allow users to specify user/namespace when fetching profiles from Chef Automate (#2275)

* allow users to configure the profiles namespace By default it uses the username of the user that is logged into the system. However, the user can now specify the `--user` on the cli to list profiles from a user other than his own domain. Signed-off-by: Dominik Richter <dominik.richter@gmail.com> * allow users to provide owner for profile listing and uploading Signed-off-by: Christoph Hartmann <chris@lollyrock.com> * use config only Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2024-11-26 14:40:26 +00:00 · 2017-11-07 14:01:55 -05:00 · 2017-11-07 14:01:55 -05:00 · eb729c4034
commit eb729c4034
parent c2ec4b9545
2 changed files with 28 additions and 13 deletions
--- a/lib/bundles/inspec-compliance/api.rb
+++ b/lib/bundles/inspec-compliance/api.rb
@ -16,13 +16,17 @@ module Compliance
    extend Compliance::API::Login

    # return all compliance profiles available for the user
+    # the user is either specified in the options hash or by default
+    # the username of the account is used that is logged in
    def self.profiles(config)
+      owner = config['owner'] || config['user']
+
      # Chef Compliance
      if is_compliance_server?(config)
        url = "#{config['server']}/user/compliance"
      # Chef Automate
      elsif is_automate_server?(config)
-        url = "#{config['server']}/profiles/#{config['user']}"
+        url = "#{config['server']}/profiles/#{owner}"
      else
        raise ServerConfigurationMissing
      end
@ -45,9 +49,8 @@ module Compliance
        elsif is_automate_server_pre_080?(config)
          mapped_profiles = profiles.values.flatten
        else
-          owner_id = config['user']
          mapped_profiles = profiles.map { |e|
-            e['owner_id'] = owner_id
+            e['owner_id'] = owner
            e
          }
        end
@ -85,8 +88,13 @@ module Compliance

    # verifies that a profile
    def self.exist?(config, profile)
-      _msg, profiles = Compliance::API.profiles(config)
      owner, id, ver = profile_split(profile)
+
+      # ensure that we do not manipulate the configuration object
+      user_config = config.dup
+      user_config['owner'] = owner
+      _msg, profiles = Compliance::API.profiles(user_config)
+
      if !profiles.empty?
        profiles.any? do |p|
          p['owner_id'] == owner &&
@ -104,10 +112,10 @@ module Compliance
        url = "#{config['server']}/owners/#{owner}/compliance/#{profile_name}/tar"
      # Chef Automate pre 0.8.0
      elsif is_automate_server_pre_080?(config)
-        url = "#{config['server']}/#{config['user']}"
+        url = "#{config['server']}/#{owner}"
      # Chef Automate
      else
-        url = "#{config['server']}/profiles/#{config['user']}"
+        url = "#{config['server']}/profiles/#{owner}"
      end

      headers = get_headers(config)
--- a/lib/bundles/inspec-compliance/cli.rb
+++ b/lib/bundles/inspec-compliance/cli.rb
@ -79,11 +79,15 @@ module Compliance
    end

    desc 'profiles', 'list all available profiles in Chef Compliance'
-
+    option :owner, type: :string, required: false,
+      desc: 'owner whose profiles to list'
    def profiles
      config = Compliance::Configuration.new
      return if !loggedin(config)

+      # set owner to config
+      config['owner'] = options['owner'] || config['user']
+
      msg, profiles = Compliance::API.profiles(config)
      profiles.sort_by! { |hsh| hsh['title'] }
      if !profiles.empty?
@ -145,11 +149,16 @@ module Compliance

    desc 'upload PATH', 'uploads a local profile to Chef Compliance'
    option :overwrite, type: :boolean, default: false,
-      desc: 'Overwrite existing profile on Chef Compliance.'
+      desc: 'Overwrite existing profile on Server.'
+    option :owner, type: :string, required: false,
+      desc: 'Owner that should own the profile'
    def upload(path) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, PerceivedComplexity, Metrics/CyclomaticComplexity
      config = Compliance::Configuration.new
      return if !loggedin(config)

+      # set owner to config
+      config['owner'] = options['owner'] || config['user']
+
      unless File.exist?(path)
        puts "Directory #{path} does not exist."
        exit 1
@ -181,14 +190,12 @@ module Compliance
        error.call('Please login via `inspec compliance login`')
      end

-      # owner
-      owner = config['user']
      # read profile name from inspec.yml
      profile_name = profile.params[:name]

      # check that the profile is not uploaded already,
      # confirm upload to the user (overwrite with --force)
-      if Compliance::API.exist?(config, "#{owner}/#{profile_name}") && !options['overwrite']
+      if Compliance::API.exist?(config, "#{config['owner']}/#{profile_name}") && !options['overwrite']
        error.call('Profile exists on the server, use --overwrite')
      end

@ -207,12 +214,12 @@ module Compliance
        archive_path = path
      end

-      puts "Start upload to #{owner}/#{profile_name}"
+      puts "Start upload to #{config['owner']}/#{profile_name}"
      pname = ERB::Util.url_encode(profile_name)

      Compliance::API.is_automate_server?(config) ? upload_msg = 'Uploading to Chef Automate' : upload_msg = 'Uploading to Chef Compliance'
      puts upload_msg
-      success, msg = Compliance::API.upload(config, owner, pname, archive_path)
+      success, msg = Compliance::API.upload(config, config['owner'], pname, archive_path)

      if success
        puts 'Successfully uploaded profile'