# frozen_string_literal: true module Neetob class CLI module MonthlyAudit module InstancesAndAddons module NeetoDeploy class CloudfrontCdnEnabled < CLI::Base def initialize super() end def run ui.success "### 3.1.2. Checking whether Cloudfront CDN is enabled" apps_data = [["App", "ASSET_HOST value", "Comments", "Audit Passed"]] ui.info("\n", print_to_audit_log: false) Neetob::CLI::Sre::Base::APPS_LIST[:neetodeploy].select { |app| app.include?("production") }.each do |app| ui.info("Checking ASSET_HOST value for #{app}", print_to_audit_log: false) config_vars_result = Neetob::CLI::NeetoDeploy::ConfigVars::List.new([app]).run begin config_vars = JSON.parse(config_vars_result.first) rescue JSON::ParserError config_vars = config_vars_result.first end audit_passed = nil comments = nil asset_host_value = nil if config_vars.is_a?(Hash) && config_vars["error"] == "Forbidden" audit_passed = "No" comments = "You do not have permission to access the config vars for this app." else asset_host_line = config_vars.split("\n").select { |line| line.include?("ASSET_HOST") }.first if asset_host_line.nil? audit_passed = "No" comments = "ASSET_HOST value not found." else asset_host_value = asset_host_line.split("|")[2].strip is_direct_cloudfront_asset_host = asset_host_value.include?("cloudfront.net") is_cdn_subdomain_asset_host = asset_host_value == "cdn.#{app.gsub("-web-production", "").gsub("-", "")}.com" audit_passed = is_direct_cloudfront_asset_host || is_cdn_subdomain_asset_host ? "Yes" : "No" if audit_passed == "No" comments = "ASSET_HOST value is not a Cloudfront CDN URL or a CDN subdomain URL." end end end apps_data << [app, asset_host_value, comments, audit_passed] end ui.print_table(apps_data) end end end end end end end