abide_dev_utils 0.6.0 → 0.8.0

data/lib/abide_dev_utils/comply.rb

@@ -1,11 +1,13 @@
 # frozen_string_literal: true
 
+require 'json'
 require 'yaml'
 require 'selenium-webdriver'
 require 'abide_dev_utils/errors/comply'
 require 'abide_dev_utils/gcloud'
 require 'abide_dev_utils/output'
 require 'abide_dev_utils/prompt'
+require 'pry'
 
 module AbideDevUtils
   # Holds module methods and a class for dealing with Puppet Comply
@@ -16,56 +18,55 @@ module AbideDevUtils
       ReportScraper.new(url, config, **opts).build_report(password)
     end
 
-    def self.check_for_regressions(url, password, config = nil, **opts)
-      current_report = build_report(url, password, config, **opts)
-      last_report = if opts.fetch(:remote_report_storage, '') == 'gcloud'
-                      fetch_report
+    def self.compare_reports(report_a, report_b, **opts)
+      report_name = opts.fetch(:report_name, nil)
+      current_report = ScanReport.new.from_yaml(report_a)
+      last_report = if opts.fetch(:remote_storage, '') == 'gcloud'
+                      report_name = report_b if report_name.nil?
+                      ScanReport.new.from_yaml(ScanReport.fetch_report(name: report_b))
                     else
-                      File.open(opts[:last_report], 'r', &:read)
+                      report_name = File.basename(report_b) if report_name.nil?
+                      ScanReport.new.from_yaml(File.read(report_b))
                     end
-      result, details = good_comparison?(report_comparison(current_report, last_report))
+      result, details = current_report.report_comparison(last_report, check_goodness: true)
       if result
-        puts 'A-OK'
+        AbideDevUtils::Output.simple('No negative differences detected...')
+        AbideDevUtils::Output.simple(JSON.pretty_generate(details))
       else
-        puts 'Uh-Oh'
-        puts details
+        AbideDevUtils::Output.simple('Negative differences detected!', stream: $stderr)
+        AbideDevUtils::Output.simple(JSON.pretty_generate(details), stream: $stderr)
       end
+      if opts.fetch(:upload, false) && !opts.fetch(:remote_storage, '').empty? && !report_name.nil?
+        AbideDevUtils::Output.simple('Uploading current report...')
+        ScanReport.upload_report(File.expand_path(report_a), name: report_name)
+        AbideDevUtils::Output.simple('Successfully uploaded report.')
+      end
+      result
     end
 
     # Class that uses Selenium WebDriver to gather scan reports from Puppet Comply
     class ReportScraper
+      attr_reader :timeout,
+                  :username,
+                  :status,
+                  :ignorelist,
+                  :onlylist,
+                  :max_pagination,
+                  :screenshot_on_error,
+                  :page_source_on_error
+
       def initialize(url, config = nil, **opts)
         @url = url
         @config = config
         @opts = opts
-      end
-
-      def timeout
-        @timeout ||= fetch_option(:timeout, 10).to_i
-      end
-
-      def username
-        @username ||= fetch_option(:username, 'comply')
-      end
-
-      def status
-        @status ||= fetch_option(:status)
-      end
-
-      def ignorelist
-        @ignorelist ||= fetch_option(:ignorelist, [])
-      end
-
-      def onlylist
-        @onlylist ||= fetch_option(:onlylist, [])
-      end
-
-      def screenshot_on_error
-        @screenshot_on_error ||= fetch_option(:screenshot_on_error, true)
-      end
-
-      def page_source_on_error
-        @page_source_on_error ||= fetch_option(:page_source_on_error, true)
+        @timeout = fetch_option(:timeout, 10).to_i
+        @username = fetch_option(:username, 'comply')
+        @status = fetch_option(:status)
+        @ignorelist = fetch_option(:ignorelist, [])
+        @onlylist = fetch_option(:onlylist, [])
+        @max_pagination = fetch_option(:max_pagination, 5).to_i
+        @screenshot_on_error = fetch_option(:screenshot_on_error, false)
+        @page_source_on_error = fetch_option(:page_source_on_error, false)
       end
 
       def build_report(password)
@@ -119,6 +120,7 @@ module AbideDevUtils
                                      --headless
                                      --test-type
                                      --disable-gpu
+                                     --no-sandbox
                                      --no-first-run
                                      --no-default-browser-check
                                      --ignore-certificate-errors
@@ -133,27 +135,32 @@ module AbideDevUtils
         subject.find_element(**kwargs)
       end
 
-      def wait_on(ignore_nse: false, ignore: [Selenium::WebDriver::Error::NoSuchElementError], &block)
+      def wait_on(timeout: @timeout,
+                  ignore_nse: false,
+                  quit_driver: true,
+                  quiet: false,
+                  ignore: [Selenium::WebDriver::Error::NoSuchElementError],
+                  &block)
         raise 'wait_on must be passed a block' unless block
 
         value = nil
         if ignore_nse
           begin
-            Selenium::WebDriver::Wait.new(ignore: [], timeout: timeout).until do
+            Selenium::WebDriver::Wait.new(ignore: [], timeout: timeout, interval: 1).until do
               value = yield
             end
           rescue Selenium::WebDriver::Error::NoSuchElementError
             return value
-          rescue => e
-            raise_error(e)
+          rescue StandardError => e
+            raise_error(e, AbideDevUtils::Comply::WaitOnError, quit_driver: quit_driver, quiet: quiet)
           end
         else
           begin
-            Selenium::WebDriver::Wait.new(ignore: ignore, timeout: timeout).until do
+            Selenium::WebDriver::Wait.new(ignore: ignore, timeout: timeout, interval: 1).until do
               value = yield
             end
-          rescue => e
-            raise_error(e)
+          rescue StandardError => e
+            raise_error(e, AbideDevUtils::Comply::WaitOnError, quit_driver: quit_driver, quiet: quiet)
           end
         end
         value
@@ -169,20 +176,21 @@ module AbideDevUtils
         FileUtils.mkdir_p path
       end
 
-      def raise_error(err)
-        output.simple 'Something went wrong!'
+      def raise_error(original, err_class = nil, quit_driver: true, quiet: false)
+        output.simple 'Something went wrong!' unless quiet
         if screenshot_on_error
-          output.simple 'Taking a screenshot of current page state...'
+          output.simple 'Taking a screenshot of current page state...' unless quiet
           screenshot
         end
 
         if page_source_on_error
-          output.simple 'Saving page source of current page...'
+          output.simple 'Saving page source of current page...' unless quiet
           page_source
         end
 
-        driver.quit
-        raise err
+        driver.quit if quit_driver
+        actual_err_class = err_class.nil? ? original.class : err_class
+        raise actual_err_class, original.message
       end
 
       def screenshot
@@ -226,12 +234,56 @@ module AbideDevUtils
         raise ComplyLoginFailedError, error_text
       end
 
+      def filter_node_report_links(node_report_links)
+        if onlylist.empty? && ignorelist.empty?
+          output.simple 'No filters set, using all node reports...'
+          return node_report_links
+        end
+
+        unless onlylist.empty?
+          output.simple 'Onlylist found, filtering node reports...'
+          return node_report_links.select { |l| onlylist.include?(l[:name]) }
+        end
+
+        output.simple 'Ignorelist found, filtering node reports...'
+        node_report_links.reject { |l| ignorelist.include?(l[:name]) }
+      end
+
+      def find_node_report_table(subject)
+        wait_on { find_element(subject, class: 'metric-containers-failed-hosts-count') }
+        hosts = find_element(subject, class: 'metric-containers-failed-hosts-count')
+        table = find_element(hosts, class: 'rc-table')
+        wait_on { find_element(table, tag_name: 'tbody') }
+        find_element(table, tag_name: 'tbody')
+      end
+
+      def wait_for_node_report_links(table_body)
+        wait_on(timeout: 2, quit_driver: false, quiet: true) { table_body.find_element(tag_name: 'a') }
+        output.simple 'Found node report links...'
+        table_body.find_elements(tag_name: 'a')
+      rescue AbideDevUtils::Comply::WaitOnError
+        []
+      end
+
       def find_node_report_links
         output.simple 'Finding nodes with scan reports...'
-        hosts = wait_on { find_element(class: 'metric-containers-failed-hosts-count') }
-        table = find_element(hosts, class: 'rc-table')
-        table_body = find_element(table, tag_name: 'tbody')
-        wait_on { table_body.find_elements(tag_name: 'a') }
+        node_report_links = []
+        (1..max_pagination).each do |page|
+          output.simple "Trying page #{page}..."
+          driver.get("#{@url}/dashboard?page=#{page}&limit=50")
+          table_body = find_node_report_table(driver)
+          elems = wait_for_node_report_links(table_body)
+          if elems.empty?
+            output.simple "No links found on page #{page}, stopping search..."
+            break
+          end
+
+          elems.each do |elem|
+            node_report_links << { name: elem.text, url: elem.attribute('href') }
+          end
+        end
+        driver.get(@url)
+        filter_node_report_links(node_report_links)
       end
 
       def connect(password)
@@ -253,63 +305,56 @@ module AbideDevUtils
         output.simple 'Building scan reports, this may take a while...'
         all_checks = {}
         original_window = driver.window_handle
-        if !onlylist.empty?
-          node_report_links.reject! { |l| !onlylist.include?(l.text) }
-        elsif !ignorelist.empty?
-          node_report_links.reject! { |l| ignorelist.include?(l.text) }
-        end
         node_report_links.each do |link|
-          begin
-            node_name = link.text
-            new_progress(node_name)
-            link_url = link.attribute('href')
-            driver.manage.new_window(:tab)
-            progress.increment
-            wait_on { driver.window_handles.length == 2 }
-            progress.increment
-            driver.switch_to.window driver.window_handles[1]
-            driver.get(link_url)
-            wait_on { find_element(class: 'details-scan-info') }
-            progress.increment
-            wait_on { find_element(class: 'details-table') }
-            progress.increment
-            report = { 'scan_results' => {} }
-            scan_info_table = find_element(class: 'details-scan-info')
-            scan_info_table_rows = scan_info_table.find_elements(tag_name: 'tr')
+          node_name = link[:name]
+          link_url = link[:url]
+          new_progress(node_name)
+          driver.manage.new_window(:tab)
+          progress.increment
+          wait_on { driver.window_handles.length == 2 }
+          progress.increment
+          driver.switch_to.window driver.window_handles[1]
+          driver.get(link_url)
+          wait_on { find_element(class: 'details-scan-info') }
+          progress.increment
+          wait_on { find_element(class: 'details-table') }
+          progress.increment
+          report = { 'scan_results' => {} }
+          scan_info_table = find_element(class: 'details-scan-info')
+          scan_info_table_rows = scan_info_table.find_elements(tag_name: 'tr')
+          progress.increment
+          check_table_body = find_element(tag_name: 'tbody')
+          check_table_rows = check_table_body.find_elements(tag_name: 'tr')
+          progress.increment
+          scan_info_table_rows.each do |row|
+            key = find_element(row, tag_name: 'h5').text
+            value = find_element(row, tag_name: 'strong').text
+            report[key.downcase.tr(':', '').tr(' ', '_')] = value
             progress.increment
-            check_table_body = find_element(tag_name: 'tbody')
-            check_table_rows = check_table_body.find_elements(tag_name: 'tr')
-            progress.increment
-            scan_info_table_rows.each do |row|
-              key = find_element(row, tag_name: 'h5').text
-              value = find_element(row, tag_name: 'strong').text
-              report[key.downcase.tr(':', '').tr(' ', '_')] = value
-              progress.increment
-            end
-            check_table_rows.each do |row|
-              chk_objs = row.find_elements(tag_name: 'td')
-              chk_objs.map!(&:text)
-              if status.nil? || status.include?(chk_objs[1].downcase)
-                name_parts = chk_objs[0].match(/^([0-9.]+) (.+)$/)
-                key = normalize_cis_rec_name(name_parts[2])
-                unless report['scan_results'].key?(chk_objs[1])
-                  report['scan_results'][chk_objs[1]] = {}
-                end
-                report['scan_results'][chk_objs[1]][key] = {
-                  'name' => name_parts[2].chomp,
-                  'number' => name_parts[1].chomp
-                }
+          end
+          check_table_rows.each do |row|
+            chk_objs = row.find_elements(tag_name: 'td')
+            chk_objs.map!(&:text)
+            if status.nil? || status.include?(chk_objs[1].downcase)
+              name_parts = chk_objs[0].match(/^([0-9.]+) (.+)$/)
+              key = normalize_cis_rec_name(name_parts[2])
+              unless report['scan_results'].key?(chk_objs[1])
+                report['scan_results'][chk_objs[1]] = {}
               end
-              progress.increment
+              report['scan_results'][chk_objs[1]][key] = {
+                'name' => name_parts[2].chomp,
+                'number' => name_parts[1].chomp
+              }
             end
-            all_checks[node_name] = report
-            driver.close
-            output.simple "Created report for #{node_name}"
-          rescue => e
-            raise_error(e)
-          ensure
-            driver.switch_to.window original_window
+            progress.increment
           end
+          all_checks[node_name] = report
+          driver.close
+          output.simple "Created report for #{node_name}"
+        rescue ::StandardError => e
+          raise_error(e)
+        ensure
+          driver.switch_to.window original_window
         end
         all_checks
       end
@@ -317,6 +362,8 @@ module AbideDevUtils
 
     # Contains multiple NodeScanReport objects
     class ScanReport
+      attr_reader :node_scan_reports
+
       def from_yaml(report)
         @scan_report = if report.is_a? Hash
                          report
@@ -325,7 +372,65 @@ module AbideDevUtils
                        else
                          YAML.safe_load(report)
                        end
-        build_node_scan_reports
+        @node_scan_reports = build_node_scan_reports
+        self
+      end
+
+      def to_h
+        node_scan_reports.each_with_object({}) do |node, h|
+          h[node.name] = node.hash
+        end
+      end
+
+      def to_yaml
+        to_h.to_yaml
+      end
+
+      def self.storage_bucket
+        @storage_bucket ||= AbideDevUtils::GCloud.storage_bucket
+      end
+
+      def self.fetch_report(name: 'comply_report.yaml')
+        report = storage_bucket.file(name)
+        report.download.read
+      end
+
+      def self.upload_report(report, name: 'comply_report.yaml')
+        storage_bucket.create_file(report, name)
+      end
+
+      def report_comparison(other, check_goodness: false)
+        comparison = []
+        node_scan_reports.zip(other.node_scan_reports).each do |cr, lr|
+          comparison << { cr.name => { diff: {}, node_presense: :new } } if lr.nil?
+          comparison << { lr.name => { diff: {}, node_presense: :dropped } } if cr.nil?
+          comparison << { cr.name => { diff: cr.diff(lr), node_presence: :same } } unless cr.nil? || lr.nil?
+        end
+        comparison.inject(&:merge)
+        return good_comparison?(comparison) if check_goodness
+
+        compairison
+      end
+
+      def good_comparison?(report_comparison)
+        good = true
+        not_good = {}
+        report_comparison.each do |node_report|
+          node_name = node_report.keys[0]
+          report = node_report[node_name]
+          next if report[:diff].empty?
+
+          not_good[node_name] = {}
+          unless report.dig(:diff, :passing, :other).nil?
+            good = false
+            not_good[node_name][:new_not_passing] = report[:diff][:passing][:other]
+          end
+          unless report.dig(:diff, :failing, :self).nil?
+            good = false
+            not_good[node_name][:new_failing] = report[:diff][:failing][:self]
+          end
+        end
+        [good, not_good]
       end
 
       private
@@ -341,20 +446,22 @@ module AbideDevUtils
 
     # Class representation of a Comply node scan report
     class NodeScanReport
-      attr_reader :name, :passing, :failing, :not_checked, :informational, :benchmark, :last_scan, :profile
+      attr_reader :name, :passing, :failing, :error, :not_checked, :informational, :benchmark, :last_scan, :profile
 
-      DIFF_PROPERTIES = %i[passing failing not_checked informational].freeze
+      DIFF_PROPERTIES = %i[passing failing error not_checked informational].freeze
 
       def initialize(node_name, node_hash)
         @name = node_name
         @hash = node_hash
         @passing = node_hash.dig('scan_results', 'Pass') || {}
         @failing = node_hash.dig('scan_results', 'Fail') || {}
+        @error = node_hash.dig('scan_results', 'Error') || {}
         @not_checked = node_hash.dig('scan_results', 'Not checked') || {}
         @informational = node_hash.dig('scan_results', 'Informational') || {}
         @benchmark = node_hash['benchmark']
         @last_scan = node_hash['last_scan']
         @profile = node_hash.fetch('custom_profile', nil) || node_hash.fetch('profile', nil)
+        create_equality_methods
       end
 
       def diff(other)
@@ -365,21 +472,17 @@ module AbideDevUtils
         diff
       end
 
-      def method_missing(method_name, *args, &_block)
-        case method_name
-        when method_name.match?(/^(passing|failing|not_checked|informational)_equal?$/)
-          property_equal?(method_name.delete_suffix('_equal?'), *args)
-        when method_name.match?(/^(to_h|to_yaml)$/)
-          @hash.send(method_name.to_sym)
-        end
-      end
+      private
 
-      def respond_to_missing?(method_name, _include_private = false)
-        method_name.match?(/^(((passing|failing|not_checked|informational)_equal?)|to_h|to_yaml)$/)
+      def create_equality_methods
+        DIFF_PROPERTIES.each do |prop|
+          meth_name = "#{prop.to_s}_equal?"
+          self.class.define_method(meth_name) do |other|
+            property_equal?(prop, other)
+          end
+        end
       end
 
-      private
-
       def property_diff(property, other)
         {
           self: send(property).keys - other.send(property).keys,
@@ -388,54 +491,8 @@ module AbideDevUtils
       end
 
       def property_equal?(property, other_property)
-        send(property.to_sym) == other_property
-      end
-    end
-
-    def self.storage_bucket
-      @storage_bucket ||= AbideDevUtils::GCloud.storage_bucket
-    end
-
-    def self.fetch_report
-      report = storage_bucket.file('comply_report.yaml')
-      report.download.read
-    end
-
-    def self.upload_report(report)
-      file_to_upload = report.is_a?(Hash) ? report.to_yaml : report
-      storage_bucket.create_file(file_to_upload, 'comply_report.yaml')
-    end
-
-    def self.report_comparison(current, last)
-      current_report = ScanReport.new.from_yaml(current)
-      last_report = ScanReport.new.from_yaml(last)
-
-      comparison = []
-      current_report.zip(last_report).each do |cr, lr|
-        comparison << { cr.name => { diff: {}, node_presense: :new } } if lr.nil?
-        comparison << { lr.name => { diff: {}, node_presense: :dropped } } if cr.nil?
-        comparison << { cr.name => { diff: cr.diff(lr), node_presence: :same } } unless cr.nil? || lr.nil?
-      end
-      comparison.inject(&:merge)
-    end
-
-    def self.good_comparison?(report_comparison)
-      good = true
-      not_good = {}
-      report_comparison.each do |node_name, report|
-        next if report[:diff].empty?
-
-        not_good[node_name] = {}
-        unless report[:diff][:passing][:other].empty?
-          good = false
-          not_good[node_name][:new_not_passing] = report[:diff][:passing][:other]
-        end
-        unless report[:diff][:failing][:self].empty?
-          good = false
-          not_good[node_name][:new_failing] = report[:diff][:failing][:self]
-        end
+        send(property) == other_property
       end
-      [good, not_good]
     end
   end
 end

data/lib/abide_dev_utils/errors/comply.rb

@@ -8,6 +8,10 @@ module AbideDevUtils
       class ComplyLoginFailedError < GenericError
         @default = 'Failed to login to Comply:'
       end
+
+      class WaitOnError < GenericError
+        @default = 'wait_on failed due to error:'
+      end
     end
   end
 end

data/lib/abide_dev_utils/errors/general.rb

@@ -29,6 +29,11 @@ module AbideDevUtils
       @default = 'Path is not a directory:'
     end
 
+    # Raised when a file extension is not correct
+    class FileExtensionIncorrectError < GenericError
+      @default = 'File extension does not match specified extension:'
+    end
+
     # Raised when a searched for service is not found in the parser
     class ServiceNotFoundError < GenericError
       @default = 'Service not found:'

data/lib/abide_dev_utils/errors/xccdf.rb

@@ -12,5 +12,13 @@ module AbideDevUtils
     class StrategyInvalidError < GenericError
       @default = 'Invalid strategy selected. Should be either \'name\' or \'num\''
     end
+
+    class ControlPartsError < GenericError
+      @default = 'Failed to extract parts from control name:'
+    end
+
+    class ProfilePartsError < GenericError
+      @default = 'Failed to extract parts from profile name:'
+    end
   end
 end

data/lib/abide_dev_utils/gcloud.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require 'json'
 require 'abide_dev_utils/errors/gcloud'
 
 module AbideDevUtils
@@ -14,7 +15,7 @@ module AbideDevUtils
       require 'google/cloud/storage'
       @bucket = Google::Cloud::Storage.new(
         project_id: project || ENV['ABIDE_GCLOUD_PROJECT'],
-        credentials: credentials || ENV['ABIDE_GCLOUD_CREDENTIALS']
+        credentials: credentials || JSON.parse(ENV['ABIDE_GCLOUD_CREDENTIALS'])
       ).bucket(name || ENV['ABIDE_GCLOUD_BUCKET'])
     end
   end

data/lib/abide_dev_utils/output.rb

@@ -22,9 +22,13 @@ module AbideDevUtils
     end
 
     def self.yaml(in_obj, console: false, file: nil)
-      AbideDevUtils::Validate.hashable(in_obj)
-      # Use object's #to_yaml method if it exists, convert to hash if not
-      yaml_out = in_obj.respond_to?(:to_yaml) ? in_obj.to_yaml : in_obj.to_h.to_yaml
+      yaml_out = if in_obj.is_a? String
+                   in_obj
+                 else
+                   AbideDevUtils::Validate.hashable(in_obj)
+                   # Use object's #to_yaml method if it exists, convert to hash if not
+                   in_obj.respond_to?(:to_yaml) ? in_obj.to_yaml : in_obj.to_h.to_yaml
+                 end
       simple(yaml_out) if console
       FWRITER.write_yaml(yaml_out, file: file) unless file.nil?
     end