CreateImageWizard: warning for unavailable on-prem OpenSCAP

Add a warning if the required packages for the OpenSCAP step are not available.
2025-03-10 10:42:18 +00:00 · 2025-03-10 10:42:18 +00:00 · c38e821ae5
commit c38e821ae5
parent 9d883a8dfc
3 changed files with 93 additions and 1 deletions
--- a/src/Components/CreateImageWizard/CreateImageWizard.tsx
+++ b/src/Components/CreateImageWizard/CreateImageWizard.tsx
@ -22,6 +22,7 @@ import ImageOutputStep from './steps/ImageOutput';
 import KernelStep from './steps/Kernel';
 import LocaleStep from './steps/Locale';
 import OscapStep from './steps/Oscap';
+import OscapOnPremWarning from './steps/Oscap/OnPremWarning';
 import PackagesStep from './steps/Packages';
 import RegistrationStep from './steps/Registration';
 import RepositoriesStep from './steps/Repositories';
@ -81,6 +82,7 @@ import {
 import isRhel from '../../Utilities/isRhel';
 import { resolveRelPath } from '../../Utilities/path';
 import { useFlag } from '../../Utilities/useGetEnvironment';
+import { useOnPremOpenSCAPAvailable } from '../../Utilities/useOnPremOpenSCAP';
 import { ImageBuilderHeader } from '../sharedComponents/ImageBuilderHeader';

 type CustomWizardFooterPropType = {
@ -155,6 +157,8 @@ const CreateImageWizard = ({ isEdit }: CreateImageWizardProps) => {
  const isFirewallEnabled = useFlag('image-builder.firewall.enabled');
  const isServicesStepEnabled = useFlag('image-builder.services.enabled');

+  const onPremOpenSCAPAvailable = useOnPremOpenSCAPAvailable();
+
  // IMPORTANT: Ensure the wizard starts with a fresh initial state
  useEffect(() => {
    dispatch(initializeWizard());
@ -412,7 +416,11 @@ const CreateImageWizard = ({ isEdit }: CreateImageWizardProps) => {
                  <CustomWizardFooter disableNext={false} optional={true} />
                }
              >
-                <OscapStep />
+                {process.env.IS_ON_PREMISE && !onPremOpenSCAPAvailable ? (
+                  <OscapOnPremWarning />
+                ) : (
+                  <OscapStep />
+                )}
              </WizardStep>,
              <WizardStep
                name="File system configuration"
--- a/src/Components/CreateImageWizard/steps/Oscap/OnPremWarning.tsx
+++ b/src/Components/CreateImageWizard/steps/Oscap/OnPremWarning.tsx
@ -0,0 +1,48 @@
+import React from 'react';
+
+import {
+  Alert,
+  ClipboardCopy,
+  CodeBlock,
+  CodeBlockCode,
+  Form,
+  FormGroup,
+  Title,
+} from '@patternfly/react-core';
+
+const OscapOnPremWarning = () => {
+  return (
+    <Form>
+      <Title headingLevel="h1" size="xl">
+        OpenSCAP profile
+      </Title>
+      <FormGroup>
+        <Alert
+          style={{
+            margin:
+              '0 var(--pf-v5-c-toolbar__content--PaddingRight) 0 var(--pf-v5-c-toolbar__content--PaddingLeft)',
+          }}
+          isInline
+          variant="warning"
+          title="The packages required to apply security profiles by using OpenSCAP are missing on this host. Install them with the following command"
+          ouiaId="oscap-unavailable-alert"
+        />
+      </FormGroup>
+      <FormGroup>
+        <CodeBlock>
+          <CodeBlockCode>
+            <ClipboardCopy
+              hoverTip="Copy"
+              clickTip="Copied"
+              variant="inline-compact"
+            >
+              sudo dnf install openscap-scanner scap-security-guide
+            </ClipboardCopy>
+          </CodeBlockCode>
+        </CodeBlock>
+      </FormGroup>
+    </Form>
+  );
+};
+
+export default OscapOnPremWarning;
--- a/src/Utilities/useOnPremOpenSCAP.tsx
+++ b/src/Utilities/useOnPremOpenSCAP.tsx
@ -0,0 +1,36 @@
+import { useEffect, useState } from 'react';
+
+import cockpit from 'cockpit';
+
+export const useOnPremOpenSCAPAvailable = () => {
+  const [packagesAvailable, setPackagesAvailable] = useState(false);
+
+  useEffect(() => {
+    const checkPackages = async () => {
+      try {
+        const openSCAPAvailable = await cockpit.spawn(
+          ['rpm', '-qa', 'openscap-scanner'],
+          {}
+        );
+
+        const ssgAvailable = await cockpit.spawn(
+          ['rpm', '-qa', 'scap-security-guide'],
+          {}
+        );
+
+        setPackagesAvailable(openSCAPAvailable !== '' && ssgAvailable !== '');
+      } catch {
+        // this doesn't change the value,
+        // but we need to handle the error
+        // so just set the value to false
+        setPackagesAvailable(false);
+      }
+    };
+
+    if (process.env.IS_ON_PREMISE) {
+      checkPackages();
+    }
+  }, []);
+
+  return packagesAvailable;
+};