abide_dev_utils 0.4.1 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ecd985f39afeac37bf8f2305dc65c782f34722f95a655249d7219b975952012f
-  data.tar.gz: 9123b33054f39149ba2deb34464b56bcac404438ac161f64a02e93fc1d33b340
+  metadata.gz: cf0d6affedd8f13f06af7f1f0db11666b9df2707d87a7685a4bd39ecd3e1519d
+  data.tar.gz: 0f20af443ff1e13f9e854daa5e7cf5ec45213dfe9a2f0390c250dac92a8cc8d3
 SHA512:
-  metadata.gz: 595556633f91088d8b34ac1d17d5f012c9d84ca7c03d45ef31bd59ccc45278b008f967b5e096909fa625c8eac7911163584ac7d0d4cc46caa1bd062b14eb1f7c
-  data.tar.gz: 0dc612075817afeae37820a7c2d097a29af5ed3ee491b7ab2c61743e209b0345e5fd5fff6f5aab53b3d85b9f0e5b9c07cf16cefff5092ec981c679523fd141e2
+  metadata.gz: '097e88fb6b19170c2b727fd8873fa3dbb766ace25a7538ab8cfbd0a35083cb11654b58fb7f45ee7130d7c4f4cb48b8b241de4849b0cb406de8f7eb62cf09ce68'
+  data.tar.gz: 4c0bc197da434b0ee25c9854b4b2af98a6ad9600733b734f9be21022ce312d7e8f0aea4f27c2217c3f56f7d2df26fedfe228f80b60fcd04da4ec08877a86bc54

data/README.md

@@ -29,6 +29,10 @@ Issues and pull requests are welcome!
 
 * Create Jira issues in bulk from coverage reports
 
+### Puppet Comply Report Generation
+
+* Allows you ot programatically generate compliance reports from Puppet Comply
+
 ### Supports Configuration via Local YAML file
 
 * Fully configurable via the `~/.abide_dev.yaml` file
@@ -84,6 +88,8 @@ Install the gem:
 
 ### Overview of Commands
 
+* `abide comply` - Command namespace for Puppet Comply commands
+  * `abide comply report` - Creates a scan report in YAML format by scraping Puppet Comply
 * `abide jira` - Command namespace for Jira commands
   * `abide jira auth` - Authenticate with Jira. Only useful as a stand-alone command to test authentication
   * `abide jira from_coverage` - Creates a parent issue with subtasks from a Puppet coverage report
@@ -96,6 +102,34 @@ Install the gem:
 * `abide xccdf` - Command namespace for XCCDF commands
   * `abide xccdf to_hiera` - Converts a benchmark XCCDF file to a Hiera yaml file
 
+### Comply Command Reference
+
+#### report
+
+* Required positional parameters:
+  * `COMPLY_URL` - The URL of Puppet Comply
+  * `COMPLY_PASSWORD` - The password for the Puppet Comply user
+* Options:
+  * `--out-file`, `-o` - The path to save the scan report. Defaults to `./comply_scan_report.yaml`
+  * `--username`, `-u` - The Puppet Comply username. Defaults to `comply`
+  * `--status`, `-s` - A comma-separated list of check statuses to ONLY include in the report. Valid statuses are: `pass`, `fail`, `error`, `notapplicable`, `notchecked`, `unknown`, `informational`
+  * `--only`, `-O` - A comma-separated list of node certnames to ONLY build reports for. No other nodes will have reports built for them except the ones specified. This option is mutually exclusive with `--ignore` and, if both are set, this options will take precedence over `--ignore`.
+  * `--ignore`, `-I` - A comma-separated list of node certnames to ignore building reports for. This options is mutually exclusive with `--only` and, if both are set, `--only` will take precedence over this option.
+
+Examples:
+
+Generating a report of all failed and err'd scan checks
+
+```sh
+abide comply report https://comply.my.instance 'my_comply_password!' -s fail,error
+```
+
+Generating a report for certain nodes only
+
+```sh
+abide comply report https://comply.my.instance 'my_comply_password!' -O specific-node.my.instance
+```
+
 ### Jira Command Reference
 
 #### from_coverage

data/abide_dev_utils.gemspec

@@ -34,9 +34,11 @@ Gem::Specification.new do |spec|
   # Prod dependencies
   spec.add_dependency 'nokogiri', '~> 1.11'
   spec.add_dependency 'cmdparse', '~> 3.0'
-  spec.add_dependency 'puppet', '>= 6.19'
+  spec.add_dependency 'puppet', '>= 6.23'
   spec.add_dependency 'jira-ruby', '~> 2.1'
   spec.add_dependency 'ruby-progressbar', '~> 1.11'
+  spec.add_dependency 'selenium-webdriver', '~> 4.0.0.beta4'
+  spec.add_dependency 'google-cloud-storage', '~> 1.34'
 
   # Dev dependencies
   spec.add_development_dependency 'bundler'
@@ -44,6 +46,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'console'
   spec.add_development_dependency 'github_changelog_generator'
   spec.add_development_dependency 'gem-release'
+  spec.add_development_dependency 'pry'
   spec.add_development_dependency 'rspec', '~> 3.10'
   spec.add_development_dependency 'rubocop', '~> 1.8'
   spec.add_development_dependency 'rubocop-rspec', '~> 2.1'

data/lib/abide_dev_utils/cli/abstract.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'abide_dev_utils/config'
+
 module Abide
   module CLI
     # @abstract

data/lib/abide_dev_utils/cli/comply.rb

@@ -0,0 +1,99 @@
+# frozen_string_literal: true
+
+require 'abide_dev_utils/comply'
+require 'abide_dev_utils/cli/abstract'
+
+module Abide
+  module CLI
+    class ComplyCommand < AbideCommand
+      CMD_NAME = 'comply'
+      CMD_SHORT = 'Commands related to Puppet Comply'
+      CMD_LONG = 'Namespace for commands related to Puppet Comply'
+      def initialize
+        super(CMD_NAME, CMD_SHORT, CMD_LONG, takes_commands: true)
+        add_command(ComplyReportCommand.new)
+      end
+    end
+
+    class ComplyReportCommand < AbideCommand
+      CMD_NAME = 'report'
+      CMD_SHORT = 'Generates a yaml report of Puppet Comply scan results'
+      CMD_LONG = <<~LONGCMD
+        Generates a yaml file that shows the scan results of all nodes in Puppet Comply.
+        This command utilizes Selenium WebDriver and the Google Chrome browser to automate
+        clicking through the Comply UI and building a report. In order to use this command,
+        you MUST have Google Chrome installed and you MUST install the chromedriver binary.
+        More info and instructions can be found here:
+        https://www.selenium.dev/documentation/en/getting_started_with_webdriver/.
+      LONGCMD
+      CMD_COMPLY_URL = 'The URL (including https://) of Puppet Comply'
+      CMD_COMPLY_PASSWORD = 'The password for Puppet Comply'
+      OPT_TIMEOUT_DESC = <<~EOTO
+        The number of seconds you would like requests to wait before timing out. Defaults
+        to 10 seconds.
+      EOTO
+      OPT_STATUS_DESC = <<~EODESC
+        A comma-separated list of check statuses to ONLY include in the report.
+        Valid statuses are: pass, fail, error, notapplicable, notchecked, unknown, informational
+      EODESC
+      OPT_IGNORE_NODES = <<~EOIGN
+        A comma-separated list of node certnames to ignore building reports for. This
+        options is mutually exclusive with --only and, if both are set, --only will take precedence
+        over this option.
+      EOIGN
+      OPT_ONLY_NODES = <<~EOONLY
+        A comma-separated list of node certnames to ONLY build reports for. No other
+        nodes will have reports built for them except the ones specified. This option
+        is mutually exclusive with --ignore and, if both are set, this options will
+        take precedence over --ignore.
+      EOONLY
+      def initialize
+        super(CMD_NAME, CMD_SHORT, CMD_LONG, takes_commands: false)
+        argument_desc(COMPLY_URL: CMD_COMPLY_URL, COMPLY_PASSWORD: CMD_COMPLY_PASSWORD)
+        options.on('-o [FILE]', '--out-file [FILE]', 'Path to save the report') { |f| @data[:file] = f }
+        options.on('-u [USERNAME]', '--username [USERNAME]', 'The username for Comply (defaults to comply)') do |u|
+          @data[:username] = u
+        end
+        options.on('-t [SECONDS]', '--timeout [SECONDS]', OPT_TIMEOUT_DESC) do |t|
+          @data[:timeout] = t
+        end
+        options.on('-s x,y,z', '--status x,y,x',
+                   %w[pass fail error notapplicable notchecked unknown informational],
+                   Array,
+                   OPT_STATUS_DESC) do |s|
+          s&.map! { |i| i == 'notchecked' ? 'not checked' : i }
+          @data[:status] = s
+        end
+        options.on('--only x,y,z', Array, OPT_ONLY_NODES) do |o|
+          @data[:onlylist] = o
+        end
+        options.on('--ignore x,y,z', Array, OPT_IGNORE_NODES) do |i|
+          @data[:ignorelist] = i
+        end
+        # options.on('-R', '--[no-]regression-test', OPT_REGRESSION_TEST) do |r|
+        #   @data[:regression] = r
+        # end
+        # options.on('--')
+      end
+
+      def help_arguments
+        <<~ARGHELP
+          Arguments:
+              COMPLY_URL        #{CMD_COMPLY_URL}
+              COMPLY_PASSWORD   #{CMD_COMPLY_PASSWORD}
+
+        ARGHELP
+      end
+
+      def execute(comply_url = nil, comply_password = nil)
+        Abide::CLI::VALIDATE.filesystem_path(`command -v chromedriver`.strip)
+        conf = config_section('comply')
+        comply_url = conf.fetch(:url) if comply_url.nil?
+        comply_password = comply_password.nil? ? conf.fetch(:password, Abide::CLI::PROMPT.password) : comply_password
+        report = AbideDevUtils::Comply.build_report(comply_url, comply_password, conf, **@data)
+        outfile = @data.fetch(:file, nil).nil? ? conf.fetch(:report_path, 'comply_scan_report.yaml') : @data[:file]
+        Abide::CLI::OUTPUT.yaml(report, file: outfile)
+      end
+    end
+  end
+end

data/lib/abide_dev_utils/cli/jira.rb

@@ -1,10 +1,12 @@
 # frozen_string_literal: true
 
 require 'json'
+require 'abide_dev_utils/config'
 require 'abide_dev_utils/jira'
 
 module Abide
   module CLI
+    CONFIG = AbideDevUtils::Config
     JIRA = AbideDevUtils::Jira
 
     class JiraCommand < CmdParse::Command
@@ -57,8 +59,8 @@ module Abide
       def execute(issue)
         client = JIRA.client(options: {})
         issue = client.Issue.find(issue)
-        console = @data[:file].nil? ? true : false
-        out_json = issue.attrs.select { |_,v| !v.nil? || !v.empty? }
+        console = @data[:file].nil?
+        out_json = issue.attrs.select { |_, v| !v.nil? || !v.empty? }
         Abide::CLI::OUTPUT.json(out_json, console: console, file: @data[:file])
       end
     end

data/lib/abide_dev_utils/cli/puppet.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 require 'abide_dev_utils/cli/abstract'
+require 'abide_dev_utils/output'
+require 'abide_dev_utils/ppt'
 
 module Abide
   module CLI
@@ -12,6 +14,10 @@ module Abide
         super(CMD_NAME, CMD_SHORT, CMD_LONG, takes_commands: true)
         add_command(PuppetCoverageCommand.new)
         add_command(PuppetNewCommand.new)
+        add_command(PuppetRenameCommand.new)
+        add_command(PuppetFixClassNamesCommand.new)
+        add_command(PuppetAuditClassNamesCommand.new)
+        add_command(PuppetAddCISCommentCommand.new)
       end
     end
 
@@ -38,12 +44,12 @@ module Abide
       end
 
       def execute(class_dir, hiera_file)
-        require 'abide_dev_utils/ppt'
+        require 'abide_dev_utils/ppt/coverage'
         Abide::CLI::VALIDATE.directory(class_dir)
         Abide::CLI::VALIDATE.file(hiera_file)
-        coverage = AbideDevUtils::Ppt::CoverageReport.generate(class_dir, hiera_file, @data[:profile])
+        coverage = AbideDevUtils::Ppt.generate_coverage_report(class_dir, hiera_file, @data[:profile])
         coverage.each do |k, v|
-          next if ['classes', 'benchmark'].include?(k)
+          next if k.match?(/classes|benchmark/)
 
           Abide::CLI::OUTPUT.simple("#{k} coverage: #{v[:coverage]}%")
         end
@@ -100,14 +106,115 @@ module Abide
       end
 
       def execute(type, name)
-        require 'abide_dev_utils/ppt/new_obj'
-        builder = AbideDevUtils::Ppt::NewObjectBuilder.new(
-          type,
-          name,
-          opts: @data,
-          vars: @data.fetch(:vars, '').split(',').map { |i| i.split('=') }.to_h # makes the str a hash
-        )
-        builder.build
+        AbideDevUtils::Ppt.build_new_object(type, name, @data)
+      end
+    end
+
+    class PuppetRenameCommand < AbideCommand
+      CMD_NAME = 'rename'
+      CMD_SHORT = 'Renames a Puppet class'
+      CMD_LONG = 'Renames a Puppet class. It does this by renaming the file and also the class name in the file. This command can also move class files based on the new class name.'
+      CMD_FROM_ARG = 'The current full class name'
+      CMD_TO_ARG = 'The new full class name'
+      def initialize
+        super(CMD_NAME, CMD_SHORT, CMD_LONG, takes_commands: false)
+        argument_desc(FROM: CMD_FROM_ARG, TO: CMD_TO_ARG)
+        options.on(
+          '-d',
+          '--declaration-only',
+          'Will not rename the class file, only the class declaration in the file'
+        ) { @data[:declaration_only] = true }
+        options.on(
+          '-t',
+          '--declaration-in-to-file',
+          'Use the path derived from the TO class name as the existing file path when renaming class declaration'
+        ) { @data[:declaration_in_to_file] = true }
+        options.on(
+          '-f',
+          '--force',
+          'Forces file move operations'
+        ) { @data[:force] = true }
+        options.on(
+          '-v',
+          '--verbose',
+          'Sets verbose mode on file operations'
+        ) { @data[:verbose] = true }
+      end
+
+      def execute(from, to)
+        AbideDevUtils::Ppt.rename_puppet_class(from, to, **@data)
+      end
+    end
+
+    class PuppetFixClassNamesCommand < AbideCommand
+      CMD_NAME = 'fix-class-names'
+      CMD_SHORT = 'Fixes Puppet class names that are mismatched'
+      CMD_LONG = 'Fixes Puppet class names that are mismatched'
+      CMD_MODE_ARG = '"file" or "class". If "file", the file names will be changed to match their class declarations. If "class", the class declarations will be changed to match the file names.'
+      CMD_DIR_ARG = 'The directory containing the Puppet class files'
+      def initialize
+        super(CMD_NAME, CMD_SHORT, CMD_LONG, takes_commands: false)
+        argument_desc(MODE: CMD_MODE_ARG, DIR: CMD_DIR_ARG)
+        options.on(
+          '-f',
+          '--force',
+          'Forces file move operations'
+        ) { @data[:force] = true }
+        options.on(
+          '-v',
+          '--verbose',
+          'Sets verbose mode on file operations'
+        ) { @data[:verbose] = true }
+      end
+
+      def execute(mode, dir)
+        case mode
+        when /^f.*/
+          AbideDevUtils::Ppt.fix_class_names_file_rename(dir, **@data)
+        when /^c.*/
+          AbideDevUtils::Ppt.fix_class_names_class_rename(dir, **@data)
+        else
+          raise ::ArgumentError, "Invalid mode. Mode:#{mode}"
+        end
+      end
+    end
+
+    class PuppetAuditClassNamesCommand < AbideCommand
+      CMD_NAME = 'audit-class-names'
+      CMD_SHORT = 'Finds Puppet classes in a directory that have names that do not match their path'
+      CMD_LONG = 'Finds Puppet classes in a directory that have names that do not match their path. This is helpful because class names that do not match their path structure break Puppet autoloading.'
+      CMD_DIR_ARG = 'The directory containing the Puppet class files'
+      def initialize
+        super(CMD_NAME, CMD_SHORT, CMD_LONG, takes_commands: false)
+        argument_desc(DIR: CMD_DIR_ARG)
+        options.on('-o [FILE]', '--out-file [FILE]', 'Save results to a file') { |f| @data[:file] = f }
+        options.on('-q', '--quiet', 'Do not print results to console') { @data[:quiet] = true }
+      end
+
+      def execute(dir)
+        if @data.fetch(:quiet, false) && !@data.key?(:file)
+          AbideDevUtils::Output.simple('ERROR: Specifying --quiet without --out-file is useless.', stream: $stderr)
+          exit 1
+        end
+
+        AbideDevUtils::Ppt.audit_class_names(dir, **@data)
+      end
+    end
+
+    class PuppetAddCISCommentCommand < AbideCommand
+      CMD_NAME = 'add-cis-comment'
+      CMD_SHORT = 'Adds the CIS recommendation name to the top of a .pp file'
+      CMD_LONG = 'Adds the CIS recommendation name to the top of a .pp file. Finds CIS recommendation by pattern-matching the class name against XCCDF recommendations.'
+      CMD_PATH_ARG = 'Path to a .pp file or to a directory containing .pp files'
+      CMD_XCCDF_ARG = 'Path to XCCDF file to source recommendation names from'
+      def initialize
+        super(CMD_NAME, CMD_SHORT, CMD_LONG, takes_commands: false)
+        argument_desc(PATH: CMD_PATH_ARG, XCCDF: CMD_XCCDF_ARG)
+        options.on('-N', '--number-format', 'Matches based on number-formatted control class names') { @data[:number_format] = true }
+      end
+
+      def execute(path, xccdf)
+        AbideDevUtils::Ppt.add_cis_comment(path, xccdf, number_format: @data.fetch(:number_format, false))
       end
     end
   end

data/lib/abide_dev_utils/cli.rb

@@ -3,6 +3,7 @@
 require 'cmdparse'
 require 'abide_dev_utils/version'
 require 'abide_dev_utils/constants'
+require 'abide_dev_utils/cli/comply'
 require 'abide_dev_utils/cli/puppet'
 require 'abide_dev_utils/cli/xccdf'
 require 'abide_dev_utils/cli/test'
@@ -21,6 +22,7 @@ module Abide
       parser.main_options.banner = ROOT_CMD_BANNER
       parser.add_command(CmdParse::HelpCommand.new, default: true)
       parser.add_command(CmdParse::VersionCommand.new(add_switches: true))
+      parser.add_command(ComplyCommand.new)
       parser.add_command(PuppetCommand.new)
       parser.add_command(XccdfCommand.new)
       parser.add_command(TestCommand.new)