smart_proxy_openscap 0.3.1 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/smart_proxy_openscap/openscap_api.rb +1 -12
- data/lib/smart_proxy_openscap/openscap_lib.rb +2 -56
- data/lib/smart_proxy_openscap/openscap_plugin.rb +1 -2
- data/lib/smart_proxy_openscap/openscap_version.rb +2 -2
- data/settings.d/openscap.yml.example +0 -4
- metadata +2 -3
- data/lib/smart_proxy_openscap/openscap_exception.rb +0 -20
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e2d3e917fd247cee23a8752c368a63c557bf35ed
|
4
|
+
data.tar.gz: 06c6dd924478a4708c0a5f93325e6b0692cae444
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 72f165b675321bea26b01215722d1309269f1038242b7204f09fa3dace8e602cf6b2b961435fa3a546bb0cb312c320025b48b3bc521a6b185248769d9a7f29e7
|
7
|
+
data.tar.gz: 8a9c96d17704f853f34b7c6a9f05a0a900c690ea39558ab4f449dbdb33386ce2a27cc081dc92b2ee07a16cb5ba45f1811349e2a69fea85fb6b1ab1a8adcdad99
|
@@ -14,7 +14,7 @@ module Proxy::OpenSCAP
|
|
14
14
|
class Api < ::Sinatra::Base
|
15
15
|
include ::Proxy::Log
|
16
16
|
helpers ::Proxy::Helpers
|
17
|
-
|
17
|
+
authorize_with_ssl_client
|
18
18
|
|
19
19
|
put "/arf/:policy" do
|
20
20
|
# first let's verify client's certificate
|
@@ -43,16 +43,5 @@ module Proxy::OpenSCAP
|
|
43
43
|
|
44
44
|
{"created" => true}.to_json
|
45
45
|
end
|
46
|
-
|
47
|
-
get "/policies/:policy_id/content" do
|
48
|
-
content_type 'application/xml'
|
49
|
-
begin
|
50
|
-
Proxy::OpenSCAP::get_policy_content(params[:policy_id])
|
51
|
-
rescue OpenSCAPException => e
|
52
|
-
log_halt e.http_code, "Error fetching xml file: #{e.message}"
|
53
|
-
rescue StandardError => e
|
54
|
-
log_halt 500, "Error occurred: #{e.message}"
|
55
|
-
end
|
56
|
-
end
|
57
46
|
end
|
58
47
|
end
|
@@ -13,29 +13,10 @@ require 'fileutils'
|
|
13
13
|
require 'json'
|
14
14
|
require 'proxy/error'
|
15
15
|
require 'proxy/request'
|
16
|
-
require 'smart_proxy_openscap/openscap_exception'
|
17
16
|
|
18
17
|
module Proxy::OpenSCAP
|
19
18
|
extend ::Proxy::Log
|
20
19
|
|
21
|
-
def self.get_policy_content(policy_id)
|
22
|
-
policy_store_dir = File.join(Proxy::OpenSCAP::Plugin.settings.contentdir, policy_id.to_s)
|
23
|
-
policy_scap_file = File.join(policy_store_dir, "#{policy_id}_scap_content.xml")
|
24
|
-
begin
|
25
|
-
FileUtils.mkdir_p(policy_store_dir) # will fail silently if exists
|
26
|
-
rescue Errno::EACCES => e
|
27
|
-
logger.error "No permission to create directory #{policy_store_dir}"
|
28
|
-
raise e
|
29
|
-
rescue StandardError => e
|
30
|
-
logger.error "Could not create '#{policy_store_dir}' directory: #{e.message}"
|
31
|
-
raise e
|
32
|
-
end
|
33
|
-
|
34
|
-
scap_file = policy_content_file(policy_scap_file)
|
35
|
-
scap_file ||= save_or_serve_scap_file(policy_id, policy_scap_file)
|
36
|
-
scap_file
|
37
|
-
end
|
38
|
-
|
39
20
|
def self.common_name(request)
|
40
21
|
client_cert = request.env['SSL_CLIENT_CERT']
|
41
22
|
raise Proxy::Error::Unauthorized, "Client certificate required!" if client_cert.to_s.empty?
|
@@ -84,42 +65,6 @@ module Proxy::OpenSCAP
|
|
84
65
|
end
|
85
66
|
end
|
86
67
|
|
87
|
-
def self.fetch_scap_content_xml(policy_id, policy_scap_file)
|
88
|
-
foreman_request = Proxy::HttpRequest::ForemanRequest.new
|
89
|
-
policy_content_path = "/api/v2/compliance/policies/#{policy_id}/content"
|
90
|
-
req = foreman_request.request_factory.create_get(policy_content_path)
|
91
|
-
response = foreman_request.send_request(req)
|
92
|
-
unless response.is_a? Net::HTTPSuccess
|
93
|
-
raise OpenSCAPException.new(response)
|
94
|
-
end
|
95
|
-
response.body
|
96
|
-
end
|
97
|
-
|
98
|
-
|
99
|
-
def self.policy_content_file(policy_scap_file)
|
100
|
-
return nil if !File.file?(policy_scap_file) || File.zero?(policy_scap_file)
|
101
|
-
File.open(policy_scap_file, 'rb').read
|
102
|
-
end
|
103
|
-
|
104
|
-
def self.save_or_serve_scap_file(policy_id, policy_scap_file)
|
105
|
-
lock = Proxy::HttpDownloads.try_locking(policy_scap_file)
|
106
|
-
response = fetch_scap_content_xml(policy_id, policy_scap_file)
|
107
|
-
if lock.nil?
|
108
|
-
return response
|
109
|
-
else
|
110
|
-
begin
|
111
|
-
File.open(policy_scap_file, 'wb') do |file|
|
112
|
-
file << response
|
113
|
-
end
|
114
|
-
ensure
|
115
|
-
Proxy::HttpDownloads.unlock(lock)
|
116
|
-
end
|
117
|
-
scap_file = policy_content_file(policy_scap_file)
|
118
|
-
raise FileNotFound if scap_file.nil?
|
119
|
-
return scap_file
|
120
|
-
end
|
121
|
-
end
|
122
|
-
|
123
68
|
class ForemanForwarder < Proxy::HttpRequest::ForemanRequest
|
124
69
|
def do(arf_dir)
|
125
70
|
Dir.foreach(arf_dir) { |cname|
|
@@ -171,10 +116,11 @@ module Proxy::OpenSCAP
|
|
171
116
|
begin
|
172
117
|
data = File.read(arf_file_path)
|
173
118
|
response = send_request(foreman_api_path, data)
|
174
|
-
# Raise an HTTP error if the response is not 2xx (success).
|
175
119
|
response.value
|
120
|
+
raise StandardError, "Received #{response.code}: #{response.message}" unless response.code.to_i == 200
|
176
121
|
res = JSON.parse(response.body)
|
177
122
|
raise StandardError, "Received result: #{res['result']}" unless res['result'] == 'OK'
|
123
|
+
raise StandardError, "Sent bytes: #{data.length}, but foreman received: #{res['received']}" unless data.length == res['received']
|
178
124
|
File.delete arf_file_path
|
179
125
|
rescue StandardError => e
|
180
126
|
logger.debug response.body if response
|
@@ -18,7 +18,6 @@ module Proxy::OpenSCAP
|
|
18
18
|
https_rackup_path File.expand_path("http_config.ru", File.expand_path("../", __FILE__))
|
19
19
|
|
20
20
|
default_settings :spooldir => '/var/spool/foreman-proxy/openscap',
|
21
|
-
:openscap_send_log_file => '
|
22
|
-
:contentdir => 'openscap/content'
|
21
|
+
:openscap_send_log_file => '/var/log/foreman-proxy/openscap-send.log'
|
23
22
|
end
|
24
23
|
end
|
@@ -1,5 +1,5 @@
|
|
1
1
|
#
|
2
|
-
# Copyright (c) 2014
|
2
|
+
# Copyright (c) 2014 Red Hat Inc.
|
3
3
|
#
|
4
4
|
# This software is licensed to you under the GNU General Public License,
|
5
5
|
# version 3 (GPLv3). There is NO WARRANTY for this software, express or
|
@@ -10,6 +10,6 @@
|
|
10
10
|
|
11
11
|
module Proxy
|
12
12
|
module OpenSCAP
|
13
|
-
VERSION = '0.
|
13
|
+
VERSION = '0.4.0'
|
14
14
|
end
|
15
15
|
end
|
@@ -7,7 +7,3 @@
|
|
7
7
|
# Directory where OpenSCAP audits are stored
|
8
8
|
# before they are forwarded to Foreman
|
9
9
|
#:spooldir: /var/spool/foreman-proxy/openscap
|
10
|
-
|
11
|
-
# Directory where OpenSCAP content XML are stored
|
12
|
-
# So we will not request the XML from Foreman each time
|
13
|
-
#:contentdir: /var/lib/openscap/content
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: smart_proxy_openscap
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- "Šimon Lukašík"
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-03-25 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: |-
|
14
14
|
A plug-in to the Foreman's smart-proxy which receives
|
@@ -28,7 +28,6 @@ files:
|
|
28
28
|
- lib/smart_proxy_openscap.rb
|
29
29
|
- lib/smart_proxy_openscap/http_config.ru
|
30
30
|
- lib/smart_proxy_openscap/openscap_api.rb
|
31
|
-
- lib/smart_proxy_openscap/openscap_exception.rb
|
32
31
|
- lib/smart_proxy_openscap/openscap_lib.rb
|
33
32
|
- lib/smart_proxy_openscap/openscap_plugin.rb
|
34
33
|
- lib/smart_proxy_openscap/openscap_version.rb
|
@@ -1,20 +0,0 @@
|
|
1
|
-
module Proxy::OpenSCAP
|
2
|
-
class OpenSCAPException < Exception
|
3
|
-
attr_accessor :response
|
4
|
-
attr_accessor :message
|
5
|
-
def initialize(response = nil)
|
6
|
-
@response = response
|
7
|
-
@message = response.message if response
|
8
|
-
end
|
9
|
-
|
10
|
-
def http_code
|
11
|
-
@response.code || 500
|
12
|
-
end
|
13
|
-
|
14
|
-
def http_body
|
15
|
-
@response.body if @response
|
16
|
-
end
|
17
|
-
end
|
18
|
-
|
19
|
-
class FileNotFound < StandardError; end
|
20
|
-
end
|