Class: InspecPlugins::Compliance::Fetcher

Inherits:
Inspec::Fetcher::Url show all
Includes:
Inspec::Dist
Defined in:
lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb

Constant Summary

Constants included from Inspec::Dist

Inspec::Dist::AUTOMATE_PRODUCT_NAME, Inspec::Dist::COMPLIANCE_PRODUCT_NAME, Inspec::Dist::EXEC_NAME, Inspec::Dist::PRODUCT_NAME, Inspec::Dist::SERVER_PRODUCT_NAME

Constants inherited from Inspec::Fetcher::Url

Inspec::Fetcher::Url::BITBUCKET_URL, Inspec::Fetcher::Url::BITBUCKET_URL_BRANCH_REGEX, Inspec::Fetcher::Url::BITBUCKET_URL_COMMIT_REGEX, Inspec::Fetcher::Url::BITBUCKET_URL_REGEX, Inspec::Fetcher::Url::GITHUB_URL, Inspec::Fetcher::Url::GITHUB_URL_REGEX, Inspec::Fetcher::Url::GITHUB_URL_WITH_TREE_REGEX, Inspec::Fetcher::Url::MIME_TYPES

Instance Attribute Summary collapse

Attributes inherited from Inspec::Fetcher::Url

#archive_path, #files

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Inspec::Fetcher::Url

#cache_key, default_ref, #fetch, resolve_from_string, shellout, transform

Constructor Details

#initialize(target, opts) ⇒ Fetcher

Returns a new instance of Fetcher.



18
19
20
21
22
23
24
25
26
27
# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 18

def initialize(target, opts)
  super(target, opts)
  @upstream_sha256 = ""
  if target.is_a?(Hash) && target.key?(:url)
    @target = target[:url]
    @upstream_sha256 = target[:sha256]
  elsif target.is_a?(String)
    @target = target
  end
end

Instance Attribute Details

#upstream_sha256Object (readonly)

Returns the value of attribute upstream_sha256.



16
17
18
# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 16

def upstream_sha256
  @upstream_sha256
end

Class Method Details

.check_compliance_token(uri, config) ⇒ Object



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 33

def self.check_compliance_token(uri, config)
  if config["token"].nil? && config["refresh_token"].nil?
    server = "automate2"
    msg = "#{EXEC_NAME} [automate|compliance] login https://your_automate2_server --user USER --token APITOKEN"
    raise Inspec::FetcherFailure, <<~EOF

      Cannot fetch #{uri} because your #{server} token has not been
      configured.

      Please login using

          #{msg}
    EOF
  end
end

.get_target_uri(target) ⇒ Object



49
50
51
52
53
54
55
# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 49

def self.get_target_uri(target)
  if target.is_a?(String) && URI(target).scheme == "compliance"
    URI(target)
  elsif target.respond_to?(:key?) && target.key?(:compliance)
    URI("compliance://#{target[:compliance]}")
  end
end

.resolve(target) ⇒ Object



57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 57

def self.resolve(target)
  uri = get_target_uri(target)
  return nil if uri.nil?

  config = InspecPlugins::Compliance::Configuration.new
  profile = InspecPlugins::Compliance::API.sanitize_profile_name(uri)
  profile_fetch_url = InspecPlugins::Compliance::API.target_url(config, profile)
  # we have detailed information available in our lockfile, no need to ask the server
  if target.respond_to?(:key?) && target.key?(:sha256)
    profile_checksum = target[:sha256]
  else
    check_compliance_token(uri, config)
    # verifies that the target e.g base/ssh exists
    # Call profiles directly instead of exist? to capture the results
    # so we can access the upstream sha256 from the results.
    _msg, profile_result = InspecPlugins::Compliance::API.profiles(config, profile)
    if profile_result.empty?
      raise Inspec::FetcherFailure, "The compliance profile #{profile} was not found on the configured compliance server"
    else
      # Guarantee sorting by verison and grab the latest.
      # If version was specified, it will be the first and only result.
      # Note we are calling the sha256 as a string, not a symbol since
      # it was returned as json from the Compliance API.
      profile_info = profile_result.min_by { |x| Gem::Version.new(x["version"]) }
      profile_checksum = profile_info.key?("sha256") ? profile_info["sha256"] : ""
    end
  end
  # We need to pass the token to the fetcher
  config["token"] = InspecPlugins::Compliance::API.get_token(config)

  # Needed for automate2 post request
  profile_stub = profile || target[:compliance]
  config["profile"] = InspecPlugins::Compliance::API.profile_split(profile_stub)

  new({ url: profile_fetch_url, sha256: profile_checksum }, config)
rescue URI::Error => _e
  nil
end

Instance Method Details

#resolved_sourceObject

We want to save compliance: in the lockfile rather than url: to make sure we go back through the Compliance API handling.



98
99
100
101
102
103
104
# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 98

def resolved_source
  @resolved_source ||= {
    compliance: compliance_profile_name,
    url: @target,
    sha256: sha256,
  }
end

#sha256Object



29
30
31
# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 29

def sha256
  upstream_sha256.empty? ? super : upstream_sha256
end

#to_sObject



106
107
108
# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 106

def to_s
  "#{AUTOMATE_PRODUCT_NAME} Profile Loader"
end