Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes #11872 - Compliance status for hosts #131

Merged
merged 1 commit into from Oct 13, 2015
Merged

Fixes #11872 - Compliance status for hosts #131

merged 1 commit into from Oct 13, 2015

Conversation

xprazak2
Copy link
Contributor

Current behaviour:

  • When Arf report is uploaded to Foreman, Compliance status is updated/created for a host
  • We have 3 compliance states: compliant, incompliant, inconclusive.
  • When any latest arf report for any of the policies that are assigned to the host has a failed rule, the status is incompliant
  • When latest arf reports for all policies assigned to the host have only passed rules, the status is compliant
  • When the latest reports have passed and othered rules, the status is inconclusive

Changes in UI:

  • I removed the square icon with letter from host list
  • I removed the Compliance table from host details, added a button to the details

Questions and thoughts:

  • Do we want to add Compliance status to API?
  • We have one status for all policies on the host. If we wanted greater detail, we could create 'partial' scap status for 1 policy and then build 'global scap status' for a host. This would probably require changes in how Foreman displays statuses on host details page in properties table. A suitable place to display these 'partial statuses' could be a policy dashboard page

@shlomizadok
Copy link
Member

@xprazak2 - please rebase

@xprazak2
Copy link
Contributor Author

@shlomizadok: I rebased

@ares
Copy link
Member

ares commented Sep 24, 2015

Quick scan looks good, I'd like to give it another round and test later. Don't forget to either bump https://github.com/theforeman/foreman_openscap/blob/master/lib/foreman_openscap/engine.rb#L38 to 1.10 or wrap the status registration in a condition to keep 1.9- compatibility.

Do we want to add Compliance status to API?

It should be added automatically, did you check the host detail output?

ares
ares reviewed Sep 24, 2015
View reviewed changes
app/models/concerns/foreman_openscap/host_extensions.rb
@@ -8,6 +8,7 @@ module HostExtensions
has_many :asset_policies, :through => :asset, :class_name => "::ForemanOpenscap::AssetPolicy"
has_many :policies, :through => :asset_policies, :class_name => "::ForemanOpenscap::Policy"
has_many :arf_reports, :through => :asset, :class_name => '::ForemanOpenscap::ArfReport'
has_one :scap_status, :class_name => 'HostStatus::ScapStatus', :foreign_key => 'host_id', :dependent => :destroy
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does :dependent => :destroy play nicely with host_statuses that also defines this dependency? (https://github.com/theforeman/foreman/blob/develop/app/models/host/managed.rb#L17) this has_one is subset of host_statuses

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, it would be probably better to remove it

@xprazak2 xprazak2 force-pushed the global-status branch 3 times, most recently from 5dee2d2 to d0f7c01 Compare September 24, 2015 11:14
@xprazak2
Copy link
Contributor Author

@ares, I removed :dependent => :destroy, changed latest_report_for_policy to last_report_for_policy, added a check into engine for compatibility, and made sure status gets picked up by API. There may be something wrong in how the global status gets rendered by core, it has the correct "Error" label but the number code should be '2'. Could you please check if it is only local?

ares
ares reviewed Oct 8, 2015
View reviewed changes
app/models/concerns/foreman_openscap/host_extensions.rb
@@ -8,6 +8,7 @@ module HostExtensions
has_many :asset_policies, :through => :asset, :class_name => "::ForemanOpenscap::AssetPolicy"
has_many :policies, :through => :asset_policies, :class_name => "::ForemanOpenscap::Policy"
has_many :arf_reports, :through => :asset, :class_name => '::ForemanOpenscap::ArfReport'
has_one :compliance_status, :class_name => 'HostStatus::ComplianceStatus', :foreign_key => 'host_id'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this should be named compliace_status_object, you override it by method with same name below https://github.com/theforeman/foreman_openscap/pull/131/files#diff-c08b2f64bbed0d7a15b0f7241af53d04R50

@xprazak2
Copy link
Contributor Author

xprazak2 commented Oct 8, 2015

@ares: I changed compliance_status to compliance_status_object

ares
ares reviewed Oct 8, 2015
View reviewed changes
app/models/concerns/foreman_openscap/host_extensions.rb
@@ -8,6 +8,7 @@ module HostExtensions
has_many :asset_policies, :through => :asset, :class_name => "::ForemanOpenscap::AssetPolicy"
has_many :policies, :through => :asset_policies, :class_name => "::ForemanOpenscap::Policy"
has_many :arf_reports, :through => :asset, :class_name => '::ForemanOpenscap::ArfReport'
has_one :compliance_status_object, :class_name => 'HostStatus::ComplianceStatus', :foreign_key => 'host_id'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this association is usually used in scoped search, but I don't see any new definitions in the PR, could you add some? see https://github.com/theforeman/foreman_remote_execution/pull/42/files#diff-e3b1be04f41d99a66e199b0060b84e63R14 for an example

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ares: I added scoped search on compliance status

next time pls write a comment to original one so we can see that it's addressed

EDIT: unless it's outdated by git change, then it's optional...

@xprazak2
Copy link
Contributor Author

xprazak2 commented Oct 8, 2015

@ares: I added scoped search on compliance status

ares
ares reviewed Oct 8, 2015
View reviewed changes
app/models/host_status/compliance_status.rb
@@ -0,0 +1,46 @@
module HostStatus
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this should be also under ForemanOpenscap module and hence in app/models/foreman_openscap/host_status (host status might not be needed, but leaving this up to you)

@ares
Copy link
Member

ares commented Oct 8, 2015

There may be something wrong in how the global status gets rendered by core, it has the correct "Error" label but the number code should be '2'. Could you please check if it is only local?

This can happen in development if rails autoloader reloads the code. Restart Foreman and see if it helps, it seems to work for me. The reason is that we refer to class name in engine.rb in initializer (the way that Foreman plugin currently works) but we should do it in config.to_prepare block... Anyway this should be OK in production env.

@xprazak2 xprazak2 force-pushed the global-status branch 3 times, most recently from defafd3 to 890a913 Compare October 8, 2015 12:34
ares
ares reviewed Oct 8, 2015
View reviewed changes
app/models/concerns/foreman_openscap/host_extensions.rb
scoped_search :in => :compliance_status_object, :on => :status, :rename => :compliance_status,
:complete_value => {:compliant => ForemanOpenscap::::ComplianceStatus::COMPLIANT,
:incompliant => ForemanOpenscap::::ComplianceStatus::INCOMPLIANT,
:inconclusive => ForemanOpenscap::::ComplianceStatus::INCONCLUSIVE}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

/home/ares/Projekty/Zdrojaky/foreman_openscap/app/models/concerns/foreman_openscap/host_extensions.rb:18: syntax error, unexpected ::, expecting '(' (SyntaxError)
...ompliant => ForemanOpenscap::::ComplianceStatus::COMPLIANT,
...

@xprazak2 xprazak2 force-pushed the global-status branch 2 times, most recently from 8a30df7 to d8a2730 Compare October 9, 2015 06:07
ares
ares reviewed Oct 9, 2015
View reviewed changes
app/models/concerns/foreman_openscap/host_extensions.rb
@@ -8,11 +8,16 @@ module HostExtensions
has_many :asset_policies, :through => :asset, :class_name => "::ForemanOpenscap::AssetPolicy"
has_many :policies, :through => :asset_policies, :class_name => "::ForemanOpenscap::Policy"
has_many :arf_reports, :through => :asset, :class_name => '::ForemanOpenscap::ArfReport'
has_one :compliance_status_object, :class_name => 'ForemanOpenscap::::ComplianceStatus', :foreign_key => 'host_id'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

another syntax error

@shlomizadok
Copy link
Member

@xprazak2 - Not sure if it's this PR or previous, yet my dashboard now looks like:
image

Also, rubocop is failing.

Thanks

@shlomizadok
Copy link
Member

Merging. Thanks @xprazak2 !

shlomizadok added a commit that referenced this pull request Oct 13, 2015
@shlomizadok
Merge pull request #131 from xprazak2/global-status
f4fd397 
Fixes #11872 - Compliance status for hosts
@shlomizadok shlomizadok merged commit f4fd397 into theforeman:master Oct 13, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Needs re-review Needs testing
Projects
None yet
Milestone
No milestone
4 participants
@xprazak2 @shlomizadok @ares @theforeman-bot