foreman_openscap 0.6.4 → 0.6.5

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 7e87dce0b8251a238c5e9893119aa4a98db7a3a0
4
- data.tar.gz: ed41c816b9194e86b8c6a7a4fc627e0a205a9680
3
+ metadata.gz: af14c957ab312cad9a1af665492c7684fbd4483f
4
+ data.tar.gz: 7085d5dd248a19fa3c746cc37756630bba065429
5
5
  SHA512:
6
- metadata.gz: eeea587bb391f44a7f1d1a645c9060850e9a408df25f141d671f7ab48c8fb3e0d298ab02ee795f17661e56d1cea8f2085052dc2faefedf256ef112c4a0346d42
7
- data.tar.gz: 37deb96efe064794ae14ba33876509598baaf5a3c73a32604134f074492144ee4656010da49c21770dee01c1d26511fb54847574b6d5e70d73ff063497d79acf
6
+ metadata.gz: bae574807e8c53cffa7e3cf1273aacf1c01c102c89cd2a5b9128042b394fb05ad60cfe6a55f7fdfcb6ef5e1c5ef621e9c8f048ab51e7047676c4cffbb362ffcc
7
+ data.tar.gz: db89e1a4e868dca5482d468985cac76eba3935b9bdebc9f1e16c3eac1f30dfa4e02c59373113950d559c1cbe0d5a332f8ac0dcf55f45426573931993d6c145d3
@@ -7,11 +7,12 @@ module Api
7
7
  class ArfReportsController < V2::BaseController
8
8
  include Api::Version2
9
9
  include Foreman::Controller::SmartProxyAuth
10
+ include ForemanOpenscap::ArfReportsControllerCommonExtensions
10
11
 
11
12
  add_smart_proxy_filters :create, :features => 'Openscap'
12
13
 
13
- before_filter :find_resource, :only => %w(show destroy download)
14
- skip_after_filter :log_response_body, :only => %w(download)
14
+ before_filter :find_resource, :only => %w(show destroy download download_html)
15
+ skip_after_filter :log_response_body, :only => %w(download download_html)
15
16
 
16
17
  def resource_name
17
18
  '::ForemanOpenscap::ArfReport'
@@ -58,9 +59,19 @@ module Api
58
59
 
59
60
  def download
60
61
  response = @arf_report.to_bzip
61
- send_data response, :filename => "#{@arf_report.id}_arf_report.bz2"
62
+ send_data response, :filename => "#{format_filename}.xml.bz2"
62
63
  rescue => e
63
- render_error 'standard_error', :status => :internal_error, :locals => { :exception => e }
64
+ handle_download_error e
65
+ end
66
+
67
+ api :GET, "/compliance/arf_reports/:id/download_html/", N_("Download ARF report in HTML")
68
+ param :id, :identifier, :required => true
69
+
70
+ def download_html
71
+ response = @arf_report.to_html
72
+ send_data response, :filename => "#{format_filename}.html"
73
+ rescue => e
74
+ handle_download_error e
64
75
  end
65
76
 
66
77
  private
@@ -70,9 +81,13 @@ module Api
70
81
  instance_variable_set("@arf_report", resource_scope.find(params[:id]))
71
82
  end
72
83
 
84
+ def handle_download_error(error)
85
+ render_error 'standard_error', :status => :internal_error, :locals => { :exception => error }
86
+ end
87
+
73
88
  def action_permission
74
89
  case params[:action]
75
- when 'download'
90
+ when 'download', 'download_html'
76
91
  :view
77
92
  else
78
93
  super
@@ -1,7 +1,8 @@
1
1
  class ArfReportsController < ApplicationController
2
2
  include Foreman::Controller::AutoCompleteSearch
3
+ include ForemanOpenscap::ArfReportsControllerCommonExtensions
3
4
 
4
- before_filter :find_arf_report, :only => [:show, :show_html, :destroy, :parse_html, :parse_bzip]
5
+ before_filter :find_arf_report, :only => [:show, :show_html, :destroy, :parse_html, :parse_bzip, :download_html]
5
6
  before_filter :find_multiple, :only => [:delete_multiple, :submit_delete_multiple]
6
7
 
7
8
  def model_of_controller
@@ -31,13 +32,24 @@ class ArfReportsController < ApplicationController
31
32
  def parse_bzip
32
33
  begin
33
34
  response = @arf_report.to_bzip
34
- send_data response, :filename => "#{@arf_report.id}_arf_report.bz2", :type => 'application/octet-stream', :disposition => 'attachement'
35
+ send_data response, :filename => "#{format_filename}.xml.bz2", :type => 'application/octet-stream', :disposition => 'attachement'
35
36
  rescue => e
36
37
  process_error(:error_msg => (_("Failed to downloaded ARF report as bzip: %s") % (e.message)),
37
38
  :error_redirect => arf_report_path(@arf_report.id))
38
39
  end
39
40
  end
40
41
 
42
+ def download_html
43
+ begin
44
+ response = @arf_report.to_html
45
+ send_data response, :filename => "#{format_filename}.html",
46
+ :type => 'text/html', :disposition => 'attachement'
47
+ rescue => e
48
+ process_error(:error_msg => _("Failed to downloaded ARF report in HTML: %s") % e.message,
49
+ :error_redirect => arf_report_path(@arf_report.id))
50
+ end
51
+ end
52
+
41
53
  def destroy
42
54
  if @arf_report.destroy
43
55
  process_success(:success_msg => (_("Successfully deleted ARF report.")), :success_redirect => arf_reports_path)
@@ -87,7 +99,7 @@ class ArfReportsController < ApplicationController
87
99
 
88
100
  def action_permission
89
101
  case params[:action]
90
- when 'show_html', 'parse_html', 'parse_bzip'
102
+ when 'show_html', 'parse_html', 'parse_bzip', 'download_html'
91
103
  :view
92
104
  when 'delete_multiple', 'submit_delete_multiple'
93
105
  :destroy
@@ -0,0 +1,8 @@
1
+ module ForemanOpenscap
2
+ module ArfReportsControllerCommonExtensions
3
+ extend ActiveSupport::Concern
4
+ def format_filename
5
+ "#{@arf_report.asset.name}-#{@arf_report.reported_at.to_formatted_s(:number)}"
6
+ end
7
+ end
8
+ end
@@ -68,19 +68,19 @@ module ForemanOpenscap
68
68
  end
69
69
 
70
70
  included do
71
- scoped_search :in => :policy, :on => :name, :complete_value => true, :rename => :compliance_policy,
71
+ scoped_search :relation => :policy, :on => :name, :complete_value => true, :rename => :compliance_policy,
72
72
  :only_explicit => true, :ext_method => :search_by_policy_name
73
73
 
74
74
  scoped_search :on => :id, :rename => :last_for, :complete_value => { :host => 0, :policy => 1 },
75
75
  :only_explicit => true, :ext_method => :search_by_last_for
76
76
 
77
- scoped_search :in => :policy, :on => :name, :complete_value => true, :rename => :comply_with,
77
+ scoped_search :relation => :policy, :on => :name, :complete_value => true, :rename => :comply_with,
78
78
  :only_explicit => true, :operators => ['= '], :ext_method => :search_by_comply_with
79
79
 
80
- scoped_search :in => :policy, :on => :name, :complete_value => true, :rename => :not_comply_with,
80
+ scoped_search :relation => :policy, :on => :name, :complete_value => true, :rename => :not_comply_with,
81
81
  :only_explicit => true, :operators => ['= '], :ext_method => :search_by_not_comply_with
82
82
 
83
- scoped_search :in => :policy, :on => :name, :complete_value => true, :rename => :inconclusive_with,
83
+ scoped_search :relation => :policy, :on => :name, :complete_value => true, :rename => :inconclusive_with,
84
84
  :only_explicit => true, :operators => ['= '], :ext_method => :search_by_inconclusive_with
85
85
 
86
86
  compliance_status_scoped_search 'passed', :on => :status, :rename => :compliance_passed
@@ -10,13 +10,13 @@ module ForemanOpenscap
10
10
  has_many :arf_reports, :class_name => '::ForemanOpenscap::ArfReport', :foreign_key => :host_id
11
11
  has_one :compliance_status_object, :class_name => '::ForemanOpenscap::ComplianceStatus', :foreign_key => 'host_id'
12
12
 
13
- scoped_search :in => :policies, :on => :name, :complete_value => true, :rename => :compliance_policy,
14
- :only_explicit => true, :operators => ['= ', '!= '], :ext_method => :search_by_policy_name
13
+ scoped_search :relation => :policies, :on => :name, :complete_value => true, :rename => :compliance_policy,
14
+ :only_explicit => true, :operators => ['= '], :ext_method => :search_by_policy_name
15
15
 
16
- scoped_search :in => :policies, :on => :name, :complete_value => true, :rename => :compliance_report_missing_for,
16
+ scoped_search :relation => :policies, :on => :name, :complete_value => true, :rename => :compliance_report_missing_for,
17
17
  :only_explicit => true, :operators => ['= ', '!= '], :ext_method => :search_by_missing_arf
18
18
 
19
- scoped_search :in => :compliance_status_object, :on => :status, :rename => :compliance_status,
19
+ scoped_search :relation => :compliance_status_object, :on => :status, :rename => :compliance_status,
20
20
  :complete_value => {:compliant => ::ForemanOpenscap::ComplianceStatus::COMPLIANT,
21
21
  :incompliant => ::ForemanOpenscap::ComplianceStatus::INCOMPLIANT,
22
22
  :inconclusive => ::ForemanOpenscap::ComplianceStatus::INCONCLUSIVE}
@@ -63,7 +63,9 @@ module ForemanOpenscap
63
63
  end
64
64
 
65
65
  def policies_enc
66
- combined_policies.map(&:to_enc).to_json
66
+ check = ForemanOpenscap::OpenscapProxyAssignedVersionCheck.new(self).run
67
+ method = check.pass? ? :to_enc : :to_enc_legacy
68
+ combined_policies.map(&method).to_json
67
69
  end
68
70
 
69
71
  def combined_policies
@@ -102,23 +104,20 @@ module ForemanOpenscap
102
104
  module ClassMethods
103
105
  def search_by_policy_name(key, operator, policy_name)
104
106
  cond = sanitize_sql_for_conditions(["foreman_openscap_policies.name #{operator} ?", value_to_sql(operator, policy_name)])
105
- { :conditions => Host::Managed.arel_table[:id].in(
106
- Host::Managed.select(Host::Managed.arel_table[:id]).joins(:policies).where(cond).ast
107
- ).to_sql }
107
+ { :conditions => Host::Managed.arel_table[:id].in(Host::Managed.select(Host::Managed.arel_table[:id]).joins(:policies).where(cond).pluck(:id)).to_sql }
108
108
  end
109
109
 
110
110
  def search_by_missing_arf(key, operator, policy_name)
111
111
  cond = sanitize_sql_for_conditions(["foreman_openscap_policies.name #{operator} ?", value_to_sql(operator, policy_name)])
112
- { :conditions => Host::Managed.arel_table[:id].in(
113
- Host::Managed.select(Host::Managed.arel_table[:id])
114
- .joins(:policies)
115
- .where(cond)
116
- .where("foreman_openscap_assets.id NOT IN (
112
+ { :conditions => Host::Managed.arel_table[:id].in(Host::Managed.select(Host::Managed.arel_table[:id]).
113
+ joins(:policies).
114
+ where(cond).
115
+ where("foreman_openscap_assets.id NOT IN (
117
116
  SELECT DISTINCT foreman_openscap_arf_reports.asset_id
118
117
  FROM foreman_openscap_arf_reports
119
118
  WHERE foreman_openscap_arf_reports.asset_id = foreman_openscap_assets.id
120
- AND foreman_openscap_arf_reports.policy_id = foreman_openscap_policies.id)
121
- ").ast).to_sql
119
+ AND foreman_openscap_arf_reports.policy_id = foreman_openscap_policies.id)").
120
+ pluck(:id)).to_sql
122
121
  }
123
122
  end
124
123
  end
@@ -164,11 +164,15 @@ module ForemanOpenscap
164
164
  end
165
165
 
166
166
  def destroy
167
- begin
168
- openscap_proxy_api.destroy_report(self, ForemanOpenscap::Helper::find_name_or_uuid_by_host(host))
169
- rescue Foreman::Exception => e
170
- logger.error "Failed to delete report with id #{id} from proxy, cause: #{e.message}"
171
- logger.debug e.backtrace.join("\n\t")
167
+ if host
168
+ begin
169
+ openscap_proxy_api.destroy_report(self, ForemanOpenscap::Helper::find_name_or_uuid_by_host(host))
170
+ rescue Foreman::Exception => e
171
+ logger.error "Failed to delete report with id #{id} from proxy, cause: #{e.message}"
172
+ logger.debug e.backtrace.join("\n\t")
173
+ end
174
+ else
175
+ logger.error "Failed to delete report with id #{id} from proxy, no host associated with report"
172
176
  end
173
177
  super
174
178
  end
@@ -171,11 +171,15 @@ module ForemanOpenscap
171
171
  'profile_id' => profile_for_scan,
172
172
  'content_path' => "/var/lib/openscap/content/#{self.scap_content.digest}.xml",
173
173
  'tailoring_path' => tailoring_file ? "/var/lib/openscap/tailoring/#{self.tailoring_file.digest}.xml" : '',
174
- 'download_path' => "/compliance/policies/#{self.id}/content", # default to proxy path
175
- 'tailoring_download_path' => "/compliance/policies/#{self.id}/tailoring"
174
+ 'download_path' => "/compliance/policies/#{self.id}/content/#{scap_content.digest}",
175
+ 'tailoring_download_path' => tailoring_file ? "/compliance/policies/#{self.id}/tailoring/#{tailoring_file.digest}" : ''
176
176
  }.merge(period_enc)
177
177
  end
178
178
 
179
+ def to_enc_legacy
180
+ to_enc.tap { |hash| hash['download_path'] = "/compliance/policies/#{self.id}/content" }
181
+ end
182
+
179
183
  def should_validate?(step_name)
180
184
  if new_record? && wizard_initiated?
181
185
  step_index > step_to_i(step_name)
@@ -0,0 +1,14 @@
1
+ module ForemanOpenscap
2
+ class OpenscapProxyAssignedVersionCheck < OpenscapProxyVersionCheck
3
+ def initialize(host)
4
+ @host = host
5
+ super()
6
+ end
7
+
8
+ private
9
+
10
+ def get_openscap_proxies
11
+ @host.openscap_proxy ? [@host.openscap_proxy] : []
12
+ end
13
+ end
14
+ end
@@ -9,7 +9,7 @@ module ForemanOpenscap
9
9
 
10
10
  def run
11
11
  @versions = openscap_proxy_versions.select do |key, value|
12
- Gem::Version.new(value) <= Gem::Version.new("0.6.1")
12
+ Gem::Version.new(value) < Gem::Version.new("0.6.1")
13
13
  end
14
14
  self
15
15
  end
@@ -12,5 +12,6 @@
12
12
  display_delete_if_authorized(hash_for_arf_report_path(:id => @arf_report), :class=> "btn btn-danger"),
13
13
  link_to(_("Host details"), @arf_report.host, :class => "btn btn-default"),
14
14
  link_to(_("View full report"), show_html_arf_report_path(:id => @arf_report.id), :class => "btn btn-default"),
15
- link_to(_("Download XML in bzip"), parse_bzip_arf_report_path(:id => @arf_report.id), :class => "btn btn-default", :data => { :no_turbolink => true })
15
+ link_to(_("Download XML in bzip"), parse_bzip_arf_report_path(:id => @arf_report.id), :class => "btn btn-default", :data => { :no_turbolink => true }),
16
+ link_to(_("Download HTML"), download_html_arf_report_path(:id => @arf_report.id), :class => "btn btn-default", :data => { :no_turbolink => true })
16
17
  %>
@@ -0,0 +1,21 @@
1
+ <%#
2
+ name: Run OpenSCAP scans
3
+ job_category: OpenSCAP
4
+ description_format: Run scan for all OpenSCAP policies on host
5
+ feature: foreman_openscap_run_scans
6
+ provider_type: SSH
7
+ snippet: false
8
+ template_inputs:
9
+ - name: policies
10
+ required: false
11
+ input_type: puppet_parameter
12
+ puppet_class_name: foreman_scap_client
13
+ puppet_parameter_name: policies
14
+ advanced: false
15
+ provider_type: SSH
16
+ kind: job_template
17
+ %>
18
+
19
+ <% input('policies').map { |policy_config| policy_config['id'] }.each do |id| -%>
20
+ /usr/bin/foreman_scap_client <%= id %>
21
+ <% end -%>
data/config/routes.rb CHANGED
@@ -7,6 +7,7 @@ Rails.application.routes.draw do
7
7
  get 'show_html'
8
8
  get 'parse_html'
9
9
  get 'parse_bzip'
10
+ get 'download_html'
10
11
  end
11
12
  collection do
12
13
  get 'auto_complete_search'
@@ -80,6 +81,7 @@ Rails.application.routes.draw do
80
81
  resources :arf_reports, :only => [:index, :show, :destroy] do
81
82
  member do
82
83
  get 'download'
84
+ get 'download_html'
83
85
  end
84
86
  end
85
87
  post 'arf_reports/:cname/:policy_id/:date', \
@@ -0,0 +1,10 @@
1
+ if ForemanOpenscap.with_remote_execution?
2
+ User.as_anonymous_admin do
3
+ JobTemplate.without_auditing do
4
+ Dir[File.join("#{ForemanOpenscap::Engine.root}/app/views/job_templates/**/*.erb")].each do |template|
5
+ sync = !Rails.env.test? && Setting[:remote_execution_sync_templates]
6
+ JobTemplate.import!(File.read(template), :default => true, :locked => true, :update => sync)
7
+ end
8
+ end
9
+ end
10
+ end
@@ -9,6 +9,7 @@ module ForemanOpenscap
9
9
  config.autoload_paths += Dir["#{config.root}/app/models"]
10
10
  config.autoload_paths += Dir["#{config.root}/app/overrides"]
11
11
  config.autoload_paths += Dir["#{config.root}/app/lib"]
12
+ config.autoload_paths += Dir["#{config.root}/app/services"]
12
13
  config.autoload_paths += Dir["#{config.root}/lib"]
13
14
  config.autoload_paths += Dir["#{config.root}/test/"]
14
15
 
@@ -51,8 +52,8 @@ module ForemanOpenscap
51
52
  # Add permissions
52
53
  security_block :foreman_openscap do
53
54
  permission :view_arf_reports, {:arf_reports => [:index, :show, :parse_html, :show_html,
54
- :parse_bzip, :auto_complete_search],
55
- 'api/v2/compliance/arf_reports' => [:index, :show, :download],
55
+ :parse_bzip, :auto_complete_search, :download_html],
56
+ 'api/v2/compliance/arf_reports' => [:index, :show, :download, :download_html],
56
57
  :compliance_hosts => [:show]},
57
58
  :resource_type => 'ForemanOpenscap::ArfReport'
58
59
  permission :destroy_arf_reports, {:arf_reports => [:destroy, :delete_multiple, :submit_delete_multiple],
@@ -154,6 +155,20 @@ module ForemanOpenscap
154
155
  parameter_filter Hostgroup, :openscap_proxy_id, :openscap_proxy
155
156
  parameter_filter Log, :result
156
157
 
158
+ if ForemanOpenscap.with_remote_execution?
159
+ RemoteExecutionFeature.register(:foreman_openscap_run_scans, N_("Run OpenSCAP scan"),
160
+ :description => N_("Run OpenSCAP scan"),
161
+ :host_action_button => true,
162
+ :provided_inputs => "policies")
163
+ end
164
+
165
+ add_controller_action_scope(::Api::V2::HostsController, :index) do |base_scope|
166
+ base_scope.includes(:policies)
167
+ end
168
+
169
+ add_controller_action_scope(::HostsController, :index) do |base_scope|
170
+ base_scope.includes(:policies)
171
+ end
157
172
  end
158
173
  end
159
174
 
@@ -194,4 +209,8 @@ module ForemanOpenscap
194
209
  def self.use_relative_model_naming?
195
210
  true
196
211
  end
212
+
213
+ def self.with_remote_execution?
214
+ RemoteExecutionFeature rescue false
215
+ end
197
216
  end
@@ -1,3 +1,3 @@
1
1
  module ForemanOpenscap
2
- VERSION = "0.6.4"
2
+ VERSION = "0.6.5"
3
3
  end