foreman_openscap 8.0.2 → 9.0.0

data/app/controllers/api/v2/compliance/oval_contents_controller.rb

@@ -1,72 +0,0 @@
-module Api::V2
-  module Compliance
-    class OvalContentsController < ::Api::V2::BaseController
-      include Foreman::Controller::Parameters::OvalContent
-      include ForemanOpenscap::Api::V2::ScapApiControllerExtensions
-
-      before_action :find_resource, :except => %w[index create sync]
-      skip_before_action :check_media_type, :only => %w[create update]
-
-      api :GET, '/compliance/oval_contents', N_('List OVAL contents')
-      param_group :search_and_pagination, ::Api::V2::BaseController
-      add_scoped_search_description_for(::ForemanOpenscap::OvalContent)
-
-      def index
-        @oval_contents = resource_scope_for_index(:permission => :view_oval_contents)
-      end
-
-      api :GET, '/compliance/oval_contents/:id', N_('Show an OVAL content')
-      param :id, :identifier, :required => true
-
-      def show
-      end
-
-      def_param_group :oval_content do
-        param :oval_content, Hash, :required => true, :action_aware => true do
-          param :name, String, :required => true, :desc => N_('OVAL content name')
-          param :scap_file, File, :desc => N_('XML containing OVAL content')
-          param :original_filename, String, :desc => N_('Original file name of the OVAL content file')
-          param :url, String, :desc => N_('URL of the OVAL content file')
-          param_group :taxonomies, ::Api::V2::BaseController
-        end
-      end
-
-      api :POST, '/compliance/oval_contents', N_('Create OVAL content')
-      param_group :oval_content, :as => :create
-
-      def create
-        @oval_content = ForemanOpenscap::OvalContent.new(oval_content_params)
-        process_response @oval_content.save
-      end
-
-      api :PUT, '/compliance/oval_contents/:id', N_('Update an OVAL content')
-      param :id, :identifier, :required => true
-      param_group :oval_content
-
-      def update
-        process_response @oval_content.update(oval_content_params)
-      end
-
-      api :DELETE, '/compliance/oval_contents/:id', N_('Deletes an OVAL content')
-      param :id, :identifier, :required => true
-
-      def destroy
-        process_response @oval_content.destroy
-      end
-
-      api :POST, '/compliance/oval_contents/sync', N_('Sync contents that have remote source URL')
-      def sync
-        @oval_contents = ForemanOpenscap::Oval::SyncOvalContents.new.sync_all
-      end
-
-      def action_permission
-        case params[:action]
-        when 'sync'
-          :update
-        else
-          super
-        end
-      end
-    end
-  end
-end

data/app/controllers/api/v2/compliance/oval_policies_controller.rb

@@ -1,111 +0,0 @@
-module Api::V2
-  module Compliance
-    class OvalPoliciesController < ::Api::V2::BaseController
-      include Foreman::Controller::SmartProxyAuth
-      include ForemanOpenscap::Api::V2::ScapApiControllerExtensions
-      include Foreman::Controller::Parameters::OvalPolicy
-
-      add_smart_proxy_filters %i[oval_content], :features => 'Openscap'
-
-      before_action :find_resource, :except => %w[index create]
-      skip_after_action :log_response_body, :only => %i[oval_content]
-
-      api :GET, '/compliance/oval_policies', N_('List OVAL Policies')
-      param_group :search_and_pagination, ::Api::V2::BaseController
-
-      def index
-        @oval_policies = resource_scope_for_index(:permission => :view_oval_policies)
-      end
-
-      api :GET, '/compliance/oval_policies/:id', N_('Show an OVAL Policy')
-      param :id, :identifier, :required => true
-
-      def show
-      end
-
-      def_param_group :oval_policy do
-        param :oval_policy, Hash, :required => true, :action_aware => true do
-          param :name, String, :required => true, :desc => N_('OVAL Policy name')
-          param :oval_content_id, Integer, :required => true, :desc => N_('Policy OVAL content ID')
-          param :description, String, :desc => N_('OVAL Policy description')
-          param :period, String, :desc => N_('OVAL Policy schedule period (weekly, monthly, custom)')
-          param :weekday, String, :desc => N_('OVAL Policy schedule weekday (only if period == "weekly")')
-          param :day_of_month, Integer, :desc => N_('OVAL Policy schedule day of month (only if period == "monthly")')
-          param :cron_line, String, :desc => N_('OVAL Policy schedule cron line (only if period == "custom")')
-          param_group :taxonomies, ::Api::V2::BaseController
-        end
-      end
-
-      api :POST, '/compliance/oval_policies', N_('Create an OVAL Policy')
-      param_group :oval_policy, :as => :create
-
-      def create
-        @oval_policy = ForemanOpenscap::OvalPolicy.new(oval_policy_params)
-        process_response(@oval_policy.save)
-      end
-
-      api :PUT, '/compliance/oval_policies/:id', N_('Update an OVAL Policy')
-      param :id, :identifier, :required => true
-      param_group :oval_policy
-
-      def update
-        process_response(@oval_policy.update(oval_policy_params))
-      end
-
-      api :DELETE, '/compliance/oval_policies/:id', N_('Delete an OVAL Policy')
-      param :id, :identifier, :required => true
-
-      def destroy
-        process_response @oval_policy.destroy
-      end
-
-      api :POST, '/compliance/oval_policies/:id/assign_hostgroups', N_('Assign hostgroups to an OVAL Policy')
-      param :id, :identifier, :required => true
-      param :hostgroup_ids, Array, :desc => N_('Array of hostgroup IDs')
-
-      def assign_hostgroups
-        assign _('hostgroups'), params["hostgroup_ids"], ::Hostgroup
-      end
-
-      api :POST, '/compliance/oval_policies/:id/assign_hosts', N_('Assign hosts to an OVAL Policy')
-      param :id, :identifier, :required => true
-      param :host_ids, Array, :desc => N_('Array of host IDs')
-
-      def assign_hosts
-        assign _('hosts'), params["host_ids"], ::Host::Managed
-      end
-
-      api :GET, '/compliance/oval_policies/:id/oval_content', N_("Show a policy's OVAL content")
-      param :id, :identifier, :required => true
-
-      def oval_content
-        @oval_content = @oval_policy.oval_content
-        send_data @oval_content.scap_file,
-                  :type => 'application/x-bzip2',
-                  :filename => @oval_content.original_filename
-      end
-
-      def action_permission
-        case params[:action]
-        when 'assign_hostgroups', 'assign_hosts'
-          :edit
-        when 'oval_content'
-          :show
-        else
-          super
-        end
-      end
-
-      private
-
-      def assign(resource_plural, ids, model_class)
-        check_collection = ::ForemanOpenscap::Oval::Configure.new.assign(@oval_policy, ids, model_class)
-        if check_collection.all_passed?
-          render :json => { :message => (_("OVAL policy successfully configured with %s.") % resource_plural) }
-        else
-          render :json => { :results => check_collection.find_failed.map(&:to_h) }
-        end
-      end
-    end
-  end
-end

data/app/controllers/api/v2/compliance/oval_reports_controller.rb

@@ -1,47 +0,0 @@
-module Api
-  module V2
-    module Compliance
-      class OvalReportsController < ::Api::V2::BaseController
-        include Foreman::Controller::SmartProxyAuth
-        add_smart_proxy_filters :create, :features => 'Openscap'
-
-        skip_before_action :setup_has_many_params
-        before_action :find_resources_before_create, :only => [:create]
-
-        api :POST, "/compliance/oval_reports/:cname/:oval_policy_id/:date", N_("Upload an OVAL report - a list of CVEs for given host")
-        param :cname, :identifier, :required => true
-        param :oval_policy_id, :identifier, :required => true
-        param :date, :identifier, :required => true
-
-        def create
-          ForemanOpenscap::Oval::Cves.new.create(@host, params.to_unsafe_h)
-          if @host.errors.any?
-            upload_fail @host.errors.full_messages
-          else
-            @host.refresh_statuses([ForemanOpenscap::OvalStatus])
-            render :json => { :result => :ok }
-          end
-        end
-
-        private
-
-        def find_resources_before_create
-          @host = ForemanOpenscap::Helper.find_host_by_name_or_uuid params[:cname]
-
-          unless @host
-            upload_fail(_('Could not find host identified by: %s') % params[:cname])
-            return
-          end
-        end
-
-        def upload_fail(msg)
-          logger.error msg
-          render :json => { :result => :fail, :errors => msg }, :status => :unprocessable_entity
-        end
-
-        def find_resource
-        end
-      end
-    end
-  end
-end

data/app/controllers/concerns/foreman/controller/parameters/oval_content.rb

@@ -1,22 +0,0 @@
-module Foreman::Controller::Parameters::OvalContent
-  extend ActiveSupport::Concern
-
-  class_methods do
-    def oval_content_params_filter
-      Foreman::ParameterFilter.new(::ForemanOpenscap::OvalContent).tap do |filter|
-        filter.permit :original_filename, :scap_file, :name, :url, :location_ids => [], :organization_ids => []
-      end
-    end
-  end
-
-  def oval_content_params
-    read_file_content self.class.oval_content_params_filter.filter_params(params, parameter_filter_context)
-  end
-
-  def read_file_content(params)
-    return params unless file = params[:scap_file]
-    content = file.read
-    filename = file.original_filename
-    params.merge(:scap_file => content, :original_filename => params[:original_filename] || filename)
-  end
-end

data/app/controllers/concerns/foreman/controller/parameters/oval_policy.rb

@@ -1,22 +0,0 @@
-module Foreman::Controller::Parameters::OvalPolicy
-  extend ActiveSupport::Concern
-
-  class_methods do
-    def filter_params_list
-      [:description, :name, :period,
-       :weekday, :day_of_month, :cron_line,
-       :oval_content_id,
-       :location_ids => [], :organization_ids => []]
-    end
-
-    def oval_policy_params_filter
-      Foreman::ParameterFilter.new(::ForemanOpenscap::OvalPolicy).tap do |filter|
-        filter.permit filter_params_list
-      end
-    end
-  end
-
-  def oval_policy_params
-    self.class.oval_policy_params_filter.filter_params(params, parameter_filter_context)
-  end
-end

data/app/graphql/mutations/oval_contents/delete.rb

@@ -1,9 +0,0 @@
-module Mutations
-  module OvalContents
-    class Delete < DeleteMutation
-      graphql_name 'DeleteOvalContentMutation'
-      description 'Deletes an OVAL Content'
-      resource_class ::ForemanOpenscap::OvalContent
-    end
-  end
-end

data/app/graphql/mutations/oval_policies/create.rb

@@ -1,33 +0,0 @@
-module Mutations
-  module OvalPolicies
-    class Create < ::Mutations::BaseMutation
-      description 'Creates a new OVAL Policy'
-      graphql_name 'CreateOvalPolicyMutation'
-
-      resource_class ::ForemanOpenscap::OvalPolicy
-
-      argument :name, String
-      argument :description, String, required: false
-      argument :period, String
-      argument :weekday, String, required: false
-      argument :day_of_month, Integer, required: false
-      argument :cron_line, String, required: false
-      argument :oval_content_id, Integer, required: true
-      argument :hostgroup_ids, [Integer], required: false
-
-      field :oval_policy, Types::OvalPolicy, 'The new OVAL Policy.', null: true
-      field :check_collection, [Types::OvalCheck], 'A collection of checks to detect OVAL policy configuration error', null: false
-
-      def resolve(hostgroup_ids:, **params)
-        policy = ::ForemanOpenscap::OvalPolicy.new params
-        validate_object(policy)
-        authorize!(policy, :create)
-        check_collection = ::ForemanOpenscap::Oval::Configure.new.assign(policy, hostgroup_ids, ::Hostgroup)
-        {
-          :oval_policy => policy,
-          :check_collection => check_collection.checks
-        }
-      end
-    end
-  end
-end

data/app/graphql/mutations/oval_policies/delete.rb

@@ -1,9 +0,0 @@
-module Mutations
-  module OvalPolicies
-    class Delete < DeleteMutation
-      graphql_name 'DeleteOvalPolicyMutation'
-      description 'Deletes an OVAL Policy'
-      resource_class ::ForemanOpenscap::OvalPolicy
-    end
-  end
-end

data/app/graphql/mutations/oval_policies/update.rb

@@ -1,15 +0,0 @@
-module Mutations
-  module OvalPolicies
-    class Update < UpdateMutation
-      graphql_name 'UpdateOvalPolicyMutation'
-      description 'Updates an OVAL Policy'
-      resource_class ::ForemanOpenscap::OvalPolicy
-
-      argument :name, String, required: false
-      argument :description, String, required: false
-      argument :cron_line, String, required: false
-
-      field :oval_policy, ::Types::OvalPolicy, 'The OVAL policy.', null: true
-    end
-  end
-end

data/app/graphql/types/cve.rb

@@ -1,17 +0,0 @@
-module Types
-  class Cve < BaseObject
-    description 'A CVE'
-    model_class ::ForemanOpenscap::Cve
-
-    global_id_field :id
-    field :ref_id, String
-    field :ref_url, String
-    field :has_errata, Boolean
-    field :definition_id, String
-    has_many :hosts, Types::Host
-
-    def self.graphql_definition
-      super.tap { |type| type.instance_variable_set(:@name, 'ForemanOpenscap::Cve') }
-    end
-  end
-end

data/app/graphql/types/oval_check.rb

@@ -1,11 +0,0 @@
-module Types
-  class OvalCheck < GraphQL::Schema::Object
-    description 'A check that contains information about whether a particual prerequisite for OVAL policy deployment is configured correctly'
-
-    field :id, String, null: false
-    field :title, String, null: false
-    field :fail_msg, String, null: true
-    field :errors, ::Types::RawJson, null: true
-    field :result, String, null: false
-  end
-end

data/app/graphql/types/oval_content.rb

@@ -1,19 +0,0 @@
-module Types
-  class OvalContent < BaseObject
-    description 'An OVAL Content'
-    model_class ::ForemanOpenscap::OvalContent
-
-    include ::Types::Concerns::MetaField
-
-    global_id_field :id
-    timestamps
-    field :name, String
-    field :digest, String
-    field :original_filename, String
-    field :url, String
-
-    def self.graphql_definition
-      super.tap { |type| type.instance_variable_set(:@name, 'ForemanOpenscap::OvalContent') }
-    end
-  end
-end

data/app/graphql/types/oval_policy.rb

@@ -1,24 +0,0 @@
-module Types
-  class OvalPolicy < BaseObject
-    description 'An OVAL Policy'
-    model_class ::ForemanOpenscap::OvalPolicy
-
-    include ::Types::Concerns::MetaField
-
-    global_id_field :id
-    timestamps
-    field :name, String
-    field :description, String
-    field :period, String
-    field :weekday, String
-    field :day_of_month, String
-    field :cron_line, String
-    belongs_to :oval_content, ::Types::OvalContent
-
-    has_many :hostgroups, ::Types::Hostgroup
-
-    def self.graphql_definition
-      super.tap { |type| type.instance_variable_set(:@name, 'ForemanOpenscap::OvalPolicy') }
-    end
-  end
-end

data/app/models/concerns/foreman_openscap/oval_facet_host_extensions.rb

@@ -1,38 +0,0 @@
-module ForemanOpenscap
-  module OvalFacetHostExtensions
-    extend ActiveSupport::Concern
-
-    ::Host::Managed::Jail.allow :oval_policies_enc, :oval_policies_enc_raw, :cves, :cves_without_errata
-
-    included do
-      has_many :oval_policies, :through => :oval_facet, :class_name => 'ForemanOpenscap::OvalPolicy'
-
-      has_many :host_cves, :class_name => 'ForemanOpenscap::HostCve', :foreign_key => :host_id
-      has_many :cves, :through => :host_cves, :class_name => 'ForemanOpenscap::Cve', :source => :cve
-
-      scoped_search :relation => :host_cves, :on => :cve_id, :rename => :cve_id, :complete_value => false
-    end
-
-    def cves_without_errata
-      cves.where(:has_errata => false)
-    end
-
-    def cves_with_errata
-      cves.where(:has_errata => true)
-    end
-
-    def combined_oval_policies
-      combined = oval_policies
-      combined += hostgroup.oval_policies + hostgroup.inherited_oval_policies if hostgroup
-      combined.uniq
-    end
-
-    def oval_policies_enc_raw
-      combined_oval_policies.map(&:to_enc)
-    end
-
-    def oval_policies_enc
-      oval_policies_enc_raw.to_json
-    end
-  end
-end

data/app/models/concerns/foreman_openscap/oval_facet_hostgroup_extensions.rb

@@ -1,31 +0,0 @@
-module ForemanOpenscap
-  module OvalFacetHostgroupExtensions
-    extend ActiveSupport::Concern
-
-    include InheritedPolicies
-
-    included do
-      has_many :oval_policies, :through => :oval_facet, :class_name => 'ForemanOpenscap::OvalPolicy'
-
-      scoped_search :relation => :oval_policies,
-                    :on => :id,
-                    :rename => :oval_policy_id,
-                    :complete_value => false,
-                    :only_explicit => true,
-                    :ext_method => :find_by_oval_policy_id,
-                    :operators => ['= ']
-    end
-
-    def inherited_oval_policies
-      find_inherited_policies :oval_policies
-    end
-
-    module ClassMethods
-      def find_by_oval_policy_id(_key, operator, value)
-        conditions = sanitize_sql_for_conditions(["#{::ForemanOpenscap::HostgroupOvalFacetOvalPolicy.table_name}.oval_policy_id #{operator} ?", value])
-        hg_ids = ::ForemanOpenscap::Hostgroup::OvalFacet.joins(:hostgroup_oval_facet_oval_policies).where(conditions).pluck(:hostgroup_id)
-        { :conditions => ::Hostgroup.arel_table[:id].in(hg_ids).to_sql }
-      end
-    end
-  end
-end

data/app/models/foreman_openscap/cve.rb

@@ -1,23 +0,0 @@
-module ForemanOpenscap
-  class Cve < ApplicationRecord
-    has_many :host_cves
-    has_many :hosts, :through => :host_cves
-    has_many :oval_policies, :through => :host_cves
-
-    scoped_search :relation => :host_cves, :on => :oval_policy_id, :rename => :oval_policy_id, :complete_value => false
-
-    scope :of_oval_policy, ->(policy_id) {
-      joins(:host_cves).where(:foreman_openscap_host_cves => { :oval_policy_id => policy_id })
-    }
-
-    scope :of_host, ->(host_id) {
-      joins(:host_cves).where(:foreman_openscap_host_cves => { :host_id => host_id })
-    }
-
-    validates :ref_id, :ref_url, :definition_id, :presence => true
-
-    class Jail < ::Safemode::Jail
-      allow :ref_id, :ref_url
-    end
-  end
-end

data/app/models/foreman_openscap/host/oval_facet.rb

@@ -1,14 +0,0 @@
-module ForemanOpenscap
-  module Host
-    class OvalFacet < ApplicationRecord
-      self.table_name = 'foreman_openscap_oval_facets'
-
-      include Facets::Base
-
-      validates :host, :presence => true, :allow_blank => false
-
-      has_many :oval_facet_oval_policies, :dependent => :destroy, :class_name => 'ForemanOpenscap::OvalFacetOvalPolicy'
-      has_many :oval_policies, :through => :oval_facet_oval_policies, :class_name => 'ForemanOpenscap::OvalPolicy'
-    end
-  end
-end

data/app/models/foreman_openscap/host_cve.rb

@@ -1,7 +0,0 @@
-module ForemanOpenscap
-  class HostCve < ApplicationRecord
-    belongs_to_host
-    belongs_to :cve
-    belongs_to :oval_policy
-  end
-end

data/app/models/foreman_openscap/hostgroup/oval_facet.rb

@@ -1,14 +0,0 @@
-module ForemanOpenscap
-  module Hostgroup
-    class OvalFacet < ApplicationRecord
-      self.table_name = 'foreman_openscap_hostgroup_oval_facets'
-
-      include Facets::HostgroupFacet
-
-      validates :hostgroup, :presence => true, :allow_blank => false
-
-      has_many :hostgroup_oval_facet_oval_policies, :dependent => :destroy, :class_name => 'ForemanOpenscap::HostgroupOvalFacetOvalPolicy'
-      has_many :oval_policies, :through => :hostgroup_oval_facet_oval_policies, :class_name => 'ForemanOpenscap::OvalPolicy'
-    end
-  end
-end

data/app/models/foreman_openscap/hostgroup_oval_facet_oval_policy.rb

@@ -1,6 +0,0 @@
-module ForemanOpenscap
-  class HostgroupOvalFacetOvalPolicy < ApplicationRecord
-    belongs_to :oval_policy
-    belongs_to :oval_facet, :class_name => 'ForemanOpenscap::Hostgroup::OvalFacet'
-  end
-end

data/app/models/foreman_openscap/oval_content.rb

@@ -1,28 +0,0 @@
-module ForemanOpenscap
-  class OvalContent < ApplicationRecord
-    audited :except => [:scap_file]
-    include Authorizable
-    include Taxonomix
-    include ScapFileContent
-
-    before_destroy EnsureNotUsedBy.new(:oval_policies)
-
-    scoped_search :on => :name, :complete_value => true
-
-    has_many :oval_policies
-    validates :name, :presence => true, :length => { :maximum => 255 }, uniqueness: true
-    validates :url, :format => { :with => %r{\Ahttps?://} }, :allow_blank => true
-
-    before_validation :fetch_remote_content, :if => lambda { |oval_content| oval_content.url.present? }
-
-    def to_h
-      { :id => id, :name => name, :original_filename => original_filename, :changed_at => changed_at }
-    end
-
-    private
-
-    def fetch_remote_content
-      ForemanOpenscap::Oval::SyncOvalContents.new.sync self
-    end
-  end
-end

data/app/models/foreman_openscap/oval_facet_oval_policy.rb

@@ -1,6 +0,0 @@
-module ForemanOpenscap
-  class OvalFacetOvalPolicy < ApplicationRecord
-    belongs_to :oval_policy
-    belongs_to :oval_facet, :class_name => 'ForemanOpenscap::Host::OvalFacet'
-  end
-end

data/app/models/foreman_openscap/oval_policy.rb

@@ -1,54 +0,0 @@
-module ForemanOpenscap
-  class OvalPolicy < ApplicationRecord
-    graphql_type '::Types::OvalPolicy'
-
-    audited
-    include Authorizable
-    include Taxonomix
-
-    include PolicyCommon
-
-    belongs_to :oval_content
-
-    validates :name, :presence => true, :uniqueness => true, :length => { :maximum => 255 }
-    validates :period, :inclusion => { :in => %w[weekly monthly custom], :message => _('is not a valid value') }
-    validate :valid_cron_line, :valid_weekday, :valid_day_of_month
-    validates :oval_content, :presence => true
-
-    has_many :oval_facet_oval_policies, :class_name => 'ForemanOpenscap::OvalFacetOvalPolicy'
-    has_many :oval_facets, :through => :oval_facet_oval_policies, :class_name => 'ForemanOpenscap::Host::OvalFacet'
-    has_many :hosts, :through => :oval_facets
-
-    has_many :hostgroup_oval_facet_oval_policies, :class_name => 'ForemanOpenscap::HostgroupOvalFacetOvalPolicy'
-    has_many :hostgroup_oval_facets, :through => :hostgroup_oval_facet_oval_policies, :class_name => 'ForemanOpenscap::Hostgroup::OvalFacet', :source => :oval_facet
-    has_many :hostgroups, :through => :hostgroup_oval_facets
-
-    has_many :host_cves
-    has_many :cves, :through => :host_cves
-
-    def host_ids=(host_ids)
-      self.oval_facets = facets_to_assign(host_ids, :host_id, ForemanOpenscap::Host::OvalFacet)
-    end
-
-    def hostgroup_ids=(hostgroup_ids)
-      self.hostgroup_oval_facets = facets_to_assign(hostgroup_ids, :hostgroup_id, ForemanOpenscap::Hostgroup::OvalFacet)
-    end
-
-    def to_enc
-      {
-        :id => id,
-        :oval_content_path => "/var/lib/openscap/oval_content/#{oval_content.digest}.oval.xml.bz2",
-        :download_path => "/compliance/oval_policies/#{id}/oval_content/#{oval_content.digest}"
-      }.merge(period_enc).with_indifferent_access
-    end
-
-    private
-
-    def facets_to_assign(ids, key, facet_class)
-      filtered_ids = ids.uniq.reject { |id| respond_to?(:empty) && id.empty? }
-      existing_facets = facet_class.where(key => filtered_ids)
-      new_facets = (filtered_ids - existing_facets.pluck(key)).map { |id| facet_class.new(key => id) }
-      existing_facets + new_facets
-    end
-  end
-end