Puppet Class: vulnerability::install::windows

Defined in:
manifests/install/windows.pp

Summary

This class takes care of installing `grype` on windows systems.

Overview

vulnerability::install::windows

See the file “LICENSE” for the full license governing this code.

Parameters:

  • version (String[1])

    The version of ‘grype` to install.

  • temp_dir (Stdlib::Absolutepath)

    The temporary directory to use for the installation. The default value for this is ‘/tmp`.

  • root_dir (Stdlib::Absolutepath)

    The root directory where all grype files are stored. This is an internal variable. Please be cautious when changing this.

  • base_url (String[1])

    The base part of the URL where to download grype from. The default is: ‘github.com/anchore/grype/releases/download`, meaning we download directly from the original github source.



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
 
# File 'manifests/install/windows.pp', line 25

class vulnerability::install::windows (
  String[1]            $base_url,
  Stdlib::Absolutepath $root_dir,
  Stdlib::Absolutepath $temp_dir,
  String[1]            $version
) {
  unless defined(File[$temp_dir]) {
    file { $temp_dir:
      ensure => 'directory',
    }
  }
  #
  # First ensure all target directories exsit
  #
  $dirs = [
    $root_dir,
    "${root_dir}/bin",
    "${root_dir}/etc",
  ]

  file { $dirs:
    ensure => 'directory',
    owner  => 'Administrator',
  }

  if $facts['grype_version'] != $version {
    $source_file  = "grype_${version}_windows_amd64.zip"
    $extract_path = "${temp_dir}/grype_${version.regsubst('\.','_', 'G')}"

    # 
    # For unzipping the class, we need the 7zip installed. We delegate
    # this part to the achive class
    # 
    require archive

    file { $extract_path:
      ensure => 'directory',
    }

    -> archive { "${temp_dir}/${source_file}":
      ensure       => 'present',
      source       => "${base_url}/v${version}/${source_file}",
      extract      => true,
      extract_path => $extract_path,
      cleanup      => true,
    }

    -> file { "${root_dir}/bin/grype.exe":
      ensure => 'file',
      source => "file:///${extract_path}/grype.exe",
      owner  => 'Administrator',
      mode   => '0755',
    }

    cleanup { 'Cleanup downloads':
      file_name  => $extract_path,
    }
  }

  file { "${root_dir}/etc/grype_yaml.tpl":
    ensure => 'file',
    source => 'puppet:///modules/vulnerability/grype_yaml.tpl',
    owner  => 'Administrator',
    mode   => '0755',
  }
}