RubyGems - foreman_openscap - Versions diffs - 0.6.3 → 0.6.4 - Mend

foreman_openscap 0.6.3 → 0.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (69) hide show

data/app/views/api/v2/compliance/policies/base.json.rabl CHANGED

@@ -3,4 +3,5 @@ object @policy
 extends "api/v2/compliance/common/org"
 extends "api/v2/compliance/common/loc"
-attributes :id, :name, :period, :weekday, :description, :scap_content_id, :scap_content_profile_id, :day_of_month, :cron_line
+attributes :id, :name, :period, :weekday, :description, :scap_content_id, :scap_content_profile_id, :day_of_month, :cron_line,
+  :tailoring_file_id, :tailoring_file_profile_id

data/app/views/api/v2/compliance/tailoring_files/base.json.rabl ADDED

@@ -0,0 +1,6 @@
+object @tailoring_file
+extends "api/v2/compliance/common/org"
+extends "api/v2/compliance/common/loc"
+attributes :id, :name, :original_filename, :digest

data/app/views/api/v2/compliance/tailoring_files/index.json.rabl ADDED

@@ -0,0 +1,3 @@
+collection @tailoring_files
+extends "api/v2/compliance/tailoring_files/main"

data/app/views/api/v2/compliance/tailoring_files/main.json.rabl ADDED

@@ -0,0 +1,5 @@
+object @tailoring_file
+extends "api/v2/compliance/tailoring_files/base"
+attributes :created_at, :updated_at

data/app/views/api/v2/compliance/tailoring_files/show.json.rabl ADDED

@@ -0,0 +1,7 @@
+object @tailoring_file
+extends "api/v2/compliance/tailoring_files/main"
+child :scap_content_profiles => :tailoring_file_profiles do |profile|
+  attributes :id, :profile_id, :title
+end

data/app/views/arf_reports/_list.html.erb CHANGED

@@ -27,8 +27,9 @@
       <td><%= report_arf_column(arf_report.failed, "label-danger") %></th>
       <td><%= report_arf_column(arf_report.othered, "label-warning") %></th>
       <td>
-        <%= display_delete_if_authorized(hash_for_arf_report_path(:id => arf_report.id),
-                                         :confirm => _("Delete compliance report for %s?") % arf_report.host)
+        <%= action_buttons(display_delete_if_authorized(hash_for_arf_report_path(:id => arf_report.id),
+                                                        :confirm => _("Delete compliance report for %s?") % arf_report.host),
+                           display_link_if_authorized(_("Full Report"), hash_for_show_html_arf_report_path(:id => arf_report.id)))
         %>
       </td>
     </tr>

data/app/views/dashboard/_compliance_host_reports_widget.html.erb CHANGED

@@ -3,14 +3,14 @@
 <% if latest_reports.empty? %>
   <p class="ca"><%= _("No reports available") %></p>
 <% else %>
-  <table class="table table-striped ellipsis">
+  <table class="table table-striped table-fixed">
     <tr>
       <%= latest_compliance_headers %>
     </tr>
     <% latest_reports.each do |report| %>
       <tr>
-        <td><%= link_to h(report.host.nil? ? _('Host does not exist anymore') : report.host.name), arf_report_path(report) %></td>
-        <td><%= report.policy.nil? ? _('Policy is missing') :  link_to(h(report.policy.name), policy_dashboard_policy_path(report.policy)) %></td>
+        <td class="ellipsis"><%= link_to h(report.host.nil? ? _('Host does not exist anymore') : report.host.name), arf_report_path(report) %></td>
+        <td class="ellipsis"><%= report.policy.nil? ? _('Policy is missing') :  link_to(h(report.policy.name), policy_dashboard_policy_path(report.policy)) %></td>
         <td class="ca"><%= report_event_column(report.passed, "label-success")  %></td>
         <td class="ca"><%= report_event_column(report.failed, "label-danger")  %></td>
         <td class="ca"><%= report_event_column(report.othered, "label-info")  %></td>

data/app/views/policies/_form.html.erb CHANGED

@@ -26,6 +26,15 @@
       <span id="scap_content_profile_select">
         <%= scap_content_profile_selector(f) %>
       </span>
+      <span>
+        <%= tailoring_file_selector(f) %>
+      </span>
+      <span id="tailoring_file_profile_select">
+        <% if @policy.tailoring_file %>
+          <%= render 'tailoring_file_selected', :f => f, :policy => @policy, :tailoring_file => @policy.tailoring_file  %>
+        <% end %>
+      </span>
     </div>
     <div class="tab-pane" id="scap_schedule">
       <%= select_f(f, :period, %w[Weekly Monthly Custom], :downcase, :to_s,

data/app/views/policies/_list.html.erb CHANGED

@@ -1,8 +1,10 @@
 <table class="table table-bordered table-striped table-fixed">
   <tr>
-    <th>Name</th>
-    <th>Content</th>
-    <th>Profile</th>
+    <th><%= _('Name') %></th>
+    <th><%= _('Content') %></th>
+    <th><%= _('Profile') %></th>
+    <th><%= _('Tailoring File') %></th>
+    <th><%= _('Effective Profile') %></th>
     <th></th>
   </tr>
   <% for policy in @policies %>
@@ -17,7 +19,17 @@
         <% end %>
       </td>
       <td>
-        <%= policy.scap_content_profile.nil? ? "Default" : policy.scap_content_profile.title %>
+        <%= policy_profile_from_scap_content policy %>
+      </td>
+      <td>
+        <% if policy.tailoring_file %>
+          <%=  link_to_if_authorized policy.tailoring_file.name, hash_for_edit_tailoring_file_path(:id => policy.tailoring_file_id) %>
+        <% else %>
+          <%= _('None') %>
+        <% end%>
+      </td>
+      <td>
+        <%= effective_policy_profile policy %>
       </td>
       <td>
         <%= action_buttons(

data/app/views/policies/_tailoring_file_selected.html.erb ADDED

@@ -0,0 +1,3 @@
+<%= fields_for policy do |f| %>
+    <%= tailoring_file_profile_selector(f, tailoring_file) %>
+<% end %>

data/app/views/policies/steps/_scap_content_form.html.erb CHANGED

@@ -5,5 +5,13 @@
   <span id="scap_content_profile_select">
     <%= scap_content_profile_selector(f) %>
   </span>
+  <span>
+    <%= tailoring_file_selector(f) %>
+  </span>
+  <span id="tailoring_file_profile_select">
+    <% if @policy.tailoring_file %>
+      <%= render 'tailoring_file_selected', :f => f, :policy => @policy, :tailoring_file => @policy.tailoring_file  %>
+    <% end %>
+  </span>
 </div>

data/app/views/policies/welcome.html.erb CHANGED

@@ -1,15 +1,14 @@
-<% title_actions display_link_if_authorized(_("New Compliance Policy"), hash_for_new_policy_path, :class => "btn btn-default") %>
-<% title _("Compliance policy configuration") %>
-<div id="welcome">
-  <p>
-    <%= _('A compliance policy is defined by security professionals who specify desired ' +
-          'settings (often in the form of a checklist) that are to be used in the computing ' +
-          'environment. Compliance audit is a process of figuring out whether a given object ' +
-          'follows all the rules written out in a compliance policy.') %>
-  </p>
-  <p>
-    <%= (_('In Foreman, a compliance policy checklist is defined via %s, once SCAP content ' +
-           'is present, you can create a policy, assign select host groups and schedule to run.') % link_to(_('SCAP content'), scap_contents_path)).html_safe %>
+<% content_for(:title, _("Compliance Policies")) %>
+<div class="blank-slate-pf">
+  <div class="blank-slate-pf-icon">
+    <%= icon_text("key", "", :kind => "fa") %>
+  </div>
+  <h1><%= _('Compliance Policies') %></h1>
+  <p><%= (_('In Foreman, a compliance policy checklist is defined via %s.') % link_to(_('SCAP content'), scap_contents_path)).html_safe %></br>
+    <%= _('Once SCAP content is present, you can create a policy, assign select host groups and schedule to run.') %>
   </p>
+  <div class="blank-slate-pf-main-action">
+    <%= new_link(_('New Policy'), {}, { :class => "btn-lg" }) %>
+  </div>
 </div>

data/app/views/scap_contents/_list.html.erb CHANGED

@@ -15,7 +15,7 @@
       <td>
         <%= action_buttons(
                 display_link_if_authorized(_("Edit"), hash_for_edit_scap_content_path(:id => content.id)),
-                display_link_if_authorized(_("Download"), hash_for_scap_content_path(:id => content.id)),
+		display_link_if_authorized(_("Download"), hash_for_scap_content_path(:id => content.id), :data => { :no_turbolink => true }),
                 display_delete_if_authorized(hash_for_scap_content_path(:id => content.id),
                                              :confirm => _("Delete compliance policy %s with all the reports?") % content.title)
             ) %>

data/app/views/scap_contents/welcome.html.erb CHANGED

@@ -1,15 +1,16 @@
-<% title_actions display_link_if_authorized(_("New SCAP content"), hash_for_new_scap_content_path, :class => "btn btn-default") %>
-<% title _("SCAP content configuration") %>
-<div id="welcome">
-  <p>
-  <%= _('The Security Content Automation Protocol (SCAP), combines a number of open standards that are used to enumerate software flaws and
-        configuration issues related to security. They measure systems to find vulnerabilities and offer methods to score those findings in order
-        to evaluate the possible impact. It is a method for using those open standards for automated vulnerability management, measurement,
-        and policy compliance evaluation. ') %><small><%= (_('Source: Wikipedia %s') % link_to(_('read more'), 'http://en.wikipedia.org/wiki/Security_Content_Automation_Protocol')).html_safe %></small>
-  </p>
-  <p>
-    <%= (_("In Foreman, scap_contents represent the SCAP security guides on your hosts, and create SCAP profiles for you to assign to hosts / host groups
-          via %s") % link_to('compliance policies', policies_path)).html_safe %>
+<% content_for(:title, _("SCAP Content")) %>
+<div class="blank-slate-pf">
+  <div class="blank-slate-pf-icon">
+    <%= icon_text("key", "", :kind => "fa") %>
+  </div>
+  <h1><%= _('SCAP Content') %></h1>
+  <p><%= _('The Security Content Automation Protocol (SCAP), combines a number of open standards that are used to enumerate software flaws and
+        configuration issues related to security. ') %></br>
+    <%= (_('In Foreman, scap_contents represent the SCAP security guides on your hosts, and create SCAP profiles for you to assign to hosts / host groups
+    via %s') % link_to('compliance policies', policies_path)).html_safe %>
   </p>
+  <div class="blank-slate-pf-main-action">
+    <%= new_link(_('New SCAP Content'), {}, { :class => "btn-lg" }) %>
+  </div>
 </div>

data/app/views/smart_proxies/_openscap_spool.html.erb ADDED

@@ -0,0 +1,9 @@
+<span>
+  <% if last_error %>
+    <span>
+      <a href="#logs" onclick="findSpoolLogs();"><%= _('%s ago') % time_ago_in_words(Time.at(last_error["timestamp"])) %></a>
+    </span>
+  <% else %>
+    <%= _('None found') %>
+  <% end %>
+</span>

data/app/views/smart_proxies/plugins/_openscap.html.erb ADDED

@@ -0,0 +1,12 @@
+<%= javascript 'foreman_openscap/openscap_proxy' %>
+<div class="row">
+  <h3><%= feature %></h3>
+</div>
+<%= show_feature_version(feature.downcase) %>
+<div class="row">
+  <% msg = _("Proxy failed to send a report from spool to Foreman. This indicates a corrupted report format. Report has been moved to directory for storing corrupted files on proxy for later inspection.") %>
+  <div class="col-md-4"><%= _('Last spool error') %>&nbsp;<%= popover("", msg) %></div>
+  <div class="col-md-8" data-ajax-url="<%= openscap_spool_openscap_proxy_path(:smart_proxy_id => @smart_proxy) %>">
+      <%= spinner %>
+  </div>
+</div>

data/app/views/tailoring_files/_form.html.erb ADDED

@@ -0,0 +1,25 @@
+<%= form_for @tailoring_file,
+    :url => (@tailoring_file.id? ?
+        tailoring_file_path(:id => @tailoring_file.id) : tailoring_files_path),
+    :html => { :multipart => true } do |f| %>
+  <%= base_errors_for @tailoring_file %>
+  <ul class="nav nav-tabs" data-tabs="tabs">
+    <li class="active"><a href="#primary" data-toggle="tab"><%= _("File Upload") %></a></li>
+    <% if show_location_tab? %>
+      <li><a href='#locations' data-toggle='tab'><%= _('Locations') %></a></li>
+    <% end %>
+    <% if show_organization_tab? %>
+      <li><a href='#organizations' data-toggle='tab'><%= _('Organizations') %></a></li>
+    <% end %>
+  </ul>
+  <div class="tab-content">
+    <div class="tab-pane active" id="primary">
+      <%= text_f(f, :name) %>
+      <%= file_field_f f, :scap_file, :help_block  => _("Upload DataStream Tailoring file") %>
+    </div>
+    <%= render 'taxonomies/loc_org_tabs', :f => f, :obj => @tailoring_file %>
+    <%= submit_or_cancel f %>
+  </div>
+<% end %>

data/app/views/tailoring_files/_list.html.erb ADDED

@@ -0,0 +1,29 @@
+<table class="table table-bordered table-striped table-fixed">
+  <tr>
+    <th class="col-md-4"><%= _('Name')%></th>
+    <th class="col-md-4"><%= _('Filename') %></th>
+    <th class="col-md-3"><%= _('Created') %></th>
+    <th class="col-md-1"></th>
+  </tr>
+  <% @tailoring_files.each do |file| %>
+    <tr>
+      <td class="ellipsis">
+        <%= file.name %>
+      </td>
+      <td>
+        <%= file.original_filename %>
+      </td>
+      <td>
+        <%= _("%s ago") % time_ago_in_words(file.created_at.getlocal) %>
+      </td>
+      <td>
+        <%= action_buttons(
+                display_link_if_authorized(_("Edit"), hash_for_edit_tailoring_file_path(:id => file.id)),
+                display_delete_if_authorized(hash_for_tailoring_file_path(:id => file.id),
+                                             :confirm => _("Delete tailoring file %s?") % file.name),
+                display_link_if_authorized(_("Download"), hash_for_xml_tailoring_file_path(:id => file.id), :data => { :no_turbolink => true })
+            ) %>
+      </td>
+    </tr>
+  <% end %>
+</table>

data/app/views/tailoring_files/edit.html.erb ADDED

@@ -0,0 +1,3 @@
+<% title _("Edit Tailoring File") %>
+<%= render :partial => 'form' %>

data/app/views/tailoring_files/index.html.erb ADDED

@@ -0,0 +1,3 @@
+<% title _("Tailoring Files") %>
+<% title_actions(display_link_if_authorized(_("Upload New Tailoring file"), hash_for_new_tailoring_file_path, :class => 'btn btn-default')) %>
+<%= render :partial => 'list' %>

data/app/views/tailoring_files/new.html.erb ADDED

@@ -0,0 +1,3 @@
+<% title _("Upload new Tailoring File") %>
+<%= render :partial => 'form' %>

data/app/views/tailoring_files/welcome.html.erb ADDED

@@ -0,0 +1,21 @@
+<% content_for(:title, _("Tailoring Files")) %>
+<div class="blank-slate-pf">
+  <div class="blank-slate-pf-icon">
+    <%= icon_text("key", "", :kind => "fa") %>
+  </div>
+  <h1><%= _('Tailoring Files') %></h1>
+  <p><%= _('It may sometimes be required to adjust the security policy to your specific needs. ') %></br>
+    <%= (_('In Foreman, tailoring_files represent the custom modifications to default XCCDF profiles and they can be applied to hosts
+    via %s') % link_to('compliance policies', policies_path)).html_safe %>
+  </p>
+  <% proxy_check = run_tailoring_proxy_check %>
+  <div class="blank-slate-pf-main-action">
+    <%= new_link(_('New Tailoring File'), {}, { :class => "btn-lg", :disabled => !proxy_check.pass? }) %>
+  </div>
+  <p>
+  <% unless proxy_check.pass? %>
+    <%= alert :class => 'alert-warning', :header => '', :text => proxy_check.message.html_safe %>
+  <% end %>
+  </p>
+</div>

data/config/routes.rb CHANGED

@@ -25,6 +25,7 @@ Rails.application.routes.draw do
       collection do
         get 'auto_complete_search'
         post 'scap_content_selected'
+        post 'tailoring_file_selected'
         get 'select_multiple_hosts'
         post 'update_multiple_hosts'
         get 'disassociate_multiple_hosts'
@@ -38,6 +39,21 @@ Rails.application.routes.draw do
       end
     end
+    resources :tailoring_files, :except => [:show] do
+      member do
+        get 'xml'
+      end
+      collection do
+        get 'auto_complete_search'
+      end
+    end
+    resources :openscap_proxies, :only => [] do
+      member do
+        get 'openscap_spool'
+      end
+    end
     resources :hosts, :only => [:show], :as => :compliance_hosts, :controller => :compliance_hosts
   end
@@ -50,9 +66,15 @@ Rails.application.routes.draw do
             get 'xml'
           end
         end
+        resources :tailoring_files, :except => [:new, :edit] do
+          member do
+            get 'xml'
+          end
+        end
         resources :policies, :except => [:new, :edit] do
           member do
             get 'content'
+            get 'tailoring'
           end
         end
         resources :arf_reports, :only => [:index, :show, :destroy] do

data/db/migrate/20161109155255_create_tailoring_files.rb ADDED

@@ -0,0 +1,23 @@
+class CreateTailoringFiles < ActiveRecord::Migration
+  def up
+    create_table :foreman_openscap_tailoring_files do |t|
+      t.string :name, :unique => true, :null => false
+      t.text :scap_file
+      t.string :original_filename
+      t.datetime :created_at
+      t.datetime :updated_at
+      t.string :digest, :null => false
+    end
+    add_column :foreman_openscap_policies, :tailoring_file_id, :integer, :references => :tailoring_file
+    add_column :foreman_openscap_policies, :tailoring_file_profile_id, :integer, :references => :scap_content_profile
+    add_column :foreman_openscap_scap_content_profiles, :tailoring_file_id, :integer, :references => :tailoring_file
+  end
+  def down
+    remove_column :foreman_openscap_policies, :tailoring_file_id
+    remove_column :foreman_openscap_policies, :tailoring_file_profile_id
+    remove_column :foreman_openscap_scap_content_profiles, :tailoring_file_id
+    drop_table :foreman_openscap_tailoring_files
+  end
+end

data/db/migrate/20161223153249_add_permissions_to_arf_report.rb ADDED

@@ -0,0 +1,11 @@
+class AddPermissionsToArfReport < ActiveRecord::Migration
+  def up
+    Permission.where(:name => %w(view_arf_reports destroy_arf_reports)).
+      update_all(:resource_type => 'ForemanOpenscap::ArfReport')
+  end
+  def down
+    Permission.where(:name => %w(view_arf_reports destroy_arf_reports)).
+      update_all(:resource_type => '')
+  end
+end

data/lib/foreman_openscap/engine.rb CHANGED

@@ -53,10 +53,13 @@ module ForemanOpenscap
           permission :view_arf_reports, {:arf_reports => [:index, :show, :parse_html, :show_html,
                                                           :parse_bzip, :auto_complete_search],
                                          'api/v2/compliance/arf_reports' => [:index, :show, :download],
-                                         :compliance_hosts => [:show]}
+                                         :compliance_hosts => [:show]},
+                     :resource_type => 'ForemanOpenscap::ArfReport'
           permission :destroy_arf_reports, {:arf_reports => [:destroy, :delete_multiple, :submit_delete_multiple],
-                                            'api/v2/compliance/arf_reports' => [:destroy]}
-          permission :create_arf_reports, {'api/v2/compliance/arf_reports' => [:create]}
+                                            'api/v2/compliance/arf_reports' => [:destroy]},
+                     :resource_type => 'ForemanOpenscap::ArfReport'
+          permission :create_arf_reports, {'api/v2/compliance/arf_reports' => [:create]},
+                     :resource_type => 'ForemanOpenscap::ArfReport'
           permission :view_policies, {:policies => [:index, :show, :parse, :auto_complete_search],
                                                  :policy_dashboard => [:index],
@@ -90,12 +93,30 @@ module ForemanOpenscap
                      :resource_type => 'ForemanOpenscap::ScapContent'
           permission :edit_hosts, { :hosts => [:openscap_proxy_changed] }, :resource_type => "Host"
           permission :edit_hostgroups, { :hostgroups => [:openscap_proxy_changed] }, :resource_type => "Hostgroup"
+          permission :create_tailoring_files, { :tailoring_files => [:create, :new],
+                                                'api/v2/compliance/tailoring_files' => [:create]},
+                     :resource_type => 'ForemanOpenscap::TailoringFile'
+          permission :view_tailoring_files, { :tailoring_files => [:index, :auto_complete_search, :xml],
+                                              :policies => [:tailoring_file_selected],
+                                              'api/v2/compliance/tailoring_files' => [:show, :xml, :index],
+                                              'api/v2/compliance/policies' => [:tailoring] },
+                      :resource_type => 'ForemanOpenscap::TailoringFile'
+          permission :edit_tailoring_files, { :tailoring_files => [:edit, :update],
+                                              'api/v2/compliance/tailoring_files' => [:update] },
+                      :resource_type => 'ForemanOpenscap::TailoringFile'
+          permission :destroy_tailoring_files, { :tailoring_files => [:destroy],
+                                                 'api/v2/compliance/tailoring_files' => [:destroy] },
+                      :resource_type => 'ForemanOpenscap::TailoringFile'
+          permission :view_openscap_proxies, { :openscap_proxies => [:openscap_spool] },
+                      :resource_type => 'SmartProxy'
         end
-        role "Compliance viewer", [:view_arf_reports, :view_policies, :view_scap_contents]
+        role "Compliance viewer", [:view_arf_reports, :view_policies, :view_scap_contents, :view_tailoring_files, :view_openscap_proxies]
         role "Compliance manager", [:view_arf_reports, :view_policies, :view_scap_contents,
                                     :destroy_arf_reports, :edit_policies, :edit_scap_contents, :assign_policies,
-                                    :create_policies, :create_scap_contents, :destroy_policies, :destroy_scap_contents]
+                                    :create_policies, :create_scap_contents, :destroy_policies, :destroy_scap_contents,
+                                    :create_tailoring_files, :view_tailoring_files, :edit_tailoring_files, :destroy_tailoring_files,
+                                    :view_openscap_proxies]
         role "Create ARF report", [:create_arf_reports] # special as only Proxy can create
         #add menu entries
@@ -109,6 +130,10 @@ module ForemanOpenscap
         menu :top_menu, :compliance_reports, :caption => N_('Reports'),
              :url_hash => {:controller => :arf_reports, :action => :index},
              :parent => :hosts_menu
+        menu :top_menu, :compliance_files, :caption => N_('Tailoring Files'),
+             :url_hash => {:controller => :tailoring_files, :action => :index},
+             :parent => :hosts_menu
         # add dashboard widget
         widget 'compliance_host_reports_widget',