mirror of
https://github.com/inspec/inspec
synced 2024-11-10 07:04:15 +00:00
address comments
Signed-off-by: Victoria Jeffrey <vjeffrey@chef.io>
This commit is contained in:
parent
bdf5eae15e
commit
60009b292b
5 changed files with 35 additions and 29 deletions
|
@ -11,9 +11,9 @@ module Compliance
|
|||
class API # rubocop:disable Metrics/ClassLength
|
||||
# return all compliance profiles available for the user
|
||||
def self.profiles(config)
|
||||
config['automate'][0] ? url = "#{config['server']}/#{config['user']}" : url = "#{config['server']}/user/compliance"
|
||||
config['server_type'] == 'automate' ? url = "#{config['server']}/#{config['user']}" : url = "#{config['server']}/user/compliance"
|
||||
# TODO, api should not be dependent on .supported?
|
||||
response = Compliance::HTTP.get(url, config['token'], config['insecure'], config['user'], !config.supported?(:oidc), config['automate'], config['ent'])
|
||||
response = Compliance::HTTP.get(url, config['token'], config['insecure'], config['user'], !config.supported?(:oidc), config['automate'], config['server_type'])
|
||||
data = response.body
|
||||
response_code = response.code
|
||||
case response_code
|
||||
|
@ -21,7 +21,7 @@ module Compliance
|
|||
msg = 'success'
|
||||
profiles = JSON.parse(data)
|
||||
# iterate over profiles
|
||||
if config['automate'][0]
|
||||
if config['server_type'] == 'automate'
|
||||
mapped_profiles = profiles.map do |owner, ps|
|
||||
{ org: ps['owner_id'], name: owner }
|
||||
end.flatten
|
||||
|
@ -75,8 +75,8 @@ Please login using `inspec compliance login https://compliance.test --user admin
|
|||
|
||||
def self.upload(config, owner, profile_name, archive_path)
|
||||
# upload the tar to Chef Compliance
|
||||
config['automate'][0] ? url = "#{config['server']}/#{config['user']}" : url = "#{config['server']}/owners/#{owner}/compliance/#{profile_name}/tar"
|
||||
res = Compliance::HTTP.post_file(url, config['token'], config['user'], archive_path, config['insecure'], !config.supported?(:oidc), config['automate'], config['ent'])
|
||||
config['server_type'] == 'automate' ? url = "#{config['server']}/#{config['user']}" : url = "#{config['server']}/owners/#{owner}/compliance/#{profile_name}/tar"
|
||||
res = Compliance::HTTP.post_file(url, config['token'], config['user'], archive_path, config['insecure'], !config.supported?(:oidc), config['automate'], config['server_type'])
|
||||
[res.is_a?(Net::HTTPSuccess), res.body]
|
||||
end
|
||||
|
||||
|
|
|
@ -78,7 +78,7 @@ module Compliance
|
|||
exit 1
|
||||
end
|
||||
else
|
||||
puts "Please login to your automate instance using 'inspec compliance automate SERVER --user AUTOMATE_USER --ent AUTOMATE_ENT --dctoken DC_TOKEN or --usertoken USER_TOKEN' "
|
||||
puts "Please login to your automate instance using 'inspec compliance login_automate SERVER --user AUTOMATE_USER --ent AUTOMATE_ENT --dctoken DC_TOKEN or --usertoken USER_TOKEN' "
|
||||
exit 1
|
||||
end
|
||||
puts '', msg
|
||||
|
@ -180,7 +180,7 @@ module Compliance
|
|||
puts "Start upload to #{owner}/#{profile_name}"
|
||||
pname = ERB::Util.url_encode(profile_name)
|
||||
|
||||
config['automate'] ? upload_msg = 'Uploading to Chef Automate' : upload_msg = 'Uploading to Chef Compliance'
|
||||
config['server_type'] == 'automate' ? upload_msg = 'Uploading to Chef Automate' : upload_msg = 'Uploading to Chef Compliance'
|
||||
puts upload_msg
|
||||
success, msg = Compliance::API.upload(config, owner, pname, archive_path)
|
||||
|
||||
|
@ -196,7 +196,7 @@ module Compliance
|
|||
desc 'version', 'displays the version of the Chef Compliance server'
|
||||
def version
|
||||
config = Compliance::Configuration.new
|
||||
if config['automate']
|
||||
if config['server_type'] == 'automate'
|
||||
puts 'Version not available when logged in with Automate.'
|
||||
else
|
||||
info = Compliance::API.version(config['server'], config['insecure'])
|
||||
|
@ -212,12 +212,14 @@ module Compliance
|
|||
desc 'logout', 'user logout from Chef Compliance'
|
||||
def logout
|
||||
config = Compliance::Configuration.new
|
||||
unless config.supported?(:oidc) || config['token'].nil? || config['automate']
|
||||
unless config.supported?(:oidc) || config['token'].nil? || config['server_type'] == 'automate'
|
||||
config = Compliance::Configuration.new
|
||||
url = "#{config['server']}/logout"
|
||||
Compliance::API.post(url, config['token'], config['insecure'], !config.supported?(:oidc))
|
||||
end
|
||||
success = config.destroy
|
||||
config['token'] = ''
|
||||
config['server'] = ''
|
||||
|
||||
if success
|
||||
puts 'Successfully logged out'
|
||||
|
@ -230,9 +232,11 @@ module Compliance
|
|||
|
||||
def login_automate_config(url, user, dctoken, usertoken, ent)
|
||||
config = Compliance::Configuration.new
|
||||
config['server'] = url
|
||||
config['ent'] = ent
|
||||
config['user'] = user
|
||||
config['server'] = url
|
||||
config['automate'] = {}
|
||||
config['automate']['ent'] = ent
|
||||
config['server_type'] = 'automate'
|
||||
|
||||
# determine token method being used
|
||||
if !dctoken.nil?
|
||||
|
@ -245,7 +249,7 @@ module Compliance
|
|||
token_msg = 'automate user token'
|
||||
end
|
||||
|
||||
config['automate'] = [true, token_type]
|
||||
config['automate']['token_type'] = token_type
|
||||
config.store
|
||||
msg = "You have logged into your automate instance: '#{url}' with user: '#{user}', ent: '#{ent}' and your #{token_msg}"
|
||||
msg
|
||||
|
@ -259,6 +263,7 @@ module Compliance
|
|||
config['token'] = access_token
|
||||
config['insecure'] = options['insecure']
|
||||
config['version'] = Compliance::API.version(url, options['insecure'])
|
||||
config['server_type'] = 'compliance'
|
||||
config.store
|
||||
end
|
||||
|
||||
|
@ -274,6 +279,7 @@ module Compliance
|
|||
config['token'] = api_token
|
||||
config['insecure'] = insecure
|
||||
config['version'] = Compliance::API.version(url, insecure)
|
||||
config['server_type'] = 'compliance'
|
||||
config.store
|
||||
success = true
|
||||
end
|
||||
|
@ -320,7 +326,7 @@ module Compliance
|
|||
|
||||
def loggedin(config)
|
||||
serverknown = !config['server'].nil?
|
||||
puts 'You need to login first with `inspec compliance login` or `inspec compliance automate`' if !serverknown
|
||||
puts 'You need to login first with `inspec compliance login` or `inspec compliance login_automate`' if !serverknown
|
||||
serverknown
|
||||
end
|
||||
end
|
||||
|
|
|
@ -9,15 +9,15 @@ module Compliance
|
|||
# implements a simple http abstraction on top of Net::HTTP
|
||||
class HTTP
|
||||
# generic get requires
|
||||
def self.get(url, token, insecure, user, basic_auth = false, automate = false, ent = nil) # rubocop:disable Metrics/ParameterLists
|
||||
def self.get(url, token, insecure, user, basic_auth = false, automate = nil, server_type) # rubocop:disable Metrics/ParameterLists
|
||||
uri = URI.parse(url)
|
||||
req = Net::HTTP::Get.new(uri.path)
|
||||
|
||||
return send_request(uri, req, insecure) if token.nil?
|
||||
|
||||
if automate[0]
|
||||
req.add_field('chef-delivery-enterprise', ent)
|
||||
if automate[1] == 'dctoken'
|
||||
if server_type == 'automate'
|
||||
req.add_field('chef-delivery-enterprise', automate['ent'])
|
||||
if automate['token_type'] == 'dctoken'
|
||||
req.add_field('x-data-collector-token', token)
|
||||
else
|
||||
req.add_field('chef-delivery-user', user)
|
||||
|
@ -47,7 +47,7 @@ module Compliance
|
|||
end
|
||||
|
||||
# post a file
|
||||
def self.post_file(url, token, user, file_path, insecure, basic_auth = false, automate = false, ent = nil) # rubocop:disable Metrics/ParameterLists
|
||||
def self.post_file(url, token, user, file_path, insecure, basic_auth = false, automate = nil, server_type) # rubocop:disable Metrics/ParameterLists
|
||||
uri = URI.parse(url)
|
||||
fail "Unable to parse URL: #{url}" if uri.nil? || uri.host.nil?
|
||||
http = Net::HTTP.new(uri.host, uri.port)
|
||||
|
@ -57,9 +57,9 @@ module Compliance
|
|||
http.verify_mode = OpenSSL::SSL::VERIFY_NONE if insecure
|
||||
|
||||
req = Net::HTTP::Post.new(uri.path)
|
||||
if automate[0]
|
||||
req.add_field('chef-delivery-enterprise', ent)
|
||||
if automate[1] == 'dctoken'
|
||||
if server_type == 'automate'
|
||||
req.add_field('chef-delivery-enterprise', automate['ent'])
|
||||
if automate['token_type'] == 'dctoken'
|
||||
req.add_field('x-data-collector-token', token)
|
||||
else
|
||||
req.add_field('chef-delivery-user', user)
|
||||
|
|
|
@ -25,9 +25,9 @@ module Compliance
|
|||
# check if we have a compliance token
|
||||
config = Compliance::Configuration.new
|
||||
if config['token'].nil?
|
||||
if config['automate'][0]
|
||||
if config['server_type'] == 'automate'
|
||||
server = 'automate'
|
||||
msg = 'inspec compliance automate https://your_automate_server --user USER --ent ENT --dctoken DCTOKEN or --usertoken USERTOKEN'
|
||||
msg = 'inspec compliance login_automate https://your_automate_server --user USER --ent ENT --dctoken DCTOKEN or --usertoken USERTOKEN'
|
||||
else
|
||||
server = 'compliance'
|
||||
msg = "inspec compliance login https://your_compliance_server --user admin --insecure --token 'PASTE TOKEN HERE' "
|
||||
|
@ -54,7 +54,7 @@ EOF
|
|||
end
|
||||
|
||||
def self.target_url(profile, config)
|
||||
if config['automate'][0]
|
||||
if config['server_type'] == 'automate'
|
||||
target = "#{config['server']}/#{profile}/tar"
|
||||
else
|
||||
owner, id = profile.split('/')
|
||||
|
|
|
@ -127,18 +127,18 @@ module Fetchers
|
|||
http_opts = {}
|
||||
http_opts['ssl_verify_mode'.to_sym] = OpenSSL::SSL::VERIFY_NONE if @insecure
|
||||
if @config
|
||||
if @config['automate']
|
||||
automate = true
|
||||
http_opts['chef-delivery-enterprise'] = @config['ent']
|
||||
if @config['automate'][1] == 'dctoken'
|
||||
if @config['server_type'] == 'automate'
|
||||
http_opts['chef-delivery-enterprise'] = @config['automate']['ent']
|
||||
if @config['automate']['token_type'] == 'dctoken'
|
||||
http_opts['x-data-collector-token'] = @config['token']
|
||||
else
|
||||
http_opts['chef-delivery-user'] = @config['user']
|
||||
http_opts['chef-delivery-token'] = @config['token']
|
||||
end
|
||||
elsif @token
|
||||
http_opts['Authorization'] = "Bearer #{@token}"
|
||||
end
|
||||
end
|
||||
http_opts['Authorization'] = "Bearer #{@token}" if @token && automate.nil?
|
||||
remote = open(@target, http_opts)
|
||||
@archive_type = file_type_from_remote(remote) # side effect :(
|
||||
archive = Tempfile.new(['inspec-dl-', @archive_type])
|
||||
|
|
Loading…
Reference in a new issue