class InspecPlugins::Compliance::Fetcher
Attributes
upstream_sha256[R]
Public Class Methods
check_compliance_token(uri, config)
click to toggle source
# File lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb, line 33 def self.check_compliance_token(uri, config) if config["token"].nil? && config["refresh_token"].nil? server = "automate2" msg = "#{EXEC_NAME} [automate|compliance] login https://your_automate2_server --user USER --token APITOKEN" raise Inspec::FetcherFailure, <<~EOF Cannot fetch #{uri} because your #{server} token has not been configured. Please login using #{msg} EOF end end
get_target_uri(target)
click to toggle source
# File lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb, line 49 def self.get_target_uri(target) if target.is_a?(String) && URI(target).scheme == "compliance" URI(target) elsif target.respond_to?(:key?) && target.key?(:compliance) URI("compliance://#{target[:compliance]}") end end
new(target, opts)
click to toggle source
Calls superclass method
Inspec::Fetcher::Url::new
# File lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb, line 18 def initialize(target, opts) super(target, opts) @upstream_sha256 = "" if target.is_a?(Hash) && target.key?(:url) @target = target[:url] @upstream_sha256 = target[:sha256] elsif target.is_a?(String) @target = target end end
resolve(target)
click to toggle source
# File lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb, line 57 def self.resolve(target) uri = get_target_uri(target) return nil if uri.nil? config = InspecPlugins::Compliance::Configuration.new profile = InspecPlugins::Compliance::API.sanitize_profile_name(uri) profile_fetch_url = InspecPlugins::Compliance::API.target_url(config, profile) # we have detailed information available in our lockfile, no need to ask the server if target.respond_to?(:key?) && target.key?(:sha256) profile_checksum = target[:sha256] else check_compliance_token(uri, config) # verifies that the target e.g base/ssh exists # Call profiles directly instead of exist? to capture the results # so we can access the upstream sha256 from the results. _msg, profile_result = InspecPlugins::Compliance::API.profiles(config, profile) if profile_result.empty? raise Inspec::FetcherFailure, "The compliance profile #{profile} was not found on the configured compliance server" else # Guarantee sorting by verison and grab the latest. # If version was specified, it will be the first and only result. # Note we are calling the sha256 as a string, not a symbol since # it was returned as json from the Compliance API. profile_info = profile_result.min_by { |x| Gem::Version.new(x["version"]) } profile_checksum = profile_info.key?("sha256") ? profile_info["sha256"] : "" end end # We need to pass the token to the fetcher config["token"] = InspecPlugins::Compliance::API.get_token(config) # Needed for automate2 post request profile_stub = profile || target[:compliance] config["profile"] = InspecPlugins::Compliance::API.profile_split(profile_stub) new({ url: profile_fetch_url, sha256: profile_checksum }, config) rescue URI::Error => _e nil end
Public Instance Methods
resolved_source()
click to toggle source
We want to save compliance: in the lockfile rather than url: to make sure we go back through the Compliance
API
handling.
# File lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb, line 98 def resolved_source @resolved_source ||= { compliance: compliance_profile_name, url: @target, sha256: sha256, } end
sha256()
click to toggle source
Calls superclass method
Inspec::Fetcher::Url#sha256
# File lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb, line 29 def sha256 upstream_sha256.empty? ? super : upstream_sha256 end
to_s()
click to toggle source
# File lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb, line 106 def to_s "#{AUTOMATE_PRODUCT_NAME} Profile Loader" end
Private Instance Methods
compliance_profile_name()
click to toggle source
determine the owner_id and the profile name from the url
# File lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb, line 113 def compliance_profile_name m = {} m[:owner] = @config["profile"][0] m[:id] = @config["profile"][1] if m.nil? raise "Unable to determine compliance profile name. This can be caused by " \ "an incorrect server in your configuration. Try to login to compliance " \ "via the `#{EXEC_NAME} automate login` command or " \ "via the `#{EXEC_NAME} compliance login` command." end "#{m[:owner]}/#{m[:id]}" end