def __init__(self, results, controls, push_error=False):
"""
Construct and initialize the PagerDuty notifier object.
:param results: dictionary generated by
:py:class:`compliance.runners.CheckMode` at the end of the execution.
:param controls: the control descriptor that manages accreditations.
"""
super(PagerDutyNotifier, self).__init__(results, controls, push_error)
self._creds = get_config().creds
self._config = get_config().get('notify.pagerduty', {})
def __init__(self, results, controls, push_error=False):
"""
Construct and initialize the Findings notifier object.
:param results: dictionary generated by
:py:class:`compliance.runners.CheckMode` at the end of the execution.
:param controls: the control descriptor that manages accreditations.
"""
super(FindingsNotifier, self).__init__(results, controls, push_error)
self._config = get_config().get('notify.findings')
self._creds = get_config().creds
api_key = self._creds['findings'].api_key
authenticator = IAMAuthenticator(apikey=api_key)
self.findings_api = FindingsApiV1(authenticator=authenticator)
def _load_compliance_config(self):
creds_path = os.path.expanduser(self.opts.creds_path)
if not os.path.isfile(creds_path):
raise ValueError(f'{creds_path} does not exist.')
self.config = get_config()
self.config.creds_path = creds_path
self.config.load(self.opts.compliance_config)
def __init__(self, *args, **kwargs):
"""Construct and initialize the fetcher test object."""
super(ComplianceFetcher, self).__init__(*args, **kwargs)
if hasattr(ComplianceFetcher, 'config'):
self.config = ComplianceFetcher.config
else:
self.config = get_config()
def substitute_config(path_tmpl):
"""
Substitue the config values on the given path template.
:param path_tmpl: a string template of a path
"""
return path_tmpl.format(**(get_config().raw_config))
def __init__(self, *args, **kwargs):
"""Construct and initialize the raw evidence object."""
super().__init__(*args, **kwargs)
lp_config = get_config().get('locker.partitions', {})
partition = kwargs.get(
'partition', lp_config.get(f'{self.category}/{self.name}', {}))
self.part_fields = partition.get('fields')
self.part_root = partition.get('root')
def __init__(self, results, controls, push_error=False):
"""
Construct and initialize the Github notifier object.
:param results: dictionary generated by
:py:class:`compliance.runners.CheckMode` at the end of the execution.
:param controls: the control descriptor that manages accreditations.
"""
super(GHIssuesNotifier, self).__init__(results, controls, push_error)
self._config = get_config().get('notify.gh_issues')
if not self._config:
# Ensure that legacy ghe_issues config still works
self._config = get_config().get('notify.ghe_issues', {})
# Using the locker repo url to define the base url. The expectation
# is that the Github issues repository will share the base url.
parsed_locker_url = urlparse(get_config().get('locker.repo_url'))
self._github = Github(
get_config().creds,
f'{parsed_locker_url.scheme}://{parsed_locker_url.hostname}')
def __init__(self, results, dry_run=True, out=sys.stdout):
"""
Construct and initialize the fixer object.
:param results: dictionary of check results.
:param dry_run: dictate whether to inform or perform actions to fix.
:param out: where to write the output for dry-run messages.
"""
self._results = results
self._dry_run = dry_run
self._out = out
self._creds = get_config().creds
def get_evidence_by_path(path, locker=None):
"""
Provide an evidence object specified by the given path.
The following strategy is used:
* Return evidence if it is present in the evidence cache populating
content if necessary and possible.
* If evidence is not in the evidence cache but a locker is provided, then
the evidence will be retrieved from the locker.
* Otherwise, an evidence object is built with the default parameters.
:param path: relative path to the evidence within the Locker. For example,
``raw/source1/evidence.json``.
:returns: the evidence object.
"""
path = substitute_config(path)
evidence = get_config().get_evidence(path)
if evidence:
if locker and evidence.content is None:
evidence = locker.load_content(evidence)
return evidence
if locker:
try:
evidence = locker.get_evidence(path)
get_config().add_evidences([evidence])
return evidence
except ValueError:
pass
try:
rootdir, category, name = path.strip('/').split('/')
except ValueError:
raise ValueError(f'Invalid evidence path format "{path}"')
if rootdir not in __init_map:
raise ValueError(f'Unable to create evidence from root dir {rootdir}')
return __init_map[rootdir](name, category)
def get_template_for(self, test_obj, evidence):
"""
Provide the file path of the template associated to the given evidence.
:param test_report_obj: the test object that needs to create report.
:param evidence: the ReportEvidence object expected.
"""
tmpl_dir = get_config().get_template_dir(test_obj)
if tmpl_dir is None:
raise RuntimeError(
f'Unable to find template directory for test {test_obj.id()}')
tmpl_path = os.path.join(tmpl_dir, evidence.path + '.tmpl')
if not os.path.exists(tmpl_path):
return os.path.join(tmpl_dir, 'default.md.tmpl')
return tmpl_path
def get_evidence_dependency(path, locker, fetcher=None):
"""
Provide evidence to fetchers that depend on that other evidence to fetch.
Use when a fetcher needs evidence fetched by another fetcher in order to
complete its fetch process. The premise is that if the evidence is in the
evidence cache then return that because it was placed there by another
fetcher. If not then get the evidence directly from the locker without
putting that evidence into the evidence cache. When an evidence dependency
is not found the fetcher is queued up as a dependency rerun for subsequent
processing.
:param path: relative path to the evidence within the Locker. For example,
``raw/source1/evidence.json``.
:param locker: evidence Locker object.
:param fetcher: optional Python notation path to fetcher method. If
provided, this defines the fetcher that is added to the re-run list.
Otherwise the execution stack is traversed to find the fetcher caller.
:returns: the evidence object.
"""
path = substitute_config(path)
evidence = get_config().get_evidence(path)
if evidence is None or evidence.content is None:
try:
evidence = locker.get_evidence(path)
except (StaleEvidenceError, EvidenceNotFoundError):
rerun = None
if fetcher:
module, clss, method = fetcher.rsplit('.', 2)
rerun = {'module': module, 'class': clss, 'method': method}
else:
for frame_info in inspect.stack()[1:]:
if frame_info.function.startswith(FETCH_PREFIX):
frame = frame_info.frame
rerun = {
'module': inspect.getmodule(frame).__name__,
'class': frame.f_locals['self'].__class__.__name__,
'method': frame.f_code.co_name
}
break
if not rerun:
raise DependencyFetcherNotFoundError(
f'Cannot re-run, no fetcher found for evidence {path}.')
locker.dependency_rerun.append(rerun)
raise DependencyUnavailableError(
f'evidence dependency {path} is currently unavailable.')
return evidence
# -*- mode:python; coding:utf-8 -*-
# Copyright (c) 2020 IBM Corp. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from compliance.config import get_config
from compliance.evidence import DAY, ReportEvidence, RawEvidence
get_config().add_evidences([
RawEvidence('world_clock_utc.json', 'time', DAY,
'Coordinated Universal Time'),
ReportEvidence('world_clock.md', 'time', DAY,
'World Clock Analysis report.')
])
def generate_toc(self, rpt_metadata):
"""
Generate a check reports table of contents.
This method generates a TOC based on all report evidence metadata and
appends that TOC to the bottom of an evidence locker's README.md file.
:param rpt_metadata: Metadata from all report evidence index.json files
"""
path = pathlib.Path(self.locker.local_path)
files = sorted(
str(f) for f in path.iterdir()
if f.is_file() and f.name in READMES)
readme = files[0] if files else 'README.md'
content_as_str = self.locker.get_content_from_locker(filename=readme)
rpts = []
for rpt, meta in rpt_metadata.items():
if meta.get('pruned_by'):
continue
rpt_descr = meta['description'] or pathlib.Path(rpt).name
rpt_url = self.locker.get_remote_location(rpt, False)
check = meta.get('checks', ['N/A'])[0].rsplit('.', 1).pop(0)
evidences = []
for ev in meta.get('evidence', []):
ev_path = pathlib.Path(ev['path'])
ev_descr = ev['description'] or ev_path.name
if not ev.get('partitions'):
ev_url = self.locker.get_remote_location(
ev['path'], False, ev['commit_sha'])
evidences.append({
'descr': ev_descr,
'url': ev_url,
'from': ev['last_update']
})
else:
for hash_key, part in ev['partitions'].items():
ev_part_descr = f'{ev_descr} - {hash_key} partition'
ev_url = self.locker.get_remote_location(
str(ev_path.parent / f'{hash_key}_{ev_path.name}'),
False, part['commit_sha'])
evidences.append({
'descr': ev_part_descr,
'url': ev_url,
'from': ev['last_update']
})
accreditations = sorted(self.controls.get_accreditations(check))
rpts.append({
'descr':
rpt_descr,
'url':
rpt_url,
'check':
check,
'accreditations':
', '.join(accreditations) or 'N/A',
'from':
meta['last_update'],
'evidences':
sorted(evidences, key=lambda ev: ev['descr'])
})
context = {
'original': content_as_str.split('\n') if content_as_str else [],
'reports': sorted(rpts, key=lambda r: r['descr'])
}
loader = jinja2.FileSystemLoader(get_config().get_template_dir(self))
env = jinja2.Environment(loader=loader, autoescape=True)
content = env.get_template('readme_toc.md.tmpl').render(context)
self.locker.add_content_to_locker(content, filename=readme)
