foreman_openscap 4.0.4 → 4.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f4a4ecc74498e831daaf3b06da9a2ab475c1eac67f34ef698fe7aabc949e7fa3
-  data.tar.gz: b917c3d1c392311306404f261541bbabbc63fcabdfb5ee277a25a794eb3cf0f2
+  metadata.gz: 69eab4d9434f1b502ba511db38d8a7faff9721c5416703f6010ccc87fdc52b86
+  data.tar.gz: 94ba4cbecc85106f968d9b5f137e0808dbd12711db01fd14e0f0c4e9761e27a1
 SHA512:
-  metadata.gz: 2f50b5057eac300b2f23d006d2523d0a1241d1133ce108a2836f4833a1b491a8b365ba3bb9428b9a120b7c89bf1278274844eb8e02304d2dc8edc37952477629
-  data.tar.gz: d7c772636e3a3406cf1df32cdb6521716800acc61b31825ed7a9c1d4819411ca4047aaf43c16c346eb715b83c7778b5b37daf6d41ad38a20b89435be4b5466c0
+  metadata.gz: 4e3253f876e3ab4efd5c853fdb05f0b81cbbe7184c5b00ea552690b0cce9664a76210c32f92fe86c631bc9eaa2ed81ba1a8762b8b47e0678149a946cf593554e
+  data.tar.gz: a6c3706f6fcc836af18f7aeda76c1cf735981836a0661cdcc66e4ead2272b6249519f305ff3b6766266ebb05eda1ebfe778811993286be3e162e269412aa6fd8

data/app/assets/stylesheets/foreman_openscap/policy.css

@@ -6,3 +6,8 @@
   display: none;
 }
 
+span.scap_policy_popover {
+  float: left;
+  margin-top: 2px;
+}
+

data/app/controllers/api/v2/compliance/scap_contents_controller.rb

@@ -1,3 +1,5 @@
+require 'foreman_openscap/bulk_upload'
+
 module Api::V2
   module Compliance
     class ScapContentsController < ::Api::V2::BaseController
@@ -5,7 +7,11 @@ module Api::V2
       include ForemanOpenscap::BodyLogExtensions
       include ForemanOpenscap::Api::V2::ScapApiControllerExtensions
 
-      before_action :find_resource, :except => %w[index create]
+      def self.bulk_upload_types
+        ['files', 'directory', 'default']
+      end
+
+      before_action :find_resource, :except => %w[index create bulk_upload]
 
       api :GET, '/compliance/scap_contents', N_('List SCAP contents')
       param_group :search_and_pagination, ::Api::V2::BaseController
@@ -61,6 +67,29 @@ module Api::V2
         process_response @scap_content.destroy
       end
 
+      api :POST, '/compliance/scap_contents/bulk_upload', N_('Upload scap contents in bulk')
+      param :type, bulk_upload_types, :required => true, :desc => N_('Type of the upload')
+      param :files, Array, :desc => N_('File paths to upload when using "files" upload type')
+      param :directory, String, :desc => N_('Directory to upload when using "directory" upload type')
+
+      def bulk_upload
+        case params[:type]
+        when 'files'
+          @result = ForemanOpenscap::BulkUpload.new.upload_from_files(params[:files])
+        when 'directory'
+          @result = ForemanOpenscap::BulkUpload.new.upload_from_directory(params[:directory])
+        when 'default'
+          @result = ForemanOpenscap::BulkUpload.new.upload_from_scap_guide
+        else
+          return render :json => {
+            :errors => [
+              _("Please specify import type, received: %{received}, expected one of: %{expected}") %
+                { :expected => self.class.bulk_upload_types.join(', '), :received => params[:type] }
+            ]
+          }, :status => :unprocessable_entity
+        end
+      end
+
       private
 
       def find_resource
@@ -70,6 +99,8 @@ module Api::V2
 
       def action_permission
         case params[:action]
+        when 'bulk_upload'
+          :create
         when 'xml'
           :view
         else

data/app/helpers/arf_reports_helper.rb

@@ -14,16 +14,13 @@ module ArfReportsHelper
   end
 
   def arf_report_breadcrumbs
-    if @arf_report && @arf_report.host
-      breadcrumbs(:resource_url => api_compliance_arf_reports_path,
-                  :switchable => false,
-                  :items => [
-                    { :caption => _('Compliance Reports'),
-                      :url => url_for(arf_reports_path) },
-                    { :caption => @arf_report.host.name,
-                      :url => (arf_report_path(@arf_report) if authorized_for(hash_for_arf_report_path(@arf_report))) }
-                  ])
-    end
+    breadcrumbs(:resource_url => api_compliance_arf_reports_path,
+                :switchable => false,
+                :items => [
+                  { :caption => _('Compliance Reports'),
+                    :url => url_for(arf_reports_path) },
+                  { :caption => @arf_report.host.to_s }
+                ])
   end
 
   def result_tag(level)

data/app/helpers/policies_helper.rb

@@ -11,10 +11,10 @@ module PoliciesHelper
 
   def deploy_by_radios(f, policy)
     ForemanOpenscap::ConfigNameService.new.configs.map do |tool|
-      popover_block = popover("", config_inline_help(tool.inline_help))
+      popover_block = tag.span(popover("", config_inline_help(tool.inline_help)), class: 'scap_policy_popover')
 
-      label = label_tag('', :class => 'col-md-2 control-label') do
-        tool.type.to_s.capitalize.html_safe + ' ' + popover_block.html_safe
+      label = label_tag('', :class => 'col-md-2 control-label', :for => "policy_deploy_by_#{tool.type}") do
+        tool.type.to_s.capitalize.html_safe
       end
 
       radio = content_tag(:div, :class => "col-md-2") do
@@ -23,7 +23,7 @@ module PoliciesHelper
 
       content_tag(:div, :class => "clearfix") do
         content_tag(:div, :class => "form-group") do
-          label.html_safe + radio.html_safe
+          label.html_safe + popover_block.html_safe + radio.html_safe
         end
       end
     end.join('').html_safe
@@ -136,17 +136,4 @@ module PoliciesHelper
   def translate_steps(policy)
     policy.steps.map { |step| _(step) }
   end
-
-  def policy_breadcrumbs
-    if @policy
-      breadcrumbs(:resource_url => api_compliance_policies_path,
-                  :name_field => 'name',
-                  :items => [
-                    { :caption => _('Policies'),
-                      :url => url_for(policies_path) },
-                    { :caption => @policy.name,
-                      :url => (edit_policy_path(@policy) if authorized_for(hash_for_edit_policy_path(@policy))) }
-                  ])
-    end
-  end
 end

data/app/models/concerns/foreman_openscap/host_extensions.rb

@@ -81,6 +81,11 @@ module ForemanOpenscap
       }
 
       base.send :extend, ClassMethods
+
+      base.apipie :class do
+        property :policies_enc, String, desc: 'Returns JSON string containing policies for the host'
+        property :policies_enc_raw, array_of: Hash, desc: 'Returns a list with key:value objects containing policies for the host'
+      end
     end
 
     def inherited_attributes

data/app/models/foreman_openscap/arf_report.rb

@@ -125,11 +125,9 @@ module ForemanOpenscap
               msg = Log.where(:source_id => src.id).order(:id => :desc).first.message
               update_msg_with_changes(msg, log)
             else
-              digest = Digest::SHA1.hexdigest(log[:title])
-              if (msg = Message.find_by(:digest => digest))
+              if (msg = Message.find_by(:value => log[:title]))
                 msg.attributes = {
                   :value => N_(log[:title]),
-                  :digest => digest,
                   :severity => log[:severity],
                   :description => newline_to_space(log[:description]),
                   :rationale => newline_to_space(log[:rationale]),
@@ -137,7 +135,6 @@ module ForemanOpenscap
                 }
               else
                 msg = Message.new(:value => N_(log[:title]),
-                                  :digest => digest,
                                   :severity => log[:severity],
                                   :description => newline_to_space(log[:description]),
                                   :rationale => newline_to_space(log[:rationale]),
@@ -159,8 +156,8 @@ module ForemanOpenscap
 
     def assign_locations_organizations
       if host
-        self.location_ids = [host.location_id] if SETTINGS[:locations_enabled]
-        self.organization_ids = [host.organization_id] if SETTINGS[:organizations_enabled]
+        self.location_ids = [host.location_id]
+        self.organization_ids = [host.organization_id]
       end
     end
 
@@ -233,7 +230,6 @@ module ForemanOpenscap
       msg.value = incoming_data['title']
 
       return unless msg.changed?
-      msg.digest = Digest::SHA1.hexdigest(msg.value) if msg.value_changed?
       msg.save
     end
   end

data/app/models/foreman_openscap/compliance_status.rb

@@ -8,6 +8,10 @@ module ForemanOpenscap
       N_('Compliance')
     end
 
+    def status_link
+      host.arf_reports_path(:search => "host = #{host.name}")
+    end
+
     def self.bit_mask(status)
       "#{ArfReport::BIT_NUM * ArfReport::METRIC.index(status)} & #{ArfReport::MAX}"
     end

data/app/models/foreman_openscap/policy.rb

@@ -6,6 +6,8 @@ module ForemanOpenscap
     include Taxonomix
     attr_writer :current_step, :wizard_initiated
 
+    STEPS_LIST = [N_('Deployment Options'), N_('Policy Attributes'), N_('SCAP Content'), N_('Schedule'), N_('Locations'), N_('Organizations'), N_('Hostgroups')]
+
     belongs_to :scap_content
     belongs_to :scap_content_profile
     belongs_to :tailoring_file
@@ -108,10 +110,7 @@ module ForemanOpenscap
     end
 
     def steps
-      base_steps = [N_('Deployment Options'), N_('Policy Attributes'), N_('SCAP Content'), N_('Schedule')]
-      base_steps << N_('Locations') if SETTINGS[:locations_enabled]
-      base_steps << N_('Organizations') if SETTINGS[:organizations_enabled]
-      base_steps << N_('Hostgroups') # always be last.
+      STEPS_LIST
     end
 
     def current_step
@@ -174,8 +173,14 @@ module ForemanOpenscap
     end
 
     def unassign_hosts(hosts)
-      host_asset_ids = ForemanOpenscap::Asset.where(:assetable_type => 'Host::Base', :assetable_id => hosts.map(&:id)).pluck(:id)
-      self.asset_ids = self.asset_ids - host_asset_ids
+      policy_host_assets = ForemanOpenscap::Asset.joins(:asset_policies).where(
+        :assetable_type => 'Host::Base',
+        :assetable_id => hosts.map(&:id),
+        :foreman_openscap_asset_policies => { :policy_id => id }
+      ).pluck(:id)
+
+      self.asset_ids = self.asset_ids - policy_host_assets
+      ForemanOpenscap::Asset.where(:id => policy_host_assets).destroy_all
     end
 
     def to_enc

data/app/views/api/v2/compliance/scap_contents/bulk_upload.json.rabl

@@ -0,0 +1,7 @@
+object @result
+
+attributes :errors
+
+child :results => :results do
+  extends 'api/v2/compliance/scap_contents/index'
+end

data/app/views/arf_reports/show.html.erb

@@ -2,7 +2,7 @@
 <% javascript 'foreman_openscap/reports' %>
 <% stylesheet 'foreman_openscap/reports' %>
 
-<% title "#{@arf_report.host}" %>
+<% title @arf_report.host.to_s %>
 <%= arf_report_breadcrumbs %>
 
 <p class='ra'><%= reported_info @arf_report %></p>

data/app/views/arf_reports/show_html.html.erb

@@ -1,5 +1,6 @@
 <%= javascript 'foreman_openscap/load_report'%>
 
+<% title @arf_report.host.to_s %>
 <%= arf_report_breadcrumbs %>
 
 <div class="row">

data/app/views/compliance_hosts/show.html.erb

@@ -3,14 +3,7 @@
 
 <%= breadcrumbs(:resource_url => api_hosts_path,
                 :resource_filter => "is_compliance_host = true",
-                :name_field => 'name',
-                :switchable => true,
-                :items => [
-                  { :caption => _('Compliance Hosts'),
-                    :url => url_for(hosts_path(:search => "is_compliance_host = true")) },
-                  { :caption => ((N_("%s compliance reports by policy") % @host.to_label)),
-                    :url => (host_path(@host) if authorized_for(hash_for_host_path(@host))) }
-                ])
+                :name_field => 'name')
 %>
 <% title n_("%s compliance report by policy", "%s compliance reports by policy" , @host.combined_policies.length) % @host.to_label %>
 <% @host.combined_policies.each do |policy| %>

data/app/views/policies/edit.html.erb

@@ -1,4 +1,5 @@
-<% title _("Edit Compliance Policy") %>
-<%= policy_breadcrumbs %>
+<% title _("Edit %s") % @policy.name %>
+<%= breadcrumbs(:resource_url => api_compliance_policies_path,
+                :name_field => 'name') %>
 
 <%= render :partial => "form" %>

data/app/views/policies/show.html.erb

@@ -1,4 +1,6 @@
-<%= policy_breadcrumbs %>
+<% title _("Details for Compliance Policy %s") % @policy.name %>
+<%= breadcrumbs(:resource_url => api_compliance_policies_path,
+                  :name_field => 'name') %>
 
 <div class="row">
   <iframe style="min-height: 800px" height="100%" width="100%" frameborder="0" src="<%= parse_policy_path(@policy) %>"></iframe>

data/app/views/scap_contents/edit.html.erb

@@ -1,15 +1,5 @@
-<% title _("Edit SCAP Content") %>
+<% title _("Edit %s") % @scap_content.title %>
 <%= breadcrumbs(:resource_url => api_compliance_scap_contents_path,
-                :name_field => 'title',
-                :items => [
-                  { :caption => _('Scap Contents'),
-                    :url => url_for(scap_contents_path)
-                  },
-                  { :caption => @scap_content.title,
-                    :url => (edit_scap_content_path(@scap_content) if authorized_for(hash_for_edit_scap_content_path(@scap_content)))
-                  }
-                ]
-              ) if @scap_content %>
-
+                :name_field => 'title') %>
 
 <%= render :partial => 'form' %>

data/app/views/tailoring_files/edit.html.erb

@@ -1,13 +1,5 @@
-<% title _("Edit Tailoring File") %>
+<% title _("Edit %s") % @tailoring_file.name %>
 <%= breadcrumbs(:resource_url => api_compliance_tailoring_files_path,
-                :items => [
-                  { :caption => _('Tailoring Files'),
-                    :url => url_for(tailoring_files_path)
-                  },
-                  { :caption => @tailoring_file.name,
-                    :url => (edit_tailoring_file_path(@tailoring_file) if authorized_for(hash_for_edit_tailoring_file_path(@tailoring_file)))
-                  }
-                ]
-              ) if @tailoring_file %>
+                :name_field => 'name') %>
 
 <%= render :partial => 'form' %>

data/config/routes.rb

@@ -64,6 +64,9 @@ Rails.application.routes.draw do
           member do
             get 'xml'
           end
+          collection do
+            post 'bulk_upload'
+          end
         end
         resources :scap_content_profiles, :only => %i[index]
 

data/db/migrate/20201202110213_update_puppet_port_param_type.rb

@@ -0,0 +1,28 @@
+class UpdatePuppetPortParamType < ActiveRecord::Migration[6.0]
+  def up
+    update_port_type :to_i
+  end
+
+  def down
+    update_port_type :to_s
+  end
+
+  private
+
+  def update_port_type(method)
+    puppet_class = Puppetclass.find_by :name => 'foreman_scap_client'
+    return unless puppet_class
+    port_key = puppet_class.class_params.find_by :key => 'port'
+    return unless port_key
+    def_value = port_key.default_value
+
+    if method == :to_i
+      port_key.key_type =  "integer"
+      port_key.default_value = def_value.to_i
+    else
+      port_key.key_type == "string"
+      port_key.default_value = port_key.default_value.to_s
+    end
+    port_key.save!
+  end
+end

data/db/seeds.d/75-job_templates.rb

@@ -11,8 +11,9 @@ if ForemanOpenscap.with_remote_execution?
         else
           template = JobTemplate.import!(File.read(template), :default => true, :lock => true, :update => sync)
         end
-        template.organizations = organizations if SETTINGS[:organizations_enabled] && template.present?
-        template.locations = locations if SETTINGS[:locations_enabled] && template.present?
+        next unless template.present?
+        template.organizations = organizations
+        template.locations = locations
       end
     end
   end

data/lib/foreman_openscap/bulk_upload.rb

@@ -1,48 +1,74 @@
 require 'digest/sha2'
+require 'ostruct'
+
 module ForemanOpenscap
   class BulkUpload
-    attr_accessor :from_scap_security_guide
-    def initialize(from_scap_security_guide = false)
-      @from_scap_security_guide = from_scap_security_guide
+    def initialize
+      @result = OpenStruct.new(:errors => [], :results => [])
+    end
+
+    def files_from_guide
+      `rpm -ql scap-security-guide | grep ds.xml`.split
     end
 
-    def generate_scap_default_content
-      return unless @from_scap_security_guide
+    def scap_guide_installed?
+      `rpm -qa | grep scap-security-guide`.present?
+    end
 
-      if `rpm -qa | grep scap-security-guide`.empty?
-        Rails.logger.debug "Can't find scap-security-guide RPM"
-        return
+    def upload_from_scap_guide
+      unless scap_guide_installed?
+        @result.errors.push("Can't find scap-security-guide RPM, are you sure it is installed on your server?")
+        return @result
       end
 
-      files_array = `rpm -ql scap-security-guide | grep ds.xml`.split
-      upload_from_files(files_array) unless files_array.empty?
+      upload_from_files(files_from_guide, true)
     end
 
-    def upload_from_files(files_array)
+    def upload_from_files(files_array, from_scap_guide = false)
+      unless files_array.is_a? Array
+        @result.errors.push("Expected an array of files to upload, got: #{files_array}.")
+        return @result
+      end
+
       files_array.each do |datastream|
+        if File.directory?(datastream)
+          @result.errors.push("#{datastream} is a directory, expecting file.")
+          next
+        end
+
+        unless File.file?(datastream)
+          @result.errors.push("#{datastream} does not exist, skipping.")
+          next
+        end
+
         file = File.open(datastream, 'rb').read
         digest = Digest::SHA2.hexdigest(datastream)
-        title = content_name(datastream)
+        title = content_name(datastream, from_scap_guide)
         filename = original_filename(datastream)
         scap_content = ScapContent.where(:title => title, :digest => digest).first_or_initialize
         next if scap_content.persisted?
         scap_content.scap_file = file
         scap_content.original_filename = filename
-        scap_content.location_ids = Location.all.map(&:id) if SETTINGS[:locations_enabled]
-        scap_content.organization_ids = Organization.all.map(&:id) if SETTINGS[:organizations_enabled]
+        scap_content.location_ids = Location.all.pluck(:id)
+        scap_content.organization_ids = Organization.all.pluck(:id)
 
-        next puts "## SCAP content is invalid: #{scap_content.errors.full_messages.uniq.join(',')} ##" unless scap_content.valid?
         if scap_content.save
-          puts "Saved #{datastream} as #{scap_content.title}"
+          @result.results.push(scap_content)
         else
-          puts "Failed saving #{datastream}"
+          @result.errors.push("Failed saving #{datastream}: #{scap_content.errors.full_messages.uniq.join(',')}")
         end
       end
+      @result
     end
 
     def upload_from_directory(directory_path)
+      unless directory_path && Dir.exist?(directory_path)
+        @result[:errors].push("No such directory: #{directory_path}. Please check the path you have provided.")
+        return @result
+      end
+
       files_array = Dir["#{directory_path}/*-ds.xml"]
-      upload_from_files(files_array) unless files_array.empty?
+      upload_from_files(files_array)
     end
 
     private
@@ -57,9 +83,9 @@ module ForemanOpenscap
       file.split('/').last
     end
 
-    def content_name(datastream)
+    def content_name(datastream, from_scap_guide)
       os_name = extract_name_from_file(datastream)
-      @from_scap_security_guide ? "Red Hat #{os_name} default content" : "#{os_name} content"
+      from_scap_guide ? "Red Hat #{os_name} default content" : "#{os_name} content"
     end
   end
 end

data/lib/foreman_openscap/engine.rb

@@ -92,7 +92,7 @@ module ForemanOpenscap
                                             'api/v2/compliance/scap_contents' => [:update] },
                      :resource_type => 'ForemanOpenscap::ScapContent'
           permission :create_scap_contents, { :scap_contents => %i[new create],
-                                              'api/v2/compliance/scap_contents' => [:create] },
+                                              'api/v2/compliance/scap_contents' => %i[create bulk_upload] },
                      :resource_type => 'ForemanOpenscap::ScapContent'
           permission :destroy_scap_contents, { :scap_contents => [:destroy],
                                                'api/v2/compliance/scap_contents' => [:destroy] },
@@ -180,19 +180,6 @@ module ForemanOpenscap
                         :description => proxy_description,
                         :api_description => N_('ID of OpenSCAP Proxy')
 
-        if ForemanOpenscap.with_remote_execution?
-          options = {
-            :description => N_("Run OpenSCAP scan"),
-            :provided_inputs => "policies"
-          }
-
-          if Gem::Version.new(ForemanRemoteExecution::VERSION) >= Gem::Version.new('1.2.3')
-            options[:host_action_button] = true
-          end
-
-          RemoteExecutionFeature.register(:foreman_openscap_run_scans, N_("Run OpenSCAP scan"), options)
-        end
-
         add_controller_action_scope('Api::V2::HostsController', :index) do |base_scope|
           base_scope.preload(:policies)
         end
@@ -231,6 +218,19 @@ module ForemanOpenscap
       Log.send(:include, ForemanOpenscap::LogExtensions)
       BookmarkControllerValidator.send(:prepend, ForemanOpenscap::BookmarkControllerValidatorExtensions)
       ProxyStatus.status_registry.add(ProxyStatus::OpenscapSpool)
+
+      if ForemanOpenscap.with_remote_execution?
+        options = {
+          :description => N_("Run OpenSCAP scan"),
+          :provided_inputs => "policies"
+        }
+
+        if Gem::Version.new(ForemanRemoteExecution::VERSION) >= Gem::Version.new('1.2.3')
+          options[:host_action_button] = true
+        end
+
+        RemoteExecutionFeature.register(:foreman_openscap_run_scans, N_("Run OpenSCAP scan"), options)
+      end
     end
 
     rake_tasks do

data/lib/foreman_openscap/version.rb

@@ -1,3 +1,3 @@
 module ForemanOpenscap
-  VERSION = "4.0.4".freeze
+  VERSION = "4.2.0".freeze
 end

data/lib/tasks/foreman_openscap_tasks.rake

@@ -6,23 +6,26 @@ namespace :foreman_openscap do
   namespace :bulk_upload do
     desc 'Bulk upload SCAP content from directory'
     task :directory, [:directory] => [:environment] do |task, args|
+      deprecate_upload_from_rake
       abort("# No such directory, please check the path you have provided. #") unless args[:directory].blank? || Dir.exist?(args[:directory])
       User.current = User.anonymous_admin
-      ForemanOpenscap::BulkUpload.new.upload_from_directory(args[:directory])
+      print_upload_result ForemanOpenscap::BulkUpload.new.upload_from_directory(args[:directory])
     end
 
     task :files, [:files] => [:environment] do |task, args|
+      deprecate_upload_from_rake
       files_array = args[:files].split(' ')
       files_array.each do |file|
         abort("# #{file} is a directory, expecting file. Try using 'rake foreman_openscap:bulk_upload:directory' with this directory. #") if File.directory?(file)
       end
       User.current = User.anonymous_admin
-      ForemanOpenscap::BulkUpload.new.upload_from_files(files_array)
+      print_upload_result ForemanOpenscap::BulkUpload.new.upload_from_files(files_array)
     end
 
     task :default => [:environment] do
+      deprecate_upload_from_rake
       User.current = User.anonymous_admin
-      ForemanOpenscap::BulkUpload.new(true).generate_scap_default_content
+      print_upload_result ForemanOpenscap::BulkUpload.new.upload_from_scap_guide
     end
   end
 
@@ -67,6 +70,15 @@ namespace :foreman_openscap do
   end
 end
 
+def deprecate_upload_from_rake
+  puts 'DEPRECATION WARNING: Uploading scap contents using rake task is deprecated and will be removed in a future version. Please use API or CLI.'
+end
+
+def print_upload_result(result)
+  puts result.errors.join(' ') if result.errors.present?
+  puts result.results.map { |sc| "Saved #{sc.original_filename} as #{sc.title}" }.join("\n") if result.results.present?
+end
+
 # Tests
 namespace :test do
   desc "Test ForemanOpenscap"

data/test/factories/compliance_log_factory.rb

@@ -9,15 +9,9 @@ FactoryBot.define do
 
   factory :compliance_message, :class => :message do
     sequence(:value) { |n| "message#{n}" }
-    after(:build) do |msg|
-      msg.digest = Digest::SHA1.hexdigest(msg.value)
-    end
   end
 
   factory :compliance_source, :class => :source do
     sequence(:value) { |n| "source#{n}" }
-    after(:build) do |source|
-      source.digest = Digest::SHA1.hexdigest(source.value)
-    end
   end
 end

data/test/functional/api/v2/compliance/arf_reports_controller_test.rb

@@ -139,7 +139,7 @@ class Api::V2::Compliance::ArfReportsControllerTest < ActionController::TestCase
                                      :date => dates[1].to_i,
                                      :openscap_proxy_name => @proxy.name),
          :session => set_session_user
-    assert_equal Message.where(:digest => ForemanOpenscap::ArfReport.unscoped.last.logs.first.message.digest).count, 1
+    assert_equal Message.where(:value => ForemanOpenscap::ArfReport.unscoped.last.logs.first.message.value).count, 1
   end
 
   test "should recognize changes in messages" do
@@ -187,12 +187,12 @@ class Api::V2::Compliance::ArfReportsControllerTest < ActionController::TestCase
 
     reports = ForemanOpenscap::ArfReport.unscoped.all
     assert_equal reports.count, 2
-
-    new_msgs = Message.where(:value => "Disable Firefox Configuration File ROT-13 Encoding Changed For Test")
+    msg_value = "Disable Firefox Configuration File ROT-13 Encoding Changed For Test"
+    new_msgs = Message.where(:value => msg_value)
     old_msgs = Message.where(:value => "Disable Firefox Configuration File ROT-13 Encoding")
     assert_equal new_msgs.count, 1
     assert_equal old_msgs.count, 0
-    assert_equal new_msgs.first.digest, Digest::SHA1.hexdigest("Disable Firefox Configuration File ROT-13 Encoding Changed For Test")
+    assert_equal new_msgs.first.value, msg_value
   end
 
   test "should find reports by policy name" do

data/test/lib/foreman_openscap/bulk_upload_test.rb

@@ -3,6 +3,7 @@ require 'test_plugin_helper'
 class BulkUploadTest < ActiveSupport::TestCase
   setup do
     require 'foreman_openscap/bulk_upload'
+    ForemanOpenscap::ScapContent.all.map(&:destroy)
   end
 
   test 'upload_from_files should create only one scap content' do
@@ -13,4 +14,51 @@ class BulkUploadTest < ActiveSupport::TestCase
       end
     end
   end
+
+  test 'upload_from_files should not crash when scap files are not array' do
+    scap_files = '/tmp/foo'
+    res = ForemanOpenscap::BulkUpload.new.upload_from_files(scap_files)
+    assert_equal "Expected an array of files to upload, got: #{scap_files}.", res.errors.first
+  end
+
+  test 'upload_from_files should skip directories' do
+    dir = "#{ForemanOpenscap::Engine.root}/test/files/scap_contents"
+    res = ForemanOpenscap::BulkUpload.new.upload_from_files([dir])
+    assert_equal "#{dir} is a directory, expecting file.", res.errors.first
+  end
+
+  test 'upload_from_files should skip files that does not exist' do
+    file = "#{ForemanOpenscap::Engine.root}/test/files/scap_contents/foo-ds.xml"
+    res = ForemanOpenscap::BulkUpload.new.upload_from_files([file])
+    assert_equal "#{file} does not exist, skipping.", res.errors.first
+  end
+
+  test 'upload_from_directory should check if directory exists' do
+    dir = "#{ForemanOpenscap::Engine.root}/test/files/scap_contents/foo"
+    res = ForemanOpenscap::BulkUpload.new.upload_from_directory(dir)
+    assert_equal "No such directory: #{dir}. Please check the path you have provided.", res.errors.first
+  end
+
+  test 'upload_from_directory should upload from directory' do
+    dir = "#{ForemanOpenscap::Engine.root}/test/files/scap_contents"
+    assert_difference('ForemanOpenscap::ScapContent.count', 1) do
+      ForemanOpenscap::BulkUpload.new.upload_from_directory(dir)
+    end
+  end
+
+  test 'should handle case when scap security guide is not installed' do
+    upload = ForemanOpenscap::BulkUpload.new
+    upload.stubs(:scap_guide_installed?).returns(false)
+    res = upload.upload_from_scap_guide
+    assert_equal "Can't find scap-security-guide RPM, are you sure it is installed on your server?", res.errors.first
+  end
+
+  test 'should upload files from guide' do
+    upload = ForemanOpenscap::BulkUpload.new
+    upload.stubs(:scap_guide_installed?).returns(true)
+    upload.stubs(:files_from_guide).returns(["#{ForemanOpenscap::Engine.root}/test/files/scap_contents/ssg-fedora-ds.xml"])
+    assert_difference('ForemanOpenscap::ScapContent.count', 1) do
+      upload.upload_from_scap_guide
+    end
+  end
 end

data/test/test_plugin_helper.rb

@@ -11,9 +11,9 @@ module ScapClientPuppetclass
     Puppetclass.find_by(:name => puppet_config.puppetclass_name)&.destroy
 
     puppet_class = FactoryBot.create(:puppetclass, :name => puppet_config.puppetclass_name)
-    server_param = FactoryBot.create(:puppetclass_lookup_key, :key => puppet_config.server_param, :puppetclass_id => puppet_class.id)
-    port_param = FactoryBot.create(:puppetclass_lookup_key, :key => puppet_config.port_param, :puppetclass_id => puppet_class.id)
-    policies_param = FactoryBot.create(:puppetclass_lookup_key, :key => puppet_config.policies_param, :puppetclass_id => puppet_class.id)
+    server_param = FactoryBot.create(:puppetclass_lookup_key, :key => puppet_config.server_param, :default_value => nil)
+    port_param = FactoryBot.create(:puppetclass_lookup_key, :key => puppet_config.port_param, :default_value => nil)
+    policies_param = FactoryBot.create(:puppetclass_lookup_key, :key => puppet_config.policies_param, :default_value => nil)
 
     env = FactoryBot.create :environment
 

data/test/unit/policy_test.rb

@@ -46,6 +46,30 @@ class PolicyTest < ActiveSupport::TestCase
     assert_equal 1, policy.hosts.count
   end
 
+  test "should delete assets when unassigning hosts" do
+    host1 = FactoryBot.create(:compliance_host)
+    host2 = FactoryBot.create(:compliance_host)
+    asset1 = FactoryBot.create(:asset, :assetable_id => host1.id, :assetable_type => 'Host::Base')
+    asset2 = FactoryBot.create(:asset, :assetable_id => host2.id, :assetable_type => 'Host::Base')
+    policy = FactoryBot.create(:policy, :assets => [asset1, asset2], :scap_content => @scap_content, :scap_content_profile => @scap_profile)
+    policy.unassign_hosts([host1, host2])
+
+    assert_nil ForemanOpenscap::Asset.find_by(:id => asset1.id)
+    assert_nil ForemanOpenscap::Asset.find_by(:id => asset2.id)
+  end
+
+  test "should delete assets only for selected policy when unassigning host" do
+    host1 = FactoryBot.create(:compliance_host)
+    asset1 = FactoryBot.create(:asset, :assetable_id => host1.id, :assetable_type => 'Host::Base')
+    asset2 = FactoryBot.create(:asset, :assetable_id => host1.id, :assetable_type => 'Host::Base')
+    policy1 = FactoryBot.create(:policy, :assets => [asset1], :scap_content => @scap_content, :scap_content_profile => @scap_profile)
+    policy2 = FactoryBot.create(:policy, :assets => [asset2], :scap_content => @scap_content, :scap_content_profile => @scap_profile)
+    policy1.unassign_hosts([host1])
+
+    assert_nil ForemanOpenscap::Asset.find_by(:id => asset1.id)
+    assert_not_nil ForemanOpenscap::Asset.find_by(:id => asset2.id)
+  end
+
   test "should remove associated hostgroup" do
     hg = FactoryBot.create(:hostgroup)
     asset = FactoryBot.create(:asset, :assetable_id => hg.id, :assetable_type => 'Hostgroup')

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: foreman_openscap
 version: !ruby/object:Gem::Version
-  version: 4.0.4
+  version: 4.2.0
 platform: ruby
 authors:
 - slukasik@redhat.com
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-11-02 00:00:00.000000000 Z
+date: 2021-02-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -130,6 +130,7 @@ files:
 - app/views/api/v2/compliance/scap_content_profiles/index.json.rabl
 - app/views/api/v2/compliance/scap_content_profiles/main.json.rabl
 - app/views/api/v2/compliance/scap_contents/base.json.rabl
+- app/views/api/v2/compliance/scap_contents/bulk_upload.json.rabl
 - app/views/api/v2/compliance/scap_contents/create.json.rabl
 - app/views/api/v2/compliance/scap_contents/index.json.rabl
 - app/views/api/v2/compliance/scap_contents/main.json.rabl
@@ -245,6 +246,7 @@ files:
 - db/migrate/20190103093409_add_deployment_option_to_policy.foreman_openscap.rb
 - db/migrate/20200117135424_migrate_port_overrides_to_int.rb
 - db/migrate/20200803065041_migrate_port_overrides_for_ansible.rb
+- db/migrate/20201202110213_update_puppet_port_param_type.rb
 - db/seeds.d/75-job_templates.rb
 - db/seeds.d/openscap_feature.rb
 - db/seeds.d/openscap_policy_notification.rb
@@ -357,10 +359,10 @@ test_files:
 - test/factories/arf_report_factory.rb
 - test/factories/asset_factory.rb
 - test/factories/compliance_host_factory.rb
-- test/factories/compliance_log_factory.rb
 - test/factories/policy_arf_report_factory.rb
 - test/factories/policy_factory.rb
 - test/factories/scap_content_related.rb
+- test/factories/compliance_log_factory.rb
 - test/files/arf_report/arf_report.bz2
 - test/files/arf_report/arf_report.html
 - test/files/arf_report/arf_report.json
@@ -369,11 +371,11 @@ test_files:
 - test/files/scap_contents/ssg-fedora-ds.xml
 - test/files/tailoring_files/ssg-firefox-ds-tailoring-2.xml
 - test/files/tailoring_files/ssg-firefox-ds-tailoring.xml
-- test/functional/api/v2/compliance/arf_reports_controller_test.rb
 - test/functional/api/v2/compliance/policies_controller_test.rb
 - test/functional/api/v2/compliance/scap_content_profiles_controller_test.rb
 - test/functional/api/v2/compliance/scap_contents_controller_test.rb
 - test/functional/api/v2/compliance/tailoring_files_controller_test.rb
+- test/functional/api/v2/compliance/arf_reports_controller_test.rb
 - test/functional/api/v2/hosts_controller_test.rb
 - test/functional/arf_reports_controller_test.rb
 - test/functional/openscap_proxies_controller_test.rb