train-vsphere 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: baa259e959105f850bbf08c00722541d608fe392cb9a39d3d8743e189bbc85f5
+  data.tar.gz: 1f4bb79dcc6a9fd466359a10bde359e292349b4fc22fc898de20ab65051c5924
+SHA512:
+  metadata.gz: 79d39f4183add1adff0dbb9842c65951f8dd27c564ebfb3bd95b5054e37be262b39136c75c8a07a4adc9e71633e86292a3291326c1570e5d91dd95ab46db181f
+  data.tar.gz: 2472d1e48065f7ceb8141ec7c71ca7c12033bb875f6a1a0c6a98903e90d4d72b93d3ca68cc134d04d9a05862ab8923be3df86e4496ea8da358c620cd0e3555aa

data/Gemfile

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+gemspec
+gem 'vsphere-automation-sdk', '~> 0.1.0'
+
+group :development do
+  gem 'vsphere-automation-sdk', '~> 0.1.0'
+end

data/README.md

@@ -0,0 +1,125 @@
+# Train-vsphere
+
+`train-vsphere` is a Train plugin and is used as a Train Transport to connect to vsphere environments. 
+
+## To Install this as a User
+
+You will need InSpec v3.9 or later.
+
+Simply run:
+
+```bash
+$ inspec plugin install train-vsphere
+```
+
+## Using train-vsphere from InSpec
+Connect to the vsphere target as such:
+```bash
+inspec shell -t vsphere://vcenter.host.name --user 'username@sso.domain' --password 'supersecret' --insecure boolean
+```
+or
+```bash
+inspec exec -t vsphere://vcenter.host.name --user 'username@sso.domain' --password 'supersecret' --insecure boolean
+```
+
+Alternatively you can set all these as environment variables using the following variables and authenticate without the parameters in in the inspec command or the target
+```bash
+export VC_HOSTNAME='vcenter.host.name'
+export VC_USERNAME='username@sso.domain'
+export VC_PASSWORD='notVMware1!'
+inspec exec -t vsphere://
+```
+
+When connected, you can retrieve your API token in your resources or profiles as such:
+
+```ruby
+#This retrieves an authentication token
+@authtoken = inspec.backend.authenticate
+
+#This authentication token can now be used to access all other APIs
+VSphereAutomation::Appliance::AccessConsolecliApi.new(@authtoken).get.value
+```
+
+An example of a resource
+```ruby
+
+class Vcsa < Inspec.resource(1)
+  name 'vcsa'
+	supports platform: 'vsphere'
+	desc 'Use the vsphere audit resource to get information from the vSphere API'
+
+  def initialize
+    authenticate
+  end
+  def ssh
+    begin
+      return VSphereAutomation::Appliance::AccessConsolecliApi.new(@auth_token).get.value
+        
+    rescue VSphereAutomation::ApiError => e
+      puts "Exception when calling AccessConsolecliApi->get: #{e}"
+    end
+  end
+
+  def exists?
+    return true
+  end
+
+  def authenticate
+    @auth_token = inspec.backend.authenticate
+  end
+end
+
+```
+
+And the matching control
+
+```ruby
+control 'vcenter-appliance-VCSA-001-1' do                        # A unique ID for this control
+  impact 0.7                                # The criticality, if this control fails.
+  title 'SSH should be disabled'             # A human-readable title
+  desc 'SSH should be disabled by default'
+  # tag 'security'
+  # tag check: 'VCSA-001-1' 
+  # ref 'https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.vcsa.doc/GUID-D58532F7-E48C-4BF2-87F9-99BA89BF659A.html'
+  
+  describe vcsa do
+    it { should exist }
+    its('ssh') {should cmp 'false'}
+  end
+end
+
+
+
+
+
+## Notes
+
+Due to some unknown bug, libcurl4-gnutls-dev may be required on linux. I haven't tested this on various distributions yet. MacOS should work out of the box, but YMMV. 
+
+## Contributing
+
+1. Fork it
+1. Create your feature branch (git checkout -b my-new-feature)
+1. Commit your changes (git commit -sam 'Add some feature')
+1. Push to the branch (git push origin my-new-feature)
+1. Create new Pull Request
+
+## License
+
+| **Author:**          | Sjors Robroek
+
+| **Copyright:**       | Copyright (c) 2019
+
+| **License:**         | Apache License, Version 2.0
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/lib/test.rb

@@ -0,0 +1,4 @@
+basename = File.basename(__FILE__, ".rb")
+libdir = File.expand_path("../#{basename}",__FILE__)
+puts basename
+puts libdir

data/lib/train-vsphere/connection.rb

@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+
+
+require 'vsphere-automation-sdk'
+require 'vsphere-automation-cis'
+require 'train'
+require 'train/plugins'
+require 'train-vsphere/platform'
+require 'vsphere-automation-appliance'
+require 'vsphere-automation-content'
+require 'vsphere-automation-vapi'
+require 'vsphere-automation-vcenter'
+
+module TrainPlugins
+  module Vsphere
+    class Connection < Train::Plugins::Transport::BaseConnection
+      include TrainPlugins::Vsphere::Platform
+
+
+      def initialize(options)
+
+        options = validate_options(options)
+        super(options)
+        enable_cache :api_call
+
+      end
+
+      def authenticate
+
+        return api_client unless cache_enabled?(:api_call)
+
+        @cache[:api_call][api_client.to_s.to_sym] ||= api_client
+      end
+
+
+
+
+      def uri
+        "vsphere://#{options[:hostname]}"
+      end
+
+
+      def local?
+        false
+      end
+
+    private
+
+    def api_client
+
+    
+
+      configuration = VSphereAutomation::Configuration.new.tap do |c|
+        c.host = options[:host]
+        c.username = options[:user]
+        c.password = options[:password]
+        c.scheme = 'https'
+        c.verify_ssl = !options[:insecure]
+        c.verify_ssl_host = !options[:insecure]
+      end
+      begin
+        api_client = VSphereAutomation::ApiClient.new(configuration)
+        api_client.default_headers['Authorization'] = configuration.basic_auth_token
+        session_api = VSphereAutomation::CIS::SessionApi.new(api_client)
+        session_id = session_api.create('').value
+        api_client.default_headers['vmware-api-session-id'] = session_id  
+        return api_client
+      rescue VSphereAutomation::ApiError => e
+        fail Train::ClientError
+        #puts "Exception when calling AccessConsolecliApi->get: #{e}"
+      end
+    end
+
+    def validate_options(options)
+      if options[:user].nil?
+        fail Train::ClientError,
+            'A user needs to be set'
+      end
+      if options[:password].nil?
+        fail Train::ClientError,
+            'A password needs to be set'
+      end
+      if options[:host].nil?
+        fail Train::ClientError,
+            'A host needs to be set'
+      end
+
+
+      return options
+    end
+
+    end
+  end
+end

data/lib/train-vsphere/platform.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module TrainPlugins
+  module Vsphere
+    module Platform
+      def platform
+        Train::Platforms.name('vsphere').in_family('cloud')
+        force_platform!('vsphere', release: TrainPlugins::Vsphere::VERSION)
+      end
+    end
+  end
+end
+
+

data/lib/train-vsphere/transport.rb

@@ -0,0 +1,27 @@
+require 'train'
+require 'train/plugins'
+require 'train-vsphere/connection'
+
+# Train Plugins v1 are usually declared under the TrainPlugins namespace.
+# Each plugin has three components: Transport, Connection, and Platform.
+# We'll only define the Transport here, but we'll refer to the others.
+
+module TrainPlugins
+  module Vsphere
+    class Transport < Train.plugin(1)
+      name 'vsphere'
+
+      option :host, required: true, default: ENV['VC_HOSTNAME'] 
+      option :user, required: true, default: ENV['VC_USERNAME'] 
+      option :password, required: true, default: ENV['VC_PASSWORD'] 
+      option :insecure, required: false, default: false
+
+
+
+      # inspec -t vsphere://
+      def connection(_instance_opts = nil)
+        @connection ||= TrainPlugins::Vsphere::Connection.new(@options)
+      end
+    end
+  end
+end

data/lib/train-vsphere/version.rb

@@ -0,0 +1,7 @@
+# @author Sjors Robroek
+
+module TrainPlugins
+  module Vsphere
+    VERSION = '1.0.0'
+  end
+end

data/lib/train-vsphere.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+ #basename = File.basename(__FILE__, ".rb")
+ #libdir = File.expand_path("../#{basename}/",__FILE__)
+ #$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
+
+require 'train-vsphere/version'
+require 'train-vsphere/transport'
+require 'train-vsphere/platform'
+require 'train-vsphere/connection'

data/train-vsphere.gemspec

@@ -0,0 +1,26 @@
+
+
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'train-vsphere/version'
+
+Gem::Specification.new do |spec|
+  spec.name        = 'train-vsphere'
+  spec.version     = TrainPlugins::Vsphere::VERSION
+  spec.authors     = ['Sjors Robroek']
+  spec.email       = ['s.robroek@vxsan.com']
+  spec.summary     = 'Train Transport for vSphere'
+  spec.description = 'Allows applications using Train to speak to vSphere'
+  spec.homepage    = 'https://github.com/srobroek/train-vsphere'
+  spec.license     = 'Apache-2.0'
+
+  spec.files = %w{
+    README.md train-vsphere.gemspec Gemfile
+  } + Dir.glob(
+    'lib/**/*', File::FNM_DOTMATCH
+  ).reject { |f| File.directory?(f) }
+  spec.require_paths = ['lib']
+
+spec.add_dependency 'train', '~> 1.4'
+spec.add_dependency 'vsphere-automation-sdk', '~> 0.1.0'
+end

metadata

@@ -0,0 +1,80 @@
+--- !ruby/object:Gem::Specification
+name: train-vsphere
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Sjors Robroek
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-04-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: train
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+- !ruby/object:Gem::Dependency
+  name: vsphere-automation-sdk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+description: Allows applications using Train to speak to vSphere
+email:
+- s.robroek@vxsan.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- README.md
+- lib/test.rb
+- lib/train-vsphere.rb
+- lib/train-vsphere/connection.rb
+- lib/train-vsphere/platform.rb
+- lib/train-vsphere/transport.rb
+- lib/train-vsphere/version.rb
+- train-vsphere.gemspec
+homepage: https://github.com/srobroek/train-vsphere
+licenses:
+- Apache-2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: Train Transport for vSphere
+test_files: []