy.js +7 -0
- data/app/assets/javascripts/foreman_openscap/policy_edit.js +15 -0
- data/app/controllers/api/v2/compliance/arf_reports_controller.rb +2 -2
- data/app/controllers/api/v2/compliance/policies_controller.rb +16 -4
- data/app/controllers/api/v2/compliance/scap_contents_controller.rb +2 -2
- data/app/controllers/api/v2/compliance/tailoring_files_controller.rb +92 -0
- data/app/controllers/concerns/foreman/controller/parameters/policy_api.rb +2 -2
- data/app/controllers/concerns/foreman/controller/parameters/tailoring_file.rb +15 -0
- data/app/controllers/openscap_proxies_controller.rb +31 -0
- data/app/controllers/policies_controller.rb +14 -15
- data/app/controllers/scap_contents_controller.rb +0 -10
- data/app/controllers/tailoring_files_controller.rb +75 -0
- data/app/helpers/compliance_dashboard_helper.rb +2 -2
- data/app/helpers/policies_helper.rb +29 -1
- data/app/helpers/tailoring_files_helper.rb +5 -0
- data/app/lib/proxy_api/openscap.rb +18 -2
- data/app/models/concerns/foreman_openscap/data_stream_content.rb +43 -0
- data/app/models/concerns/foreman_openscap/host_extensions.rb +1 -1
- data/app/models/concerns/foreman_openscap/hostgroup_extensions.rb +8 -0
- data/app/models/foreman_openscap/policy.rb +28 -3
- data/app/models/foreman_openscap/scap_content.rb +4 -72
- data/app/models/foreman_openscap/scap_content_profile.rb +2 -0
- data/app/models/foreman_openscap/tailoring_file.rb +19 -0
- data/app/services/foreman_openscap/openscap_proxy_version_check.rb +63 -0
- data/app/validators/foreman_openscap/data_stream_validator.rb +44 -0
- data/app/views/api/v2/compliance/policies/base.json.rabl +2 -1
- data/app/views/api/v2/compliance/tailoring_files/base.json.rabl +6 -0
- data/app/views/api/v2/compliance/tailoring_files/index.json.rabl +3 -0
- data/app/views/api/v2/compliance/tailoring_files/main.json.rabl +5 -0
- data/app/views/api/v2/compliance/tailoring_files/show.json.rabl +7 -0
- data/app/views/arf_reports/_list.html.erb +3 -2
- data/app/views/dashboard/_compliance_host_reports_widget.html.erb +3 -3
- data/app/views/policies/_form.html.erb +9 -0
- data/app/views/policies/_list.html.erb +16 -4
- data/app/views/policies/_tailoring_file_selected.html.erb +3 -0
- data/app/views/policies/steps/_scap_content_form.html.erb +8 -0
- data/app/views/policies/welcome.html.erb +12 -13
- data/app/views/scap_contents/_list.html.erb +1 -1
- data/app/views/scap_contents/welcome.html.erb +14 -13
- data/app/views/smart_proxies/_openscap_spool.html.erb +9 -0
- data/app/views/smart_proxies/plugins/_openscap.html.erb +12 -0
- data/app/views/tailoring_files/_form.html.erb +25 -0
- data/app/views/tailoring_files/_list.html.erb +29 -0
- data/app/views/tailoring_files/edit.html.erb +3 -0
- data/app/views/tailoring_files/index.html.erb +3 -0
- data/app/views/tailoring_files/new.html.erb +3 -0
- data/app/views/tailoring_files/welcome.html.erb +21 -0
- data/config/routes.rb +22 -0
- data/db/migrate/20161109155255_create_tailoring_files.rb +23 -0
- data/db/migrate/20161223153249_add_permissions_to_arf_report.rb +11 -0
- data/lib/foreman_openscap/engine.rb +30 -5
- data/lib/foreman_openscap/version.rb +1 -1
- data/test/factories/policy_factory.rb +2 -0
- data/test/factories/scap_content_related.rb +7 -0
- data/test/files/tailoring_files/ssg-firefox-ds-tailoring-2.xml +23 -0
- data/test/files/tailoring_files/ssg-firefox-ds-tailoring.xml +31 -0
- data/test/functional/api/v2/compliance/policies_controller_test.rb +35 -8
- data/test/functional/api/v2/compliance/scap_contents_controller_test.rb +1 -1
- data/test/functional/api/v2/compliance/tailoring_files_controller_test.rb +63 -0
- data/test/functional/openscap_proxies_controller_test.rb +14 -0
- data/test/functional/tailoring_files_controller_test.rb +38 -0
- data/test/test_plugin_helper.rb +18 -24
- data/test/unit/openscap_host_test.rb +11 -1
- data/test/unit/policy_test.rb +26 -0
- data/test/unit/services/tailoring_files_proxy_check_test.rb +27 -0
- data/test/unit/tailoring_file_test.rb +26 -0
- metadata +59 -20
@@ -3,4 +3,5 @@ object @policy
|
|
3
3
|
extends "api/v2/compliance/common/org"
|
4
4
|
extends "api/v2/compliance/common/loc"
|
5
5
|
|
6
|
-
attributes :id, :name, :period, :weekday, :description, :scap_content_id, :scap_content_profile_id, :day_of_month, :cron_line
|
6
|
+
attributes :id, :name, :period, :weekday, :description, :scap_content_id, :scap_content_profile_id, :day_of_month, :cron_line,
|
7
|
+
:tailoring_file_id, :tailoring_file_profile_id
|
@@ -27,8 +27,9 @@
|
|
27
27
|
<td><%= report_arf_column(arf_report.failed, "label-danger") %></th>
|
28
28
|
<td><%= report_arf_column(arf_report.othered, "label-warning") %></th>
|
29
29
|
<td>
|
30
|
-
<%= display_delete_if_authorized(hash_for_arf_report_path(:id => arf_report.id),
|
31
|
-
|
30
|
+
<%= action_buttons(display_delete_if_authorized(hash_for_arf_report_path(:id => arf_report.id),
|
31
|
+
:confirm => _("Delete compliance report for %s?") % arf_report.host),
|
32
|
+
display_link_if_authorized(_("Full Report"), hash_for_show_html_arf_report_path(:id => arf_report.id)))
|
32
33
|
%>
|
33
34
|
</td>
|
34
35
|
</tr>
|
@@ -3,14 +3,14 @@
|
|
3
3
|
<% if latest_reports.empty? %>
|
4
4
|
<p class="ca"><%= _("No reports available") %></p>
|
5
5
|
<% else %>
|
6
|
-
<table class="table table-striped
|
6
|
+
<table class="table table-striped table-fixed">
|
7
7
|
<tr>
|
8
8
|
<%= latest_compliance_headers %>
|
9
9
|
</tr>
|
10
10
|
<% latest_reports.each do |report| %>
|
11
11
|
<tr>
|
12
|
-
<td><%= link_to h(report.host.nil? ? _('Host does not exist anymore') : report.host.name), arf_report_path(report) %></td>
|
13
|
-
<td><%= report.policy.nil? ? _('Policy is missing') : link_to(h(report.policy.name), policy_dashboard_policy_path(report.policy)) %></td>
|
12
|
+
<td class="ellipsis"><%= link_to h(report.host.nil? ? _('Host does not exist anymore') : report.host.name), arf_report_path(report) %></td>
|
13
|
+
<td class="ellipsis"><%= report.policy.nil? ? _('Policy is missing') : link_to(h(report.policy.name), policy_dashboard_policy_path(report.policy)) %></td>
|
14
14
|
<td class="ca"><%= report_event_column(report.passed, "label-success") %></td>
|
15
15
|
<td class="ca"><%= report_event_column(report.failed, "label-danger") %></td>
|
16
16
|
<td class="ca"><%= report_event_column(report.othered, "label-info") %></td>
|
@@ -26,6 +26,15 @@
|
|
26
26
|
<span id="scap_content_profile_select">
|
27
27
|
<%= scap_content_profile_selector(f) %>
|
28
28
|
</span>
|
29
|
+
<span>
|
30
|
+
<%= tailoring_file_selector(f) %>
|
31
|
+
</span>
|
32
|
+
<span id="tailoring_file_profile_select">
|
33
|
+
<% if @policy.tailoring_file %>
|
34
|
+
<%= render 'tailoring_file_selected', :f => f, :policy => @policy, :tailoring_file => @policy.tailoring_file %>
|
35
|
+
<% end %>
|
36
|
+
</span>
|
37
|
+
|
29
38
|
</div>
|
30
39
|
<div class="tab-pane" id="scap_schedule">
|
31
40
|
<%= select_f(f, :period, %w[Weekly Monthly Custom], :downcase, :to_s,
|
@@ -1,8 +1,10 @@
|
|
1
1
|
<table class="table table-bordered table-striped table-fixed">
|
2
2
|
<tr>
|
3
|
-
<th
|
4
|
-
<th
|
5
|
-
<th
|
3
|
+
<th><%= _('Name') %></th>
|
4
|
+
<th><%= _('Content') %></th>
|
5
|
+
<th><%= _('Profile') %></th>
|
6
|
+
<th><%= _('Tailoring File') %></th>
|
7
|
+
<th><%= _('Effective Profile') %></th>
|
6
8
|
<th></th>
|
7
9
|
</tr>
|
8
10
|
<% for policy in @policies %>
|
@@ -17,7 +19,17 @@
|
|
17
19
|
<% end %>
|
18
20
|
</td>
|
19
21
|
<td>
|
20
|
-
<%=
|
22
|
+
<%= policy_profile_from_scap_content policy %>
|
23
|
+
</td>
|
24
|
+
<td>
|
25
|
+
<% if policy.tailoring_file %>
|
26
|
+
<%= link_to_if_authorized policy.tailoring_file.name, hash_for_edit_tailoring_file_path(:id => policy.tailoring_file_id) %>
|
27
|
+
<% else %>
|
28
|
+
<%= _('None') %>
|
29
|
+
<% end%>
|
30
|
+
</td>
|
31
|
+
<td>
|
32
|
+
<%= effective_policy_profile policy %>
|
21
33
|
</td>
|
22
34
|
<td>
|
23
35
|
<%= action_buttons(
|
@@ -5,5 +5,13 @@
|
|
5
5
|
<span id="scap_content_profile_select">
|
6
6
|
<%= scap_content_profile_selector(f) %>
|
7
7
|
</span>
|
8
|
+
<span>
|
9
|
+
<%= tailoring_file_selector(f) %>
|
10
|
+
</span>
|
11
|
+
<span id="tailoring_file_profile_select">
|
12
|
+
<% if @policy.tailoring_file %>
|
13
|
+
<%= render 'tailoring_file_selected', :f => f, :policy => @policy, :tailoring_file => @policy.tailoring_file %>
|
14
|
+
<% end %>
|
15
|
+
</span>
|
8
16
|
</div>
|
9
17
|
|
@@ -1,15 +1,14 @@
|
|
1
|
-
<%
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
'follows all the rules written out in a compliance policy.') %>
|
10
|
-
</p>
|
11
|
-
<p>
|
12
|
-
<%= (_('In Foreman, a compliance policy checklist is defined via %s, once SCAP content ' +
|
13
|
-
'is present, you can create a policy, assign select host groups and schedule to run.') % link_to(_('SCAP content'), scap_contents_path)).html_safe %>
|
1
|
+
<% content_for(:title, _("Compliance Policies")) %>
|
2
|
+
<div class="blank-slate-pf">
|
3
|
+
<div class="blank-slate-pf-icon">
|
4
|
+
<%= icon_text("key", "", :kind => "fa") %>
|
5
|
+
</div>
|
6
|
+
<h1><%= _('Compliance Policies') %></h1>
|
7
|
+
<p><%= (_('In Foreman, a compliance policy checklist is defined via %s.') % link_to(_('SCAP content'), scap_contents_path)).html_safe %></br>
|
8
|
+
<%= _('Once SCAP content is present, you can create a policy, assign select host groups and schedule to run.') %>
|
14
9
|
</p>
|
10
|
+
|
11
|
+
<div class="blank-slate-pf-main-action">
|
12
|
+
<%= new_link(_('New Policy'), {}, { :class => "btn-lg" }) %>
|
13
|
+
</div>
|
15
14
|
</div>
|
@@ -15,7 +15,7 @@
|
|
15
15
|
<td>
|
16
16
|
<%= action_buttons(
|
17
17
|
display_link_if_authorized(_("Edit"), hash_for_edit_scap_content_path(:id => content.id)),
|
18
|
-
|
18
|
+
display_link_if_authorized(_("Download"), hash_for_scap_content_path(:id => content.id), :data => { :no_turbolink => true }),
|
19
19
|
display_delete_if_authorized(hash_for_scap_content_path(:id => content.id),
|
20
20
|
:confirm => _("Delete compliance policy %s with all the reports?") % content.title)
|
21
21
|
) %>
|
@@ -1,15 +1,16 @@
|
|
1
|
-
<%
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
<p>
|
12
|
-
<%= (_("In Foreman, scap_contents represent the SCAP security guides on your hosts, and create SCAP profiles for you to assign to hosts / host groups
|
13
|
-
via %s") % link_to('compliance policies', policies_path)).html_safe %>
|
1
|
+
<% content_for(:title, _("SCAP Content")) %>
|
2
|
+
<div class="blank-slate-pf">
|
3
|
+
<div class="blank-slate-pf-icon">
|
4
|
+
<%= icon_text("key", "", :kind => "fa") %>
|
5
|
+
</div>
|
6
|
+
<h1><%= _('SCAP Content') %></h1>
|
7
|
+
<p><%= _('The Security Content Automation Protocol (SCAP), combines a number of open standards that are used to enumerate software flaws and
|
8
|
+
configuration issues related to security. ') %></br>
|
9
|
+
<%= (_('In Foreman, scap_contents represent the SCAP security guides on your hosts, and create SCAP profiles for you to assign to hosts / host groups
|
10
|
+
via %s') % link_to('compliance policies', policies_path)).html_safe %>
|
14
11
|
</p>
|
12
|
+
|
13
|
+
<div class="blank-slate-pf-main-action">
|
14
|
+
<%= new_link(_('New SCAP Content'), {}, { :class => "btn-lg" }) %>
|
15
|
+
</div>
|
15
16
|
</div>
|
@@ -0,0 +1,12 @@
|
|
1
|
+
<%= javascript 'foreman_openscap/openscap_proxy' %>
|
2
|
+
<div class="row">
|
3
|
+
<h3><%= feature %></h3>
|
4
|
+
</div>
|
5
|
+
<%= show_feature_version(feature.downcase) %>
|
6
|
+
<div class="row">
|
7
|
+
<% msg = _("Proxy failed to send a report from spool to Foreman. This indicates a corrupted report format. Report has been moved to directory for storing corrupted files on proxy for later inspection.") %>
|
8
|
+
<div class="col-md-4"><%= _('Last spool error') %> <%= popover("", msg) %></div>
|
9
|
+
<div class="col-md-8" data-ajax-url="<%= openscap_spool_openscap_proxy_path(:smart_proxy_id => @smart_proxy) %>">
|
10
|
+
<%= spinner %>
|
11
|
+
</div>
|
12
|
+
</div>
|
@@ -0,0 +1,25 @@
|
|
1
|
+
<%= form_for @tailoring_file,
|
2
|
+
:url => (@tailoring_file.id? ?
|
3
|
+
tailoring_file_path(:id => @tailoring_file.id) : tailoring_files_path),
|
4
|
+
:html => { :multipart => true } do |f| %>
|
5
|
+
|
6
|
+
<%= base_errors_for @tailoring_file %>
|
7
|
+
|
8
|
+
<ul class="nav nav-tabs" data-tabs="tabs">
|
9
|
+
<li class="active"><a href="#primary" data-toggle="tab"><%= _("File Upload") %></a></li>
|
10
|
+
<% if show_location_tab? %>
|
11
|
+
<li><a href='#locations' data-toggle='tab'><%= _('Locations') %></a></li>
|
12
|
+
<% end %>
|
13
|
+
<% if show_organization_tab? %>
|
14
|
+
<li><a href='#organizations' data-toggle='tab'><%= _('Organizations') %></a></li>
|
15
|
+
<% end %>
|
16
|
+
</ul>
|
17
|
+
<div class="tab-content">
|
18
|
+
<div class="tab-pane active" id="primary">
|
19
|
+
<%= text_f(f, :name) %>
|
20
|
+
<%= file_field_f f, :scap_file, :help_block => _("Upload DataStream Tailoring file") %>
|
21
|
+
</div>
|
22
|
+
<%= render 'taxonomies/loc_org_tabs', :f => f, :obj => @tailoring_file %>
|
23
|
+
<%= submit_or_cancel f %>
|
24
|
+
</div>
|
25
|
+
<% end %>
|
@@ -0,0 +1,29 @@
|
|
1
|
+
<table class="table table-bordered table-striped table-fixed">
|
2
|
+
<tr>
|
3
|
+
<th class="col-md-4"><%= _('Name')%></th>
|
4
|
+
<th class="col-md-4"><%= _('Filename') %></th>
|
5
|
+
<th class="col-md-3"><%= _('Created') %></th>
|
6
|
+
<th class="col-md-1"></th>
|
7
|
+
</tr>
|
8
|
+
<% @tailoring_files.each do |file| %>
|
9
|
+
<tr>
|
10
|
+
<td class="ellipsis">
|
11
|
+
<%= file.name %>
|
12
|
+
</td>
|
13
|
+
<td>
|
14
|
+
<%= file.original_filename %>
|
15
|
+
</td>
|
16
|
+
<td>
|
17
|
+
<%= _("%s ago") % time_ago_in_words(file.created_at.getlocal) %>
|
18
|
+
</td>
|
19
|
+
<td>
|
20
|
+
<%= action_buttons(
|
21
|
+
display_link_if_authorized(_("Edit"), hash_for_edit_tailoring_file_path(:id => file.id)),
|
22
|
+
display_delete_if_authorized(hash_for_tailoring_file_path(:id => file.id),
|
23
|
+
:confirm => _("Delete tailoring file %s?") % file.name),
|
24
|
+
display_link_if_authorized(_("Download"), hash_for_xml_tailoring_file_path(:id => file.id), :data => { :no_turbolink => true })
|
25
|
+
) %>
|
26
|
+
</td>
|
27
|
+
</tr>
|
28
|
+
<% end %>
|
29
|
+
</table>
|
@@ -0,0 +1,21 @@
|
|
1
|
+
<% content_for(:title, _("Tailoring Files")) %>
|
2
|
+
<div class="blank-slate-pf">
|
3
|
+
<div class="blank-slate-pf-icon">
|
4
|
+
<%= icon_text("key", "", :kind => "fa") %>
|
5
|
+
</div>
|
6
|
+
<h1><%= _('Tailoring Files') %></h1>
|
7
|
+
<p><%= _('It may sometimes be required to adjust the security policy to your specific needs. ') %></br>
|
8
|
+
<%= (_('In Foreman, tailoring_files represent the custom modifications to default XCCDF profiles and they can be applied to hosts
|
9
|
+
via %s') % link_to('compliance policies', policies_path)).html_safe %>
|
10
|
+
</p>
|
11
|
+
<% proxy_check = run_tailoring_proxy_check %>
|
12
|
+
<div class="blank-slate-pf-main-action">
|
13
|
+
<%= new_link(_('New Tailoring File'), {}, { :class => "btn-lg", :disabled => !proxy_check.pass? }) %>
|
14
|
+
</div>
|
15
|
+
|
16
|
+
<p>
|
17
|
+
<% unless proxy_check.pass? %>
|
18
|
+
<%= alert :class => 'alert-warning', :header => '', :text => proxy_check.message.html_safe %>
|
19
|
+
<% end %>
|
20
|
+
</p>
|
21
|
+
</div>
|
data/config/routes.rb
CHANGED
@@ -25,6 +25,7 @@ Rails.application.routes.draw do
|
|
25
25
|
collection do
|
26
26
|
get 'auto_complete_search'
|
27
27
|
post 'scap_content_selected'
|
28
|
+
post 'tailoring_file_selected'
|
28
29
|
get 'select_multiple_hosts'
|
29
30
|
post 'update_multiple_hosts'
|
30
31
|
get 'disassociate_multiple_hosts'
|
@@ -38,6 +39,21 @@ Rails.application.routes.draw do
|
|
38
39
|
end
|
39
40
|
end
|
40
41
|
|
42
|
+
resources :tailoring_files, :except => [:show] do
|
43
|
+
member do
|
44
|
+
get 'xml'
|
45
|
+
end
|
46
|
+
collection do
|
47
|
+
get 'auto_complete_search'
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
resources :openscap_proxies, :only => [] do
|
52
|
+
member do
|
53
|
+
get 'openscap_spool'
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
41
57
|
resources :hosts, :only => [:show], :as => :compliance_hosts, :controller => :compliance_hosts
|
42
58
|
end
|
43
59
|
|
@@ -50,9 +66,15 @@ Rails.application.routes.draw do
|
|
50
66
|
get 'xml'
|
51
67
|
end
|
52
68
|
end
|
69
|
+
resources :tailoring_files, :except => [:new, :edit] do
|
70
|
+
member do
|
71
|
+
get 'xml'
|
72
|
+
end
|
73
|
+
end
|
53
74
|
resources :policies, :except => [:new, :edit] do
|
54
75
|
member do
|
55
76
|
get 'content'
|
77
|
+
get 'tailoring'
|
56
78
|
end
|
57
79
|
end
|
58
80
|
resources :arf_reports, :only => [:index, :show, :destroy] do
|
@@ -0,0 +1,23 @@
|
|
1
|
+
class CreateTailoringFiles < ActiveRecord::Migration
|
2
|
+
def up
|
3
|
+
create_table :foreman_openscap_tailoring_files do |t|
|
4
|
+
t.string :name, :unique => true, :null => false
|
5
|
+
t.text :scap_file
|
6
|
+
t.string :original_filename
|
7
|
+
t.datetime :created_at
|
8
|
+
t.datetime :updated_at
|
9
|
+
t.string :digest, :null => false
|
10
|
+
end
|
11
|
+
|
12
|
+
add_column :foreman_openscap_policies, :tailoring_file_id, :integer, :references => :tailoring_file
|
13
|
+
add_column :foreman_openscap_policies, :tailoring_file_profile_id, :integer, :references => :scap_content_profile
|
14
|
+
add_column :foreman_openscap_scap_content_profiles, :tailoring_file_id, :integer, :references => :tailoring_file
|
15
|
+
end
|
16
|
+
|
17
|
+
def down
|
18
|
+
remove_column :foreman_openscap_policies, :tailoring_file_id
|
19
|
+
remove_column :foreman_openscap_policies, :tailoring_file_profile_id
|
20
|
+
remove_column :foreman_openscap_scap_content_profiles, :tailoring_file_id
|
21
|
+
drop_table :foreman_openscap_tailoring_files
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
class AddPermissionsToArfReport < ActiveRecord::Migration
|
2
|
+
def up
|
3
|
+
Permission.where(:name => %w(view_arf_reports destroy_arf_reports)).
|
4
|
+
update_all(:resource_type => 'ForemanOpenscap::ArfReport')
|
5
|
+
end
|
6
|
+
|
7
|
+
def down
|
8
|
+
Permission.where(:name => %w(view_arf_reports destroy_arf_reports)).
|
9
|
+
update_all(:resource_type => '')
|
10
|
+
end
|
11
|
+
end
|
@@ -53,10 +53,13 @@ module ForemanOpenscap
|
|
53
53
|
permission :view_arf_reports, {:arf_reports => [:index, :show, :parse_html, :show_html,
|
54
54
|
:parse_bzip, :auto_complete_search],
|
55
55
|
'api/v2/compliance/arf_reports' => [:index, :show, :download],
|
56
|
-
:compliance_hosts => [:show]}
|
56
|
+
:compliance_hosts => [:show]},
|
57
|
+
:resource_type => 'ForemanOpenscap::ArfReport'
|
57
58
|
permission :destroy_arf_reports, {:arf_reports => [:destroy, :delete_multiple, :submit_delete_multiple],
|
58
|
-
'api/v2/compliance/arf_reports' => [:destroy]}
|
59
|
-
|
59
|
+
'api/v2/compliance/arf_reports' => [:destroy]},
|
60
|
+
:resource_type => 'ForemanOpenscap::ArfReport'
|
61
|
+
permission :create_arf_reports, {'api/v2/compliance/arf_reports' => [:create]},
|
62
|
+
:resource_type => 'ForemanOpenscap::ArfReport'
|
60
63
|
|
61
64
|
permission :view_policies, {:policies => [:index, :show, :parse, :auto_complete_search],
|
62
65
|
:policy_dashboard => [:index],
|
@@ -90,12 +93,30 @@ module ForemanOpenscap
|
|
90
93
|
:resource_type => 'ForemanOpenscap::ScapContent'
|
91
94
|
permission :edit_hosts, { :hosts => [:openscap_proxy_changed] }, :resource_type => "Host"
|
92
95
|
permission :edit_hostgroups, { :hostgroups => [:openscap_proxy_changed] }, :resource_type => "Hostgroup"
|
96
|
+
permission :create_tailoring_files, { :tailoring_files => [:create, :new],
|
97
|
+
'api/v2/compliance/tailoring_files' => [:create]},
|
98
|
+
:resource_type => 'ForemanOpenscap::TailoringFile'
|
99
|
+
permission :view_tailoring_files, { :tailoring_files => [:index, :auto_complete_search, :xml],
|
100
|
+
:policies => [:tailoring_file_selected],
|
101
|
+
'api/v2/compliance/tailoring_files' => [:show, :xml, :index],
|
102
|
+
'api/v2/compliance/policies' => [:tailoring] },
|
103
|
+
:resource_type => 'ForemanOpenscap::TailoringFile'
|
104
|
+
permission :edit_tailoring_files, { :tailoring_files => [:edit, :update],
|
105
|
+
'api/v2/compliance/tailoring_files' => [:update] },
|
106
|
+
:resource_type => 'ForemanOpenscap::TailoringFile'
|
107
|
+
permission :destroy_tailoring_files, { :tailoring_files => [:destroy],
|
108
|
+
'api/v2/compliance/tailoring_files' => [:destroy] },
|
109
|
+
:resource_type => 'ForemanOpenscap::TailoringFile'
|
110
|
+
permission :view_openscap_proxies, { :openscap_proxies => [:openscap_spool] },
|
111
|
+
:resource_type => 'SmartProxy'
|
93
112
|
end
|
94
113
|
|
95
|
-
role "Compliance viewer", [:view_arf_reports, :view_policies, :view_scap_contents]
|
114
|
+
role "Compliance viewer", [:view_arf_reports, :view_policies, :view_scap_contents, :view_tailoring_files, :view_openscap_proxies]
|
96
115
|
role "Compliance manager", [:view_arf_reports, :view_policies, :view_scap_contents,
|
97
116
|
:destroy_arf_reports, :edit_policies, :edit_scap_contents, :assign_policies,
|
98
|
-
:create_policies, :create_scap_contents, :destroy_policies, :destroy_scap_contents
|
117
|
+
:create_policies, :create_scap_contents, :destroy_policies, :destroy_scap_contents,
|
118
|
+
:create_tailoring_files, :view_tailoring_files, :edit_tailoring_files, :destroy_tailoring_files,
|
119
|
+
:view_openscap_proxies]
|
99
120
|
role "Create ARF report", [:create_arf_reports] # special as only Proxy can create
|
100
121
|
|
101
122
|
#add menu entries
|
@@ -109,6 +130,10 @@ module ForemanOpenscap
|
|
109
130
|
menu :top_menu, :compliance_reports, :caption => N_('Reports'),
|
110
131
|
:url_hash => {:controller => :arf_reports, :action => :index},
|
111
132
|
:parent => :hosts_menu
|
133
|
+
menu :top_menu, :compliance_files, :caption => N_('Tailoring Files'),
|
134
|
+
:url_hash => {:controller => :tailoring_files, :action => :index},
|
135
|
+
:parent => :hosts_menu
|
136
|
+
|
112
137
|
|
113
138
|
# add dashboard widget
|
114
139
|
widget 'compliance_host_reports_widget',
|