forked from cisagov/ScubaGear
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathOPA.ps1
64 lines (60 loc) · 2.26 KB
/
OPA.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#Requires -Version 5.1
<#
.SYNOPSIS
This script installs the required OPA executable used by the
assessment tool
.DESCRIPTION
Installs the OPA executable required to support SCuBAGear.
.EXAMPLE
.\OPA.ps1
#>
# Set prefernces for writing messages
$DebugPreference = "Continue"
$InformationPreference = "Continue"
$ErrorActionPreference = "Stop"
# Set expected version and OutFile path
$ExpectedVersion = "0.42.1"
$OPAExe = "opa_windows_amd64.exe"
$InstallUrl = "https://openpolicyagent.org/downloads/v$($ExpectedVersion)/$OPAExe"
$OutFile=(Join-Path (Get-Location).Path $InstallUrl.SubString($InstallUrl.LastIndexOf('/')))
$ExpectedHash ="5D71028FED935DC98B9D69369D42D2C03CE84A7720D61ED777E10AAE7528F399"
# Download files
try {
Write-Information "Downloading $InstallUrl"
$WebClient = New-Object System.Net.WebClient
$WebClient.DownloadFile($InstallUrl, $OutFile)
Write-Information ""
Write-Information "`nDownload of `"$OutFile`" finished."
}
catch {
Write-Error "An error has occurred: Unable to download OPA executable. To try manually downloading, see details in README under 'Download the required OPA executable'"
}
finally {
$WebClient.Dispose()
}
# Hash checks
if ((Get-FileHash .\opa_windows_amd64.exe).Hash -eq $ExpectedHash)
{
Write-Information "SHA256 verified successfully"
}
else {
Write-Information "SHA256 verification failed, retry download or install manually. See README under 'Download the required OPA executable' for instructions."
}
# Version checks
Try {
$OPAArgs = @('version')
$InstalledVersion= $(& "./$($OPAExe)" @OPAArgs) | Select-Object -First 1
if ($InstalledVersion -eq "Version: $($ExpectedVersion)")
{
Write-Information "`Downloaded OPA version` `"$InstalledVersion`" meets the ScubaGear requirement"
}
else {
Write-Information "`Downloaded OPA version` `"$InstalledVersion`" does not meet the ScubaGear requirement of` `"$ExpectedVersion`""
}
}
catch {
Write-Error "Unable to verify the current OPA version: please see details on manual installation in the README under 'Download the required OPA executable'"
}
$DebugPreference = "SilientlyContinue"
$InformationPreference = "SilientlyContinue"
$ErrorActionPreference = "Continue"