RubyGems - foreman_openscap - Versions diffs - 0.6.3 → 0.6.4 - Mend

foreman_openscap 0.6.3 → 0.6.4

Files changed (69) hide show

data/app/views/api/v2/compliance/policies/base.json.rabl CHANGED

@@ -3,4 +3,5 @@ object @policy
 extends "api/v2/compliance/common/org"
 extends "api/v2/compliance/common/loc"
-attributes :id, :name, :period, :weekday, :description, :scap_content_id, :scap_content_profile_id, :day_of_month, :cron_line
+attributes :id, :name, :period, :weekday, :description, :scap_content_id, :scap_content_profile_id, :day_of_month, :cron_line,
+  :tailoring_file_id, :tailoring_file_profile_id

data/app/views/api/v2/compliance/tailoring_files/base.json.rabl ADDED

@@ -0,0 +1,6 @@
+object @tailoring_file
+extends "api/v2/compliance/common/org"
+extends "api/v2/compliance/common/loc"
+attributes :id, :name, :original_filename, :digest

data/app/views/api/v2/compliance/tailoring_files/index.json.rabl ADDED

@@ -0,0 +1,3 @@
+collection @tailoring_files
+extends "api/v2/compliance/tailoring_files/main"

data/app/views/api/v2/compliance/tailoring_files/main.json.rabl ADDED

@@ -0,0 +1,5 @@
+object @tailoring_file
+extends "api/v2/compliance/tailoring_files/base"
+attributes :created_at, :updated_at

data/app/views/api/v2/compliance/tailoring_files/show.json.rabl ADDED

@@ -0,0 +1,7 @@
+object @tailoring_file
+extends "api/v2/compliance/tailoring_files/main"
+child :scap_content_profiles => :tailoring_file_profiles do |profile|
+  attributes :id, :profile_id, :title
+end

data/app/views/arf_reports/_list.html.erb CHANGED

@@ -27,8 +27,9 @@
       <td><%= report_arf_column(arf_report.failed, "label-danger") %></th>
       <td><%= report_arf_column(arf_report.othered, "label-warning") %></th>
       <td>
-        <%= display_delete_if_authorized(hash_for_arf_report_path(:id => arf_report.id),
-                                         :confirm => _("Delete compliance report for %s?") % arf_report.host)
+        <%= action_buttons(display_delete_if_authorized(hash_for_arf_report_path(:id => arf_report.id),
+                                                        :confirm => _("Delete compliance report for %s?") % arf_report.host),
+                           display_link_if_authorized(_("Full Report"), hash_for_show_html_arf_report_path(:id => arf_report.id)))
         %>
       </td>
     </tr>

data/app/views/dashboard/_compliance_host_reports_widget.html.erb CHANGED

@@ -3,14 +3,14 @@
 <% if latest_reports.empty? %>
   <p class="ca"><%= _("No reports available") %></p>
 <% else %>
-  <table class="table table-striped ellipsis">
+  <table class="table table-striped table-fixed">
     <tr>
       <%= latest_compliance_headers %>
     </tr>
     <% latest_reports.each do |report| %>
       <tr>
-        <td><%= link_to h(report.host.nil? ? _('Host does not exist anymore') : report.host.name), arf_report_path(report) %></td>
-        <td><%= report.policy.nil? ? _('Policy is missing') :  link_to(h(report.policy.name), policy_dashboard_policy_path(report.policy)) %></td>
+        <td class="ellipsis"><%= link_to h(report.host.nil? ? _('Host does not exist anymore') : report.host.name), arf_report_path(report) %></td>
+        <td class="ellipsis"><%= report.policy.nil? ? _('Policy is missing') :  link_to(h(report.policy.name), policy_dashboard_policy_path(report.policy)) %></td>
         <td class="ca"><%= report_event_column(report.passed, "label-success")  %></td>
         <td class="ca"><%= report_event_column(report.failed, "label-danger")  %></td>
         <td class="ca"><%= report_event_column(report.othered, "label-info")  %></td>

data/app/views/policies/_form.html.erb CHANGED

@@ -26,6 +26,15 @@
       <span id="scap_content_profile_select">
         <%= scap_content_profile_selector(f) %>
       </span>
+      <span>
+        <%= tailoring_file_selector(f) %>
+      </span>
+      <span id="tailoring_file_profile_select">
+        <% if @policy.tailoring_file %>
+          <%= render 'tailoring_file_selected', :f => f, :policy => @policy, :tailoring_file => @policy.tailoring_file  %>
+        <% end %>
+      </span>
     </div>
     <div class="tab-pane" id="scap_schedule">
       <%= select_f(f, :period, %w[Weekly Monthly Custom], :downcase, :to_s,

data/app/views/policies/_list.html.erb CHANGED

@@ -1,8 +1,10 @@
 <table class="table table-bordered table-striped table-fixed">
   <tr>
-    <th>Name</th>
-    <th>Content</th>
-    <th>Profile</th>
+    <th><%= _('Name') %></th>
+    <th><%= _('Content') %></th>
+    <th><%= _('Profile') %></th>
+    <th><%= _('Tailoring File') %></th>
+    <th><%= _('Effective Profile') %></th>
     <th></th>
   </tr>
   <% for policy in @policies %>
@@ -17,7 +19,17 @@
         <% end %>
       </td>
       <td>
-        <%= policy.scap_content_profile.nil? ? "Default" : policy.scap_content_profile.title %>
+        <%= policy_profile_from_scap_content policy %>
+      </td>
+      <td>
+        <% if policy.tailoring_file %>
+          <%=  link_to_if_authorized policy.tailoring_file.name, hash_for_edit_tailoring_file_path(:id => policy.tailoring_file_id) %>
+        <% else %>
+          <%= _('None') %>
+        <% end%>
+      </td>
+      <td>
+        <%= effective_policy_profile policy %>
       </td>
       <td>
         <%= action_buttons(

data/app/views/policies/_tailoring_file_selected.html.erb ADDED

@@ -0,0 +1,3 @@
+<%= fields_for policy do |f| %>
+    <%= tailoring_file_profile_selector(f, tailoring_file) %>
+<% end %>

data/app/views/policies/steps/_scap_content_form.html.erb CHANGED

@@ -5,5 +5,13 @@
   <span id="scap_content_profile_select">
     <%= scap_content_profile_selector(f) %>
   </span>
+  <span>
+    <%= tailoring_file_selector(f) %>
+  </span>
+  <span id="tailoring_file_profile_select">
+    <% if @policy.tailoring_file %>
+      <%= render 'tailoring_file_selected', :f => f, :policy => @policy, :tailoring_file => @policy.tailoring_file  %>
+    <% end %>
+  </span>
 </div>

data/app/views/policies/welcome.html.erb CHANGED

@@ -1,15 +1,14 @@
-<% title_actions display_link_if_authorized(_("New Compliance Policy"), hash_for_new_policy_path, :class => "btn btn-default") %>
-<% title _("Compliance policy configuration") %>
-<div id="welcome">
-  <p>
-    <%= _('A compliance policy is defined by security professionals who specify desired ' +
-          'settings (often in the form of a checklist) that are to be used in the computing ' +
-          'environment. Compliance audit is a process of figuring out whether a given object ' +
-          'follows all the rules written out in a compliance policy.') %>
-  </p>
-  <p>
-    <%= (_('In Foreman, a compliance policy checklist is defined via %s, once SCAP content ' +
-           'is present, you can create a policy, assign select host groups and schedule to run.') % link_to(_('SCAP content'), scap_contents_path)).html_safe %>
+<% content_for(:title, _("Compliance Policies")) %>
+<div class="blank-slate-pf">
+  <div class="blank-slate-pf-icon">
+    <%= icon_text("key", "", :kind => "fa") %>
+  </div>
+  <h1><%= _('Compliance Policies') %></h1>
+  <p><%= (_('In Foreman, a compliance policy checklist is defined via %s.') % link_to(_('SCAP content'), scap_contents_path)).html_safe %></br>
+    <%= _('Once SCAP content is present, you can create a policy, assign select host groups and schedule to run.') %>
   </p>
+  <div class="blank-slate-pf-main-action">
+    <%= new_link(_('New Policy'), {}, { :class => "btn-lg" }) %>
+  </div>
 </div>

data/app/views/scap_contents/_list.html.erb CHANGED

@@ -15,7 +15,7 @@
       <td>
         <%= action_buttons(
                 display_link_if_authorized(_("Edit"), hash_for_edit_scap_content_path(:id => content.id)),
-                display_link_if_authorized(_("Download"), hash_for_scap_content_path(:id => content.id)),
+		display_link_if_authorized(_("Download"), hash_for_scap_content_path(:id => content.id), :data => { :no_turbolink => true }),
                 display_delete_if_authorized(hash_for_scap_content_path(:id => content.id),
                                              :confirm => _("Delete compliance policy %s with all the reports?") % content.title)
             ) %>

data/app/views/scap_contents/welcome.html.erb CHANGED

@@ -1,15 +1,16 @@
-<% title_actions display_link_if_authorized(_("New SCAP content"), hash_for_new_scap_content_path, :class => "btn btn-default") %>
-<% title _("SCAP content configuration") %>
-<div id="welcome">
-  <p>
-  <%= _('The Security Content Automation Protocol (SCAP), combines a number of open standards that are used to enumerate software flaws and
-        configuration issues related to security. They measure systems to find vulnerabilities and offer methods to score those findings in order
-        to evaluate the possible impact. It is a method for using those open standards for automated vulnerability management, measurement,
-        and policy compliance evaluation. ') %><small><%= (_('Source: Wikipedia %s') % link_to(_('read more'), 'http://en.wikipedia.org/wiki/Security_Content_Automation_Protocol')).html_safe %></small>
-  </p>
-  <p>
-    <%= (_("In Foreman, scap_contents represent the SCAP security guides on your hosts, and create SCAP profiles for you to assign to hosts / host groups
-          via %s") % link_to('compliance policies', policies_path)).html_safe %>
+<% content_for(:title, _("SCAP Content")) %>
+<div class="blank-slate-pf">
+  <div class="blank-slate-pf-icon">
+    <%= icon_text("key", "", :kind => "fa") %>
+  </div>
+  <h1><%= _('SCAP Content') %></h1>
+  <p><%= _('The Security Content Automation Protocol (SCAP), combines a number of open standards that are used to enumerate software flaws and
+        configuration issues related to security. ') %></br>
+    <%= (_('In Foreman, scap_contents represent the SCAP security guides on your hosts, and create SCAP profiles for you to assign to hosts / host groups
+    via %s') % link_to('compliance policies', policies_path)).html_safe %>
   </p>
+  <div class="blank-slate-pf-main-action">
+    <%= new_link(_('New SCAP Content'), {}, { :class => "btn-lg" }) %>
+  </div>
 </div>

data/app/views/smart_proxies/_openscap_spool.html.erb ADDED

@@ -0,0 +1,9 @@
+<span>
+  <% if last_error %>
+    <span>
+      <a href="#logs" onclick="findSpoolLogs();"><%= _('%s ago') % time_ago_in_words(Time.at(last_error["timestamp"])) %></a>
+    </span>
+  <% else %>
+    <%= _('None found') %>
+  <% end %>
+</span>

data/app/views/smart_proxies/plugins/_openscap.html.erb ADDED

@@ -0,0 +1,12 @@
+<%= javascript 'foreman_openscap/openscap_proxy' %>
+<div class="row">
+  <h3><%= feature %></h3>
+</div>
+<%= show_feature_version(feature.downcase) %>
+<div class="row">
+  <% msg = _("Proxy failed to send a report from spool to Foreman. This indicates a corrupted report format. Report has been moved to directory for storing corrupted files on proxy for later inspection.") %>
+  <div class="col-md-4"><%= _('Last spool error') %>&nbsp;<%= popover("", msg) %></div>
+  <div class="col-md-8" data-ajax-url="<%= openscap_spool_openscap_proxy_path(:smart_proxy_id => @smart_proxy) %>">
+      <%= spinner %>
+  </div>
+</div>

data/app/views/tailoring_files/_form.html.erb ADDED

@@ -0,0 +1,25 @@
+<%= form_for @tailoring_file,
+    :url => (@tailoring_file.id? ?
+        tailoring_file_path(:id => @tailoring_file.id) : tailoring_files_path),
+    :html => { :multipart => true } do |f| %>
+  <%= base_errors_for @tailoring_file %>
+  <ul class="nav nav-tabs" data-tabs="tabs">
+    <li class="active"><a href="#primary" data-toggle="tab"><%= _("File Upload") %></a></li>
+    <% if show_location_tab? %>
+      <li><a href='#locations' data-toggle='tab'><%= _('Locations') %></a></li>
+    <% end %>
+    <% if show_organization_tab? %>
+      <li><a href='#organizations' data-toggle='tab'><%= _('Organizations') %></a></li>
+    <% end %>
+  </ul>
+  <div class="tab-content">
+    <div class="tab-pane active" id="primary">
+      <%= text_f(f, :name) %>
+      <%= file_field_f f, :scap_file, :help_block  => _("Upload DataStream Tailoring file") %>
+    </div>
+    <%= render 'taxonomies/loc_org_tabs', :f => f, :obj => @tailoring_file %>
+    <%= submit_or_cancel f %>
+  </div>
+<% end %>

data/app/views/tailoring_files/_list.html.erb ADDED

@@ -0,0 +1,29 @@
+<table class="table table-bordered table-striped table-fixed">
+  <tr>
+    <th class="col-md-4"><%= _('Name')%></th>
+    <th class="col-md-4"><%= _('Filename') %></th>
+    <th class="col-md-3"><%= _('Created') %></th>
+    <th class="col-md-1"></th>
+  </tr>
+  <% @tailoring_files.each do |file| %>
+    <tr>
+      <td class="ellipsis">
+        <%= file.name %>
+      </td>
+      <td>
+        <%= file.original_filename %>
+      </td>
+      <td>
+        <%= _("%s ago") % time_ago_in_words(file.created_at.getlocal) %>
+      </td>
+      <td>
+        <%= action_buttons(
+                display_link_if_authorized(_("Edit"), hash_for_edit_tailoring_file_path(:id => file.id)),
+                display_delete_if_authorized(hash_for_tailoring_file_path(:id => file.id),
+                                             :confirm => _("Delete tailoring file %s?") % file.name),
+                display_link_if_authorized(_("Download"), hash_for_xml_tailoring_file_path(:id => file.id), :data => { :no_turbolink => true })
+            ) %>
+      </td>
+    </tr>
+  <% end %>
+</table>

data/app/views/tailoring_files/edit.html.erb ADDED

@@ -0,0 +1,3 @@
+<% title _("Edit Tailoring File") %>
+<%= render :partial => 'form' %>

data/app/views/tailoring_files/index.html.erb ADDED

@@ -0,0 +1,3 @@
+<% title _("Tailoring Files") %>
+<% title_actions(display_link_if_authorized(_("Upload New Tailoring file"), hash_for_new_tailoring_file_path, :class => 'btn btn-default')) %>
+<%= render :partial => 'list' %>

data/app/views/tailoring_files/new.html.erb ADDED

@@ -0,0 +1,3 @@
+<% title _("Upload new Tailoring File") %>
+<%= render :partial => 'form' %>

data/app/views/tailoring_files/welcome.html.erb ADDED

@@ -0,0 +1,21 @@
+<% content_for(:title, _("Tailoring Files")) %>
+<div class="blank-slate-pf">
+  <div class="blank-slate-pf-icon">
+    <%= icon_text("key", "", :kind => "fa") %>
+  </div>
+  <h1><%= _('Tailoring Files') %></h1>
+  <p><%= _('It may sometimes be required to adjust the security policy to your specific needs. ') %></br>
+    <%= (_('In Foreman, tailoring_files represent the custom modifications to default XCCDF profiles and they can be applied to hosts
+    via %s') % link_to('compliance policies', policies_path)).html_safe %>
+  </p>
+  <% proxy_check = run_tailoring_proxy_check %>
+  <div class="blank-slate-pf-main-action">
+    <%= new_link(_('New Tailoring File'), {}, { :class => "btn-lg", :disabled => !proxy_check.pass? }) %>
+  </div>
+  <p>
+  <% unless proxy_check.pass? %>
+    <%= alert :class => 'alert-warning', :header => '', :text => proxy_check.message.html_safe %>
+  <% end %>
+  </p>
+</div>

data/config/routes.rb CHANGED

@@ -25,6 +25,7 @@ Rails.application.routes.draw do
       collection do
         get 'auto_complete_search'
         post 'scap_content_selected'
+        post 'tailoring_file_selected'
         get 'select_multiple_hosts'
         post 'update_multiple_hosts'
         get 'disassociate_multiple_hosts'
@@ -38,6 +39,21 @@ Rails.application.routes.draw do
       end
     end
+    resources :tailoring_files, :except => [:show] do
+      member do
+        get 'xml'
+      end
+      collection do
+        get 'auto_complete_search'
+      end
+    end
+    resources :openscap_proxies, :only => [] do
+      member do
+        get 'openscap_spool'
+      end
+    end
     resources :hosts, :only => [:show], :as => :compliance_hosts, :controller => :compliance_hosts
   end
@@ -50,9 +66,15 @@ Rails.application.routes.draw do
             get 'xml'
           end
         end
+        resources :tailoring_files, :except => [:new, :edit] do
+          member do
+            get 'xml'
+          end
+        end
         resources :policies, :except => [:new, :edit] do
           member do
             get 'content'
+            get 'tailoring'
           end
         end
         resources :arf_reports, :only => [:index, :show, :destroy] do

data/db/migrate/20161109155255_create_tailoring_files.rb ADDED

@@ -0,0 +1,23 @@
+class CreateTailoringFiles < ActiveRecord::Migration
+  def up
+    create_table :foreman_openscap_tailoring_files do |t|
+      t.string :name, :unique => true, :null => false
+      t.text :scap_file
+      t.string :original_filename
+      t.datetime :created_at
+      t.datetime :updated_at
+      t.string :digest, :null => false
+    end
+    add_column :foreman_openscap_policies, :tailoring_file_id, :integer, :references => :tailoring_file
+    add_column :foreman_openscap_policies, :tailoring_file_profile_id, :integer, :references => :scap_content_profile
+    add_column :foreman_openscap_scap_content_profiles, :tailoring_file_id, :integer, :references => :tailoring_file
+  end
+  def down
+    remove_column :foreman_openscap_policies, :tailoring_file_id
+    remove_column :foreman_openscap_policies, :tailoring_file_profile_id
+    remove_column :foreman_openscap_scap_content_profiles, :tailoring_file_id
+    drop_table :foreman_openscap_tailoring_files
+  end
+end

data/db/migrate/20161223153249_add_permissions_to_arf_report.rb ADDED

@@ -0,0 +1,11 @@
+class AddPermissionsToArfReport < ActiveRecord::Migration
+  def up
+    Permission.where(:name => %w(view_arf_reports destroy_arf_reports)).
+      update_all(:resource_type => 'ForemanOpenscap::ArfReport')
+  end
+  def down
+    Permission.where(:name => %w(view_arf_reports destroy_arf_reports)).
+      update_all(:resource_type => '')
+  end
+end

data/lib/foreman_openscap/engine.rb CHANGED

@@ -53,10 +53,13 @@ module ForemanOpenscap
           permission :view_arf_reports, {:arf_reports => [:index, :show, :parse_html, :show_html,
                                                           :parse_bzip, :auto_complete_search],
                                          'api/v2/compliance/arf_reports' => [:index, :show, :download],
-                                         :compliance_hosts => [:show]}
+                                         :compliance_hosts => [:show]},
+                     :resource_type => 'ForemanOpenscap::ArfReport'
           permission :destroy_arf_reports, {:arf_reports => [:destroy, :delete_multiple, :submit_delete_multiple],
-                                            'api/v2/compliance/arf_reports' => [:destroy]}
-          permission :create_arf_reports, {'api/v2/compliance/arf_reports' => [:create]}
+                                            'api/v2/compliance/arf_reports' => [:destroy]},
+                     :resource_type => 'ForemanOpenscap::ArfReport'
+          permission :create_arf_reports, {'api/v2/compliance/arf_reports' => [:create]},
+                     :resource_type => 'ForemanOpenscap::ArfReport'
           permission :view_policies, {:policies => [:index, :show, :parse, :auto_complete_search],
                                                  :policy_dashboard => [:index],
@@ -90,12 +93,30 @@ module ForemanOpenscap
                      :resource_type => 'ForemanOpenscap::ScapContent'
           permission :edit_hosts, { :hosts => [:openscap_proxy_changed] }, :resource_type => "Host"
           permission :edit_hostgroups, { :hostgroups => [:openscap_proxy_changed] }, :resource_type => "Hostgroup"
+          permission :create_tailoring_files, { :tailoring_files => [:create, :new],
+                                                'api/v2/compliance/tailoring_files' => [:create]},
+                     :resource_type => 'ForemanOpenscap::TailoringFile'
+          permission :view_tailoring_files, { :tailoring_files => [:index, :auto_complete_search, :xml],
+                                              :policies => [:tailoring_file_selected],
+                                              'api/v2/compliance/tailoring_files' => [:show, :xml, :index],
+                                              'api/v2/compliance/policies' => [:tailoring] },
+                      :resource_type => 'ForemanOpenscap::TailoringFile'
+          permission :edit_tailoring_files, { :tailoring_files => [:edit, :update],
+                                              'api/v2/compliance/tailoring_files' => [:update] },
+                      :resource_type => 'ForemanOpenscap::TailoringFile'
+          permission :destroy_tailoring_files, { :tailoring_files => [:destroy],
+                                                 'api/v2/compliance/tailoring_files' => [:destroy] },
+                      :resource_type => 'ForemanOpenscap::TailoringFile'
+          permission :view_openscap_proxies, { :openscap_proxies => [:openscap_spool] },
+                      :resource_type => 'SmartProxy'
         end
-        role "Compliance viewer", [:view_arf_reports, :view_policies, :view_scap_contents]
+        role "Compliance viewer", [:view_arf_reports, :view_policies, :view_scap_contents, :view_tailoring_files, :view_openscap_proxies]
         role "Compliance manager", [:view_arf_reports, :view_policies, :view_scap_contents,
                                     :destroy_arf_reports, :edit_policies, :edit_scap_contents, :assign_policies,
-                                    :create_policies, :create_scap_contents, :destroy_policies, :destroy_scap_contents]
+                                    :create_policies, :create_scap_contents, :destroy_policies, :destroy_scap_contents,
+                                    :create_tailoring_files, :view_tailoring_files, :edit_tailoring_files, :destroy_tailoring_files,
+                                    :view_openscap_proxies]
         role "Create ARF report", [:create_arf_reports] # special as only Proxy can create
         #add menu entries
@@ -109,6 +130,10 @@ module ForemanOpenscap
         menu :top_menu, :compliance_reports, :caption => N_('Reports'),
              :url_hash => {:controller => :arf_reports, :action => :index},
              :parent => :hosts_menu
+        menu :top_menu, :compliance_files, :caption => N_('Tailoring Files'),
+             :url_hash => {:controller => :tailoring_files, :action => :index},
+             :parent => :hosts_menu
         # add dashboard widget
         widget 'compliance_host_reports_widget',