foreman_openscap 0.7.4 → 0.7.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/api/v2/compliance/arf_reports_controller.rb +1 -1
- data/app/controllers/api/v2/compliance/policies_controller.rb +7 -3
- data/app/controllers/arf_reports_controller.rb +1 -1
- data/app/helpers/arf_reports_helper.rb +13 -0
- data/app/models/foreman_openscap/policy.rb +8 -1
- data/app/models/foreman_openscap/scap_content.rb +2 -0
- data/app/models/foreman_openscap/tailoring_file.rb +1 -0
- data/app/views/api/v2/compliance/arf_reports/main.json.rabl +11 -3
- data/app/views/api/v2/compliance/policies/show.json.rabl +4 -0
- data/app/views/api/v2/compliance/scap_contents/create.json.rabl +3 -0
- data/app/views/arf_reports/_list.html.erb +5 -1
- data/app/views/arf_reports/show.html.erb +2 -1
- data/db/migrate/20170821081205_rename_mail_notification.foreman_openscap.rb +15 -0
- data/db/migrate/20170830221751_add_index_to_logs_result.rb +9 -0
- data/db/seeds.d/openscap_policy_notification.rb +2 -2
- data/lib/foreman_openscap/version.rb +1 -1
- data/test/factories/policy_factory.rb +2 -2
- data/test/functional/api/v2/compliance/policies_controller_test.rb +8 -0
- data/test/unit/policy_test.rb +21 -4
- metadata +6 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '085004ef2bb328311e119ca13288b338e9f7a8cc'
|
|
4
|
+
data.tar.gz: a4c0a6abd4d4cc3f4fa1159bd36d0f008ecf0662
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0b9284ddb0c3b9b0eb46b67fc3700ff1c2aa5ba4e81b9f0ba91b625d367e0024208748abb8b55b8f4f0edaa2fe82543ec17ade91ea62103cbb505047eac8c5f5
|
|
7
|
+
data.tar.gz: ed70fc17d804fdff59bf090c3c9d6b04f233808757c8bd56865168e2f33d0c5c8dd2211235d65189b04471332c792c843049709e71d56b2a38ac427b61b5cc05
|
|
@@ -26,7 +26,7 @@ module Api
|
|
|
26
26
|
param_group :search_and_pagination, ::Api::V2::BaseController
|
|
27
27
|
|
|
28
28
|
def index
|
|
29
|
-
@arf_reports = resource_scope_for_index(:permission => :edit_compliance).includes(:
|
|
29
|
+
@arf_reports = resource_scope_for_index(:permission => :edit_compliance).includes(:openscap_proxy, :policy, :host)
|
|
30
30
|
end
|
|
31
31
|
|
|
32
32
|
api :GET, '/compliance/arf_reports/:id', N_('Show an ARF report')
|
|
@@ -90,9 +90,13 @@ module Api::V2
|
|
|
90
90
|
|
|
91
91
|
def tailoring
|
|
92
92
|
@tailoring_file = @policy.tailoring_file
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
93
|
+
if @tailoring_file
|
|
94
|
+
send_data @tailoring_file.scap_file,
|
|
95
|
+
:type => 'application/xml',
|
|
96
|
+
:filename => @tailoring_file.original_filename
|
|
97
|
+
else
|
|
98
|
+
render(:json => { :error => { :message => _("No Tailoring file assigned for policy with id %s") % @policy.id } }, :status => 404)
|
|
99
|
+
end
|
|
96
100
|
end
|
|
97
101
|
|
|
98
102
|
private
|
|
@@ -10,7 +10,7 @@ class ArfReportsController < ApplicationController
|
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
def index
|
|
13
|
-
@arf_reports = resource_base.includes(:host => %i[policies last_report_object host_statuses])
|
|
13
|
+
@arf_reports = resource_base.includes(:policy, :openscap_proxy, :host => %i[policies last_report_object host_statuses])
|
|
14
14
|
.search_for(params[:search], :order => params[:order])
|
|
15
15
|
.paginate(:page => params[:page], :per_page => params[:per_page])
|
|
16
16
|
end
|
|
@@ -52,4 +52,17 @@ module ArfReportsHelper
|
|
|
52
52
|
:'data-dialog-title' => _("%s - The following compliance reports are about to be changed") % action[0])
|
|
53
53
|
end.flatten)
|
|
54
54
|
end
|
|
55
|
+
|
|
56
|
+
def openscap_proxy_link(arf_report)
|
|
57
|
+
return _("No proxy found!") unless arf_report.openscap_proxy
|
|
58
|
+
display_link_if_authorized(arf_report.openscap_proxy.name, hash_for_smart_proxy_path(:id => arf_report.openscap_proxy_id))
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def reported_info(arf_report)
|
|
62
|
+
msg = _("Reported at %s") % arf_report.reported_at
|
|
63
|
+
msg << _(" for policy %s") % display_link_if_authorized(arf_report.policy.name, hash_for_edit_policy_path(:id => arf_report.policy.id)) if arf_report.policy
|
|
64
|
+
return msg.html_safe unless arf_report.openscap_proxy
|
|
65
|
+
msg += _(" through %s") % openscap_proxy_link(arf_report)
|
|
66
|
+
msg.html_safe
|
|
67
|
+
end
|
|
55
68
|
end
|
|
@@ -3,6 +3,7 @@ module ForemanOpenscap
|
|
|
3
3
|
include Authorizable
|
|
4
4
|
include Taxonomix
|
|
5
5
|
attr_writer :current_step, :wizard_initiated
|
|
6
|
+
audited
|
|
6
7
|
|
|
7
8
|
belongs_to :scap_content
|
|
8
9
|
belongs_to :scap_content_profile
|
|
@@ -29,9 +30,9 @@ module ForemanOpenscap
|
|
|
29
30
|
|
|
30
31
|
validates :scap_content_id, presence: true, if: Proc.new { |policy| policy.should_validate?('SCAP Content') }
|
|
31
32
|
validates :scap_content_profile_id, presence: true, if: Proc.new { |policy| policy.should_validate?('SCAP Content') }
|
|
33
|
+
validate :matching_content_profile, if: Proc.new { |policy| policy.should_validate?('SCAP Content') }
|
|
32
34
|
|
|
33
35
|
validate :valid_cron_line, :valid_weekday, :valid_day_of_month, :valid_tailoring, :valid_tailoring_profile
|
|
34
|
-
|
|
35
36
|
after_save :assign_policy_to_hostgroups
|
|
36
37
|
# before_destroy - ensure that the policy has no hostgroups, or classes
|
|
37
38
|
|
|
@@ -294,6 +295,12 @@ module ForemanOpenscap
|
|
|
294
295
|
end
|
|
295
296
|
end
|
|
296
297
|
|
|
298
|
+
def matching_content_profile
|
|
299
|
+
if scap_content_id && scap_content_profile_id && !ScapContent.find(scap_content_id).scap_content_profile_ids.include?(scap_content_profile_id)
|
|
300
|
+
errors.add(:scap_content_id, _("does not have the selected SCAP content profile"))
|
|
301
|
+
end
|
|
302
|
+
end
|
|
303
|
+
|
|
297
304
|
def assign_policy_to_hostgroups
|
|
298
305
|
if hostgroups.any?
|
|
299
306
|
puppetclass = find_scap_puppetclass
|
|
@@ -3,11 +3,13 @@ module ForemanOpenscap
|
|
|
3
3
|
include Authorizable
|
|
4
4
|
include Taxonomix
|
|
5
5
|
include DataStreamContent
|
|
6
|
+
audited :except => [ :scap_file ]
|
|
6
7
|
|
|
7
8
|
has_many :scap_content_profiles, :dependent => :destroy
|
|
8
9
|
has_many :policies
|
|
9
10
|
|
|
10
11
|
validates :title, :presence => true, :length => { :maximum => 255 }
|
|
12
|
+
validates :original_filename, :length => { :maximum => 255 }
|
|
11
13
|
|
|
12
14
|
scoped_search :on => :title, :complete_value => true
|
|
13
15
|
scoped_search :on => :original_filename, :complete_value => true, :rename => :filename
|
|
@@ -2,8 +2,16 @@ object @arf_report
|
|
|
2
2
|
|
|
3
3
|
extends "api/v2/compliance/arf_reports/base"
|
|
4
4
|
|
|
5
|
-
attributes :created_at, :updated_at, :
|
|
5
|
+
attributes :created_at, :updated_at, :reported_at
|
|
6
6
|
|
|
7
|
-
|
|
8
|
-
|
|
7
|
+
child :openscap_proxy => :openscap_proxy do
|
|
8
|
+
attributes :id, :name
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
child :host do
|
|
12
|
+
attributes :id, :name
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
child :policy do
|
|
16
|
+
attributes :id, :name
|
|
9
17
|
end
|
|
@@ -5,6 +5,8 @@
|
|
|
5
5
|
<th class="ca" width="40px"><%= check_box_tag "check_all", "", false, { :onclick => "toggleCheck()", :'check-title' => _("Select all items in this page"), :'uncheck-title'=> _("items selected. Uncheck to Clear") } %></th>
|
|
6
6
|
<th><%= sort :host %></th>
|
|
7
7
|
<th><%= sort :reported, :as => _("Reported At") %></th>
|
|
8
|
+
<th><%= sort :policy, :as => _("Policy") %></th>
|
|
9
|
+
<th><%= sort :openscap_proxy, :as => _("Openscap Proxy") %></th>
|
|
8
10
|
<th><%= sort :compliance_passed, :as => _("Passed") %></th>
|
|
9
11
|
<th><%= sort :compliance_failed, :as => _("Failed") %></th>
|
|
10
12
|
<th><%= sort :compliance_othered, :as => _("Other") %></th>
|
|
@@ -21,8 +23,10 @@
|
|
|
21
23
|
:class => 'host_select_boxes',
|
|
22
24
|
:onclick => 'hostChecked(this)' %>
|
|
23
25
|
</td>
|
|
24
|
-
<td><%= name_column(arf_report.host) %></td>
|
|
26
|
+
<td class="elipsis"><%= name_column(arf_report.host) %></td>
|
|
25
27
|
<td><%= display_link_if_authorized(_("%s ago") % time_ago_in_words(arf_report.reported_at), hash_for_arf_report_path(:id => arf_report.id)) %></td>
|
|
28
|
+
<td class="ellipsis"><%= display_link_if_authorized(arf_report.policy.name, hash_for_edit_policy_path(:id => arf_report.policy.id)) %></th>
|
|
29
|
+
<td class="ellipsis"><%= openscap_proxy_link arf_report %></th>
|
|
26
30
|
<td><%= report_arf_column(arf_report.passed, "label-info") %></th>
|
|
27
31
|
<td><%= report_arf_column(arf_report.failed, "label-danger") %></th>
|
|
28
32
|
<td><%= report_arf_column(arf_report.othered, "label-warning") %></th>
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
class RenameMailNotification < ActiveRecord::Migration
|
|
2
|
+
def up
|
|
3
|
+
notification = MailNotification.where(:name => 'openscap_policy_summary').first
|
|
4
|
+
if notification
|
|
5
|
+
notification.update_attribute :name, 'compliance_policy_summary'
|
|
6
|
+
end
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def down
|
|
10
|
+
notification = MailNotification.where(:name => 'compliance_policy_summary').first
|
|
11
|
+
if notification
|
|
12
|
+
notification.update_attribute :name, 'openscap_policy_summary'
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
N_('
|
|
1
|
+
N_('Compliance policy summary')
|
|
2
2
|
|
|
3
3
|
policy_notification = {
|
|
4
|
-
:name => :
|
|
4
|
+
:name => :compliance_policy_summary,
|
|
5
5
|
:description => N_('A summary of reports for OpenSCAP policies'),
|
|
6
6
|
:mailer => 'ForemanOpenscap::PolicyMailer',
|
|
7
7
|
:method => 'policy_summary',
|
|
@@ -3,8 +3,8 @@ FactoryGirl.define do
|
|
|
3
3
|
sequence(:name) { |n| "policy#{n}" }
|
|
4
4
|
period 'weekly'
|
|
5
5
|
weekday 'monday'
|
|
6
|
-
scap_content
|
|
7
|
-
scap_content_profile
|
|
6
|
+
scap_content { FactoryGirl.create(:scap_content) }
|
|
7
|
+
scap_content_profile { FactoryGirl.create(:scap_content_profile, :scap_content => scap_content) }
|
|
8
8
|
tailoring_file nil
|
|
9
9
|
tailoring_file_profile nil
|
|
10
10
|
day_of_month nil
|
|
@@ -93,4 +93,12 @@ class Api::V2::Compliance::PoliciesControllerTest < ActionController::TestCase
|
|
|
93
93
|
assert(@response.header['Content-Type'], 'application/xml')
|
|
94
94
|
assert_response :success
|
|
95
95
|
end
|
|
96
|
+
|
|
97
|
+
test "should return meaningufull error when no tailioring file assigned" do
|
|
98
|
+
policy = FactoryGirl.create(:policy)
|
|
99
|
+
get :tailoring, { :id => policy.id }, set_session_user
|
|
100
|
+
assert_response :not_found
|
|
101
|
+
response = ActiveSupport::JSON.decode(@response.body)
|
|
102
|
+
assert_equal "No Tailoring file assigned for policy with id #{policy.id}", response['error']['message']
|
|
103
|
+
end
|
|
96
104
|
end
|
data/test/unit/policy_test.rb
CHANGED
|
@@ -6,7 +6,7 @@ class PolicyTest < ActiveSupport::TestCase
|
|
|
6
6
|
ForemanOpenscap::DataStreamValidator.any_instance.stubs(:validate)
|
|
7
7
|
ForemanOpenscap::ScapContent.any_instance.stubs(:fetch_profiles).returns({ 'test_profile_key' => 'test_profile_title' })
|
|
8
8
|
@scap_content = FactoryGirl.create(:scap_content)
|
|
9
|
-
@scap_profile = FactoryGirl.create(:scap_content_profile)
|
|
9
|
+
@scap_profile = FactoryGirl.create(:scap_content_profile, :scap_content => @scap_content)
|
|
10
10
|
@tailoring_profile = FactoryGirl.create(:scap_content_profile, :profile_id => 'xccdf_org.test.tailoring_test_profile')
|
|
11
11
|
end
|
|
12
12
|
|
|
@@ -16,7 +16,7 @@ class PolicyTest < ActiveSupport::TestCase
|
|
|
16
16
|
hg1 = FactoryGirl.create(:hostgroup)
|
|
17
17
|
hg2 = FactoryGirl.create(:hostgroup)
|
|
18
18
|
asset = FactoryGirl.create(:asset, :assetable_id => hg1.id, :assetable_type => 'Hostgroup')
|
|
19
|
-
policy = FactoryGirl.create(:policy, :assets => [asset])
|
|
19
|
+
policy = FactoryGirl.create(:policy, :assets => [asset], :scap_content => @scap_content, :scap_content_profile => @scap_profile)
|
|
20
20
|
policy.hostgroup_ids = [hg1, hg2].map(&:id)
|
|
21
21
|
policy.save!
|
|
22
22
|
assert_equal 2, policy.hostgroups.count
|
|
@@ -28,7 +28,7 @@ class PolicyTest < ActiveSupport::TestCase
|
|
|
28
28
|
ForemanOpenscap::Policy.any_instance.stubs(:populate_overrides)
|
|
29
29
|
hg = FactoryGirl.create(:hostgroup)
|
|
30
30
|
asset = FactoryGirl.create(:asset, :assetable_id => hg.id, :assetable_type => 'Hostgroup')
|
|
31
|
-
policy = FactoryGirl.create(:policy, :assets => [asset])
|
|
31
|
+
policy = FactoryGirl.create(:policy, :assets => [asset], :scap_content => @scap_content, :scap_content_profile => @scap_profile)
|
|
32
32
|
policy.save!
|
|
33
33
|
hg.hostgroup_classes.destroy_all
|
|
34
34
|
hg.destroy
|
|
@@ -145,7 +145,7 @@ class PolicyTest < ActiveSupport::TestCase
|
|
|
145
145
|
end
|
|
146
146
|
|
|
147
147
|
test "should have correct scap profile in enc" do
|
|
148
|
-
p = FactoryGirl.create(:policy)
|
|
148
|
+
p = FactoryGirl.create(:policy, :scap_content => @scap_content, :scap_content_profile => @scap_profile)
|
|
149
149
|
profile_id = p.scap_content_profile.profile_id
|
|
150
150
|
assert_equal profile_id, p.to_enc['profile_id']
|
|
151
151
|
tailoring_profile = FactoryGirl.create(:scap_content_profile, :profile_id => 'xccdf_org.test.tailoring_test_profile')
|
|
@@ -190,4 +190,21 @@ class PolicyTest < ActiveSupport::TestCase
|
|
|
190
190
|
assert_equal 6, p.to_enc['tailoring_download_path'].split('/').length
|
|
191
191
|
assert_equal tailoring_file.digest, p.to_enc['tailoring_download_path'].split('/').last
|
|
192
192
|
end
|
|
193
|
+
|
|
194
|
+
test "should have assigned a content profile that belongs to assigned scap content" do
|
|
195
|
+
scap_content_2 = FactoryGirl.create(:scap_content)
|
|
196
|
+
p = ForemanOpenscap::Policy.create(:name => "valid_profile_policy",
|
|
197
|
+
:scap_content_id => @scap_content.id,
|
|
198
|
+
:scap_content_profile_id => @scap_profile.id,
|
|
199
|
+
:period => 'monthly',
|
|
200
|
+
:day_of_month => '5')
|
|
201
|
+
assert p.valid?
|
|
202
|
+
q = ForemanOpenscap::Policy.create(:name => "invalid_profile_policy",
|
|
203
|
+
:scap_content_id => scap_content_2.id,
|
|
204
|
+
:scap_content_profile_id => @scap_profile.id,
|
|
205
|
+
:period => 'monthly',
|
|
206
|
+
:day_of_month => '5')
|
|
207
|
+
refute q.valid?
|
|
208
|
+
assert_equal "does not have the selected SCAP content profile", q.errors.messages[:scap_content_id].first
|
|
209
|
+
end
|
|
193
210
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: foreman_openscap
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.7.
|
|
4
|
+
version: 0.7.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- slukasik@redhat.com
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-09-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: deface
|
|
@@ -113,6 +113,7 @@ files:
|
|
|
113
113
|
- app/views/api/v2/compliance/policies/main.json.rabl
|
|
114
114
|
- app/views/api/v2/compliance/policies/show.json.rabl
|
|
115
115
|
- app/views/api/v2/compliance/scap_contents/base.json.rabl
|
|
116
|
+
- app/views/api/v2/compliance/scap_contents/create.json.rabl
|
|
116
117
|
- app/views/api/v2/compliance/scap_contents/index.json.rabl
|
|
117
118
|
- app/views/api/v2/compliance/scap_contents/main.json.rabl
|
|
118
119
|
- app/views/api/v2/compliance/scap_contents/show.json.rabl
|
|
@@ -216,6 +217,8 @@ files:
|
|
|
216
217
|
- db/migrate/20160925213031_change_scap_widget_names.rb
|
|
217
218
|
- db/migrate/20161109155255_create_tailoring_files.rb
|
|
218
219
|
- db/migrate/20161223153249_add_permissions_to_arf_report.rb
|
|
220
|
+
- db/migrate/20170821081205_rename_mail_notification.foreman_openscap.rb
|
|
221
|
+
- db/migrate/20170830221751_add_index_to_logs_result.rb
|
|
219
222
|
- db/seeds.d/75-job_templates.rb
|
|
220
223
|
- db/seeds.d/openscap_feature.rb
|
|
221
224
|
- db/seeds.d/openscap_policy_notification.rb
|
|
@@ -313,7 +316,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
313
316
|
version: '0'
|
|
314
317
|
requirements: []
|
|
315
318
|
rubyforge_project:
|
|
316
|
-
rubygems_version: 2.
|
|
319
|
+
rubygems_version: 2.6.8
|
|
317
320
|
signing_key:
|
|
318
321
|
specification_version: 4
|
|
319
322
|
summary: Foreman plug-in for displaying OpenSCAP audit reports
|