RubyGems - foreman_openscap - Versions diffs - 8.0.2 → 9.0.0 - Mend

foreman_openscap 8.0.2 → 9.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (158) hide show

data/app/models/foreman_openscap/oval_status.rb DELETED Viewed

@@ -1,45 +0,0 @@
-module ForemanOpenscap
-  class OvalStatus < ::HostStatus::Status
-    PATCHED = 0
-    VULNERABLE = 1
-    PATCH_AVAILABLE = 2
-    def self.status_name
-      N_('OVAL scan')
-    end
-    def to_label(options = {})
-      case to_status
-      when PATCHED
-        N_('No Vulnerabilities found')
-      when VULNERABLE
-        N_("%s vulnerabilities found") % host.cves_without_errata.count
-      when PATCH_AVAILABLE
-        N_("%s vulnerabilities with available patch found") % host.cves_with_errata.count
-      else
-        N_('Unknown OVAL status')
-      end
-    end
-    def to_global(options = {})
-      case to_status
-      when PATCHED
-        ::HostStatus::Global::OK
-      when VULNERABLE
-        ::HostStatus::Global::WARN
-      when PATCH_AVAILABLE
-        ::HostStatus::Global::ERROR
-      end
-    end
-    def relevant?(options = {})
-      host.combined_oval_policies.any?
-    end
-    def to_status(options = {})
-      return PATCH_AVAILABLE if host.cves_with_errata.any?
-      return VULNERABLE if host.cves_without_errata.any?
-      PATCHED
-    end
-  end
-end

data/app/services/foreman_openscap/oval/check_collection.rb DELETED Viewed

@@ -1,45 +0,0 @@
-module ForemanOpenscap
-  module Oval
-    class CheckCollection
-      attr_reader :checks
-      def initialize(initial_check_attrs = [])
-        @checks = initial_check_attrs.map { |hash| SetupCheck.new hash }
-      end
-      def all_passed?
-        @checks.all?(&:passed?)
-      end
-      def find_check(check_id)
-        @checks.find { |item| item.id == check_id }
-      end
-      def find_failed
-        @checks.select(&:failed?)
-      end
-      def fail_check(check_id, error_data = nil)
-        find_check(check_id).fail_with! error_data
-      end
-      def pass_check(check_id)
-        find_check(check_id).pass!
-      end
-      def add_check(check)
-        @checks << check
-        self
-      end
-      def merge(other)
-        @checks = @checks.concat other.checks
-        self
-      end
-      def to_h
-        @checks.map(&:to_h)
-      end
-    end
-  end
-end

data/app/services/foreman_openscap/oval/configure.rb DELETED Viewed

@@ -1,83 +0,0 @@
-module ForemanOpenscap
-  module Oval
-    class Configure
-      include ::ForemanOpenscap::HostgroupOverriderCommon
-      def initialize
-        @config = ForemanOpenscap::ClientConfig::Ansible.new(::ForemanOpenscap::OvalPolicy)
-      end
-      def assign(oval_policy, ids, model_class)
-        check_collection = ::ForemanOpenscap::Oval::Setup.new.run
-        return check_collection unless check_collection.all_passed?
-        ansible_role = @config.find_config_item
-        if model_class == ::Hostgroup
-          roles_method = :inherited_and_own_ansible_roles
-          ids_setter = :hostgroup_ids=
-          check_id = :hostgroups_without_proxy
-        elsif model_class == ::Host::Managed
-          roles_method = :all_ansible_roles
-          ids_setter = :host_ids=
-          check_id = :hosts_without_proxy
-        else
-          raise "Unexpected model_class, expected ::Hostgroup or ::Host::Managed, got: #{model_class}"
-        end
-        items_with_proxy, items_without_proxy = openscap_proxy_associated(ids, model_class)
-        if items_without_proxy.any?
-          return without_proxy_to_check items_without_proxy, check_id
-        end
-        oval_policy.send(ids_setter, items_with_proxy.pluck(:id))
-        unless oval_policy.save
-          return check_collection.add_check model_to_check(oval_policy, :oval_policy_errors)
-        end
-        check_collection.merge modify_items(items_with_proxy, oval_policy, ansible_role, roles_method)
-      end
-      private
-      def openscap_proxy_associated(ids, model_class)
-        model_class.where(:id => ids).partition(&:openscap_proxy)
-      end
-      def modify_items(items, oval_policy, ansible_role, roles_method)
-        items.reduce(CheckCollection.new) do |memo, item|
-          role_ids = item.ansible_role_ids + [ansible_role.id]
-          item.ansible_role_ids = role_ids unless item.send(roles_method).include? ansible_role
-          item.save if item.changed?
-          memo.add_check model_to_check(item, item.is_a?(::Hostgroup) ? 'hostgroup' : 'host')
-          add_overrides ansible_role.ansible_variables, item, @config
-          memo
-        end
-      end
-      def without_proxy_to_check(items, check_id)
-        items.reduce(CheckCollection.new) do |memo, item|
-          memo.add_check(
-            SetupCheck.new(
-              :title => (_("Was %s configured successfully?") % item.class.name),
-              :fail_msg => (_("Assign openscap_proxy to %s before proceeding.") % item.name),
-              :id => check_id
-            ).fail!
-          )
-        end
-      end
-      def model_to_check(model, check_id)
-        check = SetupCheck.new(
-          :title => (_("Was %{model_name} %{name} configured successfully?") % { :model_name => model.class.name, :name => model.name }),
-          :errors => model.errors.to_h,
-          :id => check_id
-        )
-        model.errors.any? ? check.fail! : check.pass!
-      end
-    end
-  end
-end

data/app/services/foreman_openscap/oval/cves.rb DELETED Viewed

@@ -1,41 +0,0 @@
-module ForemanOpenscap
-  module Oval
-    class Cves
-      def create(host, cve_data)
-        policy_id = cve_data['oval_policy_id']
-        incoming_cves = cve_data['oval_results'].reduce([]) do |memo, data|
-          next memo unless data['result'] == 'true'
-          cves, errata = data['references'].partition { |ref| ref['ref_id'].start_with?('CVE') }
-          cves.map do |cve|
-            memo << ::ForemanOpenscap::Cve.find_or_create_by(
-              :ref_id => cve['ref_id'],
-              :ref_url => cve['ref_url'],
-              :has_errata => !errata.empty?,
-              :definition_id => data['definition_id']
-            )
-          end
-          memo
-        end
-        current = ForemanOpenscap::Cve.of_oval_policy(policy_id).of_host(host.id)
-        to_delete = current - incoming_cves
-        to_create = incoming_cves - current
-        ::ForemanOpenscap::HostCve.where(:host_id => host.id, :oval_policy_id => policy_id, :cve_id => to_delete.pluck(:id)).destroy_all
-        host.host_cves.build(to_create.map { |cve| { :host_id => host.id, :oval_policy_id => policy_id, :cve_id => cve.id } })
-        delete_orphaned_cves to_delete.pluck(:id) if host.save
-        host
-      end
-      private
-      def delete_orphaned_cves(ids)
-        associated_ids = ::ForemanOpenscap::HostCve.where(:cve_id => ids).select(:cve_id).distinct.pluck(:cve_id)
-        ::ForemanOpenscap::Cve.where(:id => ids - associated_ids).destroy_all
-      end
-    end
-  end
-end

data/app/services/foreman_openscap/oval/setup.rb DELETED Viewed

@@ -1,93 +0,0 @@
-module ForemanOpenscap
-  module Oval
-    class Setup
-      include ::ForemanOpenscap::LookupKeyOverridesCommon
-      def initialize
-        @config = ForemanOpenscap::ClientConfig::Ansible.new(::ForemanOpenscap::OvalPolicy)
-        @check_collection = CheckCollection.new initial_check_attrs
-      end
-      def run
-        override @config
-        @check_collection
-      end
-      def handle_config_not_available(config)
-        return @check_collection.pass_check :foreman_ansible_present if config.available?
-        fail_check :foreman_ansible_present
-      end
-      def handle_config_item_not_available(config, item)
-        return @check_collection.pass_check :foreman_scap_client_role_present if item
-        fail_check :foreman_scap_client_role_present
-      end
-      def handle_missing_lookup_keys(config, key_names)
-        return @check_collection.pass_check :foreman_scap_client_vars_present if key_names.empty?
-        fail_check :foreman_scap_client_vars_present, :missing_vars => key_names
-      end
-      def handle_server_param_override(config, param)
-        handle_param_override :foreman_scap_client_server_overriden, config, param
-      end
-      def handle_port_param_override(config, param)
-        handle_param_override :foreman_scap_client_port_overriden, config, param
-      end
-      def handle_policies_param_override(config, param)
-        handle_param_override :foreman_scap_client_policies_overriden, config, param
-      end
-      def handle_param_override(check_id, config, param)
-        return fail_check check_id if param.changed? && !param.save
-        @check_collection.pass_check check_id
-      end
-      def fail_check(check_id, error_data = nil)
-        @check_collection.fail_check(check_id, error_data)
-        false
-      end
-      private
-      def initial_check_attrs
-        override_msg = _("Could not update Ansible Variables with override: true")
-        [
-          {
-            :id => :foreman_ansible_present,
-            :title => _("Is foreman_ansible present?"),
-            :fail_msg => _("foreman_ansible plugin not found, please install it before running this action again.")
-          },
-          {
-            :id => :foreman_scap_client_role_present,
-            :title => _("Is theforeman.foreman_scap_client present?"),
-            :fail_msg => @config.ansible_role_missing_msg
-          },
-          {
-            :id => :foreman_scap_client_vars_present,
-            :title => _("Are required variables for theforeman.foreman_scap_client present?"),
-            :fail_msg => ->(hash) { _("The following Ansible Variables were not found: %{missing_vars}, please import them before running this action again.") % hash }
-          },
-          {
-            :id => :foreman_scap_client_server_overriden,
-            :title => _("Is %s param set to be overriden?") % @config.server_param,
-            :fail_msg => override_msg
-          },
-          {
-            :id => :foreman_scap_client_port_overriden,
-            :title => _("Is %s param set to be overriden?") % @config.port_param,
-            :fail_msg => override_msg
-          },
-          {
-            :id => :foreman_scap_client_policies_overriden,
-            :title => _("Is %s param set to be overriden?") % @config.policies_param,
-            :fail_msg => override_msg
-          }
-        ]
-      end
-    end
-  end
-end

data/app/services/foreman_openscap/oval/setup_check.rb DELETED Viewed

@@ -1,58 +0,0 @@
-module ForemanOpenscap
-  module Oval
-    class SetupCheck
-      attr_reader :result, :id, :title, :errors
-      def initialize(hash)
-        @id = hash[:id]
-        @title = hash[:title]
-        @fail_msg = hash[:fail_msg]
-        @errors = hash[:errors]
-        @result = :skip
-      end
-      def fail_with!(fail_data)
-        @fail_msg_data = fail_data
-        fail!
-      end
-      def fail!
-        raise 'Cannot fail a check that expects fail message data, use fail_with! method instead' if @fail_msg.respond_to?(:call) && @fail_msg_data.empty?
-        @result = :fail
-        self
-      end
-      def pass!
-        @result = :pass
-        self
-      end
-      def failed?
-        @result == :fail
-      end
-      def passed?
-        @result == :pass
-      end
-      def skipped?
-        @result == :skip
-      end
-      def fail_msg
-        return unless failed?
-        return @fail_msg.call(@fail_msg_data) if @fail_msg.respond_to?(:call) && @fail_msg_data
-        @fail_msg
-      end
-      def to_h
-        {
-          :title => @title,
-          :result => @result,
-          :fail_message => failed? ? fail_msg : nil,
-          :errors => @errors
-        }
-      end
-    end
-  end
-end

data/app/services/foreman_openscap/oval/sync_oval_contents.rb DELETED Viewed

@@ -1,42 +0,0 @@
-module ForemanOpenscap
-  module Oval
-    class SyncOvalContents
-      def sync(oval_content)
-        begin
-          content_blob = fetch_content_blob(oval_content.url)
-        rescue StandardError => e
-          oval_content.errors.add(:base, "#{fail_msg oval_content}, " + _("cause: ") + e.message)
-          return oval_content
-        end
-        unless content_blob
-          oval_content.errors.add(:base, fail_msg(oval_content))
-          return oval_content
-        end
-        oval_content.scap_file = content_blob
-        oval_content
-      end
-      def sync_all
-        to_sync = ForemanOpenscap::OvalContent.where.not(:url => nil)
-        to_sync.map { |content| content.tap { |item| sync(item).save } }
-      end
-      private
-      def fail_msg(content)
-        _("Failed to fetch content file from %s") % content.url
-      end
-      def fetch_content_blob(url)
-        response = fetch url
-        return unless response.code == 200
-        response.body
-      end
-      def fetch(url)
-        RestClient.get(url)
-      end
-    end
-  end
-end

data/app/views/api/v2/compliance/oval_contents/base.json.rabl DELETED Viewed

@@ -1,6 +0,0 @@
-object @oval_content
-extends "api/v2/compliance/common/org"
-extends "api/v2/compliance/common/loc"
-attributes :id, :name, :original_filename, :digest, :created_at, :updated_at, :url

data/app/views/api/v2/compliance/oval_contents/create.json.rabl DELETED Viewed

@@ -1,3 +0,0 @@
-object @oval_content
-extends "api/v2/compliance/oval_contents/base"

data/app/views/api/v2/compliance/oval_contents/destroy.json.rabl DELETED Viewed

@@ -1,3 +0,0 @@
-object @oval_content
-extends "api/v2/compliance/oval_contents/base"

data/app/views/api/v2/compliance/oval_contents/index.json.rabl DELETED Viewed

@@ -1,3 +0,0 @@
-collection @oval_contents
-extends "api/v2/compliance/oval_contents/base"

data/app/views/api/v2/compliance/oval_contents/show.json.rabl DELETED Viewed

@@ -1,3 +0,0 @@
-object @oval_content
-extends "api/v2/compliance/oval_contents/base"

data/app/views/api/v2/compliance/oval_contents/sync.json.rabl DELETED Viewed

@@ -1,3 +0,0 @@
-collection @oval_contents
-extends "api/v2/compliance/oval_contents/sync_result"

data/app/views/api/v2/compliance/oval_contents/sync_result.json.rabl DELETED Viewed

@@ -1,11 +0,0 @@
-object @oval_content
-attributes :id, :name
-node(:errors) do |content|
-  content.errors.to_hash
-end
-node(:full_messages) do |content|
-  content.errors.full_messages
-end

data/app/views/api/v2/compliance/oval_contents/update.json.rabl DELETED Viewed

@@ -1,3 +0,0 @@
-object @oval_content
-extends "api/v2/compliance/oval_contents/base"

data/app/views/api/v2/compliance/oval_policies/create.json.rabl DELETED Viewed

@@ -1,3 +0,0 @@
-object @oval_policy
-extends "api/v2/compliance/oval_policies/main"

data/app/views/api/v2/compliance/oval_policies/index.json.rabl DELETED Viewed

@@ -1,3 +0,0 @@
-collection @oval_policies
-extends "api/v2/compliance/oval_policies/main"

data/app/views/api/v2/compliance/oval_policies/main.json.rabl DELETED Viewed

@@ -1,15 +0,0 @@
-object @oval_policy
-extends "api/v2/compliance/common/org"
-extends "api/v2/compliance/common/loc"
-extends "api/v2/compliance/policies_common/attrs"
-attributes :created_at, :updated_at, :oval_content_id
-child :hosts => :hosts do |host|
-  attributes :id, :name
-end
-child :hostgroups => :hostgroups do |hg|
-  attributes :id, :name
-end

data/app/views/api/v2/compliance/oval_policies/show.json.rabl DELETED Viewed

@@ -1,3 +0,0 @@
-object @oval_policy
-extends "api/v2/compliance/oval_policies/main"

data/app/views/job_templates/run_oval_scans.erb DELETED Viewed

@@ -1,24 +0,0 @@
-<%#
-name: Run OVAL scans
-job_category: OpenSCAP
-description_format: Run scan for specified OVAL Policies
-feature: foreman_openscap_run_oval_scans
-provider_type: SSH
-snippet: false
-provider_type: SSH
-kind: job_template
-template_inputs:
-- name: oval_policies
-  description: Comma separated OVAL Policy Ids to run
-  input_type: user
-  advanced: true
--%>
-<% unless input('oval_policies').blank? -%>
-  <% input('oval_policies').split(',').map do |id| -%>
-    /usr/bin/foreman_scap_client oval <%= id %>
-  <% end -%>
-<% else -%>
-  <% @host.oval_policies_enc_raw.map do |policy| -%>
-    /usr/bin/foreman_scap_client oval <%= policy['id'] %>
-  <% end -%>
-<% end -%>