Class: InspecPlugins::Compliance::Fetcher

Inherits:

Inspec::Fetcher::Url

• Object
• Inspec::Fetcher::Url
• InspecPlugins::Compliance::Fetcher

Includes:

Inspec::Dist

Defined in:

lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb

Constant Summary

Constants included from Inspec::Dist

Inspec::Dist::AUTOMATE_PRODUCT_NAME, Inspec::Dist::COMPLIANCE_PRODUCT_NAME, Inspec::Dist::EXEC_NAME, Inspec::Dist::PRODUCT_NAME, Inspec::Dist::SERVER_PRODUCT_NAME

Constants inherited from Inspec::Fetcher::Url

Inspec::Fetcher::Url::BITBUCKET_URL, Inspec::Fetcher::Url::BITBUCKET_URL_BRANCH_REGEX, Inspec::Fetcher::Url::BITBUCKET_URL_COMMIT_REGEX, Inspec::Fetcher::Url::BITBUCKET_URL_REGEX, Inspec::Fetcher::Url::GITHUB_URL, Inspec::Fetcher::Url::GITHUB_URL_REGEX, Inspec::Fetcher::Url::GITHUB_URL_WITH_TREE_REGEX, Inspec::Fetcher::Url::MIME_TYPES

Instance Attribute Summary

• #upstream_sha256 ⇒ Object readonly

  Returns the value of attribute upstream_sha256.

Attributes inherited from Inspec::Fetcher::Url

#archive_path, #files

Class Method Summary

• .check_compliance_token(uri, config) ⇒ Object
• .get_target_uri(target) ⇒ Object
• .resolve(target) ⇒ Object

Instance Method Summary

• #initialize(target, opts) ⇒ Fetcher constructor

  A new instance of Fetcher.

• #resolved_source ⇒ Object

  We want to save compliance: in the lockfile rather than url: to make sure we go back through the Compliance API handling.

• #sha256 ⇒ Object
• #to_s ⇒ Object

Methods inherited from Inspec::Fetcher::Url

#cache_key, default_ref, #fetch, resolve_from_string, shellout, transform

Constructor Details

#initialize(target, opts) ⇒ Fetcher

Returns a new instance of Fetcher.

# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 18

def initialize(target, opts)
  super(target, opts)
  @upstream_sha256 = ""
  if target.is_a?(Hash) && target.key?(:url)
    @target = target[:url]
    @upstream_sha256 = target[:sha256]
  elsif target.is_a?(String)
    @target = target
  end
end

Instance Attribute Details

#upstream_sha256 ⇒ Object (readonly)

Returns the value of attribute upstream_sha256.

# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 16

def upstream_sha256
  @upstream_sha256
end

Class Method Details

.check_compliance_token(uri, config) ⇒ Object

# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 33

def self.check_compliance_token(uri, config)
  if config["token"].nil? && config["refresh_token"].nil?
    server = "automate2"
    msg = "#{EXEC_NAME} [automate|compliance] login https://your_automate2_server --user USER --token APITOKEN"
    raise Inspec::FetcherFailure, <<~EOF

      Cannot fetch #{uri} because your #{server} token has not been
      configured.

      Please login using

          #{msg}
    EOF
  end
end

.get_target_uri(target) ⇒ Object

# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 49

def self.get_target_uri(target)
  if target.is_a?(String) && URI(target).scheme == "compliance"
    URI(target)
  elsif target.respond_to?(:key?) && target.key?(:compliance)
    URI("compliance://#{target[:compliance]}")
  end
end

.resolve(target) ⇒ Object

# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 57

def self.resolve(target)
  uri = get_target_uri(target)
  return nil if uri.nil?

  config = InspecPlugins::Compliance::Configuration.new
  profile = InspecPlugins::Compliance::API.sanitize_profile_name(uri)
  profile_fetch_url = InspecPlugins::Compliance::API.target_url(config, profile)
  # we have detailed information available in our lockfile, no need to ask the server
  if target.respond_to?(:key?) && target.key?(:sha256)
    profile_checksum = target[:sha256]
  else
    check_compliance_token(uri, config)
    # verifies that the target e.g base/ssh exists
    # Call profiles directly instead of exist? to capture the results
    # so we can access the upstream sha256 from the results.
    _msg, profile_result = InspecPlugins::Compliance::API.profiles(config, profile)
    if profile_result.empty?
      raise Inspec::FetcherFailure, "The compliance profile #{profile} was not found on the configured compliance server"
    else
      # Guarantee sorting by verison and grab the latest.
      # If version was specified, it will be the first and only result.
      # Note we are calling the sha256 as a string, not a symbol since
      # it was returned as json from the Compliance API.
      profile_info = profile_result.min_by { |x| Gem::Version.new(x["version"]) }
      profile_checksum = profile_info.key?("sha256") ? profile_info["sha256"] : ""
    end
  end
  # We need to pass the token to the fetcher
  config["token"] = InspecPlugins::Compliance::API.get_token(config)

  # Needed for automate2 post request
  profile_stub = profile || target[:compliance]
  config["profile"] = InspecPlugins::Compliance::API.profile_split(profile_stub)

  new({ url: profile_fetch_url, sha256: profile_checksum }, config)
rescue URI::Error => _e
  nil
end

Instance Method Details

#resolved_source ⇒ Object

We want to save compliance: in the lockfile rather than url: to make sure we go back through the Compliance API handling.

# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 98

def resolved_source
  @resolved_source ||= {
    compliance: compliance_profile_name,
    url: @target,
    sha256: sha256,
  }
end

#sha256 ⇒ Object

# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 29

def sha256
  upstream_sha256.empty? ? super : upstream_sha256
end

#to_s ⇒ Object

# File 'lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb', line 106

def to_s
  "#{AUTOMATE_PRODUCT_NAME} Profile Loader"
end