Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve output for check script #7

Merged
merged 3 commits into from
Sep 11, 2024
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ RUN adduser \
--uid "${UID}" \
appuser

RUN apt-get -y update && apt-get -y install git curl
RUN apt-get -y update && apt-get -y install git curl jq && apt-get clean
RUN curl -L "https://packages.cloudfoundry.org/stable?release=linux64-binary&version=v8&source=github" | tar -zx && mv cf* /usr/local/bin/

WORKDIR /app
Expand All @@ -40,7 +40,7 @@ RUN chown appuser /app
# into this layer.
RUN --mount=type=cache,target=/root/.cache/pip \
--mount=type=bind,source=requirements.txt,target=requirements.txt \
python -m pip install -r requirements.txt
python -m pip install -r requirements.txt --upgrade

# Switch to the non-privileged user to run the application.
USER appuser
Expand Down
15 changes: 11 additions & 4 deletions bin/check
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,15 @@ set -e

python c2p/compliance_to_policy.py -c cdef.json -o auditree/auditree.json

cd auditree
compliance --check devtools.arboretum.accred,devtools.cloudgov.accred -C auditree.json --evidence full-remote &> /dev/null
(cd auditree && compliance --check devtools.arboretum.accred,devtools.cloudgov.accred -C auditree.json --evidence full-remote)

cd ..
python c2p/result_to_compliance.py -c cdef.json -i /tmp/compliance/check_results.json
if [ "$1" = "" ]; then
ar="$(mktemp -d)/auditree.json"
else
ar="$1"
fi

python c2p/result_to_compliance.py -c cdef.json -i /tmp/compliance/check_results.json > $ar

locker_repo=`jq -r ".locker.repo_url" auditree/auditree.json`
plant-helper -f "$ar" -c assessment-results -d "Auditree check assessment-results" -l "$locker_repo" -n
zjrgov marked this conversation as resolved.
Show resolved Hide resolved
67 changes: 67 additions & 0 deletions bin/plant-helper
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
#! /usr/bin/env bash

usage="
$0: Plant external evidence in the evidence locker
zjrgov marked this conversation as resolved.
Show resolved Hide resolved

Usage:
$0 -h
$0 -f FILE_PATH -c CATEGORY -d DESCRIPTION [-t TTL] -l LOCKER_URL [-b LOCKER_BRANCH] [-n]

Options:
-h: show help and exit
-f: file to plant. ex: '/abs/path/to/filename.json'
-c: Evidence Category
-d: Evidence Description
-t: Evidence TTL. Default: 86400
-l: https version of locker repository
-b: main branch used in locker repository. Default: 'main'
-n: Dry run mode
"

set -e

mode="push-remote"
branch="main"
ttl=86400
file=""
category=""
description=""
locker=""

while getopts "hf:c:d:t:l:b:n" opt; do
case "$opt" in
f)
file=${OPTARG}
;;
c)
category=${OPTARG}
;;
d)
description=${OPTARG}
;;
t)
ttl=${OPTARG}
;;
l)
locker=${OPTARG}
;;
b)
branch=${OPTARG}
;;
n)
mode="dry-run"
;;
h)
echo "$usage"
exit 0
;;
esac
done

if [ "$file" = "" ] || [ "$category" = "" ] || [ "$description" = "" ] || [ "$locker" = "" ]; then
echo "$usage"
exit 1
fi

config="{\"$file\":{\"category\":\"$category\",\"ttl\":$ttl,\"description\":\"$description\"}}"
plant "$mode" "$locker" --branch "$branch" --config "$config"
27 changes: 13 additions & 14 deletions bin/prune-helper
Original file line number Diff line number Diff line change
Expand Up @@ -5,34 +5,32 @@ $0: Prune obsolete evidence from the evidence locker

Usage:
$0 -h
$0 -c PRUNE_CONFIG -l LOCKER_URL [-b LOCKER_BRANCH] [-e EMAIL_ADDRESS] [-d]
$0 -f FILE_PATH -r REASON -l LOCKER_URL [-b LOCKER_BRANCH] [-d]

Options:
-h: show help and exit
-c: prune config. ex: '{\"path/to/filename.json\":\"Reason it is being pruned\"}'
-f: file to prune. Should be given as a relative path from the root of the evidence repo
-r: Reason the evidence is being pruned
-l: https version of locker repository
-b: main branch used in locker repository. Default: 'main'
-e: your email address. Defaults to '$GIT_EMAIL'
-d: Dry run mode
zjrgov marked this conversation as resolved.
Show resolved Hide resolved
"

echo "Calling prune-helper script"

set -e

mode="push-remote"
branch="main"
config=""
email="$GIT_EMAIL"
file=""
reason=""
locker=""

while getopts "hc:e:l:b:d" opt; do
while getopts "hf:r:l:b:d" opt; do
case "$opt" in
c)
config=${OPTARG}
f)
file=${OPTARG}
;;
e)
email=${OPTARG}
r)
reason=${OPTARG}
;;
l)
locker=${OPTARG}
Expand All @@ -50,9 +48,10 @@ while getopts "hc:e:l:b:d" opt; do
esac
done

if [ "$config" = "" ] || [ "$locker" = "" ] || [ "$email" = "" ]; then
if [ "$file" = "" ] || [ "$reason" = "" ] || [ "$locker" = "" ]; then
echo "$usage"
exit 1
fi

prune "$mode" --config "$config" --git-config "{\"user\":{\"email\":\"$email\"}}" --branch "$branch" "$locker"
config="{\"$file\":\"$reason\"}"
prune "$mode" --config "$config" --branch "$branch" "$locker"
5 changes: 3 additions & 2 deletions requirements.txt
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
auditree-framework @ git+https://github.com/ComplianceAsCode/auditree-framework.git
auditree-arboretum ~= 0.17
auditree-prune @ git+https://github.com/rahearn/auditree-prune.git
compliance-to-policy @ git+https://github.com/rahearn/compliance-to-policy.git
auditree-prune @ git+https://github.com/ComplianceAsCode/auditree-prune.git
auditree-plant @ git+https://github.com/rahearn/auditree-plant.git
compliance-to-policy ~= 0.4