Class: Compliance::API
- Inherits:
-
Object
- Object
- Compliance::API
- Defined in:
- lib/bundles/inspec-compliance/api.rb
Overview
API Implementation does not hold any state by itself, everything will be stored in local Configuration store
Class Method Summary collapse
-
.exist?(config, profile) ⇒ Boolean
verifies that a profile.
- .get_headers(config) ⇒ Object
- .get_token(config) ⇒ Object
-
.get_token_via_password(url, username, password, insecure) ⇒ Object
Use username and password to get an API access token.
-
.get_token_via_refresh_token(url, refresh_token, insecure) ⇒ Object
Use username and refresh_token to get an API access token.
- .is_automate_server?(config) ⇒ Boolean
- .is_automate_server_080_and_later?(config) ⇒ Boolean
- .is_automate_server_pre_080?(config) ⇒ Boolean
- .is_compliance_server?(config) ⇒ Boolean
-
.profiles(config) ⇒ Object
return all compliance profiles available for the user.
-
.sanitize_profile_name(profile) ⇒ Object
returns a parsed url for ‘admin/profile` or `compliance://admin/profile`.
- .server_version_from_config(config) ⇒ Object
- .target_url(config, profile) ⇒ Object
- .upload(config, owner, profile_name, archive_path) ⇒ Object
-
.version(config) ⇒ Object
return the server api version NB this method does not use Compliance::Configuration to allow for using it before we know the version (e.g. oidc or not).
Class Method Details
.exist?(config, profile) ⇒ Boolean
verifies that a profile
84 85 86 87 88 89 90 91 92 |
# File 'lib/bundles/inspec-compliance/api.rb', line 84 def self.exist?(config, profile) _msg, profiles = Compliance::API.profiles(config) if !profiles.empty? index = profiles.index { |p| "#{p['owner_id']}/#{p['name']}" == profile } !index.nil? && index >= 0 else false end end |
.get_headers(config) ⇒ Object
159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 |
# File 'lib/bundles/inspec-compliance/api.rb', line 159 def self.get_headers(config) token = get_token(config) if is_automate_server?(config) headers = { 'chef-delivery-enterprise' => config['automate']['ent'] } if config['automate']['token_type'] == 'dctoken' headers['x-data-collector-token'] = token else headers['chef-delivery-user'] = config['user'] headers['chef-delivery-token'] = token end else headers = { 'Authorization' => "Bearer #{token}" } end headers end |
.get_token(config) ⇒ Object
175 176 177 178 179 |
# File 'lib/bundles/inspec-compliance/api.rb', line 175 def self.get_token(config) return config['token'] unless config['refresh_token'] _success, _msg, token = get_token_via_refresh_token(config['server'], config['refresh_token'], config['insecure']) token end |
.get_token_via_password(url, username, password, insecure) ⇒ Object
Use username and password to get an API access token
139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 |
# File 'lib/bundles/inspec-compliance/api.rb', line 139 def self.get_token_via_password(url, username, password, insecure) uri = URI.parse("#{url}/login") req = Net::HTTP::Post.new(uri.path) req.body = { userid: username, password: password }.to_json access_token = nil response = Compliance::HTTP.send_request(uri, req, insecure) data = response.body if response.code == '200' access_token = data msg = 'Successfully fetched an API access token valid for 12 hours' success = true else success = false msg = "Failed to authenticate to #{url} \n\ Response code: #{response.code}\n Body: #{response.body}" end [success, msg, access_token] end |
.get_token_via_refresh_token(url, refresh_token, insecure) ⇒ Object
Use username and refresh_token to get an API access token
112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 |
# File 'lib/bundles/inspec-compliance/api.rb', line 112 def self.get_token_via_refresh_token(url, refresh_token, insecure) uri = URI.parse("#{url}/login") req = Net::HTTP::Post.new(uri.path) req.body = { token: refresh_token }.to_json access_token = nil response = Compliance::HTTP.send_request(uri, req, insecure) data = response.body if response.code == '200' begin tokendata = JSON.parse(data) access_token = tokendata['access_token'] msg = 'Successfully fetched API access token' success = true rescue JSON::ParserError => e success = false msg = e. end else success = false msg = "Failed to authenticate to #{url} \n\ Response code: #{response.code}\n Body: #{response.body}" end [success, msg, access_token] end |
.is_automate_server?(config) ⇒ Boolean
219 220 221 |
# File 'lib/bundles/inspec-compliance/api.rb', line 219 def self.is_automate_server?(config) config['server_type'] == 'automate' end |
.is_automate_server_080_and_later?(config) ⇒ Boolean
212 213 214 215 216 217 |
# File 'lib/bundles/inspec-compliance/api.rb', line 212 def self.is_automate_server_080_and_later?(config) # Automate versions 0.8.x and later will have a "version" key in the config # that is properly parsed out via server_version_from_config below return false unless config['server_type'] == 'automate' !server_version_from_config(config).nil? end |
.is_automate_server_pre_080?(config) ⇒ Boolean
206 207 208 209 210 |
# File 'lib/bundles/inspec-compliance/api.rb', line 206 def self.is_automate_server_pre_080?(config) # Automate versions before 0.8.x do not have a valid version in the config return false unless config['server_type'] == 'automate' server_version_from_config(config).nil? end |
.is_compliance_server?(config) ⇒ Boolean
202 203 204 |
# File 'lib/bundles/inspec-compliance/api.rb', line 202 def self.is_compliance_server?(config) config['server_type'] == 'compliance' end |
.profiles(config) ⇒ Object
return all compliance profiles available for the user
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
# File 'lib/bundles/inspec-compliance/api.rb', line 16 def self.profiles(config) # Chef Compliance if is_compliance_server?(config) url = "#{config['server']}/user/compliance" # Chef Automate elsif is_automate_server?(config) url = "#{config['server']}/profiles/#{config['user']}" else raise ServerConfigurationMissing end headers = get_headers(config) response = Compliance::HTTP.get(url, headers, config['insecure']) data = response.body response_code = response.code case response_code when '200' msg = 'success' profiles = JSON.parse(data) # iterate over profiles if is_compliance_server?(config) mapped_profiles = [] profiles.values.each { |org| mapped_profiles += org.values } # Chef Automate pre 0.8.0 elsif is_automate_server_pre_080?(config) mapped_profiles = profiles.values.flatten else owner_id = config['user'] mapped_profiles = profiles.map { |e| e['owner_id'] = owner_id e } end return msg, mapped_profiles when '401' msg = '401 Unauthorized. Please check your token.' return msg, [] else msg = "An unexpected error occurred (HTTP #{response_code}): #{response.}" return msg, [] end end |
.sanitize_profile_name(profile) ⇒ Object
returns a parsed url for ‘admin/profile` or `compliance://admin/profile`
193 194 195 196 197 198 199 200 |
# File 'lib/bundles/inspec-compliance/api.rb', line 193 def self.sanitize_profile_name(profile) if URI(profile).scheme == 'compliance' uri = URI(profile) else uri = URI("compliance://#{profile}") end uri.to_s.sub(%r{^compliance:\/\/}, '') end |
.server_version_from_config(config) ⇒ Object
223 224 225 226 227 228 229 |
# File 'lib/bundles/inspec-compliance/api.rb', line 223 def self.server_version_from_config(config) # Automate versions 0.8.x and later will have a "version" key in the config # that looks like: "version":{"api":"compliance","version":"0.8.24"} return nil unless config.key?('version') return nil unless config['version'].is_a?(Hash) config['version']['version'] end |
.target_url(config, profile) ⇒ Object
181 182 183 184 185 186 187 188 189 190 |
# File 'lib/bundles/inspec-compliance/api.rb', line 181 def self.target_url(config, profile) if is_automate_server?(config) owner, id = profile.split('/') target = "#{config['server']}/profiles/#{owner}/#{id}/tar" else owner, id = profile.split('/') target = "#{config['server']}/owners/#{owner}/compliance/#{id}/tar" end target end |
.upload(config, owner, profile_name, archive_path) ⇒ Object
94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 |
# File 'lib/bundles/inspec-compliance/api.rb', line 94 def self.upload(config, owner, profile_name, archive_path) # Chef Compliance if is_compliance_server?(config) url = "#{config['server']}/owners/#{owner}/compliance/#{profile_name}/tar" # Chef Automate pre 0.8.0 elsif is_automate_server_pre_080?(config) url = "#{config['server']}/#{config['user']}" # Chef Automate else url = "#{config['server']}/profiles/#{config['user']}" end headers = get_headers(config) res = Compliance::HTTP.post_file(url, headers, archive_path, config['insecure']) [res.is_a?(Net::HTTPSuccess), res.body] end |
.version(config) ⇒ Object
return the server api version NB this method does not use Compliance::Configuration to allow for using it before we know the version (e.g. oidc or not)
64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 |
# File 'lib/bundles/inspec-compliance/api.rb', line 64 def self.version(config) url = config['server'] insecure = config['insecure'] raise ServerConfigurationMissing if url.nil? headers = get_headers(config) response = Compliance::HTTP.get(url+'/version', headers, insecure) return {} if response.code == '404' data = response.body return {} if data.nil? || data.empty? parsed = JSON.parse(data) return {} unless parsed.key?('version') && !parsed['version'].empty? parsed end |