Class: Compliance::API
- Inherits:
-
Object
- Object
- Compliance::API
- Defined in:
- lib/bundles/inspec-compliance/api.rb
Overview
API Implementation does not hold any state by itself, everything will be stored in local Configuration store
Class Method Summary collapse
-
.exist?(config, profile) ⇒ Boolean
verifies that a profile.
- .get_headers(config) ⇒ Object
- .get_token(config) ⇒ Object
-
.get_token_via_password(url, username, password, insecure) ⇒ Object
Use username and password to get an API access token.
-
.get_token_via_refresh_token(url, refresh_token, insecure) ⇒ Object
Use username and refresh_token to get an API access token.
- .is_automate_server?(config) ⇒ Boolean
- .is_automate_server_080_and_later?(config) ⇒ Boolean
- .is_automate_server_pre_080?(config) ⇒ Boolean
- .is_compliance_server?(config) ⇒ Boolean
- .profile_split(profile) ⇒ Object
-
.profiles(config) ⇒ Object
return all compliance profiles available for the user.
-
.sanitize_profile_name(profile) ⇒ Object
returns a parsed url for ‘admin/profile` or `compliance://admin/profile`.
- .server_version_from_config(config) ⇒ Object
- .target_url(config, profile) ⇒ Object
- .upload(config, owner, profile_name, archive_path) ⇒ Object
-
.version(config) ⇒ Object
return the server api version NB this method does not use Compliance::Configuration to allow for using it before we know the version (e.g. oidc or not).
Class Method Details
.exist?(config, profile) ⇒ Boolean
verifies that a profile
84 85 86 87 88 89 90 91 92 93 94 95 96 |
# File 'lib/bundles/inspec-compliance/api.rb', line 84 def self.exist?(config, profile) _msg, profiles = Compliance::API.profiles(config) owner, id, ver = profile_split(profile) if !profiles.empty? profiles.any? do |p| p['owner_id'] == owner && p['name'] == id && (ver.nil? || p['version'] == ver) end else false end end |
.get_headers(config) ⇒ Object
163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 |
# File 'lib/bundles/inspec-compliance/api.rb', line 163 def self.get_headers(config) token = get_token(config) if is_automate_server?(config) headers = { 'chef-delivery-enterprise' => config['automate']['ent'] } if config['automate']['token_type'] == 'dctoken' headers['x-data-collector-token'] = token else headers['chef-delivery-user'] = config['user'] headers['chef-delivery-token'] = token end else headers = { 'Authorization' => "Bearer #{token}" } end headers end |
.get_token(config) ⇒ Object
179 180 181 182 183 |
# File 'lib/bundles/inspec-compliance/api.rb', line 179 def self.get_token(config) return config['token'] unless config['refresh_token'] _success, _msg, token = get_token_via_refresh_token(config['server'], config['refresh_token'], config['insecure']) token end |
.get_token_via_password(url, username, password, insecure) ⇒ Object
Use username and password to get an API access token
143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 |
# File 'lib/bundles/inspec-compliance/api.rb', line 143 def self.get_token_via_password(url, username, password, insecure) uri = URI.parse("#{url}/login") req = Net::HTTP::Post.new(uri.path) req.body = { userid: username, password: password }.to_json access_token = nil response = Compliance::HTTP.send_request(uri, req, insecure) data = response.body if response.code == '200' access_token = data msg = 'Successfully fetched an API access token valid for 12 hours' success = true else success = false msg = "Failed to authenticate to #{url} \n\ Response code: #{response.code}\n Body: #{response.body}" end [success, msg, access_token] end |
.get_token_via_refresh_token(url, refresh_token, insecure) ⇒ Object
Use username and refresh_token to get an API access token
116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 |
# File 'lib/bundles/inspec-compliance/api.rb', line 116 def self.get_token_via_refresh_token(url, refresh_token, insecure) uri = URI.parse("#{url}/login") req = Net::HTTP::Post.new(uri.path) req.body = { token: refresh_token }.to_json access_token = nil response = Compliance::HTTP.send_request(uri, req, insecure) data = response.body if response.code == '200' begin tokendata = JSON.parse(data) access_token = tokendata['access_token'] msg = 'Successfully fetched API access token' success = true rescue JSON::ParserError => e success = false msg = e. end else success = false msg = "Failed to authenticate to #{url} \n\ Response code: #{response.code}\n Body: #{response.body}" end [success, msg, access_token] end |
.is_automate_server?(config) ⇒ Boolean
230 231 232 |
# File 'lib/bundles/inspec-compliance/api.rb', line 230 def self.is_automate_server?(config) config['server_type'] == 'automate' end |
.is_automate_server_080_and_later?(config) ⇒ Boolean
223 224 225 226 227 228 |
# File 'lib/bundles/inspec-compliance/api.rb', line 223 def self.is_automate_server_080_and_later?(config) # Automate versions 0.8.x and later will have a "version" key in the config # that is properly parsed out via server_version_from_config below return false unless config['server_type'] == 'automate' !server_version_from_config(config).nil? end |
.is_automate_server_pre_080?(config) ⇒ Boolean
217 218 219 220 221 |
# File 'lib/bundles/inspec-compliance/api.rb', line 217 def self.is_automate_server_pre_080?(config) # Automate versions before 0.8.x do not have a valid version in the config return false unless config['server_type'] == 'automate' server_version_from_config(config).nil? end |
.is_compliance_server?(config) ⇒ Boolean
213 214 215 |
# File 'lib/bundles/inspec-compliance/api.rb', line 213 def self.is_compliance_server?(config) config['server_type'] == 'compliance' end |
.profile_split(profile) ⇒ Object
197 198 199 200 201 |
# File 'lib/bundles/inspec-compliance/api.rb', line 197 def self.profile_split(profile) owner, id = profile.split('/') id, version = id.split('#') [owner, id, version] end |
.profiles(config) ⇒ Object
return all compliance profiles available for the user
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
# File 'lib/bundles/inspec-compliance/api.rb', line 16 def self.profiles(config) # Chef Compliance if is_compliance_server?(config) url = "#{config['server']}/user/compliance" # Chef Automate elsif is_automate_server?(config) url = "#{config['server']}/profiles/#{config['user']}" else raise ServerConfigurationMissing end headers = get_headers(config) response = Compliance::HTTP.get(url, headers, config['insecure']) data = response.body response_code = response.code case response_code when '200' msg = 'success' profiles = JSON.parse(data) # iterate over profiles if is_compliance_server?(config) mapped_profiles = [] profiles.values.each { |org| mapped_profiles += org.values } # Chef Automate pre 0.8.0 elsif is_automate_server_pre_080?(config) mapped_profiles = profiles.values.flatten else owner_id = config['user'] mapped_profiles = profiles.map { |e| e['owner_id'] = owner_id e } end return msg, mapped_profiles when '401' msg = '401 Unauthorized. Please check your token.' return msg, [] else msg = "An unexpected error occurred (HTTP #{response_code}): #{response.}" return msg, [] end end |
.sanitize_profile_name(profile) ⇒ Object
returns a parsed url for ‘admin/profile` or `compliance://admin/profile`
204 205 206 207 208 209 210 211 |
# File 'lib/bundles/inspec-compliance/api.rb', line 204 def self.sanitize_profile_name(profile) if URI(profile).scheme == 'compliance' uri = URI(profile) else uri = URI("compliance://#{profile}") end uri.to_s.sub(%r{^compliance:\/\/}, '') end |
.server_version_from_config(config) ⇒ Object
234 235 236 237 238 239 240 |
# File 'lib/bundles/inspec-compliance/api.rb', line 234 def self.server_version_from_config(config) # Automate versions 0.8.x and later will have a "version" key in the config # that looks like: "version":{"api":"compliance","version":"0.8.24"} return nil unless config.key?('version') return nil unless config['version'].is_a?(Hash) config['version']['version'] end |
.target_url(config, profile) ⇒ Object
185 186 187 188 189 190 191 192 193 194 195 |
# File 'lib/bundles/inspec-compliance/api.rb', line 185 def self.target_url(config, profile) owner, id, ver = profile_split(profile) return "#{config['server']}/owners/#{owner}/compliance/#{id}/tar" unless is_automate_server?(config) if ver.nil? "#{config['server']}/profiles/#{owner}/#{id}/tar" else "#{config['server']}/profiles/#{owner}/#{id}/version/#{ver}/tar" end end |
.upload(config, owner, profile_name, archive_path) ⇒ Object
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 |
# File 'lib/bundles/inspec-compliance/api.rb', line 98 def self.upload(config, owner, profile_name, archive_path) # Chef Compliance if is_compliance_server?(config) url = "#{config['server']}/owners/#{owner}/compliance/#{profile_name}/tar" # Chef Automate pre 0.8.0 elsif is_automate_server_pre_080?(config) url = "#{config['server']}/#{config['user']}" # Chef Automate else url = "#{config['server']}/profiles/#{config['user']}" end headers = get_headers(config) res = Compliance::HTTP.post_file(url, headers, archive_path, config['insecure']) [res.is_a?(Net::HTTPSuccess), res.body] end |
.version(config) ⇒ Object
return the server api version NB this method does not use Compliance::Configuration to allow for using it before we know the version (e.g. oidc or not)
64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 |
# File 'lib/bundles/inspec-compliance/api.rb', line 64 def self.version(config) url = config['server'] insecure = config['insecure'] raise ServerConfigurationMissing if url.nil? headers = get_headers(config) response = Compliance::HTTP.get(url+'/version', headers, insecure) return {} if response.code == '404' data = response.body return {} if data.nil? || data.empty? parsed = JSON.parse(data) return {} unless parsed.key?('version') && !parsed['version'].empty? parsed end |