class InspecPlugins::Compliance::Fetcher

Attributes

upstream_sha256[R]

Public Class Methods

check_compliance_token(uri, config) click to toggle source
# File lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb, line 33
      def self.check_compliance_token(uri, config)
        if config["token"].nil? && config["refresh_token"].nil?
          server = "automate2"
          msg = "#{EXEC_NAME} [automate|compliance] login https://your_automate2_server --user USER --token APITOKEN"
          raise Inspec::FetcherFailure, <<~EOF

            Cannot fetch #{uri} because your #{server} token has not been
            configured.

            Please login using

                #{msg}
          EOF
        end
      end
get_target_uri(target) click to toggle source
# File lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb, line 49
def self.get_target_uri(target)
  if target.is_a?(String) && URI(target).scheme == "compliance"
    URI(target)
  elsif target.respond_to?(:key?) && target.key?(:compliance)
    URI("compliance://#{target[:compliance]}")
  end
end
new(target, opts) click to toggle source
Calls superclass method Inspec::Fetcher::Url::new
# File lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb, line 18
def initialize(target, opts)
  super(target, opts)
  @upstream_sha256 = ""
  if target.is_a?(Hash) && target.key?(:url)
    @target = target[:url]
    @upstream_sha256 = target[:sha256]
  elsif target.is_a?(String)
    @target = target
  end
end
resolve(target) click to toggle source
# File lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb, line 57
def self.resolve(target)
  uri = get_target_uri(target)
  return nil if uri.nil?

  config = InspecPlugins::Compliance::Configuration.new
  profile = InspecPlugins::Compliance::API.sanitize_profile_name(uri)
  profile_fetch_url = InspecPlugins::Compliance::API.target_url(config, profile)
  # we have detailed information available in our lockfile, no need to ask the server
  if target.respond_to?(:key?) && target.key?(:sha256)
    profile_checksum = target[:sha256]
  else
    check_compliance_token(uri, config)
    # verifies that the target e.g base/ssh exists
    # Call profiles directly instead of exist? to capture the results
    # so we can access the upstream sha256 from the results.
    _msg, profile_result = InspecPlugins::Compliance::API.profiles(config, profile)
    if profile_result.empty?
      raise Inspec::FetcherFailure, "The compliance profile #{profile} was not found on the configured compliance server"
    else
      # Guarantee sorting by verison and grab the latest.
      # If version was specified, it will be the first and only result.
      # Note we are calling the sha256 as a string, not a symbol since
      # it was returned as json from the Compliance API.
      profile_info = profile_result.min_by { |x| Gem::Version.new(x["version"]) }
      profile_checksum = profile_info.key?("sha256") ? profile_info["sha256"] : ""
    end
  end
  # We need to pass the token to the fetcher
  config["token"] = InspecPlugins::Compliance::API.get_token(config)

  # Needed for automate2 post request
  profile_stub = profile || target[:compliance]
  config["profile"] = InspecPlugins::Compliance::API.profile_split(profile_stub)

  new({ url: profile_fetch_url, sha256: profile_checksum }, config)
rescue URI::Error => _e
  nil
end

Public Instance Methods

resolved_source() click to toggle source

We want to save compliance: in the lockfile rather than url: to make sure we go back through the Compliance API handling.

# File lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb, line 98
def resolved_source
  @resolved_source ||= {
    compliance: compliance_profile_name,
    url: @target,
    sha256: sha256,
  }
end
sha256() click to toggle source
Calls superclass method Inspec::Fetcher::Url#sha256
# File lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb, line 29
def sha256
  upstream_sha256.empty? ? super : upstream_sha256
end
to_s() click to toggle source
# File lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb, line 106
def to_s
  "#{AUTOMATE_PRODUCT_NAME} Profile Loader"
end

Private Instance Methods

compliance_profile_name() click to toggle source

determine the owner_id and the profile name from the url

# File lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb, line 113
def compliance_profile_name
  m = {}
  m[:owner] = @config["profile"][0]
  m[:id] = @config["profile"][1]

  if m.nil?
    raise "Unable to determine compliance profile name. This can be caused by " \
      "an incorrect server in your configuration. Try to login to compliance " \
      "via the `#{EXEC_NAME} automate login` command or " \
      "via the `#{EXEC_NAME} compliance login` command."
  end

  "#{m[:owner]}/#{m[:id]}"
end