1342623 – [RFE] Extend the foreman API for improved compliance/openscap usage

Bug 1342623 - [RFE] Extend the foreman API for improved compliance/openscap usage

Summary: [RFE] Extend the foreman API for improved compliance/openscap usage

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	SCAP Plugin
Sub Component:
Version:	6.1.8
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	Unspecified
Assignee:	satellite6-bugs
QA Contact:	Sebastian Gräßl
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-06-03 17:14 UTC by David Critch
Modified:	2021-06-10 11:21 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-02-21 12:35:17 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2018:0336	0	normal	SHIPPED_LIVE	Important: Satellite 6.3 security, bug fix, and enhancement update	2018-02-21 22:43:42 UTC

Description David Critch 2016-06-03 17:14:10 UTC

Description of problem:
We are looking at deploying the OpenSCAP plugin for Satellite 6, and use a lot of hammer/API requests. Currently, the foreman API exposes a limited amount of access to those resources:

# curl -s -k -u admin:NOTAPASSWORD https://$(hostname)/api/v2/ | jq . | grep -A2 scaptimony_policies
    "scaptimony_policies": {
      "Show a policy's SCAP content": "/api/v2/compliance/policies/:id/content"
    },


The hammer CLI appears to have no support at all:
# hammer --help | egrep -i 'compliance|policy|audit|openscap'
#

It would be great to e.g. list all policies, create or delete a policy, etc.

Version-Release number of selected component (if applicable):
ruby193-rubygem-scaptimony-0.3.0.1-1.el7sat.noarch
rubygem-smart_proxy_openscap-0.3.0.9-1.el7sat.noarch

How reproducible:
Always

Steps to Reproduce:
1. Query foreman for API endpoints (above)
2. Returns just the one endpoint


Actual results:
API call returns one endpoint
hammer --help shows no ability to manage policies

Expected results:
Additional access to the resources, similar to say hostgroups:

    "hostgroups": {
      "List all host groups": "/api/hostgroups",
      "Show a host group": "/api/hostgroups/:id",
      "Create a host group": "/api/hostgroups",
      "Update a host group": "/api/hostgroups/:id",
      "Delete a host group": "/api/hostgroups/:id",
      "Clone a host group": "/api/hostgroups/:id/clone"
    },


Additional info:

Comment 1 Bryan Kearney 2016-07-26 18:56:51 UTC

Moving 6.2 bugs out to sat-backlog.

Comment 8 Sebastian Gräßl 2017-09-06 10:21:58 UTC

Verified on Satellite 6.3 snap 14.

Hammer commands are available and API has more endpoints to manage scap_content:
...
"scap_contents": {
  "List SCAP contents": "/api/compliance/scap_contents",
  "Show an SCAP content as XML": "/api/compliance/scap_contents/:id/xml",
  "Show an SCAP content": "/api/compliance/scap_contents/:id",
  "Create SCAP content": "/api/compliance/scap_contents",
  "Update an SCAP content": "/api/compliance/scap_contents/:id",
  "Deletes an SCAP content": "/api/compliance/scap_contents/:id"
},
...

Comment 11 errata-xmlrpc 2018-02-21 12:35:17 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336

Note You need to log in before you can comment on or make changes to this bug.