Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-26 06:30:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

Move habitat to v2 plugin. (#3404)

Browse source 
Signed-off-by: Jared Quick <jquick@chef.io>
This commit is contained in:
Jared Quick 2018-09-18 13:10:07 -04:00 committed by GitHub
parent b8adedeb3a
commit 40e024fa97
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 454 additions and 458 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.rubocop.yml
View file

@ -7,6 +7,7 @@ AllCops:
- 'test/**/*'
- 'examples/**/*'
- 'vendor/**/*'
- 'lib/plugins/inspec-*/test/**/*'
- 'lib/bundles/inspec-init/templates/**/*'
- 'www/demo/**/*'
AlignParameters:

12
lib/bundles/inspec-habitat.rb
View file

@ -1,12 +0,0 @@
# encoding: utf-8
# author: Adam Leff
libdir = File.dirname(__FILE__)
$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
module Habitat
autoload :Log, 'inspec-habitat/log'
autoload :Profile, 'inspec-habitat/profile'
end
require 'inspec-habitat/cli'

37
lib/bundles/inspec-habitat/cli.rb
View file

@ -1,37 +0,0 @@
# encoding: utf-8
# author: Adam Leff
require 'thor'
require 'inspec/base_cli'
module Habitat
class HabitatProfileCLI < Thor
namespace 'habitat profile'
desc 'create PATH', 'Create a one-time Habitat artifact for the profile found at PATH'
option :output_dir, type: :string, required: false,
desc: 'Directory in which to save the generated Habitat artifact. Default: current directory'
def create(path)
Habitat::Profile.create(path, options)
end
desc 'setup PATH', 'Configure the profile at PATH for Habitat, including a plan and hooks'
def setup(path)
Habitat::Profile.setup(path)
end
desc 'upload PATH', 'Create a one-time Habitat artifact for the profile found at PATH, and upload it to a Habitat Depot'
def upload(path)
Habitat::Profile.upload(path, options)
end
end
class HabitatCLI < Inspec::BaseCLI
namespace 'habitat'
desc 'profile', 'Manage InSpec profiles as Habitat artifacts'
subcommand 'profile', HabitatProfileCLI
end
Inspec::Plugins::CLI.add_subcommand(HabitatCLI, 'habitat', 'habitat SUBCOMMAND ...', 'Commands for InSpec + Habitat Integration', {})
end

10
lib/bundles/inspec-habitat/log.rb
View file

@ -1,10 +0,0 @@
# encoding: utf-8
# author: Adam Leff
require 'mixlib/log'
module Habitat
class Log
extend Mixlib::Log
end
end

391
lib/bundles/inspec-habitat/profile.rb
View file

@ -1,391 +0,0 @@
# encoding: utf-8
# author: Adam Leff
require 'inspec/profile_vendor'
require 'mixlib/shellout'
require 'tomlrb'
module Habitat
class Profile
attr_reader :options, :path, :profile
def self.create(path, options = {})
creator = new(path, options)
hart_file = creator.create
creator.copy(hart_file)
ensure
creator.delete_work_dir
end
def self.setup(path)
new(path).setup
end
def self.upload(path, options = {})
uploader = new(path, options)
uploader.upload
ensure
uploader.delete_work_dir
end
def initialize(path, options = {})
@path = path
@options = options
@cli_config = nil
log_level = options.fetch('log_level', 'info')
Habitat::Log.level(log_level.to_sym)
end
def create
Habitat::Log.info("Creating a Habitat artifact for profile: #{path}")
validate_habitat_installed
validate_habitat_origin
create_profile_object
verify_profile
vendor_profile_dependencies
copy_profile_to_work_dir
create_habitat_directories(work_dir)
create_plan(work_dir)
create_run_hook(work_dir)
create_settings_file(work_dir)
create_default_config(work_dir)
# returns the path to the .hart file in the work directory
build_hart
rescue => e
Habitat::Log.debug(e.backtrace.join("\n"))
exit_with_error(
'Unable to generate Habitat artifact.',
"#{e.class} -- #{e.message}",
)
end
def copy(hart_file)
validate_output_dir
Habitat::Log.info("Copying artifact to #{output_dir}...")
copy_hart(hart_file)
end
def upload
validate_habitat_auth_token
hart_file = create
upload_hart(hart_file)
rescue => e
Habitat::Log.debug(e.backtrace.join("\n"))
exit_with_error(
'Unable to upload Habitat artifact.',
"#{e.class} -- #{e.message}",
)
end
def delete_work_dir
Habitat::Log.debug("Deleting work directory #{work_dir}")
FileUtils.rm_rf(work_dir) if Dir.exist?(work_dir)
end
def setup
Habitat::Log.info("Setting up profile at #{path} for Habitat...")
create_profile_object
verify_profile
vendor_profile_dependencies
create_habitat_directories(path)
create_plan(path)
create_run_hook(path)
create_settings_file(path)
create_default_config(path)
end
private
def create_profile_object
@profile = Inspec::Profile.for_target(
path,
backend: Inspec::Backend.create(target: 'mock://'),
)
end
def verify_profile
Habitat::Log.info('Checking to see if the profile is valid...')
unless profile.check[:summary][:valid]
exit_with_error('Profile check failed. Please fix the profile before creating a Habitat artifact.')
end
Habitat::Log.info('Profile is valid.')
end
def vendor_profile_dependencies
profile_vendor = Inspec::ProfileVendor.new(path)
if profile_vendor.lockfile.exist? && profile_vendor.cache_path.exist?
Habitat::Log.info("Profile's dependencies are already vendored, skipping vendor process.")
else
Habitat::Log.info("Vendoring the profile's dependencies...")
profile_vendor.vendor!
Habitat::Log.info('Ensuring all vendored content has read permissions...')
profile_vendor.make_readable
# refresh the profile object since the profile now has new files
create_profile_object
end
end
def validate_habitat_installed
Habitat::Log.info('Checking to see if Habitat is installed...')
cmd = Mixlib::ShellOut.new('hab --version')
cmd.run_command
exit_with_error('Unable to run Habitat commands.', cmd.stderr) if cmd.error?
end
def validate_habitat_origin
exit_with_error(
'Unable to determine Habitat origin name.',
'Run `hab setup` or set the HAB_ORIGIN environment variable.',
) if habitat_origin.nil?
end
def validate_habitat_auth_token
exit_with_error(
'Unable to determine Habitat auth token for publishing.',
'Run `hab setup` or set the HAB_AUTH_TOKEN environment variable.',
) if habitat_auth_token.nil?
end
def validate_output_dir
exit_with_error("Output directory #{output_dir} is not a directory or does not exist.") unless
File.directory?(output_dir)
end
def work_dir
return @work_dir if @work_dir
@work_dir ||= Dir.mktmpdir('inspec-habitat-exporter')
Habitat::Log.debug("Generated work directory #{@work_dir}")
@work_dir
end
def create_habitat_directories(parent_directory)
[
File.join(parent_directory, 'habitat'),
File.join(parent_directory, 'habitat', 'config'),
File.join(parent_directory, 'habitat', 'hooks'),
].each do |dir|
Dir.mkdir(dir) unless Dir.exist?(dir)
end
end
def copy_profile_to_work_dir
Habitat::Log.info('Copying profile contents to the work directory...')
profile.files.each do |f|
src = File.join(profile.root_path, f)
dst = File.join(work_dir, f)
if File.directory?(f)
Habitat::Log.debug("Creating directory #{dst}")
FileUtils.mkdir_p(dst)
else
Habitat::Log.debug("Copying file #{src} to #{dst}")
FileUtils.cp_r(src, dst)
end
end
end
def create_plan(directory)
plan_file = File.join(directory, 'habitat', 'plan.sh')
Habitat::Log.info("Generating Habitat plan at #{plan_file}...")
File.write(plan_file, plan_contents)
end
def create_run_hook(directory)
run_hook_file = File.join(directory, 'habitat', 'hooks', 'run')
Habitat::Log.info("Generating a Habitat run hook at #{run_hook_file}...")
File.write(run_hook_file, run_hook_contents)
end
def create_settings_file(directory)
settings_file = File.join(directory, 'habitat', 'config', 'settings.sh')
Habitat::Log.info("Generating a settings file at #{settings_file}...")
File.write(settings_file, "SLEEP_TIME={{cfg.sleep_time}}\n")
end
def create_default_config(directory)
default_toml = File.join(directory, 'habitat', 'default.toml')
Habitat::Log.info("Generating Habitat's default.toml configuration...")
File.write(default_toml, 'sleep_time = 300')
end
def build_hart
Habitat::Log.info('Building our Habitat artifact...')
env = {
'TERM' => 'vt100',
'HAB_ORIGIN' => habitat_origin,
'HAB_NONINTERACTIVE' => 'true',
}
env['RUST_LOG'] = 'debug' if Habitat::Log.level == :debug
# TODO: Would love to use Mixlib::ShellOut here, but it doesn't
# seem to preserve the STDIN tty, and docker gets angry.
Dir.chdir(work_dir) do
unless system(env, 'hab pkg build .')
exit_with_error('Unable to build the Habitat artifact.')
end
end
hart_files = Dir.glob(File.join(work_dir, 'results', '*.hart'))
if hart_files.length > 1
exit_with_error('More than one Habitat artifact was created which was not expected.')
elsif hart_files.empty?
exit_with_error('No Habitat artifact was created.')
end
hart_files.first
end
def copy_hart(working_dir_hart)
hart_basename = File.basename(working_dir_hart)
dst = File.join(output_dir, hart_basename)
FileUtils.cp(working_dir_hart, dst)
dst
end
def upload_hart(hart_file)
Habitat::Log.info('Uploading the Habitat artifact to our Depot...')
env = {
'TERM' => 'vt100',
'HAB_AUTH_TOKEN' => habitat_auth_token,
'HAB_NONINTERACTIVE' => 'true',
}
env['HAB_DEPOT_URL'] = ENV['HAB_DEPOT_URL'] if ENV['HAB_DEPOT_URL']
cmd = Mixlib::ShellOut.new("hab pkg upload #{hart_file}", env: env)
cmd.run_command
if cmd.error?
exit_with_error(
'Unable to upload Habitat artifact to the Depot.',
cmd.stdout,
cmd.stderr,
)
end
Habitat::Log.info('Upload complete!')
end
def habitat_origin
ENV['HAB_ORIGIN'] || habitat_cli_config['origin']
end
def habitat_auth_token
ENV['HAB_AUTH_TOKEN'] || habitat_cli_config['auth_token']
end
def habitat_cli_config
return @cli_config if @cli_config
config_file = File.join(ENV['HOME'], '.hab', 'etc', 'cli.toml')
return {} unless File.exist?(config_file)
@cli_config = Tomlrb.load_file(config_file)
end
def output_dir
options[:output_dir] || Dir.pwd
end
def exit_with_error(*errors)
errors.each do |error_msg|
Habitat::Log.error(error_msg)
end
exit 1
end
def package_name
"inspec-profile-#{profile.name}"
end
def plan_contents
plan = <<~EOL
pkg_name=#{package_name}
pkg_version=#{profile.version}
pkg_origin=#{habitat_origin}
pkg_deps=(chef/inspec core/ruby core/hab)
pkg_svc_user=root
EOL
plan += "pkg_license='#{profile.metadata.params[:license]}'\n\n" if profile.metadata.params[:license]
plan += <<~EOL
do_build() {
cp -vr $PLAN_CONTEXT/../* $HAB_CACHE_SRC_PATH/$pkg_dirname
}
do_install() {
local profile_contents
local excludes
profile_contents=($(ls))
excludes=(habitat results *.hart)
for item in ${excludes[@]}; do
profile_contents=(${profile_contents[@]/$item/})
done
mkdir ${pkg_prefix}/dist
cp -r ${profile_contents[@]} ${pkg_prefix}/dist/
}
EOL
plan
end
def run_hook_contents
<<~EOL
#!/bin/sh
# redirect stderr to stdout
# ultimately, we'd like to log this somewhere useful, but due to
# https://github.com/habitat-sh/habitat/issues/2395, we need to
# avoid doing that for now.
exec 2>&1
# InSpec will try to create a .cache directory in the user's home directory
# so this needs to be someplace writeable by the hab user
export HOME={{pkg.svc_var_path}}
PROFILE_IDENT="{{pkg.origin}}/{{pkg.name}}"
RESULTS_DIR="{{pkg.svc_var_path}}/inspec_results"
RESULTS_FILE="${RESULTS_DIR}/{{pkg.name}}.json"
# Create a directory for inspec formatter output
mkdir -p {{pkg.svc_var_path}}/inspec_results
while true; do
echo "Executing InSpec for ${PROFILE_IDENT}"
inspec exec {{pkg.path}}/dist --format=json > ${RESULTS_FILE}
if [ $? -eq 0 ]; then
echo "InSpec run completed successfully."
else
echo "InSpec run did not complete successfully. If you do not see any errors above,"
echo "control failures were detected. Check the InSpec results here for details:"
echo ${RESULTS_FILE}
echo "Otherwise, troubleshoot any errors shown above."
fi
source {{pkg.svc_config_path}}/settings.sh
echo "sleeping for ${SLEEP_TIME} seconds"
sleep ${SLEEP_TIME}
done
EOL
end
end
end

2
lib/inspec/plugin/v2/loader.rb
View file

@ -90,7 +90,7 @@ module Inspec::Plugin::V2
next if act.activated
# If there is anything in the CLI args with the same name, activate it
# If the word 'help' appears in the first position, load all CLI plugins
if cli_args.include?(act.activator_name.to_s) || cli_args[0] == 'help' || cli_args.size.empty?
if cli_args.include?(act.activator_name.to_s) || cli_args[0] == 'help' || cli_args.size.zero?
activate(:cli_command, act.activator_name)
act.implementation_class.register_with_thor
end

11
lib/plugins/inspec-habitat/lib/inspec-habitat.rb Normal file
View file

@ -0,0 +1,11 @@
module InspecPlugins
module Habitat
class Plugin < Inspec.plugin(2)
plugin_name :'inspec-habitat'
cli_command :habitat do
require_relative 'inspec-habitat/cli'
InspecPlugins::Habitat::CLI
end
end
end
end

39
lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb Normal file
View file

@ -0,0 +1,39 @@
# encoding: utf-8
require_relative 'profile'
module InspecPlugins
module Habitat
class ProfileCLI < Inspec.plugin(2, :cli_command)
# Override banner method to correct missing subcommand.
# @see https://github.com/erikhuda/thor/issues/261
def self.banner(command, _namespace = nil, _subcommand = false)
"#{basename} habitat profile #{command.usage}"
end
desc 'create PATH', 'Create a one-time Habitat artifact for the profile found at PATH'
option :output_dir, type: :string, required: false,
desc: 'Directory in which to save the generated Habitat artifact. Default: current directory'
def create(path)
InspecPlugins::Habitat::Profile.create(path, options)
end
desc 'setup PATH', 'Configure the profile at PATH for Habitat, including a plan and hooks'
def setup(path)
InspecPlugins::Habitat::Profile.setup(path)
end
desc 'upload PATH', 'Create a one-time Habitat artifact for the profile found at PATH, and upload it to a Habitat Depot'
def upload(path)
InspecPlugins::Habitat::Profile.upload(path, options)
end
end
class CLI < Inspec.plugin(2, :cli_command)
subcommand_desc 'habitat SUBCOMMAND', 'Manage Habitat with InSpec'
namespace 'habitat'
desc 'profile', 'Manage InSpec profiles as Habitat artifacts'
subcommand 'profile', ProfileCLI
end
end
end

394
lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb Normal file
View file

@ -0,0 +1,394 @@
# encoding: utf-8
# author: Adam Leff
require 'inspec/profile_vendor'
require 'mixlib/shellout'
require 'tomlrb'
module InspecPlugins
module Habitat
class Profile
attr_reader :options, :path, :profile
def self.create(path, options = {})
creator = new(path, options)
hart_file = creator.create
creator.copy(hart_file)
ensure
creator.delete_work_dir
end
def self.setup(path)
new(path).setup
end
def self.upload(path, options = {})
uploader = new(path, options)
uploader.upload
ensure
uploader.delete_work_dir
end
def initialize(path, options = {})
@path = path
@options = options
@cli_config = nil
log_level = options.fetch('log_level', 'info')
@log = Inspec::Log
@log.level(log_level.to_sym)
end
def create
@log.info("Creating a Habitat artifact for profile: #{path}")
validate_habitat_installed
validate_habitat_origin
create_profile_object
verify_profile
vendor_profile_dependencies
copy_profile_to_work_dir
create_habitat_directories(work_dir)
create_plan(work_dir)
create_run_hook(work_dir)
create_settings_file(work_dir)
create_default_config(work_dir)
# returns the path to the .hart file in the work directory
build_hart
rescue => e
@log.debug(e.backtrace.join("\n"))
exit_with_error(
'Unable to generate Habitat artifact.',
"#{e.class} -- #{e.message}",
)
end
def copy(hart_file)
validate_output_dir
@log.info("Copying artifact to #{output_dir}...")
copy_hart(hart_file)
end
def upload
validate_habitat_auth_token
hart_file = create
upload_hart(hart_file)
rescue => e
@log.debug(e.backtrace.join("\n"))
exit_with_error(
'Unable to upload Habitat artifact.',
"#{e.class} -- #{e.message}",
)
end
def delete_work_dir
@log.debug("Deleting work directory #{work_dir}")
FileUtils.rm_rf(work_dir) if Dir.exist?(work_dir)
end
def setup
@log.info("Setting up profile at #{path} for Habitat...")
create_profile_object
verify_profile
vendor_profile_dependencies
create_habitat_directories(path)
create_plan(path)
create_run_hook(path)
create_settings_file(path)
create_default_config(path)
end
private
def create_profile_object
@profile = Inspec::Profile.for_target(
path,
backend: Inspec::Backend.create(target: 'mock://'),
)
end
def verify_profile
@log.info('Checking to see if the profile is valid...')
unless profile.check[:summary][:valid]
exit_with_error('Profile check failed. Please fix the profile before creating a Habitat artifact.')
end
@log.info('Profile is valid.')
end
def vendor_profile_dependencies
profile_vendor = Inspec::ProfileVendor.new(path)
if profile_vendor.lockfile.exist? && profile_vendor.cache_path.exist?
@log.info("Profile's dependencies are already vendored, skipping vendor process.")
else
@log.info("Vendoring the profile's dependencies...")
profile_vendor.vendor!
@log.info('Ensuring all vendored content has read permissions...')
profile_vendor.make_readable
# refresh the profile object since the profile now has new files
create_profile_object
end
end
def validate_habitat_installed
@log.info('Checking to see if Habitat is installed...')
cmd = Mixlib::ShellOut.new('hab --version')
cmd.run_command
exit_with_error('Unable to run Habitat commands.', cmd.stderr) if cmd.error?
end
def validate_habitat_origin
exit_with_error(
'Unable to determine Habitat origin name.',
'Run `hab setup` or set the HAB_ORIGIN environment variable.',
) if habitat_origin.nil?
end
def validate_habitat_auth_token
exit_with_error(
'Unable to determine Habitat auth token for publishing.',
'Run `hab setup` or set the HAB_AUTH_TOKEN environment variable.',
) if habitat_auth_token.nil?
end
def validate_output_dir
exit_with_error("Output directory #{output_dir} is not a directory or does not exist.") unless
File.directory?(output_dir)
end
def work_dir
return @work_dir if @work_dir
@work_dir ||= Dir.mktmpdir('inspec-habitat-exporter')
@log.debug("Generated work directory #{@work_dir}")
@work_dir
end
def create_habitat_directories(parent_directory)
[
File.join(parent_directory, 'habitat'),
File.join(parent_directory, 'habitat', 'config'),
File.join(parent_directory, 'habitat', 'hooks'),
].each do |dir|
Dir.mkdir(dir) unless Dir.exist?(dir)
end
end
def copy_profile_to_work_dir
@log.info('Copying profile contents to the work directory...')
profile.files.each do |f|
src = File.join(profile.root_path, f)
dst = File.join(work_dir, f)
if File.directory?(f)
@log.debug("Creating directory #{dst}")
FileUtils.mkdir_p(dst)
else
@log.debug("Copying file #{src} to #{dst}")
FileUtils.cp_r(src, dst)
end
end
end
def create_plan(directory)
plan_file = File.join(directory, 'habitat', 'plan.sh')
@log.info("Generating Habitat plan at #{plan_file}...")
File.write(plan_file, plan_contents)
end
def create_run_hook(directory)
run_hook_file = File.join(directory, 'habitat', 'hooks', 'run')
@log.info("Generating a Habitat run hook at #{run_hook_file}...")
File.write(run_hook_file, run_hook_contents)
end
def create_settings_file(directory)
settings_file = File.join(directory, 'habitat', 'config', 'settings.sh')
@log.info("Generating a settings file at #{settings_file}...")
File.write(settings_file, "SLEEP_TIME={{cfg.sleep_time}}\n")
end
def create_default_config(directory)
default_toml = File.join(directory, 'habitat', 'default.toml')
@log.info("Generating Habitat's default.toml configuration...")
File.write(default_toml, 'sleep_time = 300')
end
def build_hart
@log.info('Building our Habitat artifact...')
env = {
'TERM' => 'vt100',
'HAB_ORIGIN' => habitat_origin,
'HAB_NONINTERACTIVE' => 'true',
}
env['RUST_LOG'] = 'debug' if @log.level == :debug
# TODO: Would love to use Mixlib::ShellOut here, but it doesn't
# seem to preserve the STDIN tty, and docker gets angry.
Dir.chdir(work_dir) do
unless system(env, 'hab pkg build .')
exit_with_error('Unable to build the Habitat artifact.')
end
end
hart_files = Dir.glob(File.join(work_dir, 'results', '*.hart'))
if hart_files.length > 1
exit_with_error('More than one Habitat artifact was created which was not expected.')
elsif hart_files.empty?
exit_with_error('No Habitat artifact was created.')
end
hart_files.first
end
def copy_hart(working_dir_hart)
hart_basename = File.basename(working_dir_hart)
dst = File.join(output_dir, hart_basename)
FileUtils.cp(working_dir_hart, dst)
dst
end
def upload_hart(hart_file)
@log.info('Uploading the Habitat artifact to our Depot...')
env = {
'TERM' => 'vt100',
'HAB_AUTH_TOKEN' => habitat_auth_token,
'HAB_NONINTERACTIVE' => 'true',
}
env['HAB_DEPOT_URL'] = ENV['HAB_DEPOT_URL'] if ENV['HAB_DEPOT_URL']
cmd = Mixlib::ShellOut.new("hab pkg upload #{hart_file}", env: env)
cmd.run_command
if cmd.error?
exit_with_error(
'Unable to upload Habitat artifact to the Depot.',
cmd.stdout,
cmd.stderr,
)
end
@log.info('Upload complete!')
end
def habitat_origin
ENV['HAB_ORIGIN'] || habitat_cli_config['origin']
end
def habitat_auth_token
ENV['HAB_AUTH_TOKEN'] || habitat_cli_config['auth_token']
end
def habitat_cli_config
return @cli_config if @cli_config
config_file = File.join(ENV['HOME'], '.hab', 'etc', 'cli.toml')
return {} unless File.exist?(config_file)
@cli_config = Tomlrb.load_file(config_file)
end
def output_dir
options[:output_dir] || Dir.pwd
end
def exit_with_error(*errors)
errors.each do |error_msg|
@log.error(error_msg)
end
exit 1
end
def package_name
"inspec-profile-#{profile.name}"
end
def plan_contents
plan = <<~EOL
pkg_name=#{package_name}
pkg_version=#{profile.version}
pkg_origin=#{habitat_origin}
pkg_deps=(chef/inspec core/ruby core/hab)
pkg_svc_user=root
EOL
plan += "pkg_license='#{profile.metadata.params[:license]}'\n\n" if profile.metadata.params[:license]
plan += <<~EOL
do_build() {
cp -vr $PLAN_CONTEXT/../* $HAB_CACHE_SRC_PATH/$pkg_dirname
}
do_install() {
local profile_contents
local excludes
profile_contents=($(ls))
excludes=(habitat results *.hart)
for item in ${excludes[@]}; do
profile_contents=(${profile_contents[@]/$item/})
done
mkdir ${pkg_prefix}/dist
cp -r ${profile_contents[@]} ${pkg_prefix}/dist/
}
EOL
plan
end
def run_hook_contents
<<~EOL
#!/bin/sh
# redirect stderr to stdout
# ultimately, we'd like to log this somewhere useful, but due to
# https://github.com/habitat-sh/habitat/issues/2395, we need to
# avoid doing that for now.
exec 2>&1
# InSpec will try to create a .cache directory in the user's home directory
# so this needs to be someplace writeable by the hab user
export HOME={{pkg.svc_var_path}}
PROFILE_IDENT="{{pkg.origin}}/{{pkg.name}}"
RESULTS_DIR="{{pkg.svc_var_path}}/inspec_results"
RESULTS_FILE="${RESULTS_DIR}/{{pkg.name}}.json"
# Create a directory for inspec formatter output
mkdir -p {{pkg.svc_var_path}}/inspec_results
while true; do
echo "Executing InSpec for ${PROFILE_IDENT}"
inspec exec {{pkg.path}}/dist --format=json > ${RESULTS_FILE}
if [ $? -eq 0 ]; then
echo "InSpec run completed successfully."
else
echo "InSpec run did not complete successfully. If you do not see any errors above,"
echo "control failures were detected. Check the InSpec results here for details:"
echo ${RESULTS_FILE}
echo "Otherwise, troubleshoot any errors shown above."
fi
source {{pkg.svc_config_path}}/settings.sh
echo "sleeping for ${SLEEP_TIME} seconds"
sleep ${SLEEP_TIME}
done
EOL
end
end
end
end

10
test/unit/bundles/inspec-habitat/profile_test.rb → lib/plugins/inspec-habitat/test/unit/profile_test.rb
View file

@ -1,8 +1,10 @@
require 'helper'
require 'mixlib/log'
require 'ostruct'
require 'minitest/autorun'
require 'mocha/setup'
require_relative '../../lib/inspec-habitat/profile.rb'
describe Habitat::Profile do
describe InspecPlugins::Habitat::Profile do
let(:profile) do
OpenStruct.new(
name: 'my_profile',
@ -11,10 +13,10 @@ describe Habitat::Profile do
)
end
let(:subject) { Habitat::Profile.new('/path/to/profile', { 'log_level' => 'fatal' }) }
let(:subject) { InspecPlugins::Habitat::Profile.new('/path/to/profile', { 'log_level' => 'fatal' }) }
before do
Habitat::Log.level(:fatal)
Inspec::Log.level(:fatal)
end
describe '#verify_profile' do

1
test/helper.rb
View file

@ -38,7 +38,6 @@ require 'fetchers/mock'
require 'inspec/dependencies/cache'
require_relative '../lib/bundles/inspec-compliance'
require_relative '../lib/bundles/inspec-habitat'
require 'train'
CMD = Train.create('local', command_runner: :generic).connection

2
test/unit/plugin/v2/loader_test.rb
View file

@ -25,11 +25,11 @@ class PluginLoaderTests < MiniTest::Test
@bundled_plugins = [
:artifact,
:compliance,
:habitat,
:init,
:supermarket,
]
@core_plugins = [
:'inspec-habitat',
]
end