foreman_openscap 1.0.10 → 3.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 87ddf6db13920646845c140e0407a5dbb273b1a9
-  data.tar.gz: c3548218d58677c3cf5851ed068458819284ad1d
+SHA256:
+  metadata.gz: c9022cadb1e56bd7bf36523d096543e50bcadb360327e0f930d00a8308774203
+  data.tar.gz: a1cf2ae2a6bfd3dd77de305ea65312e07ca51ec61ceed96c625e48a170306183
 SHA512:
-  metadata.gz: e24471d79d5e07ba29882f1e82494d1592ae903b6c2aaab8f5232a5ff9bc9a15da4206268c8c40333162e0e2d7838539917bca0bf6518cf4d03cc0f3ac057013
-  data.tar.gz: e979eacc2fc7f2c9ccc8fc201b8df0468f2ba0a49c9c6d8a492bab62829ade22a0110655771f2413b9901192688b90b73bacee3896052965271b8bb35f2f3b9c
+  metadata.gz: 43d354207d9200b8d230312cd6259ff76b27ee75a87bcace113df7b323fad7bc4be4012ea15fd1aa1134fc91e9fff6aa93a2e07deeef2acd4f358e4cd031b63c
+  data.tar.gz: fda20c152e9bf85fc7a42d85e1d8472386ea8b1fa9fc516373f144019c39cd797db4b49f60312165b154e4c59f63cf948ae7cb364990c020687a28020434b12c

data/app/controllers/api/v2/compliance/arf_reports_controller.rb

@@ -90,12 +90,14 @@ module Api
         end
 
         def find_resources_before_create
-          unless ForemanOpenscap::Policy.where(:id => params[:policy_id]).any?
-            upload_fail(_("Policy with id %s not found.") % params[:policy_id])
+          policy_id = params[:policy_id].to_i
+
+          unless ForemanOpenscap::Policy.where(:id => policy_id).any?
+            upload_fail(_("Policy with id %s not found.") % policy_id)
             return
           end
 
-          @asset = ForemanOpenscap::Helper::get_asset(params[:cname], params[:policy_id])
+          @asset = ForemanOpenscap::Helper::get_asset(params[:cname], policy_id)
 
           unless @asset
             upload_fail(_('Could not find host identified by: %s') % params[:cname])
@@ -138,6 +140,12 @@ module Api
             super
           end
         end
+
+        protected
+
+        def assign_lone_taxonomies
+          # do not assign lone taxonomies to arf report
+        end
       end
     end
   end

data/app/controllers/api/v2/compliance/policies_controller.rb

@@ -3,6 +3,7 @@ module Api::V2
     class PoliciesController < ::Api::V2::BaseController
       include Foreman::Controller::SmartProxyAuth
       include Foreman::Controller::Parameters::PolicyApi
+      include ForemanOpenscap::Api::V2::ScapApiControllerExtensions
 
       add_smart_proxy_filters %i[content tailoring], :features => 'Openscap'
 
@@ -10,14 +11,6 @@ module Api::V2
 
       skip_after_action :log_response_body, :only => [:content]
 
-      def resource_name(resource = '::ForemanOpenscap::Policy')
-        super resource
-      end
-
-      def get_resource(message = 'no resource loaded')
-        instance_variable_get(:"@policy") || raise(message)
-      end
-
       def policy_url(policy = nil)
         api_compliance_policy_url(@policy)
       end
@@ -69,7 +62,7 @@ module Api::V2
       param_group :policy
 
       def update
-        process_response @policy.update_attributes(policy_params)
+        process_response(@policy.change_deploy_type(policy_params))
       end
 
       api :DELETE, '/compliance/policies/:id', N_('Delete a Policy')

data/app/controllers/api/v2/compliance/scap_content_profiles_controller.rb

@@ -0,0 +1,15 @@
+module Api::V2
+  module Compliance
+    class ScapContentProfilesController < ::Api::V2::BaseController
+      include ForemanOpenscap::Api::V2::ScapApiControllerExtensions
+
+      api :GET, '/compliance/scap_content_profiles', N_('List SCAP content profiles')
+      param_group :search_and_pagination, ::Api::V2::BaseController
+      add_scoped_search_description_for(::ForemanOpenscap::ScapContentProfile)
+
+      def index
+        @scap_content_profiles = resource_scope_for_index(:permission => :view_scap_contents).includes(:scap_content, :tailoring_file)
+      end
+    end
+  end
+end

data/app/controllers/api/v2/compliance/scap_contents_controller.rb

@@ -3,15 +3,9 @@ module Api::V2
     class ScapContentsController < ::Api::V2::BaseController
       include Foreman::Controller::Parameters::ScapContent
       include ForemanOpenscap::BodyLogExtensions
-      before_action :find_resource, :except => %w[index create]
-
-      def resource_name(resource = '::ForemanOpenscap::ScapContent')
-        super resource
-      end
+      include ForemanOpenscap::Api::V2::ScapApiControllerExtensions
 
-      def get_resource(message = 'no resource loaded')
-        instance_variable_get(:"@scap_content") || raise(message)
-      end
+      before_action :find_resource, :except => %w[index create]
 
       api :GET, '/compliance/scap_contents', N_('List SCAP contents')
       param_group :search_and_pagination, ::Api::V2::BaseController

data/app/controllers/api/v2/compliance/tailoring_files_controller.rb

@@ -3,17 +3,11 @@ module Api::V2
     class TailoringFilesController < ::Api::V2::BaseController
       include Foreman::Controller::Parameters::TailoringFile
       include ForemanOpenscap::BodyLogExtensions
+      include ForemanOpenscap::Api::V2::ScapApiControllerExtensions
+
       before_action :find_resource, :except => %w[index create]
       before_action :openscap_proxy_check, :only => %w[create]
 
-      def resource_name(resource = '::ForemanOpenscap::TailoringFile')
-        super resource
-      end
-
-      def get_resource(message = 'no resource loaded')
-        instance_variable_get(:"@tailoring_file") || raise(message)
-      end
-
       api :GET, '/compliance/tailoring_files', N_('List Tailoring files')
       param_group :search_and_pagination, ::Api::V2::BaseController
       add_scoped_search_description_for(::ForemanOpenscap::TailoringFile)

data/app/controllers/concerns/foreman_openscap/api/v2/scap_api_controller_extensions.rb

@@ -0,0 +1,9 @@
+module ForemanOpenscap
+  module Api::V2::ScapApiControllerExtensions
+    extend ActiveSupport::Concern
+
+    def resource_class_for(resource)
+      super "foreman_openscap/#{resource}"
+    end
+  end
+end

data/app/controllers/policies_controller.rb

@@ -46,7 +46,7 @@ class PoliciesController < ApplicationController
   end
 
   def update
-    if @policy.update_attributes(policy_params)
+    if @policy.change_deploy_type(policy_params)
       process_success :success_redirect => policies_path
     else
       process_error :object => @policy

data/app/helpers/compliance_hosts_helper.rb

@@ -18,4 +18,27 @@ module ComplianceHostsHelper
     ]
     { :data => data, :xAxisDataLabel => 'dates', :config => 'timeseries' }.to_json
   end
+
+  def compliance_host_multiple_actions
+    [
+      { :action => [_('Assign Compliance Policy'), select_multiple_hosts_policies_path], :priority => 1210 },
+      { :action => [_('Unassign Compliance Policy'), disassociate_multiple_hosts_policies_path], :priority => 1211 },
+      { :action => [_('Change OpenSCAP Proxy'), select_multiple_openscap_proxy_hosts_path], :priority => 1212 },
+    ]
+  end
+
+  def compliance_host_overview_button(host)
+    return [] if host.arf_reports.none?
+    [
+      {
+        :button => link_to_if_authorized(
+          _('Compliance'),
+          hash_for_compliance_host_path(host.id),
+          :title => _("Host compliance details"),
+          :class => 'btn btn-default'
+        ),
+        :priority => 1000
+      }
+    ]
+  end
 end

data/app/helpers/concerns/foreman_openscap/hosts_helper_extensions.rb

@@ -1,11 +1,5 @@
 module ForemanOpenscap
   module HostsHelperExtensions
-    def multiple_actions
-      super + [[_('Assign Compliance Policy'), select_multiple_hosts_policies_path],
-                                       [_('Unassign Compliance Policy'), disassociate_multiple_hosts_policies_path],
-                                       [_('Change OpenSCAP Proxy'), select_multiple_openscap_proxy_hosts_path]]
-    end
-
     def name_column(record)
       record.nil? ? _('Host is deleted') : super(record)
     end

data/app/models/concerns/foreman_openscap/host_extensions.rb

@@ -3,7 +3,7 @@ module ForemanOpenscap
     ::Host::Managed::Jail.allow :policies_enc, :policies_enc_raw
 
     def self.prepended(base)
-      base.has_one :asset, :as => :assetable, :class_name => "::ForemanOpenscap::Asset"
+      base.has_one :asset, :as => :assetable, :class_name => "::ForemanOpenscap::Asset", :dependent => :destroy
       base.has_many :asset_policies, :through => :asset, :class_name => "::ForemanOpenscap::AssetPolicy"
       base.has_many :policies, :through => :asset_policies, :class_name => "::ForemanOpenscap::Policy"
       base.has_many :arf_reports, :class_name => '::ForemanOpenscap::ArfReport', :foreign_key => :host_id

data/app/models/concerns/foreman_openscap/smart_proxy_extensions.rb

@@ -11,7 +11,7 @@ module ForemanOpenscap
     end
 
     def port
-      url.match(PORT_MATCH)[1]
+      url.match(PORT_MATCH)[1].to_i
     end
 
     private

data/app/models/foreman_openscap/policy.rb

@@ -60,6 +60,17 @@ module ForemanOpenscap
       api.policy_html_guide(scap_content.scap_file, scap_content_profile.try(:profile_id))
     end
 
+    def change_deploy_type(params)
+      self.class.transaction do
+        if deploy_by != params[:deploy_by]
+          assign_attributes params
+          ForemanOpenscap::LookupKeyOverrider.new(self).override
+        end
+
+        errors.none? && update_attributes(params)
+      end
+    end
+
     def hostgroup_ids
       assets.where(:assetable_type => 'Hostgroup').pluck(:assetable_id)
     end
@@ -312,6 +323,7 @@ module ForemanOpenscap
     def no_mixed_deployments
       assets.each do |asset|
         assetable = asset.assetable
+        next unless assetable
         unless assetable.policies.where.not(:id => id).pluck(:deploy_by).all? { |deployed_by| deployed_by == deploy_by }
           errors.add(:base, _("cannot assign to %s, all assigned policies must be deployed in the same way, check 'deploy by' for each assigned policy") % assetable.name)
         end

data/app/models/foreman_openscap/scap_content_profile.rb

@@ -4,5 +4,8 @@ module ForemanOpenscap
     has_many :policies
     belongs_to :tailoring_file
     has_many :tailoring_file_policies, :class_name => 'ForemanOpenscap::Policy'
+
+    scoped_search :on => :profile_id, :complete_value => true
+    scoped_search :on => :title, :complete_value => true
   end
 end

data/app/services/foreman_openscap/lookup_key_overrider.rb

@@ -71,16 +71,17 @@ module ForemanOpenscap
     end
 
     def override_port_param(param, config)
-      override_param config.port_param, param, config
+      override_param config.port_param, param, config, 'integer'
     end
 
     def override_server_param(param, config)
       override_param config.server_param, param, config
     end
 
-    def override_param(param_name, param, config)
+    def override_param(param_name, param, config, key_type = nil)
       param.override = true
       param.hidden_value = false
+      param.key_type = key_type if key_type
 
       yield param if block_given?
 

data/app/views/api/v2/compliance/scap_content_profiles/base.json.rabl

@@ -0,0 +1,3 @@
+object @scap_content_profile
+
+attributes :id, :profile_id, :title

data/app/views/api/v2/compliance/scap_content_profiles/index.json.rabl

@@ -0,0 +1,3 @@
+collection @scap_content_profiles
+
+extends "api/v2/compliance/scap_content_profiles/main"

data/app/views/api/v2/compliance/scap_content_profiles/main.json.rabl

@@ -0,0 +1,9 @@
+extends "api/v2/compliance/scap_content_profiles/base"
+
+child :scap_content => :scap_content do |scap_content|
+  attributes :id, :title
+end
+
+child :tailoring_file => :tailoring_file do |tailoring_file|
+  attributes :id, :name
+end

data/app/views/arf_reports/_list.html.erb

@@ -51,7 +51,7 @@
       </div>
       <div class="modal-footer">
         <button type="button" class="btn btn-default" data-dismiss="modal"><%= _('Cancel') %></button>
-        <button type="button" class="btn btn-primary" onclick="submit_modal_form()"><%= _('Submit') %></button>
+        <button type="button" class="btn btn-primary" onclick="tfm.hosts.table.submitModalForm()"><%= _('Submit') %></button>
       </div>
     </div>
   </div>

data/app/views/arf_reports/welcome.html.erb

@@ -1,3 +1,5 @@
+<% title _("Compliance Reports") %>
+
 <div class="blank-slate-pf">
   <div class="blank-slate-pf-icon">
     <%= icon_text("book", "", :kind => "fa") %>

data/app/views/hosts/select_multiple_openscap_proxy.html.erb

@@ -4,5 +4,5 @@
              :url => update_multiple_openscap_proxy_hosts_path(:host_ids => params[:host_ids]) do |f| %>
     <%= selectable_f f, :id, [[_("Select OpenSCAP Proxy"), "None"],
                              ] + SmartProxy.with_features(['Openscap']).map{|e| [e.name, e.id]},{},
-                        :onchange => "toggle_multiple_ok_button(this)" %>
+                        :onchange => "tfm.hosts.table.toggleMultipleOkButton(this)" %>
 <% end %>

data/app/views/policies/disassociate_multiple_hosts.html.erb

@@ -3,5 +3,5 @@
              :url => remove_policy_from_multiple_hosts_policies_path(:host_ids => params[:host_ids]) do |f| %>
     <%= selectable_f f, :id, [[_('Select Compliance Policy'), 'disabled'],
                              ] + ForemanOpenscap::Policy.all.map{|e| [e.name, e.id]},{},
-                        :onchange => 'toggle_multiple_ok_button(this)' %>
+                        :onchange => 'tfm.hosts.table.toggleMultipleOkButton(this)' %>
 <% end %>

data/app/views/policies/select_multiple_hosts.html.erb

@@ -4,5 +4,5 @@
              :url => update_multiple_hosts_policies_path(:host_ids => params[:host_ids]) do |f| %>
     <%= selectable_f f, :id, [[_("Select Compliance Policy"), "disabled"],
                              ] + ForemanOpenscap::Policy.all.map{|e| [e.name, e.id]},{},
-                        :onchange => "toggle_multiple_ok_button(this)" %>
+                        :onchange => "tfm.hosts.table.toggleMultipleOkButton(this)" %>
 <% end %>

data/config/routes.rb

@@ -65,6 +65,8 @@ Rails.application.routes.draw do
             get 'xml'
           end
         end
+        resources :scap_content_profiles, :only => %i[index]
+
         resources :tailoring_files, :except => %i[new edit] do
           member do
             get 'xml'

data/db/migrate/20150929152345_move_arf_reports_to_reports_table.rb

@@ -1,6 +1,4 @@
 class MoveArfReportsToReportsTable < ActiveRecord::Migration[4.2]
-  # rubocop:disable Metrics/MethodLength
-  # rubocop:disable Metrics/AbcSize
   def up
     execute 'DROP VIEW foreman_openscap_arf_report_breakdowns' if view_exists? 'foreman_openscap_arf_report_breakdowns'
     drop_table :foreman_openscap_xccdf_results

data/db/migrate/20200117135424_migrate_port_overrides_to_int.rb

@@ -0,0 +1,24 @@
+class MigratePortOverridesToInt < ActiveRecord::Migration[5.2]
+  def up
+    transform_lookup_values :to_i
+  end
+
+  def down
+    transform_lookup_values :to_s
+  end
+
+  private
+
+  def transform_lookup_values(method)
+    puppet_class = Puppetclass.find_by :name => 'foreman_scap_client'
+    return unless puppet_class
+    port_key = puppet_class.class_params.find_by :key => 'port'
+    return unless port_key
+    port_key.lookup_values.in_batches do |batch|
+      batch.each do |lookup_value|
+        lookup_value.value = lookup_value.value.send(method)
+        lookup_value.save
+      end
+    end
+  end
+end

data/lib/foreman_openscap/engine.rb

@@ -1,5 +1,3 @@
-require 'deface'
-
 module ForemanOpenscap
   def self.with_katello?
     defined?(::Katello)
@@ -11,7 +9,6 @@ module ForemanOpenscap
     config.autoload_paths += Dir["#{config.root}/app/helpers/concerns"]
     config.autoload_paths += Dir["#{config.root}/app/models/concerns"]
     config.autoload_paths += Dir["#{config.root}/app/models"]
-    config.autoload_paths += Dir["#{config.root}/app/overrides"]
     config.autoload_paths += Dir["#{config.root}/app/lib"]
     config.autoload_paths += Dir["#{config.root}/app/services"]
     config.autoload_paths += Dir["#{config.root}/lib"]
@@ -50,12 +47,11 @@ module ForemanOpenscap
 
     initializer 'foreman_openscap.register_plugin', :before => :finisher_hook do |app|
       Foreman::Plugin.register :foreman_openscap do
-        requires_foreman '>= 1.22'
+        requires_foreman '>= 1.24'
 
         apipie_documented_controllers ["#{ForemanOpenscap::Engine.root}/app/controllers/api/v2/compliance/*.rb"]
 
-        version = SETTINGS[:version]
-        register_custom_status ForemanOpenscap::ComplianceStatus if version.major.to_i >= 1 && version.minor.to_i >= 10
+        register_custom_status ForemanOpenscap::ComplianceStatus
 
         # Add permissions
         security_block :foreman_openscap do
@@ -89,7 +85,8 @@ module ForemanOpenscap
                                                          remove_policy_from_multiple_hosts] },
                      :resource_type => 'ForemanOpenscap::Policy'
           permission :view_scap_contents, { :scap_contents => %i[index show auto_complete_search],
-                                            'api/v2/compliance/scap_contents' => %i[index show xml] },
+                                            'api/v2/compliance/scap_contents' => %i[index show xml],
+                                            'api/v2/compliance/scap_content_profiles' => %i[index] },
                      :resource_type => 'ForemanOpenscap::ScapContent'
           permission :edit_scap_contents, { :scap_contents => %i[edit update],
                                             'api/v2/compliance/scap_contents' => [:update] },
@@ -112,7 +109,8 @@ module ForemanOpenscap
           permission :view_tailoring_files, { :tailoring_files => %i[index auto_complete_search xml],
                                               :policies => [:tailoring_file_selected],
                                               'api/v2/compliance/tailoring_files' => %i[show xml index],
-                                              'api/v2/compliance/policies' => [:tailoring] },
+                                              'api/v2/compliance/policies' => [:tailoring],
+                                              'api/v2/compliance/scap_content_profiles' => %i[index] },
                      :resource_type => 'ForemanOpenscap::TailoringFile'
           permission :edit_tailoring_files, { :tailoring_files => %i[edit update],
                                               'api/v2/compliance/tailoring_files' => [:update] },
@@ -124,12 +122,14 @@ module ForemanOpenscap
                      :resource_type => 'SmartProxy'
         end
 
-        role "Compliance viewer", %i[view_arf_reports view_policies view_scap_contents view_tailoring_files view_openscap_proxies]
+        role "Compliance viewer", %i[view_arf_reports view_policies view_scap_contents view_tailoring_files view_openscap_proxies],
+             "Role granting read permissions to policy configuration, scan results and downloading reports."
         role "Compliance manager", %i[view_arf_reports view_policies view_scap_contents
                                       destroy_arf_reports edit_policies edit_scap_contents assign_policies
                                       create_policies create_scap_contents destroy_policies destroy_scap_contents
                                       create_tailoring_files view_tailoring_files edit_tailoring_files destroy_tailoring_files
-                                      view_openscap_proxies]
+                                      view_openscap_proxies],
+             "Role granting all permissions to compliance features to non-admin users."
         role "Create ARF report", [:create_arf_reports] # special as only Proxy can create
 
         add_all_permissions_to_default_roles
@@ -200,6 +200,11 @@ module ForemanOpenscap
         add_controller_action_scope('HostsController', :index) do |base_scope|
           base_scope.preload(:policies)
         end
+
+        describe_host do
+          multiple_actions_provider :compliance_host_multiple_actions
+          overview_buttons_provider :compliance_host_overview_button
+        end
       end
     end