foreman_openscap 4.1.0 → 4.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/assets/stylesheets/foreman_openscap/policy.css +5 -0
- data/app/controllers/api/v2/compliance/oval_contents_controller.rb +72 -0
- data/app/controllers/api/v2/compliance/oval_policies_controller.rb +111 -0
- data/app/controllers/api/v2/compliance/oval_reports_controller.rb +47 -0
- data/app/controllers/api/v2/compliance/scap_contents_controller.rb +2 -0
- data/app/controllers/concerns/foreman/controller/parameters/oval_content.rb +22 -0
- data/app/controllers/concerns/foreman/controller/parameters/oval_policy.rb +22 -0
- data/app/controllers/concerns/foreman_openscap/hosts_controller_extensions.rb +1 -1
- data/app/graphql/types/cve.rb +17 -0
- data/app/graphql/types/oval_content.rb +17 -0
- data/app/graphql/types/oval_policy.rb +21 -0
- data/app/helpers/arf_reports_helper.rb +7 -24
- data/app/helpers/policies_helper.rb +4 -17
- data/app/mailers/foreman_openscap/policy_mailer.rb +2 -2
- data/app/models/concerns/foreman_openscap/compliance_status_scoped_search.rb +1 -1
- data/app/models/concerns/foreman_openscap/data_stream_content.rb +0 -17
- data/app/models/concerns/foreman_openscap/host_extensions.rb +11 -11
- data/app/models/concerns/foreman_openscap/hostgroup_extensions.rb +3 -5
- data/app/models/concerns/foreman_openscap/inherited_policies.rb +11 -0
- data/app/models/concerns/foreman_openscap/oval_facet_host_extensions.rb +38 -0
- data/app/models/concerns/foreman_openscap/oval_facet_hostgroup_extensions.rb +15 -0
- data/app/models/concerns/foreman_openscap/policy_common.rb +75 -0
- data/app/models/concerns/foreman_openscap/scap_file_content.rb +24 -0
- data/app/models/foreman_openscap/arf_report.rb +2 -2
- data/app/models/foreman_openscap/cve.rb +23 -0
- data/app/models/foreman_openscap/host/oval_facet.rb +14 -0
- data/app/models/foreman_openscap/host_cve.rb +7 -0
- data/app/models/foreman_openscap/hostgroup/oval_facet.rb +14 -0
- data/app/models/foreman_openscap/hostgroup_oval_facet_oval_policy.rb +6 -0
- data/app/models/foreman_openscap/oval_content.rb +26 -0
- data/app/models/foreman_openscap/oval_facet_oval_policy.rb +6 -0
- data/app/models/foreman_openscap/oval_policy.rb +54 -0
- data/app/models/foreman_openscap/oval_status.rb +45 -0
- data/app/models/foreman_openscap/policy.rb +10 -73
- data/app/models/foreman_openscap/scap_content.rb +1 -0
- data/app/models/foreman_openscap/tailoring_file.rb +1 -0
- data/app/services/foreman_openscap/client_config/ansible.rb +39 -6
- data/app/services/foreman_openscap/client_config/base.rb +5 -1
- data/app/services/foreman_openscap/client_config/puppet.rb +2 -1
- data/app/services/foreman_openscap/config_name_service.rb +1 -1
- data/app/services/foreman_openscap/hostgroup_overrider.rb +2 -24
- data/app/services/foreman_openscap/hostgroup_overrider_common.rb +28 -0
- data/app/services/foreman_openscap/lookup_key_overrider.rb +30 -62
- data/app/services/foreman_openscap/lookup_key_overrides_common.rb +63 -0
- data/app/services/foreman_openscap/oval/check_collection.rb +45 -0
- data/app/services/foreman_openscap/oval/configure.rb +80 -0
- data/app/services/foreman_openscap/oval/cves.rb +41 -0
- data/app/services/foreman_openscap/oval/setup.rb +93 -0
- data/app/services/foreman_openscap/oval/setup_check.rb +55 -0
- data/app/services/foreman_openscap/oval/sync_oval_contents.rb +42 -0
- data/app/views/api/v2/compliance/oval_contents/base.json.rabl +6 -0
- data/app/views/api/v2/compliance/oval_contents/create.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_contents/index.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_contents/show.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_contents/sync.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_contents/sync_result.json.rabl +11 -0
- data/app/views/api/v2/compliance/oval_contents/update.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_policies/create.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_policies/index.json.rabl +3 -0
- data/app/views/api/v2/compliance/oval_policies/main.json.rabl +15 -0
- data/app/views/api/v2/compliance/oval_policies/show.json.rabl +3 -0
- data/app/views/api/v2/compliance/policies/base.json.rabl +2 -2
- data/app/views/api/v2/compliance/policies_common/_attrs.json.rabl +2 -0
- data/app/views/arf_reports/_output.html.erb +9 -1
- data/app/views/arf_reports/show.html.erb +1 -1
- data/app/views/arf_reports/show_html.html.erb +1 -0
- data/app/views/compliance_hosts/show.html.erb +1 -8
- data/app/views/job_templates/run_oval_scans.erb +24 -0
- data/app/views/policies/edit.html.erb +3 -2
- data/app/views/policies/show.html.erb +3 -1
- data/app/views/policies/steps/_deployment_options_form.html.erb +2 -2
- data/app/views/scap_contents/edit.html.erb +2 -12
- data/app/views/tailoring_files/edit.html.erb +2 -10
- data/config/initializers/inflections.rb +12 -0
- data/config/routes.rb +19 -0
- data/db/migrate/20201019074925_create_oval_policy.rb +13 -0
- data/db/migrate/20201020113801_create_oval_facet.rb +14 -0
- data/db/migrate/20201021084109_create_hostgroup_oval_facet.rb +14 -0
- data/db/migrate/20201106080924_create_oval_content.rb +12 -0
- data/db/migrate/20201116110256_add_oval_content_to_oval_policy.rb +5 -0
- data/db/migrate/20201120080329_create_cves.rb +13 -0
- data/db/migrate/20201202110213_update_puppet_port_param_type.rb +24 -0
- data/db/migrate/20201217130800_add_has_errata_to_cve.rb +8 -0
- data/db/migrate/20201217161511_add_url_to_oval_content.rb +5 -0
- data/db/migrate/20210409095625_add_oval_policy_reference_to_cve.rb +7 -0
- data/db/seeds.d/75-job_templates.rb +3 -2
- data/lib/foreman_openscap/bulk_upload.rb +2 -2
- data/lib/foreman_openscap/engine.rb +80 -22
- data/lib/foreman_openscap/version.rb +1 -1
- data/lib/tasks/foreman_openscap_tasks.rake +14 -9
- data/locale/de/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/de/foreman_openscap.edit.po +0 -0
- data/locale/de/foreman_openscap.po +215 -17
- data/locale/en_GB/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/en_GB/foreman_openscap.edit.po +0 -0
- data/locale/en_GB/foreman_openscap.po +213 -15
- data/locale/es/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/es/foreman_openscap.edit.po +0 -0
- data/locale/es/foreman_openscap.po +239 -41
- data/locale/foreman_openscap.pot +395 -112
- data/locale/fr/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/fr/foreman_openscap.edit.po +0 -0
- data/locale/fr/foreman_openscap.po +243 -45
- data/locale/gl/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/gl/foreman_openscap.edit.po +0 -0
- data/locale/gl/foreman_openscap.po +213 -15
- data/locale/it/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/it/foreman_openscap.edit.po +0 -0
- data/locale/it/foreman_openscap.po +213 -15
- data/locale/ja/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/ja/foreman_openscap.edit.po +0 -0
- data/locale/ja/foreman_openscap.po +262 -66
- data/locale/ko/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/ko/foreman_openscap.edit.po +0 -0
- data/locale/ko/foreman_openscap.po +214 -16
- data/locale/pt_BR/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/pt_BR/foreman_openscap.edit.po +0 -0
- data/locale/pt_BR/foreman_openscap.po +252 -54
- data/locale/ru/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/ru/foreman_openscap.edit.po +0 -0
- data/locale/ru/foreman_openscap.po +214 -16
- data/locale/sv_SE/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/sv_SE/foreman_openscap.edit.po +0 -0
- data/locale/sv_SE/foreman_openscap.po +213 -15
- data/locale/zh_CN/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/zh_CN/foreman_openscap.edit.po +0 -0
- data/locale/zh_CN/foreman_openscap.po +369 -169
- data/locale/zh_TW/LC_MESSAGES/foreman_openscap.mo +0 -0
- data/locale/zh_TW/foreman_openscap.edit.po +0 -0
- data/locale/zh_TW/foreman_openscap.po +214 -16
- data/test/factories/compliance_host_factory.rb +12 -0
- data/test/factories/oval_content_factory.rb +7 -0
- data/test/factories/oval_policy_factory.rb +9 -0
- data/test/files/oval_contents/ansible-2.9.oval.xml.bz2 +0 -0
- data/test/fixtures/cve_fixtures.rb +104 -0
- data/test/functional/api/v2/compliance/oval_contents_controller_test.rb +39 -0
- data/test/functional/api/v2/compliance/oval_policies_controller_test.rb +141 -0
- data/test/functional/api/v2/compliance/oval_reports_controller_test.rb +32 -0
- data/test/graphql/queries/oval_contents_query_test.rb +35 -0
- data/test/graphql/queries/oval_policies_query_test.rb +35 -0
- data/test/test_plugin_helper.rb +4 -0
- data/test/unit/oval_host_test.rb +45 -0
- data/test/unit/oval_policy_test.rb +133 -0
- data/test/unit/oval_status_test.rb +47 -0
- data/test/unit/services/oval/cves_test.rb +81 -0
- data/test/unit/services/oval/setup_test.rb +87 -0
- metadata +98 -3
@@ -0,0 +1,45 @@
|
|
1
|
+
module ForemanOpenscap
|
2
|
+
class OvalStatus < ::HostStatus::Status
|
3
|
+
PATCHED = 0
|
4
|
+
VULNERABLE = 1
|
5
|
+
PATCH_AVAILABLE = 2
|
6
|
+
|
7
|
+
def self.status_name
|
8
|
+
N_('OVAL scan')
|
9
|
+
end
|
10
|
+
|
11
|
+
def to_label(options = {})
|
12
|
+
case to_status
|
13
|
+
when PATCHED
|
14
|
+
N_('No Vulnerabilities found')
|
15
|
+
when VULNERABLE
|
16
|
+
N_("%s vulnerabilities found") % host.cves_without_errata.count
|
17
|
+
when PATCH_AVAILABLE
|
18
|
+
N_("%s vulnerabilities with available patch found") % host.cves_with_errata.count
|
19
|
+
else
|
20
|
+
N_('Unknown OVAL status')
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
def to_global(options = {})
|
25
|
+
case to_status
|
26
|
+
when PATCHED
|
27
|
+
::HostStatus::Global::OK
|
28
|
+
when VULNERABLE
|
29
|
+
::HostStatus::Global::WARN
|
30
|
+
when PATCH_AVAILABLE
|
31
|
+
::HostStatus::Global::ERROR
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
def relevant?(options = {})
|
36
|
+
host.combined_oval_policies.any?
|
37
|
+
end
|
38
|
+
|
39
|
+
def to_status(options = {})
|
40
|
+
return PATCH_AVAILABLE if host.cves_with_errata.any?
|
41
|
+
return VULNERABLE if host.cves_without_errata.any?
|
42
|
+
PATCHED
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
@@ -4,8 +4,12 @@ module ForemanOpenscap
|
|
4
4
|
audited
|
5
5
|
include Authorizable
|
6
6
|
include Taxonomix
|
7
|
+
include PolicyCommon
|
8
|
+
|
7
9
|
attr_writer :current_step, :wizard_initiated
|
8
10
|
|
11
|
+
STEPS_LIST = [N_('Deployment Options'), N_('Policy Attributes'), N_('SCAP Content'), N_('Schedule'), N_('Locations'), N_('Organizations'), N_('Hostgroups')]
|
12
|
+
|
9
13
|
belongs_to :scap_content
|
10
14
|
belongs_to :scap_content_profile
|
11
15
|
belongs_to :tailoring_file
|
@@ -20,7 +24,6 @@ module ForemanOpenscap
|
|
20
24
|
scoped_search :relation => :scap_content_profile, :on => :title, :rename => 'profile', :complete_value => true
|
21
25
|
scoped_search :relation => :tailoring_file, :on => :name, :rename => 'tailoring_file', :complete_value => true
|
22
26
|
scoped_search :relation => :tailoring_file_profile, :on => :title, :rename => 'tailoring_file_profile', :complete_value => true
|
23
|
-
before_validation :update_period_attrs
|
24
27
|
|
25
28
|
def self.deploy_by_variants
|
26
29
|
%w[puppet ansible manual]
|
@@ -36,7 +39,8 @@ module ForemanOpenscap
|
|
36
39
|
validates :scap_content_id, presence: true, if: Proc.new { |policy| policy.should_validate?('SCAP Content') }
|
37
40
|
validate :matching_content_profile, if: Proc.new { |policy| policy.should_validate?('SCAP Content') }
|
38
41
|
|
39
|
-
validate :
|
42
|
+
validate :valid_tailoring, :valid_tailoring_profile, :no_mixed_deployments
|
43
|
+
validate :valid_cron_line, :valid_weekday, :valid_day_of_month, :if => Proc.new { |policy| policy.should_validate?('Schedule') }
|
40
44
|
after_save :assign_policy_to_hostgroups
|
41
45
|
# before_destroy - ensure that the policy has no hostgroups, or classes
|
42
46
|
|
@@ -62,7 +66,7 @@ module ForemanOpenscap
|
|
62
66
|
|
63
67
|
def change_deploy_type(params)
|
64
68
|
self.class.transaction do
|
65
|
-
if deploy_by != params[:deploy_by]
|
69
|
+
if params[:deploy_by] && deploy_by != params[:deploy_by]
|
66
70
|
assign_attributes params
|
67
71
|
ForemanOpenscap::LookupKeyOverrider.new(self).override
|
68
72
|
end
|
@@ -80,7 +84,7 @@ module ForemanOpenscap
|
|
80
84
|
end
|
81
85
|
|
82
86
|
def hostgroups
|
83
|
-
Hostgroup.find(hostgroup_ids)
|
87
|
+
::Hostgroup.find(hostgroup_ids)
|
84
88
|
end
|
85
89
|
|
86
90
|
def hostgroups=(hostgroups)
|
@@ -96,7 +100,7 @@ module ForemanOpenscap
|
|
96
100
|
end
|
97
101
|
|
98
102
|
def hosts
|
99
|
-
Host.where(:id => host_ids)
|
103
|
+
::Host.where(:id => host_ids)
|
100
104
|
end
|
101
105
|
|
102
106
|
def hosts=(hosts)
|
@@ -108,10 +112,7 @@ module ForemanOpenscap
|
|
108
112
|
end
|
109
113
|
|
110
114
|
def steps
|
111
|
-
|
112
|
-
base_steps << N_('Locations') if SETTINGS[:locations_enabled]
|
113
|
-
base_steps << N_('Organizations') if SETTINGS[:organizations_enabled]
|
114
|
-
base_steps << N_('Hostgroups') # always be last.
|
115
|
+
STEPS_LIST
|
115
116
|
end
|
116
117
|
|
117
118
|
def current_step
|
@@ -213,17 +214,6 @@ module ForemanOpenscap
|
|
213
214
|
@wizard_initiated
|
214
215
|
end
|
215
216
|
|
216
|
-
def update_period_attrs
|
217
|
-
case period
|
218
|
-
when 'monthly'
|
219
|
-
erase_period_attrs(%w[cron_line weekday])
|
220
|
-
when 'weekly'
|
221
|
-
erase_period_attrs(%w[cron_line day_of_month])
|
222
|
-
when 'custom'
|
223
|
-
erase_period_attrs(%w[weekday day_of_month])
|
224
|
-
end
|
225
|
-
end
|
226
|
-
|
227
217
|
private
|
228
218
|
|
229
219
|
def html_error_message(message)
|
@@ -233,59 +223,6 @@ module ForemanOpenscap
|
|
233
223
|
error_message.html_safe
|
234
224
|
end
|
235
225
|
|
236
|
-
def erase_period_attrs(attrs)
|
237
|
-
attrs.each { |attr| self.public_send("#{attr}=", nil) }
|
238
|
-
end
|
239
|
-
|
240
|
-
def period_enc
|
241
|
-
# get crontab expression as an array (minute hour day_of_month month day_of_week)
|
242
|
-
cron_parts = case period
|
243
|
-
when 'weekly'
|
244
|
-
['0', '1', '*', '*', weekday_number.to_s]
|
245
|
-
when 'monthly'
|
246
|
-
['0', '1', day_of_month.to_s, '*', '*']
|
247
|
-
when 'custom'
|
248
|
-
cron_line_split
|
249
|
-
else
|
250
|
-
raise 'invalid period specification'
|
251
|
-
end
|
252
|
-
|
253
|
-
{
|
254
|
-
'minute' => cron_parts[0],
|
255
|
-
'hour' => cron_parts[1],
|
256
|
-
'monthday' => cron_parts[2],
|
257
|
-
'month' => cron_parts[3],
|
258
|
-
'weekday' => cron_parts[4],
|
259
|
-
}
|
260
|
-
end
|
261
|
-
|
262
|
-
def weekday_number
|
263
|
-
# 0 is sunday, 1 is monday in cron, while DAYS_INTO_WEEK has 0 as monday, 6 as sunday
|
264
|
-
(Date::DAYS_INTO_WEEK.with_indifferent_access[weekday] + 1) % 7
|
265
|
-
end
|
266
|
-
|
267
|
-
def cron_line_split
|
268
|
-
cron_line.to_s.split(' ')
|
269
|
-
end
|
270
|
-
|
271
|
-
def valid_cron_line
|
272
|
-
if period == 'custom' && should_validate?('Schedule')
|
273
|
-
errors.add(:cron_line, _("does not consist of 5 parts separated by space")) unless cron_line_split.size == 5
|
274
|
-
end
|
275
|
-
end
|
276
|
-
|
277
|
-
def valid_weekday
|
278
|
-
if period == 'weekly' && should_validate?('Schedule')
|
279
|
-
errors.add(:weekday, _("is not a valid value")) unless Date::DAYNAMES.map(&:downcase).include? weekday
|
280
|
-
end
|
281
|
-
end
|
282
|
-
|
283
|
-
def valid_day_of_month
|
284
|
-
if period == 'monthly' && should_validate?('Schedule')
|
285
|
-
errors.add(:day_of_month, _("must be between 1 and 31")) if !day_of_month || (day_of_month < 1 || day_of_month > 31)
|
286
|
-
end
|
287
|
-
end
|
288
|
-
|
289
226
|
def valid_tailoring
|
290
227
|
errors.add(:tailoring_file_id, _("must be present when tailoring file profile present")) if tailoring_file_profile_id && !tailoring_file_id
|
291
228
|
errors.add(:tailoring_file_profile_id, _("must be present when tailoring file present")) if !tailoring_file_profile_id && tailoring_file_id
|
@@ -2,9 +2,15 @@ module ForemanOpenscap
|
|
2
2
|
module ClientConfig
|
3
3
|
class Ansible < Base
|
4
4
|
delegate :ansible_role_name, :to => :constants
|
5
|
+
attr_reader :constants
|
5
6
|
|
6
7
|
alias config_item_name ansible_role_name
|
7
8
|
|
9
|
+
def initialize(policy_class)
|
10
|
+
raise "Unknown policy class, expected one of: #{policy_types.map(&to_s).join(', ')}" unless policy_types.include?(policy_class)
|
11
|
+
initialize_constants(policy_class)
|
12
|
+
end
|
13
|
+
|
8
14
|
def type
|
9
15
|
:ansible
|
10
16
|
end
|
@@ -21,17 +27,44 @@ module ForemanOpenscap
|
|
21
27
|
}
|
22
28
|
end
|
23
29
|
|
24
|
-
def
|
25
|
-
|
30
|
+
def ansible_role_missing_msg
|
31
|
+
_("theforeman.foreman_scap_client Ansible Role not found, please import it before running this action again.")
|
32
|
+
end
|
33
|
+
|
34
|
+
private
|
35
|
+
|
36
|
+
def policy_types
|
37
|
+
[ForemanOpenscap::Policy, ForemanOpenscap::OvalPolicy]
|
38
|
+
end
|
39
|
+
|
40
|
+
def initialize_constants(policy_class)
|
41
|
+
base_constants = {
|
26
42
|
:server_param => 'foreman_scap_client_server',
|
27
43
|
:port_param => 'foreman_scap_client_port',
|
28
|
-
:policies_param => 'foreman_scap_client_policies',
|
29
44
|
:ansible_role_name => 'theforeman.foreman_scap_client',
|
30
45
|
:config_item_class_name => 'AnsibleRole',
|
31
46
|
:override_method_name => 'ansible_variables',
|
32
|
-
|
33
|
-
|
34
|
-
|
47
|
+
}
|
48
|
+
|
49
|
+
if policy_class == ::ForemanOpenscap::Policy
|
50
|
+
@constants = OpenStruct.new(
|
51
|
+
base_constants.merge(
|
52
|
+
:policies_param => 'foreman_scap_client_policies',
|
53
|
+
:policies_param_default_value => ds_policies_param_default_value,
|
54
|
+
:msg_name => _('Ansible role'),
|
55
|
+
:lookup_key_plural_name => _('Ansible variables')
|
56
|
+
)
|
57
|
+
)
|
58
|
+
end
|
59
|
+
|
60
|
+
if policy_class == ::ForemanOpenscap::OvalPolicy
|
61
|
+
@constants = OpenStruct.new(
|
62
|
+
base_constants.merge(
|
63
|
+
:policies_param => 'foreman_scap_client_oval_policies',
|
64
|
+
:policies_param_default_value => '<%= @host.oval_policies_enc %>'
|
65
|
+
)
|
66
|
+
)
|
67
|
+
end
|
35
68
|
end
|
36
69
|
end
|
37
70
|
end
|
@@ -3,7 +3,7 @@ module ForemanOpenscap
|
|
3
3
|
class Base
|
4
4
|
delegate :server_param, :port_param, :policies_param, :config_item_name,
|
5
5
|
:config_item_class_name, :override_method_name, :msg_name,
|
6
|
-
:lookup_key_plural_name, :to => :constants
|
6
|
+
:lookup_key_plural_name, :policies_param_default_value, :to => :constants
|
7
7
|
|
8
8
|
def type
|
9
9
|
raise NotImplementedError
|
@@ -42,6 +42,10 @@ module ForemanOpenscap
|
|
42
42
|
# all_puppetclasses, all_ansible_roles methods return Array, not ActiveRecord::Relation
|
43
43
|
scope.find { |item| item.name == config_item_name }
|
44
44
|
end
|
45
|
+
|
46
|
+
def ds_policies_param_default_value
|
47
|
+
'<%= @host.policies_enc %>'
|
48
|
+
end
|
45
49
|
end
|
46
50
|
end
|
47
51
|
end
|
@@ -30,7 +30,8 @@ module ForemanOpenscap
|
|
30
30
|
:config_item_class_name => 'Puppetclass',
|
31
31
|
:override_method_name => 'class_params',
|
32
32
|
:msg_name => _('Puppet class'),
|
33
|
-
:lookup_key_plural_name => _('Smart Class Parameters')
|
33
|
+
:lookup_key_plural_name => _('Smart Class Parameters'),
|
34
|
+
:policies_param_default_value => ds_policies_param_default_value
|
34
35
|
)
|
35
36
|
end
|
36
37
|
end
|
@@ -1,5 +1,7 @@
|
|
1
1
|
module ForemanOpenscap
|
2
2
|
class HostgroupOverrider
|
3
|
+
include HostgroupOverriderCommon
|
4
|
+
|
3
5
|
def initialize(policy)
|
4
6
|
@policy = policy
|
5
7
|
@name_sevice = ConfigNameService.new
|
@@ -43,29 +45,5 @@ module ForemanOpenscap
|
|
43
45
|
remove_overrides item.public_send(remove_config.override_method_name), hostgroup, remove_config
|
44
46
|
end
|
45
47
|
end
|
46
|
-
|
47
|
-
def add_overrides(collection, hostgroup, config)
|
48
|
-
collection.where(:override => true).find_each do |override|
|
49
|
-
return unless hostgroup.openscap_proxy && (url = hostgroup.openscap_proxy.url).present?
|
50
|
-
|
51
|
-
openscap_proxy_uri = URI.parse(url)
|
52
|
-
case override.key
|
53
|
-
when config.server_param
|
54
|
-
lookup_value = LookupValue.where(:match => "hostgroup=#{hostgroup.to_label}", :lookup_key_id => override.id).first_or_initialize
|
55
|
-
lookup_value.update_attribute(:value, openscap_proxy_uri.host)
|
56
|
-
when config.port_param
|
57
|
-
lookup_value = LookupValue.where(:match => "hostgroup=#{hostgroup.to_label}", :lookup_key_id => override.id).first_or_initialize
|
58
|
-
lookup_value.update_attribute(:value, openscap_proxy_uri.port)
|
59
|
-
end
|
60
|
-
end
|
61
|
-
end
|
62
|
-
|
63
|
-
def remove_overrides(collection, hostgroup, config)
|
64
|
-
collection.where(:override => true).find_each do |override|
|
65
|
-
if override.key == config.server_param || override.key == config.port_param
|
66
|
-
LookupValue.find_by(:match => "hostgroup=#{hostgroup.to_label}", :lookup_key_id => override.id)&.destroy
|
67
|
-
end
|
68
|
-
end
|
69
|
-
end
|
70
48
|
end
|
71
49
|
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
module ForemanOpenscap
|
2
|
+
module HostgroupOverriderCommon
|
3
|
+
def add_overrides(collection, host_or_hg, config)
|
4
|
+
model_match = host_or_hg.class.name.underscore =~ /\Ahostgroup\z/ ? "hostgroup" : "fqdn"
|
5
|
+
collection.where(:override => true).find_each do |override|
|
6
|
+
return unless host_or_hg.openscap_proxy && (url = host_or_hg.openscap_proxy.url).present?
|
7
|
+
|
8
|
+
openscap_proxy_uri = URI.parse(url)
|
9
|
+
case override.key
|
10
|
+
when config.server_param
|
11
|
+
lookup_value = LookupValue.where(:match => "#{model_match}=#{host_or_hg.to_label}", :lookup_key_id => override.id).first_or_initialize
|
12
|
+
lookup_value.update_attribute(:value, openscap_proxy_uri.host)
|
13
|
+
when config.port_param
|
14
|
+
lookup_value = LookupValue.where(:match => "#{model_match}=#{host_or_hg.to_label}", :lookup_key_id => override.id).first_or_initialize
|
15
|
+
lookup_value.update_attribute(:value, openscap_proxy_uri.port)
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
def remove_overrides(collection, hostgroup, config)
|
21
|
+
collection.where(:override => true).find_each do |override|
|
22
|
+
if override.key == config.server_param || override.key == config.port_param
|
23
|
+
LookupValue.find_by(:match => "hostgroup=#{hostgroup.to_label}", :lookup_key_id => override.id)&.destroy
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -1,5 +1,7 @@
|
|
1
1
|
module ForemanOpenscap
|
2
2
|
class LookupKeyOverrider
|
3
|
+
include LookupKeyOverridesCommon
|
4
|
+
|
3
5
|
def initialize(policy)
|
4
6
|
@policy = policy
|
5
7
|
@name_service = ConfigNameService.new
|
@@ -8,88 +10,54 @@ module ForemanOpenscap
|
|
8
10
|
def override
|
9
11
|
return unless @policy.deploy_by && Policy.deploy_by_variants.include?(@policy.deploy_by)
|
10
12
|
config = @name_service.config_for @policy.deploy_by.to_sym
|
11
|
-
|
12
|
-
@policy.errors[:deploy_by] <<
|
13
|
-
_("%{type} was selected to deploy policy to clients, but %{type} is not available. Are you missing a plugin?") %
|
14
|
-
{ :type => config.type.to_s.camelize }
|
15
|
-
return
|
16
|
-
end
|
17
|
-
return unless config.managed_overrides?
|
18
|
-
override_required_params config
|
13
|
+
super config
|
19
14
|
end
|
20
15
|
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
err = _("Required %{msg_name} %{class} was not found, please ensure it is imported first.") %
|
28
|
-
{ :class => config.config_item_name, :msg_name => config.msg_name }
|
29
|
-
@policy.errors[:base] << err
|
30
|
-
return
|
31
|
-
end
|
32
|
-
|
33
|
-
override_params item.public_send(config.override_method_name), config
|
16
|
+
def handle_config_not_available(config)
|
17
|
+
return true if config.available?
|
18
|
+
@policy.errors[:deploy_by] <<
|
19
|
+
_("%{type} was selected to deploy policy to clients, but %{type} is not available. Are you missing a plugin?") %
|
20
|
+
{ :type => config.type.to_s.camelize }
|
21
|
+
false
|
34
22
|
end
|
35
23
|
|
36
|
-
def
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
config.port_param => port_param,
|
43
|
-
config.server_param => server_param)
|
44
|
-
|
45
|
-
override_policies_param(policies_param, config)
|
46
|
-
override_port_param(port_param, config)
|
47
|
-
override_server_param(server_param, config)
|
24
|
+
def handle_config_item_not_available(config, item)
|
25
|
+
return true if item
|
26
|
+
err = _("Required %{msg_name} %{class} was not found, please ensure it is imported first.") %
|
27
|
+
{ :class => config.config_item_name, :msg_name => config.msg_name }
|
28
|
+
@policy.errors[:base] << err
|
29
|
+
false
|
48
30
|
end
|
49
31
|
|
50
|
-
def
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
memo
|
55
|
-
end
|
56
|
-
|
57
|
-
err = _("The following %{key_name} were missing for %{item_name}: %{key_names}. Make sure they are imported before proceeding.") %
|
58
|
-
{ :key_name => config.lookup_key_plural_name, :key_names => names.compact.join(', '), :item_name => config.config_item_name }
|
32
|
+
def handle_missing_lookup_keys(config, key_names)
|
33
|
+
return true if key_names.empty?
|
34
|
+
err = _("The following %{key_name} were missing for %{item_name}: %{key_names}. Make sure they are imported before proceeding.") %
|
35
|
+
{ :key_name => config.lookup_key_plural_name, :key_names => key_names, :item_name => config.config_item_name }
|
59
36
|
|
60
|
-
|
61
|
-
|
62
|
-
end
|
63
|
-
true
|
37
|
+
@policy.errors[:base] << err
|
38
|
+
false
|
64
39
|
end
|
65
40
|
|
66
|
-
def
|
67
|
-
|
68
|
-
param.key_type = 'array'
|
69
|
-
param.default_value = '<%= @host.policies_enc %>'
|
70
|
-
end
|
41
|
+
def handle_server_param_override(config, param)
|
42
|
+
handle_param_override config, param
|
71
43
|
end
|
72
44
|
|
73
|
-
def
|
74
|
-
|
45
|
+
def handle_port_param_override(config, param)
|
46
|
+
handle_param_override config, param
|
75
47
|
end
|
76
48
|
|
77
|
-
def
|
78
|
-
|
49
|
+
def handle_policies_param_override(config, param)
|
50
|
+
handle_param_override config, param
|
79
51
|
end
|
80
52
|
|
81
|
-
def
|
82
|
-
param.override = true
|
83
|
-
param.hidden_value = false
|
84
|
-
param.key_type = key_type if key_type
|
85
|
-
|
86
|
-
yield param if block_given?
|
87
|
-
|
53
|
+
def handle_param_override(config, param)
|
88
54
|
if param.changed? && !param.save
|
89
55
|
@policy.errors[:base] <<
|
90
56
|
_('Failed to save when overriding parameters for %{config_tool}, cause: %{errors}') %
|
91
57
|
{ :config_tool => config.type, :errors => param.errors.full_messages.join(', ') }
|
58
|
+
return false
|
92
59
|
end
|
60
|
+
true
|
93
61
|
end
|
94
62
|
end
|
95
63
|
end
|