1
0
mirror of https://github.com/strongdm/comply synced 2024-11-22 07:34:54 +00:00

Optionally, authorship and approval information appended to policies (#54)

This commit is contained in:
Alan Cox 2018-08-29 18:39:50 -04:00 committed by Justin McCarthy
parent bcc9b06ac4
commit 274986ad9c
3 changed files with 53 additions and 0 deletions

View File

@ -1,5 +1,17 @@
name: "Acme"
filePrefix: "Acme"
# The following setting is optional.
# If you set this (to, e.g. master), and you build the policies
# on that branch, then a section is appended to each policy that
# describes the approval. Text will look like:
#
# Last edit made by John Doe (jdoe@email.com) on Wed, 15 Aug 2018 12:45:28 -0400.
# Approved by Joan Smith (jsmith@email.com) on Wed, 15 Aug 2018 16:54:48 -0400 in commit abc123123.
#
# The change author gets credit for the edit.
# The person who committed or merged to the approval branch gets credit for approval.
approvedBranch: master
tickets:
github:
token: XXX

View File

@ -37,6 +37,7 @@ type Project struct {
Pandoc string `yaml:"pandoc,omitempty"`
FilePrefix string `yaml:"filePrefix"`
Tickets map[string]interface{} `yaml:"tickets"`
ApprovedBranch string `yaml:"approvedBranch"`
}
// SetPandoc records pandoc availability during initialization

View File

@ -14,6 +14,7 @@ import (
"github.com/pkg/errors"
"github.com/strongdm/comply/internal/config"
"github.com/strongdm/comply/internal/model"
"os/exec"
)
// TODO: refactor and eliminate duplication among narrative, policy renderers
@ -53,6 +54,36 @@ func renderToFilesystem(wg *sync.WaitGroup, errOutputCh chan error, data *render
}(doc)
}
func getGitApprovalInfo(pol *model.Document) (string, error) {
cfg := config.Config()
// Decide whether we are on the git branch that contains the approved policies
gitBranchArgs := []string{"rev-parse","--abbrev-ref", "HEAD"}
gitBranchCmd := exec.Command("git", gitBranchArgs...)
gitBranchInfo, err := gitBranchCmd.CombinedOutput()
if err != nil {
fmt.Println(string(gitBranchInfo))
return "", errors.Wrap(err, "error looking up git branch")
}
// if no approved branch specified in config.yaml, then nothing gets added to the document
// if on a different branch than the approved branch, then nothing gets added to the document
if len(cfg.ApprovedBranch) == 0 || strings.Compare(strings.TrimSpace(fmt.Sprintf("%s",gitBranchInfo)), cfg.ApprovedBranch ) != 0 {
return "", nil
}
// Grab information related to commit, so that we can put approval information in the document
gitArgs := []string{"log", "-n", "1", "--pretty=format:Last edit made by %an (%aE) on %aD.\n\nApproved by %cn (%cE) on %cD in commit %H.", "--", pol.FullPath}
cmd := exec.Command("git", gitArgs...)
gitApprovalInfo, err := cmd.CombinedOutput()
if err != nil {
fmt.Println(string(gitApprovalInfo))
return "", errors.Wrap(err, "error looking up git committer and author data")
}
return fmt.Sprintf("%s\n%s", "# Authorship and Approval", gitApprovalInfo), nil
}
func preprocessDoc(data *renderData, pol *model.Document, fullPath string) error {
cfg := config.Config()
@ -89,6 +120,12 @@ func preprocessDoc(data *renderData, pol *model.Document, fullPath string) error
revisionTable = fmt.Sprintf("|Date|Comment|\n|---+--------------------------------------------|\n%s\nTable: Document history\n", rows)
}
gitApprovalInfo, err := getGitApprovalInfo(pol)
if err != nil {
return err
}
doc := fmt.Sprintf(`%% %s
%% %s
%% %s
@ -104,6 +141,8 @@ foot-content: "%s confidential %d"
%s
\newpage
%s
%s`,
pol.Name,
cfg.Name,
@ -114,6 +153,7 @@ foot-content: "%s confidential %d"
satisfiesTable,
revisionTable,
body,
gitApprovalInfo,
)
err = ioutil.WriteFile(fullPath, []byte(doc), os.FileMode(0644))
if err != nil {