Merge pull request #6108 from inspec/nm/add-resource-id-group-3

CFINSPEC-264 Group 3 - Added resource_id in resources
This commit is contained in:
Clinton Wolfe 2022-06-08 16:05:09 -04:00 committed by GitHub
commit 3f9b234160
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 54 additions and 1 deletions

View file

@ -92,6 +92,10 @@ module Inspec::Resources
"Docker Container #{name}" "Docker Container #{name}"
end end
def resource_id
object_info.ids[0] || @opts[:id] || @opts[:name] || ""
end
private private
def object_info def object_info

View file

@ -72,6 +72,10 @@ module Inspec::Resources
"Docker Image #{img}" "Docker Image #{img}"
end end
def resource_id
object_info.ids[0] || @opts[:id] || @opts[:image] || ""
end
private private
def sanitize_options(opts) def sanitize_options(opts)

View file

@ -50,6 +50,10 @@ module Inspec::Resources
"Docker plugin #{plugin}" "Docker plugin #{plugin}"
end end
def resource_id
id || @opts[:id] || @opts[:name] || ""
end
private private
def object_info def object_info

View file

@ -73,6 +73,10 @@ module Inspec::Resources
"Docker Service #{service}" "Docker Service #{service}"
end end
def resource_id
object_info.ids[0] || @opts[:id] || @opts[:name] || ""
end
private private
def sanitize_options(opts) def sanitize_options(opts)

View file

@ -95,6 +95,10 @@ module Inspec::Resources
"/etc/group" "/etc/group"
end end
def resource_id
@path
end
private private
def parse_group(path) def parse_group(path)

View file

@ -37,6 +37,10 @@ module Inspec::Resources
"hosts.allow Configuration" "hosts.allow Configuration"
end end
def resource_id
@conf_path
end
private private
def read_content def read_content
@ -110,5 +114,6 @@ module Inspec::Resources
def to_s def to_s
"hosts.deny Configuration" "hosts.deny Configuration"
end end
end end
end end

View file

@ -35,11 +35,12 @@ module Inspec::Resources
end end
EXAMPLE EXAMPLE
attr_reader :file, :mount_options attr_reader :file, :mount_options, :path
def initialize(path) def initialize(path)
# select permissions style # select permissions style
@perms_provider = select_file_perms_style(inspec.os) @perms_provider = select_file_perms_style(inspec.os)
@file = inspec.backend.file(path) @file = inspec.backend.file(path)
@path = path
end end
%w{ %w{
@ -217,6 +218,10 @@ module Inspec::Resources
end end
end end
def resource_id
path
end
private private
def file_permission_granted?(access_type, by_usergroup, by_specific_user) def file_permission_granted?(access_type, by_usergroup, by_specific_user)

View file

@ -12,6 +12,7 @@ describe "Inspec::Resources::DockerContainer" do
_(resource.tag).must_be_nil _(resource.tag).must_be_nil
_(resource.command).must_equal "/bin/sh" _(resource.command).must_equal "/bin/sh"
_(resource.ports).must_equal "" _(resource.ports).must_equal ""
_(resource.resource_id).must_equal "d94f854370d2b02912e8fc636502bc72b74fbd567a7eba3fc6a52045bb28904e"
end end
it "check container parsing for alpine" do it "check container parsing for alpine" do
@ -23,6 +24,7 @@ describe "Inspec::Resources::DockerContainer" do
_(resource.command).must_equal "/bin/bash" _(resource.command).must_equal "/bin/bash"
_(resource.ports).must_equal "" _(resource.ports).must_equal ""
_(resource.labels).must_equal ["app=example", "version=1.5.4"] _(resource.labels).must_equal ["app=example", "version=1.5.4"]
_(resource.resource_id).must_equal "3def9aa450f8bd772c3d5b07e27ec934e5f58575e955367a0aca2d93e0687536"
end end
it "returns an empty array when parsing a container with no labels specified" do it "returns an empty array when parsing a container with no labels specified" do

View file

@ -10,6 +10,7 @@ describe "Inspec::Resources::DockerImage" do
_(resource.tag).must_equal "latest" _(resource.tag).must_equal "latest"
_(resource.image).must_equal "alpine:latest" _(resource.image).must_equal "alpine:latest"
_(resource.repo).must_equal "alpine" _(resource.repo).must_equal "alpine"
_(resource.resource_id).must_equal "sha256:4a415e3663882fbc554ee830889c68a33b3585503892cc718a4698e91ef2a526"
end end
# Test case for inspect image information handled by inspection and method_missing # Test case for inspect image information handled by inspection and method_missing
@ -19,6 +20,7 @@ describe "Inspec::Resources::DockerImage" do
_(resource["Config.Cmd"]).must_include "bash" _(resource["Config.Cmd"]).must_include "bash"
_(resource.inspection).must_include "Architecture" _(resource.inspection).must_include "Architecture"
_(resource.inspection.Architecture).must_equal "arm64" _(resource.inspection.Architecture).must_equal "arm64"
_(resource.resource_id).must_equal "ubuntu:latest"
end end
# Test case for inspect image information with invalid keys # Test case for inspect image information with invalid keys

View file

@ -10,6 +10,7 @@ describe "Inspec::Resources::DockerContainer" do
_(resource.version).must_equal "18.03.1-ce-aws1" _(resource.version).must_equal "18.03.1-ce-aws1"
_(resource.enabled?).must_equal false _(resource.enabled?).must_equal false
_(resource.exist?).must_equal true _(resource.exist?).must_equal true
_(resource.resource_id).must_equal "771d3ee7c7ea"
end end
it "check plugin parsing for store/weaveworks/net-plugin" do it "check plugin parsing for store/weaveworks/net-plugin" do
@ -18,6 +19,7 @@ describe "Inspec::Resources::DockerContainer" do
_(resource.version).must_equal "2.3.0" _(resource.version).must_equal "2.3.0"
_(resource.enabled?).must_equal true _(resource.enabled?).must_equal true
_(resource.exist?).must_equal true _(resource.exist?).must_equal true
_(resource.resource_id).must_equal "6ea8176de74b"
end end
it "check plugin parsing when there are no plugins" do it "check plugin parsing when there are no plugins" do
@ -26,6 +28,7 @@ describe "Inspec::Resources::DockerContainer" do
assert_nil resource.version assert_nil resource.version
assert_nil resource.id assert_nil resource.id
assert_nil resource.enabled? assert_nil resource.enabled?
_(resource.resource_id).must_equal ""
_(resource.exist?).must_equal false _(resource.exist?).must_equal false
end end

View file

@ -14,6 +14,7 @@ describe "Inspec::Resources::DockerService" do
_(resource.replicas).must_equal "3/3" _(resource.replicas).must_equal "3/3"
_(resource.mode).must_equal "replicated" _(resource.mode).must_equal "replicated"
_(resource.ports).must_equal "*:1234->1234/tcp" _(resource.ports).must_equal "*:1234->1234/tcp"
_(resource.resource_id).must_equal "2ghswegspre1"
end end
it "check docker service from id" do it "check docker service from id" do
@ -26,6 +27,7 @@ describe "Inspec::Resources::DockerService" do
_(resource.replicas).must_equal "3/3" _(resource.replicas).must_equal "3/3"
_(resource.mode).must_equal "replicated" _(resource.mode).must_equal "replicated"
_(resource.ports).must_equal "*:1234->1234/tcp" _(resource.ports).must_equal "*:1234->1234/tcp"
_(resource.resource_id).must_equal "2ghswegspre1"
end end
it "check docker service from image" do it "check docker service from image" do
@ -38,6 +40,7 @@ describe "Inspec::Resources::DockerService" do
_(resource.replicas).must_equal "3/3" _(resource.replicas).must_equal "3/3"
_(resource.mode).must_equal "replicated" _(resource.mode).must_equal "replicated"
_(resource.ports).must_equal "*:1234->1234/tcp" _(resource.ports).must_equal "*:1234->1234/tcp"
_(resource.resource_id).must_equal "2ghswegspre1"
end end
it "prints as a docker_image resource" do it "prints as a docker_image resource" do

View file

@ -9,6 +9,7 @@ describe "Inspec::Resources::EtcGroup" do
_(resource.gids).must_equal [0, 33, 999, 1000] _(resource.gids).must_equal [0, 33, 999, 1000]
_(resource.groups).must_equal %w{ root www-data GroupWithCaps sftpusers } _(resource.groups).must_equal %w{ root www-data GroupWithCaps sftpusers }
_(resource.users).must_equal %w{ www-data root sftponly } _(resource.users).must_equal %w{ www-data root sftponly }
_(resource.resource_id).must_equal "/etc/group"
end end
it "verify group filter with no users" do it "verify group filter with no users" do

View file

@ -23,6 +23,9 @@ describe "Inspec::Resources::EtcHostsAllow" do
it "has a to_s" do it "has a to_s" do
_(resource.to_s).must_equal "hosts.allow Configuration" _(resource.to_s).must_equal "hosts.allow Configuration"
end end
it "has a resource_id" do
_(resource.resource_id).must_equal "/etc/hosts.allow"
end
end end
describe "#parse_line" do describe "#parse_line" do
@ -73,5 +76,8 @@ describe "Inspec::Resources::EtcHostsDeny" do
it "has a to_s" do it "has a to_s" do
_(resource.to_s).must_equal "hosts.deny Configuration" _(resource.to_s).must_equal "hosts.deny Configuration"
end end
it "has a resource_id" do
_(resource.resource_id).must_equal "/etc/hosts.deny"
end
end end
end end

View file

@ -10,6 +10,7 @@ describe Inspec::Resources::FileResource do
resource.stubs(:exist?).returns(true) resource.stubs(:exist?).returns(true)
resource.stubs(:mounted?).returns(true) resource.stubs(:mounted?).returns(true)
resource.stubs(:source_path).returns("/fakepath/fakefile") resource.stubs(:source_path).returns("/fakepath/fakefile")
resource.stubs(:path).returns("/fakepath/fakefile")
resource.stubs(:file).returns(file) resource.stubs(:file).returns(file)
resource.stubs(:content).returns("content") resource.stubs(:content).returns("content")
resource.stubs(:mode).returns(000) resource.stubs(:mode).returns(000)
@ -34,6 +35,7 @@ describe Inspec::Resources::FileResource do
_(resource.suid).must_equal true _(resource.suid).must_equal true
_(resource.sgid).must_equal true _(resource.sgid).must_equal true
_(resource.sticky).must_equal true _(resource.sticky).must_equal true
_(resource.resource_id).must_equal "/fakepath/fakefile"
_(proc { resource.send(:more_permissive_than?, nil) }).must_raise(ArgumentError) _(proc { resource.send(:more_permissive_than?, nil) }).must_raise(ArgumentError)
_(proc { resource.send(:more_permissive_than?, 0700) }).must_raise(ArgumentError) _(proc { resource.send(:more_permissive_than?, 0700) }).must_raise(ArgumentError)
end end
@ -43,6 +45,7 @@ describe Inspec::Resources::FileResource do
resource.stubs(:exist?).returns(true) resource.stubs(:exist?).returns(true)
resource.stubs(:mounted?).returns(true) resource.stubs(:mounted?).returns(true)
resource.stubs(:content).returns("content") resource.stubs(:content).returns("content")
resource.stubs(:path).returns("C:/fakepath/fakefile")
resource.stubs(:file_permission_granted?).with("read", "by_usergroup", "by_specific_user").returns("test_result") resource.stubs(:file_permission_granted?).with("read", "by_usergroup", "by_specific_user").returns("test_result")
resource.stubs(:file_permission_granted?).with("write", "by_usergroup", "by_specific_user").returns("test_result") resource.stubs(:file_permission_granted?).with("write", "by_usergroup", "by_specific_user").returns("test_result")
resource.stubs(:file_permission_granted?).with("execute", "by_usergroup", "by_specific_user").returns("test_result") resource.stubs(:file_permission_granted?).with("execute", "by_usergroup", "by_specific_user").returns("test_result")
@ -51,6 +54,7 @@ describe Inspec::Resources::FileResource do
_(resource.content).must_equal "content" _(resource.content).must_equal "content"
_(resource.exist?).must_equal true _(resource.exist?).must_equal true
_(resource.mounted?).must_equal true _(resource.mounted?).must_equal true
_(resource.resource_id).must_equal "C:/fakepath/fakefile"
_(resource.readable?("by_usergroup", "by_specific_user")).must_equal "test_result" _(resource.readable?("by_usergroup", "by_specific_user")).must_equal "test_result"
_(resource.allowed?("read", by: "by_usergroup", by_user: "by_specific_user")).must_equal "test_result" _(resource.allowed?("read", by: "by_usergroup", by_user: "by_specific_user")).must_equal "test_result"
_(resource.writable?("by_usergroup", "by_specific_user")).must_equal "test_result" _(resource.writable?("by_usergroup", "by_specific_user")).must_equal "test_result"
@ -117,6 +121,8 @@ describe Inspec::Resources::FileResource do
it "when file does not exist" do it "when file does not exist" do
resource = MockLoader.new(:ubuntu).load_resource("file", "file_does_not_exist") resource = MockLoader.new(:ubuntu).load_resource("file", "file_does_not_exist")
assert_nil(resource.send(:more_permissive_than?, nil)) assert_nil(resource.send(:more_permissive_than?, nil))
resource.stubs(:path).returns("file_does_not_exist")
_(resource.resource_id).must_equal "file_does_not_exist"
end end
end end