Class: ComplianceEngine::Data

Inherits:

Object

• Object
• ComplianceEngine::Data

Defined in:

lib/compliance_engine/data.rb

Overview

Work with compliance data

Instance Attribute Summary

• #data ⇒ Object

  Setting any of these should all invalidate any cached data.

• #enforcement_tolerance ⇒ Object

  Setting any of these should all invalidate any cached data.

• #environment_data ⇒ Object

  Setting any of these should all invalidate any cached data.

• #facts ⇒ Object

  Setting any of these should all invalidate any cached data.

• #modulepath ⇒ Object

  Setting any of these should all invalidate any cached data.

Instance Method Summary

• #ces ⇒ ComplianceEngine::CEs

  Return a collection of CEs.

• #check_mapping(profile_or_ce) ⇒ Hash

  Return all checks that map to the requested profile or CE.

• #checks ⇒ ComplianceEngine::Checks

  Return a collection of checks.

• #confines ⇒ Hash

  Return all confines.

• #controls ⇒ ComplianceEngine::Controls

  Return a collection of controls.

• #files ⇒ Array<String>

  Get a list of files with compliance data.

• #get(file) ⇒ Hash

  Get the compliance data for a given file.

• #hiera(requested_profiles = []) ⇒ Hash

  Return all Hiera data from checks that map to the requested profiles.

• #initialize(*paths, facts: nil, enforcement_tolerance: nil) ⇒ Data constructor

  A new instance of Data.

• #invalidate_cache ⇒ NilClass

  Invalidate the cache of computed data.

• #open(*paths, fileclass: File, dirclass: Dir) ⇒ NilClass

  Scan paths for compliance data files.

• #open_environment(*paths) ⇒ NilClass

  Scan a Puppet environment.

• #open_environment_zip(path) ⇒ NilClass

  Scan a Puppet environment from a zip file.

• #profiles ⇒ ComplianceEngine::Profiles

  Return a profile collection.

• #reset_collection ⇒ NilClass

  Discard all parsed data other than the top-level data.

• #update(filename, key: filename.to_s, fileclass: File) ⇒ NilClass

  Update the data for a given file.

Constructor Details

#initialize(*paths, facts: nil, enforcement_tolerance: nil) ⇒ Data

Returns a new instance of Data.

Parameters:

• paths (Array<String>) —

  The paths to the compliance data files

• facts (Hash) (defaults to: nil) —

  The facts to use while evaluating the data

• enforcement_tolerance (Integer) (defaults to: nil) —

  The tolerance to use while evaluating the data

# File 'lib/compliance_engine/data.rb', line 30

def initialize(*paths, facts: nil, enforcement_tolerance: nil)
  @data ||= {}
  @facts = facts
  @enforcement_tolerance = enforcement_tolerance
  open(*paths) unless paths.nil? || paths.empty?
end

Instance Attribute Details

#data ⇒ Object

Setting any of these should all invalidate any cached data

# File 'lib/compliance_engine/data.rb', line 38

def data
  @data
end

#enforcement_tolerance ⇒ Object

Setting any of these should all invalidate any cached data

# File 'lib/compliance_engine/data.rb', line 38

def enforcement_tolerance
  @enforcement_tolerance
end

#environment_data ⇒ Object

Setting any of these should all invalidate any cached data

# File 'lib/compliance_engine/data.rb', line 38

def environment_data
  @environment_data
end

#facts ⇒ Object

Setting any of these should all invalidate any cached data

# File 'lib/compliance_engine/data.rb', line 38

def facts
  @facts
end

#modulepath ⇒ Object

Setting any of these should all invalidate any cached data

# File 'lib/compliance_engine/data.rb', line 38

def modulepath
  @modulepath
end

Instance Method Details

#ces ⇒ ComplianceEngine::CEs

Return a collection of CEs

Returns:

• (ComplianceEngine::CEs)

# File 'lib/compliance_engine/data.rb', line 241

def ces
  @ces ||= ComplianceEngine::Ces.new(self)
end

#check_mapping(profile_or_ce) ⇒ Hash

Return all checks that map to the requested profile or CE

Parameters:

• profile_or_ce (ComplianceEngine::Profile, ComplianceEngine::Ce) —

  The requested profile or CE

Returns:

• (Hash)

Raises:

• (ArgumentError)

# File 'lib/compliance_engine/data.rb', line 324

def check_mapping(profile_or_ce)
  raise ArgumentError, 'Argument must be a ComplianceEngine::Profile object' unless profile_or_ce.is_a?(ComplianceEngine::Profile) || profile_or_ce.is_a?(ComplianceEngine::Ce)

  cache_key = "#{profile_or_ce.class}:#{profile_or_ce.key}"

  @check_mapping ||= {}

  return @check_mapping[cache_key] if @check_mapping.key?(cache_key)

  @check_mapping[cache_key] = checks.select do |_, check|
    mapping?(check, profile_or_ce)
  end
end

#checks ⇒ ComplianceEngine::Checks

Return a collection of checks

Returns:

• (ComplianceEngine::Checks)

# File 'lib/compliance_engine/data.rb', line 248

def checks
  @checks ||= ComplianceEngine::Checks.new(self)
end

#confines ⇒ Hash

Return all confines

Returns:

• (Hash)

# File 'lib/compliance_engine/data.rb', line 262

def confines
  return @confines unless @confines.nil?

  @confines ||= {}

  [profiles, ces, checks, controls].each do |collection|
    collection.each_value do |v|
      v.to_a.each do |component|
        next unless component.key?('confine')
        @confines = @confines.deep_merge!(component['confine'])
      end
    end
  end

  @confines
end

#controls ⇒ ComplianceEngine::Controls

Return a collection of controls

Returns:

• (ComplianceEngine::Controls)

# File 'lib/compliance_engine/data.rb', line 255

def controls
  @controls ||= ComplianceEngine::Controls.new(self)
end

#files ⇒ Array<String>

Get a list of files with compliance data

Returns:

• (Array<String>)

# File 'lib/compliance_engine/data.rb', line 216

def files
  return @files unless @files.nil?
  @files = data.select { |_, file| file.key?(:content) }.keys
end

#get(file) ⇒ Hash

Get the compliance data for a given file

Parameters:

• file (String) —

  The path to the compliance data file

Returns:

• (Hash)

# File 'lib/compliance_engine/data.rb', line 225

def get(file)
  data[file][:content]
rescue
  nil
end

#hiera(requested_profiles = []) ⇒ Hash

Return all Hiera data from checks that map to the requested profiles

Parameters:

• requested_profiles (Array<String>) (defaults to: []) —

  The requested profiles

Returns:

• (Hash)

# File 'lib/compliance_engine/data.rb', line 283

def hiera(requested_profiles = [])
  # If we have no valid profiles, we won't have any hiera data.
  return {} if requested_profiles.empty?

  cache_key = requested_profiles.to_s

  @hiera ||= {}

  return @hiera[cache_key] if @hiera.key?(cache_key)

  valid_profiles = []
  requested_profiles.each do |profile|
    if profiles[profile].nil?
      warn "Requested profile '#{profile}' not defined"
      next
    end

    valid_profiles << profiles[profile]
  end

  # If we have no valid profiles, we won't have any hiera data.
  if valid_profiles.empty?
    @hiera[cache_key] = {}
    return @hiera[cache_key]
  end

  parameters = {}

  valid_profiles.reverse_each do |profile|
    check_mapping(profile).each_value do |check|
      parameters = parameters.deep_merge!(check.hiera)
    end
  end

  @hiera[cache_key] = parameters
end

#invalidate_cache ⇒ NilClass

Invalidate the cache of computed data

Returns:

• (NilClass)

# File 'lib/compliance_engine/data.rb', line 78

def invalidate_cache
  collection_variables.each { |var| instance_variable_get(var)&.invalidate_cache(self) }
  cache_variables.each { |var| instance_variable_set(var, nil) }
end

#open(*paths, fileclass: File, dirclass: Dir) ⇒ NilClass

Scan paths for compliance data files

Parameters:

• paths (Array<String>) —

  The paths to the compliance data files

• fileclass (Class) (defaults to: File) —

  The class to use for reading files

• dirclass (Class) (defaults to: Dir) —

  The class to use for reading directories

Returns:

• (NilClass)

# File 'lib/compliance_engine/data.rb', line 117

def open(*paths, fileclass: File, dirclass: Dir)
  modules = {}

  paths.each do |path|
    if path.is_a?(ComplianceEngine::EnvironmentLoader)
      open(*path.modules)
      next
    end

    if path.is_a?(ComplianceEngine::ModuleLoader)
      modules[path.name] = path.version unless path.name.nil?
      path.files.each do |file_loader|
        update(file_loader)
      end
      next
    end

    if path.is_a?(ComplianceEngine::DataLoader)
      update(path, key: path.key, fileclass: fileclass)
      next
    end

    if fileclass.file?(path)
      key = if Object.const_defined?(:Zip) && path.is_a?(Zip::Entry)
              File.join(path.zipfile.to_s, '.', path.to_s)
            else
              path.to_s
            end
      update(path, key: key, fileclass: fileclass)
      next
    end

    if fileclass.directory?(path)
      open(ComplianceEngine::ModuleLoader.new(path, fileclass: fileclass, dirclass: dirclass))
      next
    end

    raise ComplianceEngine::Error, "Invalid path or object '#{path}'"
  end

  self.environment_data ||= {}
  self.environment_data = self.environment_data.merge(modules)

  nil
end

#open_environment(*paths) ⇒ NilClass

Scan a Puppet environment

Parameters:

• paths (Array<String>) —

  The Puppet modulepath components

Returns:

• (NilClass)

# File 'lib/compliance_engine/data.rb', line 105

def open_environment(*paths)
  environment = ComplianceEngine::EnvironmentLoader.new(*paths)
  self.modulepath = environment.modulepath
  open(environment)
end

#open_environment_zip(path) ⇒ NilClass

Scan a Puppet environment from a zip file

Parameters:

• path (String) —

  The Puppet environment archive file

Returns:

• (NilClass)

# File 'lib/compliance_engine/data.rb', line 94

def open_environment_zip(path)
  require 'compliance_engine/environment_loader/zip'

  environment = ComplianceEngine::EnvironmentLoader::Zip.new(path)
  self.modulepath = environment.modulepath
  open(environment)
end

#profiles ⇒ ComplianceEngine::Profiles

Return a profile collection

Returns:

• (ComplianceEngine::Profiles)

# File 'lib/compliance_engine/data.rb', line 234

def profiles
  @profiles ||= ComplianceEngine::Profiles.new(self)
end

#reset_collection ⇒ NilClass

Discard all parsed data other than the top-level data

Returns:

• (NilClass)

# File 'lib/compliance_engine/data.rb', line 86

def reset_collection
  # Discard any cached objects
  (instance_variables - (data_variables + context_variables)).each { |var| instance_variable_set(var, nil) }
end

#update(filename, key: filename.to_s, fileclass: File) ⇒ NilClass

Update the data for a given file

Parameters:

• file (String) —

  The path to the compliance data file

• key (String) (defaults to: filename.to_s) —

  The key to use for the data

• fileclass (Class) (defaults to: File) —

  The class to use for reading files

• size (Integer) —

  The size of the file

• mtime (Time) —

  The modification time of the file

Returns:

• (NilClass)

# File 'lib/compliance_engine/data.rb', line 171

def update(
  filename,
  key: filename.to_s,
  fileclass: File
)
  if filename.is_a?(String)
    data[key] ||= {}

    if data[key]&.key?(:loader) && data[key][:loader]
      data[key][:loader].refresh if data[key][:loader].respond_to?(:refresh)
      return
    end

    loader = if File.extname(filename) == '.json'
               ComplianceEngine::DataLoader::Json.new(filename, fileclass: fileclass, key: key)
             else
               ComplianceEngine::DataLoader::Yaml.new(filename, fileclass: fileclass, key: key)
             end

    loader.add_observer(self, :update)
    data[key] = {
      loader: loader,
      version: ComplianceEngine::Version.new(loader.data['version']),
      content: loader.data,
    }
  else
    data[filename.key] ||= {}

    # Assume filename is a loader object
    unless data[filename.key]&.key?(:loader)
      data[filename.key][:loader] = filename
      data[filename.key][:loader].add_observer(self, :update)
    end
    data[filename.key][:version] = ComplianceEngine::Version.new(filename.data['version'])
    data[filename.key][:content] = filename.data
  end

  reset_collection
rescue => e
  warn e.message
end