Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-10 15:14:23 +00:00
Code Issues Projects Releases Packages Wiki Activity

inspec-compliance: work with compliance 1.0

Browse source
This commit is contained in:
Stephan Renatus 2016-03-23 14:32:10 +01:00 committed by Christoph Hartmann
parent b09d8ce3a5
commit e0bd2bb595
2 changed files with 108 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

113
lib/bundles/inspec-compliance/api.rb
View file

@ -9,35 +9,58 @@ module Compliance
# API Implementation does not hold any state by itself,
# everything will be stored in local Configuration store
class API # rubocop:disable Metrics/ClassLength
# logs into the server, retrieves a token and stores it locally
def self.login(server, username, password, insecure, apipath)
# saves the api token supplied by the user
def self.api_token(server, refresh_token, verify, user, insecure)
config = Compliance::Configuration.new
config['server'] = server
config['refresh_token'] = refresh_token
config['user'] = user
config['insecure'] = insecure
if !verify
config.store
success = true
msg = 'token stored'
else
url = "#{server}/login"
success, msg, access_token = Compliance::API.post_refresh_token(url, refresh_token, insecure)
if success
config['token'] = access_token
config.store
msg = 'token verified and stored'
end
end
[success, msg]
end
def self.access_token(server, token, insecure, api_path)
config = Compliance::Configuration.new
config['server'] = "#{server}#{apipath}"
url = "#{config['server']}/oauth/token"
config['insecure'] = insecure
config['token'] = token
config.store
success, data = Compliance::API.post(url, username, password, insecure)
if !data.nil?
tokendata = JSON.parse(data)
if tokendata['access_token']
config['user'] = username
config['token'] = tokendata['access_token']
config['insecure'] = insecure
config.store
success = true
msg = 'Successfully authenticated'
else
msg = 'Reponse does not include a token'
end
else
msg = "Authentication failed for Server: #{url}"
[true, 'access token stored']
end
def self.login(insecure)
config = Compliance::Configuration.new
if config['refresh_token'].nil?
puts 'No API token stored, please run `inspec compliance token` first'
exit 1
end
url = "#{config['server']}/login"
success, msg, access_token = Compliance::API.post_refresh_token(url, config['refresh_token'], insecure)
config['token'] = access_token
config.store
[success, msg]
end
def self.logout
config = Compliance::Configuration.new
url = "#{config['server']}/logout"
Compliance::API.post(url, config['token'], nil, config['insecure'])
config.destroy
end
@ -46,7 +69,7 @@ module Compliance
config = Compliance::Configuration.new
url = "#{config['server']}/version"
_success, data = Compliance::API.get(url, nil, nil, config['insecure'])
_success, data = Compliance::API.get(url, nil, config['insecure'])
if !data.nil?
JSON.parse(data)
else
@ -58,17 +81,17 @@ module Compliance
def self.profiles
config = Compliance::Configuration.new
url = "#{config['server']}/user/compliance"
_success, data = get(url, config['token'], '', config['insecure'])
_success, data = get(url, config['token'], config['insecure'])
if !data.nil?
profiles = JSON.parse(data)
val = []
# iterate over profiles
profiles.each_key { |org|
profiles[org].each_key { |name|
profiles.each_key do |org|
profiles[org].each_key do |name|
val.push({ org: org, name: name })
}
}
end
end
val
else
[]
@ -86,26 +109,52 @@ module Compliance
end
end
def self.get(url, username, password, insecure)
def self.get(url, token, insecure)
uri = URI.parse(url)
req = Net::HTTP::Get.new(uri.path)
req.basic_auth username, password
req['Authorization'] = "Bearer #{token}"
send_request(uri, req, insecure)
end
def self.post(url, username, password, insecure)
def self.post_refresh_token(url, token, insecure)
uri = URI.parse(url)
req = Net::HTTP::Post.new(uri.path)
req['Authorization'] = "Bearer #{token}"
req.body = { token: token }.to_json
access_token = ''
success, data = send_request(uri, req, insecure)
if !data.nil?
begin
tokendata = JSON.parse(data)
access_token = tokendata['access_token']
msg = 'successfully fetched access token'
success = true
rescue JSON::ParserError => e
success = false
msg = e.message
end
else
success = false
msg = 'invalid response'
end
[success, msg, access_token]
end
def self.post(url, token, insecure)
# form request
uri = URI.parse(url)
req = Net::HTTP::Post.new(uri.path)
req.basic_auth username, password
req['Authorization'] = "Bearer #{token}"
req.form_data={}
send_request(uri, req, insecure)
end
# upload a file
def self.post_file(url, username, password, file_path, insecure)
def self.post_file(url, token, file_path, insecure)
uri = URI.parse(url)
http = Net::HTTP.new(uri.host, uri.port)
@ -114,7 +163,7 @@ module Compliance
http.verify_mode = OpenSSL::SSL::VERIFY_NONE if insecure
req = Net::HTTP::Post.new(uri.path)
req.basic_auth username, password
req['Authorization'] = "Bearer #{token}"
req.body_stream=File.open(file_path, 'rb')
req.add_field('Content-Length', File.size(file_path))

34
lib/bundles/inspec-compliance/cli.rb
View file

@ -9,17 +9,37 @@ module Compliance
class ComplianceCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
namespace 'compliance'
desc 'login SERVER', 'Log in to a Chef Compliance SERVER'
desc 'api_token SERVER', '(Optionally) verify and save the API token for Chef Compliance SERVER'
option :token, type: :string, required: true,
desc: 'Chef Compliance API token'
option :user, type: :string, required: true,
desc: 'Chef Compliance Username'
option :password, type: :string, required: true,
desc: 'Chef Compliance Password'
desc: 'Chef Compliance user login'
option :verify, aliases: :v, type: :boolean,
desc: 'Verify token before storing it'
option :insecure, aliases: :k, type: :boolean,
desc: 'Explicitly allows InSpec to perform "insecure" SSL connections and transfers'
option :apipath, type: :string, default: '/api',
desc: 'Set the path to the API, defaults to /api'
def login(server)
success, msg = Compliance::API.login(server, options['user'], options['password'], options['insecure'], options['apipath'])
def api_token(server)
success, msg = Compliance::API.api_token(server, options['token'], options['verify'], options['user'], options['insecure'], options['apipath'])
puts msg
end
desc 'token SERVER', 'Save an access token for Chef Compliance SERVER'
option :token, type: :string, required: true,
desc: 'Chef Compliance access token'
option :insecure, aliases: :k, type: :boolean,
desc: 'Explicitly allows InSpec to perform "insecure" SSL connections and transfers'
def token(server)
success, msg = Compliance::API.access_token(server, options['token'], options['insecure'])
puts msg
end
desc 'login', 'Log in to a Chef Compliance SERVER'
option :insecure, aliases: :k, type: :boolean,
desc: 'Explicitly allows InSpec to perform "insecure" SSL connections and transfers'
def login
success, msg = Compliance::API.login(options['insecure'])
if success
puts 'Successfully authenticated'
else
@ -115,7 +135,7 @@ module Compliance
url = "#{config['server']}/owners/#{owner}/compliance/#{pname}/tar"
puts "Uploading to #{url}"
success, msg = Compliance::API.post_file(url, config['token'], '', archive_path, config['insecure'])
success, msg = Compliance::API.post_file(url, config['token'], archive_path, config['insecure'])
if success
puts 'Successfully uploaded profile'
else