abide_dev_utils 0.6.0 → 0.9.3

data/lib/abide_dev_utils/ppt/api.rb

@@ -0,0 +1,219 @@
+# frozen_string_literal: true
+
+require 'io/console'
+require 'json'
+require 'net/http'
+require 'openssl'
+
+module AbideDevUtils
+  module Ppt
+    class ApiClient
+      attr_reader :hostname, :custom_ports
+      attr_writer :auth_token, :tls_cert_verify
+      attr_accessor :content_type
+
+      CT_JSON = 'application/json'
+      API_DEFS = {
+        codemanager: {
+          port: 8170,
+          version: 'v1',
+          base: 'code-manager',
+          paths: [
+            {
+              path: 'deploys',
+              verbs: %w[post],
+              x_auth: true
+            }
+          ]
+        },
+        classifier1: {
+          port: 4433,
+          version: 'v1',
+          base: 'classifier-api',
+          paths: [
+            {
+              path: 'groups',
+              verbs: %w[get post],
+              x_auth: true
+            }
+          ]
+        },
+        orchestrator: {
+          port: 8143,
+          version: 'v1',
+          base: 'orchestrator',
+          paths: [
+            {
+              path: 'command/deploy',
+              verbs: %w[post],
+              x_auth: true
+            },
+            {
+              path: 'command/task',
+              verbs: %w[post],
+              x_auth: true
+            },
+            {
+              path: 'jobs',
+              verbs: %w[get],
+              x_auth: true
+            }
+          ]
+        }
+      }.freeze
+
+      def initialize(hostname, auth_token: nil, content_type: CT_JSON, custom_ports: {}, verbose: false)
+        @hostname = hostname
+        @auth_token = auth_token
+        @content_type = content_type
+        @custom_ports = custom_ports
+        @verbose = verbose
+        define_api_methods
+      end
+
+      def login(username, password: nil, lifetime: '1h', label: nil)
+        label = "AbideDevUtils token for #{username} - lifetime #{lifetime}" if label.nil?
+        password = IO.console.getpass 'Password: ' if password.nil?
+        data = {
+          'login' => username,
+          'password' => password,
+          'lifetime' => lifetime,
+          'label' => label
+        }
+        uri = URI("https://#{@hostname}:4433/rbac-api/v1/auth/token")
+        result = http_request(uri, post_request(uri, x_auth: false, **data), json_out: true)
+        @auth_token = result['token']
+        log_verbose("Successfully logged in? #{auth_token?}")
+        auth_token?
+      end
+
+      def auth_token?
+        defined?(@auth_token) && !@auth_token.nil? && !@auth_token.empty?
+      end
+
+      def tls_cert_verify
+        @tls_cert_verify = defined?(@tls_cert_verify) ? @tls_cert_verify : false
+      end
+
+      def verbose?
+        @verbose
+      end
+
+      def no_verbose
+        @verbose = false
+      end
+
+      def verbose!
+        @verbose = true
+      end
+
+      private
+
+      def define_api_methods
+        api_method_data.each do |meth, data|
+          case meth
+          when /^get_.*/
+            self.class.define_method(meth) do |*args, **kwargs|
+              uri = args.empty? ? data[:uri] : URI("#{data[:uri]}/#{args.join('/')}")
+              req = get_request(uri, x_auth: data[:x_auth], **kwargs)
+              http_request(data[:uri], req, json_out: true)
+            end
+          when /^post_.*/
+            self.class.define_method(meth) do |*args, **kwargs|
+              uri = args.empty? ? data[:uri] : URI("#{data[:uri]}/#{args.join('/')}")
+              req = post_request(uri, x_auth: data[:x_auth], **kwargs)
+              http_request(data[:uri], req, json_out: true)
+            end
+          else
+            raise "Cannot define method for #{meth}"
+          end
+        end
+      end
+
+      def api_method_data
+        method_data = {}
+        API_DEFS.each do |key, val|
+          val[:paths].each do |path|
+            method_names = api_method_names(key, path)
+            method_names.each do |name|
+              method_data[name] = {
+                uri: api_method_uri(val[:port], val[:base], val[:version], path[:path]),
+                x_auth: path[:x_auth]
+              }
+            end
+          end
+        end
+        method_data
+      end
+
+      def api_method_names(api_name, path)
+        path[:verbs].each_with_object([]) do |verb, ary|
+          path_str = path[:path].split('/').join('_')
+          ary << [verb, api_name.to_s, path_str].join('_')
+        end
+      end
+
+      def api_method_uri(port, base, version, path)
+        URI("https://#{@hostname}:#{port}/#{base}/#{version}/#{path}")
+      end
+
+      def get_request(uri, x_auth: true, **qparams)
+        log_verbose('New GET request:')
+        log_verbose("request_qparams?: #{!qparams.empty?}")
+        uri.query = URI.encode_www_form(qparams) unless qparams.empty?
+        headers = init_headers(x_auth: x_auth)
+        log_verbose("request_headers: #{redact_headers(headers)}")
+        Net::HTTP::Get.new(uri, headers)
+      end
+
+      def post_request(uri, x_auth: true, **data)
+        log_verbose('New POST request:')
+        log_verbose("request_data?: #{!data.empty?}")
+        headers = init_headers(x_auth: x_auth)
+        log_verbose("request_headers: #{redact_headers(headers)}")
+        req = Net::HTTP::Post.new(uri, headers)
+        req.body = data.to_json unless data.empty?
+        req
+      end
+
+      def init_headers(x_auth: true)
+        headers = { 'Content-Type' => @content_type }
+        return headers unless x_auth
+
+        raise 'Auth token not set!' unless auth_token?
+
+        headers['X-Authentication'] = @auth_token
+        headers
+      end
+
+      def http_request(uri, req, json_out: true)
+        result = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true, verify_mode: tls_verify_mode) do |http|
+          log_verbose("use_ssl: true, verify_mode: #{tls_verify_mode}")
+          http.request(req)
+        end
+        case result.code
+        when '200', '201', '202'
+          json_out ? JSON.parse(result.body) : result
+        else
+          jbody = JSON.parse(result.body)
+          log_verbose("HTTP #{result.code} #{jbody['kind']} #{jbody['msg']} #{jbody['details']} #{uri}")
+          raise "HTTP #{result.code} #{jbody['kind']} #{jbody['msg']} #{jbody['details']} #{uri}"
+        end
+      end
+
+      def log_verbose(msg)
+        puts msg if @verbose
+      end
+
+      def redact_headers(headers)
+        r_headers = headers.dup
+        r_headers['X-Authentication'] = 'XXXXX' if r_headers.key?('X-Authentication')
+        r_headers
+      end
+
+      def tls_verify_mode
+        tls_cert_verify ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE
+      end
+    end
+  end
+end

data/lib/abide_dev_utils/ppt/score_module.rb

@@ -0,0 +1,162 @@
+# frozen_string_literal: true
+
+require 'pathname'
+require 'metadata-json-lint'
+require 'puppet-lint'
+require 'json'
+
+module AbideDevUtils
+  module Ppt
+    class ScoreModule
+      attr_reader :module_name, :module_dir, :manifests_dir
+
+      def initialize(module_dir)
+        @module_name = module_dir.split(File::SEPARATOR)[-1]
+        @module_dir = real_module_dir(module_dir)
+        @manifests_dir = File.join(real_module_dir(module_dir), 'manifests')
+        @metadata = JSON.parse(File.join(@module_dir, 'metadata.json'))
+      end
+
+      def lint
+        linter_exit_code, linter_output = lint_manifests
+        {
+          exit_code: linter_exit_code,
+          manifests: manifest_count,
+          lines: line_count,
+          linter_version: linter_version,
+          output: linter_output
+        }.to_json
+      end
+
+      # def metadata
+
+      # end
+
+      private
+
+      def manifests
+        @manifests ||= Dir["#{manifests_dir}/**/*.pp"]
+      end
+
+      def manifest_count
+        @manifest_count ||= manifests.count
+      end
+
+      def line_count
+        @line_count ||= manifests.each_with_object([]) { |x, ary| ary << File.readlines(x).size }.sum
+      end
+
+      def lint_manifests
+        results = []
+        PuppetLint.configuration.with_filename = true
+        PuppetLint.configuration.json = true
+        PuppetLint.configuration.relative = true
+        linter_exit_code = 0
+        manifests.each do |manifest|
+          next if PuppetLint.configuration.ignore_paths.any? { |p| File.fnmatch(p, manifest) }
+
+          linter = PuppetLint.new
+          linter.file = manifest
+          linter.run
+          linter_exit_code = 1 if linter.errors? || linter.warnings?
+          results << linter.problems.reject { |x| x[:kind] == :ignored }
+        end
+        [linter_exit_code, JSON.generate(results)]
+      end
+
+      def lint_metadata
+        results = { errors: [], warnings: [] }
+        results[:errors] << metadata_schema_errors
+        dep_errors, dep_warnings = metadata_validate_deps
+        results[:errors] << dep_errors
+        results[:warnings] << dep_warnings
+        results[:errors] << metadata_deprecated_fields
+      end
+
+      def metadata_schema_errors
+        MetadataJsonLint::Schema.new.validate(@metadata).each_with_object([]) do |err, ary|
+          check = err[:field] == 'root' ? :required_fields : err[:field]
+          ary << metadata_err(check, err[:message])
+        end
+      end
+
+      def metadata_validate_deps
+        return [[], []] unless @metadata.key?('dependencies')
+
+        errors, warnings = []
+        duplicates = metadata_dep_duplicates
+        warnings << duplicates unless duplicates.empty?
+        @metadata['dependencies'].each do |dep|
+          e, w = metadata_dep_version_requirement(dep)
+          errors << e unless e.nil?
+          warnings << w unless w.nil?
+          warnings << metadata_dep_version_range(dep['name']) if dep.key?('version_range')
+        end
+        [errors.flatten, warnings.flatten]
+      end
+
+      def metadata_deprecated_fields
+        %w[types checksum].each_with_object([]) do |field, ary|
+          next unless @metadata.key?(field)
+
+          ary << metadata_err(:deprecated_fields, "Deprecated field '#{field}' found in metadata.json")
+        end
+      end
+
+      def metadata_dep_duplicates
+        results = []
+        duplicates = @metadata['dependencies'].detect { |x| @metadata['dependencies'].count(x) > 1 }
+        return results if duplicates.empty?
+
+        duplicates.each { |x| results << metadata_err(:dependencies, "Duplicate dependencies on #{x}") }
+        results
+      end
+
+      def metadata_dep_version_requirement(dependency)
+        unless dependency.key?('version_requirement')
+          return [metadata_err(:dependencies, "Invalid 'version_requirement' field in metadata.json: #{e}"), nil]
+        end
+
+        ver_req = MetadataJsonLint::VersionRequirement.new(dependency['version_requirement'])
+        return [nil, metadata_dep_open_ended(dependency['name'], dependency['version_requirement'])] if ver_req.open_ended?
+        return [nil, metadata_dep_mixed_syntax(dependency['name'], dependency['version_requirement'])] if ver_req.mixed_syntax?
+
+        [nil, nil]
+      end
+
+      def metadata_dep_open_ended(name, version_req)
+        metadata_err(:dependencies, "Dependency #{name} has an open ended dependency version requirement #{version_req}")
+      end
+
+      def metadata_dep_mixed_syntax(name, version_req)
+        msg = 'Mixing "x" or "*" version syntax with operators is not recommended in ' \
+              "metadata.json, use one style in the #{name} dependency: #{version_req}"
+        metadata_err(:dependencies, msg)
+      end
+
+      def metadata_dep_version_range(name)
+        metadata_err(:dependencies, "Dependency #{name} has a 'version_range' attribute which is no longer used by the forge.")
+      end
+
+      def metadata_err(check, msg)
+        { check: check, msg: msg }
+      end
+
+      def linter_version
+        PuppetLint::VERSION
+      end
+
+      def relative_manifests
+        Dir.glob('manifests/**/*.pp')
+      end
+
+      def real_module_dir(path)
+        return Pathname.pwd if path.nil?
+
+        return Pathname.new(path).cleanpath(consider_symlink: true) if Dir.exist?(path)
+
+        raise ArgumentError, "Path #{path} is not a directory"
+      end
+    end
+  end
+end

data/lib/abide_dev_utils/ppt.rb

@@ -80,31 +80,29 @@ module AbideDevUtils
 
     def self.add_cis_comment(path, xccdf, number_format: false)
       require 'abide_dev_utils/xccdf'
-      utils = AbideDevUtils::XCCDF::UtilsObject
-      parsed_xccdf = utils.parse(xccdf)
-      return add_cis_comment_to_all(path, parsed_xccdf, utils, number_format: number_format) if File.directory?(path)
-      return add_cis_comment_to_single(path, parsed_xccdf, utils, number_format: number_format) if File.file?(path)
+
+      parsed_xccdf = AbideDevUtils::XCCDF::Benchmark.new(xccdf)
+      return add_cis_comment_to_all(path, parsed_xccdf, number_format: number_format) if File.directory?(path)
+      return add_cis_comment_to_single(path, parsed_xccdf, number_format: number_format) if File.file?(path)
 
       raise AbideDevUtils::Errors::FileNotFoundError, path
     end
 
-    def self.add_cis_comment_to_single(path, xccdf, utils, number_format: false)
+    def self.add_cis_comment_to_single(path, xccdf, number_format: false)
       write_cis_comment_to_file(
         path,
         cis_recommendation_comment(
           path,
-          utils.all_cis_recommendations(xccdf),
-          number_format,
-          utils
+          xccdf,
+          number_format
         )
       )
     end
 
-    def self.add_cis_comment_to_all(path, xccdf, utils, number_format: false)
+    def self.add_cis_comment_to_all(path, xccdf, number_format: false)
       comments = {}
-      recommendations = utils.all_cis_recommendations(xccdf)
       Dir[File.join(path, '*.pp')].each do |puppet_file|
-        comment = cis_recommendation_comment(puppet_file, recommendations, number_format, utils)
+        comment = cis_recommendation_comment(puppet_file, xccdf, number_format)
         comments[puppet_file] = comment unless comment.nil?
       end
       comments.each do |key, value|
@@ -120,9 +118,7 @@ module AbideDevUtils
         File.open(tempfile, 'w') do |nf|
           nf.write("#{comment}\n")
           File.foreach(path) do |line|
-            next if line.match?(/#{comment}/)
-
-            nf << line
+            nf.write(line) unless line == "#{comment}\n"
           end
         end
         File.rename(path, "#{path}.old")
@@ -136,17 +132,24 @@ module AbideDevUtils
       end
     end
 
-    def self.cis_recommendation_comment(puppet_file, recommendations, number_format, utils)
-      reco_text = utils.find_cis_recommendation(
+    def self.cis_recommendation_comment(puppet_file, xccdf, number_format)
+      _, control = xccdf.find_cis_recommendation(
         File.basename(puppet_file, '.pp'),
-        recommendations,
         number_format: number_format
       )
-      if reco_text.nil?
+      if control.nil?
         AbideDevUtils::Output.simple("Could not find recommendation text for #{puppet_file}...")
         return nil
       end
-      "# #{reco_text}"
+      control_title = xccdf.resolve_control_reference(control).xpath('./xccdf:title').text
+      "# #{control_title}"
+    end
+
+    def self.score_module(module_path, outfile: nil, quiet: false, checks: ['all'], **_)
+      AbideDevUtils::Output.simple 'This command is not currently implemented'
+      # require 'abide_dev_utils/ppt/score_module'
+      # score = {}
+      # score[:lint_check] = ScoreModule.lint if checks.include?('all') || checks.include?('lint')
     end
   end
 end

data/lib/abide_dev_utils/validate.rb

@@ -8,9 +8,13 @@ module AbideDevUtils
       raise AbideDevUtils::Errors::FileNotFoundError, path unless File.exist?(path)
     end
 
-    def self.file(path)
+    def self.file(path, extension: nil)
       filesystem_path(path)
       raise AbideDevUtils::Errors::PathNotFileError, path unless File.file?(path)
+      return if extension.nil?
+
+      file_ext = extension.match?(/^\.[A-Za-z0-9]+$/) ? extension : ".#{extension}"
+      raise AbideDevUtils::Errors::FileExtensionIncorrectError, extension unless File.extname(path) == file_ext
     end
 
     def self.directory(path)

data/lib/abide_dev_utils/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module AbideDevUtils
-  VERSION = "0.6.0"
+  VERSION = "0.9.3"
 end