mirror of
https://github.com/inspec/inspec
synced 2024-11-22 20:53:11 +00:00
Merge pull request #6074 from inspec/nm/aws-profile-version-fix
CFINSPEC-249 Fix for dependent profiles with same name but different version
This commit is contained in:
commit
54c175ca36
9 changed files with 88 additions and 7 deletions
|
@ -25,7 +25,9 @@ module Inspec
|
||||||
def self.from_array(dependencies, cwd, cache, backend)
|
def self.from_array(dependencies, cwd, cache, backend)
|
||||||
dep_list = {}
|
dep_list = {}
|
||||||
dependencies.each do |d|
|
dependencies.each do |d|
|
||||||
dep_list[d.name] = d
|
# if depedent profile does not have a source version then only name is used in dependency hash
|
||||||
|
key_name = (d.source_version ? "#{d.name}-#{d.source_version}" : "#{d.name}") rescue "#{d.name}"
|
||||||
|
dep_list[key_name] = d
|
||||||
end
|
end
|
||||||
new(cwd, cache, dep_list, backend)
|
new(cwd, cache, dep_list, backend)
|
||||||
end
|
end
|
||||||
|
@ -39,7 +41,9 @@ module Inspec
|
||||||
def self.flatten_dep_tree(dep_tree)
|
def self.flatten_dep_tree(dep_tree)
|
||||||
dep_list = {}
|
dep_list = {}
|
||||||
dep_tree.each do |d|
|
dep_tree.each do |d|
|
||||||
dep_list[d.name] = d
|
# if depedent profile does not have a source version then only name is used in dependency hash
|
||||||
|
key_name = (d.source_version ? "#{d.name}-#{d.source_version}" : "#{d.name}") rescue d.name
|
||||||
|
dep_list[key_name] = d
|
||||||
dep_list.merge!(flatten_dep_tree(d.dependencies))
|
dep_list.merge!(flatten_dep_tree(d.dependencies))
|
||||||
end
|
end
|
||||||
dep_list
|
dep_list
|
||||||
|
|
|
@ -6,13 +6,13 @@ require "inspec/utils/deprecated_cloud_resources_list"
|
||||||
module Inspec::DSL
|
module Inspec::DSL
|
||||||
attr_accessor :backend
|
attr_accessor :backend
|
||||||
|
|
||||||
def require_controls(id, &block)
|
def require_controls(id, version = nil, &block)
|
||||||
opts = { profile_id: id, include_all: false, backend: @backend, conf: @conf, dependencies: @dependencies }
|
opts = { profile_id: id, include_all: false, backend: @backend, conf: @conf, dependencies: @dependencies, profile_version: version }
|
||||||
::Inspec::DSL.load_spec_files_for_profile(self, opts, &block)
|
::Inspec::DSL.load_spec_files_for_profile(self, opts, &block)
|
||||||
end
|
end
|
||||||
|
|
||||||
def include_controls(id, &block)
|
def include_controls(id, version = nil, &block)
|
||||||
opts = { profile_id: id, include_all: true, backend: @backend, conf: @conf, dependencies: @dependencies }
|
opts = { profile_id: id, include_all: true, backend: @backend, conf: @conf, dependencies: @dependencies, profile_version: version }
|
||||||
::Inspec::DSL.load_spec_files_for_profile(self, opts, &block)
|
::Inspec::DSL.load_spec_files_for_profile(self, opts, &block)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -85,7 +85,20 @@ module Inspec::DSL
|
||||||
def self.load_spec_files_for_profile(bind_context, opts, &block)
|
def self.load_spec_files_for_profile(bind_context, opts, &block)
|
||||||
dependencies = opts[:dependencies]
|
dependencies = opts[:dependencies]
|
||||||
profile_id = opts[:profile_id]
|
profile_id = opts[:profile_id]
|
||||||
dep_entry = dependencies.list[profile_id]
|
profile_version = opts[:profile_version]
|
||||||
|
|
||||||
|
new_profile_id = nil
|
||||||
|
if profile_version
|
||||||
|
new_profile_id = "#{profile_id}-#{profile_version}"
|
||||||
|
else
|
||||||
|
dependencies.list.keys.each do |key|
|
||||||
|
# If dep profile does not contain a source version, key does not contain a version as well. In that case new_profile_id will be always nil and instead profile_id would be used to fetch profile from dependency list.
|
||||||
|
profile_id_key = key.split("-")
|
||||||
|
profile_id_key.pop
|
||||||
|
new_profile_id = key if profile_id_key.join("-") == profile_id
|
||||||
|
end
|
||||||
|
end
|
||||||
|
dep_entry = new_profile_id ? dependencies.list[new_profile_id] : dependencies.list[profile_id]
|
||||||
|
|
||||||
if dep_entry.nil?
|
if dep_entry.nil?
|
||||||
raise <<~EOF
|
raise <<~EOF
|
||||||
|
|
3
test/fixtures/profiles/git-fetcher/inheritance/child-profile-1/controls/example.rb
vendored
Normal file
3
test/fixtures/profiles/git-fetcher/inheritance/child-profile-1/controls/example.rb
vendored
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
require_controls "ssh" do
|
||||||
|
control "sshd-50"
|
||||||
|
end
|
15
test/fixtures/profiles/git-fetcher/inheritance/child-profile-1/inspec.yml
vendored
Normal file
15
test/fixtures/profiles/git-fetcher/inheritance/child-profile-1/inspec.yml
vendored
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
name: child-profile-1
|
||||||
|
title: InSpec Profile
|
||||||
|
maintainer: The Authors
|
||||||
|
copyright: The Authors
|
||||||
|
copyright_email: you@example.com
|
||||||
|
license: Apache-2.0
|
||||||
|
summary: An InSpec Compliance Profile
|
||||||
|
version: 0.1.0
|
||||||
|
supports:
|
||||||
|
platform: os
|
||||||
|
depends:
|
||||||
|
- name: ssh
|
||||||
|
git: https://github.com/dev-sec/ssh-baseline.git
|
||||||
|
tag: 2.7.0
|
||||||
|
|
3
test/fixtures/profiles/git-fetcher/inheritance/child-profile-2/controls/example.rb
vendored
Normal file
3
test/fixtures/profiles/git-fetcher/inheritance/child-profile-2/controls/example.rb
vendored
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
require_controls "ssh" do
|
||||||
|
control "sshd-01"
|
||||||
|
end
|
14
test/fixtures/profiles/git-fetcher/inheritance/child-profile-2/inspec.yml
vendored
Normal file
14
test/fixtures/profiles/git-fetcher/inheritance/child-profile-2/inspec.yml
vendored
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
name: child-profile-2
|
||||||
|
title: InSpec Profile
|
||||||
|
maintainer: The Authors
|
||||||
|
copyright: The Authors
|
||||||
|
copyright_email: you@example.com
|
||||||
|
license: Apache-2.0
|
||||||
|
summary: An InSpec Compliance Profile
|
||||||
|
version: 0.1.0
|
||||||
|
supports:
|
||||||
|
platform: os
|
||||||
|
depends:
|
||||||
|
- name: ssh
|
||||||
|
git: https://github.com/dev-sec/ssh-baseline.git
|
||||||
|
tag: 2.6.0
|
2
test/fixtures/profiles/git-fetcher/inheritance/parent-profile/controls/example.rb
vendored
Normal file
2
test/fixtures/profiles/git-fetcher/inheritance/parent-profile/controls/example.rb
vendored
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
include_controls "child-profile-1"
|
||||||
|
include_controls "child-profile-2"
|
15
test/fixtures/profiles/git-fetcher/inheritance/parent-profile/inspec.yml
vendored
Normal file
15
test/fixtures/profiles/git-fetcher/inheritance/parent-profile/inspec.yml
vendored
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
name: parent-profile
|
||||||
|
title: InSpec Profile
|
||||||
|
maintainer: The Authors
|
||||||
|
copyright: The Authors
|
||||||
|
copyright_email: you@example.com
|
||||||
|
license: Apache-2.0
|
||||||
|
summary: An InSpec Compliance Profile
|
||||||
|
version: 0.1.0
|
||||||
|
supports:
|
||||||
|
platform: os
|
||||||
|
depends:
|
||||||
|
- name: child-profile-2
|
||||||
|
path: ../child-profile-2
|
||||||
|
- name: child-profile-1
|
||||||
|
path: ../child-profile-1
|
|
@ -1305,4 +1305,16 @@ EOT
|
||||||
assert_json_controls_passing
|
assert_json_controls_passing
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe "when profiles are dependent on different versions of same profile" do
|
||||||
|
let(:profile) { "#{profile_path}/git-fetcher/inheritance/parent-profile" }
|
||||||
|
let(:run_result) { run_inspec_process("exec #{profile}") }
|
||||||
|
it "should evaluate all test controls of all versions correctly" do
|
||||||
|
_(run_result.stderr).must_be_empty
|
||||||
|
_(run_result.stdout).must_include "2.7.0"
|
||||||
|
_(run_result.stdout).must_include "2.6.0"
|
||||||
|
_(run_result.stdout).must_include "sshd-01"
|
||||||
|
_(run_result.stdout).must_include "sshd-50"
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue