Class: Compliance::ComplianceCLI
- Inherits:
-
Inspec::BaseCLI
- Object
- Thor
- Inspec::BaseCLI
- Compliance::ComplianceCLI
- Defined in:
- lib/bundles/inspec-compliance/cli.rb
Overview
rubocop:disable Metrics/ClassLength
Instance Method Summary collapse
- #exec(*tests) ⇒ Object
-
#login(server) ⇒ Object
rubocop:disable Metrics/CyclomaticComplexity, Metrics/AbcSize, PerceivedComplexity.
- #logout ⇒ Object
- #profiles ⇒ Object
-
#upload(path) ⇒ Object
rubocop:disable Metrics/MethodLength, Metrics/AbcSize, PerceivedComplexity.
- #version ⇒ Object
Methods inherited from Inspec::BaseCLI
exec_options, profile_options, target_options
Instance Method Details
#exec(*tests) ⇒ Object
75 76 77 78 79 80 81 82 |
# File 'lib/bundles/inspec-compliance/cli.rb', line 75 def exec(*tests) # iterate over tests and add compliance scheme tests = tests.map { |t| 'compliance://' + t } # execute profile from inspec exec implementation diagnose run_tests(tests, opts) end |
#login(server) ⇒ Object
rubocop:disable Metrics/CyclomaticComplexity, Metrics/AbcSize, PerceivedComplexity
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 |
# File 'lib/bundles/inspec-compliance/cli.rb', line 26 def login(server) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/AbcSize, PerceivedComplexity # show warning if the Compliance Server does not support if !Compliance::Configuration.new.supported?(:oidc) && (!['token'].nil? || !['refresh_token'].nil?) puts 'Your server supports --user and --password only' end ['server'] = server url = ['server'] + ['apipath'] if !['user'].nil? && !['password'].nil? # username / password success, msg = login_legacy(url, ['user'], ['password'], ['insecure']) elsif !['user'].nil? && !['token'].nil? # access token success, msg = store_access_token(url, ['user'], ['token'], ['insecure']) elsif !['refresh_token'].nil? && !['user'].nil? # refresh token success, msg = store_refresh_token(url, ['refresh_token'], true, ['user'], ['insecure']) # TODO: we should login with the refreshtoken here elsif !['refresh_token'].nil? success, msg = login_refreshtoken(url, ) else puts 'Please run `inspec compliance login` with options --token or --refresh_token and --user' exit 1 end if success puts 'Successfully authenticated' else puts msg end end |
#logout ⇒ Object
171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 |
# File 'lib/bundles/inspec-compliance/cli.rb', line 171 def logout config = Compliance::Configuration.new unless config.supported?(:oidc) || config['token'].nil? config = Compliance::Configuration.new url = "#{config['server']}/logout" Compliance::API.post(url, config['token'], config['insecure'], !config.supported?(:oidc)) end success = config.destroy if success puts 'Successfully logged out' else puts 'Could not log out' end end |
#profiles ⇒ Object
59 60 61 62 63 64 65 66 67 68 69 70 71 |
# File 'lib/bundles/inspec-compliance/cli.rb', line 59 def profiles config = Compliance::Configuration.new profiles = Compliance::API.profiles(config) if !profiles.empty? # iterate over profiles headline('Available profiles:') profiles.each { |profile| li("#{profile[:org]}/#{profile[:name]}") } else puts 'Could not find any profiles' end end |
#upload(path) ⇒ Object
rubocop:disable Metrics/MethodLength, Metrics/AbcSize, PerceivedComplexity
87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 |
# File 'lib/bundles/inspec-compliance/cli.rb', line 87 def upload(path) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, PerceivedComplexity unless File.exist?(path) puts "Directory #{path} does not exist." exit 1 end o = .dup configure_logger(o) # check the profile, we only allow to upload valid profiles profile = Inspec::Profile.for_target(path, o) # start verification process error_count = 0 error = lambda { |msg| error_count += 1 puts msg } result = profile.check unless result[:summary][:valid] error.call('Profile check failed. Please fix the profile before upload.') else puts('Profile is valid') end # determine user information config = Compliance::Configuration.new if config['token'].nil? || config['user'].nil? error.call('Please login via `inspec compliance login`') end # owner owner = config['user'] # read profile name from inspec.yml profile_name = profile.params[:name] # check that the profile is not uploaded already, # confirm upload to the user (overwrite with --force) if Compliance::API.exist?(config, "#{owner}/#{profile_name}") && !['overwrite'] error.call('Profile exists on the server, use --overwrite') end # abort if we found an error if error_count > 0 puts "Found #{error_count} error(s)" exit 1 end # if it is a directory, tar it to tmp directory if File.directory?(path) archive_path = Dir::Tmpname.create([profile_name, '.tar.gz']) {} # archive_path = file.path puts "Generate temporary profile archive at #{archive_path}" profile.archive({ output: archive_path, ignore_errors: false, overwrite: true }) else archive_path = path end puts "Start upload to #{owner}/#{profile_name}" pname = ERB::Util.url_encode(profile_name) puts 'Uploading to Chef Compliance' success, msg = Compliance::API.upload(config, owner, pname, archive_path) if success puts 'Successfully uploaded profile' else puts 'Error during profile upload:' puts msg end end |
#version ⇒ Object
160 161 162 163 164 165 166 167 168 |
# File 'lib/bundles/inspec-compliance/cli.rb', line 160 def version config = Compliance::Configuration.new info = Compliance::API.version(config['server'], config['insecure']) if !info.nil? && info['version'] puts "Chef Compliance version: #{info['version']}" else puts 'Could not determine server version.' end end |