foreman_openscap 4.1.3 → 4.3.3

data/app/models/foreman_openscap/oval_status.rb

@@ -0,0 +1,45 @@
+module ForemanOpenscap
+  class OvalStatus < ::HostStatus::Status
+    PATCHED = 0
+    VULNERABLE = 1
+    PATCH_AVAILABLE = 2
+
+    def self.status_name
+      N_('OVAL scan')
+    end
+
+    def to_label(options = {})
+      case to_status
+      when PATCHED
+        N_('No Vulnerabilities found')
+      when VULNERABLE
+        N_("%s vulnerabilities found") % host.cves_without_errata.count
+      when PATCH_AVAILABLE
+        N_("%s vulnerabilities with available patch found") % host.cves_with_errata.count
+      else
+        N_('Unknown OVAL status')
+      end
+    end
+
+    def to_global(options = {})
+      case to_status
+      when PATCHED
+        ::HostStatus::Global::OK
+      when VULNERABLE
+        ::HostStatus::Global::WARN
+      when PATCH_AVAILABLE
+        ::HostStatus::Global::ERROR
+      end
+    end
+
+    def relevant?(options = {})
+      host.combined_oval_policies.any?
+    end
+
+    def to_status(options = {})
+      return PATCH_AVAILABLE if host.cves_with_errata.any?
+      return VULNERABLE if host.cves_without_errata.any?
+      PATCHED
+    end
+  end
+end

data/app/models/foreman_openscap/policy.rb

@@ -4,8 +4,12 @@ module ForemanOpenscap
     audited
     include Authorizable
     include Taxonomix
+    include PolicyCommon
+
     attr_writer :current_step, :wizard_initiated
 
+    STEPS_LIST = [N_('Deployment Options'), N_('Policy Attributes'), N_('SCAP Content'), N_('Schedule'), N_('Locations'), N_('Organizations'), N_('Hostgroups')]
+
     belongs_to :scap_content
     belongs_to :scap_content_profile
     belongs_to :tailoring_file
@@ -20,7 +24,6 @@ module ForemanOpenscap
     scoped_search :relation => :scap_content_profile, :on => :title, :rename => 'profile', :complete_value => true
     scoped_search :relation => :tailoring_file, :on => :name, :rename => 'tailoring_file', :complete_value => true
     scoped_search :relation => :tailoring_file_profile, :on => :title, :rename => 'tailoring_file_profile', :complete_value => true
-    before_validation :update_period_attrs
 
     def self.deploy_by_variants
       %w[puppet ansible manual]
@@ -36,7 +39,8 @@ module ForemanOpenscap
     validates :scap_content_id, presence: true, if: Proc.new { |policy| policy.should_validate?('SCAP Content') }
     validate :matching_content_profile, if: Proc.new { |policy| policy.should_validate?('SCAP Content') }
 
-    validate :valid_cron_line, :valid_weekday, :valid_day_of_month, :valid_tailoring, :valid_tailoring_profile, :no_mixed_deployments
+    validate :valid_tailoring, :valid_tailoring_profile, :no_mixed_deployments
+    validate :valid_cron_line, :valid_weekday, :valid_day_of_month, :if => Proc.new { |policy| policy.should_validate?('Schedule') }
     after_save :assign_policy_to_hostgroups
     # before_destroy - ensure that the policy has no hostgroups, or classes
 
@@ -62,7 +66,7 @@ module ForemanOpenscap
 
     def change_deploy_type(params)
       self.class.transaction do
-        if deploy_by != params[:deploy_by]
+        if params[:deploy_by] && deploy_by != params[:deploy_by]
           assign_attributes params
           ForemanOpenscap::LookupKeyOverrider.new(self).override
         end
@@ -80,7 +84,7 @@ module ForemanOpenscap
     end
 
     def hostgroups
-      Hostgroup.find(hostgroup_ids)
+      ::Hostgroup.find(hostgroup_ids)
     end
 
     def hostgroups=(hostgroups)
@@ -96,7 +100,7 @@ module ForemanOpenscap
     end
 
     def hosts
-      Host.where(:id => host_ids)
+      ::Host.where(:id => host_ids)
     end
 
     def hosts=(hosts)
@@ -108,10 +112,7 @@ module ForemanOpenscap
     end
 
     def steps
-      base_steps = [N_('Deployment Options'), N_('Policy Attributes'), N_('SCAP Content'), N_('Schedule')]
-      base_steps << N_('Locations') if SETTINGS[:locations_enabled]
-      base_steps << N_('Organizations') if SETTINGS[:organizations_enabled]
-      base_steps << N_('Hostgroups') # always be last.
+      STEPS_LIST
     end
 
     def current_step
@@ -213,17 +214,6 @@ module ForemanOpenscap
       @wizard_initiated
     end
 
-    def update_period_attrs
-      case period
-      when 'monthly'
-        erase_period_attrs(%w[cron_line weekday])
-      when 'weekly'
-        erase_period_attrs(%w[cron_line day_of_month])
-      when 'custom'
-        erase_period_attrs(%w[weekday day_of_month])
-      end
-    end
-
     private
 
     def html_error_message(message)
@@ -233,59 +223,6 @@ module ForemanOpenscap
       error_message.html_safe
     end
 
-    def erase_period_attrs(attrs)
-      attrs.each { |attr| self.public_send("#{attr}=", nil) }
-    end
-
-    def period_enc
-      # get crontab expression as an array (minute hour day_of_month month day_of_week)
-      cron_parts = case period
-                   when 'weekly'
-                     ['0', '1', '*', '*', weekday_number.to_s]
-                   when 'monthly'
-                     ['0', '1', day_of_month.to_s, '*', '*']
-                   when 'custom'
-                     cron_line_split
-                   else
-                     raise 'invalid period specification'
-                   end
-
-      {
-        'minute'   => cron_parts[0],
-        'hour'     => cron_parts[1],
-        'monthday' => cron_parts[2],
-        'month'    => cron_parts[3],
-        'weekday'  => cron_parts[4],
-      }
-    end
-
-    def weekday_number
-      # 0 is sunday, 1 is monday in cron, while DAYS_INTO_WEEK has 0 as monday, 6 as sunday
-      (Date::DAYS_INTO_WEEK.with_indifferent_access[weekday] + 1) % 7
-    end
-
-    def cron_line_split
-      cron_line.to_s.split(' ')
-    end
-
-    def valid_cron_line
-      if period == 'custom' && should_validate?('Schedule')
-        errors.add(:cron_line, _("does not consist of 5 parts separated by space")) unless cron_line_split.size == 5
-      end
-    end
-
-    def valid_weekday
-      if period == 'weekly' && should_validate?('Schedule')
-        errors.add(:weekday, _("is not a valid value")) unless Date::DAYNAMES.map(&:downcase).include? weekday
-      end
-    end
-
-    def valid_day_of_month
-      if period == 'monthly' && should_validate?('Schedule')
-        errors.add(:day_of_month, _("must be between 1 and 31")) if !day_of_month || (day_of_month < 1 || day_of_month > 31)
-      end
-    end
-
     def valid_tailoring
       errors.add(:tailoring_file_id, _("must be present when tailoring file profile present")) if tailoring_file_profile_id && !tailoring_file_id
       errors.add(:tailoring_file_profile_id, _("must be present when tailoring file present")) if !tailoring_file_profile_id && tailoring_file_id

data/app/models/foreman_openscap/scap_content.rb

@@ -4,6 +4,7 @@ module ForemanOpenscap
     include Authorizable
     include Taxonomix
     include DataStreamContent
+    include ScapFileContent
 
     has_many :scap_content_profiles, :dependent => :destroy
     has_many :policies

data/app/models/foreman_openscap/tailoring_file.rb

@@ -4,6 +4,7 @@ module ForemanOpenscap
     include Authorizable
     include Taxonomix
     include DataStreamContent
+    include ScapFileContent
 
     has_many :policies
     has_many :scap_content_profiles, :dependent => :destroy

data/app/services/foreman_openscap/client_config/ansible.rb

@@ -2,9 +2,15 @@ module ForemanOpenscap
   module ClientConfig
     class Ansible < Base
       delegate :ansible_role_name, :to => :constants
+      attr_reader :constants
 
       alias config_item_name ansible_role_name
 
+      def initialize(policy_class)
+        raise "Unknown policy class, expected one of: #{policy_types.map(&to_s).join(', ')}" unless policy_types.include?(policy_class)
+        initialize_constants(policy_class)
+      end
+
       def type
         :ansible
       end
@@ -21,17 +27,44 @@ module ForemanOpenscap
         }
       end
 
-      def constants
-        OpenStruct.new(
+      def ansible_role_missing_msg
+        _("theforeman.foreman_scap_client Ansible Role not found, please import it before running this action again.")
+      end
+
+      private
+
+      def policy_types
+        [ForemanOpenscap::Policy, ForemanOpenscap::OvalPolicy]
+      end
+
+      def initialize_constants(policy_class)
+        base_constants = {
           :server_param => 'foreman_scap_client_server',
           :port_param => 'foreman_scap_client_port',
-          :policies_param => 'foreman_scap_client_policies',
           :ansible_role_name => 'theforeman.foreman_scap_client',
           :config_item_class_name => 'AnsibleRole',
           :override_method_name => 'ansible_variables',
-          :msg_name => _('Ansible role'),
-          :lookup_key_plural_name => _('Ansible variables')
-        )
+        }
+
+        if policy_class == ::ForemanOpenscap::Policy
+          @constants = OpenStruct.new(
+            base_constants.merge(
+              :policies_param => 'foreman_scap_client_policies',
+              :policies_param_default_value => ds_policies_param_default_value,
+              :msg_name => _('Ansible role'),
+              :lookup_key_plural_name => _('Ansible variables')
+            )
+          )
+        end
+
+        if policy_class == ::ForemanOpenscap::OvalPolicy
+          @constants = OpenStruct.new(
+            base_constants.merge(
+              :policies_param => 'foreman_scap_client_oval_policies',
+              :policies_param_default_value => '<%= @host.oval_policies_enc %>'
+            )
+          )
+        end
       end
     end
   end

data/app/services/foreman_openscap/client_config/base.rb

@@ -3,7 +3,7 @@ module ForemanOpenscap
     class Base
       delegate :server_param, :port_param, :policies_param, :config_item_name,
                :config_item_class_name, :override_method_name, :msg_name,
-               :lookup_key_plural_name, :to => :constants
+               :lookup_key_plural_name, :policies_param_default_value, :to => :constants
 
       def type
         raise NotImplementedError
@@ -42,6 +42,10 @@ module ForemanOpenscap
         # all_puppetclasses, all_ansible_roles methods return Array, not ActiveRecord::Relation
         scope.find { |item| item.name == config_item_name }
       end
+
+      def ds_policies_param_default_value
+        '<%= @host.policies_enc %>'
+      end
     end
   end
 end

data/app/services/foreman_openscap/client_config/puppet.rb

@@ -30,7 +30,8 @@ module ForemanOpenscap
           :config_item_class_name => 'Puppetclass',
           :override_method_name => 'class_params',
           :msg_name => _('Puppet class'),
-          :lookup_key_plural_name => _('Smart Class Parameters')
+          :lookup_key_plural_name => _('Smart Class Parameters'),
+          :policies_param_default_value => ds_policies_param_default_value
         )
       end
     end

data/app/services/foreman_openscap/config_name_service.rb

@@ -4,7 +4,7 @@ module ForemanOpenscap
 
     def initialize
       @configs = [
-        ForemanOpenscap::ClientConfig::Ansible.new,
+        ForemanOpenscap::ClientConfig::Ansible.new(Policy),
         ForemanOpenscap::ClientConfig::Puppet.new,
         ForemanOpenscap::ClientConfig::Manual.new
       ]

data/app/services/foreman_openscap/hostgroup_overrider.rb

@@ -1,5 +1,7 @@
 module ForemanOpenscap
   class HostgroupOverrider
+    include HostgroupOverriderCommon
+
     def initialize(policy)
       @policy = policy
       @name_sevice = ConfigNameService.new
@@ -43,29 +45,5 @@ module ForemanOpenscap
         remove_overrides item.public_send(remove_config.override_method_name), hostgroup, remove_config
       end
     end
-
-    def add_overrides(collection, hostgroup, config)
-      collection.where(:override => true).find_each do |override|
-        return unless hostgroup.openscap_proxy && (url = hostgroup.openscap_proxy.url).present?
-
-        openscap_proxy_uri = URI.parse(url)
-        case override.key
-        when config.server_param
-          lookup_value = LookupValue.where(:match => "hostgroup=#{hostgroup.to_label}", :lookup_key_id => override.id).first_or_initialize
-          lookup_value.update_attribute(:value, openscap_proxy_uri.host)
-        when config.port_param
-          lookup_value = LookupValue.where(:match => "hostgroup=#{hostgroup.to_label}", :lookup_key_id => override.id).first_or_initialize
-          lookup_value.update_attribute(:value, openscap_proxy_uri.port)
-        end
-      end
-    end
-
-    def remove_overrides(collection, hostgroup, config)
-      collection.where(:override => true).find_each do |override|
-        if override.key == config.server_param || override.key == config.port_param
-          LookupValue.find_by(:match => "hostgroup=#{hostgroup.to_label}", :lookup_key_id => override.id)&.destroy
-        end
-      end
-    end
   end
 end

data/app/services/foreman_openscap/hostgroup_overrider_common.rb

@@ -0,0 +1,28 @@
+module ForemanOpenscap
+  module HostgroupOverriderCommon
+    def add_overrides(collection, host_or_hg, config)
+      model_match = host_or_hg.class.name.underscore =~ /\Ahostgroup\z/ ? "hostgroup" : "fqdn"
+      collection.where(:override => true).find_each do |override|
+        return unless host_or_hg.openscap_proxy && (url = host_or_hg.openscap_proxy.url).present?
+
+        openscap_proxy_uri = URI.parse(url)
+        case override.key
+        when config.server_param
+          lookup_value = LookupValue.where(:match => "#{model_match}=#{host_or_hg.to_label}", :lookup_key_id => override.id).first_or_initialize
+          lookup_value.update_attribute(:value, openscap_proxy_uri.host)
+        when config.port_param
+          lookup_value = LookupValue.where(:match => "#{model_match}=#{host_or_hg.to_label}", :lookup_key_id => override.id).first_or_initialize
+          lookup_value.update_attribute(:value, openscap_proxy_uri.port)
+        end
+      end
+    end
+
+    def remove_overrides(collection, hostgroup, config)
+      collection.where(:override => true).find_each do |override|
+        if override.key == config.server_param || override.key == config.port_param
+          LookupValue.find_by(:match => "hostgroup=#{hostgroup.to_label}", :lookup_key_id => override.id)&.destroy
+        end
+      end
+    end
+  end
+end

data/app/services/foreman_openscap/lookup_key_overrider.rb

@@ -1,5 +1,7 @@
 module ForemanOpenscap
   class LookupKeyOverrider
+    include LookupKeyOverridesCommon
+
     def initialize(policy)
       @policy = policy
       @name_service = ConfigNameService.new
@@ -8,88 +10,54 @@ module ForemanOpenscap
     def override
       return unless @policy.deploy_by && Policy.deploy_by_variants.include?(@policy.deploy_by)
       config = @name_service.config_for @policy.deploy_by.to_sym
-      unless config.available?
-        @policy.errors[:deploy_by] <<
-          _("%{type} was selected to deploy policy to clients, but %{type} is not available. Are you missing a plugin?") %
-          { :type => config.type.to_s.camelize }
-        return
-      end
-      return unless config.managed_overrides?
-      override_required_params config
+      super config
     end
 
-    private
-
-    def override_required_params(config)
-      item = config.find_config_item
-
-      unless item
-        err = _("Required %{msg_name} %{class} was not found, please ensure it is imported first.") %
-          { :class => config.config_item_name, :msg_name => config.msg_name }
-        @policy.errors[:base] << err
-        return
-      end
-
-      override_params item.public_send(config.override_method_name), config
+    def handle_config_not_available(config)
+      return true if config.available?
+      @policy.errors[:deploy_by] <<
+        _("%{type} was selected to deploy policy to clients, but %{type} is not available. Are you missing a plugin?") %
+          { :type => config.type.to_s.camelize }
+      false
     end
 
-    def override_params(lookup_keys, config)
-      policies_param = lookup_keys.find_by :key => config.policies_param
-      port_param = lookup_keys.find_by :key => config.port_param
-      server_param = lookup_keys.find_by :key => config.server_param
-
-      return unless all_lookup_keys_present?(config, config.policies_param => policies_param,
-                                                     config.port_param => port_param,
-                                                     config.server_param => server_param)
-
-      override_policies_param(policies_param, config)
-      override_port_param(port_param, config)
-      override_server_param(server_param, config)
+    def handle_config_item_not_available(config, item)
+      return true if item
+      err = _("Required %{msg_name} %{class} was not found, please ensure it is imported first.") %
+          { :class => config.config_item_name, :msg_name => config.msg_name }
+      @policy.errors[:base] << err
+      false
     end
 
-    def all_lookup_keys_present?(config, hash)
-      unless hash.values.all?
-        names = hash.reduce([]) do |memo, (key, value)|
-          memo << key if value.blank?
-          memo
-        end
-
-        err = _("The following %{key_name} were missing for %{item_name}: %{key_names}. Make sure they are imported before proceeding.") %
-          { :key_name => config.lookup_key_plural_name, :key_names => names.compact.join(', '), :item_name => config.config_item_name }
+    def handle_missing_lookup_keys(config, key_names)
+      return true if key_names.empty?
+      err = _("The following %{key_name} were missing for %{item_name}: %{key_names}. Make sure they are imported before proceeding.") %
+        { :key_name => config.lookup_key_plural_name, :key_names => key_names, :item_name => config.config_item_name }
 
-        @policy.errors[:base] << err
-        return false
-      end
-      true
+      @policy.errors[:base] << err
+      false
     end
 
-    def override_policies_param(parameter, config)
-      override_param(config.policies_param, parameter, config) do |param|
-        param.key_type      = 'array'
-        param.default_value = '<%= @host.policies_enc %>'
-      end
+    def handle_server_param_override(config, param)
+      handle_param_override config, param
     end
 
-    def override_port_param(param, config)
-      override_param config.port_param, param, config, 'integer'
+    def handle_port_param_override(config, param)
+      handle_param_override config, param
     end
 
-    def override_server_param(param, config)
-      override_param config.server_param, param, config
+    def handle_policies_param_override(config, param)
+      handle_param_override config, param
     end
 
-    def override_param(param_name, param, config, key_type = nil)
-      param.override = true
-      param.hidden_value = false
-      param.key_type = key_type if key_type
-
-      yield param if block_given?
-
+    def handle_param_override(config, param)
       if param.changed? && !param.save
         @policy.errors[:base] <<
           _('Failed to save when overriding parameters for %{config_tool}, cause: %{errors}') %
           { :config_tool => config.type, :errors => param.errors.full_messages.join(', ') }
+        return false
       end
+      true
     end
   end
 end