jesus/prvng_core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
prvng_core/nulib/compliance/commands.nu

509 lines
15 KiB
Plaintext
Raw Normal View History

feat: integrate enterprise security system into core libraries Adds KMS, secrets management, config encryption, and auth plugins to enable zero-trust security architecture across the provisioning platform.
2025-10-09 16:36:27 +01:00
# Compliance CLI Commands
# Provides comprehensive compliance features for GDPR, SOC2, and ISO 27001
const ORCHESTRATOR_URL = "http://localhost:8080"
# ============================================================================
# GDPR Commands
# ============================================================================
# Export personal data for a user (GDPR Article 15 - Right to Access)
export def "compliance gdpr export" [
user_id: string # User ID to export data for
--orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL
] {
let url = $"($orchestrator_url)/api/v1/compliance/gdpr/export/($user_id)"
print $"Exporting personal data for user: ($user_id)"
try {
let response = http post $url {}
$response | to json
} catch {
error make --unspanned {
msg: $"Failed to export data: ($in)"
}
}
}
# Delete personal data for a user (GDPR Article 17 - Right to Erasure)
export def "compliance gdpr delete" [
user_id: string # User ID to delete data for
--reason: string = "user_request" # Deletion reason
--orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL
] {
let url = $"($orchestrator_url)/api/v1/compliance/gdpr/delete/($user_id)"
print $"Deleting personal data for user: ($user_id)"
print $"Reason: ($reason)"
try {
let response = http post $url {reason: $reason}
print "✓ Data deletion completed"
$response | to json
} catch {
error make --unspanned {
msg: $"Failed to delete data: ($in)"
}
}
}
# Rectify personal data for a user (GDPR Article 16 - Right to Rectification)
export def "compliance gdpr rectify" [
user_id: string # User ID
--field: string # Field to rectify
--value: string # New value
--orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL
] {
if ($field | is-empty) or ($value | is-empty) {
error make --unspanned {
msg: "Both --field and --value must be provided"
}
}
let url = $"($orchestrator_url)/api/v1/compliance/gdpr/rectify/($user_id)"
let corrections = {($field): $value}
print $"Rectifying data for user: ($user_id)"
print $"Field: ($field) -> ($value)"
try {
http post $url {corrections: $corrections}
print "✓ Data rectification completed"
} catch {
error make --unspanned {
msg: $"Failed to rectify data: ($in)"
}
}
}
# Export data for portability (GDPR Article 20 - Right to Data Portability)
export def "compliance gdpr portability" [
user_id: string # User ID
--format: string = "json" # Export format (json, csv, xml)
--output: string # Output file path
--orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL
] {
let url = $"($orchestrator_url)/api/v1/compliance/gdpr/portability/($user_id)"
print $"Exporting data for portability: ($user_id)"
print $"Format: ($format)"
try {
let response = http post $url {format: $format}
if ($output | is-empty) {
$response
} else {
$response | save $output
print $"✓ Data exported to: ($output)"
}
} catch {
error make --unspanned {
msg: $"Failed to export data: ($in)"
}
}
}
# Record objection to processing (GDPR Article 21 - Right to Object)
export def "compliance gdpr object" [
user_id: string # User ID
processing_type: string # Type of processing to object (direct_marketing, profiling, etc.)
--orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL
] {
let url = $"($orchestrator_url)/api/v1/compliance/gdpr/object/($user_id)"
print $"Recording objection for user: ($user_id)"
print $"Processing type: ($processing_type)"
try {
http post $url {processing_type: $processing_type}
print "✓ Objection recorded"
} catch {
error make --unspanned {
msg: $"Failed to record objection: ($in)"
}
}
}
# ============================================================================
# SOC2 Commands
# ============================================================================
# Generate SOC2 compliance report
export def "compliance soc2 report" [
--orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL
--output: string # Output file path
] {
let url = $"($orchestrator_url)/api/v1/compliance/soc2/report"
print "Generating SOC2 compliance report..."
try {
let response = http get $url
if ($output | is-empty) {
$response | to json
} else {
$response | to json | save $output
print $"✓ SOC2 report saved to: ($output)"
}
} catch {
error make --unspanned {
msg: $"Failed to generate SOC2 report: ($in)"
}
}
}
# List SOC2 Trust Service Criteria
export def "compliance soc2 controls" [
--orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL
] {
let url = $"($orchestrator_url)/api/v1/compliance/soc2/controls"
try {
http get $url | get controls
} catch {
error make --unspanned {
msg: $"Failed to list controls: ($in)"
}
}
}
# ============================================================================
# ISO 27001 Commands
# ============================================================================
# Generate ISO 27001 compliance report
export def "compliance iso27001 report" [
--orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL
--output: string # Output file path
] {
let url = $"($orchestrator_url)/api/v1/compliance/iso27001/report"
print "Generating ISO 27001 compliance report..."
try {
let response = http get $url
if ($output | is-empty) {
$response | to json
} else {
$response | to json | save $output
print $"✓ ISO 27001 report saved to: ($output)"
}
} catch {
error make --unspanned {
msg: $"Failed to generate ISO 27001 report: ($in)"
}
}
}
# List ISO 27001 Annex A controls
export def "compliance iso27001 controls" [
--orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL
] {
let url = $"($orchestrator_url)/api/v1/compliance/iso27001/controls"
try {
http get $url | get controls
} catch {
error make --unspanned {
msg: $"Failed to list controls: ($in)"
}
}
}
# List identified risks
export def "compliance iso27001 risks" [
--orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL
] {
let url = $"($orchestrator_url)/api/v1/compliance/iso27001/risks"
try {
http get $url | get risks
} catch {
error make --unspanned {
msg: $"Failed to list risks: ($in)"
}
}
}
# ============================================================================
# Data Protection Commands
# ============================================================================
# Verify data protection controls
export def "compliance protection verify" [
--orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL
] {
let url = $"($orchestrator_url)/api/v1/compliance/protection/verify"
print "Verifying data protection controls..."
try {
http get $url | to json
} catch {
error make --unspanned {
msg: $"Failed to verify protection: ($in)"
}
}
}
# Classify data
export def "compliance protection classify" [
data: string # Data to classify
--orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL
] {
let url = $"($orchestrator_url)/api/v1/compliance/protection/classify"
try {
http post $url {data: $data} | get classification
} catch {
error make --unspanned {
msg: $"Failed to classify data: ($in)"
}
}
}
# ============================================================================
# Access Control Commands
# ============================================================================
# List available roles
export def "compliance access roles" [
--orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL
] {
let url = $"($orchestrator_url)/api/v1/compliance/access/roles"
try {
http get $url | get roles
} catch {
error make --unspanned {
msg: $"Failed to list roles: ($in)"
}
}
}
# Get permissions for a role
export def "compliance access permissions" [
role: string # Role name
--orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL
] {
let url = $"($orchestrator_url)/api/v1/compliance/access/permissions/($role)"
try {
http get $url | get permissions
} catch {
error make --unspanned {
msg: $"Failed to get permissions: ($in)"
}
}
}
# Check if role has permission
export def "compliance access check" [
role: string # Role name
permission: string # Permission to check
--orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL
] {
let url = $"($orchestrator_url)/api/v1/compliance/access/check"
try {
let result = http post $url {role: $role, permission: $permission}
$result | get allowed
} catch {
error make --unspanned {
msg: $"Failed to check permission: ($in)"
}
}
}
# ============================================================================
# Incident Response Commands
# ============================================================================
# Report a security incident
export def "compliance incident report" [
--severity: string # Incident severity (critical, high, medium, low)
--type: string # Incident type (data_breach, unauthorized_access, etc.)
--description: string # Incident description
--orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL
] {
if ($severity | is-empty) or ($type | is-empty) or ($description | is-empty) {
error make --unspanned {
msg: "All parameters (--severity, --type, --description) are required"
}
}
let url = $"($orchestrator_url)/api/v1/compliance/incidents"
print $"Reporting ($severity) incident of type ($type)"
try {
let response = http post $url {
severity: $severity,
incident_type: $type,
description: $description,
affected_systems: [],
affected_users: [],
reported_by: "cli-user"
}
print $"✓ Incident reported: ($response.incident_id)"
$response.incident_id
} catch {
error make --unspanned {
msg: $"Failed to report incident: ($in)"
}
}
}
# List security incidents
export def "compliance incident list" [
--severity: string # Filter by severity
--status: string # Filter by status
--type: string # Filter by type
--orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL
] {
mut query_params = []
if not ($severity | is-empty) {
$query_params = ($query_params | append $"severity=($severity)")
}
if not ($status | is-empty) {
$query_params = ($query_params | append $"status=($status)")
}
if not ($type | is-empty) {
$query_params = ($query_params | append $"incident_type=($type)")
}
let query_string = if ($query_params | length) > 0 {
$"?($query_params | str join '&')"
} else {
""
}
let url = $"($orchestrator_url)/api/v1/compliance/incidents($query_string)"
try {
http get $url
} catch {
error make --unspanned {
msg: $"Failed to list incidents: ($in)"
}
}
}
# Get incident details
export def "compliance incident show" [
incident_id: string # Incident ID
--orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL
] {
let url = $"($orchestrator_url)/api/v1/compliance/incidents/($incident_id)"
try {
http get $url | to json
} catch {
error make --unspanned {
msg: $"Failed to get incident: ($in)"
}
}
}
# ============================================================================
# Combined Reporting
# ============================================================================
# Generate combined compliance report
export def "compliance report" [
--format: string = "json" # Output format (json, yaml)
--output: string # Output file path
--orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL
] {
let url = $"($orchestrator_url)/api/v1/compliance/reports/combined"
print "Generating combined compliance report..."
print "This includes GDPR, SOC2, and ISO 27001 compliance status"
try {
let response = http get $url
let formatted = if $format == "yaml" {
$response | to yaml
} else {
$response | to json
}
if ($output | is-empty) {
$formatted
} else {
$formatted | save $output
print $"✓ Compliance report saved to: ($output)"
}
} catch {
error make --unspanned {
msg: $"Failed to generate report: ($in)"
}
}
}
# Check compliance health status
export def "compliance health" [
--orchestrator-url: string = $ORCHESTRATOR_URL # Orchestrator URL
] {
let url = $"($orchestrator_url)/api/v1/compliance/health"
try {
http get $url
} catch {
error make --unspanned {
msg: $"Failed to check health: ($in)"
}
}
}
# ============================================================================
# Helper Functions
# ============================================================================
# Show compliance command help
export def "compliance help" [] {
print "
Compliance CLI - GDPR, SOC2, and ISO 27001 Features
Usage:
compliance <category> <command> [options]
Categories:
gdpr - GDPR compliance (data subject rights)
soc2 - SOC2 Trust Service Criteria
iso27001 - ISO 27001 Annex A controls
protection - Data protection controls
access - Access control matrix
incident - Incident response
report - Combined compliance reporting
health - Health check
Examples:
# Export user data (GDPR)
compliance gdpr export user123
# Generate SOC2 report
compliance soc2 report --output soc2-report.json
# Generate ISO 27001 report
compliance iso27001 report --output iso27001-report.json
# Report security incident
compliance incident report --severity critical --type data_breach --description \"Unauthorized access detected\"
# Generate combined report
compliance report --output compliance-report.json
For detailed help on a specific command, use:
help compliance <category> <command>
"
}
Reference in New Issue Copy Permalink