Merge pull request #7 from GSA-TTS/update-check-script

Improve output for check script
GSA-TTS · Sep 11, 2024 · 3a337e3 · 3a337e3
2 parents 137d233 + 8b5ba63
commit 3a337e3
Show file tree

Hide file tree

Showing 5 changed files with 98 additions and 24 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -28,7 +28,7 @@ RUN adduser \
     --uid "${UID}" \
     appuser
 
-RUN apt-get -y update && apt-get -y install git curl
+RUN apt-get -y update && apt-get -y install git curl jq && apt-get clean
 RUN curl -L "https://packages.cloudfoundry.org/stable?release=linux64-binary&version=v8&source=github" | tar -zx && mv cf* /usr/local/bin/
 
 WORKDIR /app
@@ -40,7 +40,7 @@ RUN chown appuser /app
 # into this layer.
 RUN --mount=type=cache,target=/root/.cache/pip \
     --mount=type=bind,source=requirements.txt,target=requirements.txt \
-    python -m pip install -r requirements.txt
+    python -m pip install -r requirements.txt --upgrade
 
 # Switch to the non-privileged user to run the application.
 USER appuser

diff --git a/bin/check b/bin/check
@@ -4,8 +4,15 @@ set -e
 
 python c2p/compliance_to_policy.py -c cdef.json -o auditree/auditree.json
 
-cd auditree
-compliance --check devtools.arboretum.accred,devtools.cloudgov.accred -C auditree.json --evidence full-remote &> /dev/null
+(cd auditree && compliance --check devtools.arboretum.accred,devtools.cloudgov.accred -C auditree.json --evidence full-remote)
 
-cd ..
-python c2p/result_to_compliance.py -c cdef.json -i /tmp/compliance/check_results.json
+if [ "$1" = "" ]; then
+  ar="$(mktemp -d)/auditree.json"
+else
+  ar="$1"
+fi
+
+python c2p/result_to_compliance.py -c cdef.json -i /tmp/compliance/check_results.json > $ar
+
+locker_repo=`jq -r ".locker.repo_url" auditree/auditree.json`
+plant-helper -f "$ar" -c assessment-results -d "Auditree check assessment-results" -l "$locker_repo"
diff --git a/bin/plant-helper b/bin/plant-helper
@@ -0,0 +1,67 @@
+#! /usr/bin/env bash
+
+usage="
+$0: Plant external evidence in the evidence locker
+
+Usage:
+    $0 -h
+    $0 -f FILE_PATH -c CATEGORY -d DESCRIPTION [-t TTL] -l LOCKER_URL [-b LOCKER_BRANCH] [-n]
+
+Options:
+-h: show help and exit
+-f: file to plant. ex: '/abs/path/to/filename.json'
+-c: Evidence Category
+-d: Evidence Description
+-t: Evidence TTL. Default: 86400
+-l: https version of locker repository
+-b: main branch used in locker repository. Default: 'main'
+-n: Dry run mode
+"
+
+set -e
+
+mode="push-remote"
+branch="main"
+ttl=86400
+file=""
+category=""
+description=""
+locker=""
+
+while getopts "hf:c:d:t:l:b:n" opt; do
+    case "$opt" in
+        f)
+            file=${OPTARG}
+            ;;
+        c)
+            category=${OPTARG}
+            ;;
+        d)
+            description=${OPTARG}
+            ;;
+        t)
+            ttl=${OPTARG}
+            ;;
+        l)
+            locker=${OPTARG}
+            ;;
+        b)
+            branch=${OPTARG}
+            ;;
+        n)
+            mode="dry-run"
+            ;;
+        h)
+            echo "$usage"
+            exit 0
+            ;;
+    esac
+done
+
+if [ "$file" = "" ] || [ "$category" = "" ] || [ "$description" = "" ] || [ "$locker" = "" ]; then
+    echo "$usage"
+    exit 1
+fi
+
+config="{\"$file\":{\"category\":\"$category\",\"ttl\":$ttl,\"description\":\"$description\"}}"
+plant "$mode" "$locker" --branch "$branch" --config "$config"
diff --git a/bin/prune-helper b/bin/prune-helper
@@ -5,42 +5,40 @@ $0: Prune obsolete evidence from the evidence locker
 
 Usage:
     $0 -h
-    $0 -c PRUNE_CONFIG -l LOCKER_URL [-b LOCKER_BRANCH] [-e EMAIL_ADDRESS] [-d]
+    $0 -f FILE_PATH -r REASON -l LOCKER_URL [-b LOCKER_BRANCH] [-d]
 
 Options:
 -h: show help and exit
--c: prune config. ex: '{\"path/to/filename.json\":\"Reason it is being pruned\"}'
+-f: file to prune. Should be given as a relative path from the root of the evidence repo
+-r: Reason the evidence is being pruned
 -l: https version of locker repository
 -b: main branch used in locker repository. Default: 'main'
--e: your email address. Defaults to '$GIT_EMAIL'
--d: Dry run mode
+-n: Dry run mode
 "
 
-echo "Calling prune-helper script"
-
 set -e
 
 mode="push-remote"
 branch="main"
-config=""
-email="$GIT_EMAIL"
+file=""
+reason=""
 locker=""
 
-while getopts "hc:e:l:b:d" opt; do
+while getopts "hf:r:l:b:n" opt; do
     case "$opt" in
-        c)
-            config=${OPTARG}
+        f)
+            file=${OPTARG}
             ;;
-        e)
-            email=${OPTARG}
+        r)
+            reason=${OPTARG}
             ;;
         l)
             locker=${OPTARG}
             ;;
         b)
             branch=${OPTARG}
             ;;
-        d)
+        n)
             mode="dry-run"
             ;;
         h)
@@ -50,9 +48,10 @@ while getopts "hc:e:l:b:d" opt; do
     esac
 done
 
-if [ "$config" = "" ] || [ "$locker" = "" ] || [ "$email" = "" ]; then
+if [ "$file" = "" ] || [ "$reason" = "" ] || [ "$locker" = "" ]; then
     echo "$usage"
     exit 1
 fi
 
-prune "$mode" --config "$config" --git-config "{\"user\":{\"email\":\"$email\"}}" --branch "$branch" "$locker"
+config="{\"$file\":\"$reason\"}"
+prune "$mode" --config "$config" --branch "$branch" "$locker"
diff --git a/requirements.txt b/requirements.txt
@@ -1,4 +1,5 @@
 auditree-framework @ git+https://github.com/ComplianceAsCode/auditree-framework.git
 auditree-arboretum ~= 0.17
-auditree-prune @ git+https://github.com/rahearn/auditree-prune.git
-compliance-to-policy @ git+https://github.com/rahearn/compliance-to-policy.git
+auditree-prune @ git+https://github.com/ComplianceAsCode/auditree-prune.git
+auditree-plant @ git+https://github.com/rahearn/auditree-plant.git
+compliance-to-policy ~= 0.4