2016-02-05 07:38:45 +00:00
|
|
|
# encoding: utf-8
|
|
|
|
# author: Christoph Hartmann
|
|
|
|
# author: Dominik Richter
|
|
|
|
|
|
|
|
require 'thor'
|
2016-03-23 15:40:01 +00:00
|
|
|
require 'erb'
|
2016-02-05 07:38:45 +00:00
|
|
|
|
|
|
|
module Compliance
|
2016-02-05 10:06:00 +00:00
|
|
|
class ComplianceCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
|
2016-02-05 07:38:45 +00:00
|
|
|
namespace 'compliance'
|
|
|
|
|
2016-03-23 13:32:10 +00:00
|
|
|
desc 'api_token SERVER', '(Optionally) verify and save the API token for Chef Compliance SERVER'
|
|
|
|
option :token, type: :string, required: true,
|
|
|
|
desc: 'Chef Compliance API token'
|
2016-02-05 07:38:45 +00:00
|
|
|
option :user, type: :string, required: true,
|
2016-03-23 13:32:10 +00:00
|
|
|
desc: 'Chef Compliance user login'
|
|
|
|
option :verify, aliases: :v, type: :boolean,
|
|
|
|
desc: 'Verify token before storing it'
|
2016-03-01 19:51:23 +00:00
|
|
|
option :insecure, aliases: :k, type: :boolean,
|
|
|
|
desc: 'Explicitly allows InSpec to perform "insecure" SSL connections and transfers'
|
2016-03-14 14:08:27 +00:00
|
|
|
option :apipath, type: :string, default: '/api',
|
|
|
|
desc: 'Set the path to the API, defaults to /api'
|
2016-03-23 13:32:10 +00:00
|
|
|
def api_token(server)
|
2016-03-24 17:29:44 +00:00
|
|
|
_, msg = Compliance::API.api_token(server, options['token'], options['verify'], options['user'], options['insecure'], options['apipath'])
|
2016-03-23 13:32:10 +00:00
|
|
|
puts msg
|
|
|
|
end
|
|
|
|
|
|
|
|
desc 'token SERVER', 'Save an access token for Chef Compliance SERVER'
|
|
|
|
option :token, type: :string, required: true,
|
|
|
|
desc: 'Chef Compliance access token'
|
|
|
|
option :insecure, aliases: :k, type: :boolean,
|
|
|
|
desc: 'Explicitly allows InSpec to perform "insecure" SSL connections and transfers'
|
|
|
|
def token(server)
|
2016-03-24 17:29:44 +00:00
|
|
|
_, msg = Compliance::API.access_token(server, options['token'], options['insecure'])
|
2016-03-23 13:32:10 +00:00
|
|
|
puts msg
|
|
|
|
end
|
|
|
|
|
|
|
|
desc 'login', 'Log in to a Chef Compliance SERVER'
|
|
|
|
option :insecure, aliases: :k, type: :boolean,
|
|
|
|
desc: 'Explicitly allows InSpec to perform "insecure" SSL connections and transfers'
|
|
|
|
def login
|
|
|
|
success, msg = Compliance::API.login(options['insecure'])
|
2016-02-05 07:38:45 +00:00
|
|
|
if success
|
|
|
|
puts 'Successfully authenticated'
|
|
|
|
else
|
|
|
|
puts msg
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
desc 'profiles', 'list all available profiles in Chef Compliance'
|
|
|
|
def profiles
|
|
|
|
profiles = Compliance::API.profiles
|
|
|
|
if !profiles.empty?
|
|
|
|
# iterate over profiles
|
2016-02-05 10:06:00 +00:00
|
|
|
headline('Available profiles:')
|
2016-02-05 07:38:45 +00:00
|
|
|
profiles.each { |profile|
|
2016-02-05 10:06:00 +00:00
|
|
|
li("#{profile[:org]}/#{profile[:name]}")
|
2016-02-05 07:38:45 +00:00
|
|
|
}
|
|
|
|
else
|
|
|
|
puts 'Could not find any profiles'
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
desc 'exec PROFILE', 'executes a Chef Compliance profile'
|
2016-03-06 14:07:12 +00:00
|
|
|
exec_options
|
2016-02-05 07:38:45 +00:00
|
|
|
def exec(*tests)
|
|
|
|
# iterate over tests and add compliance scheme
|
|
|
|
tests = tests.map { |t| 'compliance://' + t }
|
|
|
|
|
|
|
|
# execute profile from inspec exec implementation
|
|
|
|
diagnose
|
2016-02-21 22:17:01 +00:00
|
|
|
run_tests(tests, opts)
|
2016-02-05 07:38:45 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
desc 'upload PATH', 'uploads a local profile to Chef Compliance'
|
2016-02-05 10:06:00 +00:00
|
|
|
option :overwrite, type: :boolean, default: false,
|
|
|
|
desc: 'Overwrite existing profile on Chef Compliance.'
|
2016-02-05 15:57:51 +00:00
|
|
|
def upload(path) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, PerceivedComplexity
|
2016-02-05 10:06:00 +00:00
|
|
|
o = options.dup
|
|
|
|
configure_logger(o)
|
|
|
|
# check the profile, we only allow to upload valid profiles
|
2016-02-22 20:11:49 +00:00
|
|
|
profile = Inspec::Profile.for_target(path, o)
|
2016-02-05 10:06:00 +00:00
|
|
|
|
|
|
|
# start verification process
|
|
|
|
error_count = 0
|
|
|
|
error = lambda { |msg|
|
|
|
|
error_count += 1
|
|
|
|
puts msg
|
|
|
|
}
|
|
|
|
|
|
|
|
result = profile.check
|
|
|
|
unless result[:summary][:valid]
|
|
|
|
error.call('Profile check failed. Please fix the profile before upload.')
|
|
|
|
else
|
|
|
|
puts('Profile is valid')
|
|
|
|
end
|
|
|
|
|
|
|
|
# determine user information
|
2016-02-05 07:38:45 +00:00
|
|
|
config = Compliance::Configuration.new
|
2016-02-05 10:06:00 +00:00
|
|
|
if config['token'].nil? || config['user'].nil?
|
|
|
|
error.call('Please login via `inspec compliance login`')
|
|
|
|
end
|
|
|
|
|
|
|
|
# owner
|
|
|
|
owner = config['user']
|
|
|
|
# read profile name from inspec.yml
|
|
|
|
profile_name = profile.params[:name]
|
|
|
|
|
|
|
|
# check that the profile is not uploaded already,
|
|
|
|
# confirm upload to the user (overwrite with --force)
|
|
|
|
if Compliance::API.exist?("#{owner}/#{profile_name}") && !options['overwrite']
|
|
|
|
error.call('Profile exists on the server, use --overwrite')
|
|
|
|
end
|
|
|
|
|
|
|
|
# abort if we found an error
|
|
|
|
if error_count > 0
|
|
|
|
puts "Found #{error_count} error(s)"
|
|
|
|
exit 1
|
|
|
|
end
|
2016-02-05 07:38:45 +00:00
|
|
|
|
2016-02-05 10:06:00 +00:00
|
|
|
# if it is a directory, tar it to tmp directory
|
|
|
|
if File.directory?(path)
|
2016-03-23 15:13:23 +00:00
|
|
|
archive_path = Dir::Tmpname.create([profile_name, '.tar.gz']) {}
|
|
|
|
# archive_path = file.path
|
2016-02-05 10:06:00 +00:00
|
|
|
puts "Generate temporary profile archive at #{archive_path}"
|
2016-03-23 15:13:23 +00:00
|
|
|
profile.archive({ output: archive_path, ignore_errors: false, overwrite: true })
|
2016-02-05 10:06:00 +00:00
|
|
|
else
|
|
|
|
archive_path = path
|
|
|
|
end
|
|
|
|
|
|
|
|
puts "Start upload to #{owner}/#{profile_name}"
|
2016-03-23 15:40:01 +00:00
|
|
|
pname = ERB::Util.url_encode(profile_name)
|
2016-02-05 10:06:00 +00:00
|
|
|
|
|
|
|
# upload the tar to Chef Compliance
|
2016-03-23 15:40:01 +00:00
|
|
|
url = "#{config['server']}/owners/#{owner}/compliance/#{pname}/tar"
|
2016-02-05 07:38:45 +00:00
|
|
|
|
|
|
|
puts "Uploading to #{url}"
|
2016-03-23 13:32:10 +00:00
|
|
|
success, msg = Compliance::API.post_file(url, config['token'], archive_path, config['insecure'])
|
2016-02-05 10:06:00 +00:00
|
|
|
if success
|
2016-02-05 07:38:45 +00:00
|
|
|
puts 'Successfully uploaded profile'
|
|
|
|
else
|
2016-02-05 10:06:00 +00:00
|
|
|
puts 'Error during profile upload:'
|
|
|
|
puts msg
|
2016-02-05 07:38:45 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
desc 'version', 'displays the version of the Chef Compliance server'
|
|
|
|
def version
|
|
|
|
info = Compliance::API.version
|
|
|
|
if !info.nil? && info['version']
|
|
|
|
puts "Chef Compliance version: #{info['version']}"
|
|
|
|
else
|
|
|
|
puts 'Could not determine server version.'
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
desc 'logout', 'user logout from Chef Compliance'
|
|
|
|
def logout
|
|
|
|
if Compliance::API.logout
|
|
|
|
puts 'Successfully logged out'
|
|
|
|
else
|
|
|
|
puts 'Could not log out'
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-02-05 13:48:55 +00:00
|
|
|
# register the subcommand to Inspec CLI registry
|
2016-02-08 21:25:07 +00:00
|
|
|
Inspec::Plugins::CLI.add_subcommand(ComplianceCLI, 'compliance', 'compliance SUBCOMMAND ...', 'Chef Compliance commands', {})
|
2016-02-05 07:38:45 +00:00
|
|
|
end
|