Hi everyone,
I put together a basic structure for hammer_cli_foreman_openscap. We also
have commands (roughly) corresponding to our current API. The project is
located at [1].
I also made a few changes to foreman_openscap to get it working, mostly
just cosmetic stuff. There is a pending PR [2].
Any comments are appreciated, have a nice rest of your day.
Ondra
[1] https://github.com/xprazak2/hammer_cli_foreman_openscap
[2] https://github.com/theforeman/foreman_openscap/pull/166
Hello,
it looks good. Thanks for your effort. During testing I found few small issues
but after they are fixed I think we can merge the repo under theforeman
organization.
scap-content update -h displays --new-name without any help, using it fails
hammer scap-content update --id 1 --new-name test23
results in 400
updating scap-content file does not seem to work
hammer scap-content update --id 1 --scap-file
/usr/share/xml/scap/ssg/content/ssg-centos6-ds.xml
results in 400
scap-content is missing create and info commands, there's currently no way
to display associated orgs and locs
scap-content info should also display profile ids, otherwise I can't create
policy
policy create allows to specify weekday as 1, update forces me to specify
monday
arf-report shouldn't provide update command, probably caused by copy and
paste, since the definition contains wrong messages anyway
A bit unrelated but found during testing
policy create help would deserve better strings, e.g. valid values for
period (it's more about foreman_openscap API)
when there's no foreman_scap_client manifest I receive 422, it should be
some better explanatory error
Please let me know if I should elaborate anything.
On Wednesday 04 of May 2016 07:55:37 oprazak wrote:
Hi everyone,
I put together a basic structure for hammer_cli_foreman_openscap. We also
have commands (roughly) corresponding to our current API. The project is
located at [1].
I also made a few changes to foreman_openscap to get it working, mostly
just cosmetic stuff. There is a pending PR [2].Any comments are appreciated, have a nice rest of your day.
Ondra[1] https://github.com/xprazak2/hammer_cli_foreman_openscap
[2] https://github.com/theforeman/foreman_openscap/pull/166
Thanks for comments, I made some changes and took care of the following:
The name option was added by default and I did not notice. It is removed
since scap content has only title.
Uploading files should work properly for both create and update commands.
I added the missing commands and we can view profile_ids and taxonomies.
>
> * policy create allows to specify weekday as 1, update forces me to
> specify
> monday
>
I think this is a problem of foreman-side validations, more on that below.
> * arf-report shouldn't provide update command, probably caused by copy and
> paste, since the definition contains wrong messages anyway
>
Removed.
A bit unrelated but found during testing
>
> * policy create help would deserve better strings, e.g. valid values for
> period (it's more about foreman_openscap API)
>
> * when there's no foreman_scap_client manifest I receive 422, it should be
> some better explanatory error
>
Policy cannot be created/updated if foreman_scap_client puppet class is not
found in foreman. I improved the error handling, we should get a sane
message about what went wrong.
Related concerns:
I plan to add search options for locs and orgs but I haven't fully figured
it out yet.
Let me know if there is anything else.
O.
Hello
I have few more findings with the latest version, please find them below in
text. Some of them might need fixing in API rather than here. Feel free to just
create redmine issue from them in such case. Once below comments are fixed I
think we can move it under theforeman org (unless someone objects).
> Thanks for comments, I made some changes and took care of the following:
>
> * scap-content update -h displays --new-name without any help, using it
>
> > fails
> > hammer scap-content update --id 1 --new-name test23
> > results in 400
> The name option was added by default and I did not notice. It is removed
> since scap content has only title.
>
> * updating scap-content file does not seem to work
>
> > hammer scap-content update --id 1 --scap-file
> > /usr/share/xml/scap/ssg/content/ssg-centos6-ds.xml
> > results in 400
>
> Uploading files should work properly for both create and update commands.
>
> * scap-content is missing create and info commands, there's currently no
>
> > way
> > to display associated orgs and locs
> >
> > * scap-content info should also display profile ids, otherwise I can't
> > create
> > policy
>
> I added the missing commands and we can view profile_ids and taxonomies.
the info command lists --name but that does not work, it does not list --title
which is required to search for scap-content by title
> > * policy create allows to specify weekday as 1, update forces me to
> > specify
> > monday
>
> I think this is a problem of foreman-side validations, more on that below.
policy create help says I can use scap content name, when I try I get 400,
probably because content has only title, using id helps
hammer policy create --hostgroup-titles default --name default --scap-content
default --scap-content-profile-id 1 --period daily
Could not create the policy:
Error: 400 Bad Request
weekday is always required even if period is daily
using hostgroup titles results in following error
[ERROR 2016-06-14T11:12:22 Exception] undefined method empty?' for 1:Fixnum Could not create the policy: undefined methodempty?' for 1:Fixnum
using hostgroup id results in following error
Could not create the policy:
You cannot call create unless the parent is saved
without hostgroup specification it saves fine
> > * arf-report shouldn't provide update command, probably caused by copy and
> > paste, since the definition contains wrong messages anyway
>
> Removed.
arf-report help suggest we can use name for search, ArfReport object doesn't
seem to have any name attribute
A bit unrelated but found during testing
policy create help would deserve better strings, e.g. valid values for
period (it’s more about foreman_openscap API)when there’s no foreman_scap_client manifest I receive 422, it should be
some better explanatory errorPolicy cannot be created/updated if foreman_scap_client puppet class is not
found in foreman. I improved the error handling, we should get a sane
message about what went wrong.Related concerns:
- Policy validation could use some improvements. Validations for scheduling
are triggered conditionally, for example ‘weekday’ gets validated only if
period is ‘weekly’. This is fine for our UI, but it does not prevent
passing '–period monthly --day-of-month 15 --weekday $something_ugly_here’
on command line, which effectively bypasses the weekday validation.I plan to add search options for locs and orgs but I haven’t fully figured
it out yet.
Let me know if there is anything else.
O.
Hi,
I made additional changes and submitted [1] that should take care of
problems in foreman_openscap.
In brief: I got rid of name for scap content in help and replaced it with
title. Same for arf report but with no replacement since it does not have
title or anything equivalent. Policy can be created with hostgroup
specified,
it also no longer requires weekday when period is not weekly. Related to
this is issue [2].
Thanks for feedback, let me know if there are any more bugs.
O.
[1] https://github.com/theforeman/foreman_openscap/pull/173
[2] Bug #15476: Insufficient validations for policy - OpenSCAP - Foreman