lib/bundles/inspec-compliance/target.rb in inspec-2.1.21 vs lib/bundles/inspec-compliance/target.rb in inspec-2.1.30
- old
+ new
@@ -1,98 +1,98 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-
-require 'uri'
-require 'inspec/fetcher'
-require 'inspec/errors'
-
-# InSpec Target Helper for Chef Compliance
-# reuses UrlHelper, but it knows the target server and the access token already
-# similar to `inspec exec http://localhost:2134/owners/%base%/compliance/%ssh%/tar --user %token%`
-module Compliance
- class Fetcher < Fetchers::Url
- name 'compliance'
- priority 500
- def self.resolve(target) # rubocop:disable PerceivedComplexity, Metrics/CyclomaticComplexity
- uri = if target.is_a?(String) && URI(target).scheme == 'compliance'
- URI(target)
- elsif target.respond_to?(:key?) && target.key?(:compliance)
- URI("compliance://#{target[:compliance]}")
- end
-
- return nil if uri.nil?
-
- # we have detailed information available in our lockfile, no need to ask the server
- if target.respond_to?(:key?) && target.key?(:url)
- profile_fetch_url = target[:url]
- config = {}
- else
- # check if we have a compliance token
- config = Compliance::Configuration.new
- if config['token'].nil? && config['refresh_token'].nil?
- if config['server_type'] == 'automate'
- server = 'automate'
- msg = 'inspec compliance login https://your_automate_server --user USER --ent ENT --dctoken DCTOKEN or --token USERTOKEN'
- else
- server = 'compliance'
- msg = "inspec compliance login https://your_compliance_server --user admin --insecure --token 'PASTE TOKEN HERE' "
- end
- raise Inspec::FetcherFailure, <<~EOF
-
- Cannot fetch #{uri} because your #{server} token has not been
- configured.
-
- Please login using
-
- #{msg}
- EOF
- end
-
- # verifies that the target e.g base/ssh exists
- profile = Compliance::API.sanitize_profile_name(uri)
- if !Compliance::API.exist?(config, profile)
- raise Inspec::FetcherFailure, "The compliance profile #{profile} was not found on the configured compliance server"
- end
- profile_fetch_url = Compliance::API.target_url(config, profile)
- end
- # We need to pass the token to the fetcher
- config['token'] = Compliance::API.get_token(config)
- new(profile_fetch_url, config)
- rescue URI::Error => _e
- nil
- end
-
- # We want to save compliance: in the lockfile rather than url: to
- # make sure we go back through the Compliance API handling.
- def resolved_source
- @resolved_source ||= {
- compliance: compliance_profile_name,
- url: @target,
- sha256: sha256,
- }
- end
-
- def to_s
- 'Chef Compliance Profile Loader'
- end
-
- private
-
- # determine the owner_id and the profile name from the url
- def compliance_profile_name
- m = if Compliance::API.is_automate_server_pre_080?(@config)
- %r{^#{@config['server']}/(?<owner>[^/]+)/(?<id>[^/]+)/tar$}
- elsif Compliance::API.is_automate_server_080_and_later?(@config)
- %r{^#{@config['server']}/profiles/(?<owner>[^/]+)/(?<id>[^/]+)/tar$}
- else
- %r{^#{@config['server']}/owners/(?<owner>[^/]+)/compliance/(?<id>[^/]+)/tar$}
- end.match(@target)
-
- raise 'Unable to determine compliance profile name. This can be caused by ' \
- 'an incorrect server in your configuration. Try to login to compliance ' \
- 'via the `inspec compliance login` command.' if m.nil?
-
- "#{m[:owner]}/#{m[:id]}"
- end
- end
-end
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'uri'
+require 'inspec/fetcher'
+require 'inspec/errors'
+
+# InSpec Target Helper for Chef Compliance
+# reuses UrlHelper, but it knows the target server and the access token already
+# similar to `inspec exec http://localhost:2134/owners/%base%/compliance/%ssh%/tar --user %token%`
+module Compliance
+ class Fetcher < Fetchers::Url
+ name 'compliance'
+ priority 500
+ def self.resolve(target) # rubocop:disable PerceivedComplexity, Metrics/CyclomaticComplexity
+ uri = if target.is_a?(String) && URI(target).scheme == 'compliance'
+ URI(target)
+ elsif target.respond_to?(:key?) && target.key?(:compliance)
+ URI("compliance://#{target[:compliance]}")
+ end
+
+ return nil if uri.nil?
+
+ # we have detailed information available in our lockfile, no need to ask the server
+ if target.respond_to?(:key?) && target.key?(:url)
+ profile_fetch_url = target[:url]
+ config = {}
+ else
+ # check if we have a compliance token
+ config = Compliance::Configuration.new
+ if config['token'].nil? && config['refresh_token'].nil?
+ if config['server_type'] == 'automate'
+ server = 'automate'
+ msg = 'inspec compliance login https://your_automate_server --user USER --ent ENT --dctoken DCTOKEN or --token USERTOKEN'
+ else
+ server = 'compliance'
+ msg = "inspec compliance login https://your_compliance_server --user admin --insecure --token 'PASTE TOKEN HERE' "
+ end
+ raise Inspec::FetcherFailure, <<~EOF
+
+ Cannot fetch #{uri} because your #{server} token has not been
+ configured.
+
+ Please login using
+
+ #{msg}
+ EOF
+ end
+
+ # verifies that the target e.g base/ssh exists
+ profile = Compliance::API.sanitize_profile_name(uri)
+ if !Compliance::API.exist?(config, profile)
+ raise Inspec::FetcherFailure, "The compliance profile #{profile} was not found on the configured compliance server"
+ end
+ profile_fetch_url = Compliance::API.target_url(config, profile)
+ end
+ # We need to pass the token to the fetcher
+ config['token'] = Compliance::API.get_token(config)
+ new(profile_fetch_url, config)
+ rescue URI::Error => _e
+ nil
+ end
+
+ # We want to save compliance: in the lockfile rather than url: to
+ # make sure we go back through the Compliance API handling.
+ def resolved_source
+ @resolved_source ||= {
+ compliance: compliance_profile_name,
+ url: @target,
+ sha256: sha256,
+ }
+ end
+
+ def to_s
+ 'Chef Compliance Profile Loader'
+ end
+
+ private
+
+ # determine the owner_id and the profile name from the url
+ def compliance_profile_name
+ m = if Compliance::API.is_automate_server_pre_080?(@config)
+ %r{^#{@config['server']}/(?<owner>[^/]+)/(?<id>[^/]+)/tar$}
+ elsif Compliance::API.is_automate_server_080_and_later?(@config)
+ %r{^#{@config['server']}/profiles/(?<owner>[^/]+)/(?<id>[^/]+)/tar$}
+ else
+ %r{^#{@config['server']}/owners/(?<owner>[^/]+)/compliance/(?<id>[^/]+)/tar$}
+ end.match(@target)
+
+ raise 'Unable to determine compliance profile name. This can be caused by ' \
+ 'an incorrect server in your configuration. Try to login to compliance ' \
+ 'via the `inspec compliance login` command.' if m.nil?
+
+ "#{m[:owner]}/#{m[:id]}"
+ end
+ end
+end