Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-23 05:03:07 +00:00
Code Issues Projects Releases Packages Wiki Activity

address comments

Browse source 
Signed-off-by: Victoria Jeffrey <vjeffrey@chef.io>
This commit is contained in:
Victoria Jeffrey 2016-11-29 09:35:16 -05:00 committed by Christoph Hartmann
parent bdf5eae15e
commit 60009b292b
5 changed files with 35 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
lib/bundles/inspec-compliance/api.rb
View file

@ -11,9 +11,9 @@ module Compliance
class API # rubocop:disable Metrics/ClassLength
# return all compliance profiles available for the user
def self.profiles(config)
config['automate'][0] ? url = "#{config['server']}/#{config['user']}" : url = "#{config['server']}/user/compliance"
config['server_type'] == 'automate' ? url = "#{config['server']}/#{config['user']}" : url = "#{config['server']}/user/compliance"
# TODO, api should not be dependent on .supported?
response = Compliance::HTTP.get(url, config['token'], config['insecure'], config['user'], !config.supported?(:oidc), config['automate'], config['ent'])
response = Compliance::HTTP.get(url, config['token'], config['insecure'], config['user'], !config.supported?(:oidc), config['automate'], config['server_type'])
data = response.body
response_code = response.code
case response_code
@ -21,7 +21,7 @@ module Compliance
msg = 'success'
profiles = JSON.parse(data)
# iterate over profiles
if config['automate'][0]
if config['server_type'] == 'automate'
mapped_profiles = profiles.map do |owner, ps|
{ org: ps['owner_id'], name: owner }
end.flatten
@ -75,8 +75,8 @@ Please login using `inspec compliance login https://compliance.test --user admin
def self.upload(config, owner, profile_name, archive_path)
# upload the tar to Chef Compliance
config['automate'][0] ? url = "#{config['server']}/#{config['user']}" : url = "#{config['server']}/owners/#{owner}/compliance/#{profile_name}/tar"
res = Compliance::HTTP.post_file(url, config['token'], config['user'], archive_path, config['insecure'], !config.supported?(:oidc), config['automate'], config['ent'])
config['server_type'] == 'automate' ? url = "#{config['server']}/#{config['user']}" : url = "#{config['server']}/owners/#{owner}/compliance/#{profile_name}/tar"
res = Compliance::HTTP.post_file(url, config['token'], config['user'], archive_path, config['insecure'], !config.supported?(:oidc), config['automate'], config['server_type'])
[res.is_a?(Net::HTTPSuccess), res.body]
end

22
lib/bundles/inspec-compliance/cli.rb
View file

@ -78,7 +78,7 @@ module Compliance
exit 1
end
else
puts "Please login to your automate instance using 'inspec compliance automate SERVER --user AUTOMATE_USER --ent AUTOMATE_ENT --dctoken DC_TOKEN or --usertoken USER_TOKEN' "
puts "Please login to your automate instance using 'inspec compliance login_automate SERVER --user AUTOMATE_USER --ent AUTOMATE_ENT --dctoken DC_TOKEN or --usertoken USER_TOKEN' "
exit 1
end
puts '', msg
@ -180,7 +180,7 @@ module Compliance
puts "Start upload to #{owner}/#{profile_name}"
pname = ERB::Util.url_encode(profile_name)
config['automate'] ? upload_msg = 'Uploading to Chef Automate' : upload_msg = 'Uploading to Chef Compliance'
config['server_type'] == 'automate' ? upload_msg = 'Uploading to Chef Automate' : upload_msg = 'Uploading to Chef Compliance'
puts upload_msg
success, msg = Compliance::API.upload(config, owner, pname, archive_path)
@ -196,7 +196,7 @@ module Compliance
desc 'version', 'displays the version of the Chef Compliance server'
def version
config = Compliance::Configuration.new
if config['automate']
if config['server_type'] == 'automate'
puts 'Version not available when logged in with Automate.'
else
info = Compliance::API.version(config['server'], config['insecure'])
@ -212,12 +212,14 @@ module Compliance
desc 'logout', 'user logout from Chef Compliance'
def logout
config = Compliance::Configuration.new
unless config.supported?(:oidc) || config['token'].nil? || config['automate']
unless config.supported?(:oidc) || config['token'].nil? || config['server_type'] == 'automate'
config = Compliance::Configuration.new
url = "#{config['server']}/logout"
Compliance::API.post(url, config['token'], config['insecure'], !config.supported?(:oidc))
end
success = config.destroy
config['token'] = ''
config['server'] = ''
if success
puts 'Successfully logged out'
@ -230,9 +232,11 @@ module Compliance
def login_automate_config(url, user, dctoken, usertoken, ent)
config = Compliance::Configuration.new
config['server'] = url
config['ent'] = ent
config['user'] = user
config['server'] = url
config['automate'] = {}
config['automate']['ent'] = ent
config['server_type'] = 'automate'
# determine token method being used
if !dctoken.nil?
@ -245,7 +249,7 @@ module Compliance
token_msg = 'automate user token'
end
config['automate'] = [true, token_type]
config['automate']['token_type'] = token_type
config.store
msg = "You have logged into your automate instance: '#{url}' with user: '#{user}', ent: '#{ent}' and your #{token_msg}"
msg
@ -259,6 +263,7 @@ module Compliance
config['token'] = access_token
config['insecure'] = options['insecure']
config['version'] = Compliance::API.version(url, options['insecure'])
config['server_type'] = 'compliance'
config.store
end
@ -274,6 +279,7 @@ module Compliance
config['token'] = api_token
config['insecure'] = insecure
config['version'] = Compliance::API.version(url, insecure)
config['server_type'] = 'compliance'
config.store
success = true
end
@ -320,7 +326,7 @@ module Compliance
def loggedin(config)
serverknown = !config['server'].nil?
puts 'You need to login first with `inspec compliance login` or `inspec compliance automate`' if !serverknown
puts 'You need to login first with `inspec compliance login` or `inspec compliance login_automate`' if !serverknown
serverknown
end
end

16
lib/bundles/inspec-compliance/http.rb
View file

@ -9,15 +9,15 @@ module Compliance
# implements a simple http abstraction on top of Net::HTTP
class HTTP
# generic get requires
def self.get(url, token, insecure, user, basic_auth = false, automate = false, ent = nil) # rubocop:disable Metrics/ParameterLists
def self.get(url, token, insecure, user, basic_auth = false, automate = nil, server_type) # rubocop:disable Metrics/ParameterLists
uri = URI.parse(url)
req = Net::HTTP::Get.new(uri.path)
return send_request(uri, req, insecure) if token.nil?
if automate[0]
req.add_field('chef-delivery-enterprise', ent)
if automate[1] == 'dctoken'
if server_type == 'automate'
req.add_field('chef-delivery-enterprise', automate['ent'])
if automate['token_type'] == 'dctoken'
req.add_field('x-data-collector-token', token)
else
req.add_field('chef-delivery-user', user)
@ -47,7 +47,7 @@ module Compliance
end
# post a file
def self.post_file(url, token, user, file_path, insecure, basic_auth = false, automate = false, ent = nil) # rubocop:disable Metrics/ParameterLists
def self.post_file(url, token, user, file_path, insecure, basic_auth = false, automate = nil, server_type) # rubocop:disable Metrics/ParameterLists
uri = URI.parse(url)
fail "Unable to parse URL: #{url}" if uri.nil? || uri.host.nil?
http = Net::HTTP.new(uri.host, uri.port)
@ -57,9 +57,9 @@ module Compliance
http.verify_mode = OpenSSL::SSL::VERIFY_NONE if insecure
req = Net::HTTP::Post.new(uri.path)
if automate[0]
req.add_field('chef-delivery-enterprise', ent)
if automate[1] == 'dctoken'
if server_type == 'automate'
req.add_field('chef-delivery-enterprise', automate['ent'])
if automate['token_type'] == 'dctoken'
req.add_field('x-data-collector-token', token)
else
req.add_field('chef-delivery-user', user)

6
lib/bundles/inspec-compliance/target.rb
View file

@ -25,9 +25,9 @@ module Compliance
# check if we have a compliance token
config = Compliance::Configuration.new
if config['token'].nil?
if config['automate'][0]
if config['server_type'] == 'automate'
server = 'automate'
msg = 'inspec compliance automate https://your_automate_server --user USER --ent ENT --dctoken DCTOKEN or --usertoken USERTOKEN'
msg = 'inspec compliance login_automate https://your_automate_server --user USER --ent ENT --dctoken DCTOKEN or --usertoken USERTOKEN'
else
server = 'compliance'
msg = "inspec compliance login https://your_compliance_server --user admin --insecure --token 'PASTE TOKEN HERE' "
@ -54,7 +54,7 @@ EOF
end
def self.target_url(profile, config)
if config['automate'][0]
if config['server_type'] == 'automate'
target = "#{config['server']}/#{profile}/tar"
else
owner, id = profile.split('/')

10
lib/fetchers/url.rb
View file

@ -127,18 +127,18 @@ module Fetchers
http_opts = {}
http_opts['ssl_verify_mode'.to_sym] = OpenSSL::SSL::VERIFY_NONE if @insecure
if @config
if @config['automate']
automate = true
http_opts['chef-delivery-enterprise'] = @config['ent']
if @config['automate'][1] == 'dctoken'
if @config['server_type'] == 'automate'
http_opts['chef-delivery-enterprise'] = @config['automate']['ent']
if @config['automate']['token_type'] == 'dctoken'
http_opts['x-data-collector-token'] = @config['token']
else
http_opts['chef-delivery-user'] = @config['user']
http_opts['chef-delivery-token'] = @config['token']
end
elsif @token
http_opts['Authorization'] = "Bearer #{@token}"
end
end
http_opts['Authorization'] = "Bearer #{@token}" if @token && automate.nil?
remote = open(@target, http_opts)
@archive_type = file_type_from_remote(remote) # side effect :(
archive = Tempfile.new(['inspec-dl-', @archive_type])