Class: Compliance::ComplianceCLI
- Inherits:
-
Inspec::BaseCLI
- Object
- Thor
- Inspec::BaseCLI
- Compliance::ComplianceCLI
- Defined in:
- lib/bundles/inspec-compliance/cli.rb
Overview
rubocop:disable Metrics/ClassLength
Class Method Summary collapse
-
.banner(command, _namespace = nil, _subcommand = false) ⇒ Object
TODO: find another solution, once github.com/erikhuda/thor/issues/261 is fixed.
- .subcommand_prefix ⇒ Object
Instance Method Summary collapse
- #download(profile_name) ⇒ Object
- #exec(*tests) ⇒ Object
-
#login(server) ⇒ Object
rubocop:disable Metrics/AbcSize.
-
#login_automate(server) ⇒ Object
rubocop:disable Metrics/AbcSize.
- #logout ⇒ Object
- #profiles ⇒ Object
-
#upload(path) ⇒ Object
rubocop:disable Metrics/MethodLength, Metrics/AbcSize, PerceivedComplexity, Metrics/CyclomaticComplexity.
- #version ⇒ Object
Methods inherited from Inspec::BaseCLI
exec_options, profile_options, target_options
Class Method Details
.banner(command, _namespace = nil, _subcommand = false) ⇒ Object
TODO: find another solution, once github.com/erikhuda/thor/issues/261 is fixed
13 14 15 |
# File 'lib/bundles/inspec-compliance/cli.rb', line 13 def self.(command, _namespace = nil, _subcommand = false) "#{basename} #{subcommand_prefix} #{command.usage}" end |
.subcommand_prefix ⇒ Object
17 18 19 |
# File 'lib/bundles/inspec-compliance/cli.rb', line 17 def self.subcommand_prefix namespace end |
Instance Method Details
#download(profile_name) ⇒ Object
130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 |
# File 'lib/bundles/inspec-compliance/cli.rb', line 130 def download(profile_name) o = .dup configure_logger(o) config = Compliance::Configuration.new return if !loggedin(config) profile_name = sanitize_profile_name(profile_name) if Compliance::API.exist?(config, profile_name) puts "Downloading `#{profile_name}`" fetcher = Compliance::Fetcher.resolve( { compliance: profile_name, }, ) # we provide a name, the fetcher adds the extension _owner, id = profile_name.split('/') file_name = fetcher.fetch(o.name || id) puts "Profile stored to #{file_name}" else puts "Profile #{profile_name} is not available in Chef Compliance." exit 1 end end |
#exec(*tests) ⇒ Object
117 118 119 120 121 122 123 124 125 |
# File 'lib/bundles/inspec-compliance/cli.rb', line 117 def exec(*tests) config = Compliance::Configuration.new return if !loggedin(config) # iterate over tests and add compliance scheme tests = tests.map { |t| 'compliance://' + sanitize_profile_name(t) } # execute profile from inspec exec implementation diagnose run_tests(tests, opts) end |
#login(server) ⇒ Object
rubocop:disable Metrics/AbcSize
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
# File 'lib/bundles/inspec-compliance/cli.rb', line 34 def login(server) # rubocop:disable Metrics/AbcSize # show warning if the Compliance Server does not support ['server'] = server url = ['server'] + ['apipath'] if !['user'].nil? && !['password'].nil? # username / password _success, msg = login_username_password(url, ['user'], ['password'], ['insecure']) elsif !['user'].nil? && !['token'].nil? # access token _success, msg = store_access_token(url, ['user'], ['token'], ['insecure']) elsif !['refresh_token'].nil? && !['user'].nil? # refresh token _success, msg = store_refresh_token(url, ['refresh_token'], true, ['user'], ['insecure']) # TODO: we should login with the refreshtoken here elsif !['refresh_token'].nil? _success, msg = login_refreshtoken(url, ) else puts 'Please run `inspec compliance login SERVER` with options --token or --refresh_token, --user, and --insecure or --not-insecure' exit 1 end puts '', msg end |
#login_automate(server) ⇒ Object
rubocop:disable Metrics/AbcSize
78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 |
# File 'lib/bundles/inspec-compliance/cli.rb', line 78 def login_automate(server) # rubocop:disable Metrics/AbcSize ['server'] = server url = ['server'] + '/compliance/profiles' if url && !['user'].nil? && !['ent'].nil? && (!['dctoken'].nil? || !['usertoken'].nil?) msg = login_automate_config(url, ['user'], ['dctoken'], ['usertoken'], ['ent'], ['insecure']) puts '', msg exit 0 end # parameters are missing if we reach here puts 'Please specify an user using `--user \'USER\'`' if ['user'].nil? puts 'Please specify an enterprise using `--ent \'cd\'`' if ['ent'].nil? puts 'Please specify a token using `--usertoken=\'AUTOMATE_TOKEN\'`' if ['usertoken'].nil? && ['dctoken'].nil? exit 1 end |
#logout ⇒ Object
254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 |
# File 'lib/bundles/inspec-compliance/cli.rb', line 254 def logout config = Compliance::Configuration.new unless config.supported?(:oidc) || config['token'].nil? || config['server_type'] == 'automate' config = Compliance::Configuration.new url = "#{config['server']}/logout" Compliance::API.post(url, config['token'], config['insecure'], !config.supported?(:oidc)) end success = config.destroy if success puts 'Successfully logged out' else puts 'Could not log out' end end |
#profiles ⇒ Object
97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 |
# File 'lib/bundles/inspec-compliance/cli.rb', line 97 def profiles config = Compliance::Configuration.new return if !loggedin(config) msg, profiles = Compliance::API.profiles(config) profiles.sort_by! { |hsh| hsh['title'] } if !profiles.empty? # iterate over profiles headline('Available profiles:') profiles.each { |profile| li("#{profile['title']} #{mark_text(profile['owner_id'] + '/' + profile['name'])}") } else puts msg, 'Could not find any profiles' exit 1 end end |
#upload(path) ⇒ Object
rubocop:disable Metrics/MethodLength, Metrics/AbcSize, PerceivedComplexity, Metrics/CyclomaticComplexity
160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 |
# File 'lib/bundles/inspec-compliance/cli.rb', line 160 def upload(path) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, PerceivedComplexity, Metrics/CyclomaticComplexity config = Compliance::Configuration.new return if !loggedin(config) unless File.exist?(path) puts "Directory #{path} does not exist." exit 1 end vendor_deps(path, ) if File.directory?(path) o = .dup configure_logger(o) # check the profile, we only allow to upload valid profiles profile = Inspec::Profile.for_target(path, o) # start verification process error_count = 0 error = lambda { |msg| error_count += 1 puts msg } result = profile.check unless result[:summary][:valid] error.call('Profile check failed. Please fix the profile before upload.') else puts('Profile is valid') end # determine user information if (config['token'].nil? && config['refresh_token'].nil?) || config['user'].nil? error.call('Please login via `inspec compliance login`') end # owner owner = config['user'] # read profile name from inspec.yml profile_name = profile.params[:name] # check that the profile is not uploaded already, # confirm upload to the user (overwrite with --force) if Compliance::API.exist?(config, "#{owner}/#{profile_name}") && !['overwrite'] error.call('Profile exists on the server, use --overwrite') end # abort if we found an error if error_count > 0 puts "Found #{error_count} error(s)" exit 1 end # if it is a directory, tar it to tmp directory if File.directory?(path) archive_path = Dir::Tmpname.create([profile_name, '.tar.gz']) {} puts "Generate temporary profile archive at #{archive_path}" profile.archive({ output: archive_path, ignore_errors: false, overwrite: true }) else archive_path = path end puts "Start upload to #{owner}/#{profile_name}" pname = ERB::Util.url_encode(profile_name) config['server_type'] == 'automate' ? upload_msg = 'Uploading to Chef Automate' : upload_msg = 'Uploading to Chef Compliance' puts upload_msg success, msg = Compliance::API.upload(config, owner, pname, archive_path) if success puts 'Successfully uploaded profile' else puts 'Error during profile upload:' puts msg exit 1 end end |
#version ⇒ Object
238 239 240 241 242 243 244 245 246 247 248 249 250 251 |
# File 'lib/bundles/inspec-compliance/cli.rb', line 238 def version config = Compliance::Configuration.new if config['server_type'] == 'automate' puts 'Version not available when logged in with Automate.' else info = Compliance::API.version(config['server'], config['insecure']) if !info.nil? && info['version'] puts "Chef Compliance version: #{info['version']}" else puts 'Could not determine server version.' exit 1 end end end |