RubyGems - foreman_openscap - Versions diffs - 8.0.1 → 9.0.0 - Mend

foreman_openscap 8.0.1 → 9.0.0

Files changed (167) hide show

data/app/graphql/mutations/oval_contents/delete.rb DELETED Viewed

@@ -1,9 +0,0 @@
-module Mutations
-  module OvalContents
-    class Delete < DeleteMutation
-      graphql_name 'DeleteOvalContentMutation'
-      description 'Deletes an OVAL Content'
-      resource_class ::ForemanOpenscap::OvalContent
-    end
-  end
-end

data/app/graphql/mutations/oval_policies/create.rb DELETED Viewed

@@ -1,33 +0,0 @@
-module Mutations
-  module OvalPolicies
-    class Create < ::Mutations::BaseMutation
-      description 'Creates a new OVAL Policy'
-      graphql_name 'CreateOvalPolicyMutation'
-      resource_class ::ForemanOpenscap::OvalPolicy
-      argument :name, String
-      argument :description, String, required: false
-      argument :period, String
-      argument :weekday, String, required: false
-      argument :day_of_month, Integer, required: false
-      argument :cron_line, String, required: false
-      argument :oval_content_id, Integer, required: true
-      argument :hostgroup_ids, [Integer], required: false
-      field :oval_policy, Types::OvalPolicy, 'The new OVAL Policy.', null: true
-      field :check_collection, [Types::OvalCheck], 'A collection of checks to detect OVAL policy configuration error', null: false
-      def resolve(hostgroup_ids:, **params)
-        policy = ::ForemanOpenscap::OvalPolicy.new params
-        validate_object(policy)
-        authorize!(policy, :create)
-        check_collection = ::ForemanOpenscap::Oval::Configure.new.assign(policy, hostgroup_ids, ::Hostgroup)
-        {
-          :oval_policy => policy,
-          :check_collection => check_collection.checks
-        }
-      end
-    end
-  end
-end

data/app/graphql/mutations/oval_policies/delete.rb DELETED Viewed

@@ -1,9 +0,0 @@
-module Mutations
-  module OvalPolicies
-    class Delete < DeleteMutation
-      graphql_name 'DeleteOvalPolicyMutation'
-      description 'Deletes an OVAL Policy'
-      resource_class ::ForemanOpenscap::OvalPolicy
-    end
-  end
-end

data/app/graphql/mutations/oval_policies/update.rb DELETED Viewed

@@ -1,15 +0,0 @@
-module Mutations
-  module OvalPolicies
-    class Update < UpdateMutation
-      graphql_name 'UpdateOvalPolicyMutation'
-      description 'Updates an OVAL Policy'
-      resource_class ::ForemanOpenscap::OvalPolicy
-      argument :name, String, required: false
-      argument :description, String, required: false
-      argument :cron_line, String, required: false
-      field :oval_policy, ::Types::OvalPolicy, 'The OVAL policy.', null: true
-    end
-  end
-end

data/app/graphql/types/cve.rb DELETED Viewed

@@ -1,17 +0,0 @@
-module Types
-  class Cve < BaseObject
-    description 'A CVE'
-    model_class ::ForemanOpenscap::Cve
-    global_id_field :id
-    field :ref_id, String
-    field :ref_url, String
-    field :has_errata, Boolean
-    field :definition_id, String
-    has_many :hosts, Types::Host
-    def self.graphql_definition
-      super.tap { |type| type.instance_variable_set(:@name, 'ForemanOpenscap::Cve') }
-    end
-  end
-end

data/app/graphql/types/oval_check.rb DELETED Viewed

@@ -1,11 +0,0 @@
-module Types
-  class OvalCheck < GraphQL::Schema::Object
-    description 'A check that contains information about whether a particual prerequisite for OVAL policy deployment is configured correctly'
-    field :id, String, null: false
-    field :title, String, null: false
-    field :fail_msg, String, null: true
-    field :errors, ::Types::RawJson, null: true
-    field :result, String, null: false
-  end
-end

data/app/graphql/types/oval_content.rb DELETED Viewed

@@ -1,19 +0,0 @@
-module Types
-  class OvalContent < BaseObject
-    description 'An OVAL Content'
-    model_class ::ForemanOpenscap::OvalContent
-    include ::Types::Concerns::MetaField
-    global_id_field :id
-    timestamps
-    field :name, String
-    field :digest, String
-    field :original_filename, String
-    field :url, String
-    def self.graphql_definition
-      super.tap { |type| type.instance_variable_set(:@name, 'ForemanOpenscap::OvalContent') }
-    end
-  end
-end

data/app/graphql/types/oval_policy.rb DELETED Viewed

@@ -1,24 +0,0 @@
-module Types
-  class OvalPolicy < BaseObject
-    description 'An OVAL Policy'
-    model_class ::ForemanOpenscap::OvalPolicy
-    include ::Types::Concerns::MetaField
-    global_id_field :id
-    timestamps
-    field :name, String
-    field :description, String
-    field :period, String
-    field :weekday, String
-    field :day_of_month, String
-    field :cron_line, String
-    belongs_to :oval_content, ::Types::OvalContent
-    has_many :hostgroups, ::Types::Hostgroup
-    def self.graphql_definition
-      super.tap { |type| type.instance_variable_set(:@name, 'ForemanOpenscap::OvalPolicy') }
-    end
-  end
-end

data/app/lib/proxy_api/available_proxy.rb DELETED Viewed

@@ -1,44 +0,0 @@
-module ::ProxyAPI
-  class AvailableProxy
-    HTTP_ERRORS = [
-      EOFError,
-      Errno::ECONNRESET,
-      Errno::EINVAL,
-      Net::HTTPBadResponse,
-      Net::HTTPHeaderSyntaxError,
-      Net::ProtocolError,
-      Timeout::Error,
-      ProxyAPI::ProxyException
-    ].freeze
-    def initialize(args)
-      @args = args
-    end
-    def available?
-      begin
-        return true if has_scap_feature? && minimum_version
-      rescue *HTTP_ERRORS
-        return false
-      end
-      false
-    end
-    private
-    def has_scap_feature?
-      @features ||= ::ProxyAPI::Features.new(@args).features
-      @features.include?('openscap')
-    end
-    def openscap_proxy_version
-      @versions ||= ::ProxyAPI::Version.new(@args).proxy_versions['modules']
-      @versions['openscap'] if @versions && @versions['openscap']
-    end
-    def minimum_version
-      return false unless openscap_proxy_version
-      openscap_proxy_version.to_f >= 0.5
-    end
-  end
-end

data/app/models/concerns/foreman_openscap/oval_facet_host_extensions.rb DELETED Viewed

@@ -1,38 +0,0 @@
-module ForemanOpenscap
-  module OvalFacetHostExtensions
-    extend ActiveSupport::Concern
-    ::Host::Managed::Jail.allow :oval_policies_enc, :oval_policies_enc_raw, :cves, :cves_without_errata
-    included do
-      has_many :oval_policies, :through => :oval_facet, :class_name => 'ForemanOpenscap::OvalPolicy'
-      has_many :host_cves, :class_name => 'ForemanOpenscap::HostCve', :foreign_key => :host_id
-      has_many :cves, :through => :host_cves, :class_name => 'ForemanOpenscap::Cve', :source => :cve
-      scoped_search :relation => :host_cves, :on => :cve_id, :rename => :cve_id, :complete_value => false
-    end
-    def cves_without_errata
-      cves.where(:has_errata => false)
-    end
-    def cves_with_errata
-      cves.where(:has_errata => true)
-    end
-    def combined_oval_policies
-      combined = oval_policies
-      combined += hostgroup.oval_policies + hostgroup.inherited_oval_policies if hostgroup
-      combined.uniq
-    end
-    def oval_policies_enc_raw
-      combined_oval_policies.map(&:to_enc)
-    end
-    def oval_policies_enc
-      oval_policies_enc_raw.to_json
-    end
-  end
-end

data/app/models/concerns/foreman_openscap/oval_facet_hostgroup_extensions.rb DELETED Viewed

@@ -1,31 +0,0 @@
-module ForemanOpenscap
-  module OvalFacetHostgroupExtensions
-    extend ActiveSupport::Concern
-    include InheritedPolicies
-    included do
-      has_many :oval_policies, :through => :oval_facet, :class_name => 'ForemanOpenscap::OvalPolicy'
-      scoped_search :relation => :oval_policies,
-                    :on => :id,
-                    :rename => :oval_policy_id,
-                    :complete_value => false,
-                    :only_explicit => true,
-                    :ext_method => :find_by_oval_policy_id,
-                    :operators => ['= ']
-    end
-    def inherited_oval_policies
-      find_inherited_policies :oval_policies
-    end
-    module ClassMethods
-      def find_by_oval_policy_id(_key, operator, value)
-        conditions = sanitize_sql_for_conditions(["#{::ForemanOpenscap::HostgroupOvalFacetOvalPolicy.table_name}.oval_policy_id #{operator} ?", value])
-        hg_ids = ::ForemanOpenscap::Hostgroup::OvalFacet.joins(:hostgroup_oval_facet_oval_policies).where(conditions).pluck(:hostgroup_id)
-        { :conditions => ::Hostgroup.arel_table[:id].in(hg_ids).to_sql }
-      end
-    end
-  end
-end

data/app/models/foreman_openscap/cve.rb DELETED Viewed

@@ -1,23 +0,0 @@
-module ForemanOpenscap
-  class Cve < ApplicationRecord
-    has_many :host_cves
-    has_many :hosts, :through => :host_cves
-    has_many :oval_policies, :through => :host_cves
-    scoped_search :relation => :host_cves, :on => :oval_policy_id, :rename => :oval_policy_id, :complete_value => false
-    scope :of_oval_policy, ->(policy_id) {
-      joins(:host_cves).where(:foreman_openscap_host_cves => { :oval_policy_id => policy_id })
-    }
-    scope :of_host, ->(host_id) {
-      joins(:host_cves).where(:foreman_openscap_host_cves => { :host_id => host_id })
-    }
-    validates :ref_id, :ref_url, :definition_id, :presence => true
-    class Jail < ::Safemode::Jail
-      allow :ref_id, :ref_url
-    end
-  end
-end

data/app/models/foreman_openscap/host/oval_facet.rb DELETED Viewed

@@ -1,14 +0,0 @@
-module ForemanOpenscap
-  module Host
-    class OvalFacet < ApplicationRecord
-      self.table_name = 'foreman_openscap_oval_facets'
-      include Facets::Base
-      validates :host, :presence => true, :allow_blank => false
-      has_many :oval_facet_oval_policies, :dependent => :destroy, :class_name => 'ForemanOpenscap::OvalFacetOvalPolicy'
-      has_many :oval_policies, :through => :oval_facet_oval_policies, :class_name => 'ForemanOpenscap::OvalPolicy'
-    end
-  end
-end

data/app/models/foreman_openscap/host_cve.rb DELETED Viewed

@@ -1,7 +0,0 @@
-module ForemanOpenscap
-  class HostCve < ApplicationRecord
-    belongs_to_host
-    belongs_to :cve
-    belongs_to :oval_policy
-  end
-end

data/app/models/foreman_openscap/hostgroup/oval_facet.rb DELETED Viewed

@@ -1,14 +0,0 @@
-module ForemanOpenscap
-  module Hostgroup
-    class OvalFacet < ApplicationRecord
-      self.table_name = 'foreman_openscap_hostgroup_oval_facets'
-      include Facets::HostgroupFacet
-      validates :hostgroup, :presence => true, :allow_blank => false
-      has_many :hostgroup_oval_facet_oval_policies, :dependent => :destroy, :class_name => 'ForemanOpenscap::HostgroupOvalFacetOvalPolicy'
-      has_many :oval_policies, :through => :hostgroup_oval_facet_oval_policies, :class_name => 'ForemanOpenscap::OvalPolicy'
-    end
-  end
-end

data/app/models/foreman_openscap/hostgroup_oval_facet_oval_policy.rb DELETED Viewed

@@ -1,6 +0,0 @@
-module ForemanOpenscap
-  class HostgroupOvalFacetOvalPolicy < ApplicationRecord
-    belongs_to :oval_policy
-    belongs_to :oval_facet, :class_name => 'ForemanOpenscap::Hostgroup::OvalFacet'
-  end
-end

data/app/models/foreman_openscap/oval_content.rb DELETED Viewed

@@ -1,28 +0,0 @@
-module ForemanOpenscap
-  class OvalContent < ApplicationRecord
-    audited :except => [:scap_file]
-    include Authorizable
-    include Taxonomix
-    include ScapFileContent
-    before_destroy EnsureNotUsedBy.new(:oval_policies)
-    scoped_search :on => :name, :complete_value => true
-    has_many :oval_policies
-    validates :name, :presence => true, :length => { :maximum => 255 }, uniqueness: true
-    validates :url, :format => { :with => %r{\Ahttps?://} }, :allow_blank => true
-    before_validation :fetch_remote_content, :if => lambda { |oval_content| oval_content.url.present? }
-    def to_h
-      { :id => id, :name => name, :original_filename => original_filename, :changed_at => changed_at }
-    end
-    private
-    def fetch_remote_content
-      ForemanOpenscap::Oval::SyncOvalContents.new.sync self
-    end
-  end
-end

data/app/models/foreman_openscap/oval_facet_oval_policy.rb DELETED Viewed

@@ -1,6 +0,0 @@
-module ForemanOpenscap
-  class OvalFacetOvalPolicy < ApplicationRecord
-    belongs_to :oval_policy
-    belongs_to :oval_facet, :class_name => 'ForemanOpenscap::Host::OvalFacet'
-  end
-end

data/app/models/foreman_openscap/oval_policy.rb DELETED Viewed

@@ -1,54 +0,0 @@
-module ForemanOpenscap
-  class OvalPolicy < ApplicationRecord
-    graphql_type '::Types::OvalPolicy'
-    audited
-    include Authorizable
-    include Taxonomix
-    include PolicyCommon
-    belongs_to :oval_content
-    validates :name, :presence => true, :uniqueness => true, :length => { :maximum => 255 }
-    validates :period, :inclusion => { :in => %w[weekly monthly custom], :message => _('is not a valid value') }
-    validate :valid_cron_line, :valid_weekday, :valid_day_of_month
-    validates :oval_content, :presence => true
-    has_many :oval_facet_oval_policies, :class_name => 'ForemanOpenscap::OvalFacetOvalPolicy'
-    has_many :oval_facets, :through => :oval_facet_oval_policies, :class_name => 'ForemanOpenscap::Host::OvalFacet'
-    has_many :hosts, :through => :oval_facets
-    has_many :hostgroup_oval_facet_oval_policies, :class_name => 'ForemanOpenscap::HostgroupOvalFacetOvalPolicy'
-    has_many :hostgroup_oval_facets, :through => :hostgroup_oval_facet_oval_policies, :class_name => 'ForemanOpenscap::Hostgroup::OvalFacet', :source => :oval_facet
-    has_many :hostgroups, :through => :hostgroup_oval_facets
-    has_many :host_cves
-    has_many :cves, :through => :host_cves
-    def host_ids=(host_ids)
-      self.oval_facets = facets_to_assign(host_ids, :host_id, ForemanOpenscap::Host::OvalFacet)
-    end
-    def hostgroup_ids=(hostgroup_ids)
-      self.hostgroup_oval_facets = facets_to_assign(hostgroup_ids, :hostgroup_id, ForemanOpenscap::Hostgroup::OvalFacet)
-    end
-    def to_enc
-      {
-        :id => id,
-        :oval_content_path => "/var/lib/openscap/oval_content/#{oval_content.digest}.oval.xml.bz2",
-        :download_path => "/compliance/oval_policies/#{id}/oval_content/#{oval_content.digest}"
-      }.merge(period_enc).with_indifferent_access
-    end
-    private
-    def facets_to_assign(ids, key, facet_class)
-      filtered_ids = ids.uniq.reject { |id| respond_to?(:empty) && id.empty? }
-      existing_facets = facet_class.where(key => filtered_ids)
-      new_facets = (filtered_ids - existing_facets.pluck(key)).map { |id| facet_class.new(key => id) }
-      existing_facets + new_facets
-    end
-  end
-end

data/app/models/foreman_openscap/oval_status.rb DELETED Viewed

@@ -1,45 +0,0 @@
-module ForemanOpenscap
-  class OvalStatus < ::HostStatus::Status
-    PATCHED = 0
-    VULNERABLE = 1
-    PATCH_AVAILABLE = 2
-    def self.status_name
-      N_('OVAL scan')
-    end
-    def to_label(options = {})
-      case to_status
-      when PATCHED
-        N_('No Vulnerabilities found')
-      when VULNERABLE
-        N_("%s vulnerabilities found") % host.cves_without_errata.count
-      when PATCH_AVAILABLE
-        N_("%s vulnerabilities with available patch found") % host.cves_with_errata.count
-      else
-        N_('Unknown OVAL status')
-      end
-    end
-    def to_global(options = {})
-      case to_status
-      when PATCHED
-        ::HostStatus::Global::OK
-      when VULNERABLE
-        ::HostStatus::Global::WARN
-      when PATCH_AVAILABLE
-        ::HostStatus::Global::ERROR
-      end
-    end
-    def relevant?(options = {})
-      host.combined_oval_policies.any?
-    end
-    def to_status(options = {})
-      return PATCH_AVAILABLE if host.cves_with_errata.any?
-      return VULNERABLE if host.cves_without_errata.any?
-      PATCHED
-    end
-  end
-end

data/app/services/foreman_openscap/oval/check_collection.rb DELETED Viewed

@@ -1,45 +0,0 @@
-module ForemanOpenscap
-  module Oval
-    class CheckCollection
-      attr_reader :checks
-      def initialize(initial_check_attrs = [])
-        @checks = initial_check_attrs.map { |hash| SetupCheck.new hash }
-      end
-      def all_passed?
-        @checks.all?(&:passed?)
-      end
-      def find_check(check_id)
-        @checks.find { |item| item.id == check_id }
-      end
-      def find_failed
-        @checks.select(&:failed?)
-      end
-      def fail_check(check_id, error_data = nil)
-        find_check(check_id).fail_with! error_data
-      end
-      def pass_check(check_id)
-        find_check(check_id).pass!
-      end
-      def add_check(check)
-        @checks << check
-        self
-      end
-      def merge(other)
-        @checks = @checks.concat other.checks
-        self
-      end
-      def to_h
-        @checks.map(&:to_h)
-      end
-    end
-  end
-end

data/app/services/foreman_openscap/oval/configure.rb DELETED Viewed

@@ -1,83 +0,0 @@
-module ForemanOpenscap
-  module Oval
-    class Configure
-      include ::ForemanOpenscap::HostgroupOverriderCommon
-      def initialize
-        @config = ForemanOpenscap::ClientConfig::Ansible.new(::ForemanOpenscap::OvalPolicy)
-      end
-      def assign(oval_policy, ids, model_class)
-        check_collection = ::ForemanOpenscap::Oval::Setup.new.run
-        return check_collection unless check_collection.all_passed?
-        ansible_role = @config.find_config_item
-        if model_class == ::Hostgroup
-          roles_method = :inherited_and_own_ansible_roles
-          ids_setter = :hostgroup_ids=
-          check_id = :hostgroups_without_proxy
-        elsif model_class == ::Host::Managed
-          roles_method = :all_ansible_roles
-          ids_setter = :host_ids=
-          check_id = :hosts_without_proxy
-        else
-          raise "Unexpected model_class, expected ::Hostgroup or ::Host::Managed, got: #{model_class}"
-        end
-        items_with_proxy, items_without_proxy = openscap_proxy_associated(ids, model_class)
-        if items_without_proxy.any?
-          return without_proxy_to_check items_without_proxy, check_id
-        end
-        oval_policy.send(ids_setter, items_with_proxy.pluck(:id))
-        unless oval_policy.save
-          return check_collection.add_check model_to_check(oval_policy, :oval_policy_errors)
-        end
-        check_collection.merge modify_items(items_with_proxy, oval_policy, ansible_role, roles_method)
-      end
-      private
-      def openscap_proxy_associated(ids, model_class)
-        model_class.where(:id => ids).partition(&:openscap_proxy)
-      end
-      def modify_items(items, oval_policy, ansible_role, roles_method)
-        items.reduce(CheckCollection.new) do |memo, item|
-          role_ids = item.ansible_role_ids + [ansible_role.id]
-          item.ansible_role_ids = role_ids unless item.send(roles_method).include? ansible_role
-          item.save if item.changed?
-          memo.add_check model_to_check(item, item.is_a?(::Hostgroup) ? 'hostgroup' : 'host')
-          add_overrides ansible_role.ansible_variables, item, @config
-          memo
-        end
-      end
-      def without_proxy_to_check(items, check_id)
-        items.reduce(CheckCollection.new) do |memo, item|
-          memo.add_check(
-            SetupCheck.new(
-              :title => (_("Was %s configured successfully?") % item.class.name),
-              :fail_msg => (_("Assign openscap_proxy to %s before proceeding.") % item.name),
-              :id => check_id
-            ).fail!
-          )
-        end
-      end
-      def model_to_check(model, check_id)
-        check = SetupCheck.new(
-          :title => (_("Was %{model_name} %{name} configured successfully?") % { :model_name => model.class.name, :name => model.name }),
-          :errors => model.errors.to_h,
-          :id => check_id
-        )
-        model.errors.any? ? check.fail! : check.pass!
-      end
-    end
-  end
-end

data/app/services/foreman_openscap/oval/cves.rb DELETED Viewed

@@ -1,41 +0,0 @@
-module ForemanOpenscap
-  module Oval
-    class Cves
-      def create(host, cve_data)
-        policy_id = cve_data['oval_policy_id']
-        incoming_cves = cve_data['oval_results'].reduce([]) do |memo, data|
-          next memo unless data['result'] == 'true'
-          cves, errata = data['references'].partition { |ref| ref['ref_id'].start_with?('CVE') }
-          cves.map do |cve|
-            memo << ::ForemanOpenscap::Cve.find_or_create_by(
-              :ref_id => cve['ref_id'],
-              :ref_url => cve['ref_url'],
-              :has_errata => !errata.empty?,
-              :definition_id => data['definition_id']
-            )
-          end
-          memo
-        end
-        current = ForemanOpenscap::Cve.of_oval_policy(policy_id).of_host(host.id)
-        to_delete = current - incoming_cves
-        to_create = incoming_cves - current
-        ::ForemanOpenscap::HostCve.where(:host_id => host.id, :oval_policy_id => policy_id, :cve_id => to_delete.pluck(:id)).destroy_all
-        host.host_cves.build(to_create.map { |cve| { :host_id => host.id, :oval_policy_id => policy_id, :cve_id => cve.id } })
-        delete_orphaned_cves to_delete.pluck(:id) if host.save
-        host
-      end
-      private
-      def delete_orphaned_cves(ids)
-        associated_ids = ::ForemanOpenscap::HostCve.where(:cve_id => ids).select(:cve_id).distinct.pluck(:cve_id)
-        ::ForemanOpenscap::Cve.where(:id => ids - associated_ids).destroy_all
-      end
-    end
-  end
-end