Merge pull request #5434 from inspec/vasundhara/fix-for-controls-option

lib/inspec/control_eval_context.rb

@@ -53,8 +53,9 @@ module Inspec
 
     def control(id, opts = {}, &block)
       opts[:skip_only_if_eval] = @skip_only_if_eval
-
-      register_control(Inspec::Rule.new(id, profile_id, resources_dsl, opts, &block))
+      if control_exist_in_controls_list?(id) || controls_list_empty?
+        register_control(Inspec::Rule.new(id, profile_id, resources_dsl, opts, &block))
+      end
     end
     alias rule control
 
@@ -68,10 +69,14 @@ module Inspec
       id = "(generated from #{loc} #{SecureRandom.hex})"
 
       res = nil
+
       rule = Inspec::Rule.new(id, profile_id, resources_dsl, {}) do
         res = describe(*args, &block)
       end
-      register_control(rule, &block)
+
+      if control_exist_in_controls_list?(id) || controls_list_empty?
+        register_control(rule, &block)
+      end
 
       res
     end
@@ -176,5 +181,26 @@ module Inspec
         "#{File.basename(path)}:#{line}"
       end
     end
+
+    # Returns true if configuration hash is not empty and it contains the list of controls is not empty
+    def profile_config_exist?
+      !@conf.empty? && @conf.key?("profile") && !@conf["profile"].include_controls_list.empty?
+    end
+
+    # Returns true if configuration hash is empty or configuration hash does not have the list of controls that needs to be included
+    def controls_list_empty?
+      !@conf.empty? && @conf.key?("profile") && @conf["profile"].include_controls_list.empty? || @conf.empty?
+    end
+
+    # Check if the given control exist in the --controls option
+    def control_exist_in_controls_list?(id)
+      if profile_config_exist?
+        id_exist_in_list = @conf["profile"].include_controls_list.any? do |inclusion|
+          # Try to see if the inclusion is a regex, and if it matches
+          inclusion == id || (inclusion.is_a?(Regexp) && inclusion =~ id)
+        end
+      end
+      id_exist_in_list
+    end
   end
 end

lib/inspec/profile.rb

@@ -225,14 +225,17 @@ module Inspec
         end
         @tests_collected = true
       end
-      filter_controls(@runner_context.all_rules, include_list)
+      @runner_context.all_rules
     end
 
-    def filter_controls(controls_array, include_list)
-      return controls_array if include_list.nil? || include_list.empty?
+    # This creates the list of controls provided in the --controls options which need to be include
+    # for evaluation.
+    def include_controls_list
+      return [] if @controls.nil? || @controls.empty?
 
+      included_controls = @controls
       # Check for anything that might be a regex in the list, and make it official
-      include_list.each_with_index do |inclusion, index|
+      included_controls.each_with_index do |inclusion, index|
         next if inclusion.is_a?(Regexp)
         # Insist the user wrap the regex in slashes to demarcate it as a regex
         next unless inclusion.start_with?("/") && inclusion.end_with?("/")
@@ -240,21 +243,14 @@ module Inspec
         inclusion = inclusion[1..-2] # Trim slashes
         begin
           re = Regexp.new(inclusion)
-          include_list[index] = re
+          included_controls[index] = re
         rescue RegexpError => e
           warn "Ignoring unparseable regex '/#{inclusion}/' in --control CLI option: #{e.message}"
-          include_list[index] = nil
-        end
-      end
-      include_list.compact!
-
-      controls_array.select do |c|
-        id = ::Inspec::Rule.rule_id(c)
-        include_list.any? do |inclusion|
-          # Try to see if the inclusion is a regex, and if it matches
-          inclusion == id || (inclusion.is_a?(Regexp) && inclusion =~ id)
+          included_controls[index] = nil
         end
       end
+      included_controls.compact!
+      included_controls
     end
 
     def load_libraries

test/fixtures/profiles/controls-option-test/controls/example.rb

@@ -0,0 +1,30 @@
+control "foo" do
+  describe 'a thing' do
+    it { should cmp 'a thing' }
+  end
+end
+
+control "bar" do
+  puts 'bar'
+  describe 'a thing' do
+    it { should cmp 'a thing' }
+  end
+end
+
+control "11_pass" do
+  describe 'a thing' do
+    it { should cmp 'a thing' }
+  end
+end
+
+control "11_pass2" do
+  describe 'a thing' do
+    it { should cmp 'a thing' }
+  end
+end
+
+describe 'a thing' do
+  puts 'only-describe'
+  it { should cmp 'a thing' }
+end
+

test/fixtures/profiles/controls-option-test/inspec.yml

@@ -0,0 +1,10 @@
+name: controls-option-test
+title: InSpec Profile
+maintainer: The Authors
+copyright: The Authors
+copyright_email: you@example.com
+license: Apache-2.0
+summary: An InSpec Compliance Profile
+version: 0.1.0
+supports:
+  platform: os

test/fixtures/profiles/inputs/cli/inspec.yml

@@ -8,3 +8,4 @@ supports:
 inputs:
   - name: test_input_04
     type: numeric
+    value: 0.0

test/functional/inspec_exec_test.rb

@@ -178,6 +178,27 @@ Test Summary: 0 successful, 0 failures, 0 skipped
     assert_exit_code 100, out
   end
 
+  it "executes only specified controls when selecting the controls by literal names" do
+    inspec("exec " + File.join(profile_path, "controls-option-test") + " --no-create-lockfile --controls foo")
+    _(out.stdout).must_include "foo"
+    _(out.stdout).wont_include "bar"
+    _(out.stdout).wont_include "only-describe"
+    _(stderr).must_equal ""
+
+    assert_exit_code 0, out
+  end
+
+  it "executes only specified controls when selecting the controls by regex" do
+    inspec("exec " + File.join(profile_path, "controls-option-test") + " --no-create-lockfile --controls '/^11_pass/'")
+    _(out.stdout).must_include "11_pass"
+    _(out.stdout).must_include "11_pass2"
+    _(out.stdout).wont_include "bar"
+    _(out.stdout).wont_include "only-describe"
+    _(stderr).must_equal ""
+
+    assert_exit_code 0, out
+  end
+
   it "executes only specified controls when selecting passing controls by literal names" do
     inspec("exec " + File.join(profile_path, "filter_table") + " --no-create-lockfile --controls 2943_pass_undeclared_field_in_hash 2943_pass_irregular_row_key")