smart_proxy_openscap 0.3.1 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: eba9e5346ce33339c77df129260e227b806cffbf
4
- data.tar.gz: 7ee409ced62aca3253f700e10eecac2f69558dde
3
+ metadata.gz: e2d3e917fd247cee23a8752c368a63c557bf35ed
4
+ data.tar.gz: 06c6dd924478a4708c0a5f93325e6b0692cae444
5
5
  SHA512:
6
- metadata.gz: ffd1259c6fddf38830fbb757d41b0255bfd3a31dac90eb95da39077754e520df7734da4c4d34d165826cc5f754a4d5895deeaf23af3e01d952a2072b3e9e469b
7
- data.tar.gz: d2290459e3c99040ddb098ea0a1a0f714f052914e132020218b6b7a6b84d493dc71bd205bfe1a4508337caa2e35bfce1ae9e991d9c1da9d855c102c26927ca8c
6
+ metadata.gz: 72f165b675321bea26b01215722d1309269f1038242b7204f09fa3dace8e602cf6b2b961435fa3a546bb0cb312c320025b48b3bc521a6b185248769d9a7f29e7
7
+ data.tar.gz: 8a9c96d17704f853f34b7c6a9f05a0a900c690ea39558ab4f449dbdb33386ce2a27cc081dc92b2ee07a16cb5ba45f1811349e2a69fea85fb6b1ab1a8adcdad99
@@ -14,7 +14,7 @@ module Proxy::OpenSCAP
14
14
  class Api < ::Sinatra::Base
15
15
  include ::Proxy::Log
16
16
  helpers ::Proxy::Helpers
17
- authorize_with_trusted_hosts
17
+ authorize_with_ssl_client
18
18
 
19
19
  put "/arf/:policy" do
20
20
  # first let's verify client's certificate
@@ -43,16 +43,5 @@ module Proxy::OpenSCAP
43
43
 
44
44
  {"created" => true}.to_json
45
45
  end
46
-
47
- get "/policies/:policy_id/content" do
48
- content_type 'application/xml'
49
- begin
50
- Proxy::OpenSCAP::get_policy_content(params[:policy_id])
51
- rescue OpenSCAPException => e
52
- log_halt e.http_code, "Error fetching xml file: #{e.message}"
53
- rescue StandardError => e
54
- log_halt 500, "Error occurred: #{e.message}"
55
- end
56
- end
57
46
  end
58
47
  end
@@ -13,29 +13,10 @@ require 'fileutils'
13
13
  require 'json'
14
14
  require 'proxy/error'
15
15
  require 'proxy/request'
16
- require 'smart_proxy_openscap/openscap_exception'
17
16
 
18
17
  module Proxy::OpenSCAP
19
18
  extend ::Proxy::Log
20
19
 
21
- def self.get_policy_content(policy_id)
22
- policy_store_dir = File.join(Proxy::OpenSCAP::Plugin.settings.contentdir, policy_id.to_s)
23
- policy_scap_file = File.join(policy_store_dir, "#{policy_id}_scap_content.xml")
24
- begin
25
- FileUtils.mkdir_p(policy_store_dir) # will fail silently if exists
26
- rescue Errno::EACCES => e
27
- logger.error "No permission to create directory #{policy_store_dir}"
28
- raise e
29
- rescue StandardError => e
30
- logger.error "Could not create '#{policy_store_dir}' directory: #{e.message}"
31
- raise e
32
- end
33
-
34
- scap_file = policy_content_file(policy_scap_file)
35
- scap_file ||= save_or_serve_scap_file(policy_id, policy_scap_file)
36
- scap_file
37
- end
38
-
39
20
  def self.common_name(request)
40
21
  client_cert = request.env['SSL_CLIENT_CERT']
41
22
  raise Proxy::Error::Unauthorized, "Client certificate required!" if client_cert.to_s.empty?
@@ -84,42 +65,6 @@ module Proxy::OpenSCAP
84
65
  end
85
66
  end
86
67
 
87
- def self.fetch_scap_content_xml(policy_id, policy_scap_file)
88
- foreman_request = Proxy::HttpRequest::ForemanRequest.new
89
- policy_content_path = "/api/v2/compliance/policies/#{policy_id}/content"
90
- req = foreman_request.request_factory.create_get(policy_content_path)
91
- response = foreman_request.send_request(req)
92
- unless response.is_a? Net::HTTPSuccess
93
- raise OpenSCAPException.new(response)
94
- end
95
- response.body
96
- end
97
-
98
-
99
- def self.policy_content_file(policy_scap_file)
100
- return nil if !File.file?(policy_scap_file) || File.zero?(policy_scap_file)
101
- File.open(policy_scap_file, 'rb').read
102
- end
103
-
104
- def self.save_or_serve_scap_file(policy_id, policy_scap_file)
105
- lock = Proxy::HttpDownloads.try_locking(policy_scap_file)
106
- response = fetch_scap_content_xml(policy_id, policy_scap_file)
107
- if lock.nil?
108
- return response
109
- else
110
- begin
111
- File.open(policy_scap_file, 'wb') do |file|
112
- file << response
113
- end
114
- ensure
115
- Proxy::HttpDownloads.unlock(lock)
116
- end
117
- scap_file = policy_content_file(policy_scap_file)
118
- raise FileNotFound if scap_file.nil?
119
- return scap_file
120
- end
121
- end
122
-
123
68
  class ForemanForwarder < Proxy::HttpRequest::ForemanRequest
124
69
  def do(arf_dir)
125
70
  Dir.foreach(arf_dir) { |cname|
@@ -171,10 +116,11 @@ module Proxy::OpenSCAP
171
116
  begin
172
117
  data = File.read(arf_file_path)
173
118
  response = send_request(foreman_api_path, data)
174
- # Raise an HTTP error if the response is not 2xx (success).
175
119
  response.value
120
+ raise StandardError, "Received #{response.code}: #{response.message}" unless response.code.to_i == 200
176
121
  res = JSON.parse(response.body)
177
122
  raise StandardError, "Received result: #{res['result']}" unless res['result'] == 'OK'
123
+ raise StandardError, "Sent bytes: #{data.length}, but foreman received: #{res['received']}" unless data.length == res['received']
178
124
  File.delete arf_file_path
179
125
  rescue StandardError => e
180
126
  logger.debug response.body if response
@@ -18,7 +18,6 @@ module Proxy::OpenSCAP
18
18
  https_rackup_path File.expand_path("http_config.ru", File.expand_path("../", __FILE__))
19
19
 
20
20
  default_settings :spooldir => '/var/spool/foreman-proxy/openscap',
21
- :openscap_send_log_file => 'logs/openscap-send.log',
22
- :contentdir => 'openscap/content'
21
+ :openscap_send_log_file => '/var/log/foreman-proxy/openscap-send.log'
23
22
  end
24
23
  end
@@ -1,5 +1,5 @@
1
1
  #
2
- # Copyright (c) 2014--2015 Red Hat Inc.
2
+ # Copyright (c) 2014 Red Hat Inc.
3
3
  #
4
4
  # This software is licensed to you under the GNU General Public License,
5
5
  # version 3 (GPLv3). There is NO WARRANTY for this software, express or
@@ -10,6 +10,6 @@
10
10
 
11
11
  module Proxy
12
12
  module OpenSCAP
13
- VERSION = '0.3.1'
13
+ VERSION = '0.4.0'
14
14
  end
15
15
  end
@@ -7,7 +7,3 @@
7
7
  # Directory where OpenSCAP audits are stored
8
8
  # before they are forwarded to Foreman
9
9
  #:spooldir: /var/spool/foreman-proxy/openscap
10
-
11
- # Directory where OpenSCAP content XML are stored
12
- # So we will not request the XML from Foreman each time
13
- #:contentdir: /var/lib/openscap/content
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: smart_proxy_openscap
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.1
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - "Šimon Lukašík"
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-05-07 00:00:00.000000000 Z
11
+ date: 2015-03-25 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: |-
14
14
  A plug-in to the Foreman's smart-proxy which receives
@@ -28,7 +28,6 @@ files:
28
28
  - lib/smart_proxy_openscap.rb
29
29
  - lib/smart_proxy_openscap/http_config.ru
30
30
  - lib/smart_proxy_openscap/openscap_api.rb
31
- - lib/smart_proxy_openscap/openscap_exception.rb
32
31
  - lib/smart_proxy_openscap/openscap_lib.rb
33
32
  - lib/smart_proxy_openscap/openscap_plugin.rb
34
33
  - lib/smart_proxy_openscap/openscap_version.rb
@@ -1,20 +0,0 @@
1
- module Proxy::OpenSCAP
2
- class OpenSCAPException < Exception
3
- attr_accessor :response
4
- attr_accessor :message
5
- def initialize(response = nil)
6
- @response = response
7
- @message = response.message if response
8
- end
9
-
10
- def http_code
11
- @response.code || 500
12
- end
13
-
14
- def http_body
15
- @response.body if @response
16
- end
17
- end
18
-
19
- class FileNotFound < StandardError; end
20
- end