inspec/lib/bundles/inspec-compliance/cli.rb

147 lines
4.4 KiB
Ruby
Raw Normal View History

2016-02-05 07:38:45 +00:00
# encoding: utf-8
# author: Christoph Hartmann
# author: Dominik Richter
require 'thor'
module Compliance
2016-02-05 10:06:00 +00:00
class ComplianceCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
2016-02-05 07:38:45 +00:00
namespace 'compliance'
desc 'login SERVER', 'Log in to a Chef Compliance SERVER'
option :user, type: :string, required: true,
desc: 'Chef Compliance Username'
option :password, type: :string, required: true,
desc: 'Chef Compliance Password'
def login(server)
success, msg = Compliance::API.login(server, options['user'], options['password'])
if success
puts 'Successfully authenticated'
else
puts msg
end
end
desc 'profiles', 'list all available profiles in Chef Compliance'
def profiles
profiles = Compliance::API.profiles
if !profiles.empty?
# iterate over profiles
2016-02-05 10:06:00 +00:00
headline('Available profiles:')
2016-02-05 07:38:45 +00:00
profiles.each { |profile|
2016-02-05 10:06:00 +00:00
li("#{profile[:org]}/#{profile[:name]}")
2016-02-05 07:38:45 +00:00
}
else
puts 'Could not find any profiles'
end
end
desc 'exec PROFILE', 'executes a Chef Compliance profile'
option :id, type: :string,
desc: 'Attach a profile ID to all test results'
target_options
option :format, type: :string
def exec(*tests)
# iterate over tests and add compliance scheme
tests = tests.map { |t| 'compliance://' + t }
# execute profile from inspec exec implementation
diagnose
run_tests(opts, tests)
end
desc 'upload PATH', 'uploads a local profile to Chef Compliance'
2016-02-05 10:06:00 +00:00
option :overwrite, type: :boolean, default: false,
desc: 'Overwrite existing profile on Chef Compliance.'
def upload(path) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
o = options.dup
configure_logger(o)
# check the profile, we only allow to upload valid profiles
profile = Inspec::Profile.from_path(path, o)
# start verification process
error_count = 0
error = lambda { |msg|
error_count += 1
puts msg
}
result = profile.check
unless result[:summary][:valid]
error.call('Profile check failed. Please fix the profile before upload.')
else
puts('Profile is valid')
end
# determine user information
2016-02-05 07:38:45 +00:00
config = Compliance::Configuration.new
2016-02-05 10:06:00 +00:00
if config['token'].nil? || config['user'].nil?
error.call('Please login via `inspec compliance login`')
end
# owner
owner = config['user']
# read profile name from inspec.yml
profile_name = profile.params[:name]
# check that the profile is not uploaded already,
# confirm upload to the user (overwrite with --force)
if Compliance::API.exist?("#{owner}/#{profile_name}") && !options['overwrite']
error.call('Profile exists on the server, use --overwrite')
end
# abort if we found an error
if error_count > 0
puts "Found #{error_count} error(s)"
exit 1
end
2016-02-05 07:38:45 +00:00
2016-02-05 10:06:00 +00:00
# if it is a directory, tar it to tmp directory
if File.directory?(path)
file = Tempfile.new([profile_name, '.tar.gz'])
archive_path = file.path
puts "Generate temporary profile archive at #{archive_path}"
profile.archive({ archive: archive_path, ignore_errors: false, overwrite: true })
else
archive_path = path
end
puts "Start upload to #{owner}/#{profile_name}"
# upload the tar to Chef Compliance
url = "#{config['server']}/owners/#{owner}/compliance/#{profile_name}/tar"
2016-02-05 07:38:45 +00:00
puts "Uploading to #{url}"
2016-02-05 10:06:00 +00:00
success, msg = Compliance::API.post_file(url, config['token'], '', archive_path)
if success
2016-02-05 07:38:45 +00:00
puts 'Successfully uploaded profile'
else
2016-02-05 10:06:00 +00:00
puts 'Error during profile upload:'
puts msg
2016-02-05 07:38:45 +00:00
end
end
desc 'version', 'displays the version of the Chef Compliance server'
def version
info = Compliance::API.version
if !info.nil? && info['version']
puts "Chef Compliance version: #{info['version']}"
else
puts 'Could not determine server version.'
end
end
desc 'logout', 'user logout from Chef Compliance'
def logout
if Compliance::API.logout
puts 'Successfully logged out'
else
puts 'Could not log out'
end
end
end
2016-02-05 13:48:55 +00:00
# register the subcommand to Inspec CLI registry
Inspec::Plugins::CLI.register(ComplianceCLI, 'compliance', 'compliance SUBCOMMAND ...', 'Chef Compliance commands', {})
2016-02-05 07:38:45 +00:00
end