Class: InspecPlugins::Compliance::Fetcher
- Inherits:
-
Inspec::Fetcher::Url
- Object
- Inspec::Fetcher::Url
- InspecPlugins::Compliance::Fetcher
- Includes:
- Inspec::Dist
- Defined in:
- lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb
Constant Summary
Constants included from Inspec::Dist
Inspec::Dist::AUTOMATE_PRODUCT_NAME, Inspec::Dist::COMPLIANCE_PRODUCT_NAME, Inspec::Dist::EXEC_NAME, Inspec::Dist::PRODUCT_NAME, Inspec::Dist::SERVER_PRODUCT_NAME
Constants inherited from Inspec::Fetcher::Url
Inspec::Fetcher::Url::BITBUCKET_URL_BRANCH_REGEX, Inspec::Fetcher::Url::BITBUCKET_URL_COMMIT_REGEX, Inspec::Fetcher::Url::BITBUCKET_URL_REGEX, Inspec::Fetcher::Url::GITHUB_URL_REGEX, Inspec::Fetcher::Url::GITHUB_URL_WITH_TREE_REGEX, Inspec::Fetcher::Url::MIME_TYPES
Instance Attribute Summary collapse
-
#upstream_sha256 ⇒ Object
readonly
Returns the value of attribute upstream_sha256.
Attributes inherited from Inspec::Fetcher::Url
Class Method Summary collapse
- .check_compliance_token(uri, config) ⇒ Object
- .get_target_uri(target) ⇒ Object
- .resolve(target) ⇒ Object
Instance Method Summary collapse
-
#initialize(target, opts) ⇒ Fetcher
constructor
A new instance of Fetcher.
-
#resolved_source ⇒ Object
We want to save compliance: in the lockfile rather than url: to make sure we go back through the Compliance API handling.
- #sha256 ⇒ Object
- #to_s ⇒ Object
Methods inherited from Inspec::Fetcher::Url
#cache_key, #fetch, resolve_from_string, transform
Constructor Details
#initialize(target, opts) ⇒ Fetcher
Returns a new instance of Fetcher.
18 19 20 21 22 23 24 25 26 27 |
# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 18 def initialize(target, opts) super(target, opts) @upstream_sha256 = "" if target.is_a?(Hash) && target.key?(:url) @target = target[:url] @upstream_sha256 = target[:sha256] elsif target.is_a?(String) @target = target end end |
Instance Attribute Details
#upstream_sha256 ⇒ Object (readonly)
Returns the value of attribute upstream_sha256.
16 17 18 |
# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 16 def upstream_sha256 @upstream_sha256 end |
Class Method Details
.check_compliance_token(uri, config) ⇒ Object
33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 33 def self.check_compliance_token(uri, config) if config["token"].nil? && config["refresh_token"].nil? if config["server_type"] == "automate" server = "automate" msg = "#{EXEC_NAME} compliance login https://your_automate_server --user USER --ent ENT --dctoken DCTOKEN or --token USERTOKEN" elsif config["server_type"] == "automate2" server = "automate2" msg = "#{EXEC_NAME} compliance login https://your_automate2_server --user USER --token APITOKEN" else server = "compliance" msg = "#{EXEC_NAME} compliance login https://your_compliance_server --user admin --insecure --token 'PASTE TOKEN HERE' " end raise Inspec::FetcherFailure, <<~EOF Cannot fetch #{uri} because your #{server} token has not been configured. Please login using #{msg} EOF end end |
.get_target_uri(target) ⇒ Object
57 58 59 60 61 62 63 |
# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 57 def self.get_target_uri(target) if target.is_a?(String) && URI(target).scheme == "compliance" URI(target) elsif target.respond_to?(:key?) && target.key?(:compliance) URI("compliance://#{target[:compliance]}") end end |
.resolve(target) ⇒ Object
65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 |
# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 65 def self.resolve(target) uri = get_target_uri(target) return nil if uri.nil? config = InspecPlugins::Compliance::Configuration.new profile = InspecPlugins::Compliance::API.sanitize_profile_name(uri) profile_fetch_url = InspecPlugins::Compliance::API.target_url(config, profile) # we have detailed information available in our lockfile, no need to ask the server if target.respond_to?(:key?) && target.key?(:sha256) profile_checksum = target[:sha256] else check_compliance_token(uri, config) # verifies that the target e.g base/ssh exists # Call profiles directly instead of exist? to capture the results # so we can access the upstream sha256 from the results. _msg, profile_result = InspecPlugins::Compliance::API.profiles(config, profile) if profile_result.empty? raise Inspec::FetcherFailure, "The compliance profile #{profile} was not found on the configured compliance server" else # Guarantee sorting by verison and grab the latest. # If version was specified, it will be the first and only result. # Note we are calling the sha256 as a string, not a symbol since # it was returned as json from the Compliance API. profile_info = profile_result.sort_by { |x| Gem::Version.new(x["version"]) }[0] profile_checksum = profile_info.key?("sha256") ? profile_info["sha256"] : "" end end # We need to pass the token to the fetcher config["token"] = InspecPlugins::Compliance::API.get_token(config) # Needed for automate2 post request profile_stub = profile || target[:compliance] config["profile"] = InspecPlugins::Compliance::API.profile_split(profile_stub) new({ url: profile_fetch_url, sha256: profile_checksum }, config) rescue URI::Error => _e nil end |
Instance Method Details
#resolved_source ⇒ Object
We want to save compliance: in the lockfile rather than url: to make sure we go back through the Compliance API handling.
106 107 108 109 110 111 112 |
# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 106 def resolved_source @resolved_source ||= { compliance: compliance_profile_name, url: @target, sha256: sha256, } end |
#sha256 ⇒ Object
29 30 31 |
# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 29 def sha256 upstream_sha256.empty? ? super : upstream_sha256 end |
#to_s ⇒ Object
114 115 116 |
# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 114 def to_s "#{COMPLIANCE_PRODUCT_NAME} Profile Loader" end |