foreman_openscap 4.0.6 → 4.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 16f34489dc20040b64ef5ccc88b54eb90d3456a4c4e268ace1b87738eb28bd99
-  data.tar.gz: 9c078065dea24a60c4fcba9edc1d13476fbb2edf149d14aaf3a1067c3bdcdd6b
+  metadata.gz: b5074ed6694cddda4b32459825e324df98f9d4ca1425826adeb86a5983b08be2
+  data.tar.gz: aea63d7dfe108a4262909e3110bdb92d83bd3d6aa5eb68da4fbc27f938195118
 SHA512:
-  metadata.gz: 17d7c741b79378a605fe7cb898a211bfbdad4d5afffed07be5a03818051fbaf169408eb85e8173896115f465a716b66e9f169cdc3b8fbd5ba669b0f24bdf68b5
-  data.tar.gz: efeac51619216fbe985ab12db6c6790c323654aa9a69c38d9fae15503ed59b4aa1cbd77353b0bba75811667aaa9727be46d710e5d0de870cc92f648b59d93829
+  metadata.gz: b9dc895ea62f9d607a76a9e81fcedc088f0562c8faa621ec2a5b0a510d472bd59814cf8c05050e65d01a68b50f4f871945bedd257d07328650d05c21cfb2ce3f
+  data.tar.gz: 4ce6250f308c0bd843261d1dc541d65a1901b0e36ab97c46b007d92668201c2387798307695d8eb3173667d69270bb473f39ca093d20f009cbd2cc67d59784eb

data/app/controllers/api/v2/compliance/scap_contents_controller.rb

@@ -5,7 +5,11 @@ module Api::V2
       include ForemanOpenscap::BodyLogExtensions
       include ForemanOpenscap::Api::V2::ScapApiControllerExtensions
 
-      before_action :find_resource, :except => %w[index create]
+      def self.bulk_upload_types
+        ['files', 'directory', 'default']
+      end
+
+      before_action :find_resource, :except => %w[index create bulk_upload]
 
       api :GET, '/compliance/scap_contents', N_('List SCAP contents')
       param_group :search_and_pagination, ::Api::V2::BaseController
@@ -61,6 +65,29 @@ module Api::V2
         process_response @scap_content.destroy
       end
 
+      api :POST, '/compliance/scap_contents/bulk_upload', N_('Upload scap contents in bulk')
+      param :type, bulk_upload_types, :required => true, :desc => N_('Type of the upload')
+      param :files, Array, :desc => N_('File paths to upload when using "files" upload type')
+      param :directory, String, :desc => N_('Directory to upload when using "directory" upload type')
+
+      def bulk_upload
+        case params[:type]
+        when 'files'
+          @result = ForemanOpenscap::BulkUpload.new.upload_from_files(params[:files])
+        when 'directory'
+          @result = ForemanOpenscap::BulkUpload.new.upload_from_directory(params[:directory])
+        when 'default'
+          @result = ForemanOpenscap::BulkUpload.new.upload_from_scap_guide
+        else
+          return render :json => {
+            :errors => [
+              _("Please specify import type, received: %{received}, expected one of: %{expected}") %
+                { :expected => self.class.bulk_upload_types.join(', '), :received => params[:type] }
+            ]
+          }, :status => :unprocessable_entity
+        end
+      end
+
       private
 
       def find_resource
@@ -70,6 +97,8 @@ module Api::V2
 
       def action_permission
         case params[:action]
+        when 'bulk_upload'
+          :create
         when 'xml'
           :view
         else

data/app/models/concerns/foreman_openscap/host_extensions.rb

@@ -81,6 +81,11 @@ module ForemanOpenscap
       }
 
       base.send :extend, ClassMethods
+
+      base.apipie :class do
+        property :policies_enc, String, desc: 'Returns JSON string containing policies for the host'
+        property :policies_enc_raw, array_of: Hash, desc: 'Returns a list with key:value objects containing policies for the host'
+      end
     end
 
     def inherited_attributes

data/app/models/foreman_openscap/arf_report.rb

@@ -125,11 +125,9 @@ module ForemanOpenscap
               msg = Log.where(:source_id => src.id).order(:id => :desc).first.message
               update_msg_with_changes(msg, log)
             else
-              digest = Digest::SHA1.hexdigest(log[:title])
-              if (msg = Message.find_by(:digest => digest))
+              if (msg = Message.find_by(:value => log[:title]))
                 msg.attributes = {
                   :value => N_(log[:title]),
-                  :digest => digest,
                   :severity => log[:severity],
                   :description => newline_to_space(log[:description]),
                   :rationale => newline_to_space(log[:rationale]),
@@ -137,7 +135,6 @@ module ForemanOpenscap
                 }
               else
                 msg = Message.new(:value => N_(log[:title]),
-                                  :digest => digest,
                                   :severity => log[:severity],
                                   :description => newline_to_space(log[:description]),
                                   :rationale => newline_to_space(log[:rationale]),
@@ -233,7 +230,6 @@ module ForemanOpenscap
       msg.value = incoming_data['title']
 
       return unless msg.changed?
-      msg.digest = Digest::SHA1.hexdigest(msg.value) if msg.value_changed?
       msg.save
     end
   end

data/app/models/foreman_openscap/compliance_status.rb

@@ -8,6 +8,10 @@ module ForemanOpenscap
       N_('Compliance')
     end
 
+    def status_link
+      host.arf_reports_path(:search => "host = #{host.name}")
+    end
+
     def self.bit_mask(status)
       "#{ArfReport::BIT_NUM * ArfReport::METRIC.index(status)} & #{ArfReport::MAX}"
     end

data/app/models/foreman_openscap/policy.rb

@@ -174,8 +174,14 @@ module ForemanOpenscap
     end
 
     def unassign_hosts(hosts)
-      host_asset_ids = ForemanOpenscap::Asset.where(:assetable_type => 'Host::Base', :assetable_id => hosts.map(&:id)).pluck(:id)
-      self.asset_ids = self.asset_ids - host_asset_ids
+      policy_host_assets = ForemanOpenscap::Asset.joins(:asset_policies).where(
+        :assetable_type => 'Host::Base',
+        :assetable_id => hosts.map(&:id),
+        :foreman_openscap_asset_policies => { :policy_id => id }
+      ).pluck(:id)
+
+      self.asset_ids = self.asset_ids - policy_host_assets
+      ForemanOpenscap::Asset.where(:id => policy_host_assets).destroy_all
     end
 
     def to_enc

data/app/views/api/v2/compliance/scap_contents/bulk_upload.json.rabl

@@ -0,0 +1,7 @@
+object @result
+
+attributes :errors
+
+child :results => :results do
+  extends 'api/v2/compliance/scap_contents/index'
+end

data/config/routes.rb

@@ -64,6 +64,9 @@ Rails.application.routes.draw do
           member do
             get 'xml'
           end
+          collection do
+            post 'bulk_upload'
+          end
         end
         resources :scap_content_profiles, :only => %i[index]
 

data/lib/foreman_openscap/bulk_upload.rb

@@ -1,48 +1,74 @@
 require 'digest/sha2'
+require 'ostruct'
+
 module ForemanOpenscap
   class BulkUpload
-    attr_accessor :from_scap_security_guide
-    def initialize(from_scap_security_guide = false)
-      @from_scap_security_guide = from_scap_security_guide
+    def initialize
+      @result = OpenStruct.new(:errors => [], :results => [])
+    end
+
+    def files_from_guide
+      `rpm -ql scap-security-guide | grep ds.xml`.split
     end
 
-    def generate_scap_default_content
-      return unless @from_scap_security_guide
+    def scap_guide_installed?
+      `rpm -qa | grep scap-security-guide`.present?
+    end
 
-      if `rpm -qa | grep scap-security-guide`.empty?
-        Rails.logger.debug "Can't find scap-security-guide RPM"
-        return
+    def upload_from_scap_guide
+      unless scap_guide_installed?
+        @result.errors.push("Can't find scap-security-guide RPM, are you sure it is installed on your server?")
+        return @result
       end
 
-      files_array = `rpm -ql scap-security-guide | grep ds.xml`.split
-      upload_from_files(files_array) unless files_array.empty?
+      upload_from_files(files_from_guide, true)
     end
 
-    def upload_from_files(files_array)
+    def upload_from_files(files_array, from_scap_guide = false)
+      unless files_array.is_a? Array
+        @result.errors.push("Expected an array of files to upload, got: #{files_array}.")
+        return @result
+      end
+
       files_array.each do |datastream|
+        if File.directory?(datastream)
+          @result.errors.push("#{datastream} is a directory, expecting file.")
+          next
+        end
+
+        unless File.file?(datastream)
+          @result.errors.push("#{datastream} does not exist, skipping.")
+          next
+        end
+
         file = File.open(datastream, 'rb').read
         digest = Digest::SHA2.hexdigest(datastream)
-        title = content_name(datastream)
+        title = content_name(datastream, from_scap_guide)
         filename = original_filename(datastream)
         scap_content = ScapContent.where(:title => title, :digest => digest).first_or_initialize
         next if scap_content.persisted?
         scap_content.scap_file = file
         scap_content.original_filename = filename
-        scap_content.location_ids = Location.all.map(&:id) if SETTINGS[:locations_enabled]
-        scap_content.organization_ids = Organization.all.map(&:id) if SETTINGS[:organizations_enabled]
+        scap_content.location_ids = Location.all.map(&:id)
+        scap_content.organization_ids = Organization.all.map(&:id)
 
-        next puts "## SCAP content is invalid: #{scap_content.errors.full_messages.uniq.join(',')} ##" unless scap_content.valid?
         if scap_content.save
-          puts "Saved #{datastream} as #{scap_content.title}"
+          @result.results.push(scap_content)
         else
-          puts "Failed saving #{datastream}"
+          @result.errors.push("Failed saving #{datastream}: #{scap_content.errors.full_messages.uniq.join(',')}")
         end
       end
+      @result
     end
 
     def upload_from_directory(directory_path)
+      unless directory_path && Dir.exist?(directory_path)
+        @result[:errors].push("No such directory: #{directory_path}. Please check the path you have provided.")
+        return @result
+      end
+
       files_array = Dir["#{directory_path}/*-ds.xml"]
-      upload_from_files(files_array) unless files_array.empty?
+      upload_from_files(files_array)
     end
 
     private
@@ -57,9 +83,9 @@ module ForemanOpenscap
       file.split('/').last
     end
 
-    def content_name(datastream)
+    def content_name(datastream, from_scap_guide)
       os_name = extract_name_from_file(datastream)
-      @from_scap_security_guide ? "Red Hat #{os_name} default content" : "#{os_name} content"
+      from_scap_guide ? "Red Hat #{os_name} default content" : "#{os_name} content"
     end
   end
 end

data/lib/foreman_openscap/engine.rb

@@ -92,7 +92,7 @@ module ForemanOpenscap
                                             'api/v2/compliance/scap_contents' => [:update] },
                      :resource_type => 'ForemanOpenscap::ScapContent'
           permission :create_scap_contents, { :scap_contents => %i[new create],
-                                              'api/v2/compliance/scap_contents' => [:create] },
+                                              'api/v2/compliance/scap_contents' => %i[create bulk_upload] },
                      :resource_type => 'ForemanOpenscap::ScapContent'
           permission :destroy_scap_contents, { :scap_contents => [:destroy],
                                                'api/v2/compliance/scap_contents' => [:destroy] },

data/lib/foreman_openscap/version.rb

@@ -1,3 +1,3 @@
 module ForemanOpenscap
-  VERSION = "4.0.6".freeze
+  VERSION = "4.1.0".freeze
 end

data/lib/tasks/foreman_openscap_tasks.rake

@@ -6,23 +6,26 @@ namespace :foreman_openscap do
   namespace :bulk_upload do
     desc 'Bulk upload SCAP content from directory'
     task :directory, [:directory] => [:environment] do |task, args|
+      deprecate_upload_from_rake
       abort("# No such directory, please check the path you have provided. #") unless args[:directory].blank? || Dir.exist?(args[:directory])
       User.current = User.anonymous_admin
-      ForemanOpenscap::BulkUpload.new.upload_from_directory(args[:directory])
+      print_upload_result ForemanOpenscap::BulkUpload.new.upload_from_directory(args[:directory])
     end
 
     task :files, [:files] => [:environment] do |task, args|
+      deprecate_upload_from_rake
       files_array = args[:files].split(' ')
       files_array.each do |file|
         abort("# #{file} is a directory, expecting file. Try using 'rake foreman_openscap:bulk_upload:directory' with this directory. #") if File.directory?(file)
       end
       User.current = User.anonymous_admin
-      ForemanOpenscap::BulkUpload.new.upload_from_files(files_array)
+      print_upload_result ForemanOpenscap::BulkUpload.new.upload_from_files(files_array)
     end
 
     task :default => [:environment] do
+      deprecate_upload_from_rake
       User.current = User.anonymous_admin
-      ForemanOpenscap::BulkUpload.new(true).generate_scap_default_content
+      print_upload_result ForemanOpenscap::BulkUpload.new.upload_from_scap_guide
     end
   end
 
@@ -67,6 +70,15 @@ namespace :foreman_openscap do
   end
 end
 
+def deprecate_upload_from_rake
+  puts 'DEPRECATION WARNING: Uploading scap contents using rake task is deprecated and will be removed in a future version. Please use API or CLI.'
+end
+
+def print_upload_result(result)
+  puts result.errors.join(' ') if result.errors.present?
+  puts result.results.map { |sc| "Saved #{sc.original_filename} as #{sc.title}" }.join("\n") if result.results.present?
+end
+
 # Tests
 namespace :test do
   desc "Test ForemanOpenscap"

data/test/factories/compliance_log_factory.rb

@@ -9,15 +9,9 @@ FactoryBot.define do
 
   factory :compliance_message, :class => :message do
     sequence(:value) { |n| "message#{n}" }
-    after(:build) do |msg|
-      msg.digest = Digest::SHA1.hexdigest(msg.value)
-    end
   end
 
   factory :compliance_source, :class => :source do
     sequence(:value) { |n| "source#{n}" }
-    after(:build) do |source|
-      source.digest = Digest::SHA1.hexdigest(source.value)
-    end
   end
 end

data/test/functional/api/v2/compliance/arf_reports_controller_test.rb

@@ -139,7 +139,7 @@ class Api::V2::Compliance::ArfReportsControllerTest < ActionController::TestCase
                                      :date => dates[1].to_i,
                                      :openscap_proxy_name => @proxy.name),
          :session => set_session_user
-    assert_equal Message.where(:digest => ForemanOpenscap::ArfReport.unscoped.last.logs.first.message.digest).count, 1
+    assert_equal Message.where(:value => ForemanOpenscap::ArfReport.unscoped.last.logs.first.message.value).count, 1
   end
 
   test "should recognize changes in messages" do
@@ -187,12 +187,12 @@ class Api::V2::Compliance::ArfReportsControllerTest < ActionController::TestCase
 
     reports = ForemanOpenscap::ArfReport.unscoped.all
     assert_equal reports.count, 2
-
-    new_msgs = Message.where(:value => "Disable Firefox Configuration File ROT-13 Encoding Changed For Test")
+    msg_value = "Disable Firefox Configuration File ROT-13 Encoding Changed For Test"
+    new_msgs = Message.where(:value => msg_value)
     old_msgs = Message.where(:value => "Disable Firefox Configuration File ROT-13 Encoding")
     assert_equal new_msgs.count, 1
     assert_equal old_msgs.count, 0
-    assert_equal new_msgs.first.digest, Digest::SHA1.hexdigest("Disable Firefox Configuration File ROT-13 Encoding Changed For Test")
+    assert_equal new_msgs.first.value, msg_value
   end
 
   test "should find reports by policy name" do

data/test/lib/foreman_openscap/bulk_upload_test.rb

@@ -3,6 +3,7 @@ require 'test_plugin_helper'
 class BulkUploadTest < ActiveSupport::TestCase
   setup do
     require 'foreman_openscap/bulk_upload'
+    ForemanOpenscap::ScapContent.all.map(&:destroy)
   end
 
   test 'upload_from_files should create only one scap content' do
@@ -13,4 +14,51 @@ class BulkUploadTest < ActiveSupport::TestCase
       end
     end
   end
+
+  test 'upload_from_files should not crash when scap files are not array' do
+    scap_files = '/tmp/foo'
+    res = ForemanOpenscap::BulkUpload.new.upload_from_files(scap_files)
+    assert_equal "Expected an array of files to upload, got: #{scap_files}.", res.errors.first
+  end
+
+  test 'upload_from_files should skip directories' do
+    dir = "#{ForemanOpenscap::Engine.root}/test/files/scap_contents"
+    res = ForemanOpenscap::BulkUpload.new.upload_from_files([dir])
+    assert_equal "#{dir} is a directory, expecting file.", res.errors.first
+  end
+
+  test 'upload_from_files should skip files that does not exist' do
+    file = "#{ForemanOpenscap::Engine.root}/test/files/scap_contents/foo-ds.xml"
+    res = ForemanOpenscap::BulkUpload.new.upload_from_files([file])
+    assert_equal "#{file} does not exist, skipping.", res.errors.first
+  end
+
+  test 'upload_from_directory should check if directory exists' do
+    dir = "#{ForemanOpenscap::Engine.root}/test/files/scap_contents/foo"
+    res = ForemanOpenscap::BulkUpload.new.upload_from_directory(dir)
+    assert_equal "No such directory: #{dir}. Please check the path you have provided.", res.errors.first
+  end
+
+  test 'upload_from_directory should upload from directory' do
+    dir = "#{ForemanOpenscap::Engine.root}/test/files/scap_contents"
+    assert_difference('ForemanOpenscap::ScapContent.count', 1) do
+      ForemanOpenscap::BulkUpload.new.upload_from_directory(dir)
+    end
+  end
+
+  test 'should handle case when scap security guide is not installed' do
+    upload = ForemanOpenscap::BulkUpload.new
+    upload.stubs(:scap_guide_installed?).returns(false)
+    res = upload.upload_from_scap_guide
+    assert_equal "Can't find scap-security-guide RPM, are you sure it is installed on your server?", res.errors.first
+  end
+
+  test 'should upload files from guide' do
+    upload = ForemanOpenscap::BulkUpload.new
+    upload.stubs(:scap_guide_installed?).returns(true)
+    upload.stubs(:files_from_guide).returns(["#{ForemanOpenscap::Engine.root}/test/files/scap_contents/ssg-fedora-ds.xml"])
+    assert_difference('ForemanOpenscap::ScapContent.count', 1) do
+      upload.upload_from_scap_guide
+    end
+  end
 end

data/test/test_plugin_helper.rb

@@ -11,9 +11,9 @@ module ScapClientPuppetclass
     Puppetclass.find_by(:name => puppet_config.puppetclass_name)&.destroy
 
     puppet_class = FactoryBot.create(:puppetclass, :name => puppet_config.puppetclass_name)
-    server_param = FactoryBot.create(:puppetclass_lookup_key, :key => puppet_config.server_param, :puppetclass_id => puppet_class.id)
-    port_param = FactoryBot.create(:puppetclass_lookup_key, :key => puppet_config.port_param, :puppetclass_id => puppet_class.id)
-    policies_param = FactoryBot.create(:puppetclass_lookup_key, :key => puppet_config.policies_param, :puppetclass_id => puppet_class.id)
+    server_param = FactoryBot.create(:puppetclass_lookup_key, :key => puppet_config.server_param, :default_value => nil)
+    port_param = FactoryBot.create(:puppetclass_lookup_key, :key => puppet_config.port_param, :default_value => nil)
+    policies_param = FactoryBot.create(:puppetclass_lookup_key, :key => puppet_config.policies_param, :default_value => nil)
 
     env = FactoryBot.create :environment
 

data/test/unit/policy_test.rb

@@ -46,6 +46,30 @@ class PolicyTest < ActiveSupport::TestCase
     assert_equal 1, policy.hosts.count
   end
 
+  test "should delete assets when unassigning hosts" do
+    host1 = FactoryBot.create(:compliance_host)
+    host2 = FactoryBot.create(:compliance_host)
+    asset1 = FactoryBot.create(:asset, :assetable_id => host1.id, :assetable_type => 'Host::Base')
+    asset2 = FactoryBot.create(:asset, :assetable_id => host2.id, :assetable_type => 'Host::Base')
+    policy = FactoryBot.create(:policy, :assets => [asset1, asset2], :scap_content => @scap_content, :scap_content_profile => @scap_profile)
+    policy.unassign_hosts([host1, host2])
+
+    assert_nil ForemanOpenscap::Asset.find_by(:id => asset1.id)
+    assert_nil ForemanOpenscap::Asset.find_by(:id => asset2.id)
+  end
+
+  test "should delete assets only for selected policy when unassigning host" do
+    host1 = FactoryBot.create(:compliance_host)
+    asset1 = FactoryBot.create(:asset, :assetable_id => host1.id, :assetable_type => 'Host::Base')
+    asset2 = FactoryBot.create(:asset, :assetable_id => host1.id, :assetable_type => 'Host::Base')
+    policy1 = FactoryBot.create(:policy, :assets => [asset1], :scap_content => @scap_content, :scap_content_profile => @scap_profile)
+    policy2 = FactoryBot.create(:policy, :assets => [asset2], :scap_content => @scap_content, :scap_content_profile => @scap_profile)
+    policy1.unassign_hosts([host1])
+
+    assert_nil ForemanOpenscap::Asset.find_by(:id => asset1.id)
+    assert_not_nil ForemanOpenscap::Asset.find_by(:id => asset2.id)
+  end
+
   test "should remove associated hostgroup" do
     hg = FactoryBot.create(:hostgroup)
     asset = FactoryBot.create(:asset, :assetable_id => hg.id, :assetable_type => 'Hostgroup')

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: foreman_openscap
 version: !ruby/object:Gem::Version
-  version: 4.0.6
+  version: 4.1.0
 platform: ruby
 authors:
 - slukasik@redhat.com
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-18 00:00:00.000000000 Z
+date: 2020-11-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -130,6 +130,7 @@ files:
 - app/views/api/v2/compliance/scap_content_profiles/index.json.rabl
 - app/views/api/v2/compliance/scap_content_profiles/main.json.rabl
 - app/views/api/v2/compliance/scap_contents/base.json.rabl
+- app/views/api/v2/compliance/scap_contents/bulk_upload.json.rabl
 - app/views/api/v2/compliance/scap_contents/create.json.rabl
 - app/views/api/v2/compliance/scap_contents/index.json.rabl
 - app/views/api/v2/compliance/scap_contents/main.json.rabl
@@ -245,7 +246,6 @@ files:
 - db/migrate/20190103093409_add_deployment_option_to_policy.foreman_openscap.rb
 - db/migrate/20200117135424_migrate_port_overrides_to_int.rb
 - db/migrate/20200803065041_migrate_port_overrides_for_ansible.rb
-- db/migrate/20201202110213_update_puppet_port_param_type.rb
 - db/seeds.d/75-job_templates.rb
 - db/seeds.d/openscap_feature.rb
 - db/seeds.d/openscap_policy_notification.rb

data/db/migrate/20201202110213_update_puppet_port_param_type.rb

@@ -1,24 +0,0 @@
-class UpdatePuppetPortParamType < ActiveRecord::Migration[6.0]
-  def up
-    update_port_type :to_i
-  end
-
-  def down
-    update_port_type :to_s
-  end
-
-  private
-
-  def update_port_type(method)
-    puppet_class = Puppetclass.find_by :name => 'foreman_scap_client'
-    return unless puppet_class
-    port_key = puppet_class.class_params.find_by :key => 'port'
-    return unless port_key
-
-    if method == :to_i
-      port_key.update_columns(:key_type => "integer", :default_value => port_key.default_value.to_i)
-    else
-      port_key.update_columns(:key_type => "string", :default_value => port_key.default_value.to_s)
-    end
-  end
-end