Class: Compliance::API
- Inherits:
-
Object
- Object
- Compliance::API
- Defined in:
- lib/bundles/inspec-compliance/api.rb
Overview
API Implementation does not hold any state by itself, everything will be stored in local Configuration store
Class Method Summary collapse
-
.exist?(config, profile) ⇒ Boolean
verifies that a profile.
- .get_headers(config) ⇒ Object
- .get_token(config) ⇒ Object
-
.get_token_via_password(url, username, password, insecure) ⇒ Object
Use username and password to get an API access token.
-
.get_token_via_refresh_token(url, refresh_token, insecure) ⇒ Object
Use username and refresh_token to get an API access token.
-
.profiles(config) ⇒ Object
return all compliance profiles available for the user.
- .target_url(config, profile) ⇒ Object
- .upload(config, owner, profile_name, archive_path) ⇒ Object
-
.version(url, insecure) ⇒ Object
return the server api version NB this method does not use Compliance::Configuration to allow for using it before we know the version (e.g. oidc or not).
Class Method Details
.exist?(config, profile) ⇒ Boolean
verifies that a profile
64 65 66 67 68 69 70 71 72 |
# File 'lib/bundles/inspec-compliance/api.rb', line 64 def self.exist?(config, profile) _msg, profiles = Compliance::API.profiles(config) if !profiles.empty? index = profiles.index { |p| "#{p['owner_id']}/#{p['name']}" == profile } !index.nil? && index >= 0 else false end end |
.get_headers(config) ⇒ Object
130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 |
# File 'lib/bundles/inspec-compliance/api.rb', line 130 def self.get_headers(config) token = get_token(config) if config['server_type'] == 'automate' headers = { 'chef-delivery-enterprise' => config['automate']['ent'] } if config['automate']['token_type'] == 'dctoken' headers['x-data-collector-token'] = token else headers['chef-delivery-user'] = config['user'] headers['chef-delivery-token'] = token end else headers = { 'Authorization' => "Bearer #{token}" } end headers end |
.get_token(config) ⇒ Object
146 147 148 149 150 |
# File 'lib/bundles/inspec-compliance/api.rb', line 146 def self.get_token(config) return config['token'] unless config['refresh_token'] _success, _msg, token = get_token_via_refresh_token(config['server'], config['refresh_token'], config['insecure']) token end |
.get_token_via_password(url, username, password, insecure) ⇒ Object
Use username and password to get an API access token
110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 |
# File 'lib/bundles/inspec-compliance/api.rb', line 110 def self.get_token_via_password(url, username, password, insecure) uri = URI.parse("#{url}/login") req = Net::HTTP::Post.new(uri.path) req.body = { userid: username, password: password }.to_json access_token = nil response = Compliance::HTTP.send_request(uri, req, insecure) data = response.body if response.code == '200' access_token = data msg = 'Successfully fetched an API access token valid for 12 hours' success = true else success = false msg = "Failed to authenticate to #{url} \n\ Response code: #{response.code}\n Body: #{response.body}" end [success, msg, access_token] end |
.get_token_via_refresh_token(url, refresh_token, insecure) ⇒ Object
Use username and refresh_token to get an API access token
83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 |
# File 'lib/bundles/inspec-compliance/api.rb', line 83 def self.get_token_via_refresh_token(url, refresh_token, insecure) uri = URI.parse("#{url}/login") req = Net::HTTP::Post.new(uri.path) req.body = { token: refresh_token }.to_json access_token = nil response = Compliance::HTTP.send_request(uri, req, insecure) data = response.body if response.code == '200' begin tokendata = JSON.parse(data) access_token = tokendata['access_token'] msg = 'Successfully fetched API access token' success = true rescue JSON::ParserError => e success = false msg = e. end else success = false msg = "Failed to authenticate to #{url} \n\ Response code: #{response.code}\n Body: #{response.body}" end [success, msg, access_token] end |
.profiles(config) ⇒ Object
return all compliance profiles available for the user
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
# File 'lib/bundles/inspec-compliance/api.rb', line 13 def self.profiles(config) config['server_type'] == 'automate' ? url = "#{config['server']}/#{config['user']}" : url = "#{config['server']}/user/compliance" headers = get_headers(config) response = Compliance::HTTP.get(url, headers, config['insecure']) data = response.body response_code = response.code case response_code when '200' msg = 'success' profiles = JSON.parse(data) # iterate over profiles if config['server_type'] == 'automate' mapped_profiles = profiles.values.to_a.flatten else mapped_profiles = [] profiles.values.each { |org| mapped_profiles += org.values } end return msg, mapped_profiles when '401' msg = '401 Unauthorized. Please check your token.' return msg, [] else msg = "An unexpected error occurred (HTTP #{response_code}): #{response.}" return msg, [] end end |
.target_url(config, profile) ⇒ Object
152 153 154 155 156 157 158 159 160 |
# File 'lib/bundles/inspec-compliance/api.rb', line 152 def self.target_url(config, profile) if config['server_type'] == 'automate' target = "#{config['server']}/#{profile}/tar" else owner, id = profile.split('/') target = "#{config['server']}/owners/#{owner}/compliance/#{id}/tar" end target end |
.upload(config, owner, profile_name, archive_path) ⇒ Object
74 75 76 77 78 79 80 |
# File 'lib/bundles/inspec-compliance/api.rb', line 74 def self.upload(config, owner, profile_name, archive_path) # upload the tar to Chef Compliance config['server_type'] == 'automate' ? url = "#{config['server']}/#{config['user']}" : url = "#{config['server']}/owners/#{owner}/compliance/#{profile_name}/tar" headers = get_headers(config) res = Compliance::HTTP.post_file(url, headers, archive_path, config['insecure']) [res.is_a?(Net::HTTPSuccess), res.body] end |
.version(url, insecure) ⇒ Object
return the server api version NB this method does not use Compliance::Configuration to allow for using it before we know the version (e.g. oidc or not)
46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
# File 'lib/bundles/inspec-compliance/api.rb', line 46 def self.version(url, insecure) if url.nil? puts " Server configuration information is missing. Please login using `inspec compliance login https://compliance.test --user admin --insecure --token 'PASTE TOKEN HERE' ` " else response = Compliance::HTTP.get(url+'/version', nil, insecure) data = response.body end if !data.nil? JSON.parse(data) else {} end end |