foreman_openscap 0.5.3 → 0.5.4

checksums.yaml

@@ -1,7 +1,7 @@
----
-SHA1:
-  metadata.gz: a76b926f2bc21c2bdcd6a623b308cae1a9db5c03
-  data.tar.gz: e6415f8826e568b40231370f4b015a7c29b97256
-SHA512:
-  metadata.gz: 7f63dc300a9823d29f5c522a43ffdb4dd84cb2c9805e28233af9e000154f88ec30ca7afe86aa00bc78ce69e1030ead4fb03ccedba0bd0de843cf7aeb501d96ae
-  data.tar.gz: 2bb1e9497ca5c9f4501b513a9ac576d0e234a3aa176479bcd0b3d3b975fdf6b8db2dce8f78012d126913f80fc1ecff14259a71b67327b27f2f8255abff7b8d1b
+--- 
+SHA1: 
+  metadata.gz: 96a6e2184a76a03fd739e6c59c6e84f6cb5085fa
+  data.tar.gz: 3d60a8e2769d5f1f965776ae1dc574905c2fb06a
+SHA512: 
+  metadata.gz: a182595dc0be182b440010db2c6ae0ddbc6bf2ade6224cdaf7d9df6f7a1cc04fa4dca4f1d93f99ffdecd39ea7a0bf68eb872af7cbf61c626f2479806c54bd748
+  data.tar.gz: b893e5bddaa8888d8fa602520dec17b3c8e1d97f5b060dfb3a85efce17d32733d4f6929c8a6782c3e5d92d25cf36bd4af93f92705291de3f2228f9902eb2925e

data/app/assets/javascripts/foreman_openscap/policy_edit.js

@@ -1,12 +1,12 @@
 function scap_content_selected(element){
   var attrs = attribute_hash(['scap_content_id']);
   var url = $(element).attr('data-url');
-  $(element).indicator_show();
+  foreman.tools.showSpinner();
   $.ajax({
     data: attrs,
     type: 'post',
     url: url,
-    complete: function() { $(element).indicator_hide();},
+    complete: function() { reloadOnAjaxComplete($(element));},
     success: function(request) {
       $('#scap_content_profile_select').html(request);
     }

data/app/controllers/api/v2/compliance/arf_reports_controller.rb

@@ -30,26 +30,20 @@ module Api
           instance_variable_get :"@arf_report" or fail 'no resource loaded'
         end
 
-        resource_description do
-          resource_id 'foreman_openscap_arf_reports'
-          api_version 'v2'
-          api_base_url "/api/v2"
-        end
-
-        api :GET, '/compliance/arf_reports', N_('List Arf reports')
+        api :GET, '/compliance/arf_reports', N_('List ARF reports')
         param_group :search_and_pagination, ::Api::V2::BaseController
 
         def index
           @arf_reports = resource_scope_for_index(:permission => :edit_compliance).includes(:asset)
         end
 
-        api :GET, '/compliance/arf_reports/:id', N_('Show an Arf report')
+        api :GET, '/compliance/arf_reports/:id', N_('Show an ARF report')
         param :id, :identifier, :required => true
 
         def show
         end
 
-        api :DELETE, '/compliance/arf_reports/:id', N_('Deletes an Arf Report')
+        api :DELETE, '/compliance/arf_reports/:id', N_('Deletes an ARF Report')
         param :id, :identifier, :required => true
 
         def destroy

data/app/controllers/api/v2/compliance/policies_controller.rb

@@ -21,12 +21,6 @@ module Api::V2
         api_compliance_policy_url(@policy)
       end
 
-      resource_description do
-        resource_id 'foreman_openscap_policies'
-        api_version 'v2'
-        api_base_url "/api/v2"
-      end
-
       api :GET, '/compliance/policies', N_('List SCAP contents')
       param_group :search_and_pagination, ::Api::V2::BaseController
 
@@ -44,11 +38,11 @@ module Api::V2
         param :policy, Hash, :required => true, :action_aware => true do
           param :name, String, :required => true, :desc => N_('Policy name')
           param :description, String, :desc => N_('Policy description')
-          param :scap_content_id, Integer, :required => true, :desc => N_('Policy scap content id')
-          param :scap_content_profile_id, Integer, :required => true, :desc => N_('Policy scap content profile id')
+          param :scap_content_id, Integer, :required => true, :desc => N_('Policy SCAP content ID')
+          param :scap_content_profile_id, Integer, :required => true, :desc => N_('Policy SCAP content profile ID')
           param :period, String, :required => true, :desc => N_('Policy schedule period')
           param :weekday, String, :required => true, :desc => N_('Policy schedule weekday')
-          param :hostgroup_ids, Array, :desc => N_('Apply policy to hostgroups')
+          param :hostgroup_ids, Array, :desc => N_('Apply policy to host groups')
           param_group :taxonomies, ::Api::V2::BaseController
         end
       end

data/app/controllers/api/v2/compliance/scap_contents_controller.rb

@@ -11,12 +11,6 @@ module Api::V2
         instance_variable_get :"@scap_content" or fail 'no resource loaded'
       end
 
-      resource_description do
-        resource_id 'foreman_openscap_scap_contents'
-        api_version 'v2'
-        api_base_url "/api/v2"
-      end
-
       api :GET, '/compliance/scap_contents', N_('List SCAP contents')
       param_group :search_and_pagination, ::Api::V2::BaseController
 
@@ -24,19 +18,24 @@ module Api::V2
         @scap_contents = resource_scope_for_index(:permission => :edit_compliance)
       end
 
-      api :GET, '/compliance/scap_contents/:id', N_('Show an SCAP content')
+      api :GET, '/compliance/scap_contents/:id/xml', N_('Show an SCAP content as XML')
       param :id, :identifier, :required => true
 
-      def show
+      def xml
         send_data @scap_content.scap_file,
                   :type     => 'application/xml',
                   :filename => @scap_content.original_filename
       end
 
+      api :GET, '/compliance/scap_contents/:id', N_('Show an SCAP content')
+      param :id, :identifier, :required => true
+      def show
+      end
+
       def_param_group :scap_content do
         param :scap_content, Hash, :required => true, :action_aware => true do
-          param :title, String, :required => true, :desc => N_('Scap content name')
-          param :scap_file, String, :required => true
+          param :title, String, :required => true, :desc => N_('SCAP content name')
+          param :scap_file, String, :required => true, :desc => N_('XML containing SCAP content')
           param_group :taxonomies, ::Api::V2::BaseController
         end
       end
@@ -69,6 +68,15 @@ module Api::V2
         not_found and return if params[:id].blank?
         instance_variable_set("@scap_content", resource_scope.find(params[:id]))
       end
+
+      def action_permission
+        case params[:action]
+        when 'xml'
+          :view
+        else
+          super
+        end
+      end
     end
   end
 end

data/app/controllers/arf_reports_controller.rb

@@ -33,16 +33,16 @@ class ArfReportsController < ApplicationController
       response = @arf_report.to_bzip
       send_data response, :filename => "#{@arf_report.id}_arf_report.bz2", :type => 'application/octet-stream', :disposition => 'attachement'
     rescue => e
-      process_error(:error_msg => (_("Failed to downloaded Arf report as bzip: #{e.message}")),
+      process_error(:error_msg => (_("Failed to downloaded ARF report as bzip: %s") % (e.message)),
                     :error_redirect => arf_report_path(@arf_report.id))
     end
   end
 
   def destroy
     if @arf_report.destroy
-      process_success(:success_msg => (_("Successfully deleted Arf report.")), :success_redirect => arf_reports_path)
+      process_success(:success_msg => (_("Successfully deleted ARF report.")), :success_redirect => arf_reports_path)
     else
-      process_error(:error_msg => _("Failed to delete Arf Report for host #{@arf_report.host.name} reported at #{@arf_report.reported_at}"))
+      process_error(:error_msg => _("Failed to delete ARF Report for host %{host_name} reported at %{reported_at}") % {:host_name => @arf_report.host.name, :reported_at => @arf_report.reported_at})
     end
   end
 
@@ -70,11 +70,11 @@ class ArfReportsController < ApplicationController
     if params[:arf_report_ids].present?
       @arf_reports = ::ForemanOpenscap::ArfReport.where(:id => params[:arf_report_ids])
       if @arf_reports.empty?
-        error _('No complince reports were found.')
+        error _('No compliance reports were found.')
         redirect_to(arf_reports_path) and return false
       end
     else
-      error _('No complince reports selected')
+      error _('No compliance reports selected')
       redirect_to(arf_reports_path) and return false
     end
     return @arf_reports

data/app/controllers/policies_controller.rb

@@ -74,7 +74,7 @@ class PoliciesController < ApplicationController
     if (id = params['policy']['id'])
       policy = ::ForemanOpenscap::Policy.find(id)
       policy.assign_hosts(@hosts)
-      notice _("Updated hosts: Assigned with compliance policy: #{policy.name}")
+      notice _("Updated hosts: Assigned with compliance policy: %s")  % policy.name
       # We prefer to go back as this does not lose the current search
       redirect_to hosts_path
     else
@@ -92,7 +92,7 @@ class PoliciesController < ApplicationController
       notice _("Updated hosts: Unassigned from compliance policy '%s'") % policy.name
       redirect_to hosts_path
     else
-      error _('No valid policy id provided')
+      error _('No valid policy ID provided')
       redirect_to hosts_path
     end
   end

data/app/helpers/concerns/foreman_openscap/lookup_keys_helper_extensions.rb

@@ -0,0 +1,14 @@
+module ForemanOpenscap
+  module LookupKeysHelperExtensions
+    extend ActiveSupport::Concern
+
+    included do
+      alias_method_chain :overridable_lookup_keys, :scap
+    end
+
+    def overridable_lookup_keys_with_scap(klass, obj)
+      return [] if klass.name == "foreman_scap_client"
+      overridable_lookup_keys_without_scap klass, obj
+    end
+  end
+end

data/app/helpers/dashboard_helper.rb

@@ -0,0 +1,26 @@
+#
+# Copyright (c) 2014 Red Hat Inc.
+#
+# This software is licensed to you under the GNU General Public License,
+# version 3 (GPLv3). There is NO WARRANTY for this software, express or
+# implied, including the implied warranties of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv3
+# along with this software; if not, see http://www.gnu.org/licenses/gpl.txt
+#
+
+module DashboardHelper
+
+  def latest_headers
+    string =  "<th>#{_("Host")}</th>"
+    string += "<th>#{_("Policy")}</th>"
+    # TRANSLATORS: initial character of Passed
+    string += translated_header(s_('Passed|P'), _('Passed'))
+    # TRANSLATORS: initial character of Failed
+    string += translated_header(s_('Failed|F'), _('Failed'))
+    # TRANSLATORS: initial character of Othered which is an SCAP term
+    string += translated_header(s_('Othered|O'), _('Othered'))
+
+    string.html_safe
+  end
+
+end

data/app/lib/proxy_api/available_proxy.rb

@@ -12,15 +12,33 @@ module ::ProxyAPI
     ]
 
     def initialize(args)
-      @features = ::ProxyAPI::Features.new(args).features
+      @args = args
     end
 
     def available?
       begin
-        return true if @features.include?('openscap')
+        return true if (has_scap_feature? && minimum_version)
       rescue *HTTP_ERRORS
         return false
       end
+      false
+    end
+
+    private
+
+    def has_scap_feature?
+      @features ||= ::ProxyAPI::Features.new(@args).features
+      @features.include?('openscap')
+    end
+
+    def openscap_proxy_version
+      @versions ||= ::ProxyAPI::Version.new(@args).proxy_versions['modules']
+      @versions['openscap'] if @versions && @versions['openscap']
+    end
+
+    def minimum_version
+      return false unless openscap_proxy_version
+      openscap_proxy_version.to_f >= 0.5
     end
   end
 end

data/app/lib/proxy_api/migration.rb

@@ -0,0 +1,13 @@
+module ::ProxyAPI
+  class Migration < ::ProxyAPI::Resource
+    def initialize(args)
+      @url = args[:url] + '/compliance-importer'
+      super args
+      @connect_params[:headers].merge!(:content_type => 'text/xml', :content_encoding => 'x-bzip2', :multipart => true)
+    end
+
+    def migrate_arf_report(arf_file, host_name, policy_id, date)
+      parse(post(arf_file, "/arf/#{host_name}/#{policy_id}/#{date}"))
+    end
+  end
+end

data/app/lib/proxy_api/openscap.rb

@@ -24,7 +24,7 @@ module ::ProxyAPI
         @connect_params[:headers] = { :accept => 'application/html' }
         get "/arf/#{report.id}/#{cname}/#{report.reported_at.to_i}/#{report.policy_arf_report.digest}/html"
       rescue => e
-        raise ::ProxyAPI::ProxyException.new(url, e, N_("Unable to get html version of requested report from Smart Proxy"))
+        raise ::ProxyAPI::ProxyException.new(url, e, N_("Unable to get HTML version of requested report from Smart Proxy"))
       end
     end
 
@@ -33,7 +33,7 @@ module ::ProxyAPI
         @connect_params[:headers] = { :content_type => 'application/arf-bzip2', :content_encoding => 'x-bzip2' }
         get "/arf/#{report.id}/#{cname}/#{report.reported_at.to_i}/#{report.policy_arf_report.digest}/xml"
       rescue => e
-        raise ::ProxyAPI::ProxyException.new(url, e, N_("Unable to get xml version of requested report from Smart Proxy"))
+        raise ::ProxyAPI::ProxyException.new(url, e, N_("Unable to get XML version of requested report from Smart Proxy"))
       end
     end
 

data/app/mailers/foreman_openscap/policy_mailer.rb

@@ -15,7 +15,7 @@ module ForemanOpenscap
         logger.warn "User with valid email not supplied, mail report will not be sent"
       else
         set_locale_for(user) do
-          subject = _("Scap policies summary")
+          subject = _("SCAP policies summary")
           mail(:to => user.mail, :subject => subject)
         end
       end

data/app/models/concerns/foreman_openscap/compliance_status_scoped_search.rb

@@ -69,7 +69,7 @@ module ForemanOpenscap
 
     included do
       scoped_search :in => :policy, :on => :name, :complete_value => true, :rename => :compliance_policy,
-                    :ext_method => :search_by_policy_name
+        :only_explicit => true, :ext_method => :search_by_policy_name
 
       scoped_search :on => :id, :rename => :last_for, :complete_value => { :host => 0, :policy => 1 },
         :only_explicit => true, :ext_method => :search_by_last_for

data/app/models/concerns/foreman_openscap/host_extensions.rb

@@ -20,7 +20,7 @@ module ForemanOpenscap
                     :complete_value => {:compliant => ::ForemanOpenscap::ComplianceStatus::COMPLIANT,
                                         :incompliant => ::ForemanOpenscap::ComplianceStatus::INCOMPLIANT,
                                         :inconclusive => ::ForemanOpenscap::ComplianceStatus::INCONCLUSIVE}
-      after_save :puppetrun!, :if => :openscap_proxy_id_changed?
+      after_update :puppetrun!, :if => ->(host) { Setting[:puppetrun] && host.openscap_proxy_id_changed? }
 
       scope :comply_with, lambda { |policy|
         joins(:arf_reports).merge(ArfReport.latest_of_policy policy).merge(ArfReport.passed)

data/app/models/concerns/foreman_openscap/log_extensions.rb

@@ -3,6 +3,16 @@ module ForemanOpenscap
     extend ActiveSupport::Concern
     included do
       attr_accessible :result
+      SCAP_RESULT = %w(pass fail error unknown notapplicable notchecked notselected informational fixed)
+      validate :scap_result
+    end
+
+    private
+
+    def scap_result
+      if report.is_a? ForemanOpenscap::ArfReport
+        errors.add(:result, _('is not included in SCAP_RESULT')) unless SCAP_RESULT.include? result
+      end
     end
   end
 end

data/app/models/concerns/foreman_openscap/openscap_proxy_core_extensions.rb

@@ -4,19 +4,26 @@ module ForemanOpenscap
 
     included do
       validate :openscap_proxy_has_feature
+      validate :scap_client_class_present
+      after_save :update_scap_client
     end
 
-    def update_scap_client_params(proxy_id)
-      new_proxy = SmartProxy.find proxy_id
+    def update_scap_client
+      update_scap_client_params if openscap_proxy_id_changed?
+    end
+
+    def update_scap_client_params
       model_match = self.class.name.underscore.match(/\Ahostgroup\z/) ? "hostgroup" : "fqdn"
-      puppetclass = Puppetclass.find_by_name("foreman_scap_client")
-      fail _("Puppetclass 'foreman_scap_client' not found, make sure it is imported form Puppetmaster") if puppetclass.nil?
-      scap_params = puppetclass.class_params
+      scap_params = find_scap_client.class_params
       server_lookup_key = scap_params.find { |param| param.key == "server" }
       port_lookup_key = scap_params.find { |param| param.key == "port" }
       pairs = scap_client_lookup_values_for([server_lookup_key, port_lookup_key], model_match)
-      mapping = { "server" => new_proxy.hostname, "port" => new_proxy.port }
-      update_scap_client_lookup_values(pairs, model_match, mapping)
+      if openscap_proxy_id
+        mapping = { "server" => openscap_proxy.hostname, "port" => openscap_proxy.port }
+        update_scap_client_lookup_values(pairs, model_match, mapping)
+      else
+        destroy_scap_client_lookup_values pairs
+      end
     end
 
     def inherited_openscap_proxy_id
@@ -32,6 +39,10 @@ module ForemanOpenscap
       end
     end
 
+    def destroy_scap_client_lookup_values(pairs)
+      pairs.values.map(&:destroy)
+    end
+
     def update_scap_client_lookup_values(pairs, model_match, mapping)
       pairs.each do |k, v|
         if v.nil?
@@ -43,13 +54,22 @@ module ForemanOpenscap
       end
     end
 
+    def find_scap_client
+      Puppetclass.find_by_name("foreman_scap_client")
+    end
+
     def lookup_matcher(model_match)
       model_match == "fqdn" ? "#{model_match}=#{name}" : "#{model_match}=#{title}"
     end
 
     def openscap_proxy_has_feature
-      return true unless openscap_proxy_id
-      openscap_proxy.has_feature? "Openscap"
+      errors.add(:openscap_proxy_id, _("must have Openscap feature")) if openscap_proxy_id && !openscap_proxy.has_feature?("Openscap")
+    end
+
+    def scap_client_class_present
+      if openscap_proxy_id_changed? && openscap_proxy_id
+        errors.add(:openscap_proxy_id, _("Puppet class 'foreman_scap_client' not found, make sure it is imported from Puppet master")) unless find_scap_client
+      end
     end
   end
 end

data/app/models/concerns/foreman_openscap/openscap_proxy_extensions.rb

@@ -10,7 +10,7 @@ module ForemanOpenscap
     def openscap_proxy_api
       return @openscap_api if @openscap_api
       proxy_url = openscap_proxy.url if openscap_proxy
-      fail(_("No openscap proxy found for %s") % id) unless proxy_url
+      fail(_("No OpenSCAP proxy found for %s") % id) unless proxy_url
       @openscap_api = ::ProxyAPI::Openscap.new(:url => proxy_url)
     end
   end

data/app/models/foreman_openscap/arf_report.rb

@@ -6,20 +6,18 @@ module ForemanOpenscap
     include OpenscapProxyExtensions
 
     # attr_accessible :host_id, :reported_at, :status, :metrics
-    RESULT = %w(pass fail error unknown notapplicable notchecked notselected informational fixed)
     METRIC = %w(passed othered failed)
     BIT_NUM = 10
     MAX = (1 << BIT_NUM) - 1
 
+    scoped_search :on => :status, :offset => 0, :word_size => 4*BIT_NUM, :complete_value => {:true => true, :false => false}, :rename => :eventful
+
     has_one :policy_arf_report, :dependent => :destroy
     has_one :policy, :through => :policy_arf_report
     has_one :asset, :through => :host, :class_name => 'ForemanOpenscap::Asset', :as => :assetable
     after_save :assign_locations_organizations
     has_one :log, :foreign_key => :report_id
 
-    delegate :result, :to => :log, :allow_nil => true
-    validate :result, :inclusion => { :in => RESULT }
-
     delegate :asset=, :to => :host
 
     default_scope do