#!/bin/sh

check_8() {
  logit "\n"
  id_8="8"
  desc_8="Docker Enterprise Configuration"
  check_8="$id_8 - $desc_8"
  info "$check_8"
  startsectionjson "$id_8" "$desc_8"
}

check_product_license() {
  if docker version | grep -Eqi '^Server.*Community$|Version.*-ce$'; then
    info "  * Community Engine license, skipping section 8"
    enterprise_license=0
  else
    enterprise_license=1
  fi
}

check_8_1() {
  if [ "$enterprise_license" -ne 1 ]; then
    return
  fi

  id_8_1="8.1"
  desc_8_1="Universal Control Plane Configuration"
  check_8_1="$id_8_1 - $desc_8_1"
  info "$check_8_1"
}

# 8.1.1
check_8_1_1() {
  if [ "$enterprise_license" -ne 1 ]; then
    return
  fi

  id_8_1_1="8.1.1"
  desc_8_1_1="Configure the LDAP authentication service (Scored)"
  check_8_1_1="$id_8_1_1  - $desc_8_1_1"
  starttestjson "$id_8_1_1" "$desc_8_1_1"

  totalChecks=$((totalChecks + 1))
  note "$check_8_1_1"
  resulttestjson "INFO"
  currentScore=$((currentScore + 0))
}

# 8.1.2
check_8_1_2() {
  if [ "$enterprise_license" -ne 1 ]; then
    return
  fi

  id_8_1_2="8.1.2"
  desc_8_1_2="Use external certificates (Scored)"
  check_8_1_2="$id_8_1_2  - $desc_8_1_2"
  starttestjson "$id_8_1_2" "$desc_8_1_2"

  totalChecks=$((totalChecks + 1))
  note "$check_8_1_2"
  resulttestjson "INFO"
  currentScore=$((currentScore + 0))
}

# 8.1.3
check_8_1_3() {
  if [ "$enterprise_license" -ne 1 ]; then
    return
  fi

  id_8_1_3="8.1.3"
  desc_8_1_3="Enforce the use of client certificate bundles for unprivileged users (Not Scored)"
  check_8_1_3="$id_8_1_3  - $desc_8_1_3"
  starttestjson "$id_8_1_3" "$desc_8_1_3"

  totalChecks=$((totalChecks + 1))
  note "$check_8_1_3"
  resulttestjson "INFO"
  currentScore=$((currentScore + 0))
}

# 8.1.4
check_8_1_4() {
  if [ "$enterprise_license" -ne 1 ]; then
    return
  fi

  id_8_1_4="8.1.4"
  desc_8_1_4="Configure applicable cluster role-based access control policies (Not Scored)"
  check_8_1_4="$id_8_1_4  - $desc_8_1_4"
  starttestjson "$id_8_1_4" "$desc_8_1_4"

  totalChecks=$((totalChecks + 1))
  note "$check_8_1_4"
  resulttestjson "INFO"
  currentScore=$((currentScore + 0))
}

# 8.1.5
check_8_1_5() {
  if [ "$enterprise_license" -ne 1 ]; then
    return
  fi

  id_8_1_5="8.1.5"
  desc_8_1_5="Enable signed image enforcement (Scored)"
  check_8_1_5="$id_8_1_5  - $desc_8_1_5"
  starttestjson "$id_8_1_5" "$desc_8_1_5"

  totalChecks=$((totalChecks + 1))
  note "$check_8_1_5"
  resulttestjson "INFO"
  currentScore=$((currentScore + 0))
}

# 8.1.6
check_8_1_6() {
  if [ "$enterprise_license" -ne 1 ]; then
    return
  fi

  id_8_1_6="8.1.6"
  desc_8_1_6="Set the Per-User Session Limit to a value of '3' or lower (Scored)"
  check_8_1_6="$id_8_1_6  - $desc_8_1_6"
  starttestjson "$id_8_1_6" "$desc_8_1_6"

  totalChecks=$((totalChecks + 1))
  note "$check_8_1_6"
  resulttestjson "INFO"
  currentScore=$((currentScore + 0))
}

# 8.1.7
check_8_1_7() {
  if [ "$enterprise_license" -ne 1 ]; then
    return
  fi

  id_8_1_7="8.1.7"
  desc_8_1_7="Set the 'Lifetime Minutes' and 'Renewal Threshold Minutes' values to '15' or lower and '0' respectively (Scored)"
  check_8_1_7="$id_8_1_7  - $desc_8_1_7"
  starttestjson "$id_8_1_7" "$desc_8_1_7"

  totalChecks=$((totalChecks + 1))
  note "$check_8_1_7"
  resulttestjson "INFO"
  currentScore=$((currentScore + 0))
}

check_8_2() {
  if [ "$enterprise_license" -ne 1 ]; then
    return
  fi

  logit "\n"
  id_8_2="8.2"
  desc_8_2="Docker Trusted Registry Configuration"
  check_8_2="$id_8_2 - $desc_8_2"
  info "$check_8_2"
}

check_8_2_1() {
  if [ "$enterprise_license" -ne 1 ]; then
    return
  fi

  id_8_2_1="8.2.1"
  desc_8_2_1="Enable image vulnerability scanning (Scored)"
  check_8_2_1="$id_8_2_1  - $desc_8_2_1"
  starttestjson "$id_8_2_1" "$desc_8_2_1"

  totalChecks=$((totalChecks + 1))
  note "$check_8_2_1"
  resulttestjson "INFO"
  currentScore=$((currentScore + 0))
}

check_8_end() {
  endsectionjson
}