Class: InspecPlugins::Compliance::CLI

Inherits:

Object

• Object
• InspecPlugins::Compliance::CLI

Includes:

Inspec::Dist

Defined in:

lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb

Constant Summary

Constants included from Inspec::Dist

Inspec::Dist::AUTOMATE_PRODUCT_NAME, Inspec::Dist::COMPLIANCE_PRODUCT_NAME, Inspec::Dist::EXEC_NAME, Inspec::Dist::PRODUCT_NAME, Inspec::Dist::SERVER_PRODUCT_NAME

Instance Method Summary

• #download(profile_name) ⇒ Object
• #exec(*tests) ⇒ Object
• #login(server) ⇒ Object
• #logout ⇒ Object
• #profiles ⇒ Object
• #upload(path) ⇒ Object

  rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity.

• #version ⇒ Object

Instance Method Details

#download(profile_name) ⇒ Object

# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb', line 97

def download(profile_name)
  o = options.dup
  configure_logger(o)

  config = InspecPlugins::Compliance::Configuration.new
  return unless loggedin(config)

  profile_name = InspecPlugins::Compliance::API.sanitize_profile_name(profile_name)
  if InspecPlugins::Compliance::API.exist?(config, profile_name)
    puts "Downloading `#{profile_name}`"

    fetcher = InspecPlugins::Compliance::Fetcher.resolve(
      {
        compliance: profile_name,
      }
    )

    # we provide a name, the fetcher adds the extension
    _owner, id = profile_name.split("/")
    file_name = fetcher.fetch(o.name || id)
    puts "Profile stored to #{file_name}"
  else
    puts "Profile #{profile_name} is not available in #{COMPLIANCE_PRODUCT_NAME}."
    exit 1
  end
end

#exec(*tests) ⇒ Object

# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb', line 74

def exec(*tests)
  compliance_config = InspecPlugins::Compliance::Configuration.new
  return unless loggedin(compliance_config)

  o = config # o is an Inspec::Config object, provided by a helper method from Inspec::BaseCLI
  diagnose(o)
  configure_logger(o)

  # iterate over tests and add compliance scheme
  tests = tests.map { |t| "compliance://" + InspecPlugins::Compliance::API.sanitize_profile_name(t) }

  runner = Inspec::Runner.new(o)
  tests.each { |target| runner.add_target(target) }

  exit runner.run
rescue ArgumentError, RuntimeError, Train::UserError => e
  $stderr.puts e.message
  exit 1
end

#login(server) ⇒ Object

# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb', line 36

def login(server)
  options["server"] = server
  InspecPlugins::Compliance::API.login(options)
  config = InspecPlugins::Compliance::Configuration.new
  puts "Stored configuration for Chef #{config["server_type"].capitalize}: #{config["server"]}' with user: '#{config["user"]}'"
end

#logout ⇒ Object

# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb', line 241

def logout
  config = InspecPlugins::Compliance::Configuration.new
  unless config.supported?(:oidc) || config["token"].nil? || config["server_type"] == "automate"
    config = InspecPlugins::Compliance::Configuration.new
    url = "#{config["server"]}/logout"
    InspecPlugins::Compliance::HTTP.post(url, config["token"], config["insecure"], !config.supported?(:oidc))
  end
  success = config.destroy

  if success
    puts "Successfully logged out"
  else
    puts "Could not log out"
  end
end

#profiles ⇒ Object

# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb', line 46

def profiles
  config = InspecPlugins::Compliance::Configuration.new
  return unless loggedin(config)

  # set owner to config
  config["owner"] = options["owner"] || config["user"]

  msg, profiles = InspecPlugins::Compliance::API.profiles(config)
  profiles.sort_by! { |hsh| hsh["title"] }
  if !profiles.empty?
    # iterate over profiles
    headline("Available profiles:")
    profiles.each do |profile|
      owner = profile["owner_id"] || profile["owner"]
      li("#{profile["title"]} v#{profile["version"]} (#{mark_text(owner + "/" + profile["name"])})")
    end
  else
    puts msg if msg != "success"
    puts "Could not find any profiles"
    exit 1
  end
rescue InspecPlugins::Compliance::ServerConfigurationMissing
  $stderr.puts "\nServer configuration information is missing. Please login using `#{EXEC_NAME} compliance login`"
  exit 1
end

#upload(path) ⇒ Object

rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity

# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb', line 129

def upload(path) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity
  config = InspecPlugins::Compliance::Configuration.new
  return unless loggedin(config)

  # set owner to config
  config["owner"] = options["owner"] || config["user"]

  unless File.exist?(path)
    puts "Directory #{path} does not exist."
    exit 1
  end

  vendor_deps(path, options) if File.directory?(path)

  o = options.dup
  configure_logger(o)

  # only run against the mock backend, otherwise we run against the local system
  o[:backend] = Inspec::Backend.create(Inspec::Config.mock)
  o[:check_mode] = true
  o[:vendor_cache] = Inspec::Cache.new(o[:vendor_cache])

  # check the profile, we only allow to upload valid profiles
  profile = Inspec::Profile.for_target(path, o)

  # start verification process
  error_count = 0
  error = lambda { |msg|
    error_count += 1
    puts msg
  }

  result = profile.check
  unless result[:summary][:valid]
    error.call("Profile check failed. Please fix the profile before upload.")
  else
    puts("Profile is valid")
  end

  # determine user information
  if (config["token"].nil? && config["refresh_token"].nil?) || config["user"].nil?
    error.call("Please login via `#{EXEC_NAME} compliance login`")
  end

  # read profile name from inspec.yml
  profile_name = profile.params[:name]

  # read profile version from inspec.yml
  profile_version = profile.params[:version]

  # check that the profile is not uploaded already,
  # confirm upload to the user (overwrite with --force)
  if InspecPlugins::Compliance::API.exist?(config, "#{config["owner"]}/#{profile_name}##{profile_version}") && !options["overwrite"]
    error.call("Profile exists on the server, use --overwrite")
  end

  # abort if we found an error
  if error_count > 0
    puts "Found #{error_count} error(s)"
    exit 1
  end

  # if it is a directory, tar it to tmp directory
  generated = false
  if File.directory?(path)
    generated = true
    archive_path = Dir::Tmpname.create([profile_name, ".tar.gz"]) {}
    puts "Generate temporary profile archive at #{archive_path}"
    profile.archive({ output: archive_path, ignore_errors: false, overwrite: true })
  else
    archive_path = path
  end

  puts "Start upload to #{config["owner"]}/#{profile_name}"
  pname = ERB::Util.url_encode(profile_name)

  if InspecPlugins::Compliance::API.is_automate_server?(config) || InspecPlugins::Compliance::API.is_automate2_server?(config)
    puts "Uploading to #{AUTOMATE_PRODUCT_NAME}"
  else
    puts "Uploading to #{COMPLIANCE_PRODUCT_NAME}"
  end
  success, msg = InspecPlugins::Compliance::API.upload(config, config["owner"], pname, archive_path)

  # delete temp file if it was temporary generated
  File.delete(archive_path) if generated && File.exist?(archive_path)

  if success
    puts "Successfully uploaded profile"
  else
    puts "Error during profile upload:"
    puts msg
    exit 1
  end
end

#version ⇒ Object

# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb', line 225

def version
  config = InspecPlugins::Compliance::Configuration.new
  info = InspecPlugins::Compliance::API.version(config)
  if !info.nil? && info["version"]
    puts "Name:    #{info["api"]}"
    puts "Version: #{info["version"]}"
  else
    puts "Could not determine server version."
    exit 1
  end
rescue InspecPlugins::Compliance::ServerConfigurationMissing
  puts "\nServer configuration information is missing. Please login using `#{EXEC_NAME} compliance login`"
  exit 1
end