From 93c1cfbfb8850bf6ee84298f2b11cd820880340b Mon Sep 17 00:00:00 2001 From: Mikita Iwanowski Date: Tue, 9 Jul 2024 23:23:12 +0200 Subject: [PATCH 1/9] feat: sync mondoo-go --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index d6eebd90..8949de83 100644 --- a/go.mod +++ b/go.mod @@ -34,7 +34,7 @@ require ( github.com/spf13/viper v1.19.0 github.com/stretchr/testify v1.9.0 go.mondoo.com/cnquery/v11 v11.12.2 - go.mondoo.com/mondoo-go v0.0.0-20240704105318-097765f8523d + go.mondoo.com/mondoo-go v0.0.0-20240709212130-c2418a0535d4 go.mondoo.com/ranger-rpc v0.6.1 go.opentelemetry.io/otel v1.28.0 gocloud.dev v0.37.0 diff --git a/go.sum b/go.sum index f2f6de41..dfe273d9 100644 --- a/go.sum +++ b/go.sum @@ -1235,6 +1235,8 @@ go.mondoo.com/cnquery/v11 v11.12.2 h1:qkhPHt75rWSXCIAQHr6yRm3fsper3RJWVSWEQFg13X go.mondoo.com/cnquery/v11 v11.12.2/go.mod h1:fwsl8ivZwHW/GDEevxir1cQF864/gJ0rmjVtAigQuS4= go.mondoo.com/mondoo-go v0.0.0-20240704105318-097765f8523d h1:Jr55zA89Yf70egaA1wZXUUJGnUc+O5HkTGBBKjU9poI= go.mondoo.com/mondoo-go v0.0.0-20240704105318-097765f8523d/go.mod h1:4032UBD0ph9LyhXq5OQmmxkJv37HdAGi34YLWbhnMDA= +go.mondoo.com/mondoo-go v0.0.0-20240709212130-c2418a0535d4 h1:kynKlEkGktvbS9sp679biYRbliKBAdAYpYRDWp+ktY0= +go.mondoo.com/mondoo-go v0.0.0-20240709212130-c2418a0535d4/go.mod h1:4032UBD0ph9LyhXq5OQmmxkJv37HdAGi34YLWbhnMDA= go.mondoo.com/ranger-rpc v0.6.1 h1:aOMsKD7zwQBGmt998fdAkk/G+XWk5+sjsi/XPVUSCJw= go.mondoo.com/ranger-rpc v0.6.1/go.mod h1:sbv789sxgfu1vpJzmD7j4/FgjFB41GDWsM0d6fNsu68= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= From 4bd32945fe71349eb97638ccd05179dee8f00c5c Mon Sep 17 00:00:00 2001 From: Mikita Iwanowski Date: Tue, 9 Jul 2024 23:23:19 +0200 Subject: [PATCH 2/9] feat: add cmd alias --- apps/cnspec/cmd/framework.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/apps/cnspec/cmd/framework.go b/apps/cnspec/cmd/framework.go index 23af2b1b..659c6d8a 100644 --- a/apps/cnspec/cmd/framework.go +++ b/apps/cnspec/cmd/framework.go @@ -46,8 +46,9 @@ func init() { } var frameworkCmd = &cobra.Command{ - Use: "framework", - Short: "Manage local and Mondoo Platform hosted compliance frameworks", + Use: "framework", + Short: "Manage local and Mondoo Platform hosted compliance frameworks", + Aliases: []string{"frameworks"}, } var frameworkListCmd = &cobra.Command{ From 541d38e27315a6249b971a026fdaf57cdd5a27c2 Mon Sep 17 00:00:00 2001 From: Mikita Iwanowski Date: Tue, 9 Jul 2024 23:25:28 +0200 Subject: [PATCH 3/9] fix: log message --- apps/cnspec/cmd/framework.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/cnspec/cmd/framework.go b/apps/cnspec/cmd/framework.go index 659c6d8a..c72df61f 100644 --- a/apps/cnspec/cmd/framework.go +++ b/apps/cnspec/cmd/framework.go @@ -291,7 +291,7 @@ var frameworkActiveCmd = &cobra.Command{ os.Exit(1) } if !ok { - log.Error().Msgf("failed to set compliance framework to preview state in space") + log.Error().Msgf("failed to set compliance framework to active state in space") os.Exit(1) } log.Info().Msg(theme.DefaultTheme.Success("successfully set compliance framework to active state in space")) From 7223b864607c9b41ae148f44dc25ae882f2801f8 Mon Sep 17 00:00:00 2001 From: Mikita Iwanowski Date: Tue, 9 Jul 2024 23:27:36 +0200 Subject: [PATCH 4/9] fix: mutation enable --- apps/cnspec/cmd/framework.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/cnspec/cmd/framework.go b/apps/cnspec/cmd/framework.go index c72df61f..575015d8 100644 --- a/apps/cnspec/cmd/framework.go +++ b/apps/cnspec/cmd/framework.go @@ -284,7 +284,7 @@ var frameworkActiveCmd = &cobra.Command{ ok, err := cnspec_upstream.MutateFrameworkState( context.Background(), mondooClient, frameworkMrn, - opts.GetParentMrn(), mondoogql.ComplianceFrameworkMutationActionPreview, + opts.GetParentMrn(), mondoogql.ComplianceFrameworkMutationActionEnable, ) if err != nil { log.Error().Msgf("failed to set compliance framework to active state in space: %s", err) From 1b8ee288e490b8b3d168abbb4b7d443db9eb32f8 Mon Sep 17 00:00:00 2001 From: Mikita Iwanowski Date: Tue, 9 Jul 2024 23:29:10 +0200 Subject: [PATCH 5/9] feat: add aliases --- apps/cnspec/cmd/framework.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/apps/cnspec/cmd/framework.go b/apps/cnspec/cmd/framework.go index 575015d8..b2396cdc 100644 --- a/apps/cnspec/cmd/framework.go +++ b/apps/cnspec/cmd/framework.go @@ -262,9 +262,10 @@ var frameworkPreviewCmd = &cobra.Command{ } var frameworkActiveCmd = &cobra.Command{ - Use: "active [mrn]", - Short: "Change a framework status to active", - Args: cobra.ExactArgs(1), + Use: "active [mrn]", + Aliases: []string{"enable", "activate"}, + Short: "Change a framework status to active", + Args: cobra.ExactArgs(1), RunE: func(cmd *cobra.Command, args []string) error { opts, err := config.Read() if err != nil { From 2a1327f7470d438e2e0a5d54656435ebd6aa3384 Mon Sep 17 00:00:00 2001 From: Mikita Iwanowski Date: Wed, 10 Jul 2024 12:53:01 +0200 Subject: [PATCH 6/9] feat: disable framework command --- apps/cnspec/cmd/framework.go | 40 ++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/apps/cnspec/cmd/framework.go b/apps/cnspec/cmd/framework.go index b2396cdc..2918458d 100644 --- a/apps/cnspec/cmd/framework.go +++ b/apps/cnspec/cmd/framework.go @@ -300,3 +300,43 @@ var frameworkActiveCmd = &cobra.Command{ return nil }, } + +var frameworkDisabledCmd = &cobra.Command{ + Use: "disabled [mrn]", + Aliases: []string{"disable"}, + Short: "Change a framework status to disabled", + Args: cobra.ExactArgs(1), + RunE: func(cmd *cobra.Command, args []string) error { + opts, err := config.Read() + if err != nil { + return err + } + config.DisplayUsedConfig() + + mondooClient, err := getGqlClient(opts) + if err != nil { + return err + } + + frameworkMrn := args[0] + if !strings.HasPrefix(frameworkMrn, PolicyMrnPrefix) { + frameworkMrn = FrameworkMrnPrefix + "/" + frameworkMrn + } + + ok, err := cnspec_upstream.MutateFrameworkState( + context.Background(), mondooClient, frameworkMrn, + opts.GetParentMrn(), mondoogql.ComplianceFrameworkMutationActionDisable, + ) + if err != nil { + log.Error().Msgf("failed to set compliance framework to disabled state in space: %s", err) + os.Exit(1) + } + if !ok { + log.Error().Msgf("failed to set compliance framework to disabled state in space") + os.Exit(1) + } + log.Info().Msg(theme.DefaultTheme.Success("successfully set compliance framework to disabled state in space")) + + return nil + }, +} From 9d4fa44ba693c93b7a0abb1d41bc65fec17bb2e4 Mon Sep 17 00:00:00 2001 From: Mikita Iwanowski Date: Wed, 10 Jul 2024 12:53:18 +0200 Subject: [PATCH 7/9] feat: display preview state --- apps/cnspec/cmd/framework.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/apps/cnspec/cmd/framework.go b/apps/cnspec/cmd/framework.go index 2918458d..44c28f46 100644 --- a/apps/cnspec/cmd/framework.go +++ b/apps/cnspec/cmd/framework.go @@ -37,6 +37,8 @@ func init() { frameworkCmd.AddCommand(frameworkPreviewCmd) // active frameworkCmd.AddCommand(frameworkActiveCmd) + // disabled + frameworkCmd.AddCommand(frameworkDisabledCmd) // download frameworkDownloadCmd.Flags().StringP("file", "f", "", "output file") frameworkCmd.AddCommand(frameworkDownloadCmd) @@ -105,6 +107,8 @@ var frameworkListCmd = &cobra.Command{ extraInfo := []string{} if framework.State == mondoogql.ComplianceFrameworkStateActive { extraInfo = append(extraInfo, theme.DefaultTheme.Success("active")) + } else if framework.State == mondoogql.ComplianceFrameworkStatePreview { + extraInfo = append(extraInfo, theme.DefaultTheme.PolicyPrinter.Yellow("preview")) } else if framework.State == mondoogql.ComplianceFrameworkState("") { extraInfo = append(extraInfo, theme.DefaultTheme.Disabled("local")) } From d982ce14b67f320d4ee39f2f98a894b1fc77c2fb Mon Sep 17 00:00:00 2001 From: Mikita Iwanowski Date: Wed, 10 Jul 2024 14:48:39 +0200 Subject: [PATCH 8/9] feat: handle disable frameworks --- policy/resolver.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/policy/resolver.go b/policy/resolver.go index 7d1d3026..e09ab376 100644 --- a/policy/resolver.go +++ b/policy/resolver.go @@ -84,8 +84,8 @@ func (s *LocalServices) Assign(ctx context.Context, assignment *PolicyAssignment // Unassign a policy to an asset func (s *LocalServices) Unassign(ctx context.Context, assignment *PolicyAssignment) (*Empty, error) { - if len(assignment.PolicyMrns) == 0 { - return nil, status.Error(codes.InvalidArgument, "a policy mrn is required") + if len(assignment.PolicyMrns)+len(assignment.FrameworkMrns) == 0 { + return nil, status.Error(codes.InvalidArgument, "a policy or framework mrn is required") } // all remote, call upstream From fbe8ce54e61c754596d0ea7905439c042ee1176d Mon Sep 17 00:00:00 2001 From: Mikita Iwanowski Date: Wed, 10 Jul 2024 18:31:14 +0200 Subject: [PATCH 9/9] add disabled handle --- apps/cnspec/cmd/framework.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apps/cnspec/cmd/framework.go b/apps/cnspec/cmd/framework.go index 44c28f46..8cab1cb1 100644 --- a/apps/cnspec/cmd/framework.go +++ b/apps/cnspec/cmd/framework.go @@ -109,6 +109,8 @@ var frameworkListCmd = &cobra.Command{ extraInfo = append(extraInfo, theme.DefaultTheme.Success("active")) } else if framework.State == mondoogql.ComplianceFrameworkStatePreview { extraInfo = append(extraInfo, theme.DefaultTheme.PolicyPrinter.Yellow("preview")) + } else if framework.State == mondoogql.ComplianceFrameworkStateDisabled { + extraInfo = append(extraInfo, theme.DefaultTheme.Disabled("disabled")) } else if framework.State == mondoogql.ComplianceFrameworkState("") { extraInfo = append(extraInfo, theme.DefaultTheme.Disabled("local")) }