From 078d1ce8982f7981dca11db2e574967e919151ba Mon Sep 17 00:00:00 2001
From: Vasu1105 <vasundhara.jagdale@chef.io>
Date: Thu, 2 Jun 2022 00:30:51 +0530
Subject: [PATCH] Updated sign and verify command to directly accept the path
 of the profile instead of additional option to provide those. Updated docs
 for the same.

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
---
 docs-chef-io/content/inspec/signing.md        |  6 ++---
 .../inspec-sign/lib/inspec-sign/base.rb       | 27 +++++++++----------
 .../inspec-sign/lib/inspec-sign/cli.rb        | 16 +++++------
 .../test/functional/inspec_sign_test.rb       |  4 +--
 .../inspec_exec_signed_profile_test.rb        |  6 ++---
 5 files changed, 27 insertions(+), 32 deletions(-)

diff --git a/docs-chef-io/content/inspec/signing.md b/docs-chef-io/content/inspec/signing.md
index 7f955c396..dad051f4e 100644
--- a/docs-chef-io/content/inspec/signing.md
+++ b/docs-chef-io/content/inspec/signing.md
@@ -54,7 +54,7 @@ A signed profile is checked for validity before being executed, and if it cannot
 The `inspec sign verify` command specifies which key is used to sign a profile.
 
 ```bash
-[cwolfe@lodi temp]$ inspec sign verify --signed-profile simple-0.1.0-v2.iaf
+[cwolfe@lodi temp]$ inspec sign verify simple-0.1.0-v2.iaf
 Verifying simple-0.1.0-v2.iaf
 Detected format version 'INSPEC-PROFILE-2'
 Attempting to verify using key 'cwolfe-03'
@@ -171,10 +171,10 @@ Ensure to keep your signing key secret. It would help if you devised a way of di
 
 ### How do I sign profiles?
 
-You will need a signing key to sign profiles. Specify the name of the key and the name of the profile.
+You will need a signing key to sign profiles. Specify the path of profile and the name of the key.
 
 ```bash
-[cwolfe@lodi temp]$ inspec sign profile --keyname test-03 --profile simple
+[cwolfe@lodi temp]$ inspec sign profile simple --keyname test-03
 Signing simple with key cwolfe-03
 Dependencies for profile simple successfully vendored to /Users/cwolfe/sandbox/inspec/inspec-5/temp/simple/vendor
 Successfully generated simple-0.1.0.iaf
diff --git a/lib/plugins/inspec-sign/lib/inspec-sign/base.rb b/lib/plugins/inspec-sign/lib/inspec-sign/base.rb
index f30dad41a..d0213b2c7 100644
--- a/lib/plugins/inspec-sign/lib/inspec-sign/base.rb
+++ b/lib/plugins/inspec-sign/lib/inspec-sign/base.rb
@@ -45,25 +45,24 @@ module InspecPlugins
         end
       end
 
-      def self.profile_sign(options)
+      def self.profile_sign(profile_path, options)
         artifact = new
-        path_to_profile = options["profile"]
 
         # Writes the profile content id in the inspec.yml
         if options[:profile_content_id] && !options[:profile_content_id].strip.empty?
-          artifact.write_profile_content_id(path_to_profile, options[:profile_content_id])
+          artifact.write_profile_content_id(profile_path, options[:profile_content_id])
         end
 
-        puts "Signing #{options["profile"]} with key #{options["keyname"]}"
+        puts "Signing #{profile_path} with key #{options["keyname"]}"
         keypath = Inspec::IafFile.find_signing_key(options["keyname"])
 
         # Read name and version from metadata and use them to form the filename
-        profile_md = artifact.read_profile_metadata(path_to_profile)
+        profile_md = artifact.read_profile_metadata(profile_path)
 
         artifact_filename = "#{profile_md["name"]}-#{profile_md["version"]}.#{SIGNED_PROFILE_SUFFIX}"
 
         # Generating tar.gz file using archive method of Inspec Cli
-        Inspec::InspecCLI.new.archive(path_to_profile, "error")
+        Inspec::InspecCLI.new.archive(profile_path, "error")
         tarfile = "#{profile_md["name"]}-#{profile_md["version"]}.tar.gz"
         tar_content = IO.binread(tarfile)
         FileUtils.rm(tarfile)
@@ -89,8 +88,8 @@ module InspecPlugins
         Inspec::UI.new.exit(:usage_error)
       end
 
-      def self.profile_verify(options)
-        file_to_verify = options["signed_profile"]
+      def self.profile_verify(signed_profile_path)
+        file_to_verify = signed_profile_path
         puts "Verifying #{file_to_verify}"
 
         iaf_file = Inspec::IafFile.new(file_to_verify)
@@ -110,12 +109,12 @@ module InspecPlugins
         Inspec::UI.new.exit(:usage_error)
       end
 
-      def read_profile_metadata(path_to_profile)
+      def read_profile_metadata(profile_path)
         begin
-          p = Pathname.new(path_to_profile)
+          p = Pathname.new(profile_path)
           p = p.join("inspec.yml")
           unless p.exist?
-            raise "#{path_to_profile} doesn't appear to be a valid #{PRODUCT_NAME} profile"
+            raise "#{profile_path} doesn't appear to be a valid #{PRODUCT_NAME} profile"
           end
 
           yaml = YAML.load_file(p.to_s)
@@ -137,8 +136,8 @@ module InspecPlugins
         yaml
       end
 
-      def write_profile_content_id(path_to_profile, profile_content_id)
-        p = Pathname.new(path_to_profile)
+      def write_profile_content_id(profile_path, profile_content_id)
+        p = Pathname.new(profile_path)
         p = p.join("inspec.yml")
         yaml = YAML.load_file(p.to_s)
         existing_profile_content_id = yaml["profile_content_id"]
@@ -152,7 +151,7 @@ module InspecPlugins
         lines = IO.readlines(p)
         lines << "\nprofile_content_id: #{profile_content_id}\n"
 
-        File.open("#{p}", "w" ) do | f |
+        File.open("#{p}", "w" ) do |f|
           f.puts lines
         end
       end
diff --git a/lib/plugins/inspec-sign/lib/inspec-sign/cli.rb b/lib/plugins/inspec-sign/lib/inspec-sign/cli.rb
index 8b2e45d5f..69c63b3a4 100644
--- a/lib/plugins/inspec-sign/lib/inspec-sign/cli.rb
+++ b/lib/plugins/inspec-sign/lib/inspec-sign/cli.rb
@@ -89,22 +89,18 @@ module InspecPlugins
         InspecPlugins::Sign::Base.keygen(options)
       end
 
-      desc "profile", "Create a signed .iaf artifact"
-      option :profile, type: :string, required: true,
-        desc: "Path to profile directory"
+      desc "profile PATH", "sign the profile in PATH and generate .iaf artifact."
       option :keyname, type: :string, required: true,
         desc: "Desriptive name of key"
       option :profile_content_id, type: :string,
         desc: "UUID of the profile. This will write the profile_content_id in the metadata file if it does not already exist in the metadata file."
-      def profile
-        InspecPlugins::Sign::Base.profile_sign(options)
+      def profile(profile_path)
+        InspecPlugins::Sign::Base.profile_sign(profile_path, options)
       end
 
-      desc "verify", "Verify a signed .iaf artifact"
-      option :signed_profile, type: :string, required: true,
-          desc: ".iaf file to verify"
-      def verify
-        InspecPlugins::Sign::Base.profile_verify(options)
+      desc "verify PATH", "Verify a signed profile .iaf artifact at given path."
+      def verify(signed_profile_path)
+        InspecPlugins::Sign::Base.profile_verify(signed_profile_path)
       end
     end
   end
diff --git a/lib/plugins/inspec-sign/test/functional/inspec_sign_test.rb b/lib/plugins/inspec-sign/test/functional/inspec_sign_test.rb
index e45adea63..10f4f4996 100644
--- a/lib/plugins/inspec-sign/test/functional/inspec_sign_test.rb
+++ b/lib/plugins/inspec-sign/test/functional/inspec_sign_test.rb
@@ -34,10 +34,10 @@ class SignCli < Minitest::Test
       out = run_inspec_process("sign generate-keys --keyname #{unique_key_name}", prefix: "cd #{dir};")
       assert_exit_code 0, out
 
-      out = run_inspec_process("sign profile --profile #{profile} --keyname #{unique_key_name}", prefix: "cd #{dir};")
+      out = run_inspec_process("sign profile #{profile} --keyname #{unique_key_name}", prefix: "cd #{dir};")
       assert_exit_code 0, out
 
-      out = run_inspec_process("sign verify --signed-profile artifact-profile-0.1.0.iaf", prefix: "cd #{dir};")
+      out = run_inspec_process("sign verify artifact-profile-0.1.0.iaf", prefix: "cd #{dir};")
       assert_exit_code 0, out
 
       assert_includes out.stdout.force_encoding(Encoding::UTF_8), "Verifying artifact-profile-0.1.0.iaf"
diff --git a/test/functional/inspec_exec_signed_profile_test.rb b/test/functional/inspec_exec_signed_profile_test.rb
index ed8d91c60..2d9517004 100644
--- a/test/functional/inspec_exec_signed_profile_test.rb
+++ b/test/functional/inspec_exec_signed_profile_test.rb
@@ -17,7 +17,7 @@ describe "inspec exec" do
       out = run_inspec_process("sign generate-keys --keyname #{unique_key_name}", prefix: "cd #{dir};")
       assert_exit_code 0, out
 
-      out = run_inspec_process("sign profile --profile #{profile} --keyname #{unique_key_name}", prefix: "cd #{dir};")
+      out = run_inspec_process("sign profile #{profile} --keyname #{unique_key_name}", prefix: "cd #{dir};")
       assert_exit_code 0, out
 
       out = run_inspec_process("exec profile_a-0.1.0.iaf --no-create-lockfile", prefix: "cd #{dir};")
@@ -40,7 +40,7 @@ describe "inspec exec" do
       out = run_inspec_process("sign generate-keys --keyname #{unique_key_name}", prefix: "cd #{dir};")
       assert_exit_code 0, out
 
-      out = run_inspec_process("sign profile --profile #{profile} --keyname #{unique_key_name}", prefix: "cd #{dir};")
+      out = run_inspec_process("sign profile #{profile} --keyname #{unique_key_name}", prefix: "cd #{dir};")
       assert_exit_code 0, out
 
       delete_keys(unique_key_name)
@@ -63,7 +63,7 @@ describe "inspec exec" do
       out = run_inspec_process("sign generate-keys --keyname #{unique_key_name}", prefix: "cd #{dir};")
       assert_exit_code 0, out
 
-      out = run_inspec_process("sign profile --profile #{profile} --keyname #{unique_key_name}", prefix: "cd #{dir};")
+      out = run_inspec_process("sign profile #{profile} --keyname #{unique_key_name}", prefix: "cd #{dir};")
       assert_exit_code 0, out
 
       out = run_inspec_process("exec profile_a-0.1.0.iaf --no-create-lockfile", prefix: "cd #{dir};")