Add HTTP basic auth for URL based inspec deps (#3341)

* Add HTTP basic auth for URL based inspec deps * Add tests Signed-off-by: Noel Georgi <git@frezbo.com>
2024-11-23 05:03:07 +00:00 · 2018-08-30 22:27:50 +05:30 · 2018-08-30 22:27:50 +05:30 · 34ae5aac40
commit 34ae5aac40
parent d37f6a22f4
3 changed files with 30 additions and 2 deletions
--- a/docs/profiles.md
+++ b/docs/profiles.md
@ -199,6 +199,16 @@ depends:
  url: https://github.com/myusername/myprofile-repo/archive/master.tar.gz
 ```

+`url` also supports basic authentication.
+
+```YAML
+depends:
+- name: my-profile
+  url: https://my.domain/path/to/profile.tgz
+  username: user
+  password: password
+```
+
 ### git

 A `git` setting specifies a profile that is located in a git repository, with optional settings for branch, tag, commit, and version. The source location is translated into a URL upon resolution. This type of dependency supports version constraints via semantic versioning as git tags.
--- a/lib/fetchers/url.rb
+++ b/lib/fetchers/url.rb
@ -21,17 +21,19 @@ module Fetchers

    def self.resolve(target, opts = {})
      if target.is_a?(Hash) && target.key?(:url)
-        resolve_from_string(target[:url], opts)
+        resolve_from_string(target[:url], opts, target[:username], target[:password])
      elsif target.is_a?(String)
        resolve_from_string(target, opts)
      end
    end

-    def self.resolve_from_string(target, opts)
+    def self.resolve_from_string(target, opts, username = nil, password = nil)
      uri = URI.parse(target)
      return nil if uri.nil? or uri.scheme.nil?
      return nil unless %{ http https }.include? uri.scheme
      target = transform(target)
+      opts[:username] = username if username
+      opts[:password] = password if password
      new(target, opts)
    rescue URI::Error
      nil
@ -223,6 +225,8 @@ module Fetchers
        opts['Authorization'] = "Bearer #{@token}"
      end

+      opts[:http_basic_authentication] = [@config[:username], @config[:password]] if @config[:username]
+
      # Do not send any headers that have nil values.
      # Net::HTTP does not gracefully handle this situation.
      check_for_missing_values!(opts)
--- a/test/unit/fetchers/url_test.rb
+++ b/test/unit/fetchers/url_test.rb
@ -187,6 +187,20 @@ describe Fetchers::Url do
  describe '#http_opts' do
    let(:subject) { Fetchers::Url.new('fake_url', config) }

+    describe 'when username and password is specified' do
+      let(:config) { { :username => 'dummy', :password => 'dummy' } }
+      it 'returns a hash containing http_basic_authentication setting' do
+        subject.send(:http_opts)[:http_basic_authentication].must_equal ["dummy", "dummy"]
+      end
+    end
+
+    describe 'when only password is specified' do
+      let(:config) { { :password => 'dummy'} }
+      it 'returns a hash containing http_basic_authentication setting as nil' do
+        subject.send(:http_opts)[:http_basic_authentication].must_equal nil
+      end
+    end
+
    describe 'when insecure is specified' do
      let(:config) { { 'insecure' => true } }
      it 'returns a hash containing an ssl_verify_mode setting' do