smart_proxy_openscap 0.3.0 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6764e9354322a69c3e162669f53c55b43641f46b
-  data.tar.gz: 3ed75fc0a116d8595b8e0c467883b8165b0326b4
+  metadata.gz: eba9e5346ce33339c77df129260e227b806cffbf
+  data.tar.gz: 7ee409ced62aca3253f700e10eecac2f69558dde
 SHA512:
-  metadata.gz: dfe4458aa62a00448e4bf6fd524a496ab20dbb88d32892c98cec839df3c02f148c98d1ace459c5781704fd5a2d00bafff2b0496108179ba3f21f7bfd8d0cb7c2
-  data.tar.gz: b492e2ed6968500b7cc5d55c4d6d8cece805b0282af6b65e98da1d5f850ce0fa60262de7d46252a63f9438ac87b6f41c07e6720a121bfbcf304af3df62318d4a
+  metadata.gz: ffd1259c6fddf38830fbb757d41b0255bfd3a31dac90eb95da39077754e520df7734da4c4d34d165826cc5f754a4d5895deeaf23af3e01d952a2072b3e9e469b
+  data.tar.gz: d2290459e3c99040ddb098ea0a1a0f714f052914e132020218b6b7a6b84d493dc71bd205bfe1a4508337caa2e35bfce1ae9e991d9c1da9d855c102c26927ca8c

data/lib/smart_proxy_openscap/openscap_api.rb

@@ -14,6 +14,7 @@ module Proxy::OpenSCAP
   class Api < ::Sinatra::Base
     include ::Proxy::Log
     helpers ::Proxy::Helpers
+    authorize_with_trusted_hosts
 
     put "/arf/:policy" do
       # first let's verify client's certificate
@@ -42,5 +43,16 @@ module Proxy::OpenSCAP
 
       {"created" => true}.to_json
     end
+
+    get "/policies/:policy_id/content" do
+      content_type 'application/xml'
+      begin
+        Proxy::OpenSCAP::get_policy_content(params[:policy_id])
+      rescue OpenSCAPException => e
+        log_halt e.http_code, "Error fetching xml file: #{e.message}"
+      rescue StandardError => e
+        log_halt 500, "Error occurred: #{e.message}"
+      end
+    end
   end
 end

data/lib/smart_proxy_openscap/openscap_exception.rb

@@ -0,0 +1,20 @@
+module Proxy::OpenSCAP
+  class OpenSCAPException < Exception
+    attr_accessor :response
+    attr_accessor :message
+    def initialize(response = nil)
+      @response = response
+      @message = response.message if response
+    end
+
+    def http_code
+      @response.code || 500
+    end
+
+    def http_body
+      @response.body if @response
+    end
+  end
+
+  class FileNotFound < StandardError; end
+end

data/lib/smart_proxy_openscap/openscap_lib.rb

@@ -13,10 +13,29 @@ require 'fileutils'
 require 'json'
 require 'proxy/error'
 require 'proxy/request'
+require 'smart_proxy_openscap/openscap_exception'
 
 module Proxy::OpenSCAP
   extend ::Proxy::Log
 
+  def self.get_policy_content(policy_id)
+    policy_store_dir = File.join(Proxy::OpenSCAP::Plugin.settings.contentdir, policy_id.to_s)
+    policy_scap_file = File.join(policy_store_dir, "#{policy_id}_scap_content.xml")
+    begin
+      FileUtils.mkdir_p(policy_store_dir) # will fail silently if exists
+    rescue Errno::EACCES => e
+      logger.error "No permission to create directory #{policy_store_dir}"
+      raise e
+    rescue StandardError => e
+      logger.error "Could not create '#{policy_store_dir}' directory: #{e.message}"
+      raise e
+    end
+
+    scap_file = policy_content_file(policy_scap_file)
+    scap_file ||= save_or_serve_scap_file(policy_id, policy_scap_file)
+    scap_file
+  end
+
   def self.common_name(request)
     client_cert = request.env['SSL_CLIENT_CERT']
     raise Proxy::Error::Unauthorized, "Client certificate required!" if client_cert.to_s.empty?
@@ -65,6 +84,42 @@ module Proxy::OpenSCAP
     end
   end
 
+  def self.fetch_scap_content_xml(policy_id, policy_scap_file)
+    foreman_request = Proxy::HttpRequest::ForemanRequest.new
+    policy_content_path = "/api/v2/compliance/policies/#{policy_id}/content"
+    req = foreman_request.request_factory.create_get(policy_content_path)
+    response = foreman_request.send_request(req)
+    unless response.is_a? Net::HTTPSuccess
+      raise OpenSCAPException.new(response)
+    end
+    response.body
+  end
+
+
+  def self.policy_content_file(policy_scap_file)
+    return nil if !File.file?(policy_scap_file) || File.zero?(policy_scap_file)
+    File.open(policy_scap_file, 'rb').read
+  end
+
+  def self.save_or_serve_scap_file(policy_id, policy_scap_file)
+    lock = Proxy::HttpDownloads.try_locking(policy_scap_file)
+    response = fetch_scap_content_xml(policy_id, policy_scap_file)
+    if lock.nil?
+      return response
+    else
+      begin
+        File.open(policy_scap_file, 'wb') do |file|
+          file << response
+        end
+      ensure
+        Proxy::HttpDownloads.unlock(lock)
+      end
+      scap_file = policy_content_file(policy_scap_file)
+      raise FileNotFound if scap_file.nil?
+      return scap_file
+    end
+  end
+
   class ForemanForwarder < Proxy::HttpRequest::ForemanRequest
     def do(arf_dir)
       Dir.foreach(arf_dir) { |cname|
@@ -116,11 +171,10 @@ module Proxy::OpenSCAP
       begin
         data = File.read(arf_file_path)
         response = send_request(foreman_api_path, data)
+        # Raise an HTTP error if the response is not 2xx (success).
         response.value
-        raise StandardError, "Received #{response.code}: #{response.message}" unless response.code.to_i == 200
         res = JSON.parse(response.body)
         raise StandardError, "Received result: #{res['result']}" unless res['result'] == 'OK'
-        raise StandardError, "Sent bytes: #{data.length}, but foreman received: #{res['received']}" unless data.length == res['received']
         File.delete arf_file_path
       rescue StandardError => e
         logger.debug response.body if response

data/lib/smart_proxy_openscap/openscap_plugin.rb

@@ -18,6 +18,7 @@ module Proxy::OpenSCAP
     https_rackup_path File.expand_path("http_config.ru", File.expand_path("../", __FILE__))
 
     default_settings :spooldir => '/var/spool/foreman-proxy/openscap',
-                     :openscap_send_log_file => '/var/log/foreman-proxy/openscap-send.log'
+                     :openscap_send_log_file => 'logs/openscap-send.log',
+                     :contentdir => 'openscap/content'
   end
 end

data/lib/smart_proxy_openscap/openscap_version.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2014 Red Hat Inc.
+# Copyright (c) 2014--2015 Red Hat Inc.
 #
 # This software is licensed to you under the GNU General Public License,
 # version 3 (GPLv3). There is NO WARRANTY for this software, express or
@@ -10,6 +10,6 @@
 
 module Proxy
   module OpenSCAP
-    VERSION = '0.3.0'
+    VERSION = '0.3.1'
   end
 end

data/settings.d/openscap.yml.example

@@ -7,3 +7,7 @@
 # Directory where OpenSCAP audits are stored
 # before they are forwarded to Foreman
 #:spooldir: /var/spool/foreman-proxy/openscap
+
+# Directory where OpenSCAP content XML are stored
+# So we will not request the XML from Foreman each time
+#:contentdir: /var/lib/openscap/content

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: smart_proxy_openscap
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.1
 platform: ruby
 authors:
-- Šimon Lukašík
+- "Šimon Lukašík"
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-01-20 00:00:00.000000000 Z
+date: 2015-05-07 00:00:00.000000000 Z
 dependencies: []
 description: |-
   A plug-in to the Foreman's smart-proxy which receives
@@ -28,6 +28,7 @@ files:
 - lib/smart_proxy_openscap.rb
 - lib/smart_proxy_openscap/http_config.ru
 - lib/smart_proxy_openscap/openscap_api.rb
+- lib/smart_proxy_openscap/openscap_exception.rb
 - lib/smart_proxy_openscap/openscap_lib.rb
 - lib/smart_proxy_openscap/openscap_plugin.rb
 - lib/smart_proxy_openscap/openscap_version.rb
@@ -43,18 +44,19 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.1.11
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: OpenSCAP plug-in for Foreman's smart-proxy.
 test_files: []
+has_rdoc: