smart_proxy_openscap 0.4.0 → 0.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e2d3e917fd247cee23a8752c368a63c557bf35ed
-  data.tar.gz: 06c6dd924478a4708c0a5f93325e6b0692cae444
+  metadata.gz: dc0f9e535cc7359af74ea374ced6f071f6af4745
+  data.tar.gz: 7d0741cb41875f74908d3383dcfaea081db68366
 SHA512:
-  metadata.gz: 72f165b675321bea26b01215722d1309269f1038242b7204f09fa3dace8e602cf6b2b961435fa3a546bb0cb312c320025b48b3bc521a6b185248769d9a7f29e7
-  data.tar.gz: 8a9c96d17704f853f34b7c6a9f05a0a900c690ea39558ab4f449dbdb33386ce2a27cc081dc92b2ee07a16cb5ba45f1811349e2a69fea85fb6b1ab1a8adcdad99
+  metadata.gz: 66e1c835c86977103e63102e6764bcd906e659d5ab02df882cef8dca1b58a6ec8de60fd9559e1625ec78aa7124f0abc103cc4e44228034efce0b26b3149d1e87
+  data.tar.gz: 30610e832fe4cb4a5c8a9db0203b956b6b090eb67c4f6f86350de8a1cb1b302c25c82a957510aa8ac607a1f13ce02ba21f77346a6acc173b7bb9c5a0ebcd2458

data/lib/smart_proxy_openscap/openscap_api.rb

@@ -43,5 +43,16 @@ module Proxy::OpenSCAP
 
       {"created" => true}.to_json
     end
+
+    get "/policies/:policy_id/content" do
+      content_type 'application/xml'
+      begin
+        Proxy::OpenSCAP::get_policy_content(params[:policy_id])
+      rescue OpenSCAPException => e
+        log_halt e.http_code, "Error fetching xml file: #{e.message}"
+      rescue StandardError => e
+        log_halt 500, "Error occurred: #{e.message}"
+      end
+    end
   end
 end

data/lib/smart_proxy_openscap/openscap_exception.rb

@@ -0,0 +1,20 @@
+module Proxy::OpenSCAP
+  class OpenSCAPException < Exception
+    attr_accessor :response
+    attr_accessor :message
+    def initialize(response = nil)
+      @response = response
+      @message = response.message if response
+    end
+
+    def http_code
+      @response.code || 500
+    end
+
+    def http_body
+      @response.body if @response
+    end
+  end
+
+  class FileNotFound < StandardError; end
+end

data/lib/smart_proxy_openscap/openscap_lib.rb

@@ -13,10 +13,29 @@ require 'fileutils'
 require 'json'
 require 'proxy/error'
 require 'proxy/request'
+require 'smart_proxy_openscap/openscap_exception'
 
 module Proxy::OpenSCAP
   extend ::Proxy::Log
 
+  def self.get_policy_content(policy_id)
+    policy_store_dir = File.join(Proxy::OpenSCAP::Plugin.settings.contentdir, policy_id.to_s)
+    policy_scap_file = File.join(policy_store_dir, "#{policy_id}_scap_content.xml")
+    begin
+      FileUtils.mkdir_p(policy_store_dir) # will fail silently if exists
+    rescue Errno::EACCES => e
+      logger.error "No permission to create directory #{policy_store_dir}"
+      raise e
+    rescue StandardError => e
+      logger.error "Could not create '#{policy_store_dir}' directory: #{e.message}"
+      raise e
+    end
+
+    scap_file = policy_content_file(policy_scap_file)
+    scap_file ||= save_or_serve_scap_file(policy_id, policy_scap_file)
+    scap_file
+  end
+
   def self.common_name(request)
     client_cert = request.env['SSL_CLIENT_CERT']
     raise Proxy::Error::Unauthorized, "Client certificate required!" if client_cert.to_s.empty?
@@ -65,6 +84,42 @@ module Proxy::OpenSCAP
     end
   end
 
+  def self.fetch_scap_content_xml(policy_id, policy_scap_file)
+    foreman_request = Proxy::HttpRequest::ForemanRequest.new
+    policy_content_path = "/api/v2/compliance/policies/#{policy_id}/content"
+    req = foreman_request.request_factory.create_get(policy_content_path)
+    response = foreman_request.send_request(req)
+    unless response.is_a? Net::HTTPSuccess
+      raise OpenSCAPException.new(response)
+    end
+    response.body
+  end
+
+
+  def self.policy_content_file(policy_scap_file)
+    return nil if !File.file?(policy_scap_file) || File.zero?(policy_scap_file)
+    File.open(policy_scap_file, 'rb').read
+  end
+
+  def self.save_or_serve_scap_file(policy_id, policy_scap_file)
+    lock = Proxy::FileLock::try_locking(policy_scap_file)
+    response = fetch_scap_content_xml(policy_id, policy_scap_file)
+    if lock.nil?
+      return response
+    else
+      begin
+        File.open(policy_scap_file, 'wb') do |file|
+          file << response
+        end
+      ensure
+        Proxy::FileLock::unlock(lock)
+      end
+      scap_file = policy_content_file(policy_scap_file)
+      raise FileNotFound if scap_file.nil?
+      return scap_file
+    end
+  end
+
   class ForemanForwarder < Proxy::HttpRequest::ForemanRequest
     def do(arf_dir)
       Dir.foreach(arf_dir) { |cname|
@@ -116,11 +171,10 @@ module Proxy::OpenSCAP
       begin
         data = File.read(arf_file_path)
         response = send_request(foreman_api_path, data)
+        # Raise an HTTP error if the response is not 2xx (success).
         response.value
-        raise StandardError, "Received #{response.code}: #{response.message}" unless response.code.to_i == 200
         res = JSON.parse(response.body)
         raise StandardError, "Received result: #{res['result']}" unless res['result'] == 'OK'
-        raise StandardError, "Sent bytes: #{data.length}, but foreman received: #{res['received']}" unless data.length == res['received']
         File.delete arf_file_path
       rescue StandardError => e
         logger.debug response.body if response

data/lib/smart_proxy_openscap/openscap_plugin.rb

@@ -18,6 +18,7 @@ module Proxy::OpenSCAP
     https_rackup_path File.expand_path("http_config.ru", File.expand_path("../", __FILE__))
 
     default_settings :spooldir => '/var/spool/foreman-proxy/openscap',
-                     :openscap_send_log_file => '/var/log/foreman-proxy/openscap-send.log'
+                     :openscap_send_log_file => 'logs/openscap-send.log',
+                     :contentdir => 'openscap/content'
   end
 end

data/lib/smart_proxy_openscap/openscap_version.rb

@@ -10,6 +10,6 @@
 
 module Proxy
   module OpenSCAP
-    VERSION = '0.4.0'
+    VERSION = '0.4.1'
   end
 end

data/settings.d/openscap.yml.example

@@ -7,3 +7,7 @@
 # Directory where OpenSCAP audits are stored
 # before they are forwarded to Foreman
 #:spooldir: /var/spool/foreman-proxy/openscap
+
+# Directory where OpenSCAP content XML are stored
+# So we will not request the XML from Foreman each time
+#:contentdir: /var/lib/openscap/content

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: smart_proxy_openscap
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.4.1
 platform: ruby
 authors:
-- "Šimon Lukašík"
+- Šimon Lukašík
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-03-25 00:00:00.000000000 Z
+date: 2015-05-19 00:00:00.000000000 Z
 dependencies: []
 description: |-
   A plug-in to the Foreman's smart-proxy which receives
@@ -28,6 +28,7 @@ files:
 - lib/smart_proxy_openscap.rb
 - lib/smart_proxy_openscap/http_config.ru
 - lib/smart_proxy_openscap/openscap_api.rb
+- lib/smart_proxy_openscap/openscap_exception.rb
 - lib/smart_proxy_openscap/openscap_lib.rb
 - lib/smart_proxy_openscap/openscap_plugin.rb
 - lib/smart_proxy_openscap/openscap_version.rb
@@ -43,12 +44,12 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []