compliance 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 9a2110ea9974434c5b79c50bc636450cf082c3c82342ff46fd5629679200f2c4
4
+ data.tar.gz: bdaa976134de96fa62ed8c0ddec64eb5ce9c1ba34c85aa35559675346ba9ae23
5
+ SHA512:
6
+ metadata.gz: fd17d4f694c83c0f066b534e714b14fb490dd80dde7536a34944d149929ffb1b9521ae98111b69c979101f7c1ddd2095b0b131d9988a20beb84e428e2a0da8e6
7
+ data.tar.gz: a9a41edfd6662fc2767fa0414d6218512543430f37758313040f281dc3f8e8bc9200bf7cc76cf6b3849b8fa0688fdae61bc9f85ff2413d75e7fe3c44db377b73
checksums.yaml.gz.sig ADDED
Binary file
@@ -0,0 +1,35 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Released under the MIT License.
4
+ # Copyright, 2024, by Samuel Williams.
5
+
6
+ def document
7
+ document = Compliance::Document.new
8
+
9
+ ::Gem.loaded_specs.each do |name, spec|
10
+ Console.logger.debug(self) {"Checking gem #{name}: #{spec.full_gem_path}..."}
11
+
12
+ if path = spec.full_gem_path and File.directory?(path)
13
+ Compliance::Loader.load(path, document)
14
+ end
15
+ end
16
+
17
+ return document
18
+ end
19
+
20
+ def check(input:)
21
+ policy = Compliance::Policy.new
22
+ document = input || self.document
23
+
24
+ unsatisfied = {}
25
+
26
+ document.check(policy) do |requirement, satisfied, unsatisfied|
27
+ Console.debug(self) {"Requirement #{requirement.id} is #{satisfied.any? ? "satisfied." : "not satisfied!"}"}
28
+
29
+ if satisfied.empty?
30
+ unsatisfied[requirement.id] = requirement
31
+ end
32
+ end
33
+
34
+ raise Compliance::Error.new(unsatisfied) unless unsatisfied.empty?
35
+ end
@@ -0,0 +1,29 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Released under the MIT License.
4
+ # Copyright, 2024, by Samuel Williams.
5
+
6
+ module Compliance
7
+ # Represents an attestation of compliance with a requirement.
8
+ class Attestation
9
+ def initialize(metadata)
10
+ @metadata = metadata
11
+ end
12
+
13
+ def as_json(...)
14
+ @metadata
15
+ end
16
+
17
+ def to_json(...)
18
+ as_json.to_json(...)
19
+ end
20
+
21
+ # The unique identifier for this attestation.
22
+ def id
23
+ @metadata[:id]
24
+ end
25
+
26
+ # The metadata associated with this attestation.
27
+ attr :metadata
28
+ end
29
+ end
@@ -0,0 +1,67 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Released under the MIT License.
4
+ # Copyright, 2024, by Samuel Williams.
5
+
6
+ require_relative 'requirement'
7
+ require_relative 'attestation'
8
+
9
+ module Compliance
10
+ # Represents a document containing requirements and attestations.
11
+ class Document
12
+ def initialize
13
+ @requirements = []
14
+ @attestations = []
15
+
16
+ @attestations_by_id = {}
17
+ end
18
+
19
+ def as_json(...)
20
+ {
21
+ requirements: @requirements,
22
+ attestations: @attestations
23
+ }
24
+ end
25
+
26
+ def to_json(...)
27
+ as_json.to_json(...)
28
+ end
29
+
30
+ attr :requirements
31
+ attr :attestations
32
+
33
+ # Add a requirement to the document.
34
+ def add_requirement(requirement)
35
+ @requirements << requirement
36
+ end
37
+
38
+ # Add an attestation to the document.
39
+ # @parameter attestation [Attestation] The attestation to add to the document.
40
+ def add_attestation(attestation)
41
+ @attestations << attestation
42
+ (@attestations_by_id[attestation.id] ||= Array.new) << attestation
43
+ end
44
+
45
+ # Check the document against a given policy.
46
+ def check(policy)
47
+ return to_enum(:check, policy) unless block_given?
48
+
49
+ @requirements.each do |requirement|
50
+ attestations = @attestations_by_id[requirement.id]
51
+
52
+ satisfied = []
53
+ unsatisfied = []
54
+
55
+ attestations&.each do |attestation|
56
+ if policy.satisfies?(requirement, attestation)
57
+ satisfied << attestation
58
+ else
59
+ unsatisfied << attestation
60
+ end
61
+ end
62
+
63
+ yield requirement, satisfied, unsatisfied
64
+ end
65
+ end
66
+ end
67
+ end
@@ -0,0 +1,13 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Released under the MIT License.
4
+ # Copyright, 2024, by Samuel Williams.
5
+
6
+ module Compliance
7
+ # Represents an error that occurs when requirements are not satisfied.
8
+ class Error < StandardError
9
+ def initialize(unsatisfied)
10
+ super "Unsatisfied requirements: #{unsatisfied.keys.join(', ')}"
11
+ end
12
+ end
13
+ end
@@ -0,0 +1,45 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Released under the MIT License.
4
+ # Copyright, 2024, by Samuel Williams.
5
+
6
+ require_relative 'requirement'
7
+ require_relative 'attestation'
8
+
9
+ require 'json'
10
+
11
+ module Compliance
12
+ # Load compliance data from JSON files.
13
+ module Loader
14
+ def self.add(compliance, document)
15
+ compliance[:requirements].each do |metadata|
16
+ document.add_requirement(Requirement.new(metadata))
17
+ end
18
+
19
+ compliance[:attestations]&.each do |metadata|
20
+ document.add_attestation(Attestation.new(metadata))
21
+ end
22
+ end
23
+
24
+ # Load compliance data from a directory.
25
+ # @parameter root [String] The root directory to load compliance data from.
26
+ # @parameter document [Document] The document to load compliance data into.
27
+ def self.load(root, document)
28
+ compliance_json_path = File.expand_path("compliance.json", root)
29
+
30
+ if File.file?(compliance_json_path)
31
+ data = JSON.load_file(compliance_json_path, symbolize_names: true)
32
+ self.add(data, document)
33
+ end
34
+
35
+ compliance_directory = File.expand_path("compliance", root)
36
+
37
+ if File.directory?(compliance_directory)
38
+ Dir.glob(File.join(compliance_directory, "*.json")) do |path|
39
+ data = JSON.load_file(path, symbolize_names: true)
40
+ self.add(data, document)
41
+ end
42
+ end
43
+ end
44
+ end
45
+ end
@@ -0,0 +1,13 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Released under the MIT License.
4
+ # Copyright, 2024, by Samuel Williams.
5
+
6
+ module Compliance
7
+ # Represents a policy for checking compliance.
8
+ class Policy
9
+ def satisfies?(requirement, attestation)
10
+ requirement.id == attestation.id
11
+ end
12
+ end
13
+ end
@@ -0,0 +1,29 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Released under the MIT License.
4
+ # Copyright, 2024, by Samuel Williams.
5
+
6
+ module Compliance
7
+ # Represents a requirement that can be satisfied by an attestation.
8
+ class Requirement
9
+ def initialize(metadata)
10
+ @metadata = metadata
11
+ end
12
+
13
+ def as_json(...)
14
+ @metadata
15
+ end
16
+
17
+ def to_json(...)
18
+ as_json.to_json(...)
19
+ end
20
+
21
+ # The unique identifier for this requirement.
22
+ def id
23
+ @metadata[:id]
24
+ end
25
+
26
+ # The metadata associated with this requirement.
27
+ attr :metadata
28
+ end
29
+ end
@@ -0,0 +1,8 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Released under the MIT License.
4
+ # Copyright, 2024, by Samuel Williams.
5
+
6
+ module Compliance
7
+ VERSION = "0.0.1"
8
+ end
data/lib/compliance.rb ADDED
@@ -0,0 +1,9 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Released under the MIT License.
4
+ # Copyright, 2024, by Samuel Williams.
5
+
6
+ require_relative 'compliance/version'
7
+ require_relative 'compliance/document'
8
+ require_relative 'compliance/loader'
9
+ require_relative 'compliance/policy'
data/license.md ADDED
@@ -0,0 +1,21 @@
1
+ # MIT License
2
+
3
+ Copyright, 2024, by Samuel Williams.
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
data/readme.md ADDED
@@ -0,0 +1,29 @@
1
+ # Compliance
2
+
3
+ A simple framework for tracking requirements and attestations across projects with dependencies.
4
+
5
+ [![Development Status](https://github.com/ioquatix/compliance/workflows/Test/badge.svg)](https://github.com/ioquatix/compliance/actions?workflow=Test)
6
+
7
+ ## Usage
8
+
9
+ Please see the [project documentation](https://ioquatix.github.io/compliance/) for more details.
10
+
11
+ - [Getting Started](https://ioquatix.github.io/compliance/guides/getting-started/index) - This guide gives a general overview to the `compliance` gem, and how to track requirements and attestations across projects with dependencies.
12
+
13
+ ## Contributing
14
+
15
+ We welcome contributions to this project.
16
+
17
+ 1. Fork it.
18
+ 2. Create your feature branch (`git checkout -b my-new-feature`).
19
+ 3. Commit your changes (`git commit -am 'Add some feature'`).
20
+ 4. Push to the branch (`git push origin my-new-feature`).
21
+ 5. Create new Pull Request.
22
+
23
+ ### Developer Certificate of Origin
24
+
25
+ This project uses the [Developer Certificate of Origin](https://developercertificate.org/). All contributors to this project must agree to this document to have their contributions accepted.
26
+
27
+ ### Contributor Covenant
28
+
29
+ This project is governed by the [Contributor Covenant](https://www.contributor-covenant.org/). All contributors and participants agree to abide by its terms.
data.tar.gz.sig ADDED
Binary file
metadata ADDED
@@ -0,0 +1,99 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: compliance
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Samuel Williams
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain:
11
+ - |
12
+ -----BEGIN CERTIFICATE-----
13
+ MIIE2DCCA0CgAwIBAgIBATANBgkqhkiG9w0BAQsFADBhMRgwFgYDVQQDDA9zYW11
14
+ ZWwud2lsbGlhbXMxHTAbBgoJkiaJk/IsZAEZFg1vcmlvbnRyYW5zZmVyMRIwEAYK
15
+ CZImiZPyLGQBGRYCY28xEjAQBgoJkiaJk/IsZAEZFgJuejAeFw0yMjA4MDYwNDUz
16
+ MjRaFw0zMjA4MDMwNDUzMjRaMGExGDAWBgNVBAMMD3NhbXVlbC53aWxsaWFtczEd
17
+ MBsGCgmSJomT8ixkARkWDW9yaW9udHJhbnNmZXIxEjAQBgoJkiaJk/IsZAEZFgJj
18
+ bzESMBAGCgmSJomT8ixkARkWAm56MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
19
+ igKCAYEAomvSopQXQ24+9DBB6I6jxRI2auu3VVb4nOjmmHq7XWM4u3HL+pni63X2
20
+ 9qZdoq9xt7H+RPbwL28LDpDNflYQXoOhoVhQ37Pjn9YDjl8/4/9xa9+NUpl9XDIW
21
+ sGkaOY0eqsQm1pEWkHJr3zn/fxoKPZPfaJOglovdxf7dgsHz67Xgd/ka+Wo1YqoE
22
+ e5AUKRwUuvaUaumAKgPH+4E4oiLXI4T1Ff5Q7xxv6yXvHuYtlMHhYfgNn8iiW8WN
23
+ XibYXPNP7NtieSQqwR/xM6IRSoyXKuS+ZNGDPUUGk8RoiV/xvVN4LrVm9upSc0ss
24
+ RZ6qwOQmXCo/lLcDUxJAgG95cPw//sI00tZan75VgsGzSWAOdjQpFM0l4dxvKwHn
25
+ tUeT3ZsAgt0JnGqNm2Bkz81kG4A2hSyFZTFA8vZGhp+hz+8Q573tAR89y9YJBdYM
26
+ zp0FM4zwMNEUwgfRzv1tEVVUEXmoFCyhzonUUw4nE4CFu/sE3ffhjKcXcY//qiSW
27
+ xm4erY3XAgMBAAGjgZowgZcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0O
28
+ BBYEFO9t7XWuFf2SKLmuijgqR4sGDlRsMC4GA1UdEQQnMCWBI3NhbXVlbC53aWxs
29
+ aWFtc0BvcmlvbnRyYW5zZmVyLmNvLm56MC4GA1UdEgQnMCWBI3NhbXVlbC53aWxs
30
+ aWFtc0BvcmlvbnRyYW5zZmVyLmNvLm56MA0GCSqGSIb3DQEBCwUAA4IBgQB5sxkE
31
+ cBsSYwK6fYpM+hA5B5yZY2+L0Z+27jF1pWGgbhPH8/FjjBLVn+VFok3CDpRqwXCl
32
+ xCO40JEkKdznNy2avOMra6PFiQyOE74kCtv7P+Fdc+FhgqI5lMon6tt9rNeXmnW/
33
+ c1NaMRdxy999hmRGzUSFjozcCwxpy/LwabxtdXwXgSay4mQ32EDjqR1TixS1+smp
34
+ 8C/NCWgpIfzpHGJsjvmH2wAfKtTTqB9CVKLCWEnCHyCaRVuKkrKjqhYCdmMBqCws
35
+ JkxfQWC+jBVeG9ZtPhQgZpfhvh+6hMhraUYRQ6XGyvBqEUe+yo6DKIT3MtGE2+CP
36
+ eX9i9ZWBydWb8/rvmwmX2kkcBbX0hZS1rcR593hGc61JR6lvkGYQ2MYskBveyaxt
37
+ Q2K9NVun/S785AP05vKkXZEFYxqG6EW012U4oLcFl5MySFajYXRYbuUpH6AY+HP8
38
+ voD0MPg1DssDLKwXyt1eKD/+Fq0bFWhwVM/1XiAXL7lyYUyOq24KHgQ2Csg=
39
+ -----END CERTIFICATE-----
40
+ date: 2024-04-17 00:00:00.000000000 Z
41
+ dependencies:
42
+ - !ruby/object:Gem::Dependency
43
+ name: json
44
+ requirement: !ruby/object:Gem::Requirement
45
+ requirements:
46
+ - - ">="
47
+ - !ruby/object:Gem::Version
48
+ version: '0'
49
+ type: :runtime
50
+ prerelease: false
51
+ version_requirements: !ruby/object:Gem::Requirement
52
+ requirements:
53
+ - - ">="
54
+ - !ruby/object:Gem::Version
55
+ version: '0'
56
+ description:
57
+ email:
58
+ executables: []
59
+ extensions: []
60
+ extra_rdoc_files: []
61
+ files:
62
+ - bake/compliance.rb
63
+ - lib/compliance.rb
64
+ - lib/compliance/attestation.rb
65
+ - lib/compliance/document.rb
66
+ - lib/compliance/error.rb
67
+ - lib/compliance/loader.rb
68
+ - lib/compliance/policy.rb
69
+ - lib/compliance/requirement.rb
70
+ - lib/compliance/version.rb
71
+ - license.md
72
+ - readme.md
73
+ homepage: https://github.com/ioquatix/compliance
74
+ licenses:
75
+ - MIT
76
+ metadata:
77
+ documentation_uri: https://ioquatix.github.io/compliance/
78
+ funding_uri: https://github.com/sponsors/ioquatix/
79
+ source_code_uri: https://github.com/ioquatix/compliance.git
80
+ post_install_message:
81
+ rdoc_options: []
82
+ require_paths:
83
+ - lib
84
+ required_ruby_version: !ruby/object:Gem::Requirement
85
+ requirements:
86
+ - - ">="
87
+ - !ruby/object:Gem::Version
88
+ version: '3.1'
89
+ required_rubygems_version: !ruby/object:Gem::Requirement
90
+ requirements:
91
+ - - ">="
92
+ - !ruby/object:Gem::Version
93
+ version: '0'
94
+ requirements: []
95
+ rubygems_version: 3.5.3
96
+ signing_key:
97
+ specification_version: 4
98
+ summary: A framework for tracking compliance requirements and attestations.
99
+ test_files: []
metadata.gz.sig ADDED
Binary file