Fixes #36738 - Add remediation wizard #546
Conversation
ofedoren
force-pushed
the
feat-36738-remediate-from-ui
branch
2 times, most recently
from
9b32381
to
1022bf3
Compare
ofedoren
force-pushed
the
feat-36738-remediate-from-ui
branch
2 times, most recently
from
14bc8a1
to
067f71c
Compare
There was a problem hiding this comment.
What permissions should be checked and where?
I'll have to do a bit more reading to be able to answer that
What should we do with the new feature templates? ... I'd vote to keep them here, maybe with mentioning in the description to not use it directly
Agreed
app/views/job_templates/run_openscap_remediation_-_script_default.erb
Outdated
Show resolved
Hide resolved
ofedoren
force-pushed
the
feat-36738-remediate-from-ui
branch
from
067f71c
to
44de057
Compare
ofedoren
force-pushed
the
feat-36738-remediate-from-ui
branch
from
44de057
to
78bf926
Compare
ofedoren
force-pushed
the
feat-36738-remediate-from-ui
branch
from
5199df6
to
a1b58a2
Compare
webpack/components/OpenscapRemediationWizard/steps/ReviewRemediation.js
Outdated
Show resolved
Hide resolved
webpack/components/OpenscapRemediationWizard/steps/ReviewHosts.js
Outdated
Show resolved
Hide resolved
ofedoren
force-pushed
the
feat-36738-remediate-from-ui
branch
from
a1b58a2
to
0e36e5e
Compare
|
Thanks a lot, @MariaAga, should be fixed now. |
ofedoren
force-pushed
the
feat-36738-remediate-from-ui
branch
2 times, most recently
from
164c2e3
to
6299ea1
Compare
webpack/components/OpenscapRemediationWizard/OpenscapRemediationSelectors.js
Outdated
Show resolved
Hide resolved
webpack/components/OpenscapRemediationWizard/OpenscapRemediationSelectors.js
Outdated
Show resolved
Hide resolved
webpack/components/OpenscapRemediationWizard/steps/ReviewHosts.js
Outdated
Show resolved
Hide resolved
webpack/components/OpenscapRemediationWizard/steps/ReviewHosts.js
Outdated
Show resolved
Hide resolved
webpack/components/OpenscapRemediationWizard/steps/ReviewHosts.js
Outdated
Show resolved
Hide resolved
ofedoren
force-pushed
the
feat-36738-remediate-from-ui
branch
from
6299ea1
to
502a375
Compare
ofedoren
force-pushed
the
feat-36738-remediate-from-ui
branch
from
aeec4c6
to
197a874
Compare
|
@MariaAga, I've returned |
|
@lhellebr, I think you might want to check the current state, rpm build for rhel8 is ready: https://dashboard.packit.dev/results/copr-builds/1425886 |
|
Thanks! |
ofedoren
force-pushed
the
feat-36738-remediate-from-ui
branch
from
d8ecf7a
to
bc6c57e
Compare
|
Depends on theforeman/foreman#10113. |
|
/packit build |
|
I have tested this PR together with theforeman/foreman#10113 and without any deeper testing, I can confirm the workflow works. |
|
All the prerequisite PRs seem to be merged, kicked off the tests again |
ofedoren
force-pushed
the
feat-36738-remediate-from-ui
branch
from
bc6c57e
to
d8df9c3
Compare
There was a problem hiding this comment.
I found a couple of places where it would be nice to adjust the wording so that we don't have to explain in more detail in documentation. And I'm adding a few other very minor suggestions as well.
Feel free to reject any or all of my suggestions (but if possible, please explain why you're rejecting them so that I can learn :))
Overall, I like how you're doing this because in the docs, I really will be able to just explain where to find the wizard and the web UI will guide users through the whole process without requiring additional documentation. Great!
| <WizardHeader | ||
| title={__('Review hosts')} | ||
| description={__( | ||
| 'The remediation will be applied to the current host by default. Here you can select additional hosts which fail the same rule.' |
There was a problem hiding this comment.
| 'The remediation will be applied to the current host by default. Here you can select additional hosts which fail the same rule.' | |
| 'By default, remediation is applied to the current host. Optionally, remediate any additional hosts that fail the rule.' |
There was a problem hiding this comment.
- Starting the sentences with "By default" and "Optionally" immediately sets the context for the user.
- s/will be applied/is applied/ -- for simplification (easier to read)
- s/Here// -- redundant
- s/select hosts/remediate hosts/ -- for clarity (users can see that they are expected to select something; explaining what they achieve by selecting is more helpful)
| <WizardHeader | ||
| title={__('Select remediation method')} | ||
| description={__( | ||
| 'Choose whether to run a remote job or show the snippet for manual remediation.' |
There was a problem hiding this comment.
| 'Choose whether to run a remote job or show the snippet for manual remediation.' | |
| 'You can remediate by running a remote job or you can display a snippet for manual remediation.' |
- s/Choose whether/You can/ -- users can see that they are choosing from options so I believe this is an opportunity to simplify the wording.
| const description = | ||
| method === 'manual' | ||
| ? __( | ||
| 'Please review the remediation snippet and apply to the host manually.' |
There was a problem hiding this comment.
| 'Please review the remediation snippet and apply to the host manually.' | |
| 'Review the remediation snippet and apply it to the host manually.' |
| 'Please review the remediation snippet and apply to the host manually.' | ||
| ) | ||
| : __( | ||
| 'Please review the remediation snippet that will be applied to selected host(s).' |
There was a problem hiding this comment.
| 'Please review the remediation snippet that will be applied to selected host(s).' | |
| 'Review the remediation snippet that will be applied to selected host(s).' |
| {method === 'manual' ? null : ( | ||
| <p> | ||
| {__( | ||
| 'You can tick the checkbox below to reboot the system(s) automatically after the remediation is applied.' |
There was a problem hiding this comment.
You probably don't need this. The checkbox that says "Reboot the system(s)" is self-explanatory.
Removing this line from the info box might actually help because this part of the wizard is a bit too complex already; simplifying it by dropping the line would help.
| ); | ||
|
|
||
| const rebootAlertTitle = isRebootRequired() | ||
| ? __('A reboot is required.') |
There was a problem hiding this comment.
| ? __('A reboot is required.') | |
| ? __('A reboot is required after applying remediation .') |
|
|
||
| const rebootAlertTitle = isRebootRequired() | ||
| ? __('A reboot is required.') | ||
| : __('A reboot might be needed.'); |
There was a problem hiding this comment.
| : __('A reboot might be needed.'); | |
| : __('A reboot might be required after applying remediation.'); |
|
Thanks, @asteflova, all the suggested changes makes the whole wizard more mature :) Applied all the suggestions. |
|
Thank you @ofedoren , @MariaAga, @lhellebr & @asteflova ! |
Requires:
There are still some TODOs (marked in the code):
view_arf_reports,create_job_invocations.Log/Messagemodel directly to load data faster instead of loading whole report.Fix OVAL tests (even though they should be removed along with all mentions of OVAL)Remediation via Script and reboot will mark the job as failed, even if it's actually OK. I guess, we're not so sophisticated as Ansible :/ @adamruzicka, WDYT? Is this something we could easily support via REX, or should we simply disallow users to use auto reboot unless they use Ansible here?To test this, you should have a host with policy associated and an arf report for that host, navigate to the
/compliance/arf_reports/<id>, there is a newRemediateentry in action buttons for every rule.Here is some recording of remediation via Shell script:
Peek.2023-09-27.16-18.webm