-
Notifications
You must be signed in to change notification settings - Fork 65
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #36738 - Add remediation wizard #546
Fixes #36738 - Add remediation wizard #546
Conversation
9b32381
to
1022bf3
Compare
14bc8a1
to
067f71c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What permissions should be checked and where?
I'll have to do a bit more reading to be able to answer that
What should we do with the new feature templates? ... I'd vote to keep them here, maybe with mentioning in the description to not use it directly
Agreed
app/views/job_templates/run_openscap_remediation_-_script_default.erb
Outdated
Show resolved
Hide resolved
067f71c
to
44de057
Compare
44de057
to
78bf926
Compare
5199df6
to
a1b58a2
Compare
webpack/components/OpenscapRemediationWizard/steps/ReviewRemediation.js
Outdated
Show resolved
Hide resolved
webpack/components/OpenscapRemediationWizard/steps/ReviewHosts.js
Outdated
Show resolved
Hide resolved
a1b58a2
to
0e36e5e
Compare
Thanks a lot, @MariaAga, should be fixed now. |
164c2e3
to
6299ea1
Compare
webpack/components/OpenscapRemediationWizard/OpenscapRemediationSelectors.js
Outdated
Show resolved
Hide resolved
webpack/components/OpenscapRemediationWizard/OpenscapRemediationSelectors.js
Outdated
Show resolved
Hide resolved
webpack/components/OpenscapRemediationWizard/steps/ReviewHosts.js
Outdated
Show resolved
Hide resolved
webpack/components/OpenscapRemediationWizard/steps/ReviewHosts.js
Outdated
Show resolved
Hide resolved
webpack/components/OpenscapRemediationWizard/steps/ReviewHosts.js
Outdated
Show resolved
Hide resolved
6299ea1
to
502a375
Compare
aeec4c6
to
197a874
Compare
@MariaAga, I've returned |
@lhellebr, I think you might want to check the current state, rpm build for rhel8 is ready: https://dashboard.packit.dev/results/copr-builds/1425886 |
Thanks! |
d8ecf7a
to
bc6c57e
Compare
Depends on theforeman/foreman#10113. |
/packit build |
I have tested this PR together with theforeman/foreman#10113 and without any deeper testing, I can confirm the workflow works. |
All the prerequisite PRs seem to be merged, kicked off the tests again |
bc6c57e
to
d8df9c3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The only test failures seem to be coming from oval, which is not a thing that should be solved here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I found a couple of places where it would be nice to adjust the wording so that we don't have to explain in more detail in documentation. And I'm adding a few other very minor suggestions as well.
Feel free to reject any or all of my suggestions (but if possible, please explain why you're rejecting them so that I can learn :))
Overall, I like how you're doing this because in the docs, I really will be able to just explain where to find the wizard and the web UI will guide users through the whole process without requiring additional documentation. Great!
<WizardHeader | ||
title={__('Review hosts')} | ||
description={__( | ||
'The remediation will be applied to the current host by default. Here you can select additional hosts which fail the same rule.' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
'The remediation will be applied to the current host by default. Here you can select additional hosts which fail the same rule.' | |
'By default, remediation is applied to the current host. Optionally, remediate any additional hosts that fail the rule.' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Starting the sentences with "By default" and "Optionally" immediately sets the context for the user.
- s/will be applied/is applied/ -- for simplification (easier to read)
- s/Here// -- redundant
- s/select hosts/remediate hosts/ -- for clarity (users can see that they are expected to select something; explaining what they achieve by selecting is more helpful)
<WizardHeader | ||
title={__('Select remediation method')} | ||
description={__( | ||
'Choose whether to run a remote job or show the snippet for manual remediation.' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
'Choose whether to run a remote job or show the snippet for manual remediation.' | |
'You can remediate by running a remote job or you can display a snippet for manual remediation.' |
- s/Choose whether/You can/ -- users can see that they are choosing from options so I believe this is an opportunity to simplify the wording.
const description = | ||
method === 'manual' | ||
? __( | ||
'Please review the remediation snippet and apply to the host manually.' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
'Please review the remediation snippet and apply to the host manually.' | |
'Review the remediation snippet and apply it to the host manually.' |
'Please review the remediation snippet and apply to the host manually.' | ||
) | ||
: __( | ||
'Please review the remediation snippet that will be applied to selected host(s).' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
'Please review the remediation snippet that will be applied to selected host(s).' | |
'Review the remediation snippet that will be applied to selected host(s).' |
{method === 'manual' ? null : ( | ||
<p> | ||
{__( | ||
'You can tick the checkbox below to reboot the system(s) automatically after the remediation is applied.' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You probably don't need this. The checkbox that says "Reboot the system(s)" is self-explanatory.
Removing this line from the info box might actually help because this part of the wizard is a bit too complex already; simplifying it by dropping the line would help.
); | ||
|
||
const rebootAlertTitle = isRebootRequired() | ||
? __('A reboot is required.') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
? __('A reboot is required.') | |
? __('A reboot is required after applying remediation .') |
|
||
const rebootAlertTitle = isRebootRequired() | ||
? __('A reboot is required.') | ||
: __('A reboot might be needed.'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
: __('A reboot might be needed.'); | |
: __('A reboot might be required after applying remediation.'); |
Thanks, @asteflova, all the suggested changes makes the whole wizard more mature :) Applied all the suggestions. |
Thank you @ofedoren , @MariaAga, @lhellebr & @asteflova ! |
Requires:
There are still some TODOs (marked in the code):
view_arf_reports
,create_job_invocations
.Log
/Message
model directly to load data faster instead of loading whole report.Fix OVAL tests (even though they should be removed along with all mentions of OVAL)Remediation via Script and reboot will mark the job as failed, even if it's actually OK. I guess, we're not so sophisticated as Ansible :/ @adamruzicka, WDYT? Is this something we could easily support via REX, or should we simply disallow users to use auto reboot unless they use Ansible here?To test this, you should have a host with policy associated and an arf report for that host, navigate to the
/compliance/arf_reports/<id>
, there is a newRemediate
entry in action buttons for every rule.Here is some recording of remediation via Shell script:
Peek.2023-09-27.16-18.webm