foreman_openscap 0.10.2 → 0.10.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/api/v2/compliance/arf_reports_controller.rb +27 -10
- data/app/controllers/concerns/foreman/controller/parameters/policy_api.rb +1 -1
- data/app/helpers/policies_helper.rb +12 -0
- data/app/models/concerns/foreman_openscap/compliance_status_scoped_search.rb +22 -12
- data/app/models/foreman_openscap/arf_report.rb +2 -2
- data/app/models/foreman_openscap/policy.rb +46 -16
- data/app/models/foreman_openscap/scap_content_profile.rb +1 -1
- data/app/views/arf_reports/_list.html.erb +1 -1
- data/app/views/compliance_hosts/show.html.erb +9 -0
- data/app/views/policies/_list.html.erb +1 -1
- data/app/views/policies/edit.html.erb +1 -10
- data/app/views/policies/show.html.erb +2 -0
- data/app/views/policy_dashboard/_policy_reports.html.erb +1 -1
- data/app/views/scap_contents/_list.html.erb +1 -1
- data/app/views/tailoring_files/_list.html.erb +1 -1
- data/db/migrate/20171016125613_add_content_title_unique_constraint.foreman_openscap.rb +13 -1
- data/lib/foreman_openscap/engine.rb +4 -2
- data/lib/foreman_openscap/version.rb +1 -1
- data/test/functional/api/v2/compliance/arf_reports_controller_test.rb +86 -11
- data/test/unit/policy_test.rb +21 -2
- data/test/unit/puppet_overrides_test.rb +38 -0
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a8a1469f7adb801cd2a0546ae4ee61e2fe2161d5
|
4
|
+
data.tar.gz: 5f0e0fb1d2749991765d97548e144df5e837fe35
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0ef9439800ec792c4982c86e77702a04079bee39797c3ef07de41b9cacd4de64ace28a60f15646ccae66d6eace541bb6c4473aaad3db491a8b18498cfb270f18
|
7
|
+
data.tar.gz: 12600506e0dc3c9abdeda73b14d7f43ab98910ec0c6fe89379a50d84800cfbb2a7401f00d4a2bf8deafb6059b9057049227a832d93938223e9e9a1e295f72dd0
|
@@ -11,6 +11,7 @@ module Api
|
|
11
11
|
add_smart_proxy_filters :create, :features => 'Openscap'
|
12
12
|
|
13
13
|
before_action :find_resource, :only => %w[show destroy download download_html]
|
14
|
+
before_action :find_resources_before_create, :only => %w[create]
|
14
15
|
skip_after_action :log_response_body, :only => %w[download download_html]
|
15
16
|
|
16
17
|
def resource_name
|
@@ -47,14 +48,9 @@ module Api
|
|
47
48
|
param :date, :identifier, :required => true
|
48
49
|
|
49
50
|
def create
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
asset.host.refresh_statuses([HostStatus.find_status_by_humanized_name("compliance")])
|
54
|
-
render :json => { :result => :OK, :id => arf_report.id.to_s }
|
55
|
-
else
|
56
|
-
no_proxy_for_host asset
|
57
|
-
end
|
51
|
+
arf_report = ForemanOpenscap::ArfReport.create_arf(@asset, @smart_proxy, params.to_unsafe_h)
|
52
|
+
@asset.host.refresh_statuses([HostStatus.find_status_by_humanized_name("compliance")])
|
53
|
+
render :json => { :result => :OK, :id => arf_report.id.to_s }
|
58
54
|
end
|
59
55
|
|
60
56
|
api :GET, "/compliance/arf_reports/:id/download/", N_("Download bzipped ARF report")
|
@@ -84,12 +80,33 @@ module Api
|
|
84
80
|
instance_variable_set("@arf_report", resource_scope.find(params[:id]))
|
85
81
|
end
|
86
82
|
|
83
|
+
def find_resources_before_create
|
84
|
+
@asset = ForemanOpenscap::Helper::get_asset(params[:cname], params[:policy_id])
|
85
|
+
|
86
|
+
if !params[:openscap_proxy_url] && !params[:openscap_proxy_name] && !@asset.host.openscap_proxy
|
87
|
+
msg = _('Failed to upload Arf Report, OpenSCAP proxy name or url not found in params when uploading for %s and host is missing openscap_proxy') % @asset.host.name
|
88
|
+
no_proxy_for_host(msg)
|
89
|
+
return
|
90
|
+
elsif !params[:openscap_proxy_url] && !params[:openscap_proxy_name] && @asset.host.openscap_proxy
|
91
|
+
logger.debug 'No proxy params found when uploading arf report, falling back to asset.host.openscap_proxy'
|
92
|
+
@smart_proxy = @asset.host.openscap_proxy
|
93
|
+
else
|
94
|
+
@smart_proxy = SmartProxy.unscoped.find_by :name => params[:openscap_proxy_name]
|
95
|
+
@smart_proxy ||= SmartProxy.unscoped.find_by :url => params[:openscap_proxy_url]
|
96
|
+
end
|
97
|
+
|
98
|
+
unless @smart_proxy
|
99
|
+
msg = _('No proxy found for %{name} or %{url}') % { :name => params[:openscap_proxy_name], :url => params[:openscap_proxy_url] }
|
100
|
+
no_proxy_for_host(msg)
|
101
|
+
return
|
102
|
+
end
|
103
|
+
end
|
104
|
+
|
87
105
|
def handle_download_error(error)
|
88
106
|
render_error 'standard_error', :status => :internal_error, :locals => { :exception => error }
|
89
107
|
end
|
90
108
|
|
91
|
-
def no_proxy_for_host(
|
92
|
-
msg = _('Failed to upload Arf Report, no OpenSCAP proxy set for host %s') % asset.host.name
|
109
|
+
def no_proxy_for_host(msg)
|
93
110
|
logger.error msg
|
94
111
|
render :json => { :result => msg }, :status => :unprocessable_entity
|
95
112
|
end
|
@@ -5,7 +5,7 @@ module Foreman::Controller::Parameters::PolicyApi
|
|
5
5
|
def filter_params_list
|
6
6
|
[:description, :name, :period, :scap_content_id, :scap_content_profile_id,
|
7
7
|
:weekday, :day_of_month, :cron_line, :tailoring_file_id, :tailoring_file_profile_id,
|
8
|
-
:location_ids => [], :organization_ids => [], :hostgroup_ids => []]
|
8
|
+
:location_ids => [], :organization_ids => [], :hostgroup_ids => [], :host_ids => []]
|
9
9
|
end
|
10
10
|
|
11
11
|
def policy_params_filter
|
@@ -101,4 +101,16 @@ module PoliciesHelper
|
|
101
101
|
def translate_steps(policy)
|
102
102
|
policy.steps.map { |step| _(step) }
|
103
103
|
end
|
104
|
+
|
105
|
+
def policy_breadcrumbs
|
106
|
+
if @policy
|
107
|
+
breadcrumbs(:resource_url => api_compliance_policies_path,
|
108
|
+
:items => [
|
109
|
+
{ :caption => _('Policies'),
|
110
|
+
:url => url_for(policies_path) },
|
111
|
+
{ :caption => @policy.name,
|
112
|
+
:url => (edit_policy_path(@policy) if authorized_for(hash_for_edit_policy_path(@policy))) }
|
113
|
+
])
|
114
|
+
end
|
115
|
+
end
|
104
116
|
end
|
@@ -3,12 +3,6 @@ module ForemanOpenscap
|
|
3
3
|
extend ActiveSupport::Concern
|
4
4
|
|
5
5
|
module ClassMethods
|
6
|
-
def compliance_status_scoped_search(status, options = {})
|
7
|
-
options[:offset] = ArfReport::METRIC.index(status.to_s)
|
8
|
-
options[:word_size] = ArfReport::BIT_NUM
|
9
|
-
scoped_search options
|
10
|
-
end
|
11
|
-
|
12
6
|
def policy_search(search_alias)
|
13
7
|
scoped_search :relation => :policy, :on => :name, :complete_value => true, :rename => search_alias,
|
14
8
|
:only_explicit => true, :ext_method => :search_by_policy_name
|
@@ -42,9 +36,10 @@ module ForemanOpenscap
|
|
42
36
|
by.gsub!(/[^[:alnum:]]/, '')
|
43
37
|
case by.downcase
|
44
38
|
when 'host'
|
45
|
-
{ :conditions =>
|
39
|
+
{ :conditions => "reports.id IN (
|
46
40
|
SELECT MAX(id) FROM reports sub
|
47
|
-
WHERE sub.
|
41
|
+
WHERE sub.type = 'ForemanOpenscap::ArfReport'
|
42
|
+
AND sub.host_id = reports.host_id )" }
|
48
43
|
when 'policy'
|
49
44
|
{ :conditions => 'reports.id IN (
|
50
45
|
SELECT latest.id
|
@@ -60,6 +55,18 @@ module ForemanOpenscap
|
|
60
55
|
end
|
61
56
|
end
|
62
57
|
|
58
|
+
def search_by_compliance_status(key, operator, value)
|
59
|
+
scope = case value
|
60
|
+
when 'compliant'
|
61
|
+
ArfReport.passed
|
62
|
+
when 'incompliant'
|
63
|
+
ArfReport.failed
|
64
|
+
when 'inconclusive'
|
65
|
+
ArfReport.othered
|
66
|
+
end
|
67
|
+
query_conditions scope.select(ArfReport.arel_table[:id]).to_sql
|
68
|
+
end
|
69
|
+
|
63
70
|
private
|
64
71
|
|
65
72
|
def query_conditions(query)
|
@@ -73,7 +80,7 @@ module ForemanOpenscap
|
|
73
80
|
policy_search :policy
|
74
81
|
|
75
82
|
scoped_search :on => :id, :rename => :last_for, :complete_value => { :host => 0, :policy => 1 },
|
76
|
-
:only_explicit => true, :ext_method => :search_by_last_for
|
83
|
+
:only_explicit => true, :operators => ['= '], :ext_method => :search_by_last_for
|
77
84
|
|
78
85
|
scoped_search :relation => :policy, :on => :name, :complete_value => true, :rename => :comply_with,
|
79
86
|
:only_explicit => true, :operators => ['= '], :ext_method => :search_by_comply_with
|
@@ -86,9 +93,12 @@ module ForemanOpenscap
|
|
86
93
|
|
87
94
|
scoped_search :relation => :openscap_proxy, :on => :name, :complete_value => true, :only_explicit => true, :rename => :openscap_proxy
|
88
95
|
|
89
|
-
|
90
|
-
|
91
|
-
|
96
|
+
scoped_search :on => :status, :rename => :compliance_status, :operators => ['= '],
|
97
|
+
:ext_method => :search_by_compliance_status,
|
98
|
+
:complete_value => { :compliant => ::ForemanOpenscap::ComplianceStatus::COMPLIANT,
|
99
|
+
:incompliant => ::ForemanOpenscap::ComplianceStatus::INCOMPLIANT,
|
100
|
+
:inconclusive => ::ForemanOpenscap::ComplianceStatus::INCONCLUSIVE },
|
101
|
+
:validator => ->(value) { ['compliant', 'incompliant', 'inconclusive'].reduce(false) { |memo, item| memo || (item == value) } }
|
92
102
|
end
|
93
103
|
end
|
94
104
|
end
|
@@ -102,7 +102,7 @@ module ForemanOpenscap
|
|
102
102
|
status.values.sum
|
103
103
|
end
|
104
104
|
|
105
|
-
def self.create_arf(asset, params)
|
105
|
+
def self.create_arf(asset, proxy, params)
|
106
106
|
# fail if policy does not exist.
|
107
107
|
arf_report = nil
|
108
108
|
policy = Policy.find(params[:policy_id])
|
@@ -112,7 +112,7 @@ module ForemanOpenscap
|
|
112
112
|
:reported_at => Time.at(params[:date].to_i),
|
113
113
|
:status => params[:metrics],
|
114
114
|
:metrics => params[:metrics],
|
115
|
-
:openscap_proxy =>
|
115
|
+
:openscap_proxy => proxy)
|
116
116
|
PolicyArfReport.where(:arf_report_id => arf_report.id, :policy_id => policy.id, :digest => params[:digest]).first_or_create!
|
117
117
|
if params[:logs]
|
118
118
|
params[:logs].each do |log|
|
@@ -9,7 +9,7 @@ module ForemanOpenscap
|
|
9
9
|
belongs_to :scap_content
|
10
10
|
belongs_to :scap_content_profile
|
11
11
|
belongs_to :tailoring_file
|
12
|
-
belongs_to :tailoring_file_profile, :class_name => ForemanOpenscap::ScapContentProfile
|
12
|
+
belongs_to :tailoring_file_profile, :class_name => 'ForemanOpenscap::ScapContentProfile'
|
13
13
|
has_many :policy_arf_reports
|
14
14
|
has_many :arf_reports, :through => :policy_arf_reports, :dependent => :destroy
|
15
15
|
has_many :asset_policies
|
@@ -65,12 +65,7 @@ module ForemanOpenscap
|
|
65
65
|
end
|
66
66
|
|
67
67
|
def hostgroup_ids=(ids)
|
68
|
-
|
69
|
-
ids.reject { |id| id.respond_to?(:empty?) && id.empty? }.map do |id|
|
70
|
-
hostgroup_assets << assets.where(:assetable_type => 'Hostgroup', :assetable_id => id).first_or_initialize
|
71
|
-
end
|
72
|
-
existing_host_assets = self.assets.where(:assetable_type => 'Host::Base')
|
73
|
-
self.assets = existing_host_assets + hostgroup_assets
|
68
|
+
assign_ids ids, 'Hostgroup'
|
74
69
|
end
|
75
70
|
|
76
71
|
def hostgroups
|
@@ -85,6 +80,10 @@ module ForemanOpenscap
|
|
85
80
|
assets.where(:assetable_type => 'Host::Base').pluck(:assetable_id)
|
86
81
|
end
|
87
82
|
|
83
|
+
def host_ids=(ids)
|
84
|
+
assign_ids ids, 'Host::Base'
|
85
|
+
end
|
86
|
+
|
88
87
|
def hosts
|
89
88
|
Host.where(:id => host_ids)
|
90
89
|
end
|
@@ -253,19 +252,41 @@ module ForemanOpenscap
|
|
253
252
|
return false
|
254
253
|
end
|
255
254
|
|
256
|
-
|
257
|
-
|
258
|
-
|
255
|
+
return false unless override_policies_param(puppetclass)
|
256
|
+
return false unless override_port_param(puppetclass)
|
257
|
+
return false unless override_server_param(puppetclass)
|
258
|
+
end
|
259
|
+
|
260
|
+
def override_policies_param(puppetclass)
|
261
|
+
override_param(puppetclass, POLICIES_CLASS_PARAMETER) do |param|
|
262
|
+
param.key_type = 'array'
|
263
|
+
param.default_value = '<%= @host.policies_enc %>'
|
259
264
|
end
|
265
|
+
end
|
260
266
|
|
261
|
-
|
262
|
-
|
263
|
-
|
267
|
+
def override_port_param(puppetclass)
|
268
|
+
override_param puppetclass, PORT_CLASS_PARAMETER
|
269
|
+
end
|
264
270
|
|
265
|
-
|
266
|
-
|
267
|
-
|
271
|
+
def override_server_param(puppetclass)
|
272
|
+
override_param puppetclass, SERVER_CLASS_PARAMETER
|
273
|
+
end
|
274
|
+
|
275
|
+
def override_param(puppetclass, param_name)
|
276
|
+
unless param = puppetclass.class_params.find_by(key: param_name)
|
277
|
+
errors[:base] << _("Puppet class %{class} does not have %{parameter} class parameter.") % { :class => SCAP_PUPPET_CLASS, :parameter => param_name }
|
278
|
+
return
|
268
279
|
end
|
280
|
+
|
281
|
+
param.override = true
|
282
|
+
|
283
|
+
yield param if block_given?
|
284
|
+
|
285
|
+
if param.changed? && !param.save
|
286
|
+
errors[:base] << _("%{parameter} class parameter for class %{class} could not be configured.") % { :class => SCAP_PUPPET_CLASS, :parameter => param_name }
|
287
|
+
return
|
288
|
+
end
|
289
|
+
param
|
269
290
|
end
|
270
291
|
|
271
292
|
def cron_line_split
|
@@ -347,5 +368,14 @@ module ForemanOpenscap
|
|
347
368
|
end
|
348
369
|
end
|
349
370
|
end
|
371
|
+
|
372
|
+
def assign_ids(ids, class_name)
|
373
|
+
new_assets = ids.reject { |id| id.respond_to?(:empty?) && id.empty? }.reduce([]) do |memo, id|
|
374
|
+
memo << assets.where(:assetable_type => class_name, :assetable_id => id).first_or_initialize
|
375
|
+
end
|
376
|
+
complimentary_class_name = class_name == 'Host::Base' ? 'Hostgroup' : 'Host::Base'
|
377
|
+
existing_assets = self.assets.where(:assetable_type => complimentary_class_name)
|
378
|
+
self.assets = existing_assets + new_assets
|
379
|
+
end
|
350
380
|
end
|
351
381
|
end
|
@@ -10,7 +10,7 @@
|
|
10
10
|
<th><%= sort :compliance_passed, :as => _("Passed") %></th>
|
11
11
|
<th><%= sort :compliance_failed, :as => _("Failed") %></th>
|
12
12
|
<th><%= sort :compliance_othered, :as => _("Other") %></th>
|
13
|
-
<th
|
13
|
+
<th><%= _("Actions") %></th>
|
14
14
|
</tr>
|
15
15
|
<% for arf_report in @arf_reports %>
|
16
16
|
<tr>
|
@@ -1,5 +1,14 @@
|
|
1
1
|
<% javascript 'charts', 'dashboard', 'foreman_openscap/scap_hosts_show' %>
|
2
2
|
|
3
|
+
<%= breadcrumbs(:resource_url => api_hosts_path,
|
4
|
+
:name_field => 'name',
|
5
|
+
:switchable => false,
|
6
|
+
:items => [
|
7
|
+
{ :caption => _('Compliance Hosts') },
|
8
|
+
{ :caption => (N_("%s compliance reports by policy") % @host.to_label) }
|
9
|
+
])
|
10
|
+
%>
|
11
|
+
|
3
12
|
<% title n_("%s compliance report by policy", "%s compliance reports by policy" , @host.combined_policies.length) % @host.to_label %>
|
4
13
|
<% @host.combined_policies.each do |policy| %>
|
5
14
|
<h2 class="center-block"><%= _('Policy %s') % policy %></h2>
|
@@ -1,13 +1,4 @@
|
|
1
1
|
<% title _("Edit Compliance Policy") %>
|
2
|
-
<%=
|
3
|
-
:items => [
|
4
|
-
{ :caption => _('Policies'),
|
5
|
-
:url => url_for(policies_path)
|
6
|
-
},
|
7
|
-
{ :caption => @policy.name,
|
8
|
-
:url => (edit_policy_path(@policy) if authorized_for(hash_for_edit_policy_path(@policy)))
|
9
|
-
}
|
10
|
-
]
|
11
|
-
) if @policy %>
|
2
|
+
<%= policy_breadcrumbs %>
|
12
3
|
|
13
4
|
<%= render :partial => "form" %>
|
@@ -3,7 +3,7 @@
|
|
3
3
|
<th class="col-md-4"><%= _('Name')%></th>
|
4
4
|
<th class="col-md-4"><%= _('Filename') %></th>
|
5
5
|
<th class="col-md-3"><%= _('Created') %></th>
|
6
|
-
<th class="col-md-1"
|
6
|
+
<th class="col-md-1"><%= _('Actions') %></th>
|
7
7
|
</tr>
|
8
8
|
<% @tailoring_files.each do |file| %>
|
9
9
|
<tr>
|
@@ -1,6 +1,18 @@
|
|
1
1
|
class AddContentTitleUniqueConstraint < ActiveRecord::Migration[4.2]
|
2
2
|
def change
|
3
|
-
|
3
|
+
titles = ForemanOpenscap::ScapContent.unscoped.group(:title).count.select { |key, value| value > 1 }.keys
|
4
|
+
titles.each do |title|
|
5
|
+
duplicates = ForemanOpenscap::ScapContent.unscoped.where :title => title
|
6
|
+
say "#{duplicates.count} Scap Contents with duplicate title detected: #{title}"
|
7
|
+
duplicates.each.with_index do |item, index|
|
8
|
+
next if index == 0
|
9
|
+
new_title = item.title + " #{index + 1}"
|
10
|
+
say "Renaming Scap Content #{item.title} with id #{item.id} to #{new_title}"
|
11
|
+
item.update_attribute(:title, new_title)
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
remove_index :foreman_openscap_scap_contents, :name => 'index_scaptimony_scap_contents_on_title' if index_exists?(:foreman_openscap_scap_contents, :title, :name => 'index_scaptimony_scap_contents_on_title')
|
4
16
|
add_index :foreman_openscap_scap_contents, :title, :unique => true
|
5
17
|
end
|
6
18
|
end
|
@@ -158,15 +158,17 @@ module ForemanOpenscap
|
|
158
158
|
parameter_filter Hostgroup, :openscap_proxy_id, :openscap_proxy
|
159
159
|
parameter_filter Log, :result
|
160
160
|
|
161
|
+
proxy_description = N_('OpenSCAP Proxy to use for fetching SCAP content and uploading ARF reports. Leave blank and override appropriate parameters when using proxy load balancer.')
|
162
|
+
|
161
163
|
smart_proxy_for Hostgroup, :openscap_proxy,
|
162
164
|
:feature => 'Openscap',
|
163
165
|
:label => N_('OpenSCAP Proxy'),
|
164
|
-
:description =>
|
166
|
+
:description => proxy_description,
|
165
167
|
:api_description => N_('ID of OpenSCAP Proxy')
|
166
168
|
smart_proxy_for Host::Managed, :openscap_proxy,
|
167
169
|
:feature => 'Openscap',
|
168
170
|
:label => N_('OpenSCAP Proxy'),
|
169
|
-
:description =>
|
171
|
+
:description => proxy_description,
|
170
172
|
:api_description => N_('ID of OpenSCAP Proxy')
|
171
173
|
|
172
174
|
if ForemanOpenscap.with_remote_execution?
|
@@ -14,7 +14,7 @@ class Api::V2::Compliance::ArfReportsControllerTest < ActionController::TestCase
|
|
14
14
|
|
15
15
|
@from_json = arf_from_json "#{ForemanOpenscap::Engine.root}/test/files/arf_report/arf_report.json"
|
16
16
|
@cname = '9521a5c5-8f44-495f-b087-20e86b30bf67'
|
17
|
-
@proxy = FactoryBot.create(:smart_proxy, :url => "http://smart-proxy.org:8000")
|
17
|
+
@proxy = FactoryBot.create(:smart_proxy, :url => "http://smart-proxy.org:8000", :name => 'smart_proxy_with_openscap')
|
18
18
|
end
|
19
19
|
|
20
20
|
test "should get index" do
|
@@ -46,14 +46,15 @@ class Api::V2::Compliance::ArfReportsControllerTest < ActionController::TestCase
|
|
46
46
|
refute t.size.zero?
|
47
47
|
end
|
48
48
|
|
49
|
-
test "should create report" do
|
49
|
+
test "should create report using proxy name" do
|
50
50
|
reports_cleanup
|
51
51
|
date = Time.new(1984, 9, 15)
|
52
52
|
ForemanOpenscap::Helper.stubs(:get_asset).returns(@asset)
|
53
53
|
post :create,
|
54
54
|
:params => @from_json.merge(:cname => @cname,
|
55
55
|
:policy_id => @policy.id,
|
56
|
-
:date => date.to_i
|
56
|
+
:date => date.to_i,
|
57
|
+
:openscap_proxy_name => @proxy.name),
|
57
58
|
:session => set_session_user
|
58
59
|
report = ForemanOpenscap::ArfReport.unscoped.last
|
59
60
|
assert_equal date, report.reported_at
|
@@ -64,7 +65,20 @@ class Api::V2::Compliance::ArfReportsControllerTest < ActionController::TestCase
|
|
64
65
|
assert_equal msg_count, src_count
|
65
66
|
end
|
66
67
|
|
67
|
-
test "should
|
68
|
+
test "should create report using proxy url" do
|
69
|
+
reports_cleanup
|
70
|
+
date = Time.new(1984, 9, 15)
|
71
|
+
ForemanOpenscap::Helper.stubs(:get_asset).returns(@asset)
|
72
|
+
post :create,
|
73
|
+
:params => @from_json.merge(:cname => @cname,
|
74
|
+
:policy_id => @policy.id,
|
75
|
+
:date => date.to_i,
|
76
|
+
:openscap_proxy_url => @proxy.url),
|
77
|
+
:session => set_session_user
|
78
|
+
assert_response :success
|
79
|
+
end
|
80
|
+
|
81
|
+
test "should not create report when no proxy params present" do
|
68
82
|
asset = FactoryBot.create(:asset)
|
69
83
|
date = Time.new(1944, 6, 6)
|
70
84
|
ForemanOpenscap::Helper.stubs(:get_asset).returns(asset)
|
@@ -75,7 +89,8 @@ class Api::V2::Compliance::ArfReportsControllerTest < ActionController::TestCase
|
|
75
89
|
:session => set_session_user
|
76
90
|
assert_response :unprocessable_entity
|
77
91
|
res = JSON.parse(@response.body)
|
78
|
-
|
92
|
+
msg = "Failed to upload Arf Report, OpenSCAP proxy name or url not found in params when uploading for #{asset.host.name} and host is missing openscap_proxy"
|
93
|
+
assert_equal msg, res["result"]
|
79
94
|
end
|
80
95
|
|
81
96
|
test "should not duplicate messages" do
|
@@ -83,13 +98,14 @@ class Api::V2::Compliance::ArfReportsControllerTest < ActionController::TestCase
|
|
83
98
|
params = @from_json.with_indifferent_access.merge(:cname => @cname,
|
84
99
|
:policy_id => @policy.id,
|
85
100
|
:date => dates[0].to_i)
|
86
|
-
assert ForemanOpenscap::ArfReport.create_arf(@asset, params)
|
101
|
+
assert ForemanOpenscap::ArfReport.create_arf(@asset, @proxy, params)
|
87
102
|
|
88
103
|
ForemanOpenscap::Helper.stubs(:get_asset).returns(@asset)
|
89
104
|
post :create,
|
90
105
|
:params => @from_json.merge(:cname => @cname,
|
91
106
|
:policy_id => @policy.id,
|
92
|
-
:date => dates[1].to_i
|
107
|
+
:date => dates[1].to_i,
|
108
|
+
:openscap_proxy_name => @proxy.name),
|
93
109
|
:session => set_session_user
|
94
110
|
assert_equal Message.where(:digest => ForemanOpenscap::ArfReport.unscoped.last.logs.first.message.digest).count, 1
|
95
111
|
end
|
@@ -98,14 +114,15 @@ class Api::V2::Compliance::ArfReportsControllerTest < ActionController::TestCase
|
|
98
114
|
params = @from_json.with_indifferent_access.merge(:cname => @cname,
|
99
115
|
:policy_id => @policy.id,
|
100
116
|
:date => Time.new(2017, 5, 6).to_i)
|
101
|
-
assert ForemanOpenscap::ArfReport.create_arf(@asset, params)
|
117
|
+
assert ForemanOpenscap::ArfReport.create_arf(@asset, @proxy, params)
|
102
118
|
|
103
119
|
ForemanOpenscap::Helper.stubs(:get_asset).returns(@asset)
|
104
120
|
changed_from_json = arf_from_json "#{ForemanOpenscap::Engine.root}/test/files/arf_report/arf_report_msg_desc_changed.json"
|
105
121
|
post :create,
|
106
122
|
:params => changed_from_json.merge(:cname => @cname,
|
107
123
|
:policy_id => @policy.id,
|
108
|
-
:date => Time.new(2017, 6, 6).to_i
|
124
|
+
:date => Time.new(2017, 6, 6).to_i,
|
125
|
+
:openscap_proxy_name => @proxy.name),
|
109
126
|
:session => set_session_user
|
110
127
|
|
111
128
|
assert_response :success
|
@@ -123,14 +140,15 @@ class Api::V2::Compliance::ArfReportsControllerTest < ActionController::TestCase
|
|
123
140
|
params = @from_json.with_indifferent_access.merge(:cname => @cname,
|
124
141
|
:policy_id => @policy.id,
|
125
142
|
:date => Time.new(2017, 7, 6).to_i)
|
126
|
-
assert ForemanOpenscap::ArfReport.create_arf(@asset, params)
|
143
|
+
assert ForemanOpenscap::ArfReport.create_arf(@asset, @proxy, params)
|
127
144
|
|
128
145
|
ForemanOpenscap::Helper.stubs(:get_asset).returns(@asset)
|
129
146
|
changed_from_json = arf_from_json "#{ForemanOpenscap::Engine.root}/test/files/arf_report/arf_report_msg_value_changed.json"
|
130
147
|
post :create,
|
131
148
|
:params => changed_from_json.merge(:cname => @cname,
|
132
149
|
:policy_id => @policy.id,
|
133
|
-
:date => Time.new(2017, 8, 6).to_i
|
150
|
+
:date => Time.new(2017, 8, 6).to_i,
|
151
|
+
:openscap_proxy_name => @proxy.name),
|
134
152
|
:session => set_session_user
|
135
153
|
|
136
154
|
assert_response :success
|
@@ -229,6 +247,9 @@ class Api::V2::Compliance::ArfReportsControllerTest < ActionController::TestCase
|
|
229
247
|
create_arf_report_for_search({ "passed" => 1, "othered" => 0, "failed" => 4 }, policy, host_a)
|
230
248
|
create_arf_report_for_search({ "passed" => 1, "othered" => 0, "failed" => 0 }, policy, host_b)
|
231
249
|
create_arf_report_for_search({ "passed" => 2, "othered" => 3, "failed" => 7 }, policy, host_b)
|
250
|
+
# Add config reports to test for STI type
|
251
|
+
FactoryBot.create(:config_report, :host_id => host_a.id)
|
252
|
+
FactoryBot.create(:config_report, :host_id => host_b.id)
|
232
253
|
|
233
254
|
get :index, :params => { :search => "last_for=host" }, :session => set_session_user
|
234
255
|
response = ActiveSupport::JSON.decode(@response.body)
|
@@ -238,6 +259,60 @@ class Api::V2::Compliance::ArfReportsControllerTest < ActionController::TestCase
|
|
238
259
|
assert_equal 7, response['results'].find { |hash| hash["host"]["name"] == host_b.name }["failed"]
|
239
260
|
end
|
240
261
|
|
262
|
+
test "should find passed reports by compliance status" do
|
263
|
+
reports_cleanup
|
264
|
+
policy = FactoryBot.create(:policy)
|
265
|
+
passing_1 = create_arf_report_for_search({ "passed" => 4, "othered" => 0, "failed" => 0 }, policy)
|
266
|
+
passing_2 = create_arf_report_for_search({ "passed" => 1, "othered" => 0, "failed" => 0 }, policy)
|
267
|
+
create_arf_report_for_search({ "passed" => 15, "othered" => 9, "failed" => 0 }, policy)
|
268
|
+
create_arf_report_for_search({ "passed" => 2, "othered" => 3, "failed" => 7 }, policy)
|
269
|
+
|
270
|
+
get :index, :params => { :search => "compliance_status=compliant" }, :session => set_session_user
|
271
|
+
response = ActiveSupport::JSON.decode(@response.body)
|
272
|
+
assert_response :success
|
273
|
+
assert_equal 2, response['results'].count
|
274
|
+
response['results'].each do |result|
|
275
|
+
assert(result['passed'] > 0)
|
276
|
+
assert(result['othered'] = 0)
|
277
|
+
assert(result['failed'] = 0)
|
278
|
+
end
|
279
|
+
end
|
280
|
+
|
281
|
+
test "should find failed reports by compliance status" do
|
282
|
+
reports_cleanup
|
283
|
+
policy = FactoryBot.create(:policy)
|
284
|
+
create_arf_report_for_search({ "passed" => 4, "othered" => 0, "failed" => 1 }, policy)
|
285
|
+
create_arf_report_for_search({ "passed" => 1, "othered" => 0, "failed" => 0 }, policy)
|
286
|
+
create_arf_report_for_search({ "passed" => 15, "othered" => 9, "failed" => 0 }, policy)
|
287
|
+
create_arf_report_for_search({ "passed" => 2, "othered" => 3, "failed" => 7 }, policy)
|
288
|
+
|
289
|
+
get :index, :params => { :search => "compliance_status=incompliant" }, :session => set_session_user
|
290
|
+
response = ActiveSupport::JSON.decode(@response.body)
|
291
|
+
assert_response :success
|
292
|
+
assert_equal 2, response['results'].count
|
293
|
+
response['results'].each do |result|
|
294
|
+
assert(result['failed'] > 0)
|
295
|
+
end
|
296
|
+
end
|
297
|
+
|
298
|
+
test "should find othered reports by compliance status" do
|
299
|
+
reports_cleanup
|
300
|
+
policy = FactoryBot.create(:policy)
|
301
|
+
create_arf_report_for_search({ "passed" => 4, "othered" => 0, "failed" => 0 }, policy)
|
302
|
+
create_arf_report_for_search({ "passed" => 1, "othered" => 42, "failed" => 0 }, policy)
|
303
|
+
create_arf_report_for_search({ "passed" => 0, "othered" => 9, "failed" => 0 }, policy)
|
304
|
+
create_arf_report_for_search({ "passed" => 2, "othered" => 3, "failed" => 7 }, policy)
|
305
|
+
|
306
|
+
get :index, :params => { :search => "compliance_status=inconclusive" }, :session => set_session_user
|
307
|
+
response = ActiveSupport::JSON.decode(@response.body)
|
308
|
+
assert_response :success
|
309
|
+
assert_equal 2, response['results'].count
|
310
|
+
response['results'].each do |result|
|
311
|
+
assert(result['failed'] = 0)
|
312
|
+
assert(result['othered'] > 0)
|
313
|
+
end
|
314
|
+
end
|
315
|
+
|
241
316
|
private
|
242
317
|
|
243
318
|
def reports_cleanup
|
data/test/unit/policy_test.rb
CHANGED
@@ -15,12 +15,31 @@ class PolicyTest < ActiveSupport::TestCase
|
|
15
15
|
ForemanOpenscap::Policy.any_instance.stubs(:populate_overrides)
|
16
16
|
hg1 = FactoryBot.create(:hostgroup)
|
17
17
|
hg2 = FactoryBot.create(:hostgroup)
|
18
|
+
host = FactoryBot.create(:compliance_host)
|
18
19
|
asset = FactoryBot.create(:asset, :assetable_id => hg1.id, :assetable_type => 'Hostgroup')
|
19
|
-
|
20
|
+
host_asset = FactoryBot.create(:asset, :assetable_id => host.id, :assetable_type => 'Host::Base')
|
21
|
+
policy = FactoryBot.create(:policy, :assets => [asset, host_asset], :scap_content => @scap_content, :scap_content_profile => @scap_profile)
|
20
22
|
policy.hostgroup_ids = [hg1, hg2].map(&:id)
|
21
23
|
policy.save!
|
22
24
|
assert_equal 2, policy.hostgroups.count
|
23
|
-
|
25
|
+
assert_equal 3, policy.assets.count
|
26
|
+
assert_equal host, policy.hosts.first
|
27
|
+
end
|
28
|
+
|
29
|
+
test "should assign hosts by their ids" do
|
30
|
+
ForemanOpenscap::Policy.any_instance.stubs(:find_scap_puppetclass).returns(FactoryBot.create(:puppetclass, :name => 'foreman_scap_client'))
|
31
|
+
ForemanOpenscap::Policy.any_instance.stubs(:populate_overrides)
|
32
|
+
host1 = FactoryBot.create(:compliance_host)
|
33
|
+
host2 = FactoryBot.create(:compliance_host)
|
34
|
+
hostgroup = FactoryBot.create(:hostgroup)
|
35
|
+
asset = FactoryBot.create(:asset, :assetable_id => host1.id, :assetable_type => 'Host::Base')
|
36
|
+
hostgroup_asset = FactoryBot.create(:asset, :assetable_id => hostgroup.id, :assetable_type => 'Hostgroup')
|
37
|
+
policy = FactoryBot.create(:policy, :assets => [asset, hostgroup_asset], :scap_content => @scap_content, :scap_content_profile => @scap_profile)
|
38
|
+
policy.host_ids = [host1, host2].map(&:id)
|
39
|
+
policy.save!
|
40
|
+
assert_equal 2, policy.hosts.count
|
41
|
+
assert_equal 3, policy.assets.count
|
42
|
+
assert_equal hostgroup, policy.hostgroups.first
|
24
43
|
end
|
25
44
|
|
26
45
|
test "should remove associated hostgroup" do
|
@@ -0,0 +1,38 @@
|
|
1
|
+
require 'test_plugin_helper'
|
2
|
+
|
3
|
+
class PuppetOverridesTest < ActiveSupport::TestCase
|
4
|
+
setup do
|
5
|
+
ForemanOpenscap::ScapContent.any_instance.stubs(:fetch_profiles).returns({ 'test_profile_key' => 'test_profile_title' })
|
6
|
+
@scap_content = FactoryBot.create(:scap_content)
|
7
|
+
@scap_profile = FactoryBot.create(:scap_content_profile, :scap_content => @scap_content)
|
8
|
+
end
|
9
|
+
|
10
|
+
test "should override puppet class parameters" do
|
11
|
+
env = FactoryBot.create(:environment)
|
12
|
+
puppet_class = FactoryBot.create(:puppetclass, :name => 'foreman_scap_client')
|
13
|
+
server_param = FactoryBot.create(:puppetclass_lookup_key, :key => 'server')
|
14
|
+
port_param = FactoryBot.create(:puppetclass_lookup_key, :key => 'port')
|
15
|
+
policies_param = FactoryBot.create(:puppetclass_lookup_key, :key => 'policies')
|
16
|
+
FactoryBot.create(:environment_class,
|
17
|
+
:puppetclass_id => puppet_class.id,
|
18
|
+
:environment_id => env.id,
|
19
|
+
:puppetclass_lookup_key_id => server_param.id)
|
20
|
+
FactoryBot.create(:environment_class,
|
21
|
+
:puppetclass_id => puppet_class.id,
|
22
|
+
:environment_id => env.id,
|
23
|
+
:puppetclass_lookup_key_id => port_param.id)
|
24
|
+
FactoryBot.create(:environment_class,
|
25
|
+
:puppetclass_id => puppet_class.id,
|
26
|
+
:environment_id => env.id,
|
27
|
+
:puppetclass_lookup_key_id => policies_param.id)
|
28
|
+
refute server_param.override
|
29
|
+
refute port_param.override
|
30
|
+
refute policies_param.override
|
31
|
+
FactoryBot.create(:policy, :scap_content => @scap_content, :scap_content_profile => @scap_content_profile)
|
32
|
+
|
33
|
+
assert server_param.reload.override
|
34
|
+
assert port_param.reload.override
|
35
|
+
assert policies_param.reload.override
|
36
|
+
assert_equal '<%= @host.policies_enc %>', policies_param.default_value
|
37
|
+
end
|
38
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: foreman_openscap
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.10.
|
4
|
+
version: 0.10.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- slukasik@redhat.com
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-09-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: deface
|
@@ -295,6 +295,7 @@ files:
|
|
295
295
|
- test/unit/openscap_host_test.rb
|
296
296
|
- test/unit/policy_mailer_test.rb
|
297
297
|
- test/unit/policy_test.rb
|
298
|
+
- test/unit/puppet_overrides_test.rb
|
298
299
|
- test/unit/scap_content_test.rb
|
299
300
|
- test/unit/services/report_dashboard/data_test.rb
|
300
301
|
- test/unit/services/tailoring_files_proxy_check_test.rb
|
@@ -338,6 +339,7 @@ test_files:
|
|
338
339
|
- test/unit/services/tailoring_files_proxy_check_test.rb
|
339
340
|
- test/unit/services/report_dashboard/data_test.rb
|
340
341
|
- test/unit/arf_report_test.rb
|
342
|
+
- test/unit/puppet_overrides_test.rb
|
341
343
|
- test/test_plugin_helper.rb
|
342
344
|
- test/functional/arf_reports_controller_test.rb
|
343
345
|
- test/functional/api/v2/compliance/arf_reports_controller_test.rb
|