2022-04-11 20:42:16 +00:00
|
|
|
// Command jira-integration tests creating a ticket to a Jira instance via
|
|
|
|
|
// the Fleet worker processor. It creates it exactly as if a Jira integration
|
|
|
|
|
// was configured and a new CVE and related CPEs was found.
|
|
|
|
|
//
|
|
|
|
|
// Note that the Jira user's password must be provided via an environment
|
|
|
|
|
// variable, JIRA_PASSWORD.
|
|
|
|
|
package main
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"encoding/json"
|
|
|
|
|
"flag"
|
|
|
|
|
"fmt"
|
|
|
|
|
"log"
|
|
|
|
|
"os"
|
|
|
|
|
|
|
|
|
|
"github.com/fleetdm/fleet/v4/server/fleet"
|
|
|
|
|
"github.com/fleetdm/fleet/v4/server/mock"
|
|
|
|
|
"github.com/fleetdm/fleet/v4/server/service/externalsvc"
|
|
|
|
|
"github.com/fleetdm/fleet/v4/server/worker"
|
|
|
|
|
kitlog "github.com/go-kit/kit/log"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
|
var (
|
2022-06-06 14:41:51 +00:00
|
|
|
jiraURL = flag.String("jira-url", "", "The Jira instance URL")
|
|
|
|
|
jiraUsername = flag.String("jira-username", "", "The Jira username")
|
|
|
|
|
jiraProjectKey = flag.String("jira-project-key", "", "The Jira project key")
|
|
|
|
|
fleetURL = flag.String("fleet-url", "https://localhost:8080", "The Fleet server URL")
|
|
|
|
|
cve = flag.String("cve", "", "The CVE to create a Jira issue for")
|
|
|
|
|
hostsCount = flag.Int("hosts-count", 1, "The number of hosts to match the CVE or failing policy")
|
|
|
|
|
failingPolicyID = flag.Int("failing-policy-id", 0, "The failing policy ID")
|
|
|
|
|
failingPolicyTeamID = flag.Int("failing-policy-team-id", 0, "The Team ID of the failing policy")
|
2022-04-11 20:42:16 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
flag.Parse()
|
|
|
|
|
|
|
|
|
|
if *jiraURL == "" {
|
|
|
|
|
fmt.Fprintf(os.Stderr, "-jira-url is required")
|
|
|
|
|
os.Exit(1)
|
|
|
|
|
}
|
|
|
|
|
if *jiraUsername == "" {
|
|
|
|
|
fmt.Fprintf(os.Stderr, "-jira-username is required")
|
|
|
|
|
os.Exit(1)
|
|
|
|
|
}
|
|
|
|
|
if *jiraProjectKey == "" {
|
|
|
|
|
fmt.Fprintf(os.Stderr, "-jira-project-key is required")
|
|
|
|
|
os.Exit(1)
|
|
|
|
|
}
|
2022-06-06 14:41:51 +00:00
|
|
|
if *cve == "" && *failingPolicyID == 0 {
|
|
|
|
|
fmt.Fprintf(os.Stderr, "one of -cve or -failing-policy-id is required")
|
|
|
|
|
os.Exit(1)
|
|
|
|
|
}
|
|
|
|
|
if *cve != "" && *failingPolicyID != 0 {
|
|
|
|
|
fmt.Fprintf(os.Stderr, "only one of -cve or -failing-policy-id is allowed")
|
2022-04-11 20:42:16 +00:00
|
|
|
os.Exit(1)
|
|
|
|
|
}
|
|
|
|
|
if *hostsCount <= 0 {
|
|
|
|
|
fmt.Fprintf(os.Stderr, "-hosts-count must be at least 1")
|
|
|
|
|
os.Exit(1)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
jiraPassword := os.Getenv("JIRA_PASSWORD")
|
|
|
|
|
if jiraPassword == "" {
|
|
|
|
|
fmt.Fprintf(os.Stderr, "JIRA_PASSWORD is required")
|
|
|
|
|
os.Exit(1)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
logger := kitlog.NewLogfmtLogger(os.Stdout)
|
|
|
|
|
|
|
|
|
|
ds := new(mock.Store)
|
|
|
|
|
ds.HostsByCVEFunc = func(ctx context.Context, cve string) ([]*fleet.HostShort, error) {
|
|
|
|
|
hosts := make([]*fleet.HostShort, *hostsCount)
|
|
|
|
|
for i := 0; i < *hostsCount; i++ {
|
|
|
|
|
hosts[i] = &fleet.HostShort{ID: uint(i + 1), Hostname: fmt.Sprintf("host-test-%d", i+1)}
|
|
|
|
|
}
|
|
|
|
|
return hosts, nil
|
|
|
|
|
}
|
2022-06-06 14:41:51 +00:00
|
|
|
ds.AppConfigFunc = func(ctx context.Context) (*fleet.AppConfig, error) {
|
|
|
|
|
return &fleet.AppConfig{
|
|
|
|
|
Integrations: fleet.Integrations{
|
|
|
|
|
Jira: []*fleet.JiraIntegration{
|
|
|
|
|
{
|
|
|
|
|
EnableSoftwareVulnerabilities: *cve != "",
|
2022-06-13 14:04:47 +00:00
|
|
|
URL: *jiraURL,
|
|
|
|
|
Username: *jiraUsername,
|
|
|
|
|
APIToken: jiraPassword,
|
|
|
|
|
ProjectKey: *jiraProjectKey,
|
|
|
|
|
EnableFailingPolicies: *failingPolicyID > 0,
|
2022-06-06 14:41:51 +00:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
ds.TeamFunc = func(ctx context.Context, tid uint) (*fleet.Team, error) {
|
|
|
|
|
return &fleet.Team{
|
|
|
|
|
ID: tid,
|
|
|
|
|
Name: fmt.Sprintf("team-test-%d", tid),
|
|
|
|
|
Config: fleet.TeamConfig{
|
|
|
|
|
Integrations: fleet.TeamIntegrations{
|
|
|
|
|
Jira: []*fleet.TeamJiraIntegration{
|
|
|
|
|
{
|
|
|
|
|
URL: *jiraURL,
|
|
|
|
|
ProjectKey: *jiraProjectKey,
|
|
|
|
|
EnableFailingPolicies: *failingPolicyID > 0,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
2022-04-11 20:42:16 +00:00
|
|
|
|
|
|
|
|
jira := &worker.Jira{
|
2022-06-06 14:41:51 +00:00
|
|
|
FleetURL: *fleetURL,
|
|
|
|
|
Datastore: ds,
|
|
|
|
|
Log: logger,
|
|
|
|
|
NewClientFunc: func(opts *externalsvc.JiraOptions) (worker.JiraClient, error) {
|
|
|
|
|
return externalsvc.NewJiraClient(opts)
|
|
|
|
|
},
|
2022-04-11 20:42:16 +00:00
|
|
|
}
|
|
|
|
|
|
2022-06-06 14:41:51 +00:00
|
|
|
var argsJSON json.RawMessage
|
|
|
|
|
if *cve != "" {
|
|
|
|
|
argsJSON = json.RawMessage(fmt.Sprintf(`{"cve":%q}`, *cve))
|
|
|
|
|
} else if *failingPolicyID > 0 {
|
|
|
|
|
jsonStr := fmt.Sprintf(`{"failing_policy":{"policy_id": %d, "policy_name": "test-policy-%[1]d", `, *failingPolicyID)
|
|
|
|
|
if *failingPolicyTeamID > 0 {
|
|
|
|
|
jsonStr += fmt.Sprintf(`"team_id":%d, `, *failingPolicyTeamID)
|
|
|
|
|
}
|
|
|
|
|
jsonStr += `"hosts": `
|
|
|
|
|
hosts := make([]fleet.PolicySetHost, 0, *hostsCount)
|
|
|
|
|
for i := 1; i <= *hostsCount; i++ {
|
|
|
|
|
hosts = append(hosts, fleet.PolicySetHost{ID: uint(i), Hostname: fmt.Sprintf("host-test-%d", i)})
|
|
|
|
|
}
|
|
|
|
|
b, _ := json.Marshal(hosts)
|
|
|
|
|
jsonStr += string(b) + "}}"
|
|
|
|
|
argsJSON = json.RawMessage(jsonStr)
|
|
|
|
|
}
|
2022-04-11 20:42:16 +00:00
|
|
|
|
2022-06-06 14:41:51 +00:00
|
|
|
if err := jira.Run(context.Background(), argsJSON); err != nil {
|
2022-04-11 20:42:16 +00:00
|
|
|
log.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
}
|
