Class: InspecPlugins::Compliance::Fetcher

Inherits:

Fetchers::Url

• Object
• Fetchers::Url
• InspecPlugins::Compliance::Fetcher

Defined in:

lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb

Constant Summary

Constants inherited from Fetchers::Url

Fetchers::Url::BITBUCKET_URL_BRANCH_REGEX, Fetchers::Url::BITBUCKET_URL_COMMIT_REGEX, Fetchers::Url::BITBUCKET_URL_REGEX, Fetchers::Url::GITHUB_URL_REGEX, Fetchers::Url::GITHUB_URL_WITH_TREE_REGEX, Fetchers::Url::MIME_TYPES

Instance Attribute Summary

• #upstream_sha256 ⇒ Object readonly

  Returns the value of attribute upstream_sha256.

Attributes inherited from Fetchers::Url

#archive_path, #files

Class Method Summary

• .check_compliance_token(uri, config) ⇒ Object
• .get_target_uri(target) ⇒ Object
• .resolve(target) ⇒ Object

Instance Method Summary

• #initialize(target, opts) ⇒ Fetcher constructor

  A new instance of Fetcher.

• #resolved_source ⇒ Object

  We want to save compliance: in the lockfile rather than url: to make sure we go back through the Compliance API handling.

• #sha256 ⇒ Object
• #to_s ⇒ Object

Methods inherited from Fetchers::Url

#cache_key, #fetch, resolve_from_string, transform

Constructor Details

#initialize(target, opts) ⇒ Fetcher

Returns a new instance of Fetcher.

# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 17

def initialize(target, opts)
  super(target, opts)
  @upstream_sha256 = ''
  if target.is_a?(Hash) && target.key?(:url)
    @target = target[:url]
    @upstream_sha256 = target[:sha256]
  elsif target.is_a?(String)
    @target = target
  end
end

Instance Attribute Details

#upstream_sha256 ⇒ Object (readonly)

Returns the value of attribute upstream_sha256.

# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 15

def upstream_sha256
  @upstream_sha256
end

Class Method Details

.check_compliance_token(uri, config) ⇒ Object

# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 32

def self.check_compliance_token(uri, config)
  if config['token'].nil? && config['refresh_token'].nil?
    if config['server_type'] == 'automate'
      server = 'automate'
      msg = 'inspec compliance login https://your_automate_server --user USER --ent ENT --dctoken DCTOKEN or --token USERTOKEN'
    elsif config['server_type'] == 'automate2'
      server = 'automate2'
      msg = 'inspec compliance login https://your_automate2_server --user USER --token APITOKEN'
    else
      server = 'compliance'
      msg = "inspec compliance login https://your_compliance_server --user admin --insecure --token 'PASTE TOKEN HERE' "
    end
    raise Inspec::FetcherFailure, <<~EOF

      Cannot fetch #{uri} because your #{server} token has not been
      configured.

      Please login using

          #{msg}
    EOF
  end
end

.get_target_uri(target) ⇒ Object

# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 56

def self.get_target_uri(target)
  if target.is_a?(String) && URI(target).scheme == 'compliance'
    URI(target)
  elsif target.respond_to?(:key?) && target.key?(:compliance)
    URI("compliance://#{target[:compliance]}")
  end
end

.resolve(target) ⇒ Object

# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 64

def self.resolve(target)
  uri = get_target_uri(target)
  return nil if uri.nil?

  config = InspecPlugins::Compliance::Configuration.new
  profile = InspecPlugins::Compliance::API.sanitize_profile_name(uri)
  profile_fetch_url = InspecPlugins::Compliance::API.target_url(config, profile)
  # we have detailed information available in our lockfile, no need to ask the server
  if target.respond_to?(:key?) && target.key?(:sha256)
    profile_checksum = target[:sha256]
  else
    check_compliance_token(uri, config)
    # verifies that the target e.g base/ssh exists
    # Call profiles directly instead of exist? to capture the results
    # so we can access the upstream sha256 from the results.
    _msg, profile_result = InspecPlugins::Compliance::API.profiles(config, profile)
    if profile_result.empty?
      raise Inspec::FetcherFailure, "The compliance profile #{profile} was not found on the configured compliance server"
    else
      # Guarantee sorting by verison and grab the latest.
      # If version was specified, it will be the first and only result.
      # Note we are calling the sha256 as a string, not a symbol since
      # it was returned as json from the Compliance API.
      profile_info = profile_result.sort_by { |x| Gem::Version.new(x['version']) }[0]
      profile_checksum = profile_info.key?('sha256') ? profile_info['sha256'] : ''
    end
  end
  # We need to pass the token to the fetcher
  config['token'] = InspecPlugins::Compliance::API.get_token(config)

  # Needed for automate2 post request
  profile_stub = profile || target[:compliance]
  config['profile'] = InspecPlugins::Compliance::API.profile_split(profile_stub)

  new({ url: profile_fetch_url, sha256: profile_checksum }, config)
rescue URI::Error => _e
  nil
end

Instance Method Details

#resolved_source ⇒ Object

We want to save compliance: in the lockfile rather than url: to make sure we go back through the Compliance API handling.

# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 105

def resolved_source
  @resolved_source ||= {
    compliance: compliance_profile_name,
    url: @target,
    sha256: sha256,
  }
end

#sha256 ⇒ Object

# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 28

def sha256
  upstream_sha256.empty? ? super : upstream_sha256
end

#to_s ⇒ Object

# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 113

def to_s
  'Chef Compliance Profile Loader'
end