RubyGems - foreman_openscap - Versions diffs - 0.3.4 → 0.4.0 - Mend

foreman_openscap 0.3.4 → 0.4.0

Files changed (46) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 09505297b4cd605e6283f0a175058d113c1e0e08
-  data.tar.gz: 9a91588dc7ca37021eb6a07fb98a04f8bcff22d9
+  metadata.gz: 48ae466c6c227a222397d8a8151177798cf1a035
+  data.tar.gz: 6abafa02b5291e3b1aa4c36a682e4ea931ccd646
 SHA512:
-  metadata.gz: 6555cda675dc06e1f7dab0071877c7536d8448bfed8ad74802c902461e8bfc19a0038249e1996690ef3e3f3e1fc1e0b7c276f6bd24fe8bfb147d8f042818d643
-  data.tar.gz: 83a232520d77ae6bfb0a3fb8f4713f77b6cc52e884d5984e2fa2a69c949954c8d498c6ae26330bd97cdaca33debbc3a7528100f2a243393919ba922cee63422f
+  metadata.gz: d3c84160ddb908cd9f928878bed4f11c14e9691fe827f072795003e1bc97687db1c2ce33826b57a3ef64997c10bd7d4e44aa5b9d505da02bf9b0145e53511e85
+  data.tar.gz: e9fcbe1028267dbc7ca0d548e41d4390309e540465609eefe739a3fce064566119d72a8fc498e6174697057be2642520839f1f15227ca1e1ac09fcf7fafc0af5

data/README.md CHANGED Viewed

@@ -1,5 +1,7 @@
 # Foreman-OpenSCAP
+[![Code Climate](https://codeclimate.com/github/OpenSCAP/foreman_openscap/badges/gpa.svg)](https://codeclimate.com/github/OpenSCAP/foreman_openscap)
 This plug-in enables automated vulnerability assessment and compliance audit
 of Foreman based infrastructure.
@@ -20,6 +22,83 @@ of Foreman based infrastructure.
   + Vulnerability Assessment (processing OVAL CVE streams)
   + E-mail notifications
+## Usage
+### Basic Concepts
+There are three basic concepts (entities) in OpenSCAP plug-in: SCAP Contents, Compliance
+Policies and ARF Reports.
+*SCAP Content* represents SCAP DataStream XML file as defined by SCAP 1.2 standard. Datastream
+file contains implementation of compliance, configuration or security baselines. Users are
+advised to acquire examplary baseline by installing scap-security-guide package. DataStream
+file usualy contains multiple XCCDF Profiles. Each for different security target. The content
+of Datastream file can be inspected by `oscap` tool from openscap-scanner package.
+  ```
+  # yum install -y scap-security-guide openscap-scanner
+  # oscap info /usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml
+  # oscap info /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
+  ```
+*Compliance Policy* is highlevel concept of a baseline applied to the infrastructure. Compliance
+Policy is defined by user on web interface. User may assign following information to the Policy:
++ SCAP Content
++ XCCDF Profile from particular SCAP Content
++ Host Groups that should comply with the policy
++ Schedule - the period in which the audit shall occur
+*ARF Report* is XML output of single scan occurance per single host. Asset Reporting File format
+is defined by SCAP 1.2 standard. Foreman plug-in stores the ARF Reports in database for later
+inspections.
+### User Interface
+The most of the Foreman-OpenSCAP controls are located in the *Compliance* section under the *Host*
+menu. The section contains three items as described in previous section: SCAP Contents, Compliance
+Policies, ARF Reports.
+### Prerequisites before the first use
+Make sure that
+1. smart_proxy_openscap and puppet-foreman_scap_client packages are installed on your proxies
+2. proxies have Foreman uri defined
+  ```
+  # echo ':foreman_url: https://foreman17.local.lan' >> /etc/foreman-proxy/settings.yml
+  ```
+3. foreman_scap_client puppet class is imported to your Foreman
+  1. Go to Configure -> Puppet classes page
+  2. Click Import button
+  3. Select foreman_scap_client
+### Setting-up first compliance policy
+1. Log-in to Web Interface
+2. Create new SCAP Content
+  1. Go to *Hosts -> Compliance -> SCAP contents* page
+  2. Upload DataSteam file
+3. Create new Policy
+  1. Go to Hosts -> Compliance -> Policies page
+  2. Assign SCAP Content to Policy
+  3. Select Profile from your SCAP Content
+  4. Define periodic scan schedule
+  5. Assign Hostgroups to the policy (hosts you want to audit should be assigned with one of the
+     hostgroups)
+4. Select particular hosts for compliance audit
+  1. Go to *Hosts -> All hosts* page
+  2. Select hosts
+  3. Use *Select Action -> Assign Compliance Policy* button
+5. Make sure the DataStream file is present on the clients' file system.
+   At the moment, Foreman infrastructure is not able to serve a file to the clients. Hence, users
+   are required to distribute their DataStrem file to each client. The expected location is
+   defined at *Compliance Policy -> Edit* dialogue.
+6. Inspect the compliance results
+  1. Go to *Hosts -> Compliance -> Reports* page
+  2. Wait for ARF Reports to show-up
+  3. Go to *Hosts -> Compliance -> Policies* page
+  4. Click the policy link to view dashboard and trend
 ## Installation from RPMS
 - Install Foreman from [upstream](http://theforeman.org/)
@@ -62,20 +141,9 @@ of Foreman based infrastructure.
   # service foreman restart
   ```
-## Usage
-Deploy [puppet-openscap](https://github.com/OpenSCAP/puppet-openscap) Puppet module
-on your client systems. Apply openscap::xccdf::foreman_audit puppet class using Foreman
-on your clients. The client will schedule OpenSCAP audit as requested by the Puppet
-class. The audit report will be then transfered from the client machine to the proxy
-(foreman-proxy_openscap). Then audit reports are forwarded from proxy to SCAPtimony
-in batches and achieved at your Foreman server.
-More coming, see future features above.
 ## Copyright
-Copyright (c) 2014 Red Hat, Inc.
+Copyright (c) 2014--2015 Red Hat, Inc.
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by

data/app/assets/javascript/foreman_openscap/scap_hosts_show.js ADDED Viewed

@@ -0,0 +1,4 @@
+$(function() {
+  // Not sure about this ugly hack.
+  $('.col-md-4 .stats-well').height($('.col-md-8 .stats-well').height() + 28);
+});

data/app/controllers/api/v2/compliance/arf_reports_controller.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2014 Red Hat Inc.
+# Copyright (c) 2014--2015 Red Hat Inc.
 #
 # This software is licensed to you under the GNU General Public License,
 # version 3 (GPLv3). There is NO WARRANTY for this software, express or
@@ -19,9 +19,45 @@ module Api
         include Api::Version2
         include Foreman::Controller::SmartProxyAuth
-        add_puppetmaster_filters :create
+        add_smart_proxy_filters :create, :features => 'Openscap'
-        api :POST, "/arf/:cname/:policy_id/:date", N_("Upload an ARF report")
+        before_filter :find_resource, :only => %w{show destroy}
+        def resource_name
+          'Scaptimony::ArfReport'
+        end
+        def get_resource
+          instance_variable_get :"@arf_report" or raise 'no resource loaded'
+        end
+        resource_description do
+          resource_id 'scaptimony_arf_reports'
+          api_version 'v2'
+          api_base_url "/api/v2"
+        end
+        api :GET, '/compliance/arf_reports', N_('List Arf reports')
+        param_group :search_and_pagination, ::Api::V2::BaseController
+        def index
+          @arf_reports = resource_scope_for_index(:permission => :edit_compliance).includes(:arf_report_breakdown, :asset)
+        end
+        api :GET, '/compliance/arf_reports/:id', N_('Show an Arf report')
+        param :id, :identifier, :required => true
+        def show
+        end
+        api :DELETE, '/compliance/arf_reports/:id', N_('Deletes an Arf Report')
+        param :id, :identifier, :required => true
+        def destroy
+          process_response @arf_report.destroy
+        end
+        api :POST, "/compliance/arf/:cname/:policy_id/:date", N_("Upload an ARF report")
         param :cname, :identifier, :required => true
         param :policy_id, :identifier, :required => true
         param :date, :identifier, :required => true
@@ -43,9 +79,16 @@ module Api
           # no matter what content-encoding says. Let's pass content-type arf-bzip2
           # and move forward.
           super unless
+            params[:action] == 'create' and
             request.content_type.end_with? 'arf-bzip2' and
             request.env['HTTP_CONTENT_ENCODING'] == 'x-bzip2'
         end
+        private
+        def find_resource
+          not_found and return if params[:id].blank?
+          instance_variable_set("@arf_report", resource_scope.find(params[:id]))
+        end
       end
     end
   end

data/app/controllers/api/v2/compliance/policies_controller.rb CHANGED Viewed

@@ -1,14 +1,7 @@
 module Api::V2
   module Compliance
     class PoliciesController < ::Api::V2::BaseController
-      include Api::Version2
-      include Foreman::Controller::SmartProxyAuth
-      add_puppetmaster_filters :content
-      before_filter :find_resource, :only => %w{content}
-      attr_reader :detected_proxy
+      before_filter :find_resource, :except => %w{index create}
       def resource_name
         'Scaptimony::Policy'
@@ -18,35 +11,69 @@ module Api::V2
         instance_variable_get :"@policy" or raise 'no resource loaded'
       end
+      def policy_url(policy = nil)
+        api_policy_url(@policy)
+      end
       resource_description do
         resource_id 'scaptimony_policies'
         api_version 'v2'
         api_base_url "/api/v2"
       end
-      api :GET, '/compliance/policies/:id/content', N_("Show a policy's SCAP content")
+      api :GET, '/compliance/policies', N_('List SCAP contents')
+      param_group :search_and_pagination, ::Api::V2::BaseController
+      def index
+        @policies = resource_scope_for_index(:permission => :edit_compliance)
+      end
+      api :GET, '/compliance/policies/:id', N_('Show an SCAP content')
       param :id, :identifier, :required => true
-      def content
-        @scap_content = @policy.scap_content
-        send_data @scap_content.scap_file,
-                  :type     => 'application/xml',
-                  :filename => @scap_content.original_filename
+      def show
+      end
+      def_param_group :policy do
+        param :policy, Hash, :required => true, :action_aware => true do
+          param :name, String, :required => true, :desc => N_('Policy name')
+          param :description, String, :desc => N_('Policy description')
+          param :scap_content_id, Integer, :required => true, :desc => N_('Policy scap content id')
+          param :scap_content_profile_id, Integer, :required => true, :desc => N_('Policy scap content profile id')
+          param :period, String, :required => true, :desc => N_('Policy schedule period')
+          param :weekday, String, :required => true, :desc => N_('Policy schedule weekday')
+          param :hostgroup_ids, Array, :desc => N_('Apply policy to hostgroups')
+          param_group :taxonomies, ::Api::V2::BaseController
+        end
+      end
+      api :POST, '/compliance/policies', N_('Create a policy')
+      param_group :policy, :as => :create
+      def create
+        @policy = Scaptimony::Policy.new(params[:policy])
+        process_response @policy.save
+      end
+      api :PUT, '/compliance/policies/:id', N_('Update a policy')
+      param :id, :identifier, :required => true
+      param_group :policy
+      def update
+        process_response @policy.update_attributes(params[:policy])
+      end
+      api :DELETE, '/compliance/policies/:id', N_('Deletes a policy')
+      param :id, :identifier, :required => true
+      def destroy
+        process_response @policy.destroy
       end
       private
       def find_resource
         not_found and return if params[:id].blank?
-        instance_variable_set("@policy", Scaptimony::Policy.find(params[:id]))
-      end
-      def action_permission
-        case params[:action]
-          when 'content'
-            :view
-          else
-            super
-        end
+        instance_variable_set("@policy", resource_scope.find(params[:id]))
       end
     end
   end

data/app/controllers/api/v2/compliance/scap_contents_controller.rb ADDED Viewed

@@ -0,0 +1,74 @@
+module Api::V2
+  module Compliance
+    class ScapContentsController < ::Api::V2::BaseController
+      before_filter :find_resource, :except => %w{index create}
+      def resource_name
+        'Scaptimony::ScapContent'
+      end
+      def get_resource
+        instance_variable_get :"@scap_content" or raise 'no resource loaded'
+      end
+      resource_description do
+        resource_id 'scaptimony_scap_contents'
+        api_version 'v2'
+        api_base_url "/api/v2"
+      end
+      api :GET, '/compliance/scap_contents', N_('List SCAP contents')
+      param_group :search_and_pagination, ::Api::V2::BaseController
+      def index
+        @scap_contents = resource_scope_for_index(:permission => :edit_compliance)
+      end
+      api :GET, '/compliance/scap_contents/:id', N_('Show an SCAP content')
+      param :id, :identifier, :required => true
+      def show
+        send_data @scap_content.scap_file,
+                  :type     => 'application/xml',
+                  :filename => @scap_content.original_filename
+      end
+      def_param_group :scap_content do
+        param :scap_content, Hash, :required => true, :action_aware => true do
+          param :title, String, :required => true, :desc => N_('Scap content name')
+          param :scap_file, String, :required => true
+          param_group :taxonomies, ::Api::V2::BaseController
+        end
+      end
+      api :POST, '/compliance/scap_contents', N_('Create SCAP content')
+      param_group :scap_content, :as => :create
+      def create
+        @scap_content = Scaptimony::ScapContent.new(params[:scap_content])
+        process_response @scap_content.save
+      end
+      api :PUT, '/compliance/scap_contents/:id', N_('Update an SCAP content')
+      param :id, :identifier, :required => true
+      param_group :scap_content
+      def update
+        process_response @scap_content.update_attributes(params[:scap_content])
+      end
+      api :DELETE, '/compliance/scap_contents/:id', N_('Deletes an SCAP content')
+      param :id, :identifier, :required => true
+      def destroy
+        process_response @scap_content.destroy
+      end
+      private
+      def find_resource
+        not_found and return if params[:id].blank?
+        instance_variable_set("@scap_content", resource_scope.find(params[:id]))
+      end
+    end
+  end
+end

data/app/controllers/scaptimony_hosts_controller.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class ScaptimonyHostsController < ApplicationController
+  def show
+    @host = Host.find(params[:id])
+  end
+end

data/app/controllers/scaptimony_policies_controller.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 class ScaptimonyPoliciesController < ApplicationController
   include Foreman::Controller::AutoCompleteSearch
   before_filter :find_by_id, :only => [:show, :edit, :update, :parse, :destroy]
-  before_filter :find_multiple, :only => [:select_multiple_hosts, :update_multiple_hosts]
+  before_filter :find_multiple, :only => [:select_multiple_hosts, :update_multiple_hosts, :disassociate_multiple_hosts, :remove_policy_from_multiple_hosts]
   def model_of_controller
     ::Scaptimony::Policy
@@ -73,7 +73,7 @@ class ScaptimonyPoliciesController < ApplicationController
   def update_multiple_hosts
     if (id = params['policy']['id'])
       policy = ::Scaptimony::Policy.find(id)
-      policy.assign_hosts @hosts
+      policy.assign_hosts(@hosts)
       notice _("Updated hosts: Assigned with compliance policy: #{policy.name}")
       # We prefer to go back as this does not lose the current search
       redirect_to hosts_path
@@ -83,6 +83,20 @@ class ScaptimonyPoliciesController < ApplicationController
     end
   end
+  def disassociate_multiple_hosts; end
+  def remove_policy_from_multiple_hosts
+    if (id = params.fetch(:policy, {})[:id])
+      policy = ::Scaptimony::Policy.find(id)
+      policy.unassign_hosts(@hosts)
+      notice _("Updated hosts: Unassigned from compliance policy '%s'") % policy.name
+      redirect_to hosts_path
+    else
+      error _('No valid policy id provided')
+      redirect_to hosts_path
+    end
+  end
   def welcome
     @searchbar = true
     if (model_of_controller.first.nil? rescue false)

data/app/helpers/concerns/foreman_openscap/hosts_helper_extensions.rb CHANGED Viewed

@@ -6,8 +6,39 @@ module ForemanOpenscap
       alias_method_chain :multiple_actions, :scap
     end
+    Colors = {
+        :passed  => '#89A54E',
+        :failed  => '#AA4643',
+        :othered => '#DB843D',
+    }
     def multiple_actions_with_scap
-      multiple_actions_without_scap << [_('Assign Compliance Policy'), select_multiple_hosts_scaptimony_policies_path]
+      multiple_actions_without_scap + [[_('Assign Compliance Policy'), select_multiple_hosts_scaptimony_policies_path],
+                                       [_('Unassign Compliance Policy'), disassociate_multiple_hosts_scaptimony_policies_path]]
+    end
+    def host_policy_breakdown_chart(report, options = {})
+      data = []
+      [[:passed, _('Passed')],
+       [:failed, _('Failed')],
+       [:othered, _('Other')],
+      ].each { |i|
+        data << {:label => i[1], :data => report[i[0]], :color => Colors[i[0]]}
+      }
+      flot_pie_chart 'overview', _('Compliance reports breakdown'), data, options
+    end
+    def host_arf_reports_chart(policy_id)
+      passed, failed, othered, = [], [], []
+      @host.arf_reports.of_policy(policy_id).each do |report|
+        passed  << [report.created_at.to_i*1000, report.passed]
+        failed  << [report.created_at.to_i*1000, report.failed]
+        othered << [report.created_at.to_i*1000, report.othered]
+      end
+      [{:label => _("Passed"), :data => passed, :color => Colors[:passed]},
+       {:label => _("Failed"), :data => failed, :color => Colors[:failed]},
+       {:label => _("Othered"), :data => othered, :color => Colors[:othered]}]
     end
   end
 end

data/app/models/concerns/foreman_openscap/arf_report_extensions.rb CHANGED Viewed

@@ -21,6 +21,7 @@ module ForemanOpenscap
       scope :hosts, lambda { includes(:policy, :arf_report_breakdown) }
       scope :latest, lambda { includes(:host, :policy, :arf_report_breakdown).limit(5).order("scaptimony_arf_reports.created_at DESC") }
+      scope :of_policy, lambda {|policy_id| {:conditions => {:policy_id => policy_id}}}
       scoped_search :in => :host, :on => :name, :complete_value => :true, :rename => "host"

data/app/models/concerns/foreman_openscap/host_extensions.rb CHANGED Viewed

@@ -26,7 +26,7 @@ module ForemanOpenscap
     end
     def combined_policies
-      combined = self.hostgroup ? self.policies + self.hostgroup.policies : self.policies
+      combined = self.policies + self.hostgroup.policies
       combined.uniq
     end

data/app/models/concerns/foreman_openscap/policy_extensions.rb CHANGED Viewed

@@ -129,12 +129,16 @@ module ForemanOpenscap
       assign_assets hosts.map &:get_asset
     end
+    def unassign_hosts(hosts)
+      host_asset_ids = Scaptimony::Asset.where(:assetable_type => 'Host::Base', :assetable_id => hosts.map(&:id)).pluck(:id)
+      self.asset_ids = self.asset_ids - host_asset_ids
+    end
     def to_enc
       {
         'id' => self.id,
         'profile_id' => self.scap_content_profile.try(:profile_id) || '',
         'content_path' => "/var/lib/openscap/content/#{self.scap_content.digest}.xml",
-        'download_path' => "/compliance/policies/#{self.id}/content" # default to proxy path
       }.merge(period_enc)
     end

data/app/overrides/hosts/overview/host_compliance_status.rb ADDED Viewed

@@ -0,0 +1,4 @@
+Deface::Override.new(:virtual_path  => "hosts/_overview",
+                     :name          => "add_compliance_check",
+                     :insert_after => "#properties_table",
+                     :partial       =>  "scaptimony_hosts/host_status")

data/app/services/scaptimony/host_report_dashboard/data.rb ADDED Viewed

@@ -0,0 +1,38 @@
+module Scaptimony::HostReportDashboard
+  class Data
+    attr_reader :report
+    def initialize(policy_id, asset_id)
+      @latest_report = Scaptimony::ArfReport.where(:asset_id =>  asset_id, :policy_id => policy_id).order('created_at DESC').limit(1).first
+      @report = {}
+      fetch_data
+    end
+    private
+    attr_writer :report
+    attr_accessor :latest_report
+    def fetch_data
+      report.update(
+          {
+            :passed  => report_passed,
+            :failed  => report_failed,
+            :othered => report_othered
+          }
+      )
+    end
+    def report_passed
+      @latest_report.passed
+    end
+    def report_failed
+      @latest_report.failed
+    end
+    def report_othered
+      @latest_report.othered
+    end
+  end
+end

data/app/views/api/v2/compliance/arf_reports/base.json.rabl ADDED Viewed

@@ -0,0 +1,4 @@
+object @arf_report
+attributes :id, :passed, :failed, :othered
+node(:host) { |arf_report| arf_report.host.name }

data/app/views/api/v2/compliance/arf_reports/index.json.rabl ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ collection @arf_reports
2	+ extends "api/v2/compliance/arf_reports/main"

data/app/views/api/v2/compliance/arf_reports/main.json.rabl ADDED Viewed

@@ -0,0 +1,5 @@
+object @arf_report
+extends "api/v2/compliance/arf_reports/base"
+attributes :created_at, :updated_at

data/app/views/api/v2/compliance/arf_reports/show.json.rabl ADDED Viewed

@@ -0,0 +1,3 @@
+object @arf_report
+extends "api/v2/compliance/arf_reports/main"

data/app/views/api/v2/compliance/policies/base.json.rabl ADDED Viewed

@@ -0,0 +1,3 @@
+object @policy
+attributes :id, :name, :period, :weekday, :description, :scap_content_id, :scap_content_profile_id, :day_of_month, :cron_line

data/app/views/api/v2/compliance/policies/index.json.rabl ADDED Viewed

@@ -0,0 +1,3 @@
+collection @policies
+extends "api/v2/compliance/policies/main"

data/app/views/api/v2/compliance/policies/main.json.rabl ADDED Viewed

@@ -0,0 +1,5 @@
+object @policy
+extends "api/v2/compliance/policies/base"
+attributes :created_at, :updated_at

data/app/views/api/v2/compliance/policies/show.json.rabl ADDED Viewed

@@ -0,0 +1,3 @@
+object @policy
+extends "api/v2/compliance/policies/main"

data/app/views/api/v2/compliance/scap_contents/base.json.rabl ADDED Viewed

@@ -0,0 +1,3 @@
+object @scap_content
+attributes :id, :title, :original_filename, :digest

data/app/views/api/v2/compliance/scap_contents/index.json.rabl ADDED Viewed

@@ -0,0 +1,3 @@
+collection @scap_contents
+extends "api/v2/compliance/scap_contents/main"

data/app/views/api/v2/compliance/scap_contents/main.json.rabl ADDED Viewed

@@ -0,0 +1,5 @@
+object @scap_content
+extends "api/v2/compliance/scap_contents/base"
+attributes :created_at, :updated_at

data/app/views/api/v2/compliance/scap_contents/show.json.rabl ADDED Viewed

	@@ -0,0 +1 @@
1	+ object @scap_content

data/app/views/dashboard/_foreman_openscap_host_reports_widget.html.erb CHANGED Viewed

@@ -13,7 +13,7 @@
     </tr>
     <% latest_reports.each do |report| %>
       <tr>
-        <td><%= link_to h(report.host.nil? ? _('Host does not exist anymore') : report.host.name), scaptimony_arf_report_path(report) %></td>
+        <td><%= link_to h(report.host.name), scaptimony_arf_report_path(report) %></td>
         <td><%= link_to h(report.policy.name), scaptimony_policy_dashboard_scaptimony_policy_path(report.policy) %></td>
         <td><%= report_event_column(report.passed, "label-success")  %></td>
         <td><%= report_event_column(report.failed, "label-danger")  %></td>

data/app/views/scaptimony_arf_reports/_list.html.erb CHANGED Viewed

@@ -9,7 +9,7 @@
   </tr>
   <% for arf_report in @arf_reports %>
     <tr>
-      <td><%= arf_report.host.nil? ? _('Host does not exist anymore') : name_column(arf_report.host) %></td>
+      <td><%= name_column(arf_report.host) %></td>
       <td><%= _("%s ago") % time_ago_in_words(arf_report.date) %></td>
       <td><%= report_arf_column(arf_report.passed, "label-info") %></th>
       <td><%= report_arf_column(arf_report.failed, "label-danger") %></th>

data/app/views/scaptimony_hosts/_host_status.html.erb ADDED Viewed

@@ -0,0 +1,17 @@
+<% if host.arf_reports.any? %>
+<table class="table table-bordered table-striped" id="compliance">
+  <tr>
+    <th colspan="2"><%= _('Compliance Properties') %></th>
+  </tr>
+  <tr>
+    <td><%= _('Compliance') %></td>
+    <td>
+      <% if host.arf_reports.search_for('failed > 0').blank? %>
+        <%= link_to(report_event_column('O', "label-success"), scaptimony_host_path(host.id)) %>
+      <% else %>
+        <%= link_to(report_event_column('F', "label-danger"), scaptimony_host_path(host.id)) %>
+      <% end %>
+    </td>
+  </tr>
+</table>
+<% end %>

data/app/views/scaptimony_hosts/show.html.erb ADDED Viewed

@@ -0,0 +1,23 @@
+<%= javascript 'dashboard', 'foreman_openscap/scap_hosts_show' %>
+<% title _("%s compliance reports by policy") % @host.to_label %>
+<% @host.policies.each do |policy| %>
+  <h2 class="center-block"><%= _('Policy %s') % policy %></h2>
+  <div class="row">
+    <div class="col-md-4">
+      <div class="stats-well">
+        <h4 class="header ca"><%= _('%s latest report') % policy.name %></h4>
+        <% report = Scaptimony::HostReportDashboard::Data.new(policy.id, @host.asset.id).report %>
+        <%= host_policy_breakdown_chart(report, :class => 'statistics-pie small') %>
+      </div>
+    </div>
+    <div class="col-md-8">
+      <div class="stats-well">
+        <h4 class="ca"><%= _("%s reports over time") % policy %></h4>
+        <%= flot_chart('resource_graph', '', '', host_arf_reports_chart(policy.id)) %>
+      </div>
+    </div>
+  </div>
+  <hr style="border: 1px solid #eeeeee"/>
+<% end %>

data/app/views/scaptimony_policies/disassociate_multiple_hosts.html.erb ADDED Viewed

@@ -0,0 +1,7 @@
+<%= render 'hosts/selected_hosts', :hosts => @hosts %>
+<%= form_for :policy,
+             :url => remove_policy_from_multiple_hosts_scaptimony_policies_path(:host_ids => params[:host_ids]) do |f| %>
+    <%= selectable_f f, :id, [[_('Select Compliance Policy'), 'disabled'],
+                             ] + Scaptimony::Policy.all.map{|e| [e.name, e.id]},{},
+                        :onchange => 'toggle_multiple_ok_button(this)' %>
+<% end %>

data/config/routes.rb CHANGED Viewed

@@ -22,6 +22,8 @@ Rails.application.routes.draw do
         post 'scap_content_selected'
         get 'select_multiple_hosts'
         post 'update_multiple_hosts'
+        get 'disassociate_multiple_hosts'
+        post 'remove_policy_from_multiple_hosts'
       end
     end
     resources :scap_contents,
@@ -30,16 +32,18 @@ Rails.application.routes.draw do
         get 'auto_complete_search'
       end
     end
+    resources :hosts, :only => [:show], :as => :scaptimony_hosts, :controller => :scaptimony_hosts
   end
   namespace :api do
     scope "(:apiv)", :module => :v2, :defaults => {:apiv => 'v2'},
           :apiv => /v1|v2/, :constraints => ApiConstraints.new(:version => 2) do
       namespace :compliance do
+        resources :scap_contents, :except => [:new, :edit]
+        resources :policies, :except => [:new, :edit]
+        resources :arf_reports, :only => [:index, :show, :destroy]
         post 'arf_reports/:cname/:policy_id/:date', \
               :constraints => { :cname => /[^\/]+/ }, :to => 'arf_reports#create'
-        get 'policies/:id/content', :to => 'policies#content'
       end
     end
   end

data/lib/foreman_openscap/engine.rb CHANGED Viewed

@@ -19,6 +19,7 @@ module ForemanOpenscap
       app.config.assets.precompile += %w(
         'foreman_openscap/policy_edit.js',
         'foreman_openscap/period_selector.js',
+        'foreman_openscap/scap_hosts_show.js',
         'foreman_openscap/policy.css'
       )
     end
@@ -27,6 +28,7 @@ module ForemanOpenscap
       SETTINGS[:foreman_openscap] =
           {:assets => {:precompile => ['foreman_openscap/policy_edit.js',
                                        'foreman_openscap/period_selector.js',
+                                       'foreman_openscap/scap_hosts_show.js',
                                        'foreman_openscap/policy.css']}}
     end

data/lib/foreman_openscap/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ForemanOpenscap
-  VERSION = "0.3.4"
+  VERSION = "0.4.0"
 end

data/test/factories/arf_report_factory.rb ADDED Viewed

@@ -0,0 +1,10 @@
+FactoryGirl.define do
+  factory :arf_report, :class => Scaptimony::ArfReport do |f|
+    f.asset
+    f.policy
+    f.sequence :digest do |n|
+      "#{n}#{n}#{n}aabbcc#{n}3322dd"
+    end
+    date '1973-01-13'
+  end
+end

data/test/factories/asset_factory.rb ADDED Viewed

@@ -0,0 +1,6 @@
+FactoryGirl.define do
+  factory :asset, :class => Scaptimony::Asset do |f|
+    f.assetable_id FactoryGirl.create(:host).id
+    f.assetable_type 'Host::Base'
+  end
+end

data/test/factories/policy_factory.rb CHANGED Viewed

@@ -8,5 +8,4 @@ FactoryGirl.define do
     day_of_month '1'
     cron_line '* * * * 30'
   end
-end
+end

data/test/factories/scap_content_related.rb CHANGED Viewed

@@ -13,4 +13,3 @@ FactoryGirl.define do
     f.title 'test Profile for testing'
   end
 end

data/test/files/scap_contents/ssg-fedora-ds.xml CHANGED Viewed

@@ -5617,31 +5617,4 @@ To verify insecure file locking has been disabled, run the following command:
     <external_variable comment="maximum password age" datatype="int" id="oval:ssg:var:282" version="1"/>
     <external_variable comment="timeout value" datatype="int" id="oval:ssg:var:283" version="1"/>
   </variables>
-</oval_definitions></ds:component></ds:data-stream-collection>
+</oval_definitions></ds:component></ds:data-stream-collection>

data/test/functional/api/v2/arf_reports_controller_test.rb ADDED Viewed

@@ -0,0 +1,24 @@
+require 'test_plugin_helper'
+class Api::V2::ArfReportsControllerTest < ActionController::TestCase
+  setup do
+    # override validation of policy (puppetclass, lookup_key overrides)
+    Scaptimony::Policy.any_instance.stubs(:valid?).returns(true)
+  end
+  test "should get index" do
+    FactoryGirl.create(:arf_report)
+    get :index, {}, set_session_user
+    response = ActiveSupport::JSON.decode(@response.body)
+    assert_not response['results'].empty?
+    assert_response :success
+  end
+  test "should get show" do
+    get :show, { :id => FactoryGirl.create(:arf_report).to_param }, set_session_user
+    response = ActiveSupport::JSON.decode(@response.body)
+    refute response['passed'].blank?
+    refute response['failed'].blank?
+    refute response['othered'].blank?
+    assert_response :success
+  end
+end

data/test/functional/api/v2/policies_controller_test.rb ADDED Viewed

@@ -0,0 +1,58 @@
+require 'test_plugin_helper'
+class Api::V2::PoliciesControllerTest < ActionController::TestCase
+  setup do
+    Scaptimony::Policy.any_instance.stubs(:ensure_needed_puppetclasses).returns(true)
+  end
+  test "should get index" do
+    FactoryGirl.create(:policy)
+    get :index, {}, set_session_user
+    response = ActiveSupport::JSON.decode(@response.body)
+    assert response['results'].length > 0
+    assert_response :success
+  end
+  test "should show a policy" do
+    policy = FactoryGirl.create(:policy)
+    get :show, { :id => policy.to_param }, set_session_user
+    response = ActiveSupport::JSON.decode(@response.body)
+    assert response['name'], policy.name
+    assert_response :success
+  end
+  test "should update a policy" do
+    policy = FactoryGirl.create(:policy)
+    put :update, {:id => policy.id, :policy => {:period => 'monthly'}}
+    updated_policy = ActiveSupport::JSON.decode(@response.body)
+    assert(updated_policy['period'], 'monthly')
+    assert_response :ok
+  end
+  test "should not update invalid" do
+    policy = FactoryGirl.create(:policy)
+    put :update, {:id => policy.id, :policy => {:name => 'say my name'}}
+    assert_response :unprocessable_entity
+  end
+  test "should create a policy" do
+    scap_content_profile = FactoryGirl.create(:scap_content_profile)
+    attributes = {:policy => {:name => 'my_policy', :scap_content_profile_id => scap_content_profile.id, :scap_content_id => scap_content_profile.scap_content_id}}
+    post :create, attributes, set_session_user
+    response = ActiveSupport::JSON.decode(@response.body)
+    assert response['scap_content_profile_id'], scap_content_profile.to_param
+    assert_response :created
+  end
+  test "should not create invalid policy" do
+    post :create, {}, set_session_user
+    assert_response :unprocessable_entity
+  end
+  test "should destroy" do
+    policy = FactoryGirl.create(:policy)
+    delete :destroy, { :id => policy.id }, set_session_user
+    assert_response :ok
+    refute Scaptimony::Policy.exists?(policy.id)
+  end
+end

data/test/functional/api/v2/scap_contents_controller_test.rb ADDED Viewed

@@ -0,0 +1,49 @@
+require 'test_plugin_helper'
+class Api::V2::ScapContentsControllerTest < ActionController::TestCase
+  test "should get index" do
+    FactoryGirl.create(:scap_content)
+    get :index, {}, set_session_user
+    response = ActiveSupport::JSON.decode(@response.body)
+    assert response['results'].any?
+    assert_response :success
+  end
+  test "should return xml of scap content" do
+    scap_content = FactoryGirl.create(:scap_content)
+    get :show, { :id => scap_content.id }, set_session_user
+    assert(@response.header['Content-Type'], 'application/xml')
+    assert_response :success
+  end
+  test "should create invalid scap content" do
+    post :create, {}, set_session_user
+    assert_response :unprocessable_entity
+  end
+  test "should create scap content" do
+    # Skipped as API does not support uploading files
+    skip
+  end
+  test "should update scap content" do
+    scap_content = FactoryGirl.create(:scap_content)
+    put :update, { :id => scap_content.id, :scap_content => {:title => 'RHEL7 SCAP'}}, set_session_user
+    assert_response :success
+    assert scap_content.title, 'RHEL7 SCAP'
+  end
+  test "should not update invalid scap content"  do
+    scap_content = FactoryGirl.create(:scap_content)
+    put :update, { :id => scap_content.id, :scap_content => {:scap_file => '<xml>blah</xml>'}}, set_session_user
+    assert_response :unprocessable_entity
+  end
+  test "should destory scap content" do
+    scap_content = FactoryGirl.create(:scap_content)
+    delete :destroy, { :id => scap_content.id }, set_session_user
+    assert_response :ok
+    refute Scaptimony::ScapContent.exists?(scap_content.id)
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: foreman_openscap
 version: !ruby/object:Gem::Version
-  version: 0.3.4
+  version: 0.4.0
 platform: ruby
 authors:
 - "Šimon Lukašík"
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-05-07 00:00:00.000000000 Z
+date: 2015-03-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: deface
@@ -47,14 +47,16 @@ extra_rdoc_files: []
 files:
 - LICENSE
 - README.md
-- Rakefile
 - app/assets/javascript/foreman_openscap/period_selector.js
 - app/assets/javascript/foreman_openscap/policy_edit.js
+- app/assets/javascript/foreman_openscap/scap_hosts_show.js
 - app/assets/stylesheets/foreman_openscap/policy.css.scss
 - app/controllers/api/v2/compliance/arf_reports_controller.rb
 - app/controllers/api/v2/compliance/policies_controller.rb
+- app/controllers/api/v2/compliance/scap_contents_controller.rb
 - app/controllers/scaptimony_arf_reports_controller.rb
 - app/controllers/scaptimony_dashboard_controller.rb
+- app/controllers/scaptimony_hosts_controller.rb
 - app/controllers/scaptimony_policies_controller.rb
 - app/controllers/scaptimony_policy_dashboard_controller.rb
 - app/controllers/scaptimony_scap_contents_controller.rb
@@ -70,20 +72,37 @@ files:
 - app/models/concerns/foreman_openscap/policy_extensions.rb
 - app/models/concerns/foreman_openscap/scap_content_extensions.rb
 - app/overrides/hosts/index/host_arf_report.rb
+- app/overrides/hosts/overview/host_compliance_status.rb
+- app/services/scaptimony/host_report_dashboard/data.rb
 - app/services/scaptimony/policy_dashboard/data.rb
 - app/services/scaptimony/policy_dashboard/loader.rb
 - app/services/scaptimony/policy_dashboard/manager.rb
 - app/services/scaptimony/report_dashboard/data.rb
+- app/views/api/v2/compliance/arf_reports/base.json.rabl
+- app/views/api/v2/compliance/arf_reports/index.json.rabl
+- app/views/api/v2/compliance/arf_reports/main.json.rabl
+- app/views/api/v2/compliance/arf_reports/show.json.rabl
+- app/views/api/v2/compliance/policies/base.json.rabl
+- app/views/api/v2/compliance/policies/index.json.rabl
+- app/views/api/v2/compliance/policies/main.json.rabl
+- app/views/api/v2/compliance/policies/show.json.rabl
+- app/views/api/v2/compliance/scap_contents/base.json.rabl
+- app/views/api/v2/compliance/scap_contents/index.json.rabl
+- app/views/api/v2/compliance/scap_contents/main.json.rabl
+- app/views/api/v2/compliance/scap_contents/show.json.rabl
 - app/views/dashboard/_foreman_openscap_host_reports_widget.html.erb
 - app/views/dashboard/_foreman_openscap_reports_breakdown_widget.html.erb
 - app/views/scaptimony_arf_reports/_host_report.html.erb
 - app/views/scaptimony_arf_reports/_list.html.erb
 - app/views/scaptimony_arf_reports/index.html.erb
 - app/views/scaptimony_arf_reports/show.html.erb
+- app/views/scaptimony_hosts/_host_status.html.erb
+- app/views/scaptimony_hosts/show.html.erb
 - app/views/scaptimony_policies/_form.html.erb
 - app/views/scaptimony_policies/_list.html.erb
 - app/views/scaptimony_policies/_scap_content_results.html.erb
 - app/views/scaptimony_policies/create.html.erb
+- app/views/scaptimony_policies/disassociate_multiple_hosts.html.erb
 - app/views/scaptimony_policies/edit.html.erb
 - app/views/scaptimony_policies/index.html.erb
 - app/views/scaptimony_policies/new.html.erb
@@ -114,11 +133,14 @@ files:
 - lib/foreman_openscap/helper.rb
 - lib/foreman_openscap/version.rb
 - lib/tasks/foreman_openscap_tasks.rake
-- test/factories/foreman_openscap_factories.rb
+- test/factories/arf_report_factory.rb
+- test/factories/asset_factory.rb
 - test/factories/policy_factory.rb
 - test/factories/scap_content_related.rb
 - test/files/scap_contents/ssg-fedora-ds.xml
-- test/functional/api/v2/compliance/policies_controller_test.rb
+- test/functional/api/v2/arf_reports_controller_test.rb
+- test/functional/api/v2/policies_controller_test.rb
+- test/functional/api/v2/scap_contents_controller_test.rb
 - test/test_plugin_helper.rb
 - test/unit/openscap_host_test.rb
 homepage: https://github.com/OpenSCAP/foreman_openscap
@@ -149,8 +171,11 @@ test_files:
 - test/unit/openscap_host_test.rb
 - test/test_plugin_helper.rb
 - test/files/scap_contents/ssg-fedora-ds.xml
-- test/functional/api/v2/compliance/policies_controller_test.rb
+- test/functional/api/v2/arf_reports_controller_test.rb
+- test/functional/api/v2/scap_contents_controller_test.rb
+- test/functional/api/v2/policies_controller_test.rb
+- test/factories/asset_factory.rb
 - test/factories/policy_factory.rb
 - test/factories/scap_content_related.rb
-- test/factories/foreman_openscap_factories.rb
+- test/factories/arf_report_factory.rb
 has_rdoc:

data/Rakefile DELETED Viewed

@@ -1,40 +0,0 @@
-#!/usr/bin/env rake
-begin
-  require 'bundler/setup'
-rescue LoadError
-  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
-end
-begin
-  require 'rdoc/task'
-rescue LoadError
-  require 'rdoc/rdoc'
-  require 'rake/rdoctask'
-  RDoc::Task = Rake::RDocTask
-end
-RDoc::Task.new(:rdoc) do |rdoc|
-  rdoc.rdoc_dir = 'rdoc'
-  rdoc.title    = 'ForemanOpenscap'
-  rdoc.options << '--line-numbers'
-  rdoc.rdoc_files.include('README.rdoc')
-  rdoc.rdoc_files.include('lib/**/*.rb')
-end
-APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
-load 'rails/tasks/engine.rake'
-Bundler::GemHelper.install_tasks
-require 'rake/testtask'
-Rake::TestTask.new(:test) do |t|
-  t.libs << 'lib'
-  t.libs << 'test'
-  t.pattern = 'test/**/*_test.rb'
-  t.verbose = false
-end
-task :default => :test

data/test/factories/foreman_openscap_factories.rb DELETED Viewed

@@ -1,5 +0,0 @@
-# FactoryGirl.define do
-#   factory :host do
-#     name 'foreman_openscap'
-#   end
-# end

data/test/functional/api/v2/compliance/policies_controller_test.rb DELETED Viewed

@@ -1,14 +0,0 @@
-require 'test_plugin_helper'
-class Api::V2::Compliance::PoliciesControllerTest < ActionController::TestCase
-  setup do
-    Scaptimony::Policy.any_instance.stubs(:ensure_needed_puppetclasses).returns(true)
-  end
-  test "should return xml of scap content" do
-    policy = FactoryGirl.create(:policy)
-    get :content, { :id => policy.id }, set_session_user
-    assert(@response.header['Content-Type'], 'application/xml')
-    assert_response :success
-  end
-end