foreman_openscap 8.0.2 → 9.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +0 -1
- data/app/services/foreman_openscap/client_config/ansible.rb +1 -10
- data/config/initializers/inflections.rb +0 -2
- data/config/routes.rb +0 -15
- data/db/migrate/20240313111822_drop_oval.rb +17 -0
- data/db/migrate/20240617105409_remove_oval_permissions.rb +24 -0
- data/lib/foreman_openscap/engine.rb +2 -56
- data/lib/foreman_openscap/version.rb +1 -1
- data/test/factories/compliance_host_factory.rb +0 -12
- data/test/test_plugin_helper.rb +0 -2
- data/webpack/global_index.js +0 -4
- metadata +8 -168
- data/app/controllers/api/v2/compliance/oval_contents_controller.rb +0 -72
- data/app/controllers/api/v2/compliance/oval_policies_controller.rb +0 -111
- data/app/controllers/api/v2/compliance/oval_reports_controller.rb +0 -47
- data/app/controllers/concerns/foreman/controller/parameters/oval_content.rb +0 -22
- data/app/controllers/concerns/foreman/controller/parameters/oval_policy.rb +0 -22
- data/app/graphql/mutations/oval_contents/delete.rb +0 -9
- data/app/graphql/mutations/oval_policies/create.rb +0 -33
- data/app/graphql/mutations/oval_policies/delete.rb +0 -9
- data/app/graphql/mutations/oval_policies/update.rb +0 -15
- data/app/graphql/types/cve.rb +0 -17
- data/app/graphql/types/oval_check.rb +0 -11
- data/app/graphql/types/oval_content.rb +0 -19
- data/app/graphql/types/oval_policy.rb +0 -24
- data/app/models/concerns/foreman_openscap/oval_facet_host_extensions.rb +0 -38
- data/app/models/concerns/foreman_openscap/oval_facet_hostgroup_extensions.rb +0 -31
- data/app/models/foreman_openscap/cve.rb +0 -23
- data/app/models/foreman_openscap/host/oval_facet.rb +0 -14
- data/app/models/foreman_openscap/host_cve.rb +0 -7
- data/app/models/foreman_openscap/hostgroup/oval_facet.rb +0 -14
- data/app/models/foreman_openscap/hostgroup_oval_facet_oval_policy.rb +0 -6
- data/app/models/foreman_openscap/oval_content.rb +0 -28
- data/app/models/foreman_openscap/oval_facet_oval_policy.rb +0 -6
- data/app/models/foreman_openscap/oval_policy.rb +0 -54
- data/app/models/foreman_openscap/oval_status.rb +0 -45
- data/app/services/foreman_openscap/oval/check_collection.rb +0 -45
- data/app/services/foreman_openscap/oval/configure.rb +0 -83
- data/app/services/foreman_openscap/oval/cves.rb +0 -41
- data/app/services/foreman_openscap/oval/setup.rb +0 -93
- data/app/services/foreman_openscap/oval/setup_check.rb +0 -58
- data/app/services/foreman_openscap/oval/sync_oval_contents.rb +0 -42
- data/app/views/api/v2/compliance/oval_contents/base.json.rabl +0 -6
- data/app/views/api/v2/compliance/oval_contents/create.json.rabl +0 -3
- data/app/views/api/v2/compliance/oval_contents/destroy.json.rabl +0 -3
- data/app/views/api/v2/compliance/oval_contents/index.json.rabl +0 -3
- data/app/views/api/v2/compliance/oval_contents/show.json.rabl +0 -3
- data/app/views/api/v2/compliance/oval_contents/sync.json.rabl +0 -3
- data/app/views/api/v2/compliance/oval_contents/sync_result.json.rabl +0 -11
- data/app/views/api/v2/compliance/oval_contents/update.json.rabl +0 -3
- data/app/views/api/v2/compliance/oval_policies/create.json.rabl +0 -3
- data/app/views/api/v2/compliance/oval_policies/index.json.rabl +0 -3
- data/app/views/api/v2/compliance/oval_policies/main.json.rabl +0 -15
- data/app/views/api/v2/compliance/oval_policies/show.json.rabl +0 -3
- data/app/views/job_templates/run_oval_scans.erb +0 -24
- data/locale/cs_CZ/foreman_openscap.edit.po +0 -1863
- data/locale/cs_CZ/foreman_openscap.po.time_stamp +0 -0
- data/locale/de/foreman_openscap.edit.po +0 -1873
- data/locale/de/foreman_openscap.po.time_stamp +0 -0
- data/locale/en/foreman_openscap.edit.po +0 -1863
- data/locale/en/foreman_openscap.po.time_stamp +0 -0
- data/locale/en_GB/foreman_openscap.edit.po +0 -1863
- data/locale/en_GB/foreman_openscap.po.time_stamp +0 -0
- data/locale/es/foreman_openscap.edit.po +0 -1868
- data/locale/es/foreman_openscap.po.time_stamp +0 -0
- data/locale/fr/foreman_openscap.edit.po +0 -1874
- data/locale/fr/foreman_openscap.po.time_stamp +0 -0
- data/locale/gl/foreman_openscap.edit.po +0 -1863
- data/locale/gl/foreman_openscap.po.time_stamp +0 -0
- data/locale/it/foreman_openscap.edit.po +0 -1865
- data/locale/it/foreman_openscap.po.time_stamp +0 -0
- data/locale/ja/foreman_openscap.edit.po +0 -1869
- data/locale/ja/foreman_openscap.po.time_stamp +0 -0
- data/locale/ka/foreman_openscap.edit.po +0 -1863
- data/locale/ka/foreman_openscap.po.time_stamp +0 -0
- data/locale/ko/foreman_openscap.edit.po +0 -1863
- data/locale/ko/foreman_openscap.po.time_stamp +0 -0
- data/locale/pt_BR/foreman_openscap.edit.po +0 -1873
- data/locale/pt_BR/foreman_openscap.po.time_stamp +0 -0
- data/locale/ru/foreman_openscap.edit.po +0 -1867
- data/locale/ru/foreman_openscap.po.time_stamp +0 -0
- data/locale/sv_SE/foreman_openscap.edit.po +0 -1863
- data/locale/sv_SE/foreman_openscap.po.time_stamp +0 -0
- data/locale/zh_CN/foreman_openscap.edit.po +0 -1868
- data/locale/zh_CN/foreman_openscap.po.time_stamp +0 -0
- data/locale/zh_TW/foreman_openscap.edit.po +0 -1864
- data/locale/zh_TW/foreman_openscap.po.time_stamp +0 -0
- data/test/factories/oval_content_factory.rb +0 -7
- data/test/factories/oval_policy_factory.rb +0 -9
- data/test/fixtures/cve_fixtures.rb +0 -104
- data/test/functional/api/v2/compliance/oval_contents_controller_test.rb +0 -39
- data/test/functional/api/v2/compliance/oval_policies_controller_test.rb +0 -141
- data/test/functional/api/v2/compliance/oval_reports_controller_test.rb +0 -32
- data/test/graphql/mutations/oval_policies/delete_mutation_test.rb +0 -63
- data/test/graphql/queries/oval_content_query_test.rb +0 -29
- data/test/graphql/queries/oval_contents_query_test.rb +0 -35
- data/test/graphql/queries/oval_policies_query_test.rb +0 -35
- data/test/unit/oval_host_test.rb +0 -45
- data/test/unit/oval_policy_test.rb +0 -133
- data/test/unit/oval_status_test.rb +0 -47
- data/test/unit/services/oval/cves_test.rb +0 -81
- data/test/unit/services/oval/setup_check_test.rb +0 -37
- data/test/unit/services/oval/setup_test.rb +0 -87
- data/webpack/graphql/mutations/createOvalPolicy.gql +0 -22
- data/webpack/graphql/mutations/deleteOvalContent.gql +0 -9
- data/webpack/graphql/mutations/deleteOvalPolicy.gql +0 -9
- data/webpack/graphql/mutations/updateOvalPolicy.gql +0 -14
- data/webpack/graphql/queries/currentUserAttributes.gql +0 -11
- data/webpack/graphql/queries/cves.gql +0 -23
- data/webpack/graphql/queries/hostgroups.gql +0 -14
- data/webpack/graphql/queries/ovalContent.gql +0 -8
- data/webpack/graphql/queries/ovalContents.gql +0 -19
- data/webpack/graphql/queries/ovalPolicies.gql +0 -20
- data/webpack/graphql/queries/ovalPolicy.gql +0 -29
- data/webpack/helpers/pathsHelper.js +0 -29
- data/webpack/routes/OvalContents/OvalContentsIndex/OvalContentsIndex.js +0 -71
- data/webpack/routes/OvalContents/OvalContentsIndex/OvalContentsTable.js +0 -83
- data/webpack/routes/OvalContents/OvalContentsIndex/__tests__/OvalContentsDestroy.fixtures.js +0 -105
- data/webpack/routes/OvalContents/OvalContentsIndex/__tests__/OvalContentsDestroy.test.js +0 -124
- data/webpack/routes/OvalContents/OvalContentsIndex/__tests__/OvalContentsIndex.fixtures.js +0 -127
- data/webpack/routes/OvalContents/OvalContentsIndex/__tests__/OvalContentsIndex.test.js +0 -89
- data/webpack/routes/OvalContents/OvalContentsIndex/index.js +0 -13
- data/webpack/routes/OvalContents/OvalContentsNew/OvalContentsNew.js +0 -138
- data/webpack/routes/OvalContents/OvalContentsNew/OvalContentsNew.scss +0 -3
- data/webpack/routes/OvalContents/OvalContentsNew/OvalContentsNewHelper.js +0 -73
- data/webpack/routes/OvalContents/OvalContentsNew/__tests__/OvalContentsNew.test.js +0 -104
- data/webpack/routes/OvalContents/OvalContentsNew/index.js +0 -13
- data/webpack/routes/OvalContents/OvalContentsShow/OvalContentsShow.js +0 -62
- data/webpack/routes/OvalContents/OvalContentsShow/OvalContentsShow.test.js +0 -45
- data/webpack/routes/OvalContents/OvalContentsShow/OvalContentsShowHelper.js +0 -0
- data/webpack/routes/OvalContents/OvalContentsShow/index.js +0 -35
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/OvalPoliciesIndex.js +0 -62
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/OvalPoliciesTable.js +0 -74
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/__tests__/OvalPoliciesDestroy.fixtures.js +0 -101
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/__tests__/OvalPoliciesDestroy.test.js +0 -117
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/__tests__/OvalPoliciesIndex.fixtures.js +0 -111
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/__tests__/OvalPoliciesIndex.test.js +0 -81
- data/webpack/routes/OvalPolicies/OvalPoliciesIndex/index.js +0 -13
- data/webpack/routes/OvalPolicies/OvalPoliciesNew/HostgroupSelect.js +0 -135
- data/webpack/routes/OvalPolicies/OvalPoliciesNew/NewOvalPolicyForm.js +0 -119
- data/webpack/routes/OvalPolicies/OvalPoliciesNew/NewOvalPolicyFormHelpers.js +0 -107
- data/webpack/routes/OvalPolicies/OvalPoliciesNew/OvalPoliciesNew.js +0 -32
- data/webpack/routes/OvalPolicies/OvalPoliciesNew/__tests__/OvalPoliciesNew.fixtures.js +0 -147
- data/webpack/routes/OvalPolicies/OvalPoliciesNew/__tests__/OvalPoliciesNew.test.js +0 -172
- data/webpack/routes/OvalPolicies/OvalPoliciesNew/index.js +0 -11
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/CvesTab.js +0 -49
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/CvesTable.js +0 -63
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/DetailsTab.js +0 -87
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/HostgroupsTab.js +0 -49
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/HostgroupsTable.js +0 -38
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/OvalPoliciesShow.js +0 -82
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/OvalPoliciesShowHelper.js +0 -117
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/__tests__/OvalPoliciesEdit.fixtures.js +0 -48
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/__tests__/OvalPoliciesEdit.test.js +0 -202
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/__tests__/OvalPoliciesShow.fixtures.js +0 -124
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/__tests__/OvalPoliciesShow.test.js +0 -172
- data/webpack/routes/OvalPolicies/OvalPoliciesShow/index.js +0 -39
- data/webpack/routes/routes.js +0 -49
@@ -1,72 +0,0 @@
|
|
1
|
-
module Api::V2
|
2
|
-
module Compliance
|
3
|
-
class OvalContentsController < ::Api::V2::BaseController
|
4
|
-
include Foreman::Controller::Parameters::OvalContent
|
5
|
-
include ForemanOpenscap::Api::V2::ScapApiControllerExtensions
|
6
|
-
|
7
|
-
before_action :find_resource, :except => %w[index create sync]
|
8
|
-
skip_before_action :check_media_type, :only => %w[create update]
|
9
|
-
|
10
|
-
api :GET, '/compliance/oval_contents', N_('List OVAL contents')
|
11
|
-
param_group :search_and_pagination, ::Api::V2::BaseController
|
12
|
-
add_scoped_search_description_for(::ForemanOpenscap::OvalContent)
|
13
|
-
|
14
|
-
def index
|
15
|
-
@oval_contents = resource_scope_for_index(:permission => :view_oval_contents)
|
16
|
-
end
|
17
|
-
|
18
|
-
api :GET, '/compliance/oval_contents/:id', N_('Show an OVAL content')
|
19
|
-
param :id, :identifier, :required => true
|
20
|
-
|
21
|
-
def show
|
22
|
-
end
|
23
|
-
|
24
|
-
def_param_group :oval_content do
|
25
|
-
param :oval_content, Hash, :required => true, :action_aware => true do
|
26
|
-
param :name, String, :required => true, :desc => N_('OVAL content name')
|
27
|
-
param :scap_file, File, :desc => N_('XML containing OVAL content')
|
28
|
-
param :original_filename, String, :desc => N_('Original file name of the OVAL content file')
|
29
|
-
param :url, String, :desc => N_('URL of the OVAL content file')
|
30
|
-
param_group :taxonomies, ::Api::V2::BaseController
|
31
|
-
end
|
32
|
-
end
|
33
|
-
|
34
|
-
api :POST, '/compliance/oval_contents', N_('Create OVAL content')
|
35
|
-
param_group :oval_content, :as => :create
|
36
|
-
|
37
|
-
def create
|
38
|
-
@oval_content = ForemanOpenscap::OvalContent.new(oval_content_params)
|
39
|
-
process_response @oval_content.save
|
40
|
-
end
|
41
|
-
|
42
|
-
api :PUT, '/compliance/oval_contents/:id', N_('Update an OVAL content')
|
43
|
-
param :id, :identifier, :required => true
|
44
|
-
param_group :oval_content
|
45
|
-
|
46
|
-
def update
|
47
|
-
process_response @oval_content.update(oval_content_params)
|
48
|
-
end
|
49
|
-
|
50
|
-
api :DELETE, '/compliance/oval_contents/:id', N_('Deletes an OVAL content')
|
51
|
-
param :id, :identifier, :required => true
|
52
|
-
|
53
|
-
def destroy
|
54
|
-
process_response @oval_content.destroy
|
55
|
-
end
|
56
|
-
|
57
|
-
api :POST, '/compliance/oval_contents/sync', N_('Sync contents that have remote source URL')
|
58
|
-
def sync
|
59
|
-
@oval_contents = ForemanOpenscap::Oval::SyncOvalContents.new.sync_all
|
60
|
-
end
|
61
|
-
|
62
|
-
def action_permission
|
63
|
-
case params[:action]
|
64
|
-
when 'sync'
|
65
|
-
:update
|
66
|
-
else
|
67
|
-
super
|
68
|
-
end
|
69
|
-
end
|
70
|
-
end
|
71
|
-
end
|
72
|
-
end
|
@@ -1,111 +0,0 @@
|
|
1
|
-
module Api::V2
|
2
|
-
module Compliance
|
3
|
-
class OvalPoliciesController < ::Api::V2::BaseController
|
4
|
-
include Foreman::Controller::SmartProxyAuth
|
5
|
-
include ForemanOpenscap::Api::V2::ScapApiControllerExtensions
|
6
|
-
include Foreman::Controller::Parameters::OvalPolicy
|
7
|
-
|
8
|
-
add_smart_proxy_filters %i[oval_content], :features => 'Openscap'
|
9
|
-
|
10
|
-
before_action :find_resource, :except => %w[index create]
|
11
|
-
skip_after_action :log_response_body, :only => %i[oval_content]
|
12
|
-
|
13
|
-
api :GET, '/compliance/oval_policies', N_('List OVAL Policies')
|
14
|
-
param_group :search_and_pagination, ::Api::V2::BaseController
|
15
|
-
|
16
|
-
def index
|
17
|
-
@oval_policies = resource_scope_for_index(:permission => :view_oval_policies)
|
18
|
-
end
|
19
|
-
|
20
|
-
api :GET, '/compliance/oval_policies/:id', N_('Show an OVAL Policy')
|
21
|
-
param :id, :identifier, :required => true
|
22
|
-
|
23
|
-
def show
|
24
|
-
end
|
25
|
-
|
26
|
-
def_param_group :oval_policy do
|
27
|
-
param :oval_policy, Hash, :required => true, :action_aware => true do
|
28
|
-
param :name, String, :required => true, :desc => N_('OVAL Policy name')
|
29
|
-
param :oval_content_id, Integer, :required => true, :desc => N_('Policy OVAL content ID')
|
30
|
-
param :description, String, :desc => N_('OVAL Policy description')
|
31
|
-
param :period, String, :desc => N_('OVAL Policy schedule period (weekly, monthly, custom)')
|
32
|
-
param :weekday, String, :desc => N_('OVAL Policy schedule weekday (only if period == "weekly")')
|
33
|
-
param :day_of_month, Integer, :desc => N_('OVAL Policy schedule day of month (only if period == "monthly")')
|
34
|
-
param :cron_line, String, :desc => N_('OVAL Policy schedule cron line (only if period == "custom")')
|
35
|
-
param_group :taxonomies, ::Api::V2::BaseController
|
36
|
-
end
|
37
|
-
end
|
38
|
-
|
39
|
-
api :POST, '/compliance/oval_policies', N_('Create an OVAL Policy')
|
40
|
-
param_group :oval_policy, :as => :create
|
41
|
-
|
42
|
-
def create
|
43
|
-
@oval_policy = ForemanOpenscap::OvalPolicy.new(oval_policy_params)
|
44
|
-
process_response(@oval_policy.save)
|
45
|
-
end
|
46
|
-
|
47
|
-
api :PUT, '/compliance/oval_policies/:id', N_('Update an OVAL Policy')
|
48
|
-
param :id, :identifier, :required => true
|
49
|
-
param_group :oval_policy
|
50
|
-
|
51
|
-
def update
|
52
|
-
process_response(@oval_policy.update(oval_policy_params))
|
53
|
-
end
|
54
|
-
|
55
|
-
api :DELETE, '/compliance/oval_policies/:id', N_('Delete an OVAL Policy')
|
56
|
-
param :id, :identifier, :required => true
|
57
|
-
|
58
|
-
def destroy
|
59
|
-
process_response @oval_policy.destroy
|
60
|
-
end
|
61
|
-
|
62
|
-
api :POST, '/compliance/oval_policies/:id/assign_hostgroups', N_('Assign hostgroups to an OVAL Policy')
|
63
|
-
param :id, :identifier, :required => true
|
64
|
-
param :hostgroup_ids, Array, :desc => N_('Array of hostgroup IDs')
|
65
|
-
|
66
|
-
def assign_hostgroups
|
67
|
-
assign _('hostgroups'), params["hostgroup_ids"], ::Hostgroup
|
68
|
-
end
|
69
|
-
|
70
|
-
api :POST, '/compliance/oval_policies/:id/assign_hosts', N_('Assign hosts to an OVAL Policy')
|
71
|
-
param :id, :identifier, :required => true
|
72
|
-
param :host_ids, Array, :desc => N_('Array of host IDs')
|
73
|
-
|
74
|
-
def assign_hosts
|
75
|
-
assign _('hosts'), params["host_ids"], ::Host::Managed
|
76
|
-
end
|
77
|
-
|
78
|
-
api :GET, '/compliance/oval_policies/:id/oval_content', N_("Show a policy's OVAL content")
|
79
|
-
param :id, :identifier, :required => true
|
80
|
-
|
81
|
-
def oval_content
|
82
|
-
@oval_content = @oval_policy.oval_content
|
83
|
-
send_data @oval_content.scap_file,
|
84
|
-
:type => 'application/x-bzip2',
|
85
|
-
:filename => @oval_content.original_filename
|
86
|
-
end
|
87
|
-
|
88
|
-
def action_permission
|
89
|
-
case params[:action]
|
90
|
-
when 'assign_hostgroups', 'assign_hosts'
|
91
|
-
:edit
|
92
|
-
when 'oval_content'
|
93
|
-
:show
|
94
|
-
else
|
95
|
-
super
|
96
|
-
end
|
97
|
-
end
|
98
|
-
|
99
|
-
private
|
100
|
-
|
101
|
-
def assign(resource_plural, ids, model_class)
|
102
|
-
check_collection = ::ForemanOpenscap::Oval::Configure.new.assign(@oval_policy, ids, model_class)
|
103
|
-
if check_collection.all_passed?
|
104
|
-
render :json => { :message => (_("OVAL policy successfully configured with %s.") % resource_plural) }
|
105
|
-
else
|
106
|
-
render :json => { :results => check_collection.find_failed.map(&:to_h) }
|
107
|
-
end
|
108
|
-
end
|
109
|
-
end
|
110
|
-
end
|
111
|
-
end
|
@@ -1,47 +0,0 @@
|
|
1
|
-
module Api
|
2
|
-
module V2
|
3
|
-
module Compliance
|
4
|
-
class OvalReportsController < ::Api::V2::BaseController
|
5
|
-
include Foreman::Controller::SmartProxyAuth
|
6
|
-
add_smart_proxy_filters :create, :features => 'Openscap'
|
7
|
-
|
8
|
-
skip_before_action :setup_has_many_params
|
9
|
-
before_action :find_resources_before_create, :only => [:create]
|
10
|
-
|
11
|
-
api :POST, "/compliance/oval_reports/:cname/:oval_policy_id/:date", N_("Upload an OVAL report - a list of CVEs for given host")
|
12
|
-
param :cname, :identifier, :required => true
|
13
|
-
param :oval_policy_id, :identifier, :required => true
|
14
|
-
param :date, :identifier, :required => true
|
15
|
-
|
16
|
-
def create
|
17
|
-
ForemanOpenscap::Oval::Cves.new.create(@host, params.to_unsafe_h)
|
18
|
-
if @host.errors.any?
|
19
|
-
upload_fail @host.errors.full_messages
|
20
|
-
else
|
21
|
-
@host.refresh_statuses([ForemanOpenscap::OvalStatus])
|
22
|
-
render :json => { :result => :ok }
|
23
|
-
end
|
24
|
-
end
|
25
|
-
|
26
|
-
private
|
27
|
-
|
28
|
-
def find_resources_before_create
|
29
|
-
@host = ForemanOpenscap::Helper.find_host_by_name_or_uuid params[:cname]
|
30
|
-
|
31
|
-
unless @host
|
32
|
-
upload_fail(_('Could not find host identified by: %s') % params[:cname])
|
33
|
-
return
|
34
|
-
end
|
35
|
-
end
|
36
|
-
|
37
|
-
def upload_fail(msg)
|
38
|
-
logger.error msg
|
39
|
-
render :json => { :result => :fail, :errors => msg }, :status => :unprocessable_entity
|
40
|
-
end
|
41
|
-
|
42
|
-
def find_resource
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
46
|
-
end
|
47
|
-
end
|
@@ -1,22 +0,0 @@
|
|
1
|
-
module Foreman::Controller::Parameters::OvalContent
|
2
|
-
extend ActiveSupport::Concern
|
3
|
-
|
4
|
-
class_methods do
|
5
|
-
def oval_content_params_filter
|
6
|
-
Foreman::ParameterFilter.new(::ForemanOpenscap::OvalContent).tap do |filter|
|
7
|
-
filter.permit :original_filename, :scap_file, :name, :url, :location_ids => [], :organization_ids => []
|
8
|
-
end
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
def oval_content_params
|
13
|
-
read_file_content self.class.oval_content_params_filter.filter_params(params, parameter_filter_context)
|
14
|
-
end
|
15
|
-
|
16
|
-
def read_file_content(params)
|
17
|
-
return params unless file = params[:scap_file]
|
18
|
-
content = file.read
|
19
|
-
filename = file.original_filename
|
20
|
-
params.merge(:scap_file => content, :original_filename => params[:original_filename] || filename)
|
21
|
-
end
|
22
|
-
end
|
@@ -1,22 +0,0 @@
|
|
1
|
-
module Foreman::Controller::Parameters::OvalPolicy
|
2
|
-
extend ActiveSupport::Concern
|
3
|
-
|
4
|
-
class_methods do
|
5
|
-
def filter_params_list
|
6
|
-
[:description, :name, :period,
|
7
|
-
:weekday, :day_of_month, :cron_line,
|
8
|
-
:oval_content_id,
|
9
|
-
:location_ids => [], :organization_ids => []]
|
10
|
-
end
|
11
|
-
|
12
|
-
def oval_policy_params_filter
|
13
|
-
Foreman::ParameterFilter.new(::ForemanOpenscap::OvalPolicy).tap do |filter|
|
14
|
-
filter.permit filter_params_list
|
15
|
-
end
|
16
|
-
end
|
17
|
-
end
|
18
|
-
|
19
|
-
def oval_policy_params
|
20
|
-
self.class.oval_policy_params_filter.filter_params(params, parameter_filter_context)
|
21
|
-
end
|
22
|
-
end
|
@@ -1,33 +0,0 @@
|
|
1
|
-
module Mutations
|
2
|
-
module OvalPolicies
|
3
|
-
class Create < ::Mutations::BaseMutation
|
4
|
-
description 'Creates a new OVAL Policy'
|
5
|
-
graphql_name 'CreateOvalPolicyMutation'
|
6
|
-
|
7
|
-
resource_class ::ForemanOpenscap::OvalPolicy
|
8
|
-
|
9
|
-
argument :name, String
|
10
|
-
argument :description, String, required: false
|
11
|
-
argument :period, String
|
12
|
-
argument :weekday, String, required: false
|
13
|
-
argument :day_of_month, Integer, required: false
|
14
|
-
argument :cron_line, String, required: false
|
15
|
-
argument :oval_content_id, Integer, required: true
|
16
|
-
argument :hostgroup_ids, [Integer], required: false
|
17
|
-
|
18
|
-
field :oval_policy, Types::OvalPolicy, 'The new OVAL Policy.', null: true
|
19
|
-
field :check_collection, [Types::OvalCheck], 'A collection of checks to detect OVAL policy configuration error', null: false
|
20
|
-
|
21
|
-
def resolve(hostgroup_ids:, **params)
|
22
|
-
policy = ::ForemanOpenscap::OvalPolicy.new params
|
23
|
-
validate_object(policy)
|
24
|
-
authorize!(policy, :create)
|
25
|
-
check_collection = ::ForemanOpenscap::Oval::Configure.new.assign(policy, hostgroup_ids, ::Hostgroup)
|
26
|
-
{
|
27
|
-
:oval_policy => policy,
|
28
|
-
:check_collection => check_collection.checks
|
29
|
-
}
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|
33
|
-
end
|
@@ -1,15 +0,0 @@
|
|
1
|
-
module Mutations
|
2
|
-
module OvalPolicies
|
3
|
-
class Update < UpdateMutation
|
4
|
-
graphql_name 'UpdateOvalPolicyMutation'
|
5
|
-
description 'Updates an OVAL Policy'
|
6
|
-
resource_class ::ForemanOpenscap::OvalPolicy
|
7
|
-
|
8
|
-
argument :name, String, required: false
|
9
|
-
argument :description, String, required: false
|
10
|
-
argument :cron_line, String, required: false
|
11
|
-
|
12
|
-
field :oval_policy, ::Types::OvalPolicy, 'The OVAL policy.', null: true
|
13
|
-
end
|
14
|
-
end
|
15
|
-
end
|
data/app/graphql/types/cve.rb
DELETED
@@ -1,17 +0,0 @@
|
|
1
|
-
module Types
|
2
|
-
class Cve < BaseObject
|
3
|
-
description 'A CVE'
|
4
|
-
model_class ::ForemanOpenscap::Cve
|
5
|
-
|
6
|
-
global_id_field :id
|
7
|
-
field :ref_id, String
|
8
|
-
field :ref_url, String
|
9
|
-
field :has_errata, Boolean
|
10
|
-
field :definition_id, String
|
11
|
-
has_many :hosts, Types::Host
|
12
|
-
|
13
|
-
def self.graphql_definition
|
14
|
-
super.tap { |type| type.instance_variable_set(:@name, 'ForemanOpenscap::Cve') }
|
15
|
-
end
|
16
|
-
end
|
17
|
-
end
|
@@ -1,11 +0,0 @@
|
|
1
|
-
module Types
|
2
|
-
class OvalCheck < GraphQL::Schema::Object
|
3
|
-
description 'A check that contains information about whether a particual prerequisite for OVAL policy deployment is configured correctly'
|
4
|
-
|
5
|
-
field :id, String, null: false
|
6
|
-
field :title, String, null: false
|
7
|
-
field :fail_msg, String, null: true
|
8
|
-
field :errors, ::Types::RawJson, null: true
|
9
|
-
field :result, String, null: false
|
10
|
-
end
|
11
|
-
end
|
@@ -1,19 +0,0 @@
|
|
1
|
-
module Types
|
2
|
-
class OvalContent < BaseObject
|
3
|
-
description 'An OVAL Content'
|
4
|
-
model_class ::ForemanOpenscap::OvalContent
|
5
|
-
|
6
|
-
include ::Types::Concerns::MetaField
|
7
|
-
|
8
|
-
global_id_field :id
|
9
|
-
timestamps
|
10
|
-
field :name, String
|
11
|
-
field :digest, String
|
12
|
-
field :original_filename, String
|
13
|
-
field :url, String
|
14
|
-
|
15
|
-
def self.graphql_definition
|
16
|
-
super.tap { |type| type.instance_variable_set(:@name, 'ForemanOpenscap::OvalContent') }
|
17
|
-
end
|
18
|
-
end
|
19
|
-
end
|
@@ -1,24 +0,0 @@
|
|
1
|
-
module Types
|
2
|
-
class OvalPolicy < BaseObject
|
3
|
-
description 'An OVAL Policy'
|
4
|
-
model_class ::ForemanOpenscap::OvalPolicy
|
5
|
-
|
6
|
-
include ::Types::Concerns::MetaField
|
7
|
-
|
8
|
-
global_id_field :id
|
9
|
-
timestamps
|
10
|
-
field :name, String
|
11
|
-
field :description, String
|
12
|
-
field :period, String
|
13
|
-
field :weekday, String
|
14
|
-
field :day_of_month, String
|
15
|
-
field :cron_line, String
|
16
|
-
belongs_to :oval_content, ::Types::OvalContent
|
17
|
-
|
18
|
-
has_many :hostgroups, ::Types::Hostgroup
|
19
|
-
|
20
|
-
def self.graphql_definition
|
21
|
-
super.tap { |type| type.instance_variable_set(:@name, 'ForemanOpenscap::OvalPolicy') }
|
22
|
-
end
|
23
|
-
end
|
24
|
-
end
|
@@ -1,38 +0,0 @@
|
|
1
|
-
module ForemanOpenscap
|
2
|
-
module OvalFacetHostExtensions
|
3
|
-
extend ActiveSupport::Concern
|
4
|
-
|
5
|
-
::Host::Managed::Jail.allow :oval_policies_enc, :oval_policies_enc_raw, :cves, :cves_without_errata
|
6
|
-
|
7
|
-
included do
|
8
|
-
has_many :oval_policies, :through => :oval_facet, :class_name => 'ForemanOpenscap::OvalPolicy'
|
9
|
-
|
10
|
-
has_many :host_cves, :class_name => 'ForemanOpenscap::HostCve', :foreign_key => :host_id
|
11
|
-
has_many :cves, :through => :host_cves, :class_name => 'ForemanOpenscap::Cve', :source => :cve
|
12
|
-
|
13
|
-
scoped_search :relation => :host_cves, :on => :cve_id, :rename => :cve_id, :complete_value => false
|
14
|
-
end
|
15
|
-
|
16
|
-
def cves_without_errata
|
17
|
-
cves.where(:has_errata => false)
|
18
|
-
end
|
19
|
-
|
20
|
-
def cves_with_errata
|
21
|
-
cves.where(:has_errata => true)
|
22
|
-
end
|
23
|
-
|
24
|
-
def combined_oval_policies
|
25
|
-
combined = oval_policies
|
26
|
-
combined += hostgroup.oval_policies + hostgroup.inherited_oval_policies if hostgroup
|
27
|
-
combined.uniq
|
28
|
-
end
|
29
|
-
|
30
|
-
def oval_policies_enc_raw
|
31
|
-
combined_oval_policies.map(&:to_enc)
|
32
|
-
end
|
33
|
-
|
34
|
-
def oval_policies_enc
|
35
|
-
oval_policies_enc_raw.to_json
|
36
|
-
end
|
37
|
-
end
|
38
|
-
end
|
@@ -1,31 +0,0 @@
|
|
1
|
-
module ForemanOpenscap
|
2
|
-
module OvalFacetHostgroupExtensions
|
3
|
-
extend ActiveSupport::Concern
|
4
|
-
|
5
|
-
include InheritedPolicies
|
6
|
-
|
7
|
-
included do
|
8
|
-
has_many :oval_policies, :through => :oval_facet, :class_name => 'ForemanOpenscap::OvalPolicy'
|
9
|
-
|
10
|
-
scoped_search :relation => :oval_policies,
|
11
|
-
:on => :id,
|
12
|
-
:rename => :oval_policy_id,
|
13
|
-
:complete_value => false,
|
14
|
-
:only_explicit => true,
|
15
|
-
:ext_method => :find_by_oval_policy_id,
|
16
|
-
:operators => ['= ']
|
17
|
-
end
|
18
|
-
|
19
|
-
def inherited_oval_policies
|
20
|
-
find_inherited_policies :oval_policies
|
21
|
-
end
|
22
|
-
|
23
|
-
module ClassMethods
|
24
|
-
def find_by_oval_policy_id(_key, operator, value)
|
25
|
-
conditions = sanitize_sql_for_conditions(["#{::ForemanOpenscap::HostgroupOvalFacetOvalPolicy.table_name}.oval_policy_id #{operator} ?", value])
|
26
|
-
hg_ids = ::ForemanOpenscap::Hostgroup::OvalFacet.joins(:hostgroup_oval_facet_oval_policies).where(conditions).pluck(:hostgroup_id)
|
27
|
-
{ :conditions => ::Hostgroup.arel_table[:id].in(hg_ids).to_sql }
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
31
|
-
end
|
@@ -1,23 +0,0 @@
|
|
1
|
-
module ForemanOpenscap
|
2
|
-
class Cve < ApplicationRecord
|
3
|
-
has_many :host_cves
|
4
|
-
has_many :hosts, :through => :host_cves
|
5
|
-
has_many :oval_policies, :through => :host_cves
|
6
|
-
|
7
|
-
scoped_search :relation => :host_cves, :on => :oval_policy_id, :rename => :oval_policy_id, :complete_value => false
|
8
|
-
|
9
|
-
scope :of_oval_policy, ->(policy_id) {
|
10
|
-
joins(:host_cves).where(:foreman_openscap_host_cves => { :oval_policy_id => policy_id })
|
11
|
-
}
|
12
|
-
|
13
|
-
scope :of_host, ->(host_id) {
|
14
|
-
joins(:host_cves).where(:foreman_openscap_host_cves => { :host_id => host_id })
|
15
|
-
}
|
16
|
-
|
17
|
-
validates :ref_id, :ref_url, :definition_id, :presence => true
|
18
|
-
|
19
|
-
class Jail < ::Safemode::Jail
|
20
|
-
allow :ref_id, :ref_url
|
21
|
-
end
|
22
|
-
end
|
23
|
-
end
|
@@ -1,14 +0,0 @@
|
|
1
|
-
module ForemanOpenscap
|
2
|
-
module Host
|
3
|
-
class OvalFacet < ApplicationRecord
|
4
|
-
self.table_name = 'foreman_openscap_oval_facets'
|
5
|
-
|
6
|
-
include Facets::Base
|
7
|
-
|
8
|
-
validates :host, :presence => true, :allow_blank => false
|
9
|
-
|
10
|
-
has_many :oval_facet_oval_policies, :dependent => :destroy, :class_name => 'ForemanOpenscap::OvalFacetOvalPolicy'
|
11
|
-
has_many :oval_policies, :through => :oval_facet_oval_policies, :class_name => 'ForemanOpenscap::OvalPolicy'
|
12
|
-
end
|
13
|
-
end
|
14
|
-
end
|
@@ -1,14 +0,0 @@
|
|
1
|
-
module ForemanOpenscap
|
2
|
-
module Hostgroup
|
3
|
-
class OvalFacet < ApplicationRecord
|
4
|
-
self.table_name = 'foreman_openscap_hostgroup_oval_facets'
|
5
|
-
|
6
|
-
include Facets::HostgroupFacet
|
7
|
-
|
8
|
-
validates :hostgroup, :presence => true, :allow_blank => false
|
9
|
-
|
10
|
-
has_many :hostgroup_oval_facet_oval_policies, :dependent => :destroy, :class_name => 'ForemanOpenscap::HostgroupOvalFacetOvalPolicy'
|
11
|
-
has_many :oval_policies, :through => :hostgroup_oval_facet_oval_policies, :class_name => 'ForemanOpenscap::OvalPolicy'
|
12
|
-
end
|
13
|
-
end
|
14
|
-
end
|
@@ -1,28 +0,0 @@
|
|
1
|
-
module ForemanOpenscap
|
2
|
-
class OvalContent < ApplicationRecord
|
3
|
-
audited :except => [:scap_file]
|
4
|
-
include Authorizable
|
5
|
-
include Taxonomix
|
6
|
-
include ScapFileContent
|
7
|
-
|
8
|
-
before_destroy EnsureNotUsedBy.new(:oval_policies)
|
9
|
-
|
10
|
-
scoped_search :on => :name, :complete_value => true
|
11
|
-
|
12
|
-
has_many :oval_policies
|
13
|
-
validates :name, :presence => true, :length => { :maximum => 255 }, uniqueness: true
|
14
|
-
validates :url, :format => { :with => %r{\Ahttps?://} }, :allow_blank => true
|
15
|
-
|
16
|
-
before_validation :fetch_remote_content, :if => lambda { |oval_content| oval_content.url.present? }
|
17
|
-
|
18
|
-
def to_h
|
19
|
-
{ :id => id, :name => name, :original_filename => original_filename, :changed_at => changed_at }
|
20
|
-
end
|
21
|
-
|
22
|
-
private
|
23
|
-
|
24
|
-
def fetch_remote_content
|
25
|
-
ForemanOpenscap::Oval::SyncOvalContents.new.sync self
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
@@ -1,54 +0,0 @@
|
|
1
|
-
module ForemanOpenscap
|
2
|
-
class OvalPolicy < ApplicationRecord
|
3
|
-
graphql_type '::Types::OvalPolicy'
|
4
|
-
|
5
|
-
audited
|
6
|
-
include Authorizable
|
7
|
-
include Taxonomix
|
8
|
-
|
9
|
-
include PolicyCommon
|
10
|
-
|
11
|
-
belongs_to :oval_content
|
12
|
-
|
13
|
-
validates :name, :presence => true, :uniqueness => true, :length => { :maximum => 255 }
|
14
|
-
validates :period, :inclusion => { :in => %w[weekly monthly custom], :message => _('is not a valid value') }
|
15
|
-
validate :valid_cron_line, :valid_weekday, :valid_day_of_month
|
16
|
-
validates :oval_content, :presence => true
|
17
|
-
|
18
|
-
has_many :oval_facet_oval_policies, :class_name => 'ForemanOpenscap::OvalFacetOvalPolicy'
|
19
|
-
has_many :oval_facets, :through => :oval_facet_oval_policies, :class_name => 'ForemanOpenscap::Host::OvalFacet'
|
20
|
-
has_many :hosts, :through => :oval_facets
|
21
|
-
|
22
|
-
has_many :hostgroup_oval_facet_oval_policies, :class_name => 'ForemanOpenscap::HostgroupOvalFacetOvalPolicy'
|
23
|
-
has_many :hostgroup_oval_facets, :through => :hostgroup_oval_facet_oval_policies, :class_name => 'ForemanOpenscap::Hostgroup::OvalFacet', :source => :oval_facet
|
24
|
-
has_many :hostgroups, :through => :hostgroup_oval_facets
|
25
|
-
|
26
|
-
has_many :host_cves
|
27
|
-
has_many :cves, :through => :host_cves
|
28
|
-
|
29
|
-
def host_ids=(host_ids)
|
30
|
-
self.oval_facets = facets_to_assign(host_ids, :host_id, ForemanOpenscap::Host::OvalFacet)
|
31
|
-
end
|
32
|
-
|
33
|
-
def hostgroup_ids=(hostgroup_ids)
|
34
|
-
self.hostgroup_oval_facets = facets_to_assign(hostgroup_ids, :hostgroup_id, ForemanOpenscap::Hostgroup::OvalFacet)
|
35
|
-
end
|
36
|
-
|
37
|
-
def to_enc
|
38
|
-
{
|
39
|
-
:id => id,
|
40
|
-
:oval_content_path => "/var/lib/openscap/oval_content/#{oval_content.digest}.oval.xml.bz2",
|
41
|
-
:download_path => "/compliance/oval_policies/#{id}/oval_content/#{oval_content.digest}"
|
42
|
-
}.merge(period_enc).with_indifferent_access
|
43
|
-
end
|
44
|
-
|
45
|
-
private
|
46
|
-
|
47
|
-
def facets_to_assign(ids, key, facet_class)
|
48
|
-
filtered_ids = ids.uniq.reject { |id| respond_to?(:empty) && id.empty? }
|
49
|
-
existing_facets = facet_class.where(key => filtered_ids)
|
50
|
-
new_facets = (filtered_ids - existing_facets.pluck(key)).map { |id| facet_class.new(key => id) }
|
51
|
-
existing_facets + new_facets
|
52
|
-
end
|
53
|
-
end
|
54
|
-
end
|