Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-30 08:30:39 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1027 from chef/ap/ssl-improvements

Browse source 
ssl resource fix and speed improvement
This commit is contained in:
Christoph Hartmann 2016-09-07 11:09:52 +02:00 committed by GitHub
commit 1268a28ea9
2 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
inspec.gemspec
View file

@ -36,4 +36,5 @@ Gem::Specification.new do |spec|
spec.add_dependency 'hashie', '~> 3.4' spec.add_dependency 'hashie', '~> 3.4'
spec.add_dependency 'mixlib-log' spec.add_dependency 'mixlib-log'
spec.add_dependency 'sslshake', '~> 1' spec.add_dependency 'sslshake', '~> 1'
spec.add_dependency 'parallel', '~> 1.9'
end end

9
lib/resources/ssl.rb
View file

@ -6,6 +6,8 @@
require 'sslshake' require 'sslshake'
require 'utils/filter' require 'utils/filter'
require 'uri'
require 'parallel'
# Custom resource based on the InSpec resource DSL # Custom resource based on the InSpec resource DSL
class SSL < Inspec.resource(1) class SSL < Inspec.resource(1)
@ -44,6 +46,11 @@ class SSL < Inspec.resource(1)
def initialize(opts = {}) def initialize(opts = {})
@host = opts[:host] || @host = opts[:host] ||
inspec.backend.instance_variable_get(:@hostname) inspec.backend.instance_variable_get(:@hostname)
# FIXME: This can be removed when/if @hostname is available as a property for 'Train::Transports::WinRM::Connection'
# Train enhancement request for this here: https://github.com/chef/train/issues/128
if @host.nil? && inspec.backend.class.to_s == 'Train::Transports::WinRM::Connection'
@host = URI.parse(inspec.backend.instance_variable_get(:@options)[:endpoint]).hostname
end
if @host.nil? && inspec.backend.class.to_s == 'Train::Transports::Local::Connection' if @host.nil? && inspec.backend.class.to_s == 'Train::Transports::Local::Connection'
@host = 'localhost' @host = 'localhost'
end end
@ -63,7 +70,7 @@ class SSL < Inspec.resource(1)
.add(:enabled?) { |x| x.handshake.values.any? { |i| i['success'] } } .add(:enabled?) { |x| x.handshake.values.any? { |i| i['success'] } }
.add(:handshake) { |x| .add(:handshake) { |x|
groups = x.entries.group_by(&:protocol) groups = x.entries.group_by(&:protocol)
res = groups.map do |proto, e| res = Parallel.map(groups, in_threads: 8) do |proto, e|
[proto, SSLShake.hello(x.resource.host, port: x.resource.port, [proto, SSLShake.hello(x.resource.host, port: x.resource.port,
protocol: proto, ciphers: e.map(&:cipher), protocol: proto, ciphers: e.map(&:cipher),
timeout: @timeout, retries: @retries)] timeout: @timeout, retries: @retries)]