Github/comply
1
0
Fork 0
mirror of https://github.com/strongdm/comply synced 2025-12-15 10:43:47 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: Github:v1.2.2
Branches Tags
Github:master Github:v2-update Github:feature/windows Github:feautre/windows
Github:v1.6.0 Github:v1.5.2 Github:v1.5.1 Github:v1.5.0 Github:v1.5.0-dev Github:v1.4.5 Github:v1.4.3 Github:v1.4.2 Github:v1.4.1 Github:v1.4.0 Github:v1.3.7 Github:v1.3.6 Github:v1.3.5 Github:v1.3.4 Github:v1.3.3 Github:v1.3.2 Github:v1.3.1 Github:v1.3.0 Github:v1.2.6 Github:v1.2.5 Github:v1.2.4 Github:v1.2.3 Github:v1.2.2 Github:v1.2.1 Github:v1.2.0 Github:v1.1.27 Github:v1.1.26 Github:v1.1.25 Github:v1.1.24 Github:v1.1.23 Github:v1.1.22 Github:v1.1.21 Github:v1.1.20 Github:v1.1.19 Github:v1.1.18 Github:v1.1.17 Github:v1.1.16 Github:v1.1.15 Github:v1.1.14 Github:v1.1.13 Github:v1.1.12 Github:v1.1.11 Github:v1.1.10 Github:v1.1.9 Github:v1.1.8 Github:v1.1.7 Github:v1.1.6 Github:v1.1.5 Github:v1.1.4 Github:v1.1.3 Github:v1.1.2 Github:v1.1.1 Github:v1.1.0 Github:v1.0.14 Github:v1.0.13 Github:v1.0.12 Github:v1.0.11 Github:v1.0.10 Github:v1.0.9 Github:v1.0.8 Github:v1.0.7 Github:v1.0.6-1-g90a5079 Github:v1.0.6 Github:v0.0.3-1-g1c90341-3-gd1fdd37 Github:v0.0.3-1-g1c90341 Github:v0.0.5 Github:v0.0.3 Github:v0.0.3-dev Github:v0.0.4 Github:v0.0.1 Github:v0.0.2
...
compare: Github:v2-update
Branches Tags
Github:master Github:v2-update Github:feature/windows Github:feautre/windows
Github:v1.6.0 Github:v1.5.2 Github:v1.5.1 Github:v1.5.0 Github:v1.5.0-dev Github:v1.4.5 Github:v1.4.3 Github:v1.4.2 Github:v1.4.1 Github:v1.4.0 Github:v1.3.7 Github:v1.3.6 Github:v1.3.5 Github:v1.3.4 Github:v1.3.3 Github:v1.3.2 Github:v1.3.1 Github:v1.3.0 Github:v1.2.6 Github:v1.2.5 Github:v1.2.4 Github:v1.2.3 Github:v1.2.2 Github:v1.2.1 Github:v1.2.0 Github:v1.1.27 Github:v1.1.26 Github:v1.1.25 Github:v1.1.24 Github:v1.1.23 Github:v1.1.22 Github:v1.1.21 Github:v1.1.20 Github:v1.1.19 Github:v1.1.18 Github:v1.1.17 Github:v1.1.16 Github:v1.1.15 Github:v1.1.14 Github:v1.1.13 Github:v1.1.12 Github:v1.1.11 Github:v1.1.10 Github:v1.1.9 Github:v1.1.8 Github:v1.1.7 Github:v1.1.6 Github:v1.1.5 Github:v1.1.4 Github:v1.1.3 Github:v1.1.2 Github:v1.1.1 Github:v1.1.0 Github:v1.0.14 Github:v1.0.13 Github:v1.0.12 Github:v1.0.11 Github:v1.0.10 Github:v1.0.9 Github:v1.0.8 Github:v1.0.7 Github:v1.0.6-1-g90a5079 Github:v1.0.6 Github:v0.0.3-1-g1c90341-3-gd1fdd37 Github:v0.0.3-1-g1c90341 Github:v0.0.5 Github:v0.0.3 Github:v0.0.3-dev Github:v0.0.4 Github:v0.0.1 Github:v0.0.2

84 Commits
v1.2.2 ... v2-update

Author SHA1 Message Date
Craine Runton
351c47e381 Update renderer to simplify framework criteria satisfaction based on controls in place, in addition to existing policy and narrative 2020-09-17 16:37:02 -05:00
Craine Runton
8f5a63db53 Read framework files as .yaml instead of .yml because that is what the file extensions typically come in. 2020-09-17 10:39:14 -05:00
Craine Runton
e289d6d8f4 Add a model for a Control, which ou can use to document control statements, owners, governing policies, etc. 2020-09-17 10:38:11 -05:00
Craine Runton
a66764470c Refactor "Controls" to "Criterion" so we can add the "Program Controls" model in next 2020-09-15 16:21:16 -05:00
Craine Runton
84e439e7cc Refactor "Standards" to "Frameworks" 2020-09-15 14:52:22 -05:00
Justin McCarthy
dbe49a09b3 increment patch for release (via Makefile) 2020-09-14 13:45:15 -07:00
Justin McCarthy
73bebe0202 go.mod: go mod vendor 
Addresses #94
 2020-09-14 13:44:19 -07:00
Justin McCarthy
f5f7c08b73 increment minor for release (via Makefile) 2020-09-14 12:01:37 -07:00
Justin McCarthy
b2276f9e54 increment patch for release (via Makefile) 2020-09-14 11:54:47 -07:00
Justin McCarthy
f1b5bbeff9 manual version bump 2020-09-14 11:54:24 -07:00
Justin McCarthy
b7acb1eecf increment patch for release (via Makefile) 2020-09-14 11:43:46 -07:00
Justin McCarthy
da8a574e86 increment patch for release (via Makefile) 2020-09-14 11:41:38 -07:00
Justin McCarthy
7468711b3b go.mod: update gitlab dep to v0.30.1 
Releases after github.com/xanzy/go-gitlab@v0.31.0 introduce breaking
changes to the NewClient call.

Addresses #94
 2020-09-14 11:31:56 -07:00
Michael E. Gruen
8baf787ed7 Bug fixes (gitlab.go): pagination, labels (#84) 2020-09-14 11:11:09 -07:00
Justin McCarthy
4c5c18964b go.mod: update dependencies 
Addresses #94
 2020-09-14 11:08:56 -07:00
U Cirello
c5a1bd804b Merge pull request #65 from ucirello/master 
chore: migrate to go modules
 2019-08-13 00:42:53 +02:00
Carlos C
c303b68201 chore: migrate to go modules 2019-07-14 13:51:10 -03:00
Paddy Byers
87e8266f1b Allow github config to be passed in env (#62) 2019-06-18 12:28:16 -04:00
Justin McCarthy
e8d6d536a8 doc enhancements 2019-03-16 00:28:08 -07:00
Justin McCarthy
ef7a4092a7 increment patch for release (via Makefile) 2019-03-16 00:21:09 -07:00
Justin McCarthy
9bcc88eebc all interfaces 2019-03-16 00:21:01 -07:00
Justin McCarthy
edd3c7dd44 prep port exposure from docker 2019-03-16 00:20:46 -07:00
Justin McCarthy
25058359ea increment minor for release (via Makefile) 2019-03-16 00:05:08 -07:00
Justin McCarthy
c4a0b7afff do not refresh assets during release 2019-03-16 00:04:55 -07:00
Justin McCarthy
ef32942dad Serve now provides an HTTP server, listening on port 4000 by default. Listen port can be set with the --port flag to the serve command. Websocket refresh remains intact. 2019-03-16 00:02:50 -07:00
Justin McCarthy
0c9dbd736b slightly better description 2019-02-21 00:54:22 -08:00
Justin McCarthy
b98d179847 Dockerfile example 2019-02-20 22:51:41 -08:00
Justin McCarthy
435ac086c0 increment patch for release (via Makefile) 2018-12-17 14:52:27 -08:00
Justin McCarthy
0ddbb6cf52 automated asset refresh (via Makefile) 2018-12-17 14:52:19 -08:00
Justin McCarthy
3ebccc2811 Revert "automated asset refresh (via Makefile)" 
This reverts commit 24ff9dd762.
 2018-12-17 14:51:46 -08:00
Justin McCarthy
b39bec8108 do not auto-clobber from example 2018-12-17 14:51:07 -08:00
Justin McCarthy
c699c64627 increment patch for release (via Makefile) 2018-12-17 14:43:58 -08:00
Justin McCarthy
24ff9dd762 automated asset refresh (via Makefile) 2018-12-17 14:43:50 -08:00
Justin McCarthy
5c160d1ec5 increment patch for release (via Makefile) 2018-12-17 14:43:31 -08:00
Justin McCarthy
f3088bfe28 update authors 2018-12-17 14:43:00 -08:00
Kevin N. Murphy
aa57be25c9 fix markdown whitespace on heading (#59) 2018-12-17 14:41:37 -08:00
arambhashura
2cef618abb Minor correction. (#58) 
The word "is" was missing in the first sentence of Purpose and Scope.
 2018-12-17 14:41:27 -08:00
Justin McCarthy
e8a0ecd076 Jira fields were swapped 2018-12-17 14:41:09 -08:00
Andy Magnusson
1a3e2a2bf7 Merge branch 'master' of https://github.com/strongdm/comply 2018-12-06 10:39:15 -05:00
Andy Magnusson
7225741a46 Adding new templates to proper soc2 narratives location 2018-12-06 10:10:18 -05:00
Justin McCarthy
7105d2d4ef increment patch for release (via Makefile) 2018-11-08 22:10:44 -08:00
Justin McCarthy
e3fb66b0e4 automated asset refresh (via Makefile) 2018-11-08 22:10:37 -08:00
Justin McCarthy
1028521ea7 increment patch for release (via Makefile) 2018-11-08 21:57:00 -08:00
Justin McCarthy
b2c2bf3558 update authors 2018-11-08 21:56:23 -08:00
Matt Simerson
d44af2e1cd gitlab: search for the label name that issues have (#57) 
* gitlab: search for the label name that issues have

comply creates tags with "comply-" prefix, so search for that

* fix issue counters by using correct label name
 2018-11-08 21:53:17 -08:00
Andy Magnusson
e2281b5fe3 Backporting new narrative content to Comply 2018-10-04 10:23:24 -04:00
Justin McCarthy
d43aca58ba increment patch for release (via Makefile) 2018-08-29 15:50:07 -07:00
Justin McCarthy
9e4cd2cf1a automated asset refresh (via Makefile) 2018-08-29 15:49:56 -07:00
Justin McCarthy
3711e0054d fmt 2018-08-29 15:48:07 -07:00
Justin McCarthy
2e9f6cf270 getGitApprovalInfo early exit if approvedBranch unspecified. 
go fmt.
 2018-08-29 15:47:02 -07:00
Justin McCarthy
c5868fa544 update authors 2018-08-29 15:45:27 -07:00
Alan Cox
274986ad9c Optionally, authorship and approval information appended to policies (#54) 2018-08-29 15:39:50 -07:00
Alan Cox
bcc9b06ac4 Specifying Jira Issuetype in config.yaml (#53) 
* Jira integration documentation improved. Added ability to specify what type of issue to create in Jira

* Apparently, Go doesn't like http/https in front of package name in
 2018-08-29 15:17:00 -07:00
Justin McCarthy
8f3d668789 incorrect ticket label 2018-08-17 13:32:35 -07:00
Andy Magnusson
358ac431a6 Retitled CC2.1, CC2.2, CC2.3 2018-08-16 13:40:29 -04:00
Justin McCarthy
365e98222b increment patch for release (via Makefile) 2018-07-23 11:57:14 -07:00
Justin McCarthy
84589a83f4 automated asset refresh (via Makefile) 2018-07-23 11:57:06 -07:00
Justin McCarthy
b329107079 reverting cd89840164 2018-07-23 11:56:44 -07:00
Justin McCarthy
3f5d9b4409 increment minor for release (via Makefile) 2018-07-20 17:55:58 -07:00
Justin McCarthy
3df822206e automated asset refresh (via Makefile) 2018-07-20 17:55:51 -07:00
Justin McCarthy
007cf3dd3c dep ensure 2018-07-20 17:55:27 -07:00
Justin McCarthy
97989c5cf6 Merge branch 'master' of github.com:strongdm/comply 2018-07-20 17:45:33 -07:00
Mason Hensley
ce5c4c3a4a Add gitlab issue integration (#51) 
* Add gitlab issue integration

* Clean up gitlab issue integration
 2018-07-20 17:45:20 -07:00
Justin Bodeutsch
cd89840164 Fixed date on generated PDFs (#52) 
* Percent signs need to be escaped in Printf

* Update usage of ModifiedAt to fix date stamp on generated PDFs
 2018-07-20 17:45:07 -07:00
Justin McCarthy
e60d7285f4 more precise cross-platform dependency checking 2018-07-20 17:44:28 -07:00
Justin McCarthy
c99d800397 use filepath join to open index html 2018-07-20 17:08:09 -07:00
Justin McCarthy
0f1badca5b prepare Makefile for introduction of Windows binary 2018-07-05 17:26:29 -07:00
Justin McCarthy
00b59ed620 update to reflect contributions 2018-07-02 17:12:00 -07:00
Justin Bodeutsch
749017761d Percent signs need to be escaped in Printf (#49) 2018-07-02 17:10:00 -07:00
Justin McCarthy
f502225cde increment patch for release (via Makefile) 2018-06-25 17:50:51 -07:00
Justin McCarthy
6cf6f70296 automated asset refresh (via Makefile) 2018-06-25 17:50:42 -07:00
Justin McCarthy
3494bdce7b prep version notification and release channel structure 2018-06-25 17:50:07 -07:00
Justin McCarthy
924dd25744 increment patch for release (via Makefile) 2018-06-15 16:51:26 -07:00
Justin McCarthy
02d3b75731 automated asset refresh (via Makefile) 2018-06-15 16:51:17 -07:00
Justin McCarthy
4a314c62d1 pandoc 2 args; validate presence of PDF after calling docker pandoc. 2018-06-15 16:00:37 -07:00
Anthony Oliver
f2ef58e7bd Added package for missing fonts, otherwise updated pandoc 2 with pandoc -f markdown+smart doesn't work and throws a mktextfm ecrm1000 error (#46) 2018-06-15 11:49:45 -07:00
Justin McCarthy
fc1a1d9abc brew goal should not compile assets, which depends on go get 2018-06-09 22:27:49 -07:00
Justin McCarthy
65dddc4332 increment patch for release (via Makefile) 2018-06-07 22:24:17 -07:00
Justin McCarthy
eecfe49fbd automated asset refresh (via Makefile) 2018-06-07 22:24:09 -07:00
Justin McCarthy
44931ca808 fixes #45 2018-06-07 22:23:51 -07:00
Justin McCarthy
06b8a2fe44 increment patch for release (via Makefile) 2018-06-04 16:16:45 -07:00
Justin McCarthy
2d088cdf45 automated asset refresh (via Makefile) 2018-06-04 16:16:37 -07:00
Justin McCarthy
fb60f405ba Feature/jira (#43) 
* automated asset refresh (via Makefile)

* increment patch for release (via Makefile)
 2018-06-04 16:14:06 -07:00
Justin McCarthy
3c696e6d01 Merge pull request #41 from strongdm/feature/jira 
Initial Jira implementation
 2018-06-01 17:37:41 -07:00
1133 changed files with 182552 additions and 85046 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -2,3 +2,4 @@ comply
output
dist
.envrc
bindata.go

10
AUTHORS.txt
View File

@@ -1,4 +1,12 @@
# Authors in alphabetical order:
arambhashura
Alan Cox
Andy Magnusson
Anthony Oliver
Justin Bodeutsch
Justin McCarthy <justin@strongdm.com>
Manisha Singh <manisha@strongdm.com>
Kevin N. Murphy
Manisha Singh
Mason Hensley
Matt Simerson

21
Dockerfile Normal file
View File

@@ -0,0 +1,21 @@
FROM strongdm/pandoc:latest
# based on implementation by James Gregory <james@jagregory.com>
MAINTAINER Comply <comply@strongdm.com>
RUN apt-get update -y \
&& apt-get install -y curl
ARG COMPLY_VERSION
ENV COMPLY_VERSION ${COMPLY_VERSION:-1.4.0}
EXPOSE 4000/tcp
# install comply binary
RUN curl -J -L -o /tmp/comply.tgz https://github.com/strongdm/comply/releases/download/v${COMPLY_VERSION}/comply-v${COMPLY_VERSION}-linux-amd64.tgz \
&& tar -xzf /tmp/comply.tgz \
&& mv ./comply-v${COMPLY_VERSION}-linux-amd64 /usr/local/bin/comply
WORKDIR /source
ENTRYPOINT ["/bin/bash"]

283
Gopkg.lock generated
View File

@@ -1,283 +0,0 @@
# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
[[projects]]
name = "github.com/Microsoft/go-winio"
packages = ["."]
revision = "7da180ee92d8bd8bb8c37fc560e673e6557c392f"
version = "v0.4.7"
[[projects]]
name = "github.com/andygrunwald/go-jira"
packages = ["."]
revision = "5cfdb85cc91c6299f75b6504a1d0ec174c21be39"
version = "v1.3.0"
[[projects]]
branch = "master"
name = "github.com/chzyer/readline"
packages = ["."]
revision = "f6d7a1f6fbf35bbf9beb80dc63c56a29dcfb759f"
[[projects]]
name = "github.com/davecgh/go-spew"
packages = ["spew"]
revision = "346938d642f2ec3594ed81d874461961cd0faa76"
version = "v1.1.0"
[[projects]]
name = "github.com/docker/distribution"
packages = [
"digest",
"reference"
]
revision = "48294d928ced5dd9b378f7fd7c6f5da3ff3f2c89"
version = "v2.6.2"
[[projects]]
name = "github.com/docker/docker"
packages = [
"api/types",
"api/types/blkiodev",
"api/types/container",
"api/types/events",
"api/types/filters",
"api/types/mount",
"api/types/network",
"api/types/reference",
"api/types/registry",
"api/types/strslice",
"api/types/swarm",
"api/types/time",
"api/types/versions",
"api/types/volume",
"client",
"pkg/tlsconfig"
]
revision = "092cba3727bb9b4a2f0e922cd6c0f93ea270e363"
version = "v1.13.1"
[[projects]]
name = "github.com/docker/go-connections"
packages = [
"nat",
"sockets",
"tlsconfig"
]
revision = "3ede32e2033de7505e6500d6c868c2b9ed9f169d"
version = "v0.3.0"
[[projects]]
name = "github.com/docker/go-units"
packages = ["."]
revision = "0dadbb0345b35ec7ef35e228dabb8de89a65bf52"
version = "v0.3.2"
[[projects]]
name = "github.com/elazarl/go-bindata-assetfs"
packages = ["."]
revision = "30f82fa23fd844bd5bb1e5f216db87fd77b5eb43"
version = "v1.0.0"
[[projects]]
name = "github.com/fatih/color"
packages = ["."]
revision = "507f6050b8568533fb3f5504de8e5205fa62a114"
version = "v1.6.0"
[[projects]]
name = "github.com/fatih/structs"
packages = ["."]
revision = "a720dfa8df582c51dee1b36feabb906bde1588bd"
version = "v1.0"
[[projects]]
name = "github.com/fsnotify/fsnotify"
packages = ["."]
revision = "c2828203cd70a50dcccfb2761f8b1f8ceef9a8e9"
version = "v1.4.7"
[[projects]]
name = "github.com/gohugoio/hugo"
packages = ["watcher"]
revision = "f414966b942b5aad75565bee6c644782a07f0658"
version = "v0.37.1"
[[projects]]
name = "github.com/golang/protobuf"
packages = ["proto"]
revision = "925541529c1fa6821df4e44ce2723319eb2be768"
version = "v1.0.0"
[[projects]]
name = "github.com/google/go-github"
packages = ["github"]
revision = "e48060a28fac52d0f1cb758bc8b87c07bac4a87d"
version = "v15.0.0"
[[projects]]
branch = "master"
name = "github.com/google/go-querystring"
packages = ["query"]
revision = "53e6ce116135b80d037921a7fdd5138cf32d7a8a"
[[projects]]
name = "github.com/gorilla/websocket"
packages = ["."]
revision = "ea4d1f681babbce9545c9c5f3d5194a789c89f5b"
version = "v1.2.0"
[[projects]]
branch = "master"
name = "github.com/jcelliott/lumber"
packages = ["."]
revision = "dd349441af25132d146d7095c6693a15431fc9b1"
[[projects]]
branch = "master"
name = "github.com/juju/ansiterm"
packages = [
".",
"tabwriter"
]
revision = "720a0952cc2ac777afc295d9861263e2a4cf96a1"
[[projects]]
branch = "master"
name = "github.com/lunixbochs/vtclean"
packages = ["."]
revision = "d14193dfc626125c831501c1c42340b4248e1f5a"
[[projects]]
branch = "master"
name = "github.com/manifoldco/promptui"
packages = [
".",
"list",
"screenbuf"
]
revision = "c0c0d3afc6a03bcb5c1df10b70b862a650db9f9b"
[[projects]]
name = "github.com/mattn/go-colorable"
packages = ["."]
revision = "167de6bfdfba052fa6b2d3664c8f5272e23c9072"
version = "v0.0.9"
[[projects]]
name = "github.com/mattn/go-isatty"
packages = ["."]
revision = "0360b2af4f38e8d38c7fce2a9f4e702702d73a39"
version = "v0.0.3"
[[projects]]
name = "github.com/mattn/go-runewidth"
packages = ["."]
revision = "9e777a8366cce605130a531d2cd6363d07ad7317"
version = "v0.0.2"
[[projects]]
branch = "master"
name = "github.com/nanobox-io/golang-scribble"
packages = ["."]
revision = "ced58d671850da57ce8c11315424513b608083d7"
[[projects]]
branch = "master"
name = "github.com/olekukonko/tablewriter"
packages = ["."]
revision = "b8a9be070da40449e501c3c4730a889e42d87a9e"
[[projects]]
name = "github.com/pkg/errors"
packages = ["."]
revision = "645ef00459ed84a119197bfb8d8205042c6df63d"
version = "v0.8.0"
[[projects]]
name = "github.com/robfig/cron"
packages = ["."]
revision = "b024fc5ea0e34bc3f83d9941c8d60b0622bfaca4"
version = "v1"
[[projects]]
branch = "master"
name = "github.com/skratchdot/open-golang"
packages = ["open"]
revision = "75fb7ed4208cf72d323d7d02fd1a5964a7a9073c"
[[projects]]
name = "github.com/trivago/tgo"
packages = [
"tcontainer",
"treflect"
]
revision = "e4d1ddd28c17dd89ed26327cf69fded22060671b"
version = "v1.0.1"
[[projects]]
name = "github.com/urfave/cli"
packages = ["."]
revision = "cfb38830724cc34fedffe9a2a29fb54fa9169cd1"
version = "v1.20.0"
[[projects]]
name = "github.com/yosssi/ace"
packages = ["."]
revision = "ea038f4770b6746c3f8f84f14fa60d9fe1205b56"
version = "v0.0.5"
[[projects]]
branch = "master"
name = "golang.org/x/net"
packages = [
"context",
"context/ctxhttp",
"proxy"
]
revision = "d0aafc73d5cdc42264b0af071c261abac580695e"
[[projects]]
branch = "master"
name = "golang.org/x/oauth2"
packages = [
".",
"internal"
]
revision = "7af32f14d0a25aec7873e0683e8e48dcead159a8"
[[projects]]
branch = "master"
name = "golang.org/x/sys"
packages = [
"unix",
"windows"
]
revision = "dd2ff4accc098aceecb86b36eaa7829b2a17b1c9"
[[projects]]
name = "google.golang.org/appengine"
packages = [
"internal",
"internal/base",
"internal/datastore",
"internal/log",
"internal/remote_api",
"internal/urlfetch",
"urlfetch"
]
revision = "150dc57a1b433e64154302bdc40b6bb8aefa313a"
version = "v1.0.0"
[[projects]]
name = "gopkg.in/yaml.v2"
packages = ["."]
revision = "7f97868eec74b32b0982dd158a51a446d1da7eb5"
version = "v2.1.1"
[solve-meta]
analyzer-name = "dep"
analyzer-version = 1
inputs-digest = "b8eb855eeef730f7fcaabe3acceb26a99b7bce186d815c3f654d7a1cbce97f2a"
solver-name = "gps-cdcl"
solver-version = 1

30
Gopkg.toml
View File

@@ -1,30 +0,0 @@
# Gopkg.toml example
#
# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
# for detailed Gopkg.toml documentation.
#
# required = ["github.com/user/thing/cmd/thing"]
# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
#
# [[constraint]]
# name = "github.com/user/project"
# version = "1.0.0"
#
# [[constraint]]
# name = "github.com/user/project2"
# branch = "dev"
# source = "github.com/myfork/project2"
#
# [[override]]
# name = "github.com/x/y"
# version = "2.4.0"
#
# [prune]
# non-go = false
# go-tests = true
# unused-packages = true
[prune]
go-tests = true
unused-packages = true

39
Makefile
View File

@@ -3,10 +3,9 @@ GO_SOURCES := $(shell find . -name '*.go')
THEME_SOURCES := $(shell find themes)
assets: $(THEME_SOURCES)
@go get github.com/jteeuwen/go-bindata/...
@go get github.com/elazarl/go-bindata-assetfs/...
@go install github.com/elazarl/go-bindata-assetfs
go-bindata-assetfs -o bindata.go -pkg theme -prefix themes themes/...
go install -mod=vendor github.com/containous/go-bindata/go-bindata
go install -mod=vendor github.com/elazarl/go-bindata-assetfs/go-bindata-assetfs
go-bindata-assetfs -pkg theme -prefix themes themes/...
mv bindata.go internal/theme/themes_bindata.go
comply: assets $(GO_SOURCES)
@@ -19,12 +18,14 @@ dist: clean
$(eval LDFLAGS := -ldflags='-X "github.com/strongdm/comply/internal/cli.Version=$(VERSION)"')
mkdir dist
echo $(VERSION)
GOOS=darwin GOARCH=amd64 CGO_ENABLED=0 go build -gcflags=-trimpath=$(GOPATH) -asmflags=-trimpath=$(GOPATH) $(LDFLAGS) -o dist/comply-$(VERSION)-darwin-amd64 .
GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -gcflags=-trimpath=$(GOPATH) -asmflags=-trimpath=$(GOPATH) $(LDFLAGS) -o dist/comply-$(VERSION)-linux-amd64 .
GOOS=darwin GOARCH=amd64 CGO_ENABLED=0 go build -gcflags=-trimpath=$(GOPATH) -asmflags=-trimpath=$(GOPATH) -ldflags '-extldflags "-static"' $(LDFLAGS) -o dist/comply-$(VERSION)-darwin-amd64 .
GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -gcflags=-trimpath=$(GOPATH) -asmflags=-trimpath=$(GOPATH) -ldflags '-extldflags "-static"' $(LDFLAGS) -o dist/comply-$(VERSION)-linux-amd64 .
GOOS=windows GOARCH=amd64 CGO_ENABLED=0 go build -gcflags=-trimpath=$(GOPATH) -asmflags=-trimpath=$(GOPATH) -ldflags '-extldflags "-static"' $(LDFLAGS) -o dist/comply-$(VERSION)-windows-amd64.exe .
cd dist && tar -czvf comply-$(VERSION)-darwin-amd64.tgz comply-$(VERSION)-darwin-amd64
cd dist && tar -czvf comply-$(VERSION)-linux-amd64.tgz comply-$(VERSION)-linux-amd64
cd dist && zip comply-$(VERSION)-windows-amd64.zip comply-$(VERSION)-windows-amd64.exe
brew: clean assets $(GO_SOURCES)
brew: clean $(GO_SOURCES)
$(eval VERSION := $(shell cat version))
$(eval LDFLAGS := -ldflags='-X "github.com/strongdm/comply/internal/cli.Version=$(VERSION)"')
mkdir bin
@@ -38,7 +39,7 @@ clean:
install: assets $(GO_SOURCES)
go install github.com/strongdm/comply
push-assets: is-clean export-example assets
push-assets: is-clean assets
git commit -am "automated asset refresh (via Makefile)"
git push
@@ -50,16 +51,6 @@ else
@exit 1
endif
export-example:
cp example/narratives/* themes/comply-soc2/narratives
cp example/procedures/* themes/comply-soc2/procedures
cp example/policies/* themes/comply-soc2/policies
cp example/standards/* themes/comply-soc2/standards
cp example/templates/* themes/comply-soc2/templates
cp example/templates/* themes/comply-blank/templates
cp example/*.md themes/comply-soc2
cp example/*.md themes/comply-blank
docker:
cd build && docker build -t strongdm/pandoc .
docker push strongdm/pandoc
@@ -111,14 +102,18 @@ release: release-env dist release-deps
@echo "version $(VERSION) sha $(SHA)"
cd $$COMPLY_TAPDIR && ./update.sh $(VERSION) $(SHA)
patch-release: release-env push-assets patch release
patch-release: release-env patch release
$(eval VERSION := $(shell git describe --tags --always --dirty="-dev"))
curl -X POST --data-urlencode 'payload={"channel": "#release", "username": "release", "text": "comply $(VERSION) released", "icon_emoji": ":shipit:"}' https://hooks.slack.com/services/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
minor-release: release-env push-assets minor release
minor-release: release-env minor release
$(eval VERSION := $(shell git describe --tags --always --dirty="-dev"))
curl -X POST --data-urlencode 'payload={"channel": "#release", "username": "release", "text": "comply $(VERSION) released", "icon_emoji": ":shipit:"}' https://hooks.slack.com/services/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
docker-release:
docker build --build-arg COMPLY_VERSION=`cat VERSION` -t strongdm/comply .
docker push strongdm/comply
patch: clean gitsem
gitsem -m "increment patch for release (via Makefile)" patch
git push
@@ -132,7 +127,7 @@ minor: clean gitsem
release-deps: gitsem gh-release
gitsem:
go get -u github.com/Clever/gitsem
go install github.com/Clever/gitsem
gh-release:
go get -u github.com/aktau/github-release
go install github.com/aktau/github-release

59
README.md
View File

@@ -78,3 +78,62 @@ COMMANDS:
help, h Shows a list of commands or help for one command
```
## Running in Docker
Comply is currently only released for Linux and macOS, however from other operating systems it's possible to run using Docker:
```
# first pull the latest published docker image
$ docker pull strongdm/comply
# from an empty directory that will contain your comply project
$ docker run --rm -v "$PWD":/source -p 4000:4000 -it strongdm/comply
root@ec4544732298:/source# comply init
✗ Organization Name:
# serve content live from an established project
$ docker run --rm -v "$PWD":/source -p 4000:4000 -it strongdm/comply
root@ae4d499583fc:/source# comply serve
Serving content of output/ at http://127.0.0.1:4000 (ctrl-c to quit)
```
For Windows users, replace $PWD with the full path to your project directory
## Ticketing Integrations:
- Jira
- Github
- Gitlab
## Configuring Jira
When comply creates a ticket (through `proc`, for instance), it sets the following fields.
- assignee
- description
- issuetype
- labels
- project key
- reporter
- summary
Please make sure that the default *Create Screen* has all of those fields enabled. Additionally, make sure that there are no other required fields for the issue type you choose.
## Forking and local development
> Assumes installation of golang and configuration of GOPATH in .bash_profile, .zshrc, etc
> Inspiration: http://code.openark.org/blog/development/forking-golang-repositories-on-github-and-managing-the-import-path
```
$ go get github.com/strongdm/comply
$ cd $GOPATH/src/github.com/strongdm/comply ; go get ./...
$ make
$ cd example
$ mv comply.yml.example comply.yml
$ ../comply -h
$ ../comply sync
$ ../comply serve
#
$ make # recompile as needed with in $GOPATH/src/github.com/strongdm/comply
```

2
VERSION
View File

@@ -1 +1 @@
1.2.1
1.5.1

3
build/Dockerfile
View File

@@ -8,6 +8,7 @@ RUN apt-get update -y \
&& apt-get install -y -o Acquire::Retries=10 --no-install-recommends \
texlive-latex-base \
texlive-xetex \
texlive-fonts-recommended \
latex-xcolor \
texlive-latex-extra \
fontconfig \
@@ -25,4 +26,4 @@ WORKDIR /source
ENTRYPOINT ["/root/.cabal/bin/pandoc"]
CMD ["--help"]
CMD ["--help"]

26
example/comply.yml.example
View File

@@ -1,7 +1,31 @@
name: "Acme"
filePrefix: "Acme"
# The following setting is optional.
# If you set this (to, e.g. master), and you build the policies
# on that branch, then a section is appended to each policy that
# describes the approval. Text will look like:
#
# Last edit made by John Doe (jdoe@email.com) on Wed, 15 Aug 2018 12:45:28 -0400.
# Approved by Joan Smith (jsmith@email.com) on Wed, 15 Aug 2018 16:54:48 -0400 in commit abc123123.
#
# The change author gets credit for the edit.
# The person who committed or merged to the approval branch gets credit for approval.
approvedBranch: master
tickets:
github:
token: XXX
username: strongdm
repo: comply
repo: comply
# jira:
# username: xxxx # This is the username you log in to Jira's UI with. Probably your email address.
# password: xxxx # If you don't have a "managed account", use your password in this field. But if your organization
# # uses SAML or OAuth, or Jira's built-in multi-factor authentication, you need to use
# # an API token. Learn more here: https://confluence.atlassian.com/cloud/api-tokens-938839638.html
# project: comply
# url: https://yourjira
# taskType: Task # This must be an Issue, not a sub-task
# gitlab:
# domain: https://gitlab.example.com:443/ # or https://gitlab.com/
# token: token-here
# repo: full-slug/of-project

33
example/controls/README.md Normal file
View File

@@ -0,0 +1,33 @@
# Controls
Controls explicitly state a specific action that the organization will take to enforce a Policy goal.
## Format
```
name: Access Control Procedures
family: Access Control
identifier: AC-2
governingPolicy:
- policyName: Access Onboarding and Termination
policyID: SDM-AOTP
policyClause: 1.1
owner: Director, Security & Compliance
published: 2020-01-01
targets:
TSC 2017:
- CC6.1
- CC6.2
- CC6.3
NIST 800-53:
- AC-1
revisions:
- date: Sep 1 2020
comment: Initial documentation of control
---
1. Develop, document, and disseminate to all employees:
1. Organizational access control policy that:
1. Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
```

76
example/narratives/control.md
View File

@@ -17,6 +17,78 @@ majorRevisions:
# Control Environment Narrative
Here we narrate why our control environment satisfies the control keys listed in the YML block
The following provides a description of the control structure of {{.Name}}.
# Template Coming Soon
The intent of this description is to enumerate the logical, policy, and procedural controls that serve to monitor {{.Name}}'s application and data security. Changes uncovered by these procedures in the logical, policy, procedural, or customer environment are addressed by remediations specific to the noted change.
# Logical Controls
{{.Name}} employs several logical controls to protect confidential data and ensure normal operation of its core product.
- Mandatory data encryption at rest and in motion
- Multi-factor authentication for access to cloud infrastructure
- Activity and anomaly monitoring on production systems
- Vulnerability management program
# Policy Controls
{{.Name}} employs several policy controls to protect confidential data and ensure normal operation of its core product. These policies include, but are not limited to:
- Access Control Policy
- Encryption Policy
- Office Security Policy
- Password Policy
- Policy Training Policy
- Vendor Policy
- Workstation Policy
# Procedural Controls
{{.Name}} has numerous scheduled procedures to monitor and tune the effectiveness of ongoing security controls, and a series of event-driven procedures to respond to security-related events.
TODO: Finalize these lists
## Scheduled Security and Audit Procedures
- Review Access [quarterly]
- Review Security Logs [weekly]
- Review Cyber Risk Assessment (enumerate possible compromise scenarios) [quarterly]
- Review Data Classification [quarterly]
- Backup Testing [quarterly]
- Disaster Recovery Testing [semi-annual]
- Review Devices & Workstations [quarterly]
- Review & Clear Low-Priority Alerts [weekly]
- Apply OS Patches [monthly]
- Verify Data Disposal per Retention Policy [quarterly]
- Conduct Security Training [annual]
- Review Security Monitoring and Alerting Configuration [quarterly]
- Penetration Test [annual]
- Whitebox Security Review [annual]
- SOC2 Audit [annual]
## Event-Driven Security and Audit Procedures
- Onboard Employee
- Offboard Employee
- Investigate Security Alert
- Investigate Security Incident
# Remediations
{{.Name}} uses the outcomes of the aforementioned controls and procedures to identify shortcomings in the existing control environment. Once identified, these shortcomes are remediated by improving existing controls and procedures, and creating new controls and procedures as needed.
# Communications
{{.Name}} communicates relevant information regarding the functioning of the above controls with internal and external parties on an as-needed basis and according to statutory requirements.
## Internal
{{.Name}} communicates control outcomes, anomalies, and remediations internally using the following channels:
- Slack
- Email
- Github ticketing
## External
{{.Name}} communicates relevant control-related information to external parties including shareholders, customers, contractors, regulators, and government entities as needed according to contractual and regulatory/statutory obligation.

37
example/narratives/products.md
View File

@@ -9,4 +9,39 @@ majorRevisions:
Here we describe the key products marketed by our organization
# Template Coming Soon
# Products
## Product 1
Overview of product 1
### Architecture
Brief architectural discussion of product 1
### Security Considerations
Specific security considerations for product 1. Refer to policies, procedures here.
# References
## Narratives
List relevant narratives, probably including
Organizational Narrative
Security Narrative
System Narrative
## Policies
List relevant policies, probably including
Application Security Policy
Datacenter Policy
Log Management Policy
Password Policy
Security Incident Response Policy
Risk Assessment Policy
## Procedures
List relevant procedures, probably including access review, patching, alert monitoring, log review, pen testing

97
example/narratives/security.md
View File

@@ -15,4 +15,99 @@ majorRevisions:
Here we narrate why our org satisfies the control keys listed in the YML block
# Template Coming Soon
# {{.Name}} Product Architecture
Describe product architecture here, emphasizing security implications
# {{.Name}} Infrastructure
## Product Infrastructure
Describe product infrastructure, emphasizing security measures
### Authorized Personnel
- **AWS root account** access is granted only to the CTO and CEO
- **AWS IAM** access is granted to to a limited group of **Operators**
- **{{.Name}} SSH** access is granted to a limited group of **Operators**
- **{{.Name}} DB** access is granted to a limited group of **Data Operators**
## IT Infrastructure
{{.Name}} uses the following cloud services for its internal infrastructure:
- List cloud services
Access to these cloud services is limited according to the role of the {{.Name}} employee and is reviewed quarterly as well as via regular onboarding/offboarding tasks for new and departing employees.
# {{.Name}} Workstations
{{.Name}} workstations are hardened against logical and physical attack by the following measures:
- operating system must be within one generation of current
- full-disk encryption
- onboard antivirus/antimalware software
- OS and AV automatically updated
Workstation compliance with these measures is evaluated on a quarterly basis.
## Remote Access
Many {{.Name}} employees work remotely on a regular basis and connect to production and internal IT systems via the same methods as those employees connecting from the {{.Name}} physical office, i.e., direct encrypted access to cloud services. It is the employee's responsibility to ensure that only authorized personnel use {{.Name}} resources and access {{.Name}} systems.
# Access Review
Access to {{.Name}} infrastructure, both internal and product, is reviewed quarterly and inactive users are removed. Any anomalies are reported to the security team for further investigation. When employees start or depart, an onboarding/offboarding procedure is followed to provision or deprovision appropriate account access.
# Penetration Testing
{{.Name}} commissions an external penetration test on an annual basis. All findings are immediately reviewed and addressed to the satisfaction of the CTO/CEO.
# {{.Name}} Physical Security
{{.Name}} has one physical location, in San Francisco, CA. Key issuance is tracked by the Office Physical Security Policy Ledger. Office keys are additionally held by the lessor, property management, and custodial staff. These keys are not tracked by the Office Physical Security Policy Ledger. {{.Name}} managers regularly review physical access privileges.
{{.Name}} infrastructure is located within AWS. {{.Name}} does not have physical access to AWS infrastructure.
# Risk Assessment
{{.Name}} updates its Cyber Risk Assessment on an annual basis in order to keep pace with the evolving threat landscape. The following is an inventory of adversarial and non-adversarial threats assessed to be of importance to {{.Name}}.
## Adversarial Threats
The following represents the inventory of adversarial threats:
|Threat|Source|Vector|Target|Likelihood|Severity|
|----------------------------+--------------+------------+-----------------+----------+------|
| | | | | | |
## Non-Adversarial Threats
The following represents the inventory of non-adversarial threats:
|Threat|Vector|Target|Likelihood|Severity|
|----------------------------+--------------+-------------+----------+------|
| | | | | |
# References
## Narratives
Products and Services Narrative
System Architecture Narrative
## Policies
Encryption Policy
Log Management Policy
Office Security Policy
Remote Access Policy
Security Incident Response Policy
Workstation Policy
## Procedures
Apply OS Patches
Review & Clear Low-Priority Alerts
Review Access
Review Devices & Workstations

3
example/policies/disaster.md
View File

@@ -8,7 +8,8 @@ majorRevisions:
- date: Jun 1 2018
comment: Initial document
---
#Purpose and Scope
# Purpose and Scope
a. The purpose of this policy is to define the organizations procedures to recover Information Technology (IT) infrastructure and IT services within set deadlines in the case of a disaster or other disruptive incident. The objective of this plan is to complete the recovery of IT infrastructure and IT services within a set Recovery Time Objective (RTO).

22
example/templates/index.ace
View File

@@ -66,7 +66,7 @@ html lang=en
a onclick="javascript:show('procedures')" Procedures
li.top-nav.standards
strong
a onclick="javascript:show('standards')" Standards
a onclick="javascript:show('frameworks')" Frameworks
/ li.top-nav.evidence
/ a onclick="javascript:show('evidence')" Evidence Vault
#overview.section.top-nav.container.content
@@ -76,17 +76,17 @@ html lang=en
.columns.is-vcentered
.column.is-one-third
div
p.subtitle.is-3.has-text-centered Control Tracking
p.subtitle.is-3.has-text-centered CriterionTracking
.column.has-text-centered
div
p.heading Satisfied Controls
p.heading Satisfied Criteria
p.title
{{.Stats.ControlsSatisfied}}
{{.Stats.CriteriaSatisfied}}
.column.has-text-centered
div
p.heading Total Controls
p.title
{{.Stats.ControlsTotal}}
{{.Stats.CriteriaTotal}}
.columns.is-vcentered
.column.is-one-third
div
@@ -191,19 +191,19 @@ html lang=en
blockquote
h3
p
strong Standards
| specify the controls satisfied by the compliance program.
strong Frameworks
| specify the Framework Criteria satisfied by the compliance program.
table.table.is-size-4.is-fullwidth
thead
tr
th Control Key
th CriterionKey
th Name
th Satisfied?
th Satisfied By
tbody
{{range .Controls }}
{{range .Criteria}}
tr
td {{.ControlKey}}
td {{.criteriaKey}}
td
strong {{.Name}}
.subtitle {{.Description}}
@@ -234,4 +234,4 @@ html lang=en
show(destination)
}
}
}
}

50
go.mod Normal file
View File

@@ -0,0 +1,50 @@
module github.com/strongdm/comply
go 1.12
require (
github.com/Clever/gitsem v1.0.4
github.com/Microsoft/go-winio v0.4.14 // indirect
github.com/aktau/github-release v0.8.1
github.com/andygrunwald/go-jira v1.12.0
github.com/containous/go-bindata v1.0.0
github.com/davecgh/go-spew v1.1.1
github.com/docker/distribution v2.7.1+incompatible // indirect
github.com/docker/docker v1.13.1
github.com/docker/go-connections v0.4.0 // indirect
github.com/docker/go-units v0.4.0 // indirect
github.com/elazarl/go-bindata-assetfs v1.0.1
github.com/fatih/color v1.9.0
github.com/fatih/structs v1.1.0 // indirect
github.com/github-release/github-release v0.8.1 // indirect
github.com/gohugoio/hugo v0.75.0
github.com/google/go-github v17.0.0+incompatible
github.com/gorilla/websocket v1.4.2
github.com/hashicorp/go-retryablehttp v0.6.7 // indirect
github.com/inconshreveable/log15 v0.0.0-20200109203555-b30bc20e4fd1 // indirect
github.com/jcelliott/lumber v0.0.0-20160324203708-dd349441af25 // indirect
github.com/kevinburke/rest v0.0.0-20200429221318-0d2892b400f8 // indirect
github.com/lunixbochs/vtclean v1.0.0 // indirect
github.com/manifoldco/promptui v0.7.0
github.com/mattn/go-colorable v0.1.7 // indirect
github.com/mattn/go-runewidth v0.0.9 // indirect
github.com/nanobox-io/golang-scribble v0.0.0-20190309225732-aa3e7c118975
github.com/olekukonko/tablewriter v0.0.4
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/pkg/errors v0.9.1
github.com/robfig/cron v1.2.0
github.com/russross/blackfriday/v2 v2.0.1
github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80 // indirect
github.com/trivago/tgo v1.0.7 // indirect
github.com/urfave/cli v1.22.4
github.com/voxelbrain/goptions v0.0.0-20180630082107-58cddc247ea2 // indirect
github.com/xanzy/go-gitlab v0.30.1
github.com/yosssi/ace v0.0.5
golang.org/x/net v0.0.0-20200904194848-62affa334b73 // indirect
golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43
golang.org/x/sys v0.0.0-20200909081042-eff7692f9009 // indirect
golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e // indirect
gopkg.in/blang/semver.v1 v1.1.0 // indirect
gopkg.in/yaml.v2 v2.3.0
)

852
go.sum Normal file
View File

File diff suppressed because it is too large Load Diff

171
internal/cli/app.go
View File

@@ -6,6 +6,8 @@ import (
"io"
"io/ioutil"
"log"
"math/rand"
"net/http"
"os"
"os/exec"
"path/filepath"
@@ -13,11 +15,14 @@ import (
"strconv"
"strings"
"time"
"unicode"
"unicode/utf8"
"github.com/docker/docker/api/types"
"github.com/docker/docker/client"
"github.com/pkg/errors"
"github.com/strongdm/comply/internal/config"
"github.com/strongdm/comply/internal/gitlab"
"github.com/strongdm/comply/internal/jira"
"github.com/strongdm/comply/internal/plugin/github"
"github.com/urfave/cli"
@@ -44,19 +49,20 @@ func newApp() *cli.App {
app.Usage = "policy compliance toolkit"
app.Commands = []cli.Command{
initCommand,
beforeCommand(initCommand, notifyVersion),
}
app.Commands = append(app.Commands, beforeCommand(buildCommand, projectMustExist))
app.Commands = append(app.Commands, beforeCommand(procedureCommand, projectMustExist))
app.Commands = append(app.Commands, beforeCommand(schedulerCommand, projectMustExist))
app.Commands = append(app.Commands, beforeCommand(serveCommand, projectMustExist))
app.Commands = append(app.Commands, beforeCommand(syncCommand, projectMustExist))
app.Commands = append(app.Commands, beforeCommand(todoCommand, projectMustExist))
app.Commands = append(app.Commands, beforeCommand(buildCommand, projectMustExist, notifyVersion))
app.Commands = append(app.Commands, beforeCommand(procedureCommand, projectMustExist, notifyVersion))
app.Commands = append(app.Commands, beforeCommand(schedulerCommand, projectMustExist, notifyVersion))
app.Commands = append(app.Commands, beforeCommand(serveCommand, projectMustExist, notifyVersion))
app.Commands = append(app.Commands, beforeCommand(syncCommand, projectMustExist, notifyVersion))
app.Commands = append(app.Commands, beforeCommand(todoCommand, projectMustExist, notifyVersion))
// Plugins
github.Register()
jira.Register()
gitlab.Register()
return app
}
@@ -101,15 +107,60 @@ func ticketingMustBeConfigured(c *cli.Context) error {
return nil
}
func pandocMustExist(c *cli.Context) error {
eitherMustExistErr := fmt.Errorf("Please install either Docker or the pandoc package and re-run `%s`", c.Command.Name)
// notifyVersion asynchronously notifies the availability of version updates
func notifyVersion(c *cli.Context) error {
go func() {
defer func() {
recover() // suppress panic
}()
pandocExistErr := pandocBinaryMustExist(c)
dockerExistErr := dockerMustExist(c)
r, err := http.Get("http://comply-releases.s3.amazonaws.com/channel/stable/VERSION")
body, err := ioutil.ReadAll(r.Body)
if err != nil {
// fail silently
}
version := strings.TrimSpace(string(body))
// only when numeric versions are present
firstRune, _ := utf8.DecodeRuneInString(string(body))
if unicode.IsDigit(firstRune) && version != Version {
// only once every ~10 times
if rand.Intn(10) == 0 {
fmt.Fprintf(os.Stderr, "a new version of comply is available")
}
}
}()
return nil
}
func pandocMustExist(c *cli.Context) error {
eitherMustExistErr := fmt.Errorf("\n\nPlease install either Docker or the pandoc package and re-run `%s`. Find OS-specific pandoc installation instructions at: [TODO]", c.Command.Name)
pandocExistErr, found, goodVersion, pdfLatex := pandocBinaryMustExist(c)
dockerExistErr, inPath, isRunning := dockerMustExist(c)
config.SetPandoc(pandocExistErr == nil, dockerExistErr == nil)
check := func(b bool) string {
if b {
return "✔"
} else {
return "✖"
}
}
if pandocExistErr != nil && dockerExistErr != nil {
fmt.Printf(`
[%s] pandoc binary installed and in PATH
[%s] pandoc version compatible
[%s] pdflatex binary installed and in PATH
[%s] docker binary installed
[%s] docker running
`, check(found), check(goodVersion), check(pdfLatex), check(inPath), check(isRunning))
return eitherMustExistErr
}
@@ -121,67 +172,89 @@ func pandocMustExist(c *cli.Context) error {
return nil
}
func pandocBinaryMustExist(c *cli.Context) error {
func pandocBinaryMustExist(c *cli.Context) (e error, found, goodVersion, pdfLatex bool) {
cmd := exec.Command("pandoc", "-v")
outputRaw, err := cmd.Output()
e = nil
found = false
goodVersion = false
pdfLatex = false
if err != nil {
return errors.Wrap(err, "error calling pandoc")
}
output := strings.TrimSpace((string(outputRaw)))
versionErr := errors.New("cannot determine pandoc version")
if !strings.HasPrefix(output, "pandoc") {
return versionErr
}
re := regexp.MustCompile(`pandoc (\d+)\.(\d+)`)
result := re.FindStringSubmatch(output)
if len(result) != 3 {
return versionErr
}
major, err := strconv.Atoi(result[1])
if err != nil {
return versionErr
}
minor, err := strconv.Atoi(result[2])
if err != nil {
return versionErr
}
if major < 2 || minor < 1 {
return errors.New("pandoc 2.1 or greater required")
e = errors.Wrap(err, "error calling pandoc")
} else {
found = true
goodVersion = true
output := strings.TrimSpace((string(outputRaw)))
versionErr := errors.New("cannot determine pandoc version")
if !strings.HasPrefix(output, "pandoc") {
e = versionErr
goodVersion = false
} else {
re := regexp.MustCompile(`pandoc (\d+)\.(\d+)`)
result := re.FindStringSubmatch(output)
if len(result) != 3 {
e = versionErr
goodVersion = false
} else {
major, err := strconv.Atoi(result[1])
if err != nil {
e = versionErr
goodVersion = false
}
minor, err := strconv.Atoi(result[2])
if err != nil {
e = versionErr
goodVersion = false
}
if major < 2 || minor < 1 {
e = errors.New("pandoc 2.1 or greater required")
goodVersion = false
}
}
}
}
// pdflatex must also be present
cmd = exec.Command("pdflatex", "-v")
cmd = exec.Command("pdflatex", "--version")
outputRaw, err = cmd.Output()
if err != nil {
return errors.Wrap(err, "error calling pdflatex")
e = errors.Wrap(err, "error calling pdflatex")
} else if !strings.Contains(string(outputRaw), "TeX") {
e = errors.New("pdflatex is required")
} else {
pdfLatex = true
}
if !strings.Contains(string(outputRaw), "TeX") {
return errors.New("pdflatex is required")
}
return nil
return e, found, goodVersion, pdfLatex
}
func dockerMustExist(c *cli.Context) error {
func dockerMustExist(c *cli.Context) (e error, inPath, isRunning bool) {
dockerErr := fmt.Errorf("Docker must be available in order to run `%s`", c.Command.Name)
inPath = true
cmd := exec.Command("docker", "--version")
_, err := cmd.Output()
if err != nil {
inPath = false
}
isRunning = true
ctx := context.Background()
cli, err := client.NewEnvClient()
if err != nil {
return dockerErr
isRunning = false
return dockerErr, inPath, isRunning
}
_, err = cli.Ping(ctx)
if err != nil {
return dockerErr
isRunning = false
return dockerErr, inPath, isRunning
}
return nil
return nil, inPath, isRunning
}
func dockerPull(c *cli.Context) error {

4
internal/cli/init.go
View File

@@ -100,7 +100,7 @@ func initAction(c *cli.Context) error {
chooser = promptui.Select{
Label: "Ticket System",
Items: []string{"GitHub", "Jira", "None"},
Items: []string{"GitHub", "Jira", "GitLab", "None"},
}
choice, _, err = chooser.Run()
@@ -117,6 +117,8 @@ func initAction(c *cli.Context) error {
ticketing = model.GitHub
case 1:
ticketing = model.Jira
case 2:
ticketing = model.GitLab
default:
ticketing = model.NoTickets
}

2
internal/cli/procedure.go
View File

@@ -14,7 +14,7 @@ var procedureCommand = cli.Command{
Usage: "create ticket by procedure ID",
ArgsUsage: "procedureID",
Action: procedureAction,
Before: projectMustExist,
Before: beforeAll(projectMustExist, ticketingMustBeConfigured),
}
func procedureAction(c *cli.Context) error {

11
internal/cli/serve.go
View File

@@ -7,8 +7,15 @@ import (
)
var serveCommand = cli.Command{
Name: "serve",
Usage: "live updating version of the build command",
Name: "serve",
Usage: "live updating version of the build command",
Flags: []cli.Flag{
cli.IntFlag{
Name: "port",
Value: 4000,
Destination: &render.ServePort,
},
},
Action: serveAction,
Before: beforeAll(pandocMustExist, cleanContainers),
}

26
internal/cli/todo.go
View File

@@ -12,7 +12,7 @@ import (
var todoCommand = cli.Command{
Name: "todo",
Usage: "list declared vs satisfied compliance controls",
Usage: "list declared vs satisfied compliance criteria",
Action: todoAction,
Before: projectMustExist,
}
@@ -24,42 +24,42 @@ func todoAction(c *cli.Context) error {
}
w := tablewriter.NewWriter(os.Stdout)
w.SetHeader([]string{"Standard", "Control", "Satisfied?", "Name"})
w.SetHeader([]string{"Framework", "Criterion", "Satisfied?", "Name"})
type row struct {
standard string
controlKey string
framework string
criterionKey string
satisfied string
controlName string
criterionName string
}
satisfied := model.ControlsSatisfied(d)
satisfied := model.CriteriaSatisfied(d)
var rows []row
for _, std := range d.Standards {
for id, c := range std.Controls {
for _, std := range d.Frameworks {
for id, c := range std.Criteria{
sat := "NO"
if _, ok := satisfied[id]; ok {
sat = color.GreenString("YES")
}
rows = append(rows, row{
standard: std.Name,
controlKey: id,
framework: std.Name,
criterionKey: id,
satisfied: sat,
controlName: c.Name,
criterionName: c.Name,
})
}
}
sort.Slice(rows, func(i, j int) bool {
return rows[i].controlKey < rows[j].controlKey
return rows[i].criterionKey < rows[j].criterionKey
})
w.SetAutoWrapText(false)
for _, r := range rows {
w.Append([]string{r.standard, r.controlKey, r.satisfied, r.controlName})
w.Append([]string{r.framework, r.criterionKey, r.satisfied, r.criterionName})
}
w.Render()

12
internal/config/config.go
View File

@@ -16,6 +16,7 @@ var dockerAvailable, pandocAvailable bool
const (
Jira = "jira"
GitHub = "github"
GitLab = "gitlab"
NoTickets = "none"
)
@@ -32,10 +33,11 @@ func SetProjectRoot(dir string) {
}
type Project struct {
Name string `yaml:"name"`
Pandoc string `yaml:"pandoc,omitempty"`
FilePrefix string `yaml:"filePrefix"`
Tickets map[string]interface{} `yaml:"tickets"`
Name string `yaml:"name"`
Pandoc string `yaml:"pandoc,omitempty"`
FilePrefix string `yaml:"filePrefix"`
Tickets map[string]interface{} `yaml:"tickets"`
ApprovedBranch string `yaml:"approvedBranch"`
}
// SetPandoc records pandoc availability during initialization
@@ -115,6 +117,8 @@ func (p *Project) TicketSystem() (string, error) {
return GitHub, nil
case Jira:
return Jira, nil
case GitLab:
return GitLab, nil
case NoTickets:
return NoTickets, nil
default:

218
internal/gitlab/gitlab.go Normal file
View File

@@ -0,0 +1,218 @@
package gitlab
import (
"fmt"
"strconv"
"sync"
"github.com/pkg/errors"
"github.com/strongdm/comply/internal/model"
"github.com/xanzy/go-gitlab"
)
const (
cfgDomain = "domain"
cfgToken = "token"
cfgRepo = "repo"
)
var prompts = map[string]string{
cfgDomain: "Fully Qualified GitLab Domain",
cfgToken: "GitLab Token",
cfgRepo: "GitLab Repository",
}
// Prompts are human-readable configuration element names
func (g *gitlabPlugin) Prompts() map[string]string {
return prompts
}
// Register causes the Github plugin to register itself
func Register() {
model.Register(model.GitLab, &gitlabPlugin{})
}
type gitlabPlugin struct {
domain string
token string
reponame string
clientMu sync.Mutex
client *gitlab.Client
}
func (g *gitlabPlugin) api() *gitlab.Client {
g.clientMu.Lock()
defer g.clientMu.Unlock()
if g.client == nil {
// get go-gitlab client
gl := gitlab.NewClient(nil, g.token)
gl.SetBaseURL(g.domain)
g.client = gl
}
return g.client
}
func (g *gitlabPlugin) Get(ID string) (*model.Ticket, error) {
return nil, nil
}
func (g *gitlabPlugin) Configured() bool {
return g.reponame != "" && g.token != ""
}
func (g *gitlabPlugin) Links() model.TicketLinks {
links := model.TicketLinks{}
links.AuditAll = fmt.Sprintf("%s/%s/issues?scope=all&utf8=✓&state=all&label_name[]=comply-audit", g.domain, g.reponame)
links.AuditOpen = fmt.Sprintf("%s/%s/issues?scope=all&utf8=✓&state=opened&label_name[]=comply-audit", g.domain, g.reponame)
links.ProcedureAll = fmt.Sprintf("%s/%s/issues?scope=all&utf8=✓&state=all&label_name[]=comply-procedure", g.domain, g.reponame)
links.ProcedureOpen = fmt.Sprintf("%s/%s/issues?scope=all&utf8=✓&state=opened&label_name[]=comply-procedure", g.domain, g.reponame)
return links
}
func (g *gitlabPlugin) Configure(cfg map[string]interface{}) error {
var err error
if g.domain, err = getCfg(cfg, cfgDomain); err != nil {
return err
}
if g.token, err = getCfg(cfg, cfgToken); err != nil {
return err
}
if g.reponame, err = getCfg(cfg, cfgRepo); err != nil {
return err
}
return nil
}
func getCfg(cfg map[string]interface{}, k string) (string, error) {
v, ok := cfg[k]
if !ok {
return "", errors.New("Missing key: " + k)
}
vS, ok := v.(string)
if !ok {
return "", errors.New("Malformatted key: " + k)
}
return vS, nil
}
func getProjectIssues(g *gitlabPlugin, options *gitlab.ListProjectIssuesOptions) ([]*gitlab.Issue, error) {
issues := []*gitlab.Issue{}
options.Page = 1
for {
pageIssues, resp, err := g.api().Issues.ListProjectIssues(g.reponame, options)
if err != nil {
return nil, errors.Wrap(err, "error retreiving issues from gitlab")
}
issues = append(issues, pageIssues...)
if resp.CurrentPage >= resp.TotalPages {
break
}
options.Page = resp.NextPage
}
return issues, nil
}
func (g *gitlabPlugin) FindOpen() ([]*model.Ticket, error) {
options := &gitlab.ListProjectIssuesOptions{
State: gitlab.String("opened"),
}
issues, err := getProjectIssues(g, options)
if err != nil {
return nil, errors.Wrap(err, "error during FindOpen")
}
return toTickets(issues), nil
}
func (g *gitlabPlugin) FindByTag(name, value string) ([]*model.Ticket, error) {
panic("not implemented")
}
func (g *gitlabPlugin) FindByTagName(name string) ([]*model.Ticket, error) {
options := &gitlab.ListProjectIssuesOptions{
State: gitlab.String("all"),
Labels: []string{name},
}
issues, err := getProjectIssues(g, options)
if err != nil {
return nil, errors.Wrap(err, "error during FindByTagName")
}
return toTickets(issues), nil
}
func (g *gitlabPlugin) LinkFor(t *model.Ticket) string {
panic("not implemented")
}
func (g *gitlabPlugin) Create(ticket *model.Ticket, labels []string) error {
l := gitlab.Labels(labels)
options := &gitlab.CreateIssueOptions{
Title: gitlab.String(ticket.Name),
Description: gitlab.String(ticket.Body),
Labels: &l,
}
_, _, err := g.api().Issues.CreateIssue(g.reponame, options)
return err
}
func toTickets(issues []*gitlab.Issue) []*model.Ticket {
var tickets []*model.Ticket
for _, i := range issues {
tickets = append(tickets, toTicket(i))
}
return tickets
}
func toTicket(i *gitlab.Issue) *model.Ticket {
t := &model.Ticket{Attributes: make(map[string]interface{})}
t.ID = strconv.Itoa(i.ID)
t.Name = i.Title
t.Body = i.Description
t.CreatedAt = i.CreatedAt
t.State = toState(i.State)
for _, l := range i.Labels {
if l == "audit" {
t.SetBool("comply-audit")
}
if l == "procedure" {
t.SetBool("comply-procedure")
}
// seems redundant, but fixes a bug the other two labels introduce
// whereby open comply tickets aren't properly accounted for in the UI
if l == "comply-audit" {
t.SetBool("comply-audit")
}
if l == "comply-procedure" {
t.SetBool("comply-procedure")
}
}
return t
}
func toState(state string) model.TicketState {
switch state {
case "closed":
return model.Closed
}
return model.Open
}
func ss(s *string) string {
if s == nil {
return ""
}
return *s
}

9
internal/gitlab/gitlab_test.go Normal file
View File

@@ -0,0 +1,9 @@
package gitlab
import (
"testing"
)
func TestGitlab(t *testing.T) {
createOne()
}

14
internal/jira/jira.go
View File

@@ -16,6 +16,7 @@ const (
cfgPassword = "password"
cfgURL = "url"
cfgProject = "project"
cfgTaskType = "taskType"
)
var prompts = map[string]string{
@@ -23,6 +24,7 @@ var prompts = map[string]string{
cfgPassword: "Jira Password",
cfgURL: "Jira URL",
cfgProject: "Jira Project Code",
cfgTaskType: "Jira Task Type",
}
// Prompts are human-readable configuration element names
@@ -40,6 +42,7 @@ type jiraPlugin struct {
password string
url string
project string
taskType string
clientMu sync.Mutex
client *jira.Client
@@ -66,7 +69,7 @@ func (j *jiraPlugin) Get(ID string) (*model.Ticket, error) {
}
func (j *jiraPlugin) Configured() bool {
return j.username != "" && j.password != "" && j.url != "" && j.project != ""
return j.username != "" && j.password != "" && j.url != "" && j.project != "" && j.taskType != ""
}
func (j *jiraPlugin) Links() model.TicketLinks {
@@ -93,6 +96,9 @@ func (j *jiraPlugin) Configure(cfg map[string]interface{}) error {
if j.project, err = getCfg(cfg, cfgProject); err != nil {
return err
}
if j.taskType, err = getCfg(cfg, cfgTaskType); err != nil {
return err
}
return nil
}
@@ -134,7 +140,7 @@ func (j *jiraPlugin) Create(ticket *model.Ticket, labels []string) error {
i := jira.Issue{
Fields: &jira.IssueFields{
Type: jira.IssueType{
Name: "Task",
Name: j.taskType,
},
Project: jira.Project{
Key: j.project,
@@ -163,8 +169,8 @@ func toTickets(issues []jira.Issue) []*model.Ticket {
func toTicket(i *jira.Issue) *model.Ticket {
t := &model.Ticket{Attributes: make(map[string]interface{})}
t.ID = i.ID
t.Name = i.Fields.Description
t.Body = i.Fields.Summary
t.Name = i.Fields.Summary
t.Body = i.Fields.Description
createdAt := time.Time(i.Fields.Created)
t.CreatedAt = &createdAt
t.State = toState(i.Fields.Resolution)

24
internal/model/control.go Normal file
View File

@@ -0,0 +1,24 @@
package model
import (
"time"
"html/template"
)
type Control struct {
Name string `yaml:"name"`
ID string `yaml:"identifier"`
Family string `yaml:"family"`
Owner string `yaml:"owner"`
GoverningPolicy []Policy `yaml:"governingPolicy"`
Revisions []Revision `yaml:"revisions"`
Targets Target `yaml:"targets"`
Published string `yaml:"published"`
FullPath string
OutputFilename string
ModifiedAt time.Time
Body string
BodyHTML template.HTML
}

1
internal/model/document.go
View File

@@ -8,6 +8,7 @@ type Document struct {
Revisions []Revision `yaml:"majorRevisions"`
Satisfies Satisfaction `yaml:"satisfies"`
Targets Target `yaml:"targets"`
FullPath string
OutputFilename string
ModifiedAt time.Time

34
internal/model/standard.go → internal/model/framework.go
View File

@@ -1,18 +1,23 @@
package model
type Control struct {
type Criterion struct {
Family string `yaml:"family"`
Name string `yaml:"name"`
Description string `yaml:"description"`
Satisfied bool
SatisfiedBy []string
}
type Standard struct {
type Framework struct {
Name string `yaml:"name"`
Controls map[string]Control `yaml:",inline"`
Criteria map[string]Criterion `yaml:",inline"`
}
// ControlsSatisfied determines the unique controls currently satisfied by all Narratives, Policies, and Procedures
func ControlsSatisfied(data *Data) map[string][]string {
type Target map[string][]string
// CriteriaSatisfied determines the unique criteria currently satisfied by all Narratives, Policies, and Procedures
func CriteriaSatisfied(data *Data) map[string][]string {
satisfied := make(map[string][]string)
appendSatisfaction := func(in map[string][]string, k string, v string) []string {
@@ -25,22 +30,29 @@ func ControlsSatisfied(data *Data) map[string][]string {
}
for _, n := range data.Narratives {
for _, controlKeys := range n.Satisfies {
for _, key := range controlKeys {
for _, criteriaKeys := range n.Satisfies {
for _, key := range criteriaKeys {
satisfied[key] = appendSatisfaction(satisfied, key, n.OutputFilename)
}
}
}
for _, n := range data.Policies {
for _, controlKeys := range n.Satisfies {
for _, key := range controlKeys {
for _, criteriaKeys := range n.Satisfies {
for _, key := range criteriaKeys {
satisfied[key] = appendSatisfaction(satisfied, key, n.OutputFilename)
}
}
}
for _, n := range data.Controls {
for _, criteriaKeys := range n.Targets {
for _, key := range criteriaKeys {
satisfied[key] = appendSatisfaction(satisfied, key, n.OutputFilename)
}
}
}
for _, n := range data.Procedures {
for _, controlKeys := range n.Satisfies {
for _, key := range controlKeys {
for _, criteriaKeys := range n.Satisfies {
for _, key := range criteriaKeys {
satisfied[key] = appendSatisfaction(satisfied, key, n.OutputFilename)
}
}

48
internal/model/fs.go
View File

@@ -26,11 +26,15 @@ func ReadData() (*Data, error) {
if err != nil {
return nil, err
}
controls, err := ReadControls()
if err != nil {
return nil, err
}
procedures, err := ReadProcedures()
if err != nil {
return nil, err
}
standards, err := ReadStandards()
frameworks, err := ReadFrameworks()
if err != nil {
return nil, err
}
@@ -39,8 +43,9 @@ func ReadData() (*Data, error) {
Tickets: tickets,
Narratives: narratives,
Policies: policies,
Controls: controls,
Procedures: procedures,
Standards: standards,
Frameworks: frameworks,
}, nil
}
@@ -67,27 +72,27 @@ func tickets(rawTickets []string) ([]*Ticket, error) {
return tickets, nil
}
// ReadStandards loads standard definitions from the filesystem.
func ReadStandards() ([]*Standard, error) {
var standards []*Standard
// ReadFrameworks loads standard definitions from the filesystem.
func ReadFrameworks() ([]*Framework, error) {
var frameworks []*Framework
files, err := path.Standards()
files, err := path.Frameworks()
if err != nil {
return nil, errors.Wrap(err, "unable to enumerate paths")
}
for _, f := range files {
s := &Standard{}
s := &Framework{}
sBytes, err := ioutil.ReadFile(f.FullPath)
if err != nil {
return nil, errors.Wrap(err, "unable to read "+f.FullPath)
}
yaml.Unmarshal(sBytes, &s)
standards = append(standards, s)
frameworks = append(frameworks, s)
}
return standards, nil
return frameworks, nil
}
// ReadNarratives loads narrative descriptions from the filesystem.
@@ -166,6 +171,31 @@ func ReadPolicies() ([]*Document, error) {
return policies, nil
}
// ReadControls loads control documents from the filesystem
func ReadControls() ([]*Control, error) {
var controls []*Control
files, err := path.Controls()
if err != nil {
return nil, errors.Wrap(err, "unable to enumerate paths")
}
for _, f := range files {
c := &Control{}
mdmd := loadMDMD(f.FullPath)
err = yaml.Unmarshal([]byte(mdmd.yaml), &c)
if err != nil {
return nil, errors.Wrap(err, "unable to parse "+f.FullPath)
}
c.Body = mdmd.body
c.FullPath = f.FullPath
c.ModifiedAt = f.Info.ModTime()
c.OutputFilename = fmt.Sprintf("%s-%s.pdf", config.Config().FilePrefix, c.ID)
controls = append(controls, c)
}
return controls, nil
}
type metadataMarkdown struct {
yaml string
body string

13
internal/model/model.go
View File

@@ -1,12 +1,13 @@
package model
type Data struct {
Standards []*Standard
Narratives []*Document
Policies []*Document
Procedures []*Procedure
Tickets []*Ticket
Audits []*Audit
Frameworks []*Framework
Narratives []*Document
Policies []*Document
Controls []*Control
Procedures []*Procedure
Tickets []*Ticket
Audits []*Audit
}
type Revision struct {

44
internal/model/plugin.go
View File

@@ -20,6 +20,8 @@ const (
Jira = TicketSystem(config.Jira)
// GitHub from GitHub.
GitHub = TicketSystem(config.GitHub)
// GitLab from GitLab.
GitLab = TicketSystem(config.GitLab)
// NoTickets indicates no ticketing system integration.
NoTickets = TicketSystem(config.NoTickets)
)
@@ -50,6 +52,10 @@ func GetPlugin(ts TicketSystem) TicketPlugin {
tsPluginsMu.Lock()
defer tsPluginsMu.Unlock()
if ts == NoTickets {
return &noopTicketSystem{}
}
tp, ok := tsPlugins[ts]
if !ok {
panic("Unknown ticket system: " + ts)
@@ -81,7 +87,10 @@ func GetPlugin(ts TicketSystem) TicketPlugin {
}
cfgStringed[kS] = v
}
tp.Configure(cfgStringed)
err := tp.Configure(cfgStringed)
if err != nil {
panic(fmt.Sprintf("Configuration error `%s` in project YAML", err))
}
}
})
}
@@ -100,3 +109,36 @@ func Register(ts TicketSystem, plugin TicketPlugin) {
tsPlugins[ts] = plugin
}
type noopTicketSystem struct{}
func (*noopTicketSystem) Get(ID string) (*Ticket, error) {
return nil, nil
}
func (*noopTicketSystem) FindOpen() ([]*Ticket, error) {
return []*Ticket{}, nil
}
func (*noopTicketSystem) FindByTag(name, value string) ([]*Ticket, error) {
return []*Ticket{}, nil
}
func (*noopTicketSystem) FindByTagName(name string) ([]*Ticket, error) {
return []*Ticket{}, nil
}
func (*noopTicketSystem) Create(ticket *Ticket, labels []string) error {
return nil
}
func (*noopTicketSystem) Configure(map[string]interface{}) error {
return nil
}
func (*noopTicketSystem) Prompts() map[string]string {
return make(map[string]string)
}
func (*noopTicketSystem) Links() TicketLinks {
return TicketLinks{}
}
func (*noopTicketSystem) LinkFor(ticket *Ticket) string {
return ""
}
func (*noopTicketSystem) Configured() bool {
return false
}

7
internal/model/policy.go Normal file
View File

@@ -0,0 +1,7 @@
package model
type Policy struct {
Name string `yaml:"policyName"`
ID string `yaml:"policyID"`
Clause string `yaml:"policyClause"`
}

1
internal/model/procedure.go
View File

@@ -9,6 +9,7 @@ type Procedure struct {
Revisions []Revision `yaml:"majorRevisions"`
Satisfies Satisfaction `yaml:"satisfies"`
Targets Target `yaml:"targets"`
FullPath string
OutputFilename string
ModifiedAt time.Time

11
internal/path/path.go
View File

@@ -15,9 +15,9 @@ type File struct {
Info os.FileInfo
}
// Standards lists all standard files.
func Standards() ([]File, error) {
return filesFor("standards", "yml")
// Frameworks lists all standard files.
func Frameworks() ([]File, error) {
return filesFor("frameworks", "yaml")
}
// Narratives lists all narrative files.
@@ -30,6 +30,11 @@ func Policies() ([]File, error) {
return filesFor("policies", "md")
}
// Controls lists all control files.
func Controls() ([]File, error) {
return filesFor("controls", "md")
}
// Procedures lists all procedure files.
func Procedures() ([]File, error) {
return filesFor("procedures", "md")

15
internal/plugin/github/github.go
View File

@@ -3,7 +3,9 @@ package github
import (
"context"
"fmt"
"os"
"strconv"
"strings"
"sync"
"github.com/google/go-github/github"
@@ -69,10 +71,10 @@ func (g *githubPlugin) Configured() bool {
func (g *githubPlugin) Links() model.TicketLinks {
links := model.TicketLinks{}
links.AuditAll = fmt.Sprintf("https://github.com/%s/%s/issues?q=is%3Aissue+is%3Aopen+label%3Acomply+label%3Aaudit", g.username, g.reponame)
links.AuditOpen = fmt.Sprintf("https://github.com/%s/%s/issues?q=is%3Aissue+is%3Aopen+label%3Acomply+label%3Aaudit", g.username, g.reponame)
links.ProcedureAll = fmt.Sprintf("https://github.com/%s/%s/issues?q=is%3Aissue+label%3Acomply+label%3Aprocedure", g.username, g.reponame)
links.ProcedureOpen = fmt.Sprintf("https://github.com/%s/%s/issues?q=is%3Aissue+is%3Aopen+label%3Acomply+label%3Aprocedure", g.username, g.reponame)
links.AuditAll = fmt.Sprintf("https://github.com/%s/%s/issues?q=is%%3Aissue+is%%3Aopen+label%%3Acomply+label%%3Aaudit", g.username, g.reponame)
links.AuditOpen = fmt.Sprintf("https://github.com/%s/%s/issues?q=is%%3Aissue+is%%3Aopen+label%%3Acomply+label%%3Aaudit", g.username, g.reponame)
links.ProcedureAll = fmt.Sprintf("https://github.com/%s/%s/issues?q=is%%3Aissue+label%%3Acomply+label%%3Acomply-procedure", g.username, g.reponame)
links.ProcedureOpen = fmt.Sprintf("https://github.com/%s/%s/issues?q=is%%3Aissue+is%%3Aopen+label%%3Acomply+label%%3Acomply-procedure", g.username, g.reponame)
return links
}
@@ -95,7 +97,10 @@ func (g *githubPlugin) Configure(cfg map[string]interface{}) error {
func getCfg(cfg map[string]interface{}, k string) (string, error) {
v, ok := cfg[k]
if !ok {
return "", errors.New("Missing key: " + k)
v = os.Getenv(fmt.Sprintf("GITHUB_%s", strings.ToUpper(k)))
if v == "" {
return "", errors.New("Missing key: " + k)
}
}
vS, ok := v.(string)

80
internal/render/controller.go
View File

@@ -2,12 +2,14 @@ package render
import (
"fmt"
"sort"
"time"
"html/template"
"github.com/pkg/errors"
"github.com/strongdm/comply/internal/config"
"github.com/strongdm/comply/internal/model"
"github.com/russross/blackfriday/v2"
)
type project struct {
@@ -16,8 +18,10 @@ type project struct {
}
type stats struct {
ControlsTotal int
ControlsSatisfied int
ControlsTotal int
CriteriaTotal int
CriteriaSatisfied int
ProcedureTotal int
ProcedureOpen int
@@ -30,21 +34,21 @@ type stats struct {
type renderData struct {
// duplicates Project.OrganizationName
Name string
Project *project
Stats *stats
Narratives []*model.Document
Policies []*model.Document
Procedures []*model.Procedure
Standards []*model.Standard
Tickets []*model.Ticket
Controls []*control
Links *model.TicketLinks
Name string
Project *project
Stats *stats
Narratives []*model.Document
Policies []*model.Document
Controls []*model.Control
Procedures []*model.Procedure
Frameworks []*model.Framework
Tickets []*model.Ticket
Links *model.TicketLinks
}
type control struct {
Standard string
ControlKey string
type criterion struct {
Framework string
CriteriaKey string
Name string
Description string
Satisfied bool
@@ -63,36 +67,27 @@ func load() (*model.Data, *renderData, error) {
Name: fmt.Sprintf("%s Compliance Program", cfg.Name),
}
satisfied := model.ControlsSatisfied(modelData)
controls := make([]*control, 0)
for _, standard := range modelData.Standards {
for key, c := range standard.Controls {
satisfied := model.CriteriaSatisfied(modelData)
for _, framework := range modelData.Frameworks {
for key, c := range framework.Criteria{
satisfactions, ok := satisfied[key]
satisfied := ok && len(satisfactions) > 0
controls = append(controls, &control{
Standard: standard.Name,
ControlKey: key,
Name: c.Name,
Description: c.Description,
Satisfied: satisfied,
SatisfiedBy: satisfactions,
})
c.Satisfied = satisfied
c.SatisfiedBy = satisfactions
framework.Criteria[key] = c
}
}
sort.Slice(controls, func(i, j int) bool {
return controls[i].ControlKey < controls[j].ControlKey
})
rd := &renderData{}
rd.Narratives = modelData.Narratives
rd.Policies = modelData.Policies
rd.Controls = modelData.Controls
rd.Procedures = modelData.Procedures
rd.Standards = modelData.Standards
rd.Frameworks = modelData.Frameworks
rd.Tickets = modelData.Tickets
rd.Links = &model.TicketLinks{}
rd.Project = project
rd.Name = project.OrganizationName
rd.Controls = controls
ts, err := config.Config().TicketSystem()
if err != nil {
@@ -114,6 +109,12 @@ func loadWithStats() (*model.Data, *renderData, error) {
return nil, nil, err
}
// Convert the markdown body of each control to HTML
for _, n := range modelData.Controls {
b := []byte(n.Body)
n.BodyHTML = template.HTML(blackfriday.Run(b))
}
addStats(modelData, renderData)
return modelData, renderData, nil
}
@@ -121,13 +122,14 @@ func loadWithStats() (*model.Data, *renderData, error) {
func addStats(modelData *model.Data, renderData *renderData) {
stats := &stats{}
satisfied := model.ControlsSatisfied(modelData)
satisfied := model.CriteriaSatisfied(modelData)
stats.ControlsTotal += len(renderData.Controls)
for _, std := range renderData.Standards {
stats.ControlsTotal += len(std.Controls)
for controlKey := range std.Controls {
if _, ok := satisfied[controlKey]; ok {
stats.ControlsSatisfied++
for _, std := range renderData.Frameworks {
stats.CriteriaTotal += len(std.Criteria)
for criteriaKey := range std.Criteria{
if _, ok := satisfied[criteriaKey]; ok {
stats.CriteriaSatisfied++
}
}
}

46
internal/render/document.go
View File

@@ -11,6 +11,8 @@ import (
"text/template"
"time"
"os/exec"
"github.com/pkg/errors"
"github.com/strongdm/comply/internal/config"
"github.com/strongdm/comply/internal/model"
@@ -53,6 +55,40 @@ func renderToFilesystem(wg *sync.WaitGroup, errOutputCh chan error, data *render
}(doc)
}
func getGitApprovalInfo(pol *model.Document) (string, error) {
cfg := config.Config()
// if no approved branch specified in config.yaml, then nothing gets added to the document
if cfg.ApprovedBranch == "" {
return "", nil
}
// Decide whether we are on the git branch that contains the approved policies
gitBranchArgs := []string{"rev-parse", "--abbrev-ref", "HEAD"}
gitBranchCmd := exec.Command("git", gitBranchArgs...)
gitBranchInfo, err := gitBranchCmd.CombinedOutput()
if err != nil {
fmt.Println(string(gitBranchInfo))
return "", errors.Wrap(err, "error looking up git branch")
}
// if on a different branch than the approved branch, then nothing gets added to the document
if strings.Compare(strings.TrimSpace(fmt.Sprintf("%s", gitBranchInfo)), cfg.ApprovedBranch) != 0 {
return "", nil
}
// Grab information related to commit, so that we can put approval information in the document
gitArgs := []string{"log", "-n", "1", "--pretty=format:Last edit made by %an (%aE) on %aD.\n\nApproved by %cn (%cE) on %cD in commit %H.", "--", pol.FullPath}
cmd := exec.Command("git", gitArgs...)
gitApprovalInfo, err := cmd.CombinedOutput()
if err != nil {
fmt.Println(string(gitApprovalInfo))
return "", errors.Wrap(err, "error looking up git committer and author data")
}
return fmt.Sprintf("%s\n%s", "# Authorship and Approval", gitApprovalInfo), nil
}
func preprocessDoc(data *renderData, pol *model.Document, fullPath string) error {
cfg := config.Config()
@@ -78,7 +114,7 @@ func preprocessDoc(data *renderData, pol *model.Document, fullPath string) error
for standard, keys := range pol.Satisfies {
rows += fmt.Sprintf("| %s | %s |\n", standard, strings.Join(keys, ", "))
}
satisfiesTable = fmt.Sprintf("|Standard|Controls Satisfied|\n|-------+--------------------------------------------|\n%s\nTable: Control satisfaction\n", rows)
satisfiesTable = fmt.Sprintf("|Framework|Criteria Satisfied|\n|-------+--------------------------------------------|\n%s\nTable: Criterion satisfaction\n", rows)
}
if len(pol.Revisions) > 0 {
@@ -89,6 +125,11 @@ func preprocessDoc(data *renderData, pol *model.Document, fullPath string) error
revisionTable = fmt.Sprintf("|Date|Comment|\n|---+--------------------------------------------|\n%s\nTable: Document history\n", rows)
}
gitApprovalInfo, err := getGitApprovalInfo(pol)
if err != nil {
return err
}
doc := fmt.Sprintf(`%% %s
%% %s
%% %s
@@ -104,6 +145,8 @@ foot-content: "%s confidential %d"
%s
\newpage
%s
%s`,
pol.Name,
cfg.Name,
@@ -114,6 +157,7 @@ foot-content: "%s confidential %d"
satisfiesTable,
revisionTable,
body,
gitApprovalInfo,
)
err = ioutil.WriteFile(fullPath, []byte(doc), os.FileMode(0644))
if err != nil {

9
internal/render/html.go
View File

@@ -15,7 +15,10 @@ import (
const websocketReloader = `<script>
(function(){
var ws = new WebSocket("ws://localhost:5122/ws")
var ws = new WebSocket("ws://localhost:%d/ws")
if (location.host != "") {
ws = new WebSocket("ws://"+location.host+"/ws")
}
var connected = false
ws.onopen = function(e) {
connected = true
@@ -74,7 +77,7 @@ func html(output string, live bool, errCh chan error, wg *sync.WaitGroup) {
}
if live {
w.Write([]byte(websocketReloader))
w.Write([]byte(fmt.Sprintf(websocketReloader, ServePort)))
}
w.Close()
}
@@ -82,7 +85,7 @@ func html(output string, live bool, errCh chan error, wg *sync.WaitGroup) {
if live {
if !opened {
opened = true
open.Run("output/index.html")
open.Run(fmt.Sprintf("http://127.0.0.1:%d/", ServePort))
}
} else {
wg.Done()

19
internal/render/pandoc.go
View File

@@ -14,6 +14,8 @@ import (
"github.com/strongdm/comply/internal/config"
)
var pandocArgs = []string{"-f", "markdown+smart", "--toc", "-N", "--template", "templates/default.latex", "-o"}
func pandoc(outputFilename string, errOutputCh chan error) {
if config.WhichPandoc() == config.UsePandoc {
err := pandocPandoc(outputFilename)
@@ -26,12 +28,7 @@ func pandoc(outputFilename string, errOutputCh chan error) {
}
func dockerPandoc(outputFilename string, errOutputCh chan error) {
// TODO: switch to new args once docker image is updated
// cmd21 := []string{"-f", "markdown+smart", "--toc", "-N", "--template", "templates/default.latex", "-o", fmt.Sprintf("output/%s", outputFilename), fmt.Sprintf("output/%s.md", outputFilename)}
cmd19 := []string{"--smart", "--toc", "-N", "--template=/source/templates/default.latex", "-o",
fmt.Sprintf("/source/output/%s", outputFilename),
fmt.Sprintf("/source/output/%s.md", outputFilename)}
pandocCmd := append(pandocArgs, fmt.Sprintf("/source/output/%s", outputFilename), fmt.Sprintf("/source/output/%s.md", outputFilename))
ctx := context.Background()
cli, err := client.NewEnvClient()
if err != nil {
@@ -51,7 +48,7 @@ func dockerPandoc(outputFilename string, errOutputCh chan error) {
resp, err := cli.ContainerCreate(ctx, &container.Config{
Image: "strongdm/pandoc",
Cmd: cmd19},
Cmd: pandocCmd},
hc, nil, "")
if err != nil {
@@ -85,12 +82,16 @@ func dockerPandoc(outputFilename string, errOutputCh chan error) {
errOutputCh <- errors.Wrap(err, "error reading Docker container logs")
return
}
if _, err = os.Stat(fmt.Sprintf("output/%s", outputFilename)); err != nil && os.IsNotExist(err) {
errOutputCh <- errors.Wrap(err, "output not generated; verify your Docker image is up to date")
return
}
}
// 🐼
func pandocPandoc(outputFilename string) error {
// -f markdown+smart --toc -N --template=templates/default.latex -o output/%s output/%s.md
cmd := exec.Command("pandoc", "-f", "markdown+smart", "--toc", "-N", "--template", "templates/default.latex", "-o", fmt.Sprintf("output/%s", outputFilename), fmt.Sprintf("output/%s.md", outputFilename))
cmd := exec.Command("pandoc", append(pandocArgs, fmt.Sprintf("output/%s", outputFilename), fmt.Sprintf("output/%s.md", outputFilename))...)
outputRaw, err := cmd.CombinedOutput()
if err != nil {
fmt.Println(string(outputRaw))

14
internal/render/site.go
View File

@@ -1,8 +1,10 @@
package render
import (
"fmt"
"net/http"
"os"
"path/filepath"
"sync"
"time"
@@ -11,6 +13,8 @@ import (
"github.com/yosssi/ace"
)
var ServePort int
var upgrader = websocket.Upgrader{
ReadBufferSize: 1024,
WriteBufferSize: 1024,
@@ -87,6 +91,16 @@ func Build(output string, live bool) error {
if live {
watch(errCh)
go func() {
http.Handle("/", http.FileServer(http.Dir(filepath.Join(".", "output"))))
err := http.ListenAndServe(fmt.Sprintf("0.0.0.0:%d", ServePort), nil)
if err != nil {
panic(err)
}
}()
fmt.Printf("Serving content of output/ at http://127.0.0.1:%d (ctrl-c to quit)\n", ServePort)
}
// PDF
wg.Add(1)

2
internal/render/watch.go
View File

@@ -16,6 +16,7 @@ func watch(errCh chan error) {
b.Add("./templates/")
b.Add("./narratives/")
b.Add("./policies/")
b.Add("./controls/")
b.Add("./procedures/")
b.Add("./.comply/")
@@ -45,7 +46,6 @@ func watch(errCh chan error) {
}
http.HandleFunc("/ws", serveWs)
go http.ListenAndServe("127.0.0.1:5122", nil)
return
}

284
internal/theme/themes_bindata.go
View File

File diff suppressed because it is too large Load Diff

33
themes/comply-blank/controls/README.md Normal file
View File

@@ -0,0 +1,33 @@
# Controls
Controls explicitly state a specific action that the organization will take to enforce a Policy goal.
## Format
```
name: Access Control Procedures
family: Access Control
identifier: AC-2
governingPolicy:
- policyName: Access Onboarding and Termination
policyID: SDM-AOTP
policyClause: 1.1
owner: Director, Security & Compliance
published: 2020-01-01
targets:
TSC 2017:
- CC6.1
- CC6.2
- CC6.3
NIST 800-53:
- AC-1
revisions:
- date: Sep 1 2020
comment: Initial documentation of control
---
1. Develop, document, and disseminate to all employees:
1. Organizational access control policy that:
1. Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
```

0
themes/comply-blank/frameworks/.gitkeep Normal file
View File

24
themes/comply-blank/templates/index.ace
View File

@@ -66,7 +66,7 @@ html lang=en
a onclick="javascript:show('procedures')" Procedures
li.top-nav.standards
strong
a onclick="javascript:show('standards')" Standards
a onclick="javascript:show('frameworks')" Frameworks
/ li.top-nav.evidence
/ a onclick="javascript:show('evidence')" Evidence Vault
#overview.section.top-nav.container.content
@@ -76,17 +76,17 @@ html lang=en
.columns.is-vcentered
.column.is-one-third
div
p.subtitle.is-3.has-text-centered Control Tracking
p.subtitle.is-3.has-text-centered CriterionTracking
.column.has-text-centered
div
p.heading Satisfied Controls
p.heading Satisfied Criteria
p.title
{{.Stats.ControlsSatisfied}}
{{.Stats.CriteriaSatisfied}}
.column.has-text-centered
div
p.heading Total Controls
p.title
{{.Stats.ControlsTotal}}
{{.Stats.CriteriaTotal}}
.columns.is-vcentered
.column.is-one-third
div
@@ -187,23 +187,23 @@ html lang=en
td On demand
{{end}}
{{end}}
#standards.section.top-nav.container.content
#frameworks.section.top-nav.container.content
blockquote
h3
p
strong Standards
| specify the controls satisfied by the compliance program.
strong Framework Targets
| specify the Frameworks and Framework Criteria targeted by the compliance program.
table.table.is-size-4.is-fullwidth
thead
tr
th Control Key
th CriterionKey
th Name
th Satisfied?
th Satisfied By
tbody
{{range .Controls }}
{{range .Criteria}}
tr
td {{.ControlKey}}
td {{.criteriaKey}}
td
strong {{.Name}}
.subtitle {{.Description}}
@@ -234,4 +234,4 @@ html lang=en
show(destination)
}
}
}
}

4
themes/comply-soc2/README.md
View File

@@ -10,7 +10,7 @@ Compliance documents are organized as follows:
narratives/ Narratives provide an overview of the organization and the compliance environment.
policies/ Policies govern the behavior of employees and contractors.
procedures/ Procedures prescribe specific steps that are taken in response to key events.
standards/ Standards specify the controls satisfied by the compliance program.
frameworks/ Frameworks specify the control criteria targeted by the compliance program.
templates/ Templates control the output format of the HTML Dashboard and PDF assets.
```
@@ -57,4 +57,4 @@ comply build
# publish static site from output/ directory
upload.sh output/
```
```

33
themes/comply-soc2/controls/README.md Normal file
View File

@@ -0,0 +1,33 @@
# Controls
Controls explicitly state a specific action that the organization will take to enforce a Policy goal.
## Format
```
name: Access Control Procedures
family: Access Control
identifier: AC-2
governingPolicy:
- policyName: Access Onboarding and Termination
policyID: SDM-AOTP
policyClause: 1.1
owner: Director, Security & Compliance
published: 2020-01-01
targets:
TSC 2017:
- CC6.1
- CC6.2
- CC6.3
NIST 800-53:
- AC-1
revisions:
- date: Sep 1 2020
comment: Initial documentation of control
---
1. Develop, document, and disseminate to all employees:
1. Organizational access control policy that:
1. Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
```

4
themes/comply-soc2/standards/README.md → themes/comply-soc2/frameworks/README.md
View File

@@ -1,5 +1,5 @@
# Standards
# Frameworks
All `yaml` files in this directory are assumed to conform to https://github.com/opencontrol/schemas/tree/master/kwalify/standard
Adjust the target standard for this project by adding or removing line-items within each file, or adding/removing a standard file entirely.
Adjust the target standard for this project by adding or removing line-items within each file, or adding/removing a standard file entirely.

0
themes/comply-soc2/standards/TSC-2017.yml → themes/comply-soc2/frameworks/TSC-2017.yml
View File

80
themes/comply-soc2/narratives/control.md
View File

@@ -1,4 +1,4 @@
name: Control Environment Narrative
name: CriterionEnvironment Narrative
acronym: CEN
satisfies:
TSC:
@@ -15,8 +15,80 @@ majorRevisions:
comment: Initial document
---
# Control Environment Narrative
# CriterionEnvironment Narrative
Here we narrate why our control environment satisfies the control keys listed in the YML block
The following provides a description of the control structure of {{.Name}}.
# Template Coming Soon
The intent of this description is to enumerate the logical, policy, and procedural controls that serve to monitor {{.Name}}'s application and data security. Changes uncovered by these procedures in the logical, policy, procedural, or customer environment are addressed by remediations specific to the noted change.
# Logical Controls
{{.Name}} employs several logical controls to protect confidential data and ensure normal operation of its core product.
- Mandatory data encryption at rest and in motion
- Multi-factor authentication for access to cloud infrastructure
- Activity and anomaly monitoring on production systems
- Vulnerability management program
# Policy Controls
{{.Name}} employs several policy controls to protect confidential data and ensure normal operation of its core product. These policies include, but are not limited to:
- Access CriterionPolicy
- Encryption Policy
- Office Security Policy
- Password Policy
- Policy Training Policy
- Vendor Policy
- Workstation Policy
# Procedural Controls
{{.Name}} has numerous scheduled procedures to monitor and tune the effectiveness of ongoing security controls, and a series of event-driven procedures to respond to security-related events.
TODO: Finalize these lists
## Scheduled Security and Audit Procedures
- Review Access [quarterly]
- Review Security Logs [weekly]
- Review Cyber Risk Assessment (enumerate possible compromise scenarios) [quarterly]
- Review Data Classification [quarterly]
- Backup Testing [quarterly]
- Disaster Recovery Testing [semi-annual]
- Review Devices & Workstations [quarterly]
- Review & Clear Low-Priority Alerts [weekly]
- Apply OS Patches [monthly]
- Verify Data Disposal per Retention Policy [quarterly]
- Conduct Security Training [annual]
- Review Security Monitoring and Alerting Configuration [quarterly]
- Penetration Test [annual]
- Whitebox Security Review [annual]
- SOC2 Audit [annual]
## Event-Driven Security and Audit Procedures
- Onboard Employee
- Offboard Employee
- Investigate Security Alert
- Investigate Security Incident
# Remediations
{{.Name}} uses the outcomes of the aforementioned controls and procedures to identify shortcomings in the existing control environment. Once identified, these shortcomes are remediated by improving existing controls and procedures, and creating new controls and procedures as needed.
# Communications
{{.Name}} communicates relevant information regarding the functioning of the above controls with internal and external parties on an as-needed basis and according to statutory requirements.
## Internal
{{.Name}} communicates control outcomes, anomalies, and remediations internally using the following channels:
- Slack
- Email
- Github ticketing
## External
{{.Name}} communicates relevant control-related information to external parties including shareholders, customers, contractors, regulators, and government entities as needed according to contractual and regulatory/statutory obligation.

37
themes/comply-soc2/narratives/products.md
View File

@@ -9,4 +9,39 @@ majorRevisions:
Here we describe the key products marketed by our organization
# Template Coming Soon
# Products
## Product 1
Overview of product 1
### Architecture
Brief architectural discussion of product 1
### Security Considerations
Specific security considerations for product 1. Refer to policies, procedures here.
# References
## Narratives
List relevant narratives, probably including
Organizational Narrative
Security Narrative
System Narrative
## Policies
List relevant policies, probably including
Application Security Policy
Datacenter Policy
Log Management Policy
Password Policy
Security Incident Response Policy
Risk Assessment Policy
## Procedures
List relevant procedures, probably including access review, patching, alert monitoring, log review, pen testing

97
themes/comply-soc2/narratives/security.md
View File

@@ -15,4 +15,99 @@ majorRevisions:
Here we narrate why our org satisfies the control keys listed in the YML block
# Template Coming Soon
# {{.Name}} Product Architecture
Describe product architecture here, emphasizing security implications
# {{.Name}} Infrastructure
## Product Infrastructure
Describe product infrastructure, emphasizing security measures
### Authorized Personnel
- **AWS root account** access is granted only to the CTO and CEO
- **AWS IAM** access is granted to to a limited group of **Operators**
- **{{.Name}} SSH** access is granted to a limited group of **Operators**
- **{{.Name}} DB** access is granted to a limited group of **Data Operators**
## IT Infrastructure
{{.Name}} uses the following cloud services for its internal infrastructure:
- List cloud services
Access to these cloud services is limited according to the role of the {{.Name}} employee and is reviewed quarterly as well as via regular onboarding/offboarding tasks for new and departing employees.
# {{.Name}} Workstations
{{.Name}} workstations are hardened against logical and physical attack by the following measures:
- operating system must be within one generation of current
- full-disk encryption
- onboard antivirus/antimalware software
- OS and AV automatically updated
Workstation compliance with these measures is evaluated on a quarterly basis.
## Remote Access
Many {{.Name}} employees work remotely on a regular basis and connect to production and internal IT systems via the same methods as those employees connecting from the {{.Name}} physical office, i.e., direct encrypted access to cloud services. It is the employee's responsibility to ensure that only authorized personnel use {{.Name}} resources and access {{.Name}} systems.
# Access Review
Access to {{.Name}} infrastructure, both internal and product, is reviewed quarterly and inactive users are removed. Any anomalies are reported to the security team for further investigation. When employees start or depart, an onboarding/offboarding procedure is followed to provision or deprovision appropriate account access.
# Penetration Testing
{{.Name}} commissions an external penetration test on an annual basis. All findings are immediately reviewed and addressed to the satisfaction of the CTO/CEO.
# {{.Name}} Physical Security
{{.Name}} has one physical location, in San Francisco, CA. Key issuance is tracked by the Office Physical Security Policy Ledger. Office keys are additionally held by the lessor, property management, and custodial staff. These keys are not tracked by the Office Physical Security Policy Ledger. {{.Name}} managers regularly review physical access privileges.
{{.Name}} infrastructure is located within AWS. {{.Name}} does not have physical access to AWS infrastructure.
# Risk Assessment
{{.Name}} updates its Cyber Risk Assessment on an annual basis in order to keep pace with the evolving threat landscape. The following is an inventory of adversarial and non-adversarial threats assessed to be of importance to {{.Name}}.
## Adversarial Threats
The following represents the inventory of adversarial threats:
|Threat|Source|Vector|Target|Likelihood|Severity|
|----------------------------+--------------+------------+-----------------+----------+------|
| | | | | | |
## Non-Adversarial Threats
The following represents the inventory of non-adversarial threats:
|Threat|Vector|Target|Likelihood|Severity|
|----------------------------+--------------+-------------+----------+------|
| | | | | |
# References
## Narratives
Products and Services Narrative
System Architecture Narrative
## Policies
Encryption Policy
Log Management Policy
Office Security Policy
Remote Access Policy
Security Incident Response Policy
Workstation Policy
## Procedures
Apply OS Patches
Review & Clear Low-Priority Alerts
Review Access
Review Devices & Workstations

2
themes/comply-soc2/policies/access.md
View File

@@ -11,7 +11,7 @@ majorRevisions:
---
# Purpose and Scope
a. The purpose of this policy to define procedures to onboard and offboard users to technical infrastructure in a manner that minimizes the risk of information loss or exposure.
a. The purpose of this policy is to define procedures to onboard and offboard users to technical infrastructure in a manner that minimizes the risk of information loss or exposure.
a. This policy applies to all technical infrastructure within the organization.

0
themes/comply-soc2/standards/.gitkeep Normal file
View File

24
themes/comply-soc2/templates/index.ace
View File

@@ -66,7 +66,7 @@ html lang=en
a onclick="javascript:show('procedures')" Procedures
li.top-nav.standards
strong
a onclick="javascript:show('standards')" Standards
a onclick="javascript:show('frameworks')" Frameworks
/ li.top-nav.evidence
/ a onclick="javascript:show('evidence')" Evidence Vault
#overview.section.top-nav.container.content
@@ -76,17 +76,17 @@ html lang=en
.columns.is-vcentered
.column.is-one-third
div
p.subtitle.is-3.has-text-centered Control Tracking
p.subtitle.is-3.has-text-centered CriterionTracking
.column.has-text-centered
div
p.heading Satisfied Controls
p.heading Satisfied Criteria
p.title
{{.Stats.ControlsSatisfied}}
{{.Stats.CriteriaSatisfied}}
.column.has-text-centered
div
p.heading Total Controls
p.title
{{.Stats.ControlsTotal}}
{{.Stats.CriteriaTotal}}
.columns.is-vcentered
.column.is-one-third
div
@@ -187,23 +187,23 @@ html lang=en
td On demand
{{end}}
{{end}}
#standards.section.top-nav.container.content
#frameworks.section.top-nav.container.content
blockquote
h3
p
strong Standards
| specify the controls satisfied by the compliance program.
strong Framework Targets
| specify the Frameworks and Framework Criteria targeted by the compliance program.
table.table.is-size-4.is-fullwidth
thead
tr
th Control Key
th CriterionKey
th Name
th Satisfied?
th Satisfied By
tbody
{{range .Controls }}
{{range .Criteria}}
tr
td {{.ControlKey}}
td {{.criteriaKey}}
td
strong {{.Name}}
.subtitle {{.Description}}
@@ -234,4 +234,4 @@ html lang=en
show(destination)
}
}
}
}

10
tools.go Normal file
View File

@@ -0,0 +1,10 @@
// +build tools
package tools
import (
_ "github.com/Clever/gitsem"
_ "github.com/aktau/github-release"
_ "github.com/containous/go-bindata/go-bindata" // v1.0.0
_ "github.com/elazarl/go-bindata-assetfs/go-bindata-assetfs" // v0.0.0-20170227122030-30f82fa23fd8
)

24
vendor/github.com/Clever/gitsem/.drone.yml generated vendored Normal file
View File

@@ -0,0 +1,24 @@
image: bradrydzewski/go:1.3
script:
- make test
notify:
email:
recipients:
- drone@clever.com
hipchat:
room: Clever-Dev-CI
token: {{hipchat_token}}
on_started: true
on_success: true
on_failure: true
publish:
github:
branch: master
script:
- make release
artifacts:
- release
tag: v$(cat VERSION)
token: {{github_token}}
user: Clever
repo: gitsem

25
vendor/github.com/Clever/gitsem/.gitignore generated vendored Normal file
View File

@@ -0,0 +1,25 @@
# Compiled Object files, Static and Dynamic libs (Shared Objects)
*.o
*.a
*.so
# Folders
_obj
_test
# Architecture specific extensions/prefixes
*.[568vq]
[568vq].out
*.cgo1.go
*.cgo2.c
_cgo_defun.c
_cgo_gotypes.go
_cgo_export.*
_testmain.go
*.exe
*.test
gitsem

54
vendor/github.com/Clever/gitsem/Makefile generated vendored Normal file
View File

@@ -0,0 +1,54 @@
SHELL := /bin/bash
PKG = github.com/Clever/gitsem
PKGS = $(PKG)
VERSION := $(shell cat VERSION)
EXECUTABLE := gitsem
BUILDS := \
build/$(EXECUTABLE)-v$(VERSION)-darwin-amd64 \
build/$(EXECUTABLE)-v$(VERSION)-linux-amd64 \
build/$(EXECUTABLE)-v$(VERSION)-windows-amd64
COMPRESSED_BUILDS := $(BUILDS:%=%.tar.gz)
RELEASE_ARTIFACTS := $(COMPRESSED_BUILDS:build/%=release/%)
.PHONY: test golint
golint:
@go get github.com/golang/lint/golint
test: $(PKGS)
$(PKGS): golint
@go get -d -t $@
@gofmt -w=true $(GOPATH)/src/$@*/**.go
ifneq ($(NOLINT),1)
@echo "LINTING..."
@PATH=$(PATH):$(GOPATH)/bin golint $(GOPATH)/src/$@*/**.go
@echo ""
endif
ifeq ($(COVERAGE),1)
@go test -cover -coverprofile=$(GOPATH)/src/$@/c.out $@ -test.v
@go tool cover -html=$(GOPATH)/src/$@/c.out
else
@echo "TESTING..."
@go test $@ -test.v
endif
run:
@go run main.go
build/$(EXECUTABLE)-v$(VERSION)-darwin-amd64:
GOARCH=amd64 GOOS=darwin go build -o "$@/$(EXECUTABLE)"
build/$(EXECUTABLE)-v$(VERSION)-linux-amd64:
GOARCH=amd64 GOOS=linux go build -o "$@/$(EXECUTABLE)"
build/$(EXECUTABLE)-v$(VERSION)-windows-amd64:
GOARCH=amd64 GOOS=windows go build -o "$@/$(EXECUTABLE).exe"
build: $(BUILDS)
%.tar.gz: %
tar -C `dirname $<` -zcvf "$<.tar.gz" `basename $<`
$(RELEASE_ARTIFACTS): release/% : build/%
mkdir -p release
cp $< $@
release: $(RELEASE_ARTIFACTS)
clean:
rm -rf build release

34
vendor/github.com/Clever/gitsem/README.md generated vendored Normal file
View File

@@ -0,0 +1,34 @@
# gitsem
A command line utility for managing semantically versioned (semver) git tags.
Run this in a git repository to bump the version and write the new data back to the VERSION file.
It will also create a version commit and (optional) tag, and fail if the repo is not clean.
## Installation
```shell
$ go get github.com/Clever/gitsem
```
## Example
```shell
$ gitsem patch
$ gitsem -m "Upgrade to %s for reasons" patch
$ gitsem minor
```
## Usage
```shell
gitsem [options] version
```
`version` can be one of: `newversion | patch | minor | major`
The version argument should be a valid semver string, or a field of a semver string (one of "patch", "minor", or "major").
In the second case, the existing version will be incremented by 1 in the specified field.
### Options
- `m=%s` specifies a commit message to use when bumping the version. If %s appears, it will be replaced with the new version number.
- `tag=true` whether or not to create a tag at the version commit

1
vendor/github.com/Clever/gitsem/VERSION generated vendored Normal file
View File

@@ -0,0 +1 @@
1.0.4

39
vendor/github.com/Clever/gitsem/git.go generated vendored Normal file
View File

@@ -0,0 +1,39 @@
package main
import (
"bytes"
"os/exec"
"strings"
)
func isRepoClean() (bool, error) {
cmd := exec.Command("git", "status", "-s")
result := &bytes.Buffer{}
cmd.Stdout = result
if err := cmd.Run(); err != nil {
return false, err
}
return result.String() == "", nil
}
func repoRoot() (string, error) {
cmd := exec.Command("git", "rev-parse", "--show-toplevel")
result := &bytes.Buffer{}
cmd.Stdout = result
if err := cmd.Run(); err != nil {
return "", err
}
return strings.TrimSpace(result.String()), nil
}
func addFile(path string) error {
return exec.Command("git", "add", path).Run()
}
func commit(message string) error {
return exec.Command("git", "commit", "-m", message).Run()
}
func tag(version string) error {
return exec.Command("git", "tag", version).Run()
}

126
vendor/github.com/Clever/gitsem/main.go generated vendored Normal file
View File

@@ -0,0 +1,126 @@
package main
import (
"flag"
"fmt"
"gopkg.in/blang/semver.v1"
"io/ioutil"
"log"
"os"
"path/filepath"
"strings"
)
func commitMessage(message, version string) string {
if strings.Contains(message, "%s") {
return fmt.Sprintf(message, version)
}
return message
}
func getCurrentVersion(path string) (*semver.Version, error) {
if _, err := os.Stat(path); os.IsNotExist(err) {
return &semver.Version{}, nil
}
contents, err := ioutil.ReadFile(path)
if err != nil {
return nil, err
}
return semver.New(strings.TrimSpace(string(contents)))
}
const versionFileName = "VERSION"
func exitWithError(message string) {
fmt.Fprintf(os.Stderr, message+"\n\n")
flag.Usage()
os.Exit(1)
}
func bump(old *semver.Version, part string) *semver.Version {
// We don't want to mutate the input, but there's no Clone or Copy method on a semver.Version,
// so we make a new one by parsing the string version of the old one.
// We ignore any errors because we know it's valid semver.
new, _ := semver.New(old.String())
switch part {
case "major":
new.Major++
new.Minor = 0
new.Patch = 0
case "minor":
new.Minor++
new.Patch = 0
case "patch":
new.Patch++
}
return new
}
func main() {
flag.Usage = func() {
fmt.Fprintf(os.Stderr, "Usage of %s: [options] version\n\n", os.Args[0])
fmt.Fprintf(os.Stderr, "version can be one of: newversion | patch | minor | major\n\n")
fmt.Fprintf(os.Stderr, "options:\n")
flag.PrintDefaults()
}
message := flag.String("m", "%s", "commit message for version commit")
help := flag.Bool("h", false, "print usage and exit")
shouldTag := flag.Bool("tag", true, "whether or not to make a tag at the version commit")
flag.Parse()
if *help {
flag.Usage()
os.Exit(0)
}
if *message == "" {
exitWithError("missing message")
}
if clean, err := isRepoClean(); err != nil {
log.Fatal(err)
} else if !clean {
log.Fatal("repo isn't clean")
}
root, err := repoRoot()
if err != nil {
log.Fatal(err)
}
versionFile := filepath.Join(root, versionFileName)
version, err := getCurrentVersion(versionFile)
if err != nil {
log.Fatal(err)
}
if len(flag.Args()) != 1 {
exitWithError("gitsem takes exactly one non-flag argument: version")
}
newVersion := flag.Args()[0]
switch newVersion {
case "patch", "minor", "major":
version = bump(version, newVersion)
default:
if version, err = semver.New(newVersion); err != nil {
log.Fatalf("failed to parse %s as semver: %s", newVersion, err.Error())
}
}
if err := ioutil.WriteFile(versionFile, []byte(version.String()), 0666); err != nil {
log.Fatal(err)
}
if err := addFile(versionFile); err != nil {
log.Fatal(err)
}
versionString := "v" + version.String()
*message = commitMessage(*message, versionString)
if err := commit(*message); err != nil {
log.Fatal(err)
}
if *shouldTag {
if err := tag(versionString); err != nil {
log.Fatal(err)
}
}
fmt.Println(versionString)
}

274
vendor/github.com/Microsoft/go-winio/ea.go generated vendored
View File

@@ -1,137 +1,137 @@
package winio
import (
"bytes"
"encoding/binary"
"errors"
)
type fileFullEaInformation struct {
NextEntryOffset uint32
Flags uint8
NameLength uint8
ValueLength uint16
}
var (
fileFullEaInformationSize = binary.Size(&fileFullEaInformation{})
errInvalidEaBuffer = errors.New("invalid extended attribute buffer")
errEaNameTooLarge = errors.New("extended attribute name too large")
errEaValueTooLarge = errors.New("extended attribute value too large")
)
// ExtendedAttribute represents a single Windows EA.
type ExtendedAttribute struct {
Name string
Value []byte
Flags uint8
}
func parseEa(b []byte) (ea ExtendedAttribute, nb []byte, err error) {
var info fileFullEaInformation
err = binary.Read(bytes.NewReader(b), binary.LittleEndian, &info)
if err != nil {
err = errInvalidEaBuffer
return
}
nameOffset := fileFullEaInformationSize
nameLen := int(info.NameLength)
valueOffset := nameOffset + int(info.NameLength) + 1
valueLen := int(info.ValueLength)
nextOffset := int(info.NextEntryOffset)
if valueLen+valueOffset > len(b) || nextOffset < 0 || nextOffset > len(b) {
err = errInvalidEaBuffer
return
}
ea.Name = string(b[nameOffset : nameOffset+nameLen])
ea.Value = b[valueOffset : valueOffset+valueLen]
ea.Flags = info.Flags
if info.NextEntryOffset != 0 {
nb = b[info.NextEntryOffset:]
}
return
}
// DecodeExtendedAttributes decodes a list of EAs from a FILE_FULL_EA_INFORMATION
// buffer retrieved from BackupRead, ZwQueryEaFile, etc.
func DecodeExtendedAttributes(b []byte) (eas []ExtendedAttribute, err error) {
for len(b) != 0 {
ea, nb, err := parseEa(b)
if err != nil {
return nil, err
}
eas = append(eas, ea)
b = nb
}
return
}
func writeEa(buf *bytes.Buffer, ea *ExtendedAttribute, last bool) error {
if int(uint8(len(ea.Name))) != len(ea.Name) {
return errEaNameTooLarge
}
if int(uint16(len(ea.Value))) != len(ea.Value) {
return errEaValueTooLarge
}
entrySize := uint32(fileFullEaInformationSize + len(ea.Name) + 1 + len(ea.Value))
withPadding := (entrySize + 3) &^ 3
nextOffset := uint32(0)
if !last {
nextOffset = withPadding
}
info := fileFullEaInformation{
NextEntryOffset: nextOffset,
Flags: ea.Flags,
NameLength: uint8(len(ea.Name)),
ValueLength: uint16(len(ea.Value)),
}
err := binary.Write(buf, binary.LittleEndian, &info)
if err != nil {
return err
}
_, err = buf.Write([]byte(ea.Name))
if err != nil {
return err
}
err = buf.WriteByte(0)
if err != nil {
return err
}
_, err = buf.Write(ea.Value)
if err != nil {
return err
}
_, err = buf.Write([]byte{0, 0, 0}[0 : withPadding-entrySize])
if err != nil {
return err
}
return nil
}
// EncodeExtendedAttributes encodes a list of EAs into a FILE_FULL_EA_INFORMATION
// buffer for use with BackupWrite, ZwSetEaFile, etc.
func EncodeExtendedAttributes(eas []ExtendedAttribute) ([]byte, error) {
var buf bytes.Buffer
for i := range eas {
last := false
if i == len(eas)-1 {
last = true
}
err := writeEa(&buf, &eas[i], last)
if err != nil {
return nil, err
}
}
return buf.Bytes(), nil
}
package winio
import (
"bytes"
"encoding/binary"
"errors"
)
type fileFullEaInformation struct {
NextEntryOffset uint32
Flags uint8
NameLength uint8
ValueLength uint16
}
var (
fileFullEaInformationSize = binary.Size(&fileFullEaInformation{})
errInvalidEaBuffer = errors.New("invalid extended attribute buffer")
errEaNameTooLarge = errors.New("extended attribute name too large")
errEaValueTooLarge = errors.New("extended attribute value too large")
)
// ExtendedAttribute represents a single Windows EA.
type ExtendedAttribute struct {
Name string
Value []byte
Flags uint8
}
func parseEa(b []byte) (ea ExtendedAttribute, nb []byte, err error) {
var info fileFullEaInformation
err = binary.Read(bytes.NewReader(b), binary.LittleEndian, &info)
if err != nil {
err = errInvalidEaBuffer
return
}
nameOffset := fileFullEaInformationSize
nameLen := int(info.NameLength)
valueOffset := nameOffset + int(info.NameLength) + 1
valueLen := int(info.ValueLength)
nextOffset := int(info.NextEntryOffset)
if valueLen+valueOffset > len(b) || nextOffset < 0 || nextOffset > len(b) {
err = errInvalidEaBuffer
return
}
ea.Name = string(b[nameOffset : nameOffset+nameLen])
ea.Value = b[valueOffset : valueOffset+valueLen]
ea.Flags = info.Flags
if info.NextEntryOffset != 0 {
nb = b[info.NextEntryOffset:]
}
return
}
// DecodeExtendedAttributes decodes a list of EAs from a FILE_FULL_EA_INFORMATION
// buffer retrieved from BackupRead, ZwQueryEaFile, etc.
func DecodeExtendedAttributes(b []byte) (eas []ExtendedAttribute, err error) {
for len(b) != 0 {
ea, nb, err := parseEa(b)
if err != nil {
return nil, err
}
eas = append(eas, ea)
b = nb
}
return
}
func writeEa(buf *bytes.Buffer, ea *ExtendedAttribute, last bool) error {
if int(uint8(len(ea.Name))) != len(ea.Name) {
return errEaNameTooLarge
}
if int(uint16(len(ea.Value))) != len(ea.Value) {
return errEaValueTooLarge
}
entrySize := uint32(fileFullEaInformationSize + len(ea.Name) + 1 + len(ea.Value))
withPadding := (entrySize + 3) &^ 3
nextOffset := uint32(0)
if !last {
nextOffset = withPadding
}
info := fileFullEaInformation{
NextEntryOffset: nextOffset,
Flags: ea.Flags,
NameLength: uint8(len(ea.Name)),
ValueLength: uint16(len(ea.Value)),
}
err := binary.Write(buf, binary.LittleEndian, &info)
if err != nil {
return err
}
_, err = buf.Write([]byte(ea.Name))
if err != nil {
return err
}
err = buf.WriteByte(0)
if err != nil {
return err
}
_, err = buf.Write(ea.Value)
if err != nil {
return err
}
_, err = buf.Write([]byte{0, 0, 0}[0 : withPadding-entrySize])
if err != nil {
return err
}
return nil
}
// EncodeExtendedAttributes encodes a list of EAs into a FILE_FULL_EA_INFORMATION
// buffer for use with BackupWrite, ZwSetEaFile, etc.
func EncodeExtendedAttributes(eas []ExtendedAttribute) ([]byte, error) {
var buf bytes.Buffer
for i := range eas {
last := false
if i == len(eas)-1 {
last = true
}
err := writeEa(&buf, &eas[i], last)
if err != nil {
return nil, err
}
}
return buf.Bytes(), nil
}

18
vendor/github.com/Microsoft/go-winio/file.go generated vendored
View File

@@ -16,6 +16,7 @@ import (
//sys createIoCompletionPort(file syscall.Handle, port syscall.Handle, key uintptr, threadCount uint32) (newport syscall.Handle, err error) = CreateIoCompletionPort
//sys getQueuedCompletionStatus(port syscall.Handle, bytes *uint32, key *uintptr, o **ioOperation, timeout uint32) (err error) = GetQueuedCompletionStatus
//sys setFileCompletionNotificationModes(h syscall.Handle, flags uint8) (err error) = SetFileCompletionNotificationModes
//sys wsaGetOverlappedResult(h syscall.Handle, o *syscall.Overlapped, bytes *uint32, wait bool, flags *uint32) (err error) = ws2_32.WSAGetOverlappedResult
type atomicBool int32
@@ -79,6 +80,7 @@ type win32File struct {
wg sync.WaitGroup
wgLock sync.RWMutex
closing atomicBool
socket bool
readDeadline deadlineHandler
writeDeadline deadlineHandler
}
@@ -109,7 +111,13 @@ func makeWin32File(h syscall.Handle) (*win32File, error) {
}
func MakeOpenFile(h syscall.Handle) (io.ReadWriteCloser, error) {
return makeWin32File(h)
// If we return the result of makeWin32File directly, it can result in an
// interface-wrapped nil, rather than a nil interface value.
f, err := makeWin32File(h)
if err != nil {
return nil, err
}
return f, nil
}
// closeHandle closes the resources associated with a Win32 handle
@@ -190,6 +198,10 @@ func (f *win32File) asyncIo(c *ioOperation, d *deadlineHandler, bytes uint32, er
if f.closing.isSet() {
err = ErrFileClosed
}
} else if err != nil && f.socket {
// err is from Win32. Query the overlapped structure to get the winsock error.
var bytes, flags uint32
err = wsaGetOverlappedResult(f.handle, &c.o, &bytes, false, &flags)
}
case <-timeout:
cancelIoEx(f.handle, &c.o)
@@ -265,6 +277,10 @@ func (f *win32File) Flush() error {
return syscall.FlushFileBuffers(f.handle)
}
func (f *win32File) Fd() uintptr {
return uintptr(f.handle)
}
func (d *deadlineHandler) set(deadline time.Time) error {
d.setLock.Lock()
defer d.setLock.Unlock()

3
vendor/github.com/Microsoft/go-winio/fileinfo.go generated vendored
View File

@@ -20,7 +20,8 @@ const (
// FileBasicInfo contains file access time and file attributes information.
type FileBasicInfo struct {
CreationTime, LastAccessTime, LastWriteTime, ChangeTime syscall.Filetime
FileAttributes uintptr // includes padding
FileAttributes uint32
pad uint32 // padding
}
// GetFileBasicInfo retrieves times and attributes for a file.

9
vendor/github.com/Microsoft/go-winio/go.mod generated vendored Normal file
View File

@@ -0,0 +1,9 @@
module github.com/Microsoft/go-winio
go 1.12
require (
github.com/pkg/errors v0.8.1
github.com/sirupsen/logrus v1.4.1
golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b
)

16
vendor/github.com/Microsoft/go-winio/go.sum generated vendored Normal file
View File

@@ -0,0 +1,16 @@
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/sirupsen/logrus v1.4.1 h1:GL2rEmy6nsikmW0r8opw9JIRScdMF5hA8cOYLH7In1k=
github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b h1:ag/x1USPSsqHud38I9BAC88qdNLDHHtQ4mlgQIZPPNA=
golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=

305
vendor/github.com/Microsoft/go-winio/hvsock.go generated vendored Normal file
View File

@@ -0,0 +1,305 @@
package winio
import (
"fmt"
"io"
"net"
"os"
"syscall"
"time"
"unsafe"
"github.com/Microsoft/go-winio/pkg/guid"
)
//sys bind(s syscall.Handle, name unsafe.Pointer, namelen int32) (err error) [failretval==socketError] = ws2_32.bind
const (
afHvSock = 34 // AF_HYPERV
socketError = ^uintptr(0)
)
// An HvsockAddr is an address for a AF_HYPERV socket.
type HvsockAddr struct {
VMID guid.GUID
ServiceID guid.GUID
}
type rawHvsockAddr struct {
Family uint16
_ uint16
VMID guid.GUID
ServiceID guid.GUID
}
// Network returns the address's network name, "hvsock".
func (addr *HvsockAddr) Network() string {
return "hvsock"
}
func (addr *HvsockAddr) String() string {
return fmt.Sprintf("%s:%s", &addr.VMID, &addr.ServiceID)
}
// VsockServiceID returns an hvsock service ID corresponding to the specified AF_VSOCK port.
func VsockServiceID(port uint32) guid.GUID {
g, _ := guid.FromString("00000000-facb-11e6-bd58-64006a7986d3")
g.Data1 = port
return g
}
func (addr *HvsockAddr) raw() rawHvsockAddr {
return rawHvsockAddr{
Family: afHvSock,
VMID: addr.VMID,
ServiceID: addr.ServiceID,
}
}
func (addr *HvsockAddr) fromRaw(raw *rawHvsockAddr) {
addr.VMID = raw.VMID
addr.ServiceID = raw.ServiceID
}
// HvsockListener is a socket listener for the AF_HYPERV address family.
type HvsockListener struct {
sock *win32File
addr HvsockAddr
}
// HvsockConn is a connected socket of the AF_HYPERV address family.
type HvsockConn struct {
sock *win32File
local, remote HvsockAddr
}
func newHvSocket() (*win32File, error) {
fd, err := syscall.Socket(afHvSock, syscall.SOCK_STREAM, 1)
if err != nil {
return nil, os.NewSyscallError("socket", err)
}
f, err := makeWin32File(fd)
if err != nil {
syscall.Close(fd)
return nil, err
}
f.socket = true
return f, nil
}
// ListenHvsock listens for connections on the specified hvsock address.
func ListenHvsock(addr *HvsockAddr) (_ *HvsockListener, err error) {
l := &HvsockListener{addr: *addr}
sock, err := newHvSocket()
if err != nil {
return nil, l.opErr("listen", err)
}
sa := addr.raw()
err = bind(sock.handle, unsafe.Pointer(&sa), int32(unsafe.Sizeof(sa)))
if err != nil {
return nil, l.opErr("listen", os.NewSyscallError("socket", err))
}
err = syscall.Listen(sock.handle, 16)
if err != nil {
return nil, l.opErr("listen", os.NewSyscallError("listen", err))
}
return &HvsockListener{sock: sock, addr: *addr}, nil
}
func (l *HvsockListener) opErr(op string, err error) error {
return &net.OpError{Op: op, Net: "hvsock", Addr: &l.addr, Err: err}
}
// Addr returns the listener's network address.
func (l *HvsockListener) Addr() net.Addr {
return &l.addr
}
// Accept waits for the next connection and returns it.
func (l *HvsockListener) Accept() (_ net.Conn, err error) {
sock, err := newHvSocket()
if err != nil {
return nil, l.opErr("accept", err)
}
defer func() {
if sock != nil {
sock.Close()
}
}()
c, err := l.sock.prepareIo()
if err != nil {
return nil, l.opErr("accept", err)
}
defer l.sock.wg.Done()
// AcceptEx, per documentation, requires an extra 16 bytes per address.
const addrlen = uint32(16 + unsafe.Sizeof(rawHvsockAddr{}))
var addrbuf [addrlen * 2]byte
var bytes uint32
err = syscall.AcceptEx(l.sock.handle, sock.handle, &addrbuf[0], 0, addrlen, addrlen, &bytes, &c.o)
_, err = l.sock.asyncIo(c, nil, bytes, err)
if err != nil {
return nil, l.opErr("accept", os.NewSyscallError("acceptex", err))
}
conn := &HvsockConn{
sock: sock,
}
conn.local.fromRaw((*rawHvsockAddr)(unsafe.Pointer(&addrbuf[0])))
conn.remote.fromRaw((*rawHvsockAddr)(unsafe.Pointer(&addrbuf[addrlen])))
sock = nil
return conn, nil
}
// Close closes the listener, causing any pending Accept calls to fail.
func (l *HvsockListener) Close() error {
return l.sock.Close()
}
/* Need to finish ConnectEx handling
func DialHvsock(ctx context.Context, addr *HvsockAddr) (*HvsockConn, error) {
sock, err := newHvSocket()
if err != nil {
return nil, err
}
defer func() {
if sock != nil {
sock.Close()
}
}()
c, err := sock.prepareIo()
if err != nil {
return nil, err
}
defer sock.wg.Done()
var bytes uint32
err = windows.ConnectEx(windows.Handle(sock.handle), sa, nil, 0, &bytes, &c.o)
_, err = sock.asyncIo(ctx, c, nil, bytes, err)
if err != nil {
return nil, err
}
conn := &HvsockConn{
sock: sock,
remote: *addr,
}
sock = nil
return conn, nil
}
*/
func (conn *HvsockConn) opErr(op string, err error) error {
return &net.OpError{Op: op, Net: "hvsock", Source: &conn.local, Addr: &conn.remote, Err: err}
}
func (conn *HvsockConn) Read(b []byte) (int, error) {
c, err := conn.sock.prepareIo()
if err != nil {
return 0, conn.opErr("read", err)
}
defer conn.sock.wg.Done()
buf := syscall.WSABuf{Buf: &b[0], Len: uint32(len(b))}
var flags, bytes uint32
err = syscall.WSARecv(conn.sock.handle, &buf, 1, &bytes, &flags, &c.o, nil)
n, err := conn.sock.asyncIo(c, &conn.sock.readDeadline, bytes, err)
if err != nil {
if _, ok := err.(syscall.Errno); ok {
err = os.NewSyscallError("wsarecv", err)
}
return 0, conn.opErr("read", err)
} else if n == 0 {
err = io.EOF
}
return n, err
}
func (conn *HvsockConn) Write(b []byte) (int, error) {
t := 0
for len(b) != 0 {
n, err := conn.write(b)
if err != nil {
return t + n, err
}
t += n
b = b[n:]
}
return t, nil
}
func (conn *HvsockConn) write(b []byte) (int, error) {
c, err := conn.sock.prepareIo()
if err != nil {
return 0, conn.opErr("write", err)
}
defer conn.sock.wg.Done()
buf := syscall.WSABuf{Buf: &b[0], Len: uint32(len(b))}
var bytes uint32
err = syscall.WSASend(conn.sock.handle, &buf, 1, &bytes, 0, &c.o, nil)
n, err := conn.sock.asyncIo(c, &conn.sock.writeDeadline, bytes, err)
if err != nil {
if _, ok := err.(syscall.Errno); ok {
err = os.NewSyscallError("wsasend", err)
}
return 0, conn.opErr("write", err)
}
return n, err
}
// Close closes the socket connection, failing any pending read or write calls.
func (conn *HvsockConn) Close() error {
return conn.sock.Close()
}
func (conn *HvsockConn) shutdown(how int) error {
err := syscall.Shutdown(conn.sock.handle, syscall.SHUT_RD)
if err != nil {
return os.NewSyscallError("shutdown", err)
}
return nil
}
// CloseRead shuts down the read end of the socket.
func (conn *HvsockConn) CloseRead() error {
err := conn.shutdown(syscall.SHUT_RD)
if err != nil {
return conn.opErr("close", err)
}
return nil
}
// CloseWrite shuts down the write end of the socket, notifying the other endpoint that
// no more data will be written.
func (conn *HvsockConn) CloseWrite() error {
err := conn.shutdown(syscall.SHUT_WR)
if err != nil {
return conn.opErr("close", err)
}
return nil
}
// LocalAddr returns the local address of the connection.
func (conn *HvsockConn) LocalAddr() net.Addr {
return &conn.local
}
// RemoteAddr returns the remote address of the connection.
func (conn *HvsockConn) RemoteAddr() net.Addr {
return &conn.remote
}
// SetDeadline implements the net.Conn SetDeadline method.
func (conn *HvsockConn) SetDeadline(t time.Time) error {
conn.SetReadDeadline(t)
conn.SetWriteDeadline(t)
return nil
}
// SetReadDeadline implements the net.Conn SetReadDeadline method.
func (conn *HvsockConn) SetReadDeadline(t time.Time) error {
return conn.sock.SetReadDeadline(t)
}
// SetWriteDeadline implements the net.Conn SetWriteDeadline method.
func (conn *HvsockConn) SetWriteDeadline(t time.Time) error {
return conn.sock.SetWriteDeadline(t)
}

266
vendor/github.com/Microsoft/go-winio/pipe.go generated vendored
View File

@@ -3,10 +3,13 @@
package winio
import (
"context"
"errors"
"fmt"
"io"
"net"
"os"
"runtime"
"syscall"
"time"
"unsafe"
@@ -15,10 +18,51 @@ import (
//sys connectNamedPipe(pipe syscall.Handle, o *syscall.Overlapped) (err error) = ConnectNamedPipe
//sys createNamedPipe(name string, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *syscall.SecurityAttributes) (handle syscall.Handle, err error) [failretval==syscall.InvalidHandle] = CreateNamedPipeW
//sys createFile(name string, access uint32, mode uint32, sa *syscall.SecurityAttributes, createmode uint32, attrs uint32, templatefile syscall.Handle) (handle syscall.Handle, err error) [failretval==syscall.InvalidHandle] = CreateFileW
//sys waitNamedPipe(name string, timeout uint32) (err error) = WaitNamedPipeW
//sys getNamedPipeInfo(pipe syscall.Handle, flags *uint32, outSize *uint32, inSize *uint32, maxInstances *uint32) (err error) = GetNamedPipeInfo
//sys getNamedPipeHandleState(pipe syscall.Handle, state *uint32, curInstances *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32, userName *uint16, maxUserNameSize uint32) (err error) = GetNamedPipeHandleStateW
//sys localAlloc(uFlags uint32, length uint32) (ptr uintptr) = LocalAlloc
//sys ntCreateNamedPipeFile(pipe *syscall.Handle, access uint32, oa *objectAttributes, iosb *ioStatusBlock, share uint32, disposition uint32, options uint32, typ uint32, readMode uint32, completionMode uint32, maxInstances uint32, inboundQuota uint32, outputQuota uint32, timeout *int64) (status ntstatus) = ntdll.NtCreateNamedPipeFile
//sys rtlNtStatusToDosError(status ntstatus) (winerr error) = ntdll.RtlNtStatusToDosErrorNoTeb
//sys rtlDosPathNameToNtPathName(name *uint16, ntName *unicodeString, filePart uintptr, reserved uintptr) (status ntstatus) = ntdll.RtlDosPathNameToNtPathName_U
//sys rtlDefaultNpAcl(dacl *uintptr) (status ntstatus) = ntdll.RtlDefaultNpAcl
type ioStatusBlock struct {
Status, Information uintptr
}
type objectAttributes struct {
Length uintptr
RootDirectory uintptr
ObjectName *unicodeString
Attributes uintptr
SecurityDescriptor *securityDescriptor
SecurityQoS uintptr
}
type unicodeString struct {
Length uint16
MaximumLength uint16
Buffer uintptr
}
type securityDescriptor struct {
Revision byte
Sbz1 byte
Control uint16
Owner uintptr
Group uintptr
Sacl uintptr
Dacl uintptr
}
type ntstatus int32
func (status ntstatus) Err() error {
if status >= 0 {
return nil
}
return rtlNtStatusToDosError(status)
}
const (
cERROR_PIPE_BUSY = syscall.Errno(231)
@@ -26,21 +70,20 @@ const (
cERROR_PIPE_CONNECTED = syscall.Errno(535)
cERROR_SEM_TIMEOUT = syscall.Errno(121)
cPIPE_ACCESS_DUPLEX = 0x3
cFILE_FLAG_FIRST_PIPE_INSTANCE = 0x80000
cSECURITY_SQOS_PRESENT = 0x100000
cSECURITY_ANONYMOUS = 0
cPIPE_REJECT_REMOTE_CLIENTS = 0x8
cPIPE_UNLIMITED_INSTANCES = 255
cNMPWAIT_USE_DEFAULT_WAIT = 0
cNMPWAIT_NOWAIT = 1
cSECURITY_SQOS_PRESENT = 0x100000
cSECURITY_ANONYMOUS = 0
cPIPE_TYPE_MESSAGE = 4
cPIPE_READMODE_MESSAGE = 2
cFILE_OPEN = 1
cFILE_CREATE = 2
cFILE_PIPE_MESSAGE_TYPE = 1
cFILE_PIPE_REJECT_REMOTE_CLIENTS = 2
cSE_DACL_PRESENT = 4
)
var (
@@ -121,6 +164,11 @@ func (f *win32MessageBytePipe) Read(b []byte) (int, error) {
// zero-byte message, ensure that all future Read() calls
// also return EOF.
f.readEOF = true
} else if err == syscall.ERROR_MORE_DATA {
// ERROR_MORE_DATA indicates that the pipe's read mode is message mode
// and the message still has more bytes. Treat this as a success, since
// this package presents all named pipes as byte streams.
err = nil
}
return n, err
}
@@ -133,40 +181,53 @@ func (s pipeAddress) String() string {
return string(s)
}
// tryDialPipe attempts to dial the pipe at `path` until `ctx` cancellation or timeout.
func tryDialPipe(ctx context.Context, path *string) (syscall.Handle, error) {
for {
select {
case <-ctx.Done():
return syscall.Handle(0), ctx.Err()
default:
h, err := createFile(*path, syscall.GENERIC_READ|syscall.GENERIC_WRITE, 0, nil, syscall.OPEN_EXISTING, syscall.FILE_FLAG_OVERLAPPED|cSECURITY_SQOS_PRESENT|cSECURITY_ANONYMOUS, 0)
if err == nil {
return h, nil
}
if err != cERROR_PIPE_BUSY {
return h, &os.PathError{Err: err, Op: "open", Path: *path}
}
// Wait 10 msec and try again. This is a rather simplistic
// view, as we always try each 10 milliseconds.
time.Sleep(time.Millisecond * 10)
}
}
}
// DialPipe connects to a named pipe by path, timing out if the connection
// takes longer than the specified duration. If timeout is nil, then the timeout
// is the default timeout established by the pipe server.
// takes longer than the specified duration. If timeout is nil, then we use
// a default timeout of 2 seconds. (We do not use WaitNamedPipe.)
func DialPipe(path string, timeout *time.Duration) (net.Conn, error) {
var absTimeout time.Time
if timeout != nil {
absTimeout = time.Now().Add(*timeout)
} else {
absTimeout = time.Now().Add(time.Second * 2)
}
ctx, _ := context.WithDeadline(context.Background(), absTimeout)
conn, err := DialPipeContext(ctx, path)
if err == context.DeadlineExceeded {
return nil, ErrTimeout
}
return conn, err
}
// DialPipeContext attempts to connect to a named pipe by `path` until `ctx`
// cancellation or timeout.
func DialPipeContext(ctx context.Context, path string) (net.Conn, error) {
var err error
var h syscall.Handle
for {
h, err = createFile(path, syscall.GENERIC_READ|syscall.GENERIC_WRITE, 0, nil, syscall.OPEN_EXISTING, syscall.FILE_FLAG_OVERLAPPED|cSECURITY_SQOS_PRESENT|cSECURITY_ANONYMOUS, 0)
if err != cERROR_PIPE_BUSY {
break
}
now := time.Now()
var ms uint32
if absTimeout.IsZero() {
ms = cNMPWAIT_USE_DEFAULT_WAIT
} else if now.After(absTimeout) {
ms = cNMPWAIT_NOWAIT
} else {
ms = uint32(absTimeout.Sub(now).Nanoseconds() / 1000 / 1000)
}
err = waitNamedPipe(path, ms)
if err != nil {
if err == cERROR_SEM_TIMEOUT {
return nil, ErrTimeout
}
break
}
}
h, err = tryDialPipe(ctx, &path)
if err != nil {
return nil, &os.PathError{Op: "open", Path: path, Err: err}
return nil, err
}
var flags uint32
@@ -175,16 +236,6 @@ func DialPipe(path string, timeout *time.Duration) (net.Conn, error) {
return nil, err
}
var state uint32
err = getNamedPipeHandleState(h, &state, nil, nil, nil, nil, 0)
if err != nil {
return nil, err
}
if state&cPIPE_READMODE_MESSAGE != 0 {
return nil, &os.PathError{Op: "open", Path: path, Err: errors.New("message readmode pipes not supported")}
}
f, err := makeWin32File(h)
if err != nil {
syscall.Close(h)
@@ -207,43 +258,87 @@ type acceptResponse struct {
}
type win32PipeListener struct {
firstHandle syscall.Handle
path string
securityDescriptor []byte
config PipeConfig
acceptCh chan (chan acceptResponse)
closeCh chan int
doneCh chan int
firstHandle syscall.Handle
path string
config PipeConfig
acceptCh chan (chan acceptResponse)
closeCh chan int
doneCh chan int
}
func makeServerPipeHandle(path string, securityDescriptor []byte, c *PipeConfig, first bool) (syscall.Handle, error) {
var flags uint32 = cPIPE_ACCESS_DUPLEX | syscall.FILE_FLAG_OVERLAPPED
if first {
flags |= cFILE_FLAG_FIRST_PIPE_INSTANCE
}
var mode uint32 = cPIPE_REJECT_REMOTE_CLIENTS
if c.MessageMode {
mode |= cPIPE_TYPE_MESSAGE
}
sa := &syscall.SecurityAttributes{}
sa.Length = uint32(unsafe.Sizeof(*sa))
if securityDescriptor != nil {
len := uint32(len(securityDescriptor))
sa.SecurityDescriptor = localAlloc(0, len)
defer localFree(sa.SecurityDescriptor)
copy((*[0xffff]byte)(unsafe.Pointer(sa.SecurityDescriptor))[:], securityDescriptor)
}
h, err := createNamedPipe(path, flags, mode, cPIPE_UNLIMITED_INSTANCES, uint32(c.OutputBufferSize), uint32(c.InputBufferSize), 0, sa)
func makeServerPipeHandle(path string, sd []byte, c *PipeConfig, first bool) (syscall.Handle, error) {
path16, err := syscall.UTF16FromString(path)
if err != nil {
return 0, &os.PathError{Op: "open", Path: path, Err: err}
}
var oa objectAttributes
oa.Length = unsafe.Sizeof(oa)
var ntPath unicodeString
if err := rtlDosPathNameToNtPathName(&path16[0], &ntPath, 0, 0).Err(); err != nil {
return 0, &os.PathError{Op: "open", Path: path, Err: err}
}
defer localFree(ntPath.Buffer)
oa.ObjectName = &ntPath
// The security descriptor is only needed for the first pipe.
if first {
if sd != nil {
len := uint32(len(sd))
sdb := localAlloc(0, len)
defer localFree(sdb)
copy((*[0xffff]byte)(unsafe.Pointer(sdb))[:], sd)
oa.SecurityDescriptor = (*securityDescriptor)(unsafe.Pointer(sdb))
} else {
// Construct the default named pipe security descriptor.
var dacl uintptr
if err := rtlDefaultNpAcl(&dacl).Err(); err != nil {
return 0, fmt.Errorf("getting default named pipe ACL: %s", err)
}
defer localFree(dacl)
sdb := &securityDescriptor{
Revision: 1,
Control: cSE_DACL_PRESENT,
Dacl: dacl,
}
oa.SecurityDescriptor = sdb
}
}
typ := uint32(cFILE_PIPE_REJECT_REMOTE_CLIENTS)
if c.MessageMode {
typ |= cFILE_PIPE_MESSAGE_TYPE
}
disposition := uint32(cFILE_OPEN)
access := uint32(syscall.GENERIC_READ | syscall.GENERIC_WRITE | syscall.SYNCHRONIZE)
if first {
disposition = cFILE_CREATE
// By not asking for read or write access, the named pipe file system
// will put this pipe into an initially disconnected state, blocking
// client connections until the next call with first == false.
access = syscall.SYNCHRONIZE
}
timeout := int64(-50 * 10000) // 50ms
var (
h syscall.Handle
iosb ioStatusBlock
)
err = ntCreateNamedPipeFile(&h, access, &oa, &iosb, syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE, disposition, 0, typ, 0, 0, 0xffffffff, uint32(c.InputBufferSize), uint32(c.OutputBufferSize), &timeout).Err()
if err != nil {
return 0, &os.PathError{Op: "open", Path: path, Err: err}
}
runtime.KeepAlive(ntPath)
return h, nil
}
func (l *win32PipeListener) makeServerPipe() (*win32File, error) {
h, err := makeServerPipeHandle(l.path, l.securityDescriptor, &l.config, false)
h, err := makeServerPipeHandle(l.path, nil, &l.config, false)
if err != nil {
return nil, err
}
@@ -354,22 +449,13 @@ func ListenPipe(path string, c *PipeConfig) (net.Listener, error) {
if err != nil {
return nil, err
}
// Immediately open and then close a client handle so that the named pipe is
// created but not currently accepting connections.
h2, err := createFile(path, 0, 0, nil, syscall.OPEN_EXISTING, cSECURITY_SQOS_PRESENT|cSECURITY_ANONYMOUS, 0)
if err != nil {
syscall.Close(h)
return nil, err
}
syscall.Close(h2)
l := &win32PipeListener{
firstHandle: h,
path: path,
securityDescriptor: sd,
config: *c,
acceptCh: make(chan (chan acceptResponse)),
closeCh: make(chan int),
doneCh: make(chan int),
firstHandle: h,
path: path,
config: *c,
acceptCh: make(chan (chan acceptResponse)),
closeCh: make(chan int),
doneCh: make(chan int),
}
go l.listenerRoutine()
return l, nil

235
vendor/github.com/Microsoft/go-winio/pkg/guid/guid.go generated vendored Normal file
View File

@@ -0,0 +1,235 @@
// Package guid provides a GUID type. The backing structure for a GUID is
// identical to that used by the golang.org/x/sys/windows GUID type.
// There are two main binary encodings used for a GUID, the big-endian encoding,
// and the Windows (mixed-endian) encoding. See here for details:
// https://en.wikipedia.org/wiki/Universally_unique_identifier#Encoding
package guid
import (
"crypto/rand"
"crypto/sha1"
"encoding"
"encoding/binary"
"fmt"
"strconv"
"golang.org/x/sys/windows"
)
// Variant specifies which GUID variant (or "type") of the GUID. It determines
// how the entirety of the rest of the GUID is interpreted.
type Variant uint8
// The variants specified by RFC 4122.
const (
// VariantUnknown specifies a GUID variant which does not conform to one of
// the variant encodings specified in RFC 4122.
VariantUnknown Variant = iota
VariantNCS
VariantRFC4122
VariantMicrosoft
VariantFuture
)
// Version specifies how the bits in the GUID were generated. For instance, a
// version 4 GUID is randomly generated, and a version 5 is generated from the
// hash of an input string.
type Version uint8
var _ = (encoding.TextMarshaler)(GUID{})
var _ = (encoding.TextUnmarshaler)(&GUID{})
// GUID represents a GUID/UUID. It has the same structure as
// golang.org/x/sys/windows.GUID so that it can be used with functions expecting
// that type. It is defined as its own type so that stringification and
// marshaling can be supported. The representation matches that used by native
// Windows code.
type GUID windows.GUID
// NewV4 returns a new version 4 (pseudorandom) GUID, as defined by RFC 4122.
func NewV4() (GUID, error) {
var b [16]byte
if _, err := rand.Read(b[:]); err != nil {
return GUID{}, err
}
g := FromArray(b)
g.setVersion(4) // Version 4 means randomly generated.
g.setVariant(VariantRFC4122)
return g, nil
}
// NewV5 returns a new version 5 (generated from a string via SHA-1 hashing)
// GUID, as defined by RFC 4122. The RFC is unclear on the encoding of the name,
// and the sample code treats it as a series of bytes, so we do the same here.
//
// Some implementations, such as those found on Windows, treat the name as a
// big-endian UTF16 stream of bytes. If that is desired, the string can be
// encoded as such before being passed to this function.
func NewV5(namespace GUID, name []byte) (GUID, error) {
b := sha1.New()
namespaceBytes := namespace.ToArray()
b.Write(namespaceBytes[:])
b.Write(name)
a := [16]byte{}
copy(a[:], b.Sum(nil))
g := FromArray(a)
g.setVersion(5) // Version 5 means generated from a string.
g.setVariant(VariantRFC4122)
return g, nil
}
func fromArray(b [16]byte, order binary.ByteOrder) GUID {
var g GUID
g.Data1 = order.Uint32(b[0:4])
g.Data2 = order.Uint16(b[4:6])
g.Data3 = order.Uint16(b[6:8])
copy(g.Data4[:], b[8:16])
return g
}
func (g GUID) toArray(order binary.ByteOrder) [16]byte {
b := [16]byte{}
order.PutUint32(b[0:4], g.Data1)
order.PutUint16(b[4:6], g.Data2)
order.PutUint16(b[6:8], g.Data3)
copy(b[8:16], g.Data4[:])
return b
}
// FromArray constructs a GUID from a big-endian encoding array of 16 bytes.
func FromArray(b [16]byte) GUID {
return fromArray(b, binary.BigEndian)
}
// ToArray returns an array of 16 bytes representing the GUID in big-endian
// encoding.
func (g GUID) ToArray() [16]byte {
return g.toArray(binary.BigEndian)
}
// FromWindowsArray constructs a GUID from a Windows encoding array of bytes.
func FromWindowsArray(b [16]byte) GUID {
return fromArray(b, binary.LittleEndian)
}
// ToWindowsArray returns an array of 16 bytes representing the GUID in Windows
// encoding.
func (g GUID) ToWindowsArray() [16]byte {
return g.toArray(binary.LittleEndian)
}
func (g GUID) String() string {
return fmt.Sprintf(
"%08x-%04x-%04x-%04x-%012x",
g.Data1,
g.Data2,
g.Data3,
g.Data4[:2],
g.Data4[2:])
}
// FromString parses a string containing a GUID and returns the GUID. The only
// format currently supported is the `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
// format.
func FromString(s string) (GUID, error) {
if len(s) != 36 {
return GUID{}, fmt.Errorf("invalid GUID %q", s)
}
if s[8] != '-' || s[13] != '-' || s[18] != '-' || s[23] != '-' {
return GUID{}, fmt.Errorf("invalid GUID %q", s)
}
var g GUID
data1, err := strconv.ParseUint(s[0:8], 16, 32)
if err != nil {
return GUID{}, fmt.Errorf("invalid GUID %q", s)
}
g.Data1 = uint32(data1)
data2, err := strconv.ParseUint(s[9:13], 16, 16)
if err != nil {
return GUID{}, fmt.Errorf("invalid GUID %q", s)
}
g.Data2 = uint16(data2)
data3, err := strconv.ParseUint(s[14:18], 16, 16)
if err != nil {
return GUID{}, fmt.Errorf("invalid GUID %q", s)
}
g.Data3 = uint16(data3)
for i, x := range []int{19, 21, 24, 26, 28, 30, 32, 34} {
v, err := strconv.ParseUint(s[x:x+2], 16, 8)
if err != nil {
return GUID{}, fmt.Errorf("invalid GUID %q", s)
}
g.Data4[i] = uint8(v)
}
return g, nil
}
func (g *GUID) setVariant(v Variant) {
d := g.Data4[0]
switch v {
case VariantNCS:
d = (d & 0x7f)
case VariantRFC4122:
d = (d & 0x3f) | 0x80
case VariantMicrosoft:
d = (d & 0x1f) | 0xc0
case VariantFuture:
d = (d & 0x0f) | 0xe0
case VariantUnknown:
fallthrough
default:
panic(fmt.Sprintf("invalid variant: %d", v))
}
g.Data4[0] = d
}
// Variant returns the GUID variant, as defined in RFC 4122.
func (g GUID) Variant() Variant {
b := g.Data4[0]
if b&0x80 == 0 {
return VariantNCS
} else if b&0xc0 == 0x80 {
return VariantRFC4122
} else if b&0xe0 == 0xc0 {
return VariantMicrosoft
} else if b&0xe0 == 0xe0 {
return VariantFuture
}
return VariantUnknown
}
func (g *GUID) setVersion(v Version) {
g.Data3 = (g.Data3 & 0x0fff) | (uint16(v) << 12)
}
// Version returns the GUID version, as defined in RFC 4122.
func (g GUID) Version() Version {
return Version((g.Data3 & 0xF000) >> 12)
}
// MarshalText returns the textual representation of the GUID.
func (g GUID) MarshalText() ([]byte, error) {
return []byte(g.String()), nil
}
// UnmarshalText takes the textual representation of a GUID, and unmarhals it
// into this GUID.
func (g *GUID) UnmarshalText(text []byte) error {
g2, err := FromString(string(text))
if err != nil {
return err
}
*g = g2
return nil
}

2
vendor/github.com/Microsoft/go-winio/syscall.go generated vendored
View File

@@ -1,3 +1,3 @@
package winio
//go:generate go run $GOROOT/src/syscall/mksyscall_windows.go -output zsyscall_windows.go file.go pipe.go sd.go fileinfo.go privilege.go backup.go
//go:generate go run $GOROOT/src/syscall/mksyscall_windows.go -output zsyscall_windows.go file.go pipe.go sd.go fileinfo.go privilege.go backup.go hvsock.go

88
vendor/github.com/Microsoft/go-winio/zsyscall_windows.go generated vendored
View File

@@ -1,4 +1,4 @@
// MACHINE GENERATED BY 'go generate' COMMAND; DO NOT EDIT
// Code generated by 'go generate'; DO NOT EDIT.
package winio
@@ -38,19 +38,25 @@ func errnoErr(e syscall.Errno) error {
var (
modkernel32 = windows.NewLazySystemDLL("kernel32.dll")
modws2_32 = windows.NewLazySystemDLL("ws2_32.dll")
modntdll = windows.NewLazySystemDLL("ntdll.dll")
modadvapi32 = windows.NewLazySystemDLL("advapi32.dll")
procCancelIoEx = modkernel32.NewProc("CancelIoEx")
procCreateIoCompletionPort = modkernel32.NewProc("CreateIoCompletionPort")
procGetQueuedCompletionStatus = modkernel32.NewProc("GetQueuedCompletionStatus")
procSetFileCompletionNotificationModes = modkernel32.NewProc("SetFileCompletionNotificationModes")
procWSAGetOverlappedResult = modws2_32.NewProc("WSAGetOverlappedResult")
procConnectNamedPipe = modkernel32.NewProc("ConnectNamedPipe")
procCreateNamedPipeW = modkernel32.NewProc("CreateNamedPipeW")
procCreateFileW = modkernel32.NewProc("CreateFileW")
procWaitNamedPipeW = modkernel32.NewProc("WaitNamedPipeW")
procGetNamedPipeInfo = modkernel32.NewProc("GetNamedPipeInfo")
procGetNamedPipeHandleStateW = modkernel32.NewProc("GetNamedPipeHandleStateW")
procLocalAlloc = modkernel32.NewProc("LocalAlloc")
procNtCreateNamedPipeFile = modntdll.NewProc("NtCreateNamedPipeFile")
procRtlNtStatusToDosErrorNoTeb = modntdll.NewProc("RtlNtStatusToDosErrorNoTeb")
procRtlDosPathNameToNtPathName_U = modntdll.NewProc("RtlDosPathNameToNtPathName_U")
procRtlDefaultNpAcl = modntdll.NewProc("RtlDefaultNpAcl")
procLookupAccountNameW = modadvapi32.NewProc("LookupAccountNameW")
procConvertSidToStringSidW = modadvapi32.NewProc("ConvertSidToStringSidW")
procConvertStringSecurityDescriptorToSecurityDescriptorW = modadvapi32.NewProc("ConvertStringSecurityDescriptorToSecurityDescriptorW")
@@ -69,6 +75,7 @@ var (
procLookupPrivilegeDisplayNameW = modadvapi32.NewProc("LookupPrivilegeDisplayNameW")
procBackupRead = modkernel32.NewProc("BackupRead")
procBackupWrite = modkernel32.NewProc("BackupWrite")
procbind = modws2_32.NewProc("bind")
)
func cancelIoEx(file syscall.Handle, o *syscall.Overlapped) (err error) {
@@ -120,6 +127,24 @@ func setFileCompletionNotificationModes(h syscall.Handle, flags uint8) (err erro
return
}
func wsaGetOverlappedResult(h syscall.Handle, o *syscall.Overlapped, bytes *uint32, wait bool, flags *uint32) (err error) {
var _p0 uint32
if wait {
_p0 = 1
} else {
_p0 = 0
}
r1, _, e1 := syscall.Syscall6(procWSAGetOverlappedResult.Addr(), 5, uintptr(h), uintptr(unsafe.Pointer(o)), uintptr(unsafe.Pointer(bytes)), uintptr(_p0), uintptr(unsafe.Pointer(flags)), 0)
if r1 == 0 {
if e1 != 0 {
err = errnoErr(e1)
} else {
err = syscall.EINVAL
}
}
return
}
func connectNamedPipe(pipe syscall.Handle, o *syscall.Overlapped) (err error) {
r1, _, e1 := syscall.Syscall(procConnectNamedPipe.Addr(), 2, uintptr(pipe), uintptr(unsafe.Pointer(o)), 0)
if r1 == 0 {
@@ -176,27 +201,6 @@ func _createFile(name *uint16, access uint32, mode uint32, sa *syscall.SecurityA
return
}
func waitNamedPipe(name string, timeout uint32) (err error) {
var _p0 *uint16
_p0, err = syscall.UTF16PtrFromString(name)
if err != nil {
return
}
return _waitNamedPipe(_p0, timeout)
}
func _waitNamedPipe(name *uint16, timeout uint32) (err error) {
r1, _, e1 := syscall.Syscall(procWaitNamedPipeW.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(timeout), 0)
if r1 == 0 {
if e1 != 0 {
err = errnoErr(e1)
} else {
err = syscall.EINVAL
}
}
return
}
func getNamedPipeInfo(pipe syscall.Handle, flags *uint32, outSize *uint32, inSize *uint32, maxInstances *uint32) (err error) {
r1, _, e1 := syscall.Syscall6(procGetNamedPipeInfo.Addr(), 5, uintptr(pipe), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(outSize)), uintptr(unsafe.Pointer(inSize)), uintptr(unsafe.Pointer(maxInstances)), 0)
if r1 == 0 {
@@ -227,6 +231,32 @@ func localAlloc(uFlags uint32, length uint32) (ptr uintptr) {
return
}
func ntCreateNamedPipeFile(pipe *syscall.Handle, access uint32, oa *objectAttributes, iosb *ioStatusBlock, share uint32, disposition uint32, options uint32, typ uint32, readMode uint32, completionMode uint32, maxInstances uint32, inboundQuota uint32, outputQuota uint32, timeout *int64) (status ntstatus) {
r0, _, _ := syscall.Syscall15(procNtCreateNamedPipeFile.Addr(), 14, uintptr(unsafe.Pointer(pipe)), uintptr(access), uintptr(unsafe.Pointer(oa)), uintptr(unsafe.Pointer(iosb)), uintptr(share), uintptr(disposition), uintptr(options), uintptr(typ), uintptr(readMode), uintptr(completionMode), uintptr(maxInstances), uintptr(inboundQuota), uintptr(outputQuota), uintptr(unsafe.Pointer(timeout)), 0)
status = ntstatus(r0)
return
}
func rtlNtStatusToDosError(status ntstatus) (winerr error) {
r0, _, _ := syscall.Syscall(procRtlNtStatusToDosErrorNoTeb.Addr(), 1, uintptr(status), 0, 0)
if r0 != 0 {
winerr = syscall.Errno(r0)
}
return
}
func rtlDosPathNameToNtPathName(name *uint16, ntName *unicodeString, filePart uintptr, reserved uintptr) (status ntstatus) {
r0, _, _ := syscall.Syscall6(procRtlDosPathNameToNtPathName_U.Addr(), 4, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(ntName)), uintptr(filePart), uintptr(reserved), 0, 0)
status = ntstatus(r0)
return
}
func rtlDefaultNpAcl(dacl *uintptr) (status ntstatus) {
r0, _, _ := syscall.Syscall(procRtlDefaultNpAcl.Addr(), 1, uintptr(unsafe.Pointer(dacl)), 0, 0)
status = ntstatus(r0)
return
}
func lookupAccountName(systemName *uint16, accountName string, sid *byte, sidSize *uint32, refDomain *uint16, refDomainSize *uint32, sidNameUse *uint32) (err error) {
var _p0 *uint16
_p0, err = syscall.UTF16PtrFromString(accountName)
@@ -518,3 +548,15 @@ func backupWrite(h syscall.Handle, b []byte, bytesWritten *uint32, abort bool, p
}
return
}
func bind(s syscall.Handle, name unsafe.Pointer, namelen int32) (err error) {
r1, _, e1 := syscall.Syscall(procbind.Addr(), 3, uintptr(s), uintptr(name), uintptr(namelen))
if r1 == socketError {
if e1 != 0 {
err = errnoErr(e1)
} else {
err = syscall.EINVAL
}
}
return
}

7
vendor/github.com/aktau/github-release/.gitignore generated vendored Normal file
View File

@@ -0,0 +1,7 @@
/github-release
/go-app
*.exe
/bin
/var/cache

10
vendor/github.com/aktau/github-release/CONTRIBUTING.md generated vendored Normal file
View File

@@ -0,0 +1,10 @@
## Releasing new versions
1) Bump the version in github/version.go
2) Add a commit with message "github-release v1.2.3"
3) Run `git tag v1.2.3` where "1.2.3" stands in for the version you actually
want.
4) Run `make release`. Be sure to have `GITHUB_TOKEN` set in your environment.

89
vendor/github.com/aktau/github-release/Gopkg.lock generated vendored Normal file
View File

@@ -0,0 +1,89 @@
# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
[[projects]]
digest = "1:6f9339c912bbdda81302633ad7e99a28dfa5a639c864061f1929510a9a64aa74"
name = "github.com/dustin/go-humanize"
packages = ["."]
pruneopts = "UT"
revision = "9f541cc9db5d55bce703bd99987c9d5cb8eea45e"
version = "v1.0.0"
[[projects]]
digest = "1:586ea76dbd0374d6fb649a91d70d652b7fe0ccffb8910a77468e7702e7901f3d"
name = "github.com/go-stack/stack"
packages = ["."]
pruneopts = "UT"
revision = "2fee6af1a9795aafbe0253a0cfbdf668e1fb8a9a"
version = "v1.8.0"
[[projects]]
digest = "1:5c56664d98f37f0ee54bf572b0b189a3910c34c31052fc7d58b282c449b079fb"
name = "github.com/inconshreveable/log15"
packages = ["."]
pruneopts = "UT"
revision = "b30bc20e4fd12cec79a9aae62e91cfcf458bd253"
version = "v2.15"
[[projects]]
digest = "1:de0adde670b2119824a1252b61a0e989669f8b24af874e399bec0e0538b2f928"
name = "github.com/kevinburke/rest"
packages = ["."]
pruneopts = "UT"
revision = "0d2892b400f81cdfb979e2f718e6070fae17a507"
version = "2.2"
[[projects]]
digest = "1:0109cf4321a15313ec895f42e723e1f76121c6975ea006abfa20012272ec0937"
name = "github.com/mattn/go-colorable"
packages = ["."]
pruneopts = "UT"
revision = "68e95eba382c972aafde02ead2cd2426a8a92480"
version = "v0.1.6"
[[projects]]
digest = "1:0c58d31abe2a2ccb429c559b6292e7df89dcda675456fecc282fa90aa08273eb"
name = "github.com/mattn/go-isatty"
packages = ["."]
pruneopts = "UT"
revision = "7b513a986450394f7bbf1476909911b3aa3a55ce"
version = "v0.0.12"
[[projects]]
branch = "master"
digest = "1:f2dda646a25cf3b9f6f6931d86ef0b85b64979697e5833cdcbc0c23f2586d996"
name = "github.com/tomnomnom/linkheader"
packages = ["."]
pruneopts = "UT"
revision = "02ca5825eb8097f10d9cc53da78481a85ad84e04"
[[projects]]
digest = "1:d1d1683ae67edaebf7e51151f934943bf2f53b71260818d843ab7233aa145533"
name = "github.com/voxelbrain/goptions"
packages = ["."]
pruneopts = "UT"
revision = "26cb8b04692384f4dc269de3b5fcf3e2ef78573e"
version = "2.5.11"
[[projects]]
branch = "master"
digest = "1:8cab10971112233c82c83683a517378038eba1c20e71b29c592b73fa212437b3"
name = "golang.org/x/sys"
packages = [
"internal/unsafeheader",
"unix",
]
pruneopts = "UT"
revision = "bc7a7d42d5c30f4d0fe808715c002826ce2c624e"
[solve-meta]
analyzer-name = "dep"
analyzer-version = 1
input-imports = [
"github.com/dustin/go-humanize",
"github.com/kevinburke/rest",
"github.com/tomnomnom/linkheader",
"github.com/voxelbrain/goptions",
]
solver-name = "gps-cdcl"
solver-version = 1

24
vendor/github.com/aktau/github-release/Gopkg.toml generated vendored Normal file
View File

@@ -0,0 +1,24 @@
# Gopkg.toml example
#
# Refer to https://golang.github.io/dep/docs/Gopkg.toml.html
# for detailed Gopkg.toml documentation.
[[constraint]]
name = "github.com/dustin/go-humanize"
version = "1.0.0"
[[constraint]]
name = "github.com/kevinburke/rest"
version = "2.2.0"
[[constraint]]
name = "github.com/tomnomnom/linkheader"
branch = "master"
[[constraint]]
name = "github.com/voxelbrain/goptions"
version = "2.5.11"
[prune]
go-tests = true
unused-packages = true

21
vendor/github.com/aktau/github-release/LICENSE generated vendored Normal file
View File

@@ -0,0 +1,21 @@
The MIT License (MIT)
Copyright (c) 2014-2017 Nicolas Hillegeer
Copyright (c) 2020 Meter, Inc.
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

97
vendor/github.com/aktau/github-release/Makefile generated vendored Normal file
View File

@@ -0,0 +1,97 @@
SHELL=/bin/bash -o pipefail
LAST_TAG := $(shell git describe --abbrev=0 --tags)
USER := github-release
EXECUTABLE := github-release
# only include the amd64 binaries, otherwise the github release will become
# too big
UNIX_EXECUTABLES := \
darwin/amd64/$(EXECUTABLE) \
freebsd/amd64/$(EXECUTABLE) \
linux/amd64/$(EXECUTABLE)
WIN_EXECUTABLES := \
windows/amd64/$(EXECUTABLE).exe
COMPRESSED_EXECUTABLES=$(UNIX_EXECUTABLES:%=%.bz2) $(WIN_EXECUTABLES:%.exe=%.zip)
COMPRESSED_EXECUTABLE_TARGETS=$(COMPRESSED_EXECUTABLES:%=bin/%)
UPLOAD_CMD = bin/tmp/$(EXECUTABLE) upload -u $(USER) -r $(EXECUTABLE) -t $(LAST_TAG) -n $(subst /,-,$(FILE)) -f bin/$(FILE)
all: $(EXECUTABLE)
# the executable used to perform the upload, dogfooding and all...
bin/tmp/$(EXECUTABLE):
go build -v -o "$@"
# arm
bin/linux/arm/5/$(EXECUTABLE):
GOARM=5 GOARCH=arm GOOS=linux go build -o "$@"
bin/linux/arm/7/$(EXECUTABLE):
GOARM=7 GOARCH=arm GOOS=linux go build -o "$@"
# 386
bin/darwin/386/$(EXECUTABLE):
GOARCH=386 GOOS=darwin go build -o "$@"
bin/linux/386/$(EXECUTABLE):
GOARCH=386 GOOS=linux go build -o "$@"
bin/windows/386/$(EXECUTABLE):
GOARCH=386 GOOS=windows go build -o "$@"
# amd64
bin/freebsd/amd64/$(EXECUTABLE):
GOARCH=amd64 GOOS=freebsd go build -o "$@"
bin/darwin/amd64/$(EXECUTABLE):
GOARCH=amd64 GOOS=darwin go build -o "$@"
bin/linux/amd64/$(EXECUTABLE):
GOARCH=amd64 GOOS=linux go build -o "$@"
bin/windows/amd64/$(EXECUTABLE).exe:
GOARCH=amd64 GOOS=windows go build -o "$@"
# compressed artifacts, makes a huge difference (Go executable is ~9MB,
# after compressing ~2MB)
%.bz2: %
bzip2 --keep "$<"
%.zip: %.exe
zip "$@" "$<"
# git tag -a v$(RELEASE) -m 'release $(RELEASE)'
release: clean
ifndef GITHUB_TOKEN
@echo "Please set GITHUB_TOKEN in the environment to perform a release"
exit 1
endif
docker run --rm --volume $(PWD)/var/cache:/root/.cache/go-build \
--env GITHUB_TOKEN=$(GITHUB_TOKEN) \
--volume "$(PWD)":/go/src/github.com/github-release/github-release \
--workdir /go/src/github.com/github-release/github-release \
meterup/ubuntu-golang:latest \
./release \
"$(MAKE) bin/tmp/$(EXECUTABLE) $(COMPRESSED_EXECUTABLE_TARGETS) && \
git log --format=%B $(LAST_TAG) -1 | \
bin/tmp/$(EXECUTABLE) release -u $(USER) -r $(EXECUTABLE) \
-t $(LAST_TAG) -n $(LAST_TAG) -d - || true && \
$(foreach FILE,$(COMPRESSED_EXECUTABLES),$(UPLOAD_CMD);)"
# install and/or update all dependencies, run this from the project directory
# go get -u ./...
# go test -i ./
dep:
go list -f '{{join .Deps "\n"}}' | xargs go list -e -f '{{if not .Standard}}{{.ImportPath}}{{end}}' | xargs go get -u
$(EXECUTABLE): dep
go build -o "$@"
install:
go install
clean:
rm go-app || true
rm $(EXECUTABLE) || true
rm -rf bin/
test:
go test ./...
.PHONY: clean release dep install

131
vendor/github.com/aktau/github-release/README.md generated vendored Normal file
View File

@@ -0,0 +1,131 @@
github-release
==============
A small commandline app written in Go that allows you to easily create
and delete releases of your projects on Github. In addition it allows
you to attach files to those releases.
It interacts with the [github releases API][releases-api]. Though it's entirely
possible to [do all these things with cURL][curl], it's not really that
user-friendly. For example, you need to first query the API to find the id of
the release you want, before you can upload an artifact. `github-release` takes
care of those little details.
[curl]: https://github.com/blog/1645-releases-api-preview
[releases-api]: https://developer.github.com/v3/repos/releases
It might still be a bit rough around the edges, pull requests are
welcome!
How to install
==============
If you don't have the Go toolset installed, and you don't want to, but
still want to use the app, you can download binaries for your platform
on the [releases
page](https://github.com/github-release/github-release/releases/latest). Yes, that's
dogfooding, check the makefile!
If you have Go installed, you can just do:
```sh
go get github.com/github-release/github-release
```
This will automatically download, compile and install the app.
After that you should have a `github-release` executable in your
`$GOPATH/bin`.
How to use
==========
**NOTE**: for these examples I've [created a github token][token] and set it as
the env variable `GITHUB_TOKEN`. `github-release` will automatically pick it up
from the environment so that you don't have to pass it as an argument.
[token]: https://help.github.com/articles/creating-an-access-token-for-command-line-use
```sh
# set your token
export GITHUB_TOKEN=...
# check the help
$ github-release --help
# make your tag and upload
$ git tag ... && git push --tags
# check the current tags and existing releases of the repo
$ github-release info -u aktau -r gofinance
git tags:
- v0.1.0 (commit: https://api.github.com/repos/aktau/gofinance/commits/f562727ce83ce8971a8569a1879219e41d56a756)
releases:
- v0.1.0, name: 'hoary ungar', description: 'something something dark side 2', id: 166740, tagged: 29/01/2014 at 14:27, published: 30/01/2014 at 16:20, draft: ✔, prerelease: ✗
- artifact: github.go, downloads: 0, state: uploaded, type: application/octet-stream, size: 1.9KB, id: 68616
# create a formal release
$ github-release release \
--user aktau \
--repo gofinance \
--tag v0.1.0 \
--name "the wolf of source street" \
--description "Not a movie, contrary to popular opinion. Still, my first release!" \
--pre-release
# you've made a mistake, but you can edit the release without
# having to delete it first (this also means you can edit without having
# to upload your files again)
$ github-release edit \
--user aktau \
--repo gofinance \
--tag v0.1.0 \
--name "Highlander II: The Quickening" \
--description "This is the actual description!"
# upload a file, for example the OSX/AMD64 binary of my gofinance app
$ github-release upload \
--user aktau \
--repo gofinance \
--tag v0.1.0 \
--name "gofinance-osx-amd64" \
--file bin/darwin/amd64/gofinance
# upload other files...
$ github-release upload ...
# you're not happy with it, so delete it
$ github-release delete \
--user aktau \
--repo gofinance \
--tag v0.1.0
```
GitHub Enterprise Support
=========================
You can point to a different GitHub API endpoint via the environment variable ```GITHUB_API```:
```
export GITHUB_API=http://github.company.com/api/v3
```
Used libraries
==============
| Package | Description | License |
| ------------------------------------------------------------------------ | ------------------- | ------- |
| [github.com/dustin/go-humanize](https://github.com/dustin/go-humanize) | humanize file sizes | MIT |
| [github.com/tomnomnom/linkheader](https://github.com/tomnomnom/linkheader) | GH API pagination | MIT |
| [github.com/voxelbrain/goptions](https://github.com/voxelbrain/goptions) | option parsing | BSD |
| [github.com/kevinburke/rest](https://github.com/kevinburke/rest) | HTTP client | MIT |
Todo
====
- Check if an artifact is already uploaded before starting a new upload
Copyright
=========
Copyright (c) 2014-2017, Nicolas Hillegeer. All rights reserved.
Copyright (c) 2020, Meter, Inc. All rights reserved.

58
vendor/github.com/aktau/github-release/assets.go generated vendored Normal file
View File

@@ -0,0 +1,58 @@
package main
import (
"fmt"
"net/http"
"time"
"github.com/github-release/github-release/github"
)
const (
// GET /repos/:owner/:repo/releases/assets/:id
// DELETE /repos/:owner/:repo/releases/assets/:id
ASSET_URI = "/repos/%s/%s/releases/assets/%d"
// API: https://developer.github.com/v3/repos/releases/#list-assets-for-a-release
// GET /repos/:owner/:repo/releases/:id/assets
ASSET_RELEASE_LIST_URI = "/repos/%s/%s/releases/%d/assets"
)
type Asset struct {
Url string `json:"url"`
Id int `json:"id"`
Name string `json:"name"`
ContentType string `json:"content_type"`
State string `json:"state"`
Size uint64 `json:"size"`
Downloads uint64 `json:"download_count"`
Created time.Time `json:"created_at"`
Published time.Time `json:"published_at"`
}
// findAsset returns the asset if an asset with name can be found in assets,
// otherwise returns nil.
func findAsset(assets []Asset, name string) *Asset {
for _, asset := range assets {
if asset.Name == name {
return &asset
}
}
return nil
}
// Delete sends a HTTP DELETE request for the given asset to Github. Returns
// nil if the asset was deleted OR there was nothing to delete.
func (a *Asset) Delete(user, repo, token string) error {
URL := nvls(EnvApiEndpoint, github.DefaultBaseURL) +
fmt.Sprintf(ASSET_URI, user, repo, a.Id)
resp, err := github.DoAuthRequest("DELETE", URL, "application/json", token, nil, nil)
if err != nil {
return fmt.Errorf("failed to delete asset %s (ID: %d), HTTP error: %b", a.Name, a.Id, err)
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusNoContent {
return fmt.Errorf("failed to delete asset %s (ID: %d), status: %s", a.Name, a.Id, resp.Status)
}
return nil
}

489
vendor/github.com/aktau/github-release/cmd.go generated vendored Normal file
View File

@@ -0,0 +1,489 @@
package main
import (
"bytes"
"encoding/json"
"fmt"
"io"
"io/ioutil"
"net/http"
"net/url"
"os"
"strconv"
"github.com/github-release/github-release/github"
)
func infocmd(opt Options) error {
user := nvls(opt.Info.User, EnvUser)
authUser := nvls(opt.Info.AuthUser, EnvAuthUser)
repo := nvls(opt.Info.Repo, EnvRepo)
token := nvls(opt.Info.Token, EnvToken)
tag := opt.Info.Tag
if user == "" || repo == "" {
return fmt.Errorf("user and repo need to be passed as arguments")
}
// Find regular git tags.
foundTags, err := Tags(user, repo, authUser, token)
if err != nil {
return fmt.Errorf("could not fetch tags, %v", err)
}
if len(foundTags) == 0 {
return fmt.Errorf("no tags available for %v/%v", user, repo)
}
tags := foundTags[:0]
for _, t := range foundTags {
// If the user only requested one tag, filter out the rest.
if tag == "" || t.Name == tag {
tags = append(tags, t)
}
}
renderer := renderInfoText
if opt.Info.JSON {
renderer = renderInfoJSON
}
// List releases + assets.
var releases []Release
if tag == "" {
// Get all releases.
vprintf("%v/%v: getting information for all releases\n", user, repo)
releases, err = Releases(user, repo, authUser, token)
if err != nil {
return err
}
} else {
// Get only one release.
vprintf("%v/%v/%v: getting information for the release\n", user, repo, tag)
release, err := ReleaseOfTag(user, repo, tag, authUser, token)
if err != nil {
return err
}
releases = []Release{*release}
}
return renderer(tags, releases)
}
func renderInfoText(tags []Tag, releases []Release) error {
fmt.Println("tags:")
for _, tag := range tags {
fmt.Println("-", &tag)
}
fmt.Println("releases:")
for _, release := range releases {
fmt.Println("-", &release)
}
return nil
}
func renderInfoJSON(tags []Tag, releases []Release) error {
out := struct {
Tags []Tag
Releases []Release
}{
Tags: tags,
Releases: releases,
}
enc := json.NewEncoder(os.Stdout)
enc.SetIndent("", " ")
return enc.Encode(&out)
}
func uploadcmd(opt Options) error {
user := nvls(opt.Upload.User, EnvUser)
authUser := nvls(opt.Upload.AuthUser, EnvAuthUser)
repo := nvls(opt.Upload.Repo, EnvRepo)
token := nvls(opt.Upload.Token, EnvToken)
tag := opt.Upload.Tag
name := opt.Upload.Name
label := opt.Upload.Label
file := opt.Upload.File
vprintln("uploading...")
if file == nil {
return fmt.Errorf("provided file was not valid")
}
defer file.Close()
if err := ValidateCredentials(user, repo, token, tag); err != nil {
return err
}
// Find the release corresponding to the entered tag, if any.
rel, err := ReleaseOfTag(user, repo, tag, authUser, token)
if err != nil {
return err
}
// If the user has attempted to upload this asset before, someone could
// expect it to be present in the release struct (rel.Assets). However,
// we have to separately ask for the specific assets of this release.
// Reason: the assets in the Release struct do not contain incomplete
// uploads (which regrettably happen often using the Github API). See
// issue #26.
var assets []Asset
client := github.NewClient(authUser, token, nil)
client.SetBaseURL(EnvApiEndpoint)
err = client.Get(fmt.Sprintf(ASSET_RELEASE_LIST_URI, user, repo, rel.Id), &assets)
if err != nil {
return err
}
// Incomplete (failed) uploads will have their state set to new. These
// assets are (AFAIK) useless in all cases. The only thing they will do
// is prevent the upload of another asset of the same name. To work
// around this GH API weirdness, let's just delete assets if:
//
// 1. Their state is new.
// 2. The user explicitly asked to delete/replace the asset with -R.
if asset := findAsset(assets, name); asset != nil &&
(asset.State == "new" || opt.Upload.Replace) {
vprintf("asset (id: %d) already existed in state %s: removing...\n", asset.Id, asset.Name)
if err := asset.Delete(user, repo, token); err != nil {
return fmt.Errorf("could not replace asset: %v", err)
}
}
v := url.Values{}
v.Set("name", name)
if label != "" {
v.Set("label", label)
}
url := rel.CleanUploadUrl() + "?" + v.Encode()
resp, err := github.DoAuthRequest("POST", url, "application/octet-stream",
token, nil, file)
if err != nil {
return fmt.Errorf("can't create upload request to %v, %v", url, err)
}
defer resp.Body.Close()
vprintln("RESPONSE:", resp)
var r io.Reader = resp.Body
if VERBOSITY != 0 {
r = io.TeeReader(r, os.Stderr)
}
var asset *Asset
// For HTTP status 201 and 502, Github will return a JSON encoding of
// the (partially) created asset.
if resp.StatusCode == http.StatusBadGateway || resp.StatusCode == http.StatusCreated {
vprintf("ASSET: ")
asset = new(Asset)
if err := json.NewDecoder(r).Decode(&asset); err != nil {
return fmt.Errorf("upload failed (%s), could not unmarshal asset (err: %v)", resp.Status, err)
}
} else {
vprintf("BODY: ")
if msg, err := ToMessage(r); err == nil {
return fmt.Errorf("could not upload, status code (%s), %v",
resp.Status, msg)
}
return fmt.Errorf("could not upload, status code (%s)", resp.Status)
}
if resp.StatusCode == http.StatusBadGateway {
// 502 means the upload failed, but GitHub still retains metadata
// (an asset in state "new"). Attempt to delete that now since it
// would clutter the list of release assets.
vprintf("asset (id: %d) failed to upload, it's now in state %s: removing...\n", asset.Id, asset.Name)
if err := asset.Delete(user, repo, token); err != nil {
return fmt.Errorf("upload failed (%s), could not delete partially uploaded asset (ID: %d, err: %v) in order to cleanly reset GH API state, please try again", resp.Status, asset.Id, err)
}
return fmt.Errorf("could not upload, status code (%s)", resp.Status)
}
return nil
}
func downloadcmd(opt Options) error {
user := nvls(opt.Download.User, EnvUser)
authUser := nvls(opt.Download.AuthUser, EnvAuthUser)
repo := nvls(opt.Download.Repo, EnvRepo)
token := nvls(opt.Download.Token, EnvToken)
tag := opt.Download.Tag
name := opt.Download.Name
latest := opt.Download.Latest
vprintln("downloading...")
if err := ValidateTarget(user, repo, tag, latest); err != nil {
return err
}
// Find the release corresponding to the entered tag, if any.
var rel *Release
var err error
if latest {
rel, err = LatestRelease(user, repo, authUser, token)
} else {
rel, err = ReleaseOfTag(user, repo, tag, authUser, token)
}
if err != nil {
return err
}
asset := findAsset(rel.Assets, name)
if asset == nil {
return fmt.Errorf("coud not find asset named %s", name)
}
var resp *http.Response
if token == "" {
// Use the regular github.com site if we don't have a token.
resp, err = http.Get("https://github.com" + fmt.Sprintf("/%s/%s/releases/download/%s/%s", user, repo, tag, name))
} else {
url := nvls(EnvApiEndpoint, github.DefaultBaseURL) + fmt.Sprintf(ASSET_URI, user, repo, asset.Id)
resp, err = github.DoAuthRequest("GET", url, "", token, map[string]string{
"Accept": "application/octet-stream",
}, nil)
}
if err != nil {
return fmt.Errorf("could not fetch releases, %v", err)
}
defer resp.Body.Close()
vprintln("GET", resp.Request.URL, "->", resp)
contentLength, err := strconv.ParseInt(resp.Header.Get("Content-Length"), 10, 64)
if err != nil {
return err
}
if resp.StatusCode != http.StatusOK {
return fmt.Errorf("github did not respond with 200 OK but with %v", resp.Status)
}
out := os.Stdout // Pipe the asset to stdout by default.
if isCharDevice(out) {
// If stdout is a char device, assume it's a TTY (terminal). In this
// case, don't pipe th easset to stdout, but create it as a file in
// the current working folder.
if out, err = os.Create(name); err != nil {
return fmt.Errorf("could not create file %s", name)
}
defer out.Close()
}
return mustCopyN(out, resp.Body, contentLength)
}
// mustCopyN attempts to copy exactly N bytes, if this fails, an error is
// returned.
func mustCopyN(w io.Writer, r io.Reader, n int64) error {
an, err := io.Copy(w, r)
if an != n {
return fmt.Errorf("data did not match content length %d != %d", an, n)
}
return err
}
func ValidateTarget(user, repo, tag string, latest bool) error {
if user == "" {
return fmt.Errorf("empty user")
}
if repo == "" {
return fmt.Errorf("empty repo")
}
if tag == "" && !latest {
return fmt.Errorf("empty tag")
}
return nil
}
func ValidateCredentials(user, repo, token, tag string) error {
if err := ValidateTarget(user, repo, tag, false); err != nil {
return err
}
if token == "" {
return fmt.Errorf("empty token")
}
return nil
}
func releasecmd(opt Options) error {
cmdopt := opt.Release
user := nvls(cmdopt.User, EnvUser)
repo := nvls(cmdopt.Repo, EnvRepo)
token := nvls(cmdopt.Token, EnvToken)
tag := cmdopt.Tag
name := nvls(cmdopt.Name, tag)
desc := nvls(cmdopt.Desc, tag)
target := nvls(cmdopt.Target)
draft := cmdopt.Draft
prerelease := cmdopt.Prerelease
vprintln("releasing...")
if err := ValidateCredentials(user, repo, token, tag); err != nil {
return err
}
// Check if we need to read the description from stdin.
if desc == "-" {
b, err := ioutil.ReadAll(os.Stdin)
if err != nil {
return fmt.Errorf("could not read description from stdin: %v", err)
}
desc = string(b)
}
params := ReleaseCreate{
TagName: tag,
TargetCommitish: target,
Name: name,
Body: desc,
Draft: draft,
Prerelease: prerelease,
}
/* encode params as json */
payload, err := json.Marshal(params)
if err != nil {
return fmt.Errorf("can't encode release creation params, %v", err)
}
reader := bytes.NewReader(payload)
URL := nvls(EnvApiEndpoint, github.DefaultBaseURL) + fmt.Sprintf("/repos/%s/%s/releases", user, repo)
resp, err := github.DoAuthRequest("POST", URL, "application/json", token, nil, reader)
if err != nil {
return fmt.Errorf("while submitting %v, %v", string(payload), err)
}
defer resp.Body.Close()
vprintln("RESPONSE:", resp)
if resp.StatusCode != http.StatusCreated {
if resp.StatusCode == 422 {
return fmt.Errorf("github returned %v (this is probably because the release already exists)",
resp.Status)
}
return fmt.Errorf("github returned %v", resp.Status)
}
if VERBOSITY != 0 {
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
return fmt.Errorf("error while reading response, %v", err)
}
vprintln("BODY:", string(body))
}
return nil
}
func editcmd(opt Options) error {
cmdopt := opt.Edit
user := nvls(cmdopt.User, EnvUser)
authUser := nvls(cmdopt.AuthUser, EnvAuthUser)
repo := nvls(cmdopt.Repo, EnvRepo)
token := nvls(cmdopt.Token, EnvToken)
tag := cmdopt.Tag
name := nvls(cmdopt.Name, tag)
desc := nvls(cmdopt.Desc, tag)
draft := cmdopt.Draft
prerelease := cmdopt.Prerelease
vprintln("editing...")
if err := ValidateCredentials(user, repo, token, tag); err != nil {
return err
}
id, err := IdOfTag(user, repo, tag, authUser, token)
if err != nil {
return err
}
vprintf("release %v has id %v\n", tag, id)
// Check if we need to read the description from stdin.
if desc == "-" {
b, err := ioutil.ReadAll(os.Stdin)
if err != nil {
return fmt.Errorf("could not read description from stdin: %v", err)
}
desc = string(b)
}
/* the release create struct works for editing releases as well */
params := ReleaseCreate{
TagName: tag,
Name: name,
Body: desc,
Draft: draft,
Prerelease: prerelease,
}
/* encode the parameters as JSON, as required by the github API */
payload, err := json.Marshal(params)
if err != nil {
return fmt.Errorf("can't encode release creation params, %v", err)
}
URL := nvls(EnvApiEndpoint, github.DefaultBaseURL) + fmt.Sprintf("/repos/%s/%s/releases/%d", user, repo, id)
resp, err := github.DoAuthRequest("PATCH", URL, "application/json", token, nil, bytes.NewReader(payload))
if err != nil {
return fmt.Errorf("while submitting %v, %v", string(payload), err)
}
defer resp.Body.Close()
vprintln("RESPONSE:", resp)
if resp.StatusCode != http.StatusOK {
if resp.StatusCode == 422 {
return fmt.Errorf("github returned %v (this is probably because the release already exists)",
resp.Status)
}
return fmt.Errorf("github returned unexpected status code %v", resp.Status)
}
if VERBOSITY != 0 {
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
return fmt.Errorf("error while reading response, %v", err)
}
vprintln("BODY:", string(body))
}
return nil
}
func deletecmd(opt Options) error {
user, repo, token, tag := nvls(opt.Delete.User, EnvUser),
nvls(opt.Delete.Repo, EnvRepo),
nvls(opt.Delete.Token, EnvToken),
opt.Delete.Tag
authUser := nvls(opt.Delete.AuthUser, EnvAuthUser)
vprintln("deleting...")
id, err := IdOfTag(user, repo, tag, authUser, token)
if err != nil {
return err
}
vprintf("release %v has id %v\n", tag, id)
baseURL := nvls(EnvApiEndpoint, github.DefaultBaseURL)
resp, err := github.DoAuthRequest("DELETE", baseURL+fmt.Sprintf("/repos/%s/%s/releases/%d",
user, repo, id), "application/json", token, nil, nil)
if err != nil {
return fmt.Errorf("release deletion failed: %v", err)
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusNoContent {
return fmt.Errorf("could not delete the release corresponding to tag %s on repo %s/%s",
tag, user, repo)
}
return nil
}

6
vendor/github.com/aktau/github-release/commit.go generated vendored Normal file
View File

@@ -0,0 +1,6 @@
package main
type Commit struct {
Sha string `json:"sha"`
Url string `json:"url"`
}

42
vendor/github.com/aktau/github-release/error.go generated vendored Normal file
View File

@@ -0,0 +1,42 @@
package main
import (
"encoding/json"
"fmt"
"io"
"strings"
)
/* usually when something goes wrong, github sends something like this back */
type Message struct {
Message string `json:"message"`
Errors []GithubError `json:"errors"`
}
type GithubError struct {
Resource string `json:"resource"`
Code string `json:"code"`
Field string `json:"field"`
}
/* transforms a stream into a Message, if it's valid json */
func ToMessage(r io.Reader) (*Message, error) {
var msg Message
if err := json.NewDecoder(r).Decode(&msg); err != nil {
return nil, err
}
return &msg, nil
}
func (m *Message) String() string {
str := fmt.Sprintf("msg: %v, errors: ", m.Message)
errstr := make([]string, len(m.Errors))
for idx, err := range m.Errors {
errstr[idx] = fmt.Sprintf("[field: %v, code: %v]",
err.Field, err.Code)
}
return str + strings.Join(errstr, ", ")
}

143
vendor/github.com/aktau/github-release/github-release.go generated vendored Normal file
View File

@@ -0,0 +1,143 @@
package main
import (
"fmt"
"os"
"github.com/github-release/github-release/github"
"github.com/voxelbrain/goptions"
)
const GH_URL = "https://github.com"
type Options struct {
Help goptions.Help `goptions:"-h, --help, description='Show this help'"`
Verbosity []bool `goptions:"-v, --verbose, description='Be verbose'"`
Quiet bool `goptions:"-q, --quiet, description='Do not print anything, even errors (except if --verbose is specified)'"`
Version bool `goptions:"--version, description='Print version'"`
goptions.Verbs
Download struct {
Token string `goptions:"-s, --security-token, description='Github token ($GITHUB_TOKEN if set). required if repo is private.'"`
User string `goptions:"-u, --user, description='Github repo user or organisation (required if $GITHUB_USER not set)'"`
AuthUser string `goptions:"-a, --auth-user, description='Username for authenticating to the API (falls back to $GITHUB_AUTH_USER or $GITHUB_USER)'"`
Repo string `goptions:"-r, --repo, description='Github repo (required if $GITHUB_REPO not set)'"`
Latest bool `goptions:"-l, --latest, description='Download latest release (required if tag is not specified)',mutexgroup='input'"`
Tag string `goptions:"-t, --tag, description='Git tag to download from (required if latest is not specified)', mutexgroup='input',obligatory"`
Name string `goptions:"-n, --name, description='Name of the file', obligatory"`
} `goptions:"download"`
Upload struct {
Token string `goptions:"-s, --security-token, description='Github token (required if $GITHUB_TOKEN not set)'"`
User string `goptions:"-u, --user, description='Github repo user or organisation (required if $GITHUB_USER not set)'"`
AuthUser string `goptions:"-a, --auth-user, description='Username for authenticating to the API (falls back to $GITHUB_AUTH_USER or $GITHUB_USER)'"`
Repo string `goptions:"-r, --repo, description='Github repo (required if $GITHUB_REPO not set)'"`
Tag string `goptions:"-t, --tag, description='Git tag to upload to', obligatory"`
Name string `goptions:"-n, --name, description='Name of the file', obligatory"`
Label string `goptions:"-l, --label, description='Label (description) of the file'"`
File *os.File `goptions:"-f, --file, description='File to upload (use - for stdin)', rdonly, obligatory"`
Replace bool `goptions:"-R, --replace, description='Replace asset with same name if it already exists (WARNING: not atomic, failure to upload will remove the original asset too)'"`
} `goptions:"upload"`
Release struct {
Token string `goptions:"-s, --security-token, description='Github token (required if $GITHUB_TOKEN not set)'"`
User string `goptions:"-u, --user, description='Github repo user or organisation (required if $GITHUB_USER not set)'"`
Repo string `goptions:"-r, --repo, description='Github repo (required if $GITHUB_REPO not set)'"`
Tag string `goptions:"-t, --tag, obligatory, description='Git tag to create a release from'"`
Name string `goptions:"-n, --name, description='Name of the release (defaults to tag)'"`
Desc string `goptions:"-d, --description, description='Release description, use - for reading a description from stdin (defaults to tag)'"`
Target string `goptions:"-c, --target, description='Commit SHA or branch to create release of (defaults to the repository default branch)'"`
Draft bool `goptions:"--draft, description='The release is a draft'"`
Prerelease bool `goptions:"-p, --pre-release, description='The release is a pre-release'"`
} `goptions:"release"`
Edit struct {
Token string `goptions:"-s, --security-token, description='Github token (required if $GITHUB_TOKEN not set)'"`
User string `goptions:"-u, --user, description='Github repo user or organisation (required if $GITHUB_USER not set)'"`
AuthUser string `goptions:"-a, --auth-user, description='Username for authenticating to the API (falls back to $GITHUB_AUTH_USER or $GITHUB_USER)'"`
Repo string `goptions:"-r, --repo, description='Github repo (required if $GITHUB_REPO not set)'"`
Tag string `goptions:"-t, --tag, obligatory, description='Git tag to edit the release of'"`
Name string `goptions:"-n, --name, description='New name of the release (defaults to tag)'"`
Desc string `goptions:"-d, --description, description='New release description, use - for reading a description from stdin (defaults to tag)'"`
Draft bool `goptions:"--draft, description='The release is a draft'"`
Prerelease bool `goptions:"-p, --pre-release, description='The release is a pre-release'"`
} `goptions:"edit"`
Delete struct {
Token string `goptions:"-s, --security-token, description='Github token (required if $GITHUB_TOKEN not set)'"`
User string `goptions:"-u, --user, description='Github repo user or organisation (required if $GITHUB_USER not set)'"`
AuthUser string `goptions:"-a, --auth-user, description='Username for authenticating to the API (falls back to $GITHUB_AUTH_USER or $GITHUB_USER)'"`
Repo string `goptions:"-r, --repo, description='Github repo (required if $GITHUB_REPO not set)'"`
Tag string `goptions:"-t, --tag, obligatory, description='Git tag of release to delete'"`
} `goptions:"delete"`
Info struct {
Token string `goptions:"-s, --security-token, description='Github token ($GITHUB_TOKEN if set). required if repo is private.'"`
User string `goptions:"-u, --user, description='Github repo user or organisation (required if $GITHUB_USER not set)'"`
AuthUser string `goptions:"-a, --auth-user, description='Username for authenticating to the API (falls back to $GITHUB_AUTH_USER or $GITHUB_USER)'"`
Repo string `goptions:"-r, --repo, description='Github repo (required if $GITHUB_REPO not set)'"`
Tag string `goptions:"-t, --tag, description='Git tag to query (optional)'"`
JSON bool `goptions:"-j, --json, description='Emit info as JSON instead of text'"`
} `goptions:"info"`
}
type Command func(Options) error
var commands = map[goptions.Verbs]Command{
"download": downloadcmd,
"upload": uploadcmd,
"release": releasecmd,
"edit": editcmd,
"delete": deletecmd,
"info": infocmd,
}
var (
VERBOSITY = 0
)
var (
// The user whose token is being used to authenticate to the API. If unset,
// EnvUser is used.
EnvAuthUser string
EnvToken string
EnvUser string
EnvRepo string
EnvApiEndpoint string
)
func init() {
EnvToken = os.Getenv("GITHUB_TOKEN")
EnvUser = os.Getenv("GITHUB_USER")
EnvAuthUser = os.Getenv("GITHUB_AUTH_USER")
EnvRepo = os.Getenv("GITHUB_REPO")
EnvApiEndpoint = os.Getenv("GITHUB_API")
if EnvAuthUser == "" {
EnvAuthUser = EnvUser
}
}
func main() {
options := Options{}
goptions.ParseAndFail(&options)
if options.Version {
fmt.Printf("github-release v%s\n", github.VERSION)
return
}
if len(options.Verbs) == 0 {
goptions.PrintHelp()
return
}
VERBOSITY = len(options.Verbosity)
github.VERBOSITY = VERBOSITY
if cmd, found := commands[options.Verbs]; found {
err := cmd(options)
if err != nil {
if !options.Quiet {
fmt.Fprintln(os.Stderr, "error:", err)
}
os.Exit(1)
}
}
}

12
vendor/github.com/aktau/github-release/release generated vendored Normal file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
set -euo pipefail
main() {
apt-get update && apt-get install zip
git branch --set-upstream-to=origin/master release
set -x
exec /bin/bash -c "$@"
}
main "$@"

141
vendor/github.com/aktau/github-release/releases.go generated vendored Normal file
View File

@@ -0,0 +1,141 @@
package main
import (
"fmt"
"strings"
"time"
"github.com/github-release/github-release/github"
"github.com/dustin/go-humanize"
)
const (
RELEASE_LIST_URI = "/repos/%s/%s/releases"
RELEASE_LATEST_URI = "/repos/%s/%s/releases/latest"
RELEASE_DATE_FORMAT = "02/01/2006 at 15:04"
)
type Release struct {
Url string `json:"url"`
PageUrl string `json:"html_url"`
UploadUrl string `json:"upload_url"`
Id int `json:"id"`
Name string `json:"name"`
Description string `json:"body"`
TagName string `json:"tag_name"`
Draft bool `json:"draft"`
Prerelease bool `json:"prerelease"`
Created *time.Time `json:"created_at"`
Published *time.Time `json:"published_at"`
Assets []Asset `json:"assets"`
}
func (r *Release) CleanUploadUrl() string {
bracket := strings.Index(r.UploadUrl, "{")
if bracket == -1 {
return r.UploadUrl
}
return r.UploadUrl[0:bracket]
}
func (r *Release) String() string {
str := make([]string, len(r.Assets)+1)
str[0] = fmt.Sprintf(
"%s, name: '%s', description: '%s', id: %d, tagged: %s, published: %s, draft: %v, prerelease: %v",
r.TagName, r.Name, r.Description, r.Id,
timeFmtOr(r.Created, RELEASE_DATE_FORMAT, ""),
timeFmtOr(r.Published, RELEASE_DATE_FORMAT, ""),
Mark(r.Draft), Mark(r.Prerelease))
for idx, asset := range r.Assets {
str[idx+1] = fmt.Sprintf(" - artifact: %s, downloads: %d, state: %s, type: %s, size: %s, id: %d",
asset.Name, asset.Downloads, asset.State, asset.ContentType,
humanize.Bytes(asset.Size), asset.Id)
}
return strings.Join(str, "\n")
}
type ReleaseCreate struct {
TagName string `json:"tag_name"`
TargetCommitish string `json:"target_commitish,omitempty"`
Name string `json:"name"`
Body string `json:"body"`
Draft bool `json:"draft"`
Prerelease bool `json:"prerelease"`
}
func Releases(user, repo, authUser, token string) ([]Release, error) {
var releases []Release
client := github.NewClient(authUser, token, nil)
client.SetBaseURL(EnvApiEndpoint)
err := client.Get(fmt.Sprintf(RELEASE_LIST_URI, user, repo), &releases)
if err != nil {
return nil, err
}
return releases, nil
}
func latestReleaseApi(user, repo, authUser, token string) (*Release, error) {
var release Release
client := github.NewClient(authUser, token, nil)
client.SetBaseURL(EnvApiEndpoint)
return &release, client.Get(fmt.Sprintf(RELEASE_LATEST_URI, user, repo), &release)
}
func LatestRelease(user, repo, authUser, token string) (*Release, error) {
// If latestReleaseApi DOESN'T give an error, return the release.
if latestRelease, err := latestReleaseApi(user, repo, authUser, token); err == nil {
return latestRelease, nil
}
// The enterprise api doesnt support the latest release endpoint. Get
// all releases and compare the published date to get the latest.
releases, err := Releases(user, repo, authUser, token)
if err != nil {
return nil, err
}
var latestRelIndex = -1
maxDate := time.Time{}
for i, release := range releases {
if relDate := *release.Published; relDate.After(maxDate) {
maxDate = relDate
latestRelIndex = i
}
}
if latestRelIndex == -1 {
return nil, fmt.Errorf("could not find the latest release")
}
vprintln("Scanning ", len(releases), "releases, latest release is", releases[latestRelIndex])
return &releases[latestRelIndex], nil
}
func ReleaseOfTag(user, repo, tag, authUser, token string) (*Release, error) {
releases, err := Releases(user, repo, authUser, token)
if err != nil {
return nil, err
}
for _, release := range releases {
if release.TagName == tag {
return &release, nil
}
}
return nil, fmt.Errorf("could not find the release corresponding to tag %s", tag)
}
/* find the release-id of the specified tag */
func IdOfTag(user, repo, tag, authUser, token string) (int, error) {
release, err := ReleaseOfTag(user, repo, tag, authUser, token)
if err != nil {
return 0, err
}
return release.Id, nil
}

30
vendor/github.com/aktau/github-release/tags.go generated vendored Normal file
View File

@@ -0,0 +1,30 @@
package main
import (
"fmt"
"github.com/github-release/github-release/github"
)
const (
TAGS_URI = "/repos/%s/%s/tags"
)
type Tag struct {
Name string `json:"name"`
Commit Commit `json:"commit"`
ZipBallUrl string `json:"zipball_url"`
TarBallUrl string `json:"tarball_url"`
}
func (t *Tag) String() string {
return t.Name + " (commit: " + t.Commit.Url + ")"
}
// Get the tags associated with a repo.
func Tags(user, repo, authUser, token string) ([]Tag, error) {
var tags []Tag
client := github.NewClient(authUser, token, nil)
client.SetBaseURL(EnvApiEndpoint)
return tags, client.Get(fmt.Sprintf(TAGS_URI, user, repo), &tags)
}

9
vendor/github.com/aktau/github-release/term.go generated vendored Normal file
View File

@@ -0,0 +1,9 @@
package main
func Mark(ok bool) string {
if ok {
return "✔"
} else {
return "✗"
}
}

52
vendor/github.com/aktau/github-release/util.go generated vendored Normal file
View File

@@ -0,0 +1,52 @@
package main
import (
"fmt"
"os"
"time"
)
/* nvls returns the first value in xs that is not empty. */
func nvls(xs ...string) string {
for _, s := range xs {
if s != "" {
return s
}
}
return ""
}
func vprintln(a ...interface{}) (int, error) {
if VERBOSITY > 0 {
return fmt.Fprintln(os.Stderr, a...)
}
return 0, nil
}
func vprintf(format string, a ...interface{}) (int, error) {
if VERBOSITY > 0 {
return fmt.Fprintf(os.Stderr, format, a...)
}
return 0, nil
}
// formats time `t` as `fmt` if it is not nil, otherwise returns `def`
func timeFmtOr(t *time.Time, fmt, def string) string {
if t == nil {
return def
}
return t.Format(fmt)
}
// isCharDevice returns true if f is a character device (panics if f can't
// be stat'ed).
func isCharDevice(f *os.File) bool {
stat, err := f.Stat()
if err != nil {
panic(err)
}
return (stat.Mode() & os.ModeCharDevice) != 0
}

1
vendor/github.com/aktau/github-release/version.go generated vendored Normal file
View File

@@ -0,0 +1 @@
package main

15
vendor/github.com/andygrunwald/go-jira/.travis.yml generated vendored
View File

@@ -3,15 +3,18 @@ language: go
sudo: false
go:
- 1.4
- 1.5
- 1.6
- 1.7
- 1.8
- 1.9
- "1.9.x"
- "1.10.x"
- "1.11.x"
- "1.12.x"
- "1.13.x"
before_install:
- go get -t ./...
matrix:
allow_failures:
- go: 1.13.x
script:
- GOMAXPROCS=4 GORACE="halt_on_error=1" go test -race -v ./...

81
vendor/github.com/andygrunwald/go-jira/CHANGELOG.md generated vendored Normal file
View File

@@ -0,0 +1,81 @@
# Changelog
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
## [1.12.0](https://github.com/andygrunwald/go-jira/compare/v1.11.1...v1.12.0) (2019-12-14)
### Features
* Add IssueLinkTypeService with GetList and test ([261889a](https://github.com/andygrunwald/go-jira/commit/261889adc63623fcea0fa8cab0d5da26eec37e68))
* add worklog update method ([9ff562a](https://github.com/andygrunwald/go-jira/commit/9ff562ae3ea037961f277be10412ad0a42ff8a6f))
* Implement get remote links method ([1946cac](https://github.com/andygrunwald/go-jira/commit/1946cac0fe6ee91f784e3dda3c12f3f30f7115b8))
* Implement issue link type DELETE ([e37cc6c](https://github.com/andygrunwald/go-jira/commit/e37cc6c6897830492c070667ab8b68bd85683fc3))
* Implement issue link type GET ([57538b9](https://github.com/andygrunwald/go-jira/commit/57538b926c558e97940760a30bdc16cdd37ef4f1))
* Implement issue link type POST ([75b9df8](https://github.com/andygrunwald/go-jira/commit/75b9df8b01557f01dc318d33c0bc2841a9c084eb))
* Implement issue link type PUT ([48a15c1](https://github.com/andygrunwald/go-jira/commit/48a15c10443a3cff78f0fb2c8034dd772320e238))
* provide access to issue transitions loaded from JIRA API ([7530b7c](https://github.com/andygrunwald/go-jira/commit/7530b7cd8266d82cdb4afe831518986772e742ba))
### [1.11.1](https://github.com/andygrunwald/go-jira/compare/v1.11.0...v1.11.1) (2019-10-17)
## [1.11.0](https://github.com/andygrunwald/go-jira/compare/v1.10.0...v1.11.0) (2019-10-17)
### Features
* Add AccountID and AccountType to GroupMember struct ([216e005](https://github.com/andygrunwald/go-jira/commit/216e0056d6385eba9d31cb37e6ff64314860d2cc))
* Add AccountType and Locale to User struct ([52ab347](https://github.com/andygrunwald/go-jira/commit/52ab34790307144087f0d9bf86c93a2b2209fe46))
* Add GetAllStatuses ([afc96b1](https://github.com/andygrunwald/go-jira/commit/afc96b18d17b77e32cec9e1ac7e4f5dec7e627f5))
* Add GetMyFilters to FilterService ([ebae19d](https://github.com/andygrunwald/go-jira/commit/ebae19dda6afd0e54578f30300bc36012381e99b))
* Add Search to FilterService ([38a755b](https://github.com/andygrunwald/go-jira/commit/38a755b407cd70d11fe2e2897d814552ca29ab51))
* add support for JWT auth with qsh needed by add-ons ([a8bdfed](https://github.com/andygrunwald/go-jira/commit/a8bdfed27ff42a9bb0468b8cf192871780919def))
* AddGetBoardConfiguration ([fd698c5](https://github.com/andygrunwald/go-jira/commit/fd698c57163f248f21285d5ebc6a3bb60d46694f))
* Replace http.Client with interface for extensibility ([b59a65c](https://github.com/andygrunwald/go-jira/commit/b59a65c365dcefd42e135579e9b7ce9c9c006489))
### Bug Fixes
* Fix fixversion description tag ([8383e2f](https://github.com/andygrunwald/go-jira/commit/8383e2f5f145d04f6bcdb47fb12a95b58bdcedfa))
* Fix typos in filter_test.go ([e9a261c](https://github.com/andygrunwald/go-jira/commit/e9a261c52249073345e5895b22e2cf4d7286497a))
# [1.10.0](https://github.com/andygrunwald/go-jira/compare/v1.9.0...v1.10.0) (2019-05-23)
### Bug Fixes
* empty SearchOptions causing malformed request ([b3bf8c2](https://github.com/andygrunwald/go-jira/commit/b3bf8c2))
### Features
* added DeleteAttachment ([e93c0e1](https://github.com/andygrunwald/go-jira/commit/e93c0e1))
# [1.9.0](https://github.com/andygrunwald/go-jira/compare/v1.8.0...v1.9.0) (2019-05-19)
### Features
* **issues:** Added support for AddWorklog and GetWorklogs ([1ebd7e7](https://github.com/andygrunwald/go-jira/commit/1ebd7e7))
# [1.8.0](https://github.com/andygrunwald/go-jira/compare/v1.7.0...v1.8.0) (2019-05-16)
### Bug Fixes
* Add PriorityService to the main ([8491cb0](https://github.com/andygrunwald/go-jira/commit/8491cb0))
### Features
* **filter:** Add GetFavouriteList to FilterService. ([645898e](https://github.com/andygrunwald/go-jira/commit/645898e))
* Add get all priorities ([1c63e25](https://github.com/andygrunwald/go-jira/commit/1c63e25))
* Add ResolutionService to retrieve resolutions ([fb1ce22](https://github.com/andygrunwald/go-jira/commit/fb1ce22))
* Add status category constants ([6223ddd](https://github.com/andygrunwald/go-jira/commit/6223ddd))
* Add StatusCategory GetList ([049a756](https://github.com/andygrunwald/go-jira/commit/049a756))

36
vendor/github.com/andygrunwald/go-jira/Gopkg.lock generated vendored
View File

@@ -1,36 +0,0 @@
# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
[[projects]]
name = "github.com/fatih/structs"
packages = ["."]
revision = "a720dfa8df582c51dee1b36feabb906bde1588bd"
version = "v1.0"
[[projects]]
branch = "master"
name = "github.com/google/go-querystring"
packages = ["query"]
revision = "53e6ce116135b80d037921a7fdd5138cf32d7a8a"
[[projects]]
name = "github.com/pkg/errors"
packages = ["."]
revision = "645ef00459ed84a119197bfb8d8205042c6df63d"
version = "v0.8.0"
[[projects]]
name = "github.com/trivago/tgo"
packages = [
"tcontainer",
"treflect"
]
revision = "e4d1ddd28c17dd89ed26327cf69fded22060671b"
version = "v1.0.1"
[solve-meta]
analyzer-name = "dep"
analyzer-version = 1
inputs-digest = "e84ca9eea6d233e0947b0d760913db2983fd4cbf6fd0d8690c737a71affb635c"
solver-name = "gps-cdcl"
solver-version = 1

46
vendor/github.com/andygrunwald/go-jira/Gopkg.toml generated vendored
View File

@@ -1,46 +0,0 @@
# Gopkg.toml example
#
# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
# for detailed Gopkg.toml documentation.
#
# required = ["github.com/user/thing/cmd/thing"]
# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
#
# [[constraint]]
# name = "github.com/user/project"
# version = "1.0.0"
#
# [[constraint]]
# name = "github.com/user/project2"
# branch = "dev"
# source = "github.com/myfork/project2"
#
# [[override]]
# name = "github.com/x/y"
# version = "2.4.0"
#
# [prune]
# non-go = false
# go-tests = true
# unused-packages = true
[[constraint]]
name = "github.com/fatih/structs"
version = "1.0.0"
[[constraint]]
branch = "master"
name = "github.com/google/go-querystring"
[[constraint]]
name = "github.com/pkg/errors"
version = "0.8.0"
[[constraint]]
name = "github.com/trivago/tgo"
version = "1.0.1"
[prune]
go-tests = true
unused-packages = true

15
vendor/github.com/andygrunwald/go-jira/PULL_REQUEST_TEMPLATE.md generated vendored Normal file
View File

@@ -0,0 +1,15 @@
# PR Description
_What does this fix or add?_
# Checklist
* [ ] Tests added
* [ ] Good Path
* [ ] Error Path
* [ ] Commits follow conventions described here:
* [ ] [https://conventionalcommits.org/en/v1.0.0-beta.4/#summary](https://conventionalcommits.org/en/v1.0.0-beta.4/#summary)
* [ ] [https://chris.beams.io/posts/git-commit/#seven-rules](https://chris.beams.io/posts/git-commit/#seven-rules)
* [ ] Commits are squashed such that
* [ ] There is 1 commit per isolated change
* [ ] I've not made extraneous commits/changes that are unrelated to my change.

76
vendor/github.com/andygrunwald/go-jira/README.md generated vendored
View File

@@ -17,15 +17,18 @@
This package is not JIRA API complete (yet), but you can call every API endpoint you want. See [Call a not implemented API endpoint](#call-a-not-implemented-api-endpoint) how to do this. For all possible API endpoints of JIRA have a look at [latest JIRA REST API documentation](https://docs.atlassian.com/jira/REST/latest/).
## Compatible JIRA versions
## Requirements
This package was tested against JIRA v6.3.4 and v7.1.2.
* Go >= 1.8
* JIRA v6.3.4 & v7.1.2.
## Installation
It is go gettable
$ go get github.com/andygrunwald/go-jira
```bash
go get github.com/andygrunwald/go-jira
```
For stable versions you can use one of our tags with [gopkg.in](http://labix.org/gopkg.in). E.g.
@@ -40,8 +43,10 @@ import (
(optional) to run unit / example tests:
$ cd $GOPATH/src/github.com/andygrunwald/go-jira
$ go test -v ./...
```bash
cd $GOPATH/src/github.com/andygrunwald/go-jira
go test -v ./...
```
## API
@@ -89,13 +94,13 @@ For convenience, capability for basic and cookie-based authentication is include
#### Basic auth example
A more thorough, [runnable example](examples/basicauth/main.go) is provided in the examples directory.
A more thorough, [runnable example](examples/basicauth/main.go) is provided in the examples directory. **It's worth noting that using passwords in basic auth is now deprecated and will be removed.** Jira gives you the ability to [create tokens now.](https://confluence.atlassian.com/cloud/api-tokens-938839638.html)
```go
func main() {
tp := jira.BasicAuthTransport{
Username: "username",
Password: "password",
Password: "token",
}
client, err := jira.NewClient(tp.Client(), "https://my.jira.com")
@@ -106,25 +111,10 @@ func main() {
}
```
#### Authenticate with session cookie
#### Authenticate with session cookie [DEPRECATED]
A more thorough, [runnable example](examples/cookieauth/main.go) is provided in the examples directory.
JIRA [deprecated this authentication method.](https://developer.atlassian.com/cloud/jira/platform/deprecation-notice-basic-auth-and-cookie-based-auth/) It's not longer available for use.
Note: The `AuthURL` is almost always going to have the path `/rest/auth/1/session`
```go
tp := jira.CookieAuthTransport{
Username: "username",
Password: "password",
AuthURL: "https://my.jira.com/rest/auth/1/session",
}
client, err := jira.NewClient(tp.Client(), "https://my.jira.com")
u, _, err := client.User.Get("admin")
fmt.Printf("\nEmail: %v\nSuccess!\n", u.EmailAddress)
}
```
#### Authenticate with OAuth
@@ -146,10 +136,9 @@ import (
func main() {
base := "https://my.jira.com"
tp := jira.CookieAuthTransport{
tp := jira.BasicAuthTransport{
Username: "username",
Password: "password",
AuthURL: fmt.Sprintf("%s/rest/auth/1/session", base),
Password: "token",
}
jiraClient, err := jira.NewClient(tp.Client(), base)
@@ -200,17 +189,16 @@ import (
func main() {
base := "https://my.jira.com"
tp := jira.CookieAuthTransport{
tp := jira.BasicAuthTransport{
Username: "username",
Password: "password",
AuthURL: fmt.Sprintf("%s/rest/auth/1/session", base),
Password: "token",
}
jiraClient, err := jira.NewClient(tp.Client(), base)
req, _ := jiraClient.NewRequest("GET", "/rest/api/2/project", nil)
req, _ := jiraClient.NewRequest("GET", "rest/api/2/project", nil)
projects := new([]jira.Project)
_, err := jiraClient.Do(req, projects)
_, err = jiraClient.Do(req, projects)
if err != nil {
panic(err)
}
@@ -242,6 +230,8 @@ These services own a responsibility of the single endpoints / usecases of JIRA.
## Contribution
We ❤️ PR's
Contribution, in any kind of way, is highly welcome!
It doesn't matter if you are not able to write code.
Creating issues or holding talks and help other people to use [go-jira](https://github.com/andygrunwald/go-jira) is contribution, too!
@@ -250,15 +240,15 @@ A few examples:
* Correct typos in the README / documentation
* Reporting bugs
* Implement a new feature or endpoint
* Sharing the love if [go-jira](https://github.com/andygrunwald/go-jira) and help people to get use to it
* Sharing the love of [go-jira](https://github.com/andygrunwald/go-jira) and help people to get use to it
If you are new to pull requests, checkout [Collaborating on projects using issues and pull requests / Creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
### Dependency management
`go-jira` uses `dep` for dependency management. After cloning the repo, it's easy to make sure you have the correct dependencies by running `dep ensure`.
`go-jira` uses `go modules` for dependency management. After cloning the repo, it's easy to make sure you have the correct dependencies by running `go mod tidy`.
For adding new dependencies, updating dependencies, and other operations, the [Daily Dep](https://golang.github.io/dep/docs/daily-dep.html) is a good place to start.
For adding new dependencies, updating dependencies, and other operations, the [Daily workflow](https://github.com/golang/go/wiki/Modules#daily-workflow) is a good place to start.
### Sandbox environment for testing
@@ -266,6 +256,22 @@ Jira offers sandbox test environments at http://go.atlassian.com/cloud-dev.
You can read more about them at https://developer.atlassian.com/blog/2016/04/cloud-ecosystem-dev-env/.
## Releasing
Install `standard-version`
```bash
npm i -g standard-version
```
```bash
standard-version
git push --tags
```
Manually copy/paste text from changelog (for this new version) into the release on Github.com. E.g.
[https://github.com/andygrunwald/go-jira/releases/edit/v1.11.0](https://github.com/andygrunwald/go-jira/releases/edit/v1.11.0)
## License
This project is released under the terms of the [MIT license](http://en.wikipedia.org/wiki/MIT_License).

127
vendor/github.com/andygrunwald/go-jira/board.go generated vendored
View File

@@ -2,6 +2,7 @@ package jira
import (
"fmt"
"strconv"
"time"
)
@@ -34,7 +35,7 @@ type Board struct {
type BoardListOptions struct {
// BoardType filters results to boards of the specified type.
// Valid values: scrum, kanban.
BoardType string `url:"boardType,omitempty"`
BoardType string `url:"type,omitempty"`
// Name filters results to boards that match or partially match the specified name.
Name string `url:"name,omitempty"`
// ProjectKeyOrID filters results to boards that are relevant to a project.
@@ -44,9 +45,21 @@ type BoardListOptions struct {
SearchOptions
}
// Wrapper struct for search result
type sprintsResult struct {
Sprints []Sprint `json:"values" structs:"values"`
// GetAllSprintsOptions specifies the optional parameters to the BoardService.GetList
type GetAllSprintsOptions struct {
// State filters results to sprints in the specified states, comma-separate list
State string `url:"state,omitempty"`
SearchOptions
}
// SprintsList reflects a list of agile sprints
type SprintsList struct {
MaxResults int `json:"maxResults" structs:"maxResults"`
StartAt int `json:"startAt" structs:"startAt"`
Total int `json:"total" structs:"total"`
IsLast bool `json:"isLast" structs:"isLast"`
Values []Sprint `json:"values" structs:"values"`
}
// Sprint represents a sprint on JIRA agile board
@@ -61,12 +74,65 @@ type Sprint struct {
State string `json:"state" structs:"state"`
}
// BoardConfiguration represents a boardConfiguration of a jira board
type BoardConfiguration struct {
ID int `json:"id"`
Name string `json:"name"`
Self string `json:"self"`
Location BoardConfigurationLocation `json:"location"`
Filter BoardConfigurationFilter `json:"filter"`
SubQuery BoardConfigurationSubQuery `json:"subQuery"`
ColumnConfig BoardConfigurationColumnConfig `json:"columnConfig"`
}
// BoardConfigurationFilter reference to the filter used by the given board.
type BoardConfigurationFilter struct {
ID string `json:"id"`
Self string `json:"self"`
}
// BoardConfigurationSubQuery (Kanban only) - JQL subquery used by the given board.
type BoardConfigurationSubQuery struct {
Query string `json:"query"`
}
// BoardConfigurationLocation reference to the container that the board is located in
type BoardConfigurationLocation struct {
Type string `json:"type"`
Key string `json:"key"`
ID string `json:"id"`
Self string `json:"self"`
Name string `json:"name"`
}
// BoardConfigurationColumnConfig lists the columns for a given board in the order defined in the column configuration
// with constrainttype (none, issueCount, issueCountExclSubs)
type BoardConfigurationColumnConfig struct {
Columns []BoardConfigurationColumn `json:"columns"`
ConstraintType string `json:"constraintType"`
}
// BoardConfigurationColumn lists the name of the board with the statuses that maps to a particular column
type BoardConfigurationColumn struct {
Name string `json:"name"`
Status []BoardConfigurationColumnStatus `json:"statuses"`
}
// BoardConfigurationColumnStatus represents a status in the column configuration
type BoardConfigurationColumnStatus struct {
ID string `json:"id"`
Self string `json:"self"`
}
// GetAllBoards will returns all boards. This only includes boards that the user has permission to view.
//
// JIRA API docs: https://docs.atlassian.com/jira-software/REST/cloud/#agile/1.0/board-getAllBoards
func (s *BoardService) GetAllBoards(opt *BoardListOptions) (*BoardsList, *Response, error) {
apiEndpoint := "rest/agile/1.0/board"
url, err := addOptions(apiEndpoint, opt)
if err != nil {
return nil, nil, err
}
req, err := s.client.NewRequest("GET", url, nil)
if err != nil {
return nil, nil, err
@@ -145,22 +211,65 @@ func (s *BoardService) DeleteBoard(boardID int) (*Board, *Response, error) {
return nil, resp, err
}
// GetAllSprints will returns all sprints from a board, for a given board Id.
// GetAllSprints will return all sprints from a board, for a given board Id.
// This only includes sprints that the user has permission to view.
//
// JIRA API docs: https://docs.atlassian.com/jira-software/REST/cloud/#agile/1.0/board/{boardId}/sprint
func (s *BoardService) GetAllSprints(boardID string) ([]Sprint, *Response, error) {
apiEndpoint := fmt.Sprintf("rest/agile/1.0/board/%s/sprint", boardID)
req, err := s.client.NewRequest("GET", apiEndpoint, nil)
id, err := strconv.Atoi(boardID)
if err != nil {
return nil, nil, err
}
result := new(sprintsResult)
result, response, err := s.GetAllSprintsWithOptions(id, &GetAllSprintsOptions{})
if err != nil {
return nil, nil, err
}
return result.Values, response, nil
}
// GetAllSprintsWithOptions will return sprints from a board, for a given board Id and filtering options
// This only includes sprints that the user has permission to view.
//
// JIRA API docs: https://docs.atlassian.com/jira-software/REST/cloud/#agile/1.0/board/{boardId}/sprint
func (s *BoardService) GetAllSprintsWithOptions(boardID int, options *GetAllSprintsOptions) (*SprintsList, *Response, error) {
apiEndpoint := fmt.Sprintf("rest/agile/1.0/board/%d/sprint", boardID)
url, err := addOptions(apiEndpoint, options)
if err != nil {
return nil, nil, err
}
req, err := s.client.NewRequest("GET", url, nil)
if err != nil {
return nil, nil, err
}
result := new(SprintsList)
resp, err := s.client.Do(req, result)
if err != nil {
err = NewJiraError(resp, err)
}
return result.Sprints, resp, err
return result, resp, err
}
// GetBoardConfiguration will return a board configuration for a given board Id
// Jira API docs:https://developer.atlassian.com/cloud/jira/software/rest/#api-rest-agile-1-0-board-boardId-configuration-get
func (s *BoardService) GetBoardConfiguration(boardID int) (*BoardConfiguration, *Response, error) {
apiEndpoint := fmt.Sprintf("rest/agile/1.0/board/%d/configuration", boardID)
req, err := s.client.NewRequest("GET", apiEndpoint, nil)
if err != nil {
return nil, nil, err
}
result := new(BoardConfiguration)
resp, err := s.client.Do(req, result)
if err != nil {
err = NewJiraError(resp, err)
}
return result, resp, err
}

Some files were not shown because too many files have changed in this diff Show More