Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-12-13 06:42:40 +00:00
Code Issues Projects Releases Packages Wiki Activity
inspec/lib/inspec/control_eval_context.rb

190 lines
6.2 KiB
Ruby
Raw Normal View History

Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
# encoding: utf-8
# author: Dominik Richter
# author: Christoph Hartmann
require 'inspec/dsl'
require 'inspec/dsl_shared'
module Inspec
#
# ControlEvalContext constructs an anonymous class that control
# files will be instance_exec'd against.
#
# The anonymous class includes the given passed resource_dsl as well
# as the basic DSL of the control files (describe, control, title,
# etc).
#
Rubocop: disable GuardClause and ClassLength (#2382) Neither of these cops is helping us write good code, and GuardClause specifically is actually contributing to us writing sometimes-unclear code. Disabling both of these cops and removing all unnecessary disable decorators in the codebase. Signed-off-by: Adam Leff <adam@leff.co>
2017-12-07 19:22:55 +00:00
class ControlEvalContext
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
# Create the context for controls. This includes all components of the DSL,
# including matchers and resources.
#
# @param [ResourcesDSL] resources_dsl which has all resources to attach
# @return [RuleContext] the inner context of rules
Implement InSpec global attributes (#3318) * Add yml attribute option. * Add type matching. * Add testing profile for global attributes testing all types. * Allow attributes to be called within a control block. * Fix attribut test issues and allow value to be set at runtime. * Allow setting attr value after creation. * Move attributes to global namespace. * Move attributes to a singleton object. * Add unit and updated functional testing. * Rename attributes to attributes_test so the testhelper picks it up. * Add attribute object tests and error types. * Update with feedback changes. * Remove extra line. * Move attribute registry class file. * Add documentation for attributes * Rename rspec_extensions. * Add some failing functional tests. * Update docs and fix typos. Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-12 20:42:58 +00:00
def self.rule_context(resources_dsl, profile_id)
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
require 'rspec/core/dsl'
Class.new(Inspec::Rule) do
include RSpec::Core::DSL
Ensure resources are visible inside its blocks The recent changes to provide isolated views of the available resources was not extended to Rspec::ExampleGroups. This ensures that ExampleGroups have access to the same resources as the enclosing Inspec::Rule. Signed-off-by: Steven Danna <steve@chef.io>
2016-09-14 13:57:26 +00:00
with_resource_dsl resources_dsl
Implement InSpec global attributes (#3318) * Add yml attribute option. * Add type matching. * Add testing profile for global attributes testing all types. * Allow attributes to be called within a control block. * Fix attribut test issues and allow value to be set at runtime. * Allow setting attr value after creation. * Move attributes to global namespace. * Move attributes to a singleton object. * Add unit and updated functional testing. * Rename attributes to attributes_test so the testhelper picks it up. * Add attribute object tests and error types. * Update with feedback changes. * Remove extra line. * Move attribute registry class file. * Add documentation for attributes * Rename rspec_extensions. * Add some failing functional tests. * Update docs and fix typos. Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-12 20:42:58 +00:00
# allow attributes to be accessed within control blocks
define_method :attribute do |name|
Inspec::AttributeRegistry.find_attribute(name, profile_id).value
end
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
end
end
# Creates the heart of the control eval context:
#
# An instantiated object which has all resources registered to it
# and exposes them to the a test file.
#
# @param profile_context [Inspec::ProfileContext]
# @param outer_dsl [OuterDSLClass]
# @return [ProfileContextClass]
Fix `only_if` behavior when used outside controls (#2216) * Fix `only_if` behavior when used outside controls This renames `@skip_profile` to `@skip_file` and modifies the scope of `only_if` (used outside of a control) to only apply to the control file that contains it instead of the entire profile. This does this by exposing `@skip_file` from the control context so that it can be set back to `false` between loading control files in the profile context. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `get_checks` to accept a rule index Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `only_if` to work regardless of location Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Disable Cyclomatic/Perceived Complexity in Rubocop Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add comment for `skip_file` in `load_control_file` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-10-17 12:47:30 +00:00
def self.create(profile_context, resources_dsl) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
profile_context_owner = profile_context
profile_id = profile_context.profile_id
Implement InSpec global attributes (#3318) * Add yml attribute option. * Add type matching. * Add testing profile for global attributes testing all types. * Allow attributes to be called within a control block. * Fix attribut test issues and allow value to be set at runtime. * Allow setting attr value after creation. * Move attributes to global namespace. * Move attributes to a singleton object. * Add unit and updated functional testing. * Rename attributes to attributes_test so the testhelper picks it up. * Add attribute object tests and error types. * Update with feedback changes. * Remove extra line. * Move attribute registry class file. * Add documentation for attributes * Rename rspec_extensions. * Add some failing functional tests. * Update docs and fix typos. Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-12 20:42:58 +00:00
rule_class = rule_context(resources_dsl, profile_id)
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
Bump Rubocop to 0.49.1 (#2323) * Bump Rubocop to 0.49.1 This change bumps Rubocop to 0.49.1. There have been a lot of changes since 0.39.0 and this PR is hopefully a nice compromise of turning off certain cops and updating our codebase to take advantage of new Ruby 2.3 methods and operators. Signed-off-by: Adam Leff <adam@leff.co> * Set end-of-line format to line-feed only, avoid Windows-related CRLF issues Signed-off-by: Adam Leff <adam@leff.co>
2017-11-21 07:49:41 +00:00
Class.new do # rubocop:disable Metrics/BlockLength
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
include Inspec::DSL
include Inspec::DSL::RequireOverride
include resources_dsl
Fix `only_if` behavior when used outside controls (#2216) * Fix `only_if` behavior when used outside controls This renames `@skip_profile` to `@skip_file` and modifies the scope of `only_if` (used outside of a control) to only apply to the control file that contains it instead of the entire profile. This does this by exposing `@skip_file` from the control context so that it can be set back to `false` between loading control files in the profile context. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `get_checks` to accept a rule index Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `only_if` to work regardless of location Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Disable Cyclomatic/Perceived Complexity in Rubocop Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add comment for `skip_file` in `load_control_file` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-10-17 12:47:30 +00:00
attr_accessor :skip_file
Allow `inspec check` to ignore `only_if` (#2250) * Allow `inspec check` to ignore `only_if` When using `inspec check` a mock Train backend is created. This means that the following would raise an error because `os.name` is `nil` ``` only_if { os.name.include?('anything') } ``` Since `inspec check` isn't concerned with the evaluation of `only_if` this skips those checks if the block given raises an error. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Remove unnecessary `e` in rescue Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify implementation to use `check_mode` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Move `check_mode` concept to the Profile scope Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Fix lint after rubocop upgrade Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add comment for mocked ControlEvalContext options Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-12-05 13:13:41 +00:00
def initialize(backend, conf, dependencies, require_loader, skip_only_if_eval)
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
@backend = backend
@conf = conf
@dependencies = dependencies
@require_loader = require_loader
Allow passing a message to set_skip_rule. Previously, the `value` passed to set_skip_rule could be a boolean, or a message. Now value should always be a boolean, and if a message is needed one can be passed and will be set. Allow only_if to take a message during control_eval DSL. Add test for only_if(message). Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-08-07 17:10:45 +00:00
@skip_file_message = nil
Fix `only_if` behavior when used outside controls (#2216) * Fix `only_if` behavior when used outside controls This renames `@skip_profile` to `@skip_file` and modifies the scope of `only_if` (used outside of a control) to only apply to the control file that contains it instead of the entire profile. This does this by exposing `@skip_file` from the control context so that it can be set back to `false` between loading control files in the profile context. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `get_checks` to accept a rule index Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `only_if` to work regardless of location Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Disable Cyclomatic/Perceived Complexity in Rubocop Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add comment for `skip_file` in `load_control_file` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-10-17 12:47:30 +00:00
@skip_file = false
Allow `inspec check` to ignore `only_if` (#2250) * Allow `inspec check` to ignore `only_if` When using `inspec check` a mock Train backend is created. This means that the following would raise an error because `os.name` is `nil` ``` only_if { os.name.include?('anything') } ``` Since `inspec check` isn't concerned with the evaluation of `only_if` this skips those checks if the block given raises an error. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Remove unnecessary `e` in rescue Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify implementation to use `check_mode` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Move `check_mode` concept to the Profile scope Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Fix lint after rubocop upgrade Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add comment for mocked ControlEvalContext options Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-12-05 13:13:41 +00:00
@skip_only_if_eval = skip_only_if_eval
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
end
define_method :title do |arg|
profile_context_owner.set_header(:title, arg)
end
def to_s
Minor code-review change to ControlEvalContext - Add comment describing describe - Fixup to_s output to be more accurate Signed-off-by: Steven Danna <steve@chef.io>
2016-09-05 08:28:50 +00:00
"Control Evaluation Context (#{profile_name})"
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
end
define_method :profile_name do
profile_id
end
define_method :control do |*args, &block|
id = args[0]
opts = args[1] || {}
Allow `inspec check` to ignore `only_if` (#2250) * Allow `inspec check` to ignore `only_if` When using `inspec check` a mock Train backend is created. This means that the following would raise an error because `os.name` is `nil` ``` only_if { os.name.include?('anything') } ``` Since `inspec check` isn't concerned with the evaluation of `only_if` this skips those checks if the block given raises an error. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Remove unnecessary `e` in rescue Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify implementation to use `check_mode` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Move `check_mode` concept to the Profile scope Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Fix lint after rubocop upgrade Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add comment for mocked ControlEvalContext options Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-12-05 13:13:41 +00:00
opts[:skip_only_if_eval] = @skip_only_if_eval
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
register_control(rule_class.new(id, profile_id, opts, &block))
end
Minor code-review change to ControlEvalContext - Add comment describing describe - Fixup to_s output to be more accurate Signed-off-by: Steven Danna <steve@chef.io>
2016-09-05 08:28:50 +00:00
#
# Describe allows users to write rspec-like bare describe
# blocks without declaring an inclosing control. Here, we
# generate a control for them automatically and then execute
# the describe block in the context of that control.
#
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
define_method :describe do |*args, &block|
Bump Rubocop to 0.49.1 (#2323) * Bump Rubocop to 0.49.1 This change bumps Rubocop to 0.49.1. There have been a lot of changes since 0.39.0 and this PR is hopefully a nice compromise of turning off certain cops and updating our codebase to take advantage of new Ruby 2.3 methods and operators. Signed-off-by: Adam Leff <adam@leff.co> * Set end-of-line format to line-feed only, avoid Windows-related CRLF issues Signed-off-by: Adam Leff <adam@leff.co>
2017-11-21 07:49:41 +00:00
loc = block_location(block, caller(1..1).first)
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
id = "(generated from #{loc} #{SecureRandom.hex})"
res = nil
rule = rule_class.new(id, profile_id, {}) do
res = describe(*args, &block)
end
register_control(rule, &block)
res
end
Allow users to reference resources from dependencies All resources from deps are added into the control_eval_context used by the current profile. However, if there is a name conflict, the last loaded resource wins. The new `require_resource` dsl method allows the user to do the following: require_resource(profile: 'profile_name', resource: 'other', as: 'renamed') describe renamed do ... end Signed-off-by: Steven Danna <steve@chef.io>
2016-09-15 07:54:15 +00:00
define_method :add_resource do |name, new_res|
resources_dsl.module_exec do
define_method name.to_sym do |*args|
new_res.new(@backend, name.to_s, *args)
end
end
end
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
define_method :add_resources do |context|
self.class.class_eval do
include context.to_resources_dsl
end
rule_class.class_eval do
include context.to_resources_dsl
end
end
define_method :add_subcontext do |context|
profile_context_owner.add_subcontext(context)
end
define_method :register_control do |control, &block|
Add platform resource and platform supports (#2393) * Add platform resource and platform supports. Signed-off-by: Jared Quick <jquick@chef.io> * Cache platform and inspec checks and implement inspec_version. Signed-off-by: Jared Quick <jquick@chef.io> * Deprecate current inspec support in favor of inspec_version. Signed-off-by: Jared Quick <jquick@chef.io> * Update resource/profile skip messages. Signed-off-by: Jared Quick <jquick@chef.io> * Update load_resource to use platform instead of os. Signed-off-by: Jared Quick <jquick@chef.io> * Update platform example. Signed-off-by: Jared Quick <jquick@chef.io>
2018-01-02 19:04:13 +00:00
if @skip_file
Allow passing a message to set_skip_rule. Previously, the `value` passed to set_skip_rule could be a boolean, or a message. Now value should always be a boolean, and if a message is needed one can be passed and will be set. Allow only_if to take a message during control_eval DSL. Add test for only_if(message). Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-08-07 17:10:45 +00:00
::Inspec::Rule.set_skip_rule(control, true, @skip_file_message)
Skip controls from profile's that don't support the current platform Any controls included from profiles that don't support our current platform are now marked as skipped. Fixes #1049
2016-09-14 07:41:19 +00:00
end
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
Add platform resource and platform supports (#2393) * Add platform resource and platform supports. Signed-off-by: Jared Quick <jquick@chef.io> * Cache platform and inspec checks and implement inspec_version. Signed-off-by: Jared Quick <jquick@chef.io> * Deprecate current inspec support in favor of inspec_version. Signed-off-by: Jared Quick <jquick@chef.io> * Update resource/profile skip messages. Signed-off-by: Jared Quick <jquick@chef.io> * Update load_resource to use platform instead of os. Signed-off-by: Jared Quick <jquick@chef.io> * Update platform example. Signed-off-by: Jared Quick <jquick@chef.io>
2018-01-02 19:04:13 +00:00
unless profile_context_owner.profile_supports_platform?
platform = inspec.platform
msg = "Profile #{profile_context_owner.profile_id} is not supported on platform #{platform.name}/#{platform.release}."
Allow passing a message to set_skip_rule. Previously, the `value` passed to set_skip_rule could be a boolean, or a message. Now value should always be a boolean, and if a message is needed one can be passed and will be set. Allow only_if to take a message during control_eval DSL. Add test for only_if(message). Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-08-07 17:10:45 +00:00
::Inspec::Rule.set_skip_rule(control, true, msg)
Add platform resource and platform supports (#2393) * Add platform resource and platform supports. Signed-off-by: Jared Quick <jquick@chef.io> * Cache platform and inspec checks and implement inspec_version. Signed-off-by: Jared Quick <jquick@chef.io> * Deprecate current inspec support in favor of inspec_version. Signed-off-by: Jared Quick <jquick@chef.io> * Update resource/profile skip messages. Signed-off-by: Jared Quick <jquick@chef.io> * Update load_resource to use platform instead of os. Signed-off-by: Jared Quick <jquick@chef.io> * Update platform example. Signed-off-by: Jared Quick <jquick@chef.io>
2018-01-02 19:04:13 +00:00
end
unless profile_context_owner.profile_supports_inspec_version?
msg = "Profile #{profile_context_owner.profile_id} is not supported on InSpec version (#{Inspec::VERSION})."
Allow passing a message to set_skip_rule. Previously, the `value` passed to set_skip_rule could be a boolean, or a message. Now value should always be a boolean, and if a message is needed one can be passed and will be set. Allow only_if to take a message during control_eval DSL. Add test for only_if(message). Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-08-07 17:10:45 +00:00
::Inspec::Rule.set_skip_rule(control, true, msg)
Add platform resource and platform supports (#2393) * Add platform resource and platform supports. Signed-off-by: Jared Quick <jquick@chef.io> * Cache platform and inspec checks and implement inspec_version. Signed-off-by: Jared Quick <jquick@chef.io> * Deprecate current inspec support in favor of inspec_version. Signed-off-by: Jared Quick <jquick@chef.io> * Update resource/profile skip messages. Signed-off-by: Jared Quick <jquick@chef.io> * Update load_resource to use platform instead of os. Signed-off-by: Jared Quick <jquick@chef.io> * Update platform example. Signed-off-by: Jared Quick <jquick@chef.io>
2018-01-02 19:04:13 +00:00
end
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
profile_context_owner.register_rule(control, &block) unless control.nil?
end
# method for attributes; import attribute handling
Implement InSpec global attributes (#3318) * Add yml attribute option. * Add type matching. * Add testing profile for global attributes testing all types. * Allow attributes to be called within a control block. * Fix attribut test issues and allow value to be set at runtime. * Allow setting attr value after creation. * Move attributes to global namespace. * Move attributes to a singleton object. * Add unit and updated functional testing. * Rename attributes to attributes_test so the testhelper picks it up. * Add attribute object tests and error types. * Update with feedback changes. * Remove extra line. * Move attribute registry class file. * Add documentation for attributes * Rename rspec_extensions. * Add some failing functional tests. * Update docs and fix typos. Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-12 20:42:58 +00:00
define_method :attribute do |name, options = {}|
if options.empty?
Inspec::AttributeRegistry.find_attribute(name, profile_id).value
else
profile_context_owner.register_attribute(name, options)
end
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
end
define_method :skip_control do |id|
profile_context_owner.unregister_rule(id)
end
Allow passing a message to set_skip_rule. Previously, the `value` passed to set_skip_rule could be a boolean, or a message. Now value should always be a boolean, and if a message is needed one can be passed and will be set. Allow only_if to take a message during control_eval DSL. Add test for only_if(message). Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-08-07 17:10:45 +00:00
define_method :only_if do |message = nil, &block|
Fix `only_if` behavior when used outside controls (#2216) * Fix `only_if` behavior when used outside controls This renames `@skip_profile` to `@skip_file` and modifies the scope of `only_if` (used outside of a control) to only apply to the control file that contains it instead of the entire profile. This does this by exposing `@skip_file` from the control context so that it can be set back to `false` between loading control files in the profile context. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `get_checks` to accept a rule index Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `only_if` to work regardless of location Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Disable Cyclomatic/Perceived Complexity in Rubocop Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add comment for `skip_file` in `load_control_file` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-10-17 12:47:30 +00:00
return unless block
Allow `inspec check` to ignore `only_if` (#2250) * Allow `inspec check` to ignore `only_if` When using `inspec check` a mock Train backend is created. This means that the following would raise an error because `os.name` is `nil` ``` only_if { os.name.include?('anything') } ``` Since `inspec check` isn't concerned with the evaluation of `only_if` this skips those checks if the block given raises an error. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Remove unnecessary `e` in rescue Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify implementation to use `check_mode` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Move `check_mode` concept to the Profile scope Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Fix lint after rubocop upgrade Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add comment for mocked ControlEvalContext options Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-12-05 13:13:41 +00:00
return if @skip_file == true
return if @skip_only_if_eval == true
return if block.yield == true
Fix `only_if` behavior when used outside controls (#2216) * Fix `only_if` behavior when used outside controls This renames `@skip_profile` to `@skip_file` and modifies the scope of `only_if` (used outside of a control) to only apply to the control file that contains it instead of the entire profile. This does this by exposing `@skip_file` from the control context so that it can be set back to `false` between loading control files in the profile context. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `get_checks` to accept a rule index Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `only_if` to work regardless of location Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Disable Cyclomatic/Perceived Complexity in Rubocop Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add comment for `skip_file` in `load_control_file` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-10-17 12:47:30 +00:00
# Apply `set_skip_rule` for other rules in the same file
profile_context_owner.rules.values.each do |r|
sources_match = r.source_file == block.source_location[0]
Allow passing a message to set_skip_rule. Previously, the `value` passed to set_skip_rule could be a boolean, or a message. Now value should always be a boolean, and if a message is needed one can be passed and will be set. Allow only_if to take a message during control_eval DSL. Add test for only_if(message). Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-08-07 17:10:45 +00:00
Inspec::Rule.set_skip_rule(r, true, message) if sources_match
Fix `only_if` behavior when used outside controls (#2216) * Fix `only_if` behavior when used outside controls This renames `@skip_profile` to `@skip_file` and modifies the scope of `only_if` (used outside of a control) to only apply to the control file that contains it instead of the entire profile. This does this by exposing `@skip_file` from the control context so that it can be set back to `false` between loading control files in the profile context. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `get_checks` to accept a rule index Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `only_if` to work regardless of location Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Disable Cyclomatic/Perceived Complexity in Rubocop Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add comment for `skip_file` in `load_control_file` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-10-17 12:47:30 +00:00
end
Allow passing a message to set_skip_rule. Previously, the `value` passed to set_skip_rule could be a boolean, or a message. Now value should always be a boolean, and if a message is needed one can be passed and will be set. Allow only_if to take a message during control_eval DSL. Add test for only_if(message). Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-08-07 17:10:45 +00:00
@skip_file_message = message
Fix `only_if` behavior when used outside controls (#2216) * Fix `only_if` behavior when used outside controls This renames `@skip_profile` to `@skip_file` and modifies the scope of `only_if` (used outside of a control) to only apply to the control file that contains it instead of the entire profile. This does this by exposing `@skip_file` from the control context so that it can be set back to `false` between loading control files in the profile context. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `get_checks` to accept a rule index Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `only_if` to work regardless of location Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Disable Cyclomatic/Perceived Complexity in Rubocop Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add comment for `skip_file` in `load_control_file` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-10-17 12:47:30 +00:00
@skip_file = true
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
end
alias_method :rule, :control
alias_method :skip_rule, :skip_control
private
def block_location(block, alternate_caller)
if block.nil?
alternate_caller[/^(.+:\d+):in .+$/, 1] || 'unknown'
else
path, line = block.source_location
"#{File.basename(path)}:#{line}"
end
end
end
end
end
end
Reference in a new issue Copy permalink