Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-12-11 22:02:47 +00:00
Code Issues Projects Releases Packages Wiki Activity
inspec/lib/inspec/control_eval_context.rb

248 lines
8.8 KiB
Ruby
Raw Normal View History

Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
# author: Dominik Richter
# author: Christoph Hartmann
require 'inspec/dsl'
require 'inspec/dsl_shared'
module Inspec
#
# ControlEvalContext constructs an anonymous class that control
# files will be instance_exec'd against.
#
# The anonymous class includes the given passed resource_dsl as well
# as the basic DSL of the control files (describe, control, title,
# etc).
#
Rubocop: disable GuardClause and ClassLength (#2382) Neither of these cops is helping us write good code, and GuardClause specifically is actually contributing to us writing sometimes-unclear code. Disabling both of these cops and removing all unnecessary disable decorators in the codebase. Signed-off-by: Adam Leff <adam@leff.co>
2017-12-07 19:22:55 +00:00
class ControlEvalContext
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
# Create the context for controls. This includes all components of the DSL,
# including matchers and resources.
#
# @param [ResourcesDSL] resources_dsl which has all resources to attach
# @return [RuleContext] the inner context of rules
Implement InSpec global attributes (#3318) * Add yml attribute option. * Add type matching. * Add testing profile for global attributes testing all types. * Allow attributes to be called within a control block. * Fix attribut test issues and allow value to be set at runtime. * Allow setting attr value after creation. * Move attributes to global namespace. * Move attributes to a singleton object. * Add unit and updated functional testing. * Rename attributes to attributes_test so the testhelper picks it up. * Add attribute object tests and error types. * Update with feedback changes. * Remove extra line. * Move attribute registry class file. * Add documentation for attributes * Rename rspec_extensions. * Add some failing functional tests. * Update docs and fix typos. Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-12 20:42:58 +00:00
def self.rule_context(resources_dsl, profile_id)
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
require 'rspec/core/dsl'
Class.new(Inspec::Rule) do
include RSpec::Core::DSL
Ensure resources are visible inside its blocks The recent changes to provide isolated views of the available resources was not extended to Rspec::ExampleGroups. This ensures that ExampleGroups have access to the same resources as the enclosing Inspec::Rule. Signed-off-by: Steven Danna <steve@chef.io>
2016-09-14 13:57:26 +00:00
with_resource_dsl resources_dsl
Implement InSpec global attributes (#3318) * Add yml attribute option. * Add type matching. * Add testing profile for global attributes testing all types. * Allow attributes to be called within a control block. * Fix attribut test issues and allow value to be set at runtime. * Allow setting attr value after creation. * Move attributes to global namespace. * Move attributes to a singleton object. * Add unit and updated functional testing. * Rename attributes to attributes_test so the testhelper picks it up. * Add attribute object tests and error types. * Update with feedback changes. * Remove extra line. * Move attribute registry class file. * Add documentation for attributes * Rename rspec_extensions. * Add some failing functional tests. * Update docs and fix typos. Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-12 20:42:58 +00:00
# allow attributes to be accessed within control blocks
Add input() DSL method, could use some DRY up Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-05-01 03:56:17 +00:00
define_method :input do |input_name, options = {}|
Get unit and functional tests passing Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-03-07 18:52:03 +00:00
if options.empty?
# Simply an access, no event here
Inspec::InputRegistry.find_or_register_input(input_name, profile_id).value
else
options[:priority] = 20
options[:provider] = :inline_control_code
evt = Inspec::Input.infer_event(options)
How was value: ever working? Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-05-01 03:27:06 +00:00
Inspec::InputRegistry.find_or_register_input(input_name, profile_id, event: evt).value
Get unit and functional tests passing Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-03-07 18:52:03 +00:00
end
end
# Find the Input object, but don't collapse to a value.
# Will return nil on a miss.
define_method :input_object do |input_name|
Inspec::InputRegistry.find_or_register_input(input_name, profile_id)
Implement InSpec global attributes (#3318) * Add yml attribute option. * Add type matching. * Add testing profile for global attributes testing all types. * Allow attributes to be called within a control block. * Fix attribut test issues and allow value to be set at runtime. * Allow setting attr value after creation. * Move attributes to global namespace. * Move attributes to a singleton object. * Add unit and updated functional testing. * Rename attributes to attributes_test so the testhelper picks it up. * Add attribute object tests and error types. * Update with feedback changes. * Remove extra line. * Move attribute registry class file. * Add documentation for attributes * Rename rspec_extensions. * Add some failing functional tests. * Update docs and fix typos. Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-12 20:42:58 +00:00
end
Plugin Type: DSLs (#3557) This PR adds 5 closely related plugin types, which allow a plugin to implement new DSL methods / keywords. The mechanism to activate the plugins are all very similar - basically, in a particular location in the code, `method_missing` is implemented, and is used to activate the particular type of DSL being requested. 4 of the DSL plugin types relate to code that could appear in a profile control file. * outer_profile_dsl plugins allow you to extend the code in profile Ruby files that appear outside `control` or `describe` blocks. * control_dsl plugins allow you to extend the code within `control` blocks. * describe_dsl plugins allow you to extend the code within `describe` blocks. * test_dsl plugins allow you to extend the code within `it`/`its` blocks. Finally, the `resource_dsl` plugin allows you to extend the code used within custom resources. Basic unit tests are provided to prove that the plugin types are properly defined. A simple plugin fixture defining DSL hooks (based on favorite foods) is included, and is exercised through a set of functional tests. The plugin developer docs are updated to describe the 5 DSLs. *Note*: Implementing a plugin using any of the DSL plugin types is experimental. The contexts that are exposed to the DSL methods are private and poorly documented. The InSpec project does not claim the APIs used by these plugin types are covered by SemVer. Plugin authors are encouraged to pin tightly to the `inspec` gem in their gemspecs. Motivation for this plugin comes from the desire to allow passionate community members to implement things like "2 out of 3" tests, example groups, improved serverspec compatibility, "they/their" and other "fluency" changes, as well as make it possible for future work by the InSpec team to be implemented as a core plugin, rather than a direct change to the main codebase.
2018-11-29 19:14:06 +00:00
Add input() DSL method, could use some DRY up Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-05-01 03:56:17 +00:00
define_method :attribute do |name, options = {}|
Inspec.deprecate(:attrs_dsl, "Input name: #{name}, Profile: #{profile_id}")
input(name, options)
end
Plugin Type: DSLs (#3557) This PR adds 5 closely related plugin types, which allow a plugin to implement new DSL methods / keywords. The mechanism to activate the plugins are all very similar - basically, in a particular location in the code, `method_missing` is implemented, and is used to activate the particular type of DSL being requested. 4 of the DSL plugin types relate to code that could appear in a profile control file. * outer_profile_dsl plugins allow you to extend the code in profile Ruby files that appear outside `control` or `describe` blocks. * control_dsl plugins allow you to extend the code within `control` blocks. * describe_dsl plugins allow you to extend the code within `describe` blocks. * test_dsl plugins allow you to extend the code within `it`/`its` blocks. Finally, the `resource_dsl` plugin allows you to extend the code used within custom resources. Basic unit tests are provided to prove that the plugin types are properly defined. A simple plugin fixture defining DSL hooks (based on favorite foods) is included, and is exercised through a set of functional tests. The plugin developer docs are updated to describe the 5 DSLs. *Note*: Implementing a plugin using any of the DSL plugin types is experimental. The contexts that are exposed to the DSL methods are private and poorly documented. The InSpec project does not claim the APIs used by these plugin types are covered by SemVer. Plugin authors are encouraged to pin tightly to the `inspec` gem in their gemspecs. Motivation for this plugin comes from the desire to allow passionate community members to implement things like "2 out of 3" tests, example groups, improved serverspec compatibility, "they/their" and other "fluency" changes, as well as make it possible for future work by the InSpec team to be implemented as a core plugin, rather than a direct change to the main codebase.
2018-11-29 19:14:06 +00:00
# Support for Control DSL plugins.
# This is called when an unknown method is encountered
# within a control block.
def method_missing(method_name, *arguments, &block)
# Check to see if there is a control_dsl plugin activator hook with the method name
registry = Inspec::Plugin::V2::Registry.instance
hook = registry.find_activators(plugin_type: :control_dsl, activator_name: method_name).first
if hook
# OK, load the hook if it hasn't been already. We'll then know a module,
# which we can then inject into the context
Remove spurious 'unless activated?' on most activation calls Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-02-06 17:22:51 +00:00
hook.activate
Plugin Type: DSLs (#3557) This PR adds 5 closely related plugin types, which allow a plugin to implement new DSL methods / keywords. The mechanism to activate the plugins are all very similar - basically, in a particular location in the code, `method_missing` is implemented, and is used to activate the particular type of DSL being requested. 4 of the DSL plugin types relate to code that could appear in a profile control file. * outer_profile_dsl plugins allow you to extend the code in profile Ruby files that appear outside `control` or `describe` blocks. * control_dsl plugins allow you to extend the code within `control` blocks. * describe_dsl plugins allow you to extend the code within `describe` blocks. * test_dsl plugins allow you to extend the code within `it`/`its` blocks. Finally, the `resource_dsl` plugin allows you to extend the code used within custom resources. Basic unit tests are provided to prove that the plugin types are properly defined. A simple plugin fixture defining DSL hooks (based on favorite foods) is included, and is exercised through a set of functional tests. The plugin developer docs are updated to describe the 5 DSLs. *Note*: Implementing a plugin using any of the DSL plugin types is experimental. The contexts that are exposed to the DSL methods are private and poorly documented. The InSpec project does not claim the APIs used by these plugin types are covered by SemVer. Plugin authors are encouraged to pin tightly to the `inspec` gem in their gemspecs. Motivation for this plugin comes from the desire to allow passionate community members to implement things like "2 out of 3" tests, example groups, improved serverspec compatibility, "they/their" and other "fluency" changes, as well as make it possible for future work by the InSpec team to be implemented as a core plugin, rather than a direct change to the main codebase.
2018-11-29 19:14:06 +00:00
# Inject the module's methods into the context.
# implementation_class is the field name, but this is actually a module.
self.class.include(hook.implementation_class)
# Now that the module is loaded, it defined one or more methods
# (presumably the one we were looking for.)
# We still haven't called it, so do so now.
send(method_name, *arguments, &block)
else
# If we couldn't find a plugin to match, maybe something up above has it,
# or maybe it is just a unknown method error.
super
end
end
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
end
end
# Creates the heart of the control eval context:
#
# An instantiated object which has all resources registered to it
# and exposes them to the a test file.
#
# @param profile_context [Inspec::ProfileContext]
# @param outer_dsl [OuterDSLClass]
# @return [ProfileContextClass]
Fix `only_if` behavior when used outside controls (#2216) * Fix `only_if` behavior when used outside controls This renames `@skip_profile` to `@skip_file` and modifies the scope of `only_if` (used outside of a control) to only apply to the control file that contains it instead of the entire profile. This does this by exposing `@skip_file` from the control context so that it can be set back to `false` between loading control files in the profile context. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `get_checks` to accept a rule index Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `only_if` to work regardless of location Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Disable Cyclomatic/Perceived Complexity in Rubocop Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add comment for `skip_file` in `load_control_file` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-10-17 12:47:30 +00:00
def self.create(profile_context, resources_dsl) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
profile_context_owner = profile_context
profile_id = profile_context.profile_id
Implement InSpec global attributes (#3318) * Add yml attribute option. * Add type matching. * Add testing profile for global attributes testing all types. * Allow attributes to be called within a control block. * Fix attribut test issues and allow value to be set at runtime. * Allow setting attr value after creation. * Move attributes to global namespace. * Move attributes to a singleton object. * Add unit and updated functional testing. * Rename attributes to attributes_test so the testhelper picks it up. * Add attribute object tests and error types. * Update with feedback changes. * Remove extra line. * Move attribute registry class file. * Add documentation for attributes * Rename rspec_extensions. * Add some failing functional tests. * Update docs and fix typos. Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-12 20:42:58 +00:00
rule_class = rule_context(resources_dsl, profile_id)
Bump Rubocop to 0.49.1 (#2323) * Bump Rubocop to 0.49.1 This change bumps Rubocop to 0.49.1. There have been a lot of changes since 0.39.0 and this PR is hopefully a nice compromise of turning off certain cops and updating our codebase to take advantage of new Ruby 2.3 methods and operators. Signed-off-by: Adam Leff <adam@leff.co> * Set end-of-line format to line-feed only, avoid Windows-related CRLF issues Signed-off-by: Adam Leff <adam@leff.co>
2017-11-21 07:49:41 +00:00
Class.new do # rubocop:disable Metrics/BlockLength
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
include Inspec::DSL
include Inspec::DSL::RequireOverride
include resources_dsl
Fix `only_if` behavior when used outside controls (#2216) * Fix `only_if` behavior when used outside controls This renames `@skip_profile` to `@skip_file` and modifies the scope of `only_if` (used outside of a control) to only apply to the control file that contains it instead of the entire profile. This does this by exposing `@skip_file` from the control context so that it can be set back to `false` between loading control files in the profile context. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `get_checks` to accept a rule index Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `only_if` to work regardless of location Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Disable Cyclomatic/Perceived Complexity in Rubocop Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add comment for `skip_file` in `load_control_file` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-10-17 12:47:30 +00:00
attr_accessor :skip_file
Allow `inspec check` to ignore `only_if` (#2250) * Allow `inspec check` to ignore `only_if` When using `inspec check` a mock Train backend is created. This means that the following would raise an error because `os.name` is `nil` ``` only_if { os.name.include?('anything') } ``` Since `inspec check` isn't concerned with the evaluation of `only_if` this skips those checks if the block given raises an error. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Remove unnecessary `e` in rescue Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify implementation to use `check_mode` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Move `check_mode` concept to the Profile scope Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Fix lint after rubocop upgrade Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add comment for mocked ControlEvalContext options Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-12-05 13:13:41 +00:00
def initialize(backend, conf, dependencies, require_loader, skip_only_if_eval)
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
@backend = backend
@conf = conf
@dependencies = dependencies
@require_loader = require_loader
Allow passing a message to set_skip_rule. Previously, the `value` passed to set_skip_rule could be a boolean, or a message. Now value should always be a boolean, and if a message is needed one can be passed and will be set. Allow only_if to take a message during control_eval DSL. Add test for only_if(message). Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-08-07 17:10:45 +00:00
@skip_file_message = nil
Fix `only_if` behavior when used outside controls (#2216) * Fix `only_if` behavior when used outside controls This renames `@skip_profile` to `@skip_file` and modifies the scope of `only_if` (used outside of a control) to only apply to the control file that contains it instead of the entire profile. This does this by exposing `@skip_file` from the control context so that it can be set back to `false` between loading control files in the profile context. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `get_checks` to accept a rule index Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `only_if` to work regardless of location Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Disable Cyclomatic/Perceived Complexity in Rubocop Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add comment for `skip_file` in `load_control_file` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-10-17 12:47:30 +00:00
@skip_file = false
Allow `inspec check` to ignore `only_if` (#2250) * Allow `inspec check` to ignore `only_if` When using `inspec check` a mock Train backend is created. This means that the following would raise an error because `os.name` is `nil` ``` only_if { os.name.include?('anything') } ``` Since `inspec check` isn't concerned with the evaluation of `only_if` this skips those checks if the block given raises an error. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Remove unnecessary `e` in rescue Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify implementation to use `check_mode` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Move `check_mode` concept to the Profile scope Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Fix lint after rubocop upgrade Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add comment for mocked ControlEvalContext options Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-12-05 13:13:41 +00:00
@skip_only_if_eval = skip_only_if_eval
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
end
define_method :title do |arg|
profile_context_owner.set_header(:title, arg)
end
def to_s
Minor code-review change to ControlEvalContext - Add comment describing describe - Fixup to_s output to be more accurate Signed-off-by: Steven Danna <steve@chef.io>
2016-09-05 08:28:50 +00:00
"Control Evaluation Context (#{profile_name})"
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
end
define_method :profile_name do
profile_id
end
define_method :control do |*args, &block|
id = args[0]
opts = args[1] || {}
Allow `inspec check` to ignore `only_if` (#2250) * Allow `inspec check` to ignore `only_if` When using `inspec check` a mock Train backend is created. This means that the following would raise an error because `os.name` is `nil` ``` only_if { os.name.include?('anything') } ``` Since `inspec check` isn't concerned with the evaluation of `only_if` this skips those checks if the block given raises an error. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Remove unnecessary `e` in rescue Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify implementation to use `check_mode` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Move `check_mode` concept to the Profile scope Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Fix lint after rubocop upgrade Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add comment for mocked ControlEvalContext options Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-12-05 13:13:41 +00:00
opts[:skip_only_if_eval] = @skip_only_if_eval
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
register_control(rule_class.new(id, profile_id, opts, &block))
end
Minor code-review change to ControlEvalContext - Add comment describing describe - Fixup to_s output to be more accurate Signed-off-by: Steven Danna <steve@chef.io>
2016-09-05 08:28:50 +00:00
#
# Describe allows users to write rspec-like bare describe
# blocks without declaring an inclosing control. Here, we
# generate a control for them automatically and then execute
# the describe block in the context of that control.
#
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
define_method :describe do |*args, &block|
Bump Rubocop to 0.49.1 (#2323) * Bump Rubocop to 0.49.1 This change bumps Rubocop to 0.49.1. There have been a lot of changes since 0.39.0 and this PR is hopefully a nice compromise of turning off certain cops and updating our codebase to take advantage of new Ruby 2.3 methods and operators. Signed-off-by: Adam Leff <adam@leff.co> * Set end-of-line format to line-feed only, avoid Windows-related CRLF issues Signed-off-by: Adam Leff <adam@leff.co>
2017-11-21 07:49:41 +00:00
loc = block_location(block, caller(1..1).first)
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
id = "(generated from #{loc} #{SecureRandom.hex})"
res = nil
rule = rule_class.new(id, profile_id, {}) do
res = describe(*args, &block)
end
register_control(rule, &block)
res
end
Allow users to reference resources from dependencies All resources from deps are added into the control_eval_context used by the current profile. However, if there is a name conflict, the last loaded resource wins. The new `require_resource` dsl method allows the user to do the following: require_resource(profile: 'profile_name', resource: 'other', as: 'renamed') describe renamed do ... end Signed-off-by: Steven Danna <steve@chef.io>
2016-09-15 07:54:15 +00:00
define_method :add_resource do |name, new_res|
resources_dsl.module_exec do
define_method name.to_sym do |*args|
new_res.new(@backend, name.to_s, *args)
end
end
end
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
define_method :add_resources do |context|
self.class.class_eval do
include context.to_resources_dsl
end
rule_class.class_eval do
include context.to_resources_dsl
end
end
define_method :add_subcontext do |context|
profile_context_owner.add_subcontext(context)
end
define_method :register_control do |control, &block|
Add platform resource and platform supports (#2393) * Add platform resource and platform supports. Signed-off-by: Jared Quick <jquick@chef.io> * Cache platform and inspec checks and implement inspec_version. Signed-off-by: Jared Quick <jquick@chef.io> * Deprecate current inspec support in favor of inspec_version. Signed-off-by: Jared Quick <jquick@chef.io> * Update resource/profile skip messages. Signed-off-by: Jared Quick <jquick@chef.io> * Update load_resource to use platform instead of os. Signed-off-by: Jared Quick <jquick@chef.io> * Update platform example. Signed-off-by: Jared Quick <jquick@chef.io>
2018-01-02 19:04:13 +00:00
if @skip_file
Allow passing a message to set_skip_rule. Previously, the `value` passed to set_skip_rule could be a boolean, or a message. Now value should always be a boolean, and if a message is needed one can be passed and will be set. Allow only_if to take a message during control_eval DSL. Add test for only_if(message). Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-08-07 17:10:45 +00:00
::Inspec::Rule.set_skip_rule(control, true, @skip_file_message)
Skip controls from profile's that don't support the current platform Any controls included from profiles that don't support our current platform are now marked as skipped. Fixes #1049
2016-09-14 07:41:19 +00:00
end
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
Add platform resource and platform supports (#2393) * Add platform resource and platform supports. Signed-off-by: Jared Quick <jquick@chef.io> * Cache platform and inspec checks and implement inspec_version. Signed-off-by: Jared Quick <jquick@chef.io> * Deprecate current inspec support in favor of inspec_version. Signed-off-by: Jared Quick <jquick@chef.io> * Update resource/profile skip messages. Signed-off-by: Jared Quick <jquick@chef.io> * Update load_resource to use platform instead of os. Signed-off-by: Jared Quick <jquick@chef.io> * Update platform example. Signed-off-by: Jared Quick <jquick@chef.io>
2018-01-02 19:04:13 +00:00
unless profile_context_owner.profile_supports_platform?
platform = inspec.platform
msg = "Profile #{profile_context_owner.profile_id} is not supported on platform #{platform.name}/#{platform.release}."
Allow passing a message to set_skip_rule. Previously, the `value` passed to set_skip_rule could be a boolean, or a message. Now value should always be a boolean, and if a message is needed one can be passed and will be set. Allow only_if to take a message during control_eval DSL. Add test for only_if(message). Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-08-07 17:10:45 +00:00
::Inspec::Rule.set_skip_rule(control, true, msg)
Add platform resource and platform supports (#2393) * Add platform resource and platform supports. Signed-off-by: Jared Quick <jquick@chef.io> * Cache platform and inspec checks and implement inspec_version. Signed-off-by: Jared Quick <jquick@chef.io> * Deprecate current inspec support in favor of inspec_version. Signed-off-by: Jared Quick <jquick@chef.io> * Update resource/profile skip messages. Signed-off-by: Jared Quick <jquick@chef.io> * Update load_resource to use platform instead of os. Signed-off-by: Jared Quick <jquick@chef.io> * Update platform example. Signed-off-by: Jared Quick <jquick@chef.io>
2018-01-02 19:04:13 +00:00
end
unless profile_context_owner.profile_supports_inspec_version?
msg = "Profile #{profile_context_owner.profile_id} is not supported on InSpec version (#{Inspec::VERSION})."
Allow passing a message to set_skip_rule. Previously, the `value` passed to set_skip_rule could be a boolean, or a message. Now value should always be a boolean, and if a message is needed one can be passed and will be set. Allow only_if to take a message during control_eval DSL. Add test for only_if(message). Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-08-07 17:10:45 +00:00
::Inspec::Rule.set_skip_rule(control, true, msg)
Add platform resource and platform supports (#2393) * Add platform resource and platform supports. Signed-off-by: Jared Quick <jquick@chef.io> * Cache platform and inspec checks and implement inspec_version. Signed-off-by: Jared Quick <jquick@chef.io> * Deprecate current inspec support in favor of inspec_version. Signed-off-by: Jared Quick <jquick@chef.io> * Update resource/profile skip messages. Signed-off-by: Jared Quick <jquick@chef.io> * Update load_resource to use platform instead of os. Signed-off-by: Jared Quick <jquick@chef.io> * Update platform example. Signed-off-by: Jared Quick <jquick@chef.io>
2018-01-02 19:04:13 +00:00
end
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
profile_context_owner.register_rule(control, &block) unless control.nil?
end
Add input() DSL method, could use some DRY up Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-05-01 03:56:17 +00:00
define_method :input do |input_name, options = {}|
Get unit and functional tests passing Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-03-07 18:52:03 +00:00
if options.empty?
# Simply an access, no event here
Inspec::InputRegistry.find_or_register_input(input_name, profile_id).value
Implement InSpec global attributes (#3318) * Add yml attribute option. * Add type matching. * Add testing profile for global attributes testing all types. * Allow attributes to be called within a control block. * Fix attribut test issues and allow value to be set at runtime. * Allow setting attr value after creation. * Move attributes to global namespace. * Move attributes to a singleton object. * Add unit and updated functional testing. * Rename attributes to attributes_test so the testhelper picks it up. * Add attribute object tests and error types. * Update with feedback changes. * Remove extra line. * Move attribute registry class file. * Add documentation for attributes * Rename rspec_extensions. * Add some failing functional tests. * Update docs and fix typos. Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-12 20:42:58 +00:00
else
Get unit and functional tests passing Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-03-07 18:52:03 +00:00
options[:priority] = 20
options[:provider] = :inline_control_code
evt = Inspec::Input.infer_event(options)
Add input() DSL method, could use some DRY up Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-05-01 03:56:17 +00:00
Inspec::InputRegistry.find_or_register_input(input_name, profile_id, event: evt).value
Implement InSpec global attributes (#3318) * Add yml attribute option. * Add type matching. * Add testing profile for global attributes testing all types. * Allow attributes to be called within a control block. * Fix attribut test issues and allow value to be set at runtime. * Allow setting attr value after creation. * Move attributes to global namespace. * Move attributes to a singleton object. * Add unit and updated functional testing. * Rename attributes to attributes_test so the testhelper picks it up. * Add attribute object tests and error types. * Update with feedback changes. * Remove extra line. * Move attribute registry class file. * Add documentation for attributes * Rename rspec_extensions. * Add some failing functional tests. * Update docs and fix typos. Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-12 20:42:58 +00:00
end
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
end
Get unit and functional tests passing Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-03-07 18:52:03 +00:00
# Find the Input object, but don't collapse to a value.
# Will return nil on a miss.
define_method :input_object do |input_name|
Inspec::InputRegistry.find_or_register_input(input_name, profile_id)
end
Add input() DSL method, could use some DRY up Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-05-01 03:56:17 +00:00
define_method :attribute do |name, options = {}|
Inspec.deprecate(:attrs_dsl, "Input name: #{name}, Profile: #{profile_id}")
input(name, options)
end
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
define_method :skip_control do |id|
profile_context_owner.unregister_rule(id)
end
Allow passing a message to set_skip_rule. Previously, the `value` passed to set_skip_rule could be a boolean, or a message. Now value should always be a boolean, and if a message is needed one can be passed and will be set. Allow only_if to take a message during control_eval DSL. Add test for only_if(message). Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-08-07 17:10:45 +00:00
define_method :only_if do |message = nil, &block|
Fix `only_if` behavior when used outside controls (#2216) * Fix `only_if` behavior when used outside controls This renames `@skip_profile` to `@skip_file` and modifies the scope of `only_if` (used outside of a control) to only apply to the control file that contains it instead of the entire profile. This does this by exposing `@skip_file` from the control context so that it can be set back to `false` between loading control files in the profile context. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `get_checks` to accept a rule index Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `only_if` to work regardless of location Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Disable Cyclomatic/Perceived Complexity in Rubocop Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add comment for `skip_file` in `load_control_file` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-10-17 12:47:30 +00:00
return unless block
Allow `inspec check` to ignore `only_if` (#2250) * Allow `inspec check` to ignore `only_if` When using `inspec check` a mock Train backend is created. This means that the following would raise an error because `os.name` is `nil` ``` only_if { os.name.include?('anything') } ``` Since `inspec check` isn't concerned with the evaluation of `only_if` this skips those checks if the block given raises an error. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Remove unnecessary `e` in rescue Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify implementation to use `check_mode` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Move `check_mode` concept to the Profile scope Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Fix lint after rubocop upgrade Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add comment for mocked ControlEvalContext options Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-12-05 13:13:41 +00:00
return if @skip_file == true
return if @skip_only_if_eval == true
return if block.yield == true
Fix `only_if` behavior when used outside controls (#2216) * Fix `only_if` behavior when used outside controls This renames `@skip_profile` to `@skip_file` and modifies the scope of `only_if` (used outside of a control) to only apply to the control file that contains it instead of the entire profile. This does this by exposing `@skip_file` from the control context so that it can be set back to `false` between loading control files in the profile context. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `get_checks` to accept a rule index Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `only_if` to work regardless of location Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Disable Cyclomatic/Perceived Complexity in Rubocop Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add comment for `skip_file` in `load_control_file` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-10-17 12:47:30 +00:00
# Apply `set_skip_rule` for other rules in the same file
profile_context_owner.rules.values.each do |r|
sources_match = r.source_file == block.source_location[0]
Allow passing a message to set_skip_rule. Previously, the `value` passed to set_skip_rule could be a boolean, or a message. Now value should always be a boolean, and if a message is needed one can be passed and will be set. Allow only_if to take a message during control_eval DSL. Add test for only_if(message). Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-08-07 17:10:45 +00:00
Inspec::Rule.set_skip_rule(r, true, message) if sources_match
Fix `only_if` behavior when used outside controls (#2216) * Fix `only_if` behavior when used outside controls This renames `@skip_profile` to `@skip_file` and modifies the scope of `only_if` (used outside of a control) to only apply to the control file that contains it instead of the entire profile. This does this by exposing `@skip_file` from the control context so that it can be set back to `false` between loading control files in the profile context. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `get_checks` to accept a rule index Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `only_if` to work regardless of location Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Disable Cyclomatic/Perceived Complexity in Rubocop Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add comment for `skip_file` in `load_control_file` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-10-17 12:47:30 +00:00
end
Allow passing a message to set_skip_rule. Previously, the `value` passed to set_skip_rule could be a boolean, or a message. Now value should always be a boolean, and if a message is needed one can be passed and will be set. Allow only_if to take a message during control_eval DSL. Add test for only_if(message). Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-08-07 17:10:45 +00:00
@skip_file_message = message
Fix `only_if` behavior when used outside controls (#2216) * Fix `only_if` behavior when used outside controls This renames `@skip_profile` to `@skip_file` and modifies the scope of `only_if` (used outside of a control) to only apply to the control file that contains it instead of the entire profile. This does this by exposing `@skip_file` from the control context so that it can be set back to `false` between loading control files in the profile context. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `get_checks` to accept a rule index Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `only_if` to work regardless of location Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Disable Cyclomatic/Perceived Complexity in Rubocop Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add comment for `skip_file` in `load_control_file` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-10-17 12:47:30 +00:00
@skip_file = true
Use per-profile execution contexts for library loading Previously, libraries were loaded by instance_eval'ing them against the same execution context used for control files. All resources were registered against a single global registry when the `name` dsl method was invoked. To obtain seperation of resources, we would mutate the instance variable holding the globale registry and then change it back at the end. Now, we instance_eval library files inside an anonymous class. This class has its own version of `Inspec.resource` that returns another class with the resource DSL method and the profile-specific resource registry.
2016-08-31 15:48:51 +00:00
end
alias_method :rule, :control
alias_method :skip_rule, :skip_control
private
def block_location(block, alternate_caller)
if block.nil?
alternate_caller[/^(.+:\d+):in .+$/, 1] || 'unknown'
else
path, line = block.source_location
"#{File.basename(path)}:#{line}"
end
end
end
end
end
end
Reference in a new issue Copy permalink