RubyGems - foreman_openscap - Versions diffs - 8.0.2 → 9.0.0 - Mend

foreman_openscap 8.0.2 → 9.0.0

Files changed (158) hide show

data/app/models/foreman_openscap/oval_status.rb DELETED Viewed

@@ -1,45 +0,0 @@
-module ForemanOpenscap
-  class OvalStatus < ::HostStatus::Status
-    PATCHED = 0
-    VULNERABLE = 1
-    PATCH_AVAILABLE = 2
-    def self.status_name
-      N_('OVAL scan')
-    end
-    def to_label(options = {})
-      case to_status
-      when PATCHED
-        N_('No Vulnerabilities found')
-      when VULNERABLE
-        N_("%s vulnerabilities found") % host.cves_without_errata.count
-      when PATCH_AVAILABLE
-        N_("%s vulnerabilities with available patch found") % host.cves_with_errata.count
-      else
-        N_('Unknown OVAL status')
-      end
-    end
-    def to_global(options = {})
-      case to_status
-      when PATCHED
-        ::HostStatus::Global::OK
-      when VULNERABLE
-        ::HostStatus::Global::WARN
-      when PATCH_AVAILABLE
-        ::HostStatus::Global::ERROR
-      end
-    end
-    def relevant?(options = {})
-      host.combined_oval_policies.any?
-    end
-    def to_status(options = {})
-      return PATCH_AVAILABLE if host.cves_with_errata.any?
-      return VULNERABLE if host.cves_without_errata.any?
-      PATCHED
-    end
-  end
-end

data/app/services/foreman_openscap/oval/check_collection.rb DELETED Viewed

@@ -1,45 +0,0 @@
-module ForemanOpenscap
-  module Oval
-    class CheckCollection
-      attr_reader :checks
-      def initialize(initial_check_attrs = [])
-        @checks = initial_check_attrs.map { |hash| SetupCheck.new hash }
-      end
-      def all_passed?
-        @checks.all?(&:passed?)
-      end
-      def find_check(check_id)
-        @checks.find { |item| item.id == check_id }
-      end
-      def find_failed
-        @checks.select(&:failed?)
-      end
-      def fail_check(check_id, error_data = nil)
-        find_check(check_id).fail_with! error_data
-      end
-      def pass_check(check_id)
-        find_check(check_id).pass!
-      end
-      def add_check(check)
-        @checks << check
-        self
-      end
-      def merge(other)
-        @checks = @checks.concat other.checks
-        self
-      end
-      def to_h
-        @checks.map(&:to_h)
-      end
-    end
-  end
-end

data/app/services/foreman_openscap/oval/configure.rb DELETED Viewed

@@ -1,83 +0,0 @@
-module ForemanOpenscap
-  module Oval
-    class Configure
-      include ::ForemanOpenscap::HostgroupOverriderCommon
-      def initialize
-        @config = ForemanOpenscap::ClientConfig::Ansible.new(::ForemanOpenscap::OvalPolicy)
-      end
-      def assign(oval_policy, ids, model_class)
-        check_collection = ::ForemanOpenscap::Oval::Setup.new.run
-        return check_collection unless check_collection.all_passed?
-        ansible_role = @config.find_config_item
-        if model_class == ::Hostgroup
-          roles_method = :inherited_and_own_ansible_roles
-          ids_setter = :hostgroup_ids=
-          check_id = :hostgroups_without_proxy
-        elsif model_class == ::Host::Managed
-          roles_method = :all_ansible_roles
-          ids_setter = :host_ids=
-          check_id = :hosts_without_proxy
-        else
-          raise "Unexpected model_class, expected ::Hostgroup or ::Host::Managed, got: #{model_class}"
-        end
-        items_with_proxy, items_without_proxy = openscap_proxy_associated(ids, model_class)
-        if items_without_proxy.any?
-          return without_proxy_to_check items_without_proxy, check_id
-        end
-        oval_policy.send(ids_setter, items_with_proxy.pluck(:id))
-        unless oval_policy.save
-          return check_collection.add_check model_to_check(oval_policy, :oval_policy_errors)
-        end
-        check_collection.merge modify_items(items_with_proxy, oval_policy, ansible_role, roles_method)
-      end
-      private
-      def openscap_proxy_associated(ids, model_class)
-        model_class.where(:id => ids).partition(&:openscap_proxy)
-      end
-      def modify_items(items, oval_policy, ansible_role, roles_method)
-        items.reduce(CheckCollection.new) do |memo, item|
-          role_ids = item.ansible_role_ids + [ansible_role.id]
-          item.ansible_role_ids = role_ids unless item.send(roles_method).include? ansible_role
-          item.save if item.changed?
-          memo.add_check model_to_check(item, item.is_a?(::Hostgroup) ? 'hostgroup' : 'host')
-          add_overrides ansible_role.ansible_variables, item, @config
-          memo
-        end
-      end
-      def without_proxy_to_check(items, check_id)
-        items.reduce(CheckCollection.new) do |memo, item|
-          memo.add_check(
-            SetupCheck.new(
-              :title => (_("Was %s configured successfully?") % item.class.name),
-              :fail_msg => (_("Assign openscap_proxy to %s before proceeding.") % item.name),
-              :id => check_id
-            ).fail!
-          )
-        end
-      end
-      def model_to_check(model, check_id)
-        check = SetupCheck.new(
-          :title => (_("Was %{model_name} %{name} configured successfully?") % { :model_name => model.class.name, :name => model.name }),
-          :errors => model.errors.to_h,
-          :id => check_id
-        )
-        model.errors.any? ? check.fail! : check.pass!
-      end
-    end
-  end
-end

data/app/services/foreman_openscap/oval/cves.rb DELETED Viewed

@@ -1,41 +0,0 @@
-module ForemanOpenscap
-  module Oval
-    class Cves
-      def create(host, cve_data)
-        policy_id = cve_data['oval_policy_id']
-        incoming_cves = cve_data['oval_results'].reduce([]) do |memo, data|
-          next memo unless data['result'] == 'true'
-          cves, errata = data['references'].partition { |ref| ref['ref_id'].start_with?('CVE') }
-          cves.map do |cve|
-            memo << ::ForemanOpenscap::Cve.find_or_create_by(
-              :ref_id => cve['ref_id'],
-              :ref_url => cve['ref_url'],
-              :has_errata => !errata.empty?,
-              :definition_id => data['definition_id']
-            )
-          end
-          memo
-        end
-        current = ForemanOpenscap::Cve.of_oval_policy(policy_id).of_host(host.id)
-        to_delete = current - incoming_cves
-        to_create = incoming_cves - current
-        ::ForemanOpenscap::HostCve.where(:host_id => host.id, :oval_policy_id => policy_id, :cve_id => to_delete.pluck(:id)).destroy_all
-        host.host_cves.build(to_create.map { |cve| { :host_id => host.id, :oval_policy_id => policy_id, :cve_id => cve.id } })
-        delete_orphaned_cves to_delete.pluck(:id) if host.save
-        host
-      end
-      private
-      def delete_orphaned_cves(ids)
-        associated_ids = ::ForemanOpenscap::HostCve.where(:cve_id => ids).select(:cve_id).distinct.pluck(:cve_id)
-        ::ForemanOpenscap::Cve.where(:id => ids - associated_ids).destroy_all
-      end
-    end
-  end
-end

data/app/services/foreman_openscap/oval/setup.rb DELETED Viewed

@@ -1,93 +0,0 @@
-module ForemanOpenscap
-  module Oval
-    class Setup
-      include ::ForemanOpenscap::LookupKeyOverridesCommon
-      def initialize
-        @config = ForemanOpenscap::ClientConfig::Ansible.new(::ForemanOpenscap::OvalPolicy)
-        @check_collection = CheckCollection.new initial_check_attrs
-      end
-      def run
-        override @config
-        @check_collection
-      end
-      def handle_config_not_available(config)
-        return @check_collection.pass_check :foreman_ansible_present if config.available?
-        fail_check :foreman_ansible_present
-      end
-      def handle_config_item_not_available(config, item)
-        return @check_collection.pass_check :foreman_scap_client_role_present if item
-        fail_check :foreman_scap_client_role_present
-      end
-      def handle_missing_lookup_keys(config, key_names)
-        return @check_collection.pass_check :foreman_scap_client_vars_present if key_names.empty?
-        fail_check :foreman_scap_client_vars_present, :missing_vars => key_names
-      end
-      def handle_server_param_override(config, param)
-        handle_param_override :foreman_scap_client_server_overriden, config, param
-      end
-      def handle_port_param_override(config, param)
-        handle_param_override :foreman_scap_client_port_overriden, config, param
-      end
-      def handle_policies_param_override(config, param)
-        handle_param_override :foreman_scap_client_policies_overriden, config, param
-      end
-      def handle_param_override(check_id, config, param)
-        return fail_check check_id if param.changed? && !param.save
-        @check_collection.pass_check check_id
-      end
-      def fail_check(check_id, error_data = nil)
-        @check_collection.fail_check(check_id, error_data)
-        false
-      end
-      private
-      def initial_check_attrs
-        override_msg = _("Could not update Ansible Variables with override: true")
-        [
-          {
-            :id => :foreman_ansible_present,
-            :title => _("Is foreman_ansible present?"),
-            :fail_msg => _("foreman_ansible plugin not found, please install it before running this action again.")
-          },
-          {
-            :id => :foreman_scap_client_role_present,
-            :title => _("Is theforeman.foreman_scap_client present?"),
-            :fail_msg => @config.ansible_role_missing_msg
-          },
-          {
-            :id => :foreman_scap_client_vars_present,
-            :title => _("Are required variables for theforeman.foreman_scap_client present?"),
-            :fail_msg => ->(hash) { _("The following Ansible Variables were not found: %{missing_vars}, please import them before running this action again.") % hash }
-          },
-          {
-            :id => :foreman_scap_client_server_overriden,
-            :title => _("Is %s param set to be overriden?") % @config.server_param,
-            :fail_msg => override_msg
-          },
-          {
-            :id => :foreman_scap_client_port_overriden,
-            :title => _("Is %s param set to be overriden?") % @config.port_param,
-            :fail_msg => override_msg
-          },
-          {
-            :id => :foreman_scap_client_policies_overriden,
-            :title => _("Is %s param set to be overriden?") % @config.policies_param,
-            :fail_msg => override_msg
-          }
-        ]
-      end
-    end
-  end
-end

data/app/services/foreman_openscap/oval/setup_check.rb DELETED Viewed

@@ -1,58 +0,0 @@
-module ForemanOpenscap
-  module Oval
-    class SetupCheck
-      attr_reader :result, :id, :title, :errors
-      def initialize(hash)
-        @id = hash[:id]
-        @title = hash[:title]
-        @fail_msg = hash[:fail_msg]
-        @errors = hash[:errors]
-        @result = :skip
-      end
-      def fail_with!(fail_data)
-        @fail_msg_data = fail_data
-        fail!
-      end
-      def fail!
-        raise 'Cannot fail a check that expects fail message data, use fail_with! method instead' if @fail_msg.respond_to?(:call) && @fail_msg_data.empty?
-        @result = :fail
-        self
-      end
-      def pass!
-        @result = :pass
-        self
-      end
-      def failed?
-        @result == :fail
-      end
-      def passed?
-        @result == :pass
-      end
-      def skipped?
-        @result == :skip
-      end
-      def fail_msg
-        return unless failed?
-        return @fail_msg.call(@fail_msg_data) if @fail_msg.respond_to?(:call) && @fail_msg_data
-        @fail_msg
-      end
-      def to_h
-        {
-          :title => @title,
-          :result => @result,
-          :fail_message => failed? ? fail_msg : nil,
-          :errors => @errors
-        }
-      end
-    end
-  end
-end

data/app/services/foreman_openscap/oval/sync_oval_contents.rb DELETED Viewed

@@ -1,42 +0,0 @@
-module ForemanOpenscap
-  module Oval
-    class SyncOvalContents
-      def sync(oval_content)
-        begin
-          content_blob = fetch_content_blob(oval_content.url)
-        rescue StandardError => e
-          oval_content.errors.add(:base, "#{fail_msg oval_content}, " + _("cause: ") + e.message)
-          return oval_content
-        end
-        unless content_blob
-          oval_content.errors.add(:base, fail_msg(oval_content))
-          return oval_content
-        end
-        oval_content.scap_file = content_blob
-        oval_content
-      end
-      def sync_all
-        to_sync = ForemanOpenscap::OvalContent.where.not(:url => nil)
-        to_sync.map { |content| content.tap { |item| sync(item).save } }
-      end
-      private
-      def fail_msg(content)
-        _("Failed to fetch content file from %s") % content.url
-      end
-      def fetch_content_blob(url)
-        response = fetch url
-        return unless response.code == 200
-        response.body
-      end
-      def fetch(url)
-        RestClient.get(url)
-      end
-    end
-  end
-end

data/app/views/api/v2/compliance/oval_contents/base.json.rabl DELETED Viewed

@@ -1,6 +0,0 @@
-object @oval_content
-extends "api/v2/compliance/common/org"
-extends "api/v2/compliance/common/loc"
-attributes :id, :name, :original_filename, :digest, :created_at, :updated_at, :url

data/app/views/api/v2/compliance/oval_contents/create.json.rabl DELETED Viewed

@@ -1,3 +0,0 @@
-object @oval_content
-extends "api/v2/compliance/oval_contents/base"

data/app/views/api/v2/compliance/oval_contents/destroy.json.rabl DELETED Viewed

@@ -1,3 +0,0 @@
-object @oval_content
-extends "api/v2/compliance/oval_contents/base"

data/app/views/api/v2/compliance/oval_contents/index.json.rabl DELETED Viewed

@@ -1,3 +0,0 @@
-collection @oval_contents
-extends "api/v2/compliance/oval_contents/base"

data/app/views/api/v2/compliance/oval_contents/show.json.rabl DELETED Viewed

@@ -1,3 +0,0 @@
-object @oval_content
-extends "api/v2/compliance/oval_contents/base"

data/app/views/api/v2/compliance/oval_contents/sync.json.rabl DELETED Viewed

@@ -1,3 +0,0 @@
-collection @oval_contents
-extends "api/v2/compliance/oval_contents/sync_result"

data/app/views/api/v2/compliance/oval_contents/sync_result.json.rabl DELETED Viewed

@@ -1,11 +0,0 @@
-object @oval_content
-attributes :id, :name
-node(:errors) do |content|
-  content.errors.to_hash
-end
-node(:full_messages) do |content|
-  content.errors.full_messages
-end

data/app/views/api/v2/compliance/oval_contents/update.json.rabl DELETED Viewed

@@ -1,3 +0,0 @@
-object @oval_content
-extends "api/v2/compliance/oval_contents/base"

data/app/views/api/v2/compliance/oval_policies/create.json.rabl DELETED Viewed

@@ -1,3 +0,0 @@
-object @oval_policy
-extends "api/v2/compliance/oval_policies/main"

data/app/views/api/v2/compliance/oval_policies/index.json.rabl DELETED Viewed

@@ -1,3 +0,0 @@
-collection @oval_policies
-extends "api/v2/compliance/oval_policies/main"

data/app/views/api/v2/compliance/oval_policies/main.json.rabl DELETED Viewed

@@ -1,15 +0,0 @@
-object @oval_policy
-extends "api/v2/compliance/common/org"
-extends "api/v2/compliance/common/loc"
-extends "api/v2/compliance/policies_common/attrs"
-attributes :created_at, :updated_at, :oval_content_id
-child :hosts => :hosts do |host|
-  attributes :id, :name
-end
-child :hostgroups => :hostgroups do |hg|
-  attributes :id, :name
-end

data/app/views/api/v2/compliance/oval_policies/show.json.rabl DELETED Viewed

@@ -1,3 +0,0 @@
-object @oval_policy
-extends "api/v2/compliance/oval_policies/main"

data/app/views/job_templates/run_oval_scans.erb DELETED Viewed

@@ -1,24 +0,0 @@
-<%#
-name: Run OVAL scans
-job_category: OpenSCAP
-description_format: Run scan for specified OVAL Policies
-feature: foreman_openscap_run_oval_scans
-provider_type: SSH
-snippet: false
-provider_type: SSH
-kind: job_template
-template_inputs:
-- name: oval_policies
-  description: Comma separated OVAL Policy Ids to run
-  input_type: user
-  advanced: true
--%>
-<% unless input('oval_policies').blank? -%>
-  <% input('oval_policies').split(',').map do |id| -%>
-    /usr/bin/foreman_scap_client oval <%= id %>
-  <% end -%>
-<% else -%>
-  <% @host.oval_policies_enc_raw.map do |policy| -%>
-    /usr/bin/foreman_scap_client oval <%= policy['id'] %>
-  <% end -%>
-<% end -%>