Skip to content

Commit

Permalink
Add RBAC report
Browse files Browse the repository at this point in the history
  • Loading branch information
@ares
ares committed Jan 17, 2025
1 parent b9dc7be commit 68df50d
Showing 1 changed file with 55 additions and 0 deletions.
55 changes: 55 additions & 0 deletions definitions/reports/rbac.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
module Checks
module Report
class RBAC < ForemanMaintain::Report
metadata do
description 'Checks the RBAC use'
end

# How many users do you have in the system?
# How many non-admin users do you have?
# How many custom roles did you create and assigned to users?
def run

Check failure on line 11 in definitions/reports/rbac.rb

View workflow job for this annotation

GitHub Actions / rubocop / Rubocop 

Metrics/AbcSize: Assignment Branch Condition size for run is too high. [<19, 34, 3> 39.06/22]

Check failure on line 11 in definitions/reports/rbac.rb

View workflow job for this annotation

GitHub Actions / rubocop / Rubocop 

Metrics/MethodLength: Method has too many lines. [32/20]
result = {}

count = sql_count("users" +
" INNER JOIN auth_sources ON auth_sources.id = users.auth_source_id" +
" WHERE auth_sources.name != 'Hidden'")
result["users_count"] = count

count = sql_count("users" +
" LEFT OUTER JOIN cached_usergroup_members ON cached_usergroup_members.user_id = users.id" +

Check failure on line 20 in definitions/reports/rbac.rb

View workflow job for this annotation

GitHub Actions / rubocop / Rubocop 

Layout/LineLength: Line is too long. [102/100]
" LEFT OUTER JOIN usergroups ON usergroups.id = cached_usergroup_members.usergroup_id" +
" INNER JOIN auth_sources ON auth_sources.id = users.auth_source_id" +
" WHERE ((users.admin = FALSE OR users.admin IS NULL) AND (usergroups.admin = FALSE OR usergroups.admin IS NULL))" +

Check failure on line 23 in definitions/reports/rbac.rb

View workflow job for this annotation

GitHub Actions / rubocop / Rubocop 

Layout/LineLength: Line is too long. [126/100]
" AND auth_sources.name != 'Hidden'")
result["non_admin_users_count"] = count

role_ids = feature(:foreman_database).query("SELECT id FROM roles WHERE roles.builtin != 2 AND roles.origin IS NULL")

Check failure on line 27 in definitions/reports/rbac.rb

View workflow job for this annotation

GitHub Actions / rubocop / Rubocop 

Layout/LineLength: Line is too long. [125/100]
result["custom_roles_count"] = role_ids.size
role_ids = role_ids.flat_map(&:values)
count = sql_count("cached_user_roles WHERE cached_user_roles.role_id IN (#{role_ids.join(',')})")

Check failure on line 30 in definitions/reports/rbac.rb

View workflow job for this annotation

GitHub Actions / rubocop / Rubocop 

Layout/LineLength: Line is too long. [105/100]
result["assigned_custom_roles_count"] = count

count = sql_count("taxonomies" +
" WHERE taxonomies.type = 'Organization'")
result["organizations_count"] = count

count = sql_count("taxonomies" +
" WHERE taxonomies.type = 'Location'")
result["locations_count"] = count

count = sql_count("taxonomies" +
" WHERE taxonomies.type = 'Organization'" +
" AND taxonomies.ignore_types IS NOT NULL")
result["organization_ignore_types_used"] = count > 0

count = sql_count("taxonomies" +
" WHERE taxonomies.type = 'Location'" +
" AND taxonomies.ignore_types IS NOT NULL")
result["location_ignore_types_used"] = count > 0

self.data = result
end
end
end
end

0 comments on commit 68df50d

Please sign in to comment.