RubyGems - smart_proxy_openscap - Versions diffs - 0.4.0 → 0.4.1 - Mend

smart_proxy_openscap 0.4.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/lib/smart_proxy_openscap/openscap_api.rb +11 -0
data/lib/smart_proxy_openscap/openscap_exception.rb +20 -0
data/lib/smart_proxy_openscap/openscap_lib.rb +56 -2
data/lib/smart_proxy_openscap/openscap_plugin.rb +2 -1
data/lib/smart_proxy_openscap/openscap_version.rb +1 -1
data/settings.d/openscap.yml.example +4 -0
metadata +6 -5

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e2d3e917fd247cee23a8752c368a63c557bf35ed
-  data.tar.gz: 06c6dd924478a4708c0a5f93325e6b0692cae444
+  metadata.gz: dc0f9e535cc7359af74ea374ced6f071f6af4745
+  data.tar.gz: 7d0741cb41875f74908d3383dcfaea081db68366
 SHA512:
-  metadata.gz: 72f165b675321bea26b01215722d1309269f1038242b7204f09fa3dace8e602cf6b2b961435fa3a546bb0cb312c320025b48b3bc521a6b185248769d9a7f29e7
-  data.tar.gz: 8a9c96d17704f853f34b7c6a9f05a0a900c690ea39558ab4f449dbdb33386ce2a27cc081dc92b2ee07a16cb5ba45f1811349e2a69fea85fb6b1ab1a8adcdad99
+  metadata.gz: 66e1c835c86977103e63102e6764bcd906e659d5ab02df882cef8dca1b58a6ec8de60fd9559e1625ec78aa7124f0abc103cc4e44228034efce0b26b3149d1e87
+  data.tar.gz: 30610e832fe4cb4a5c8a9db0203b956b6b090eb67c4f6f86350de8a1cb1b302c25c82a957510aa8ac607a1f13ce02ba21f77346a6acc173b7bb9c5a0ebcd2458

data/lib/smart_proxy_openscap/openscap_api.rb CHANGED

@@ -43,5 +43,16 @@ module Proxy::OpenSCAP
       {"created" => true}.to_json
     end
+    get "/policies/:policy_id/content" do
+      content_type 'application/xml'
+      begin
+        Proxy::OpenSCAP::get_policy_content(params[:policy_id])
+      rescue OpenSCAPException => e
+        log_halt e.http_code, "Error fetching xml file: #{e.message}"
+      rescue StandardError => e
+        log_halt 500, "Error occurred: #{e.message}"
+      end
+    end
   end
 end

data/lib/smart_proxy_openscap/openscap_exception.rb ADDED

@@ -0,0 +1,20 @@
+module Proxy::OpenSCAP
+  class OpenSCAPException < Exception
+    attr_accessor :response
+    attr_accessor :message
+    def initialize(response = nil)
+      @response = response
+      @message = response.message if response
+    end
+    def http_code
+      @response.code || 500
+    end
+    def http_body
+      @response.body if @response
+    end
+  end
+  class FileNotFound < StandardError; end
+end

data/lib/smart_proxy_openscap/openscap_lib.rb CHANGED

@@ -13,10 +13,29 @@ require 'fileutils'
 require 'json'
 require 'proxy/error'
 require 'proxy/request'
+require 'smart_proxy_openscap/openscap_exception'
 module Proxy::OpenSCAP
   extend ::Proxy::Log
+  def self.get_policy_content(policy_id)
+    policy_store_dir = File.join(Proxy::OpenSCAP::Plugin.settings.contentdir, policy_id.to_s)
+    policy_scap_file = File.join(policy_store_dir, "#{policy_id}_scap_content.xml")
+    begin
+      FileUtils.mkdir_p(policy_store_dir) # will fail silently if exists
+    rescue Errno::EACCES => e
+      logger.error "No permission to create directory #{policy_store_dir}"
+      raise e
+    rescue StandardError => e
+      logger.error "Could not create '#{policy_store_dir}' directory: #{e.message}"
+      raise e
+    end
+    scap_file = policy_content_file(policy_scap_file)
+    scap_file ||= save_or_serve_scap_file(policy_id, policy_scap_file)
+    scap_file
+  end
   def self.common_name(request)
     client_cert = request.env['SSL_CLIENT_CERT']
     raise Proxy::Error::Unauthorized, "Client certificate required!" if client_cert.to_s.empty?
@@ -65,6 +84,42 @@ module Proxy::OpenSCAP
     end
   end
+  def self.fetch_scap_content_xml(policy_id, policy_scap_file)
+    foreman_request = Proxy::HttpRequest::ForemanRequest.new
+    policy_content_path = "/api/v2/compliance/policies/#{policy_id}/content"
+    req = foreman_request.request_factory.create_get(policy_content_path)
+    response = foreman_request.send_request(req)
+    unless response.is_a? Net::HTTPSuccess
+      raise OpenSCAPException.new(response)
+    end
+    response.body
+  end
+  def self.policy_content_file(policy_scap_file)
+    return nil if !File.file?(policy_scap_file) || File.zero?(policy_scap_file)
+    File.open(policy_scap_file, 'rb').read
+  end
+  def self.save_or_serve_scap_file(policy_id, policy_scap_file)
+    lock = Proxy::FileLock::try_locking(policy_scap_file)
+    response = fetch_scap_content_xml(policy_id, policy_scap_file)
+    if lock.nil?
+      return response
+    else
+      begin
+        File.open(policy_scap_file, 'wb') do |file|
+          file << response
+        end
+      ensure
+        Proxy::FileLock::unlock(lock)
+      end
+      scap_file = policy_content_file(policy_scap_file)
+      raise FileNotFound if scap_file.nil?
+      return scap_file
+    end
+  end
   class ForemanForwarder < Proxy::HttpRequest::ForemanRequest
     def do(arf_dir)
       Dir.foreach(arf_dir) { |cname|
@@ -116,11 +171,10 @@ module Proxy::OpenSCAP
       begin
         data = File.read(arf_file_path)
         response = send_request(foreman_api_path, data)
+        # Raise an HTTP error if the response is not 2xx (success).
         response.value
-        raise StandardError, "Received #{response.code}: #{response.message}" unless response.code.to_i == 200
         res = JSON.parse(response.body)
         raise StandardError, "Received result: #{res['result']}" unless res['result'] == 'OK'
-        raise StandardError, "Sent bytes: #{data.length}, but foreman received: #{res['received']}" unless data.length == res['received']
         File.delete arf_file_path
       rescue StandardError => e
         logger.debug response.body if response

data/lib/smart_proxy_openscap/openscap_plugin.rb CHANGED

@@ -18,6 +18,7 @@ module Proxy::OpenSCAP
     https_rackup_path File.expand_path("http_config.ru", File.expand_path("../", __FILE__))
     default_settings :spooldir => '/var/spool/foreman-proxy/openscap',
-                     :openscap_send_log_file => '/var/log/foreman-proxy/openscap-send.log'
+                     :openscap_send_log_file => 'logs/openscap-send.log',
+                     :contentdir => 'openscap/content'
   end
 end

data/lib/smart_proxy_openscap/openscap_version.rb CHANGED

@@ -10,6 +10,6 @@
 module Proxy
   module OpenSCAP
-    VERSION = '0.4.0'
+    VERSION = '0.4.1'
   end
 end

data/settings.d/openscap.yml.example CHANGED

@@ -7,3 +7,7 @@
 # Directory where OpenSCAP audits are stored
 # before they are forwarded to Foreman
 #:spooldir: /var/spool/foreman-proxy/openscap
+# Directory where OpenSCAP content XML are stored
+# So we will not request the XML from Foreman each time
+#:contentdir: /var/lib/openscap/content

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: smart_proxy_openscap
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.4.1
 platform: ruby
 authors:
-- "Šimon Lukašík"
+- Šimon Lukašík
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-03-25 00:00:00.000000000 Z
+date: 2015-05-19 00:00:00.000000000 Z
 dependencies: []
 description: |-
   A plug-in to the Foreman's smart-proxy which receives
@@ -28,6 +28,7 @@ files:
 - lib/smart_proxy_openscap.rb
 - lib/smart_proxy_openscap/http_config.ru
 - lib/smart_proxy_openscap/openscap_api.rb
+- lib/smart_proxy_openscap/openscap_exception.rb
 - lib/smart_proxy_openscap/openscap_lib.rb
 - lib/smart_proxy_openscap/openscap_plugin.rb
 - lib/smart_proxy_openscap/openscap_version.rb
@@ -43,12 +44,12 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []