smart_proxy_openscap 0.3.1 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: eba9e5346ce33339c77df129260e227b806cffbf
4
- data.tar.gz: 7ee409ced62aca3253f700e10eecac2f69558dde
3
+ metadata.gz: e2d3e917fd247cee23a8752c368a63c557bf35ed
4
+ data.tar.gz: 06c6dd924478a4708c0a5f93325e6b0692cae444
5
5
  SHA512:
6
- metadata.gz: ffd1259c6fddf38830fbb757d41b0255bfd3a31dac90eb95da39077754e520df7734da4c4d34d165826cc5f754a4d5895deeaf23af3e01d952a2072b3e9e469b
7
- data.tar.gz: d2290459e3c99040ddb098ea0a1a0f714f052914e132020218b6b7a6b84d493dc71bd205bfe1a4508337caa2e35bfce1ae9e991d9c1da9d855c102c26927ca8c
6
+ metadata.gz: 72f165b675321bea26b01215722d1309269f1038242b7204f09fa3dace8e602cf6b2b961435fa3a546bb0cb312c320025b48b3bc521a6b185248769d9a7f29e7
7
+ data.tar.gz: 8a9c96d17704f853f34b7c6a9f05a0a900c690ea39558ab4f449dbdb33386ce2a27cc081dc92b2ee07a16cb5ba45f1811349e2a69fea85fb6b1ab1a8adcdad99
@@ -14,7 +14,7 @@ module Proxy::OpenSCAP
14
14
  class Api < ::Sinatra::Base
15
15
  include ::Proxy::Log
16
16
  helpers ::Proxy::Helpers
17
- authorize_with_trusted_hosts
17
+ authorize_with_ssl_client
18
18
 
19
19
  put "/arf/:policy" do
20
20
  # first let's verify client's certificate
@@ -43,16 +43,5 @@ module Proxy::OpenSCAP
43
43
 
44
44
  {"created" => true}.to_json
45
45
  end
46
-
47
- get "/policies/:policy_id/content" do
48
- content_type 'application/xml'
49
- begin
50
- Proxy::OpenSCAP::get_policy_content(params[:policy_id])
51
- rescue OpenSCAPException => e
52
- log_halt e.http_code, "Error fetching xml file: #{e.message}"
53
- rescue StandardError => e
54
- log_halt 500, "Error occurred: #{e.message}"
55
- end
56
- end
57
46
  end
58
47
  end
@@ -13,29 +13,10 @@ require 'fileutils'
13
13
  require 'json'
14
14
  require 'proxy/error'
15
15
  require 'proxy/request'
16
- require 'smart_proxy_openscap/openscap_exception'
17
16
 
18
17
  module Proxy::OpenSCAP
19
18
  extend ::Proxy::Log
20
19
 
21
- def self.get_policy_content(policy_id)
22
- policy_store_dir = File.join(Proxy::OpenSCAP::Plugin.settings.contentdir, policy_id.to_s)
23
- policy_scap_file = File.join(policy_store_dir, "#{policy_id}_scap_content.xml")
24
- begin
25
- FileUtils.mkdir_p(policy_store_dir) # will fail silently if exists
26
- rescue Errno::EACCES => e
27
- logger.error "No permission to create directory #{policy_store_dir}"
28
- raise e
29
- rescue StandardError => e
30
- logger.error "Could not create '#{policy_store_dir}' directory: #{e.message}"
31
- raise e
32
- end
33
-
34
- scap_file = policy_content_file(policy_scap_file)
35
- scap_file ||= save_or_serve_scap_file(policy_id, policy_scap_file)
36
- scap_file
37
- end
38
-
39
20
  def self.common_name(request)
40
21
  client_cert = request.env['SSL_CLIENT_CERT']
41
22
  raise Proxy::Error::Unauthorized, "Client certificate required!" if client_cert.to_s.empty?
@@ -84,42 +65,6 @@ module Proxy::OpenSCAP
84
65
  end
85
66
  end
86
67
 
87
- def self.fetch_scap_content_xml(policy_id, policy_scap_file)
88
- foreman_request = Proxy::HttpRequest::ForemanRequest.new
89
- policy_content_path = "/api/v2/compliance/policies/#{policy_id}/content"
90
- req = foreman_request.request_factory.create_get(policy_content_path)
91
- response = foreman_request.send_request(req)
92
- unless response.is_a? Net::HTTPSuccess
93
- raise OpenSCAPException.new(response)
94
- end
95
- response.body
96
- end
97
-
98
-
99
- def self.policy_content_file(policy_scap_file)
100
- return nil if !File.file?(policy_scap_file) || File.zero?(policy_scap_file)
101
- File.open(policy_scap_file, 'rb').read
102
- end
103
-
104
- def self.save_or_serve_scap_file(policy_id, policy_scap_file)
105
- lock = Proxy::HttpDownloads.try_locking(policy_scap_file)
106
- response = fetch_scap_content_xml(policy_id, policy_scap_file)
107
- if lock.nil?
108
- return response
109
- else
110
- begin
111
- File.open(policy_scap_file, 'wb') do |file|
112
- file << response
113
- end
114
- ensure
115
- Proxy::HttpDownloads.unlock(lock)
116
- end
117
- scap_file = policy_content_file(policy_scap_file)
118
- raise FileNotFound if scap_file.nil?
119
- return scap_file
120
- end
121
- end
122
-
123
68
  class ForemanForwarder < Proxy::HttpRequest::ForemanRequest
124
69
  def do(arf_dir)
125
70
  Dir.foreach(arf_dir) { |cname|
@@ -171,10 +116,11 @@ module Proxy::OpenSCAP
171
116
  begin
172
117
  data = File.read(arf_file_path)
173
118
  response = send_request(foreman_api_path, data)
174
- # Raise an HTTP error if the response is not 2xx (success).
175
119
  response.value
120
+ raise StandardError, "Received #{response.code}: #{response.message}" unless response.code.to_i == 200
176
121
  res = JSON.parse(response.body)
177
122
  raise StandardError, "Received result: #{res['result']}" unless res['result'] == 'OK'
123
+ raise StandardError, "Sent bytes: #{data.length}, but foreman received: #{res['received']}" unless data.length == res['received']
178
124
  File.delete arf_file_path
179
125
  rescue StandardError => e
180
126
  logger.debug response.body if response
@@ -18,7 +18,6 @@ module Proxy::OpenSCAP
18
18
  https_rackup_path File.expand_path("http_config.ru", File.expand_path("../", __FILE__))
19
19
 
20
20
  default_settings :spooldir => '/var/spool/foreman-proxy/openscap',
21
- :openscap_send_log_file => 'logs/openscap-send.log',
22
- :contentdir => 'openscap/content'
21
+ :openscap_send_log_file => '/var/log/foreman-proxy/openscap-send.log'
23
22
  end
24
23
  end
@@ -1,5 +1,5 @@
1
1
  #
2
- # Copyright (c) 2014--2015 Red Hat Inc.
2
+ # Copyright (c) 2014 Red Hat Inc.
3
3
  #
4
4
  # This software is licensed to you under the GNU General Public License,
5
5
  # version 3 (GPLv3). There is NO WARRANTY for this software, express or
@@ -10,6 +10,6 @@
10
10
 
11
11
  module Proxy
12
12
  module OpenSCAP
13
- VERSION = '0.3.1'
13
+ VERSION = '0.4.0'
14
14
  end
15
15
  end
@@ -7,7 +7,3 @@
7
7
  # Directory where OpenSCAP audits are stored
8
8
  # before they are forwarded to Foreman
9
9
  #:spooldir: /var/spool/foreman-proxy/openscap
10
-
11
- # Directory where OpenSCAP content XML are stored
12
- # So we will not request the XML from Foreman each time
13
- #:contentdir: /var/lib/openscap/content
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: smart_proxy_openscap
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.1
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - "Šimon Lukašík"
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-05-07 00:00:00.000000000 Z
11
+ date: 2015-03-25 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: |-
14
14
  A plug-in to the Foreman's smart-proxy which receives
@@ -28,7 +28,6 @@ files:
28
28
  - lib/smart_proxy_openscap.rb
29
29
  - lib/smart_proxy_openscap/http_config.ru
30
30
  - lib/smart_proxy_openscap/openscap_api.rb
31
- - lib/smart_proxy_openscap/openscap_exception.rb
32
31
  - lib/smart_proxy_openscap/openscap_lib.rb
33
32
  - lib/smart_proxy_openscap/openscap_plugin.rb
34
33
  - lib/smart_proxy_openscap/openscap_version.rb
@@ -1,20 +0,0 @@
1
- module Proxy::OpenSCAP
2
- class OpenSCAPException < Exception
3
- attr_accessor :response
4
- attr_accessor :message
5
- def initialize(response = nil)
6
- @response = response
7
- @message = response.message if response
8
- end
9
-
10
- def http_code
11
- @response.code || 500
12
- end
13
-
14
- def http_body
15
- @response.body if @response
16
- end
17
- end
18
-
19
- class FileNotFound < StandardError; end
20
- end