foreman_openscap 0.2.1 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e6f78f76f48726587034c86337c59f870ea7774d
-  data.tar.gz: fe1cde3c865b1351ae79826961fb1bd9fbdec4cf
+  metadata.gz: fcc7365919b95567728c6bbf5f71c44e0bdbc4f7
+  data.tar.gz: 59df09c7a34dde0ee73b4b694cde4c88ac52aecc
 SHA512:
-  metadata.gz: c6d5969f1a17b78fdbb48d5f2e0df38e0caa4c32fa72b3dea0c479b97c864cc8ae2c98c53067b20805b00c80e90046471c1304270ee3ec34133f43013be515a0
-  data.tar.gz: 81e507d2834565420bbf7e6bbbbfb1bdad76340c718fa40c393fe68cdab4505bf949577821570b93441b11149ff7567cecc01e1993f00ff5285f38f7d3d30cc4
+  metadata.gz: 53bc94afc3f4ba64384ab4687360145999361a66c2eaedfe28e7981e081af42b7c8b2948f7bd1c07c6caaac426b578ee7715e7fea7a69bf22c98a02bd13ced35
+  data.tar.gz: 144c25d86f781acd2a03316bbf94901c34ba6d6d7e7ea830674a7d2d13df477e80cffa45fe28ac89dcf1734e678163c135c8b0a225a65bd4d8bd307874d19d5e

data/README.md

@@ -5,14 +5,14 @@ of Foreman based infrastructure.
 
 + Current features:
   + Centralized policy management
+  + Set-up organization defined targeting (connect set of system, a policy and time schedule)
+  + Set-up periodical audits
+  + Search for not audited systems
   + Collect & achieve OpenSCAP audit results from your infrastructure
   + Display audit results
   + Search audit results
   + Search for non-compliant systems
 + Future features:
-  + Set-up organization defined targeting (connect set of system, a policy and time schedule)
-  + Set-up periodical audits
-  + Search for not audited systems
   + Comparison of audit results
   + Waive known issues (one-time waivers, re-occurring, waivers)
   + Ad-hoc audit of given machine
@@ -20,7 +20,21 @@ of Foreman based infrastructure.
   + Vulnerability Assessment (processing OVAL CVE streams)
   + E-mail notifications
 
-## Installation
+## Installation from RPMS
+
+- Install Foreman from [upstream](http://theforeman.org/)
+
+- Install foreman-proxy_openscap to all your foreman-proxies from [upstream](https://github.com/OpenSCAP/foreman-proxy_openscap)
+
+- Enable [isimluk/OpenSCAP](https://copr.fedoraproject.org/coprs/isimluk/OpenSCAP/) COPR repository
+
+- Install Foreman_OpenSCAP
+
+  ```
+  yum install rubygem-foreman_openscap ruby193-rubygem-foreman_openscap
+  ```
+
+## Installation from upstream git
 
 - Install Foreman from [upstream](http://theforeman.org/)
 - Install SCAPtimony from [upstream](https://github.com/OpenSCAP/scaptimony)
@@ -36,7 +50,7 @@ of Foreman based infrastructure.
   ```
   $ cd foreman_openscap
   $ gem build foreman_openscap.gemspec
-  # yum install yum-utils rpm-build scl-utils scl-utils-build ruby193-rubygems-devel
+  # yum install yum-utils rpm-build scl-utils scl-utils-build ruby193-rubygems-devel ruby193-build ruby193
   # yum-builddep extra/rubygem-foreman_openscap.spec
   $ rpmbuild  --define "_sourcedir `pwd`" --define "scl ruby193" -ba extra/rubygem-foreman_openscap.spec
   ```
@@ -44,7 +58,7 @@ of Foreman based infrastructure.
 - Install foreman_openscap RPM
 
   ```
-  # yum local install ~/rpmbuild/RPMS/noarch/ruby193-rubygem-foreman_openscap-*.noarch.rpm
+  # yum localinstall ~/rpmbuild/RPMS/noarch/ruby193-rubygem-foreman_openscap-*.noarch.rpm
   # service foreman restart
   ```
 

data/app/assets/javascript/foreman_openscap/period_selector.js

@@ -0,0 +1,3 @@
+$(function() {
+  period_selected($("#policy_period")[0]);
+});

data/app/assets/javascript/foreman_openscap/policy_edit.js

@@ -0,0 +1,37 @@
+function scap_content_selected(element){
+  var attrs = attribute_hash(['scap_content_id']);
+  var url = $(element).attr('data-url');
+  $(element).indicator_show();
+  $.ajax({
+    data: attrs,
+    type: 'post',
+    url: url,
+    complete: function() { $(element).indicator_hide();},
+    success: function(request) {
+      $('#scap_content_profile_select').html(request);
+    }
+  })
+}
+
+function previous_step(previous) {
+  $('#policy_current_step').val(previous);
+  return false;
+}
+
+function period_selected(period) {
+  $("#policy_weekday, #policy_day_of_month, #policy_cron_line").closest("div.clearfix").hide();
+  switch($(period).val()) {
+    case 'weekly':
+      field = "#policy_weekday";
+      break;
+    case 'monthly':
+      field = "#policy_day_of_month";
+      break;
+    case 'custom':
+      field = "#policy_cron_line";
+      break;
+    default:
+      field = "";
+  }
+  $(field).closest("div.clearfix").show();
+}

data/app/assets/stylesheets/foreman_openscap/policy.css.scss

@@ -0,0 +1,7 @@
+.show-pane {
+  display: block;
+}
+
+.hide-pane {
+  display: none;
+}

data/app/controllers/api/v2/{openscap → compliance}/arf_reports_controller.rb

@@ -13,7 +13,7 @@ require 'foreman_openscap/helper'
 
 module Api
   module V2
-    module Openscap
+    module Compliance
 
       class ArfReportsController < V2::BaseController
         include Api::Version2
@@ -21,16 +21,17 @@ module Api
 
         add_puppetmaster_filters :create
 
-        api :POST, "/arf/:cname/:policy_name/:date", N_("Upload an ARF report")
+        api :POST, "/arf/:cname/:policy_id/:date", N_("Upload an ARF report")
         param :cname, :identifier, :required => true
-        param :policy_name, :identifier, :required => true
+        param :policy_id, :identifier, :required => true
         param :date, :identifier, :required => true
 
         def create
           asset = ForemanOpenscap::Helper::get_asset(params[:cname])
           arf_bzip2 = request.body.read
-          received = Scaptimony::ArfReportsHelper.create_arf(asset, params, arf_bzip2)
-          render :json => { :result => :OK, :received => received }
+          arf_bzip2_size = request.body.size
+          Scaptimony::ArfReportsHelper.create_arf(asset, params, arf_bzip2, arf_bzip2_size)
+          render :json => { :result => :OK, :received => arf_bzip2_size }
         end
 
         def check_content_type

data/app/controllers/scaptimony_arf_reports_controller.rb

@@ -1,25 +1,28 @@
 class ScaptimonyArfReportsController < ApplicationController
   include Foreman::Controller::AutoCompleteSearch
 
-  before_filter :find_by_id, :only => [:show, :destroy]
+  before_filter :find_by_id, :only => [:show, :parse, :destroy]
 
   def model_of_controller
     ::Scaptimony::ArfReport
   end
 
-  # GET /scaptimony/arf_reports
   def index
-    @arf_reports = resource_base.search_for(params[:search], :order => params[:order]).paginate(:page => params[:page], :per_page => params[:per_page])
+    @arf_reports = resource_base.includes(:arf_report_breakdown, :asset)
+      .search_for(params[:search], :order => params[:order])
+      .paginate(:page => params[:page], :per_page => params[:per_page])
   end
 
-  # GET /scaptimony/arf_reports/1
   def show
-    self.response_body = @arf_report
+  end
+
+  def parse
+    self.response_body = @arf_report.to_html
   end
 
   def destroy
     if @arf_report.destroy
-      process_success :success_redirect => scaptimony_arf_reports_path
+      process_success
     else
       process_error
     end

data/app/controllers/scaptimony_policies_controller.rb

@@ -1,14 +1,20 @@
 class ScaptimonyPoliciesController < ApplicationController
   include Foreman::Controller::AutoCompleteSearch
-  before_filter :find_by_id, :only => [:show, :edit, :update, :destroy]
+  before_filter :find_by_id, :only => [:show, :edit, :update, :parse, :destroy]
+  before_filter :find_multiple, :only => [:select_multiple_hosts, :update_multiple_hosts]
 
   def model_of_controller
     ::Scaptimony::Policy
   end
 
-  # GET /scaptimony/policies
   def index
-    @policies = resource_base.search_for(params[:search])
+    @policies = resource_base
+                  .search_for(params[:search], :order => params[:order])
+                  .paginate(:page => params[:page], :per_page => params[:per_page])
+                  .includes(:scap_content, :scap_content_profile)
+    if @policies.empty? && Scaptimony::ScapContent.unconfigured?
+      redirect_to new_scaptimony_scap_content_path
+    end
   end
 
   def new
@@ -16,38 +22,64 @@ class ScaptimonyPoliciesController < ApplicationController
   end
 
   def show
-    self.response_body = ::Scaptimony::GuideGenerator.new @policy
+  end
+
+  def parse
+    self.response_body = @policy.to_html
   end
 
   def create
     @policy = ::Scaptimony::Policy.new(params[:policy])
-    if @policy.save
+    if @policy.wizard_completed? && @policy.save
       process_success :success_redirect => scaptimony_policies_path
     else
-      process_error
+      if @policy.valid?
+        render 'new' and return
+      else
+        @policy.rewind_step
+        process_error :object => @policy
+      end
     end
   end
 
+  def edit
+  end
+
   def update
     if @policy.update_attributes(params[:policy])
       process_success :success_redirect => scaptimony_policies_path
     else
-      process_error
+      process_error :object => @policy
     end
   end
 
   def destroy
     if @policy.destroy
-      process_success :success_redirect => scaptimony_policies_path
+      process_success
     else
-      process_error
+      process_error :object => @policy
     end
   end
 
   def scap_content_selected
-    if params[:scap_content_id] and @scap_content = ::Scaptimony::ScapContent.find(params[:scap_content_id])
+    if params[:scap_content_id] && (@scap_content = ::Scaptimony::ScapContent.find(params[:scap_content_id]))
       @policy ||= ::Scaptimony::Policy.new
-      render :partial => 'scap_content_results', :locals => { :policy => @policy }
+      render :partial => 'scap_content_results', :locals => {:policy => @policy}
+    end
+  end
+
+  def select_multiple_hosts; end
+
+  def update_multiple_hosts
+    if (id = params['policy']['id'])
+      policy = ::Scaptimony::Policy.find(id)
+      policy.assign_hosts @hosts
+      notice _("Updated hosts: Assigned with compliance policy: #{policy.name}")
+      # We prefer to go back as this does not lose the current search
+      redirect_to hosts_path
+    else
+      error _('No compliance policy selected.')
+      redirect_to(select_multiple_hosts_scaptimony_policies_path)
     end
   end
 
@@ -55,4 +87,33 @@ class ScaptimonyPoliciesController < ApplicationController
   def find_by_id
     @policy = resource_base.find(params[:id])
   end
+
+  def find_multiple
+    # Lets search by name or id and make sure one of them exists first
+    if params[:host_ids].present?
+      @hosts = Host.where("id IN (?)", params[:host_ids])
+      if @hosts.empty?
+        error _('No hosts were found.')
+        redirect_to(hosts_path) and return false
+      end
+    else
+      error _('No hosts selected')
+      redirect_to(hosts_path) and return false
+    end
+    return @hosts
+  rescue => e
+    error _("Something went wrong while selecting hosts - %s") % (e)
+    logger.debug e.message
+    logger.debug e.backtrace.join("\n")
+    redirect_to hosts_path and return false
+  end
+
+  def action_permission
+    case params[:action]
+      when 'parse'
+        :view
+      else
+        super
+    end
+  end
 end

data/app/{models/scaptimony/asset.rb → controllers/scaptimony_policy_dashboard_controller.rb}

@@ -8,15 +8,14 @@
 # along with this software; if not, see http://www.gnu.org/licenses/gpl.txt
 #
 
-module ::Scaptimony
-  class AuditableHost < ActiveRecord::Base
-    # Links Foreman's Host table with SCAPtimony's Asset table
-    belongs_to :asset, :inverse_of => :auditable_host
-    belongs_to_host :inverse_of => :auditable_host
-  end
+class ScaptimonyPolicyDashboardController < ApplicationController
+  before_filter :prefetch_data, :only => :index
+
+  def index; end
 
- class Asset < ActiveRecord::Base
-    has_one :auditable_host, :inverse_of => :asset
-    has_one :host, :through => :auditable_host
+  def prefetch_data
+    @policy = ::Scaptimony::Policy.find(params[:id])
+    dashboard = Scaptimony::PolicyDashboard::Data.new(@policy, params[:search])
+    @report = dashboard.report
   end
 end

data/app/controllers/scaptimony_scap_contents_controller.rb

@@ -1,20 +1,22 @@
 class ScaptimonyScapContentsController < ApplicationController
   include Foreman::Controller::AutoCompleteSearch
-  before_filter :handle_file_upload, :only => [:create]
-  before_filter :find_by_id, :only => [:show, :edit, :update]
+  before_filter :handle_file_upload, :only => [:create, :update]
+  before_filter :find_by_id, :only => [:show, :edit, :update, :destroy]
 
   def model_of_controller
     ::Scaptimony::ScapContent
   end
 
-  # GET /scaptimony/scap_contents
   def index
     @contents = resource_base.search_for(params[:search])
+    if Scaptimony::ScapContent.all.count == 0
+      redirect_to :action => :new
+    end
   end
 
   def show
-    send_file @scaptimony_scap_content.path,
-      :type => "application/xml",
+    send_data @scaptimony_scap_content.scap_file,
+      :type     => 'application/xml',
       :filename => @scaptimony_scap_content.original_filename
   end
 
@@ -22,33 +24,40 @@ class ScaptimonyScapContentsController < ApplicationController
     @scaptimony_scap_content = ::Scaptimony::ScapContent.new
   end
 
-  # POST /scaptimony/scap_contents
   def create
     @scaptimony_scap_content = ::Scaptimony::ScapContent.new(params[:scap_content])
-    if @scaptimony_scap_content.store
-      process_success :success_redirect => scaptimony_scap_contents_path
+    if @scaptimony_scap_content.save
+      process_success
     else
       process_error
     end
   end
 
-  def handle_file_upload
-    return unless params[:scap_content] and
-       t = params[:scap_content][:scap_file]
-    params[:scap_content][:original_filename] = t.original_filename
-    params[:scap_content][:scap_file] = t.read if t.respond_to?(:read)
-  end
-
   def update
     if @scaptimony_scap_content.update_attributes(params[:scap_content])
-      process_success :success_redirect => scaptimony_scap_contents_path
+      process_success
     else
       process_error
     end
   end
 
+  def destroy
+    if @scaptimony_scap_content.destroy
+      process_success
+    else
+      process_error :object => @scaptimony_scap_content
+    end
+  end
+
   private
   def find_by_id
     @scaptimony_scap_content = resource_base.find(params[:id])
   end
+
+  def handle_file_upload
+    return unless params[:scap_content] && scap_raw_file = params[:scap_content][:scap_file]
+    params[:scap_content][:original_filename] = scap_raw_file.original_filename
+    params[:scap_content][:scap_file] = scap_raw_file.tempfile.read if scap_raw_file.tempfile.respond_to?(:read)
+  end
+
 end

data/app/helpers/concerns/foreman_openscap/hosts_helper_extensions.rb

@@ -3,12 +3,11 @@ module ForemanOpenscap
     extend ActiveSupport::Concern
 
     included do
-      # execute callbacks
+      alias_method_chain :multiple_actions, :scap
     end
 
-    # create or overwrite instance methods...
-    def instance_method_name
+    def multiple_actions_with_scap
+      multiple_actions_without_scap << [_('Assign Compliance Policy'), select_multiple_hosts_scaptimony_policies_path]
     end
   end
-
 end

data/app/helpers/scaptimony_policies_helper.rb

@@ -4,4 +4,26 @@ module ScaptimonyPoliciesHelper
     return @policy.scap_content.scap_content_profiles unless @policy.scap_content.blank?
     return []
   end
+
+  def submit_or_cancel_policy(form, overwrite = nil, args = { })
+    args[:cancel_path] ||= send("#{controller_name}_path")
+    content_tag(:div, :class => "clearfix") do
+      content_tag(:div, :class => "form-actions") do
+        text    = overwrite ? overwrite : _("Submit")
+        options = {:class => "btn btn-primary"}
+        options.merge! :'data-id' => form_to_submit_id(form) unless options.has_key?(:'data-id')
+        previous = form.object.first_step? ? ' ' : previous_link(form)
+        link_to(_("Cancel"), args[:cancel_path], :class => "btn btn-default") + previous +
+            form.submit(text, options)
+      end
+    end
+  end
+
+  def show_partial_wizard(step)
+    @policy.current_step == step ? 'show-pane' : 'hide-pane'
+  end
+
+  def previous_link(form)
+    (' ' + form.submit(_('Previous'), :class => 'btn btn-default', :onclick => "previous_step('#{@policy.previous_step}')") + ' ').html_safe
+  end
 end