RubyGems - foreman_openscap - Versions diffs - 0.3.4 → 0.4.0 - Mend

foreman_openscap 0.3.4 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (46) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 09505297b4cd605e6283f0a175058d113c1e0e08
-  data.tar.gz: 9a91588dc7ca37021eb6a07fb98a04f8bcff22d9
+  metadata.gz: 48ae466c6c227a222397d8a8151177798cf1a035
+  data.tar.gz: 6abafa02b5291e3b1aa4c36a682e4ea931ccd646
 SHA512:
-  metadata.gz: 6555cda675dc06e1f7dab0071877c7536d8448bfed8ad74802c902461e8bfc19a0038249e1996690ef3e3f3e1fc1e0b7c276f6bd24fe8bfb147d8f042818d643
-  data.tar.gz: 83a232520d77ae6bfb0a3fb8f4713f77b6cc52e884d5984e2fa2a69c949954c8d498c6ae26330bd97cdaca33debbc3a7528100f2a243393919ba922cee63422f
+  metadata.gz: d3c84160ddb908cd9f928878bed4f11c14e9691fe827f072795003e1bc97687db1c2ce33826b57a3ef64997c10bd7d4e44aa5b9d505da02bf9b0145e53511e85
+  data.tar.gz: e9fcbe1028267dbc7ca0d548e41d4390309e540465609eefe739a3fce064566119d72a8fc498e6174697057be2642520839f1f15227ca1e1ac09fcf7fafc0af5

data/README.md CHANGED Viewed

@@ -1,5 +1,7 @@
 # Foreman-OpenSCAP
+[![Code Climate](https://codeclimate.com/github/OpenSCAP/foreman_openscap/badges/gpa.svg)](https://codeclimate.com/github/OpenSCAP/foreman_openscap)
 This plug-in enables automated vulnerability assessment and compliance audit
 of Foreman based infrastructure.
@@ -20,6 +22,83 @@ of Foreman based infrastructure.
   + Vulnerability Assessment (processing OVAL CVE streams)
   + E-mail notifications
+## Usage
+### Basic Concepts
+There are three basic concepts (entities) in OpenSCAP plug-in: SCAP Contents, Compliance
+Policies and ARF Reports.
+*SCAP Content* represents SCAP DataStream XML file as defined by SCAP 1.2 standard. Datastream
+file contains implementation of compliance, configuration or security baselines. Users are
+advised to acquire examplary baseline by installing scap-security-guide package. DataStream
+file usualy contains multiple XCCDF Profiles. Each for different security target. The content
+of Datastream file can be inspected by `oscap` tool from openscap-scanner package.
+  ```
+  # yum install -y scap-security-guide openscap-scanner
+  # oscap info /usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml
+  # oscap info /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
+  ```
+*Compliance Policy* is highlevel concept of a baseline applied to the infrastructure. Compliance
+Policy is defined by user on web interface. User may assign following information to the Policy:
++ SCAP Content
++ XCCDF Profile from particular SCAP Content
++ Host Groups that should comply with the policy
++ Schedule - the period in which the audit shall occur
+*ARF Report* is XML output of single scan occurance per single host. Asset Reporting File format
+is defined by SCAP 1.2 standard. Foreman plug-in stores the ARF Reports in database for later
+inspections.
+### User Interface
+The most of the Foreman-OpenSCAP controls are located in the *Compliance* section under the *Host*
+menu. The section contains three items as described in previous section: SCAP Contents, Compliance
+Policies, ARF Reports.
+### Prerequisites before the first use
+Make sure that
+1. smart_proxy_openscap and puppet-foreman_scap_client packages are installed on your proxies
+2. proxies have Foreman uri defined
+  ```
+  # echo ':foreman_url: https://foreman17.local.lan' >> /etc/foreman-proxy/settings.yml
+  ```
+3. foreman_scap_client puppet class is imported to your Foreman
+  1. Go to Configure -> Puppet classes page
+  2. Click Import button
+  3. Select foreman_scap_client
+### Setting-up first compliance policy
+1. Log-in to Web Interface
+2. Create new SCAP Content
+  1. Go to *Hosts -> Compliance -> SCAP contents* page
+  2. Upload DataSteam file
+3. Create new Policy
+  1. Go to Hosts -> Compliance -> Policies page
+  2. Assign SCAP Content to Policy
+  3. Select Profile from your SCAP Content
+  4. Define periodic scan schedule
+  5. Assign Hostgroups to the policy (hosts you want to audit should be assigned with one of the
+     hostgroups)
+4. Select particular hosts for compliance audit
+  1. Go to *Hosts -> All hosts* page
+  2. Select hosts
+  3. Use *Select Action -> Assign Compliance Policy* button
+5. Make sure the DataStream file is present on the clients' file system.
+   At the moment, Foreman infrastructure is not able to serve a file to the clients. Hence, users
+   are required to distribute their DataStrem file to each client. The expected location is
+   defined at *Compliance Policy -> Edit* dialogue.
+6. Inspect the compliance results
+  1. Go to *Hosts -> Compliance -> Reports* page
+  2. Wait for ARF Reports to show-up
+  3. Go to *Hosts -> Compliance -> Policies* page
+  4. Click the policy link to view dashboard and trend
 ## Installation from RPMS
 - Install Foreman from [upstream](http://theforeman.org/)
@@ -62,20 +141,9 @@ of Foreman based infrastructure.
   # service foreman restart
   ```
-## Usage
-Deploy [puppet-openscap](https://github.com/OpenSCAP/puppet-openscap) Puppet module
-on your client systems. Apply openscap::xccdf::foreman_audit puppet class using Foreman
-on your clients. The client will schedule OpenSCAP audit as requested by the Puppet
-class. The audit report will be then transfered from the client machine to the proxy
-(foreman-proxy_openscap). Then audit reports are forwarded from proxy to SCAPtimony
-in batches and achieved at your Foreman server.
-More coming, see future features above.
 ## Copyright
-Copyright (c) 2014 Red Hat, Inc.
+Copyright (c) 2014--2015 Red Hat, Inc.
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by

data/app/assets/javascript/foreman_openscap/scap_hosts_show.js ADDED Viewed

@@ -0,0 +1,4 @@
+$(function() {
+  // Not sure about this ugly hack.
+  $('.col-md-4 .stats-well').height($('.col-md-8 .stats-well').height() + 28);
+});

data/app/controllers/api/v2/compliance/arf_reports_controller.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2014 Red Hat Inc.
+# Copyright (c) 2014--2015 Red Hat Inc.
 #
 # This software is licensed to you under the GNU General Public License,
 # version 3 (GPLv3). There is NO WARRANTY for this software, express or
@@ -19,9 +19,45 @@ module Api
         include Api::Version2
         include Foreman::Controller::SmartProxyAuth
-        add_puppetmaster_filters :create
+        add_smart_proxy_filters :create, :features => 'Openscap'
-        api :POST, "/arf/:cname/:policy_id/:date", N_("Upload an ARF report")
+        before_filter :find_resource, :only => %w{show destroy}
+        def resource_name
+          'Scaptimony::ArfReport'
+        end
+        def get_resource
+          instance_variable_get :"@arf_report" or raise 'no resource loaded'
+        end
+        resource_description do
+          resource_id 'scaptimony_arf_reports'
+          api_version 'v2'
+          api_base_url "/api/v2"
+        end
+        api :GET, '/compliance/arf_reports', N_('List Arf reports')
+        param_group :search_and_pagination, ::Api::V2::BaseController
+        def index
+          @arf_reports = resource_scope_for_index(:permission => :edit_compliance).includes(:arf_report_breakdown, :asset)
+        end
+        api :GET, '/compliance/arf_reports/:id', N_('Show an Arf report')
+        param :id, :identifier, :required => true
+        def show
+        end
+        api :DELETE, '/compliance/arf_reports/:id', N_('Deletes an Arf Report')
+        param :id, :identifier, :required => true
+        def destroy
+          process_response @arf_report.destroy
+        end
+        api :POST, "/compliance/arf/:cname/:policy_id/:date", N_("Upload an ARF report")
         param :cname, :identifier, :required => true
         param :policy_id, :identifier, :required => true
         param :date, :identifier, :required => true
@@ -43,9 +79,16 @@ module Api
           # no matter what content-encoding says. Let's pass content-type arf-bzip2
           # and move forward.
           super unless
+            params[:action] == 'create' and
             request.content_type.end_with? 'arf-bzip2' and
             request.env['HTTP_CONTENT_ENCODING'] == 'x-bzip2'
         end
+        private
+        def find_resource
+          not_found and return if params[:id].blank?
+          instance_variable_set("@arf_report", resource_scope.find(params[:id]))
+        end
       end
     end
   end

data/app/controllers/api/v2/compliance/policies_controller.rb CHANGED Viewed

@@ -1,14 +1,7 @@
 module Api::V2
   module Compliance
     class PoliciesController < ::Api::V2::BaseController
-      include Api::Version2
-      include Foreman::Controller::SmartProxyAuth
-      add_puppetmaster_filters :content
-      before_filter :find_resource, :only => %w{content}
-      attr_reader :detected_proxy
+      before_filter :find_resource, :except => %w{index create}
       def resource_name
         'Scaptimony::Policy'
@@ -18,35 +11,69 @@ module Api::V2
         instance_variable_get :"@policy" or raise 'no resource loaded'
       end
+      def policy_url(policy = nil)
+        api_policy_url(@policy)
+      end
       resource_description do
         resource_id 'scaptimony_policies'
         api_version 'v2'
         api_base_url "/api/v2"
       end
-      api :GET, '/compliance/policies/:id/content', N_("Show a policy's SCAP content")
+      api :GET, '/compliance/policies', N_('List SCAP contents')
+      param_group :search_and_pagination, ::Api::V2::BaseController
+      def index
+        @policies = resource_scope_for_index(:permission => :edit_compliance)
+      end
+      api :GET, '/compliance/policies/:id', N_('Show an SCAP content')
       param :id, :identifier, :required => true
-      def content
-        @scap_content = @policy.scap_content
-        send_data @scap_content.scap_file,
-                  :type     => 'application/xml',
-                  :filename => @scap_content.original_filename
+      def show
+      end
+      def_param_group :policy do
+        param :policy, Hash, :required => true, :action_aware => true do
+          param :name, String, :required => true, :desc => N_('Policy name')
+          param :description, String, :desc => N_('Policy description')
+          param :scap_content_id, Integer, :required => true, :desc => N_('Policy scap content id')
+          param :scap_content_profile_id, Integer, :required => true, :desc => N_('Policy scap content profile id')
+          param :period, String, :required => true, :desc => N_('Policy schedule period')
+          param :weekday, String, :required => true, :desc => N_('Policy schedule weekday')
+          param :hostgroup_ids, Array, :desc => N_('Apply policy to hostgroups')
+          param_group :taxonomies, ::Api::V2::BaseController
+        end
+      end
+      api :POST, '/compliance/policies', N_('Create a policy')
+      param_group :policy, :as => :create
+      def create
+        @policy = Scaptimony::Policy.new(params[:policy])
+        process_response @policy.save
+      end
+      api :PUT, '/compliance/policies/:id', N_('Update a policy')
+      param :id, :identifier, :required => true
+      param_group :policy
+      def update
+        process_response @policy.update_attributes(params[:policy])
+      end
+      api :DELETE, '/compliance/policies/:id', N_('Deletes a policy')
+      param :id, :identifier, :required => true
+      def destroy
+        process_response @policy.destroy
       end
       private
       def find_resource
         not_found and return if params[:id].blank?
-        instance_variable_set("@policy", Scaptimony::Policy.find(params[:id]))
-      end
-      def action_permission
-        case params[:action]
-          when 'content'
-            :view
-          else
-            super
-        end
+        instance_variable_set("@policy", resource_scope.find(params[:id]))
       end
     end
   end

data/app/controllers/api/v2/compliance/scap_contents_controller.rb ADDED Viewed

@@ -0,0 +1,74 @@
+module Api::V2
+  module Compliance
+    class ScapContentsController < ::Api::V2::BaseController
+      before_filter :find_resource, :except => %w{index create}
+      def resource_name
+        'Scaptimony::ScapContent'
+      end
+      def get_resource
+        instance_variable_get :"@scap_content" or raise 'no resource loaded'
+      end
+      resource_description do
+        resource_id 'scaptimony_scap_contents'
+        api_version 'v2'
+        api_base_url "/api/v2"
+      end
+      api :GET, '/compliance/scap_contents', N_('List SCAP contents')
+      param_group :search_and_pagination, ::Api::V2::BaseController
+      def index
+        @scap_contents = resource_scope_for_index(:permission => :edit_compliance)
+      end
+      api :GET, '/compliance/scap_contents/:id', N_('Show an SCAP content')
+      param :id, :identifier, :required => true
+      def show
+        send_data @scap_content.scap_file,
+                  :type     => 'application/xml',
+                  :filename => @scap_content.original_filename
+      end
+      def_param_group :scap_content do
+        param :scap_content, Hash, :required => true, :action_aware => true do
+          param :title, String, :required => true, :desc => N_('Scap content name')
+          param :scap_file, String, :required => true
+          param_group :taxonomies, ::Api::V2::BaseController
+        end
+      end
+      api :POST, '/compliance/scap_contents', N_('Create SCAP content')
+      param_group :scap_content, :as => :create
+      def create
+        @scap_content = Scaptimony::ScapContent.new(params[:scap_content])
+        process_response @scap_content.save
+      end
+      api :PUT, '/compliance/scap_contents/:id', N_('Update an SCAP content')
+      param :id, :identifier, :required => true
+      param_group :scap_content
+      def update
+        process_response @scap_content.update_attributes(params[:scap_content])
+      end
+      api :DELETE, '/compliance/scap_contents/:id', N_('Deletes an SCAP content')
+      param :id, :identifier, :required => true
+      def destroy
+        process_response @scap_content.destroy
+      end
+      private
+      def find_resource
+        not_found and return if params[:id].blank?
+        instance_variable_set("@scap_content", resource_scope.find(params[:id]))
+      end
+    end
+  end
+end

data/app/controllers/scaptimony_hosts_controller.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class ScaptimonyHostsController < ApplicationController
+  def show
+    @host = Host.find(params[:id])
+  end
+end

data/app/controllers/scaptimony_policies_controller.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 class ScaptimonyPoliciesController < ApplicationController
   include Foreman::Controller::AutoCompleteSearch
   before_filter :find_by_id, :only => [:show, :edit, :update, :parse, :destroy]
-  before_filter :find_multiple, :only => [:select_multiple_hosts, :update_multiple_hosts]
+  before_filter :find_multiple, :only => [:select_multiple_hosts, :update_multiple_hosts, :disassociate_multiple_hosts, :remove_policy_from_multiple_hosts]
   def model_of_controller
     ::Scaptimony::Policy
@@ -73,7 +73,7 @@ class ScaptimonyPoliciesController < ApplicationController
   def update_multiple_hosts
     if (id = params['policy']['id'])
       policy = ::Scaptimony::Policy.find(id)
-      policy.assign_hosts @hosts
+      policy.assign_hosts(@hosts)
       notice _("Updated hosts: Assigned with compliance policy: #{policy.name}")
       # We prefer to go back as this does not lose the current search
       redirect_to hosts_path
@@ -83,6 +83,20 @@ class ScaptimonyPoliciesController < ApplicationController
     end
   end
+  def disassociate_multiple_hosts; end
+  def remove_policy_from_multiple_hosts
+    if (id = params.fetch(:policy, {})[:id])
+      policy = ::Scaptimony::Policy.find(id)
+      policy.unassign_hosts(@hosts)
+      notice _("Updated hosts: Unassigned from compliance policy '%s'") % policy.name
+      redirect_to hosts_path
+    else
+      error _('No valid policy id provided')
+      redirect_to hosts_path
+    end
+  end
   def welcome
     @searchbar = true
     if (model_of_controller.first.nil? rescue false)

data/app/helpers/concerns/foreman_openscap/hosts_helper_extensions.rb CHANGED Viewed

@@ -6,8 +6,39 @@ module ForemanOpenscap
       alias_method_chain :multiple_actions, :scap
     end
+    Colors = {
+        :passed  => '#89A54E',
+        :failed  => '#AA4643',
+        :othered => '#DB843D',
+    }
     def multiple_actions_with_scap
-      multiple_actions_without_scap << [_('Assign Compliance Policy'), select_multiple_hosts_scaptimony_policies_path]
+      multiple_actions_without_scap + [[_('Assign Compliance Policy'), select_multiple_hosts_scaptimony_policies_path],
+                                       [_('Unassign Compliance Policy'), disassociate_multiple_hosts_scaptimony_policies_path]]
+    end
+    def host_policy_breakdown_chart(report, options = {})
+      data = []
+      [[:passed, _('Passed')],
+       [:failed, _('Failed')],
+       [:othered, _('Other')],
+      ].each { |i|
+        data << {:label => i[1], :data => report[i[0]], :color => Colors[i[0]]}
+      }
+      flot_pie_chart 'overview', _('Compliance reports breakdown'), data, options
+    end
+    def host_arf_reports_chart(policy_id)
+      passed, failed, othered, = [], [], []
+      @host.arf_reports.of_policy(policy_id).each do |report|
+        passed  << [report.created_at.to_i*1000, report.passed]
+        failed  << [report.created_at.to_i*1000, report.failed]
+        othered << [report.created_at.to_i*1000, report.othered]
+      end
+      [{:label => _("Passed"), :data => passed, :color => Colors[:passed]},
+       {:label => _("Failed"), :data => failed, :color => Colors[:failed]},
+       {:label => _("Othered"), :data => othered, :color => Colors[:othered]}]
     end
   end
 end

data/app/models/concerns/foreman_openscap/arf_report_extensions.rb CHANGED Viewed

@@ -21,6 +21,7 @@ module ForemanOpenscap
       scope :hosts, lambda { includes(:policy, :arf_report_breakdown) }
       scope :latest, lambda { includes(:host, :policy, :arf_report_breakdown).limit(5).order("scaptimony_arf_reports.created_at DESC") }
+      scope :of_policy, lambda {|policy_id| {:conditions => {:policy_id => policy_id}}}
       scoped_search :in => :host, :on => :name, :complete_value => :true, :rename => "host"

data/app/models/concerns/foreman_openscap/host_extensions.rb CHANGED Viewed

@@ -26,7 +26,7 @@ module ForemanOpenscap
     end
     def combined_policies
-      combined = self.hostgroup ? self.policies + self.hostgroup.policies : self.policies
+      combined = self.policies + self.hostgroup.policies
       combined.uniq
     end

data/app/models/concerns/foreman_openscap/policy_extensions.rb CHANGED Viewed

@@ -129,12 +129,16 @@ module ForemanOpenscap
       assign_assets hosts.map &:get_asset
     end
+    def unassign_hosts(hosts)
+      host_asset_ids = Scaptimony::Asset.where(:assetable_type => 'Host::Base', :assetable_id => hosts.map(&:id)).pluck(:id)
+      self.asset_ids = self.asset_ids - host_asset_ids
+    end
     def to_enc
       {
         'id' => self.id,
         'profile_id' => self.scap_content_profile.try(:profile_id) || '',
         'content_path' => "/var/lib/openscap/content/#{self.scap_content.digest}.xml",
-        'download_path' => "/compliance/policies/#{self.id}/content" # default to proxy path
       }.merge(period_enc)
     end

data/app/overrides/hosts/overview/host_compliance_status.rb ADDED Viewed

@@ -0,0 +1,4 @@
+Deface::Override.new(:virtual_path  => "hosts/_overview",
+                     :name          => "add_compliance_check",
+                     :insert_after => "#properties_table",
+                     :partial       =>  "scaptimony_hosts/host_status")

data/app/services/scaptimony/host_report_dashboard/data.rb ADDED Viewed

@@ -0,0 +1,38 @@
+module Scaptimony::HostReportDashboard
+  class Data
+    attr_reader :report
+    def initialize(policy_id, asset_id)
+      @latest_report = Scaptimony::ArfReport.where(:asset_id =>  asset_id, :policy_id => policy_id).order('created_at DESC').limit(1).first
+      @report = {}
+      fetch_data
+    end
+    private
+    attr_writer :report
+    attr_accessor :latest_report
+    def fetch_data
+      report.update(
+          {
+            :passed  => report_passed,
+            :failed  => report_failed,
+            :othered => report_othered
+          }
+      )
+    end
+    def report_passed
+      @latest_report.passed
+    end
+    def report_failed
+      @latest_report.failed
+    end
+    def report_othered
+      @latest_report.othered
+    end
+  end
+end

data/app/views/api/v2/compliance/arf_reports/base.json.rabl ADDED Viewed

@@ -0,0 +1,4 @@
+object @arf_report
+attributes :id, :passed, :failed, :othered
+node(:host) { |arf_report| arf_report.host.name }

data/app/views/api/v2/compliance/arf_reports/index.json.rabl ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ collection @arf_reports
2	+ extends "api/v2/compliance/arf_reports/main"

data/app/views/api/v2/compliance/arf_reports/main.json.rabl ADDED Viewed

@@ -0,0 +1,5 @@
+object @arf_report
+extends "api/v2/compliance/arf_reports/base"
+attributes :created_at, :updated_at

data/app/views/api/v2/compliance/arf_reports/show.json.rabl ADDED Viewed

@@ -0,0 +1,3 @@
+object @arf_report
+extends "api/v2/compliance/arf_reports/main"

data/app/views/api/v2/compliance/policies/base.json.rabl ADDED Viewed

@@ -0,0 +1,3 @@
+object @policy
+attributes :id, :name, :period, :weekday, :description, :scap_content_id, :scap_content_profile_id, :day_of_month, :cron_line

data/app/views/api/v2/compliance/policies/index.json.rabl ADDED Viewed

@@ -0,0 +1,3 @@
+collection @policies
+extends "api/v2/compliance/policies/main"

data/app/views/api/v2/compliance/policies/main.json.rabl ADDED Viewed

@@ -0,0 +1,5 @@
+object @policy
+extends "api/v2/compliance/policies/base"
+attributes :created_at, :updated_at

data/app/views/api/v2/compliance/policies/show.json.rabl ADDED Viewed

@@ -0,0 +1,3 @@
+object @policy
+extends "api/v2/compliance/policies/main"

data/app/views/api/v2/compliance/scap_contents/base.json.rabl ADDED Viewed

@@ -0,0 +1,3 @@
+object @scap_content
+attributes :id, :title, :original_filename, :digest

data/app/views/api/v2/compliance/scap_contents/index.json.rabl ADDED Viewed

@@ -0,0 +1,3 @@
+collection @scap_contents
+extends "api/v2/compliance/scap_contents/main"

data/app/views/api/v2/compliance/scap_contents/main.json.rabl ADDED Viewed

@@ -0,0 +1,5 @@
+object @scap_content
+extends "api/v2/compliance/scap_contents/base"
+attributes :created_at, :updated_at

data/app/views/api/v2/compliance/scap_contents/show.json.rabl ADDED Viewed

	@@ -0,0 +1 @@
1	+ object @scap_content

data/app/views/dashboard/_foreman_openscap_host_reports_widget.html.erb CHANGED Viewed

@@ -13,7 +13,7 @@
     </tr>
     <% latest_reports.each do |report| %>
       <tr>
-        <td><%= link_to h(report.host.nil? ? _('Host does not exist anymore') : report.host.name), scaptimony_arf_report_path(report) %></td>
+        <td><%= link_to h(report.host.name), scaptimony_arf_report_path(report) %></td>
         <td><%= link_to h(report.policy.name), scaptimony_policy_dashboard_scaptimony_policy_path(report.policy) %></td>
         <td><%= report_event_column(report.passed, "label-success")  %></td>
         <td><%= report_event_column(report.failed, "label-danger")  %></td>

data/app/views/scaptimony_arf_reports/_list.html.erb CHANGED Viewed

@@ -9,7 +9,7 @@
   </tr>
   <% for arf_report in @arf_reports %>
     <tr>
-      <td><%= arf_report.host.nil? ? _('Host does not exist anymore') : name_column(arf_report.host) %></td>
+      <td><%= name_column(arf_report.host) %></td>
       <td><%= _("%s ago") % time_ago_in_words(arf_report.date) %></td>
       <td><%= report_arf_column(arf_report.passed, "label-info") %></th>
       <td><%= report_arf_column(arf_report.failed, "label-danger") %></th>

data/app/views/scaptimony_hosts/_host_status.html.erb ADDED Viewed

@@ -0,0 +1,17 @@
+<% if host.arf_reports.any? %>
+<table class="table table-bordered table-striped" id="compliance">
+  <tr>
+    <th colspan="2"><%= _('Compliance Properties') %></th>
+  </tr>
+  <tr>
+    <td><%= _('Compliance') %></td>
+    <td>
+      <% if host.arf_reports.search_for('failed > 0').blank? %>
+        <%= link_to(report_event_column('O', "label-success"), scaptimony_host_path(host.id)) %>
+      <% else %>
+        <%= link_to(report_event_column('F', "label-danger"), scaptimony_host_path(host.id)) %>
+      <% end %>
+    </td>
+  </tr>
+</table>
+<% end %>

data/app/views/scaptimony_hosts/show.html.erb ADDED Viewed

@@ -0,0 +1,23 @@
+<%= javascript 'dashboard', 'foreman_openscap/scap_hosts_show' %>
+<% title _("%s compliance reports by policy") % @host.to_label %>
+<% @host.policies.each do |policy| %>
+  <h2 class="center-block"><%= _('Policy %s') % policy %></h2>
+  <div class="row">
+    <div class="col-md-4">
+      <div class="stats-well">
+        <h4 class="header ca"><%= _('%s latest report') % policy.name %></h4>
+        <% report = Scaptimony::HostReportDashboard::Data.new(policy.id, @host.asset.id).report %>
+        <%= host_policy_breakdown_chart(report, :class => 'statistics-pie small') %>
+      </div>
+    </div>
+    <div class="col-md-8">
+      <div class="stats-well">
+        <h4 class="ca"><%= _("%s reports over time") % policy %></h4>
+        <%= flot_chart('resource_graph', '', '', host_arf_reports_chart(policy.id)) %>
+      </div>
+    </div>
+  </div>
+  <hr style="border: 1px solid #eeeeee"/>
+<% end %>

data/app/views/scaptimony_policies/disassociate_multiple_hosts.html.erb ADDED Viewed

@@ -0,0 +1,7 @@
+<%= render 'hosts/selected_hosts', :hosts => @hosts %>
+<%= form_for :policy,
+             :url => remove_policy_from_multiple_hosts_scaptimony_policies_path(:host_ids => params[:host_ids]) do |f| %>
+    <%= selectable_f f, :id, [[_('Select Compliance Policy'), 'disabled'],
+                             ] + Scaptimony::Policy.all.map{|e| [e.name, e.id]},{},
+                        :onchange => 'toggle_multiple_ok_button(this)' %>
+<% end %>

data/config/routes.rb CHANGED Viewed

@@ -22,6 +22,8 @@ Rails.application.routes.draw do
         post 'scap_content_selected'
         get 'select_multiple_hosts'
         post 'update_multiple_hosts'
+        get 'disassociate_multiple_hosts'
+        post 'remove_policy_from_multiple_hosts'
       end
     end
     resources :scap_contents,
@@ -30,16 +32,18 @@ Rails.application.routes.draw do
         get 'auto_complete_search'
       end
     end
+    resources :hosts, :only => [:show], :as => :scaptimony_hosts, :controller => :scaptimony_hosts
   end
   namespace :api do
     scope "(:apiv)", :module => :v2, :defaults => {:apiv => 'v2'},
           :apiv => /v1|v2/, :constraints => ApiConstraints.new(:version => 2) do
       namespace :compliance do
+        resources :scap_contents, :except => [:new, :edit]
+        resources :policies, :except => [:new, :edit]
+        resources :arf_reports, :only => [:index, :show, :destroy]
         post 'arf_reports/:cname/:policy_id/:date', \
               :constraints => { :cname => /[^\/]+/ }, :to => 'arf_reports#create'
-        get 'policies/:id/content', :to => 'policies#content'
       end
     end
   end

data/lib/foreman_openscap/engine.rb CHANGED Viewed

@@ -19,6 +19,7 @@ module ForemanOpenscap
       app.config.assets.precompile += %w(
         'foreman_openscap/policy_edit.js',
         'foreman_openscap/period_selector.js',
+        'foreman_openscap/scap_hosts_show.js',
         'foreman_openscap/policy.css'
       )
     end
@@ -27,6 +28,7 @@ module ForemanOpenscap
       SETTINGS[:foreman_openscap] =
           {:assets => {:precompile => ['foreman_openscap/policy_edit.js',
                                        'foreman_openscap/period_selector.js',
+                                       'foreman_openscap/scap_hosts_show.js',
                                        'foreman_openscap/policy.css']}}
     end

data/lib/foreman_openscap/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ForemanOpenscap
-  VERSION = "0.3.4"
+  VERSION = "0.4.0"
 end

data/test/factories/arf_report_factory.rb ADDED Viewed

@@ -0,0 +1,10 @@
+FactoryGirl.define do
+  factory :arf_report, :class => Scaptimony::ArfReport do |f|
+    f.asset
+    f.policy
+    f.sequence :digest do |n|
+      "#{n}#{n}#{n}aabbcc#{n}3322dd"
+    end
+    date '1973-01-13'
+  end
+end

data/test/factories/asset_factory.rb ADDED Viewed

@@ -0,0 +1,6 @@
+FactoryGirl.define do
+  factory :asset, :class => Scaptimony::Asset do |f|
+    f.assetable_id FactoryGirl.create(:host).id
+    f.assetable_type 'Host::Base'
+  end
+end

data/test/factories/policy_factory.rb CHANGED Viewed

@@ -8,5 +8,4 @@ FactoryGirl.define do
     day_of_month '1'
     cron_line '* * * * 30'
   end
-end
+end

data/test/factories/scap_content_related.rb CHANGED Viewed

@@ -13,4 +13,3 @@ FactoryGirl.define do
     f.title 'test Profile for testing'
   end
 end

data/test/files/scap_contents/ssg-fedora-ds.xml CHANGED Viewed

@@ -5617,31 +5617,4 @@ To verify insecure file locking has been disabled, run the following command:
     <external_variable comment="maximum password age" datatype="int" id="oval:ssg:var:282" version="1"/>
     <external_variable comment="timeout value" datatype="int" id="oval:ssg:var:283" version="1"/>
   </variables>
-</oval_definitions></ds:component></ds:data-stream-collection>
+</oval_definitions></ds:component></ds:data-stream-collection>

data/test/functional/api/v2/arf_reports_controller_test.rb ADDED Viewed

@@ -0,0 +1,24 @@
+require 'test_plugin_helper'
+class Api::V2::ArfReportsControllerTest < ActionController::TestCase
+  setup do
+    # override validation of policy (puppetclass, lookup_key overrides)
+    Scaptimony::Policy.any_instance.stubs(:valid?).returns(true)
+  end
+  test "should get index" do
+    FactoryGirl.create(:arf_report)
+    get :index, {}, set_session_user
+    response = ActiveSupport::JSON.decode(@response.body)
+    assert_not response['results'].empty?
+    assert_response :success
+  end
+  test "should get show" do
+    get :show, { :id => FactoryGirl.create(:arf_report).to_param }, set_session_user
+    response = ActiveSupport::JSON.decode(@response.body)
+    refute response['passed'].blank?
+    refute response['failed'].blank?
+    refute response['othered'].blank?
+    assert_response :success
+  end
+end

data/test/functional/api/v2/policies_controller_test.rb ADDED Viewed

@@ -0,0 +1,58 @@
+require 'test_plugin_helper'
+class Api::V2::PoliciesControllerTest < ActionController::TestCase
+  setup do
+    Scaptimony::Policy.any_instance.stubs(:ensure_needed_puppetclasses).returns(true)
+  end
+  test "should get index" do
+    FactoryGirl.create(:policy)
+    get :index, {}, set_session_user
+    response = ActiveSupport::JSON.decode(@response.body)
+    assert response['results'].length > 0
+    assert_response :success
+  end
+  test "should show a policy" do
+    policy = FactoryGirl.create(:policy)
+    get :show, { :id => policy.to_param }, set_session_user
+    response = ActiveSupport::JSON.decode(@response.body)
+    assert response['name'], policy.name
+    assert_response :success
+  end
+  test "should update a policy" do
+    policy = FactoryGirl.create(:policy)
+    put :update, {:id => policy.id, :policy => {:period => 'monthly'}}
+    updated_policy = ActiveSupport::JSON.decode(@response.body)
+    assert(updated_policy['period'], 'monthly')
+    assert_response :ok
+  end
+  test "should not update invalid" do
+    policy = FactoryGirl.create(:policy)
+    put :update, {:id => policy.id, :policy => {:name => 'say my name'}}
+    assert_response :unprocessable_entity
+  end
+  test "should create a policy" do
+    scap_content_profile = FactoryGirl.create(:scap_content_profile)
+    attributes = {:policy => {:name => 'my_policy', :scap_content_profile_id => scap_content_profile.id, :scap_content_id => scap_content_profile.scap_content_id}}
+    post :create, attributes, set_session_user
+    response = ActiveSupport::JSON.decode(@response.body)
+    assert response['scap_content_profile_id'], scap_content_profile.to_param
+    assert_response :created
+  end
+  test "should not create invalid policy" do
+    post :create, {}, set_session_user
+    assert_response :unprocessable_entity
+  end
+  test "should destroy" do
+    policy = FactoryGirl.create(:policy)
+    delete :destroy, { :id => policy.id }, set_session_user
+    assert_response :ok
+    refute Scaptimony::Policy.exists?(policy.id)
+  end
+end

data/test/functional/api/v2/scap_contents_controller_test.rb ADDED Viewed

@@ -0,0 +1,49 @@
+require 'test_plugin_helper'
+class Api::V2::ScapContentsControllerTest < ActionController::TestCase
+  test "should get index" do
+    FactoryGirl.create(:scap_content)
+    get :index, {}, set_session_user
+    response = ActiveSupport::JSON.decode(@response.body)
+    assert response['results'].any?
+    assert_response :success
+  end
+  test "should return xml of scap content" do
+    scap_content = FactoryGirl.create(:scap_content)
+    get :show, { :id => scap_content.id }, set_session_user
+    assert(@response.header['Content-Type'], 'application/xml')
+    assert_response :success
+  end
+  test "should create invalid scap content" do
+    post :create, {}, set_session_user
+    assert_response :unprocessable_entity
+  end
+  test "should create scap content" do
+    # Skipped as API does not support uploading files
+    skip
+  end
+  test "should update scap content" do
+    scap_content = FactoryGirl.create(:scap_content)
+    put :update, { :id => scap_content.id, :scap_content => {:title => 'RHEL7 SCAP'}}, set_session_user
+    assert_response :success
+    assert scap_content.title, 'RHEL7 SCAP'
+  end
+  test "should not update invalid scap content"  do
+    scap_content = FactoryGirl.create(:scap_content)
+    put :update, { :id => scap_content.id, :scap_content => {:scap_file => '<xml>blah</xml>'}}, set_session_user
+    assert_response :unprocessable_entity
+  end
+  test "should destory scap content" do
+    scap_content = FactoryGirl.create(:scap_content)
+    delete :destroy, { :id => scap_content.id }, set_session_user
+    assert_response :ok
+    refute Scaptimony::ScapContent.exists?(scap_content.id)
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: foreman_openscap
 version: !ruby/object:Gem::Version
-  version: 0.3.4
+  version: 0.4.0
 platform: ruby
 authors:
 - "Šimon Lukašík"
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-05-07 00:00:00.000000000 Z
+date: 2015-03-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: deface
@@ -47,14 +47,16 @@ extra_rdoc_files: []
 files:
 - LICENSE
 - README.md
-- Rakefile
 - app/assets/javascript/foreman_openscap/period_selector.js
 - app/assets/javascript/foreman_openscap/policy_edit.js
+- app/assets/javascript/foreman_openscap/scap_hosts_show.js
 - app/assets/stylesheets/foreman_openscap/policy.css.scss
 - app/controllers/api/v2/compliance/arf_reports_controller.rb
 - app/controllers/api/v2/compliance/policies_controller.rb
+- app/controllers/api/v2/compliance/scap_contents_controller.rb
 - app/controllers/scaptimony_arf_reports_controller.rb
 - app/controllers/scaptimony_dashboard_controller.rb
+- app/controllers/scaptimony_hosts_controller.rb
 - app/controllers/scaptimony_policies_controller.rb
 - app/controllers/scaptimony_policy_dashboard_controller.rb
 - app/controllers/scaptimony_scap_contents_controller.rb
@@ -70,20 +72,37 @@ files:
 - app/models/concerns/foreman_openscap/policy_extensions.rb
 - app/models/concerns/foreman_openscap/scap_content_extensions.rb
 - app/overrides/hosts/index/host_arf_report.rb
+- app/overrides/hosts/overview/host_compliance_status.rb
+- app/services/scaptimony/host_report_dashboard/data.rb
 - app/services/scaptimony/policy_dashboard/data.rb
 - app/services/scaptimony/policy_dashboard/loader.rb
 - app/services/scaptimony/policy_dashboard/manager.rb
 - app/services/scaptimony/report_dashboard/data.rb
+- app/views/api/v2/compliance/arf_reports/base.json.rabl
+- app/views/api/v2/compliance/arf_reports/index.json.rabl
+- app/views/api/v2/compliance/arf_reports/main.json.rabl
+- app/views/api/v2/compliance/arf_reports/show.json.rabl
+- app/views/api/v2/compliance/policies/base.json.rabl
+- app/views/api/v2/compliance/policies/index.json.rabl
+- app/views/api/v2/compliance/policies/main.json.rabl
+- app/views/api/v2/compliance/policies/show.json.rabl
+- app/views/api/v2/compliance/scap_contents/base.json.rabl
+- app/views/api/v2/compliance/scap_contents/index.json.rabl
+- app/views/api/v2/compliance/scap_contents/main.json.rabl
+- app/views/api/v2/compliance/scap_contents/show.json.rabl
 - app/views/dashboard/_foreman_openscap_host_reports_widget.html.erb
 - app/views/dashboard/_foreman_openscap_reports_breakdown_widget.html.erb
 - app/views/scaptimony_arf_reports/_host_report.html.erb
 - app/views/scaptimony_arf_reports/_list.html.erb
 - app/views/scaptimony_arf_reports/index.html.erb
 - app/views/scaptimony_arf_reports/show.html.erb
+- app/views/scaptimony_hosts/_host_status.html.erb
+- app/views/scaptimony_hosts/show.html.erb
 - app/views/scaptimony_policies/_form.html.erb
 - app/views/scaptimony_policies/_list.html.erb
 - app/views/scaptimony_policies/_scap_content_results.html.erb
 - app/views/scaptimony_policies/create.html.erb
+- app/views/scaptimony_policies/disassociate_multiple_hosts.html.erb
 - app/views/scaptimony_policies/edit.html.erb
 - app/views/scaptimony_policies/index.html.erb
 - app/views/scaptimony_policies/new.html.erb
@@ -114,11 +133,14 @@ files:
 - lib/foreman_openscap/helper.rb
 - lib/foreman_openscap/version.rb
 - lib/tasks/foreman_openscap_tasks.rake
-- test/factories/foreman_openscap_factories.rb
+- test/factories/arf_report_factory.rb
+- test/factories/asset_factory.rb
 - test/factories/policy_factory.rb
 - test/factories/scap_content_related.rb
 - test/files/scap_contents/ssg-fedora-ds.xml
-- test/functional/api/v2/compliance/policies_controller_test.rb
+- test/functional/api/v2/arf_reports_controller_test.rb
+- test/functional/api/v2/policies_controller_test.rb
+- test/functional/api/v2/scap_contents_controller_test.rb
 - test/test_plugin_helper.rb
 - test/unit/openscap_host_test.rb
 homepage: https://github.com/OpenSCAP/foreman_openscap
@@ -149,8 +171,11 @@ test_files:
 - test/unit/openscap_host_test.rb
 - test/test_plugin_helper.rb
 - test/files/scap_contents/ssg-fedora-ds.xml
-- test/functional/api/v2/compliance/policies_controller_test.rb
+- test/functional/api/v2/arf_reports_controller_test.rb
+- test/functional/api/v2/scap_contents_controller_test.rb
+- test/functional/api/v2/policies_controller_test.rb
+- test/factories/asset_factory.rb
 - test/factories/policy_factory.rb
 - test/factories/scap_content_related.rb
-- test/factories/foreman_openscap_factories.rb
+- test/factories/arf_report_factory.rb
 has_rdoc:

data/Rakefile DELETED Viewed

@@ -1,40 +0,0 @@
-#!/usr/bin/env rake
-begin
-  require 'bundler/setup'
-rescue LoadError
-  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
-end
-begin
-  require 'rdoc/task'
-rescue LoadError
-  require 'rdoc/rdoc'
-  require 'rake/rdoctask'
-  RDoc::Task = Rake::RDocTask
-end
-RDoc::Task.new(:rdoc) do |rdoc|
-  rdoc.rdoc_dir = 'rdoc'
-  rdoc.title    = 'ForemanOpenscap'
-  rdoc.options << '--line-numbers'
-  rdoc.rdoc_files.include('README.rdoc')
-  rdoc.rdoc_files.include('lib/**/*.rb')
-end
-APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
-load 'rails/tasks/engine.rake'
-Bundler::GemHelper.install_tasks
-require 'rake/testtask'
-Rake::TestTask.new(:test) do |t|
-  t.libs << 'lib'
-  t.libs << 'test'
-  t.pattern = 'test/**/*_test.rb'
-  t.verbose = false
-end
-task :default => :test

data/test/factories/foreman_openscap_factories.rb DELETED Viewed

@@ -1,5 +0,0 @@
-# FactoryGirl.define do
-#   factory :host do
-#     name 'foreman_openscap'
-#   end
-# end

data/test/functional/api/v2/compliance/policies_controller_test.rb DELETED Viewed

@@ -1,14 +0,0 @@
-require 'test_plugin_helper'
-class Api::V2::Compliance::PoliciesControllerTest < ActionController::TestCase
-  setup do
-    Scaptimony::Policy.any_instance.stubs(:ensure_needed_puppetclasses).returns(true)
-  end
-  test "should return xml of scap content" do
-    policy = FactoryGirl.create(:policy)
-    get :content, { :id => policy.id }, set_session_user
-    assert(@response.header['Content-Type'], 'application/xml')
-    assert_response :success
-  end
-end