move default cache creation to profile implementation

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>

lib/inspec/cli.rb

@@ -36,7 +36,6 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
     configure_logger(o)
     o[:ignore_supports] = true
     o[:backend] = Inspec::Backend.create(target: 'mock://')
-    o[:cache] = Inspec::Cache.new(nil)
 
     profile = Inspec::Profile.for_target(target, o)
     dst = o[:output].to_s
@@ -58,13 +57,12 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
   desc 'check PATH', 'verify all tests at the specified PATH'
   option :format, type: :string
   profile_options
-  def check(path) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+  def check(path) # rubocop:disable Metrics/AbcSize
     diagnose
     o = opts.dup
     configure_logger(o)
     o[:ignore_supports] = true # we check for integrity only
     o[:backend] = Inspec::Backend.create(target: 'mock://')
-    o[:cache] = Inspec::Cache.new(nil)
 
     # run check
     profile = Inspec::Profile.for_target(path, o)

lib/inspec/profile.rb

@@ -21,10 +21,9 @@ module Inspec
   class Profile # rubocop:disable Metrics/ClassLength
     extend Forwardable
 
-    def self.resolve_target(target, cache = nil)
-      c = cache || Cache.new
-      Inspec::Log.debug "Resolve #{target} into cache #{c.path}"
-      Inspec::CachedFetcher.new(target, cache || Cache.new)
+    def self.resolve_target(target, cache)
+      Inspec::Log.debug "Resolve #{target} into cache #{cache.path}"
+      Inspec::CachedFetcher.new(target, cache)
     end
 
     # Check if the profile contains a vendored cache, move content into global cache
@@ -65,11 +64,13 @@ module Inspec
     end
 
     def self.for_fetcher(fetcher, opts)
+      opts[:cache] = opts[:cache] || Cache.new
       path, writable = fetcher.fetch
       for_path(path, opts.merge(target: fetcher.target, writable: writable))
     end
 
     def self.for_target(target, opts = {})
+      opts[:cache] = opts[:cache] || Cache.new
       fetcher = resolve_target(target, opts[:cache])
       for_fetcher(fetcher, opts)
     end

test/functional/inspec_vendor_test.rb

@@ -21,6 +21,10 @@ describe 'example inheritance profile' do
   end
 
   it 'can vendor profile dependencies from the profile path' do
+    # clean existing vendor directory
+    FileUtils.rm_r ("#{inheritance_path}/vendor")
+
+    # vendor all dependencies
     out = inspec('vendor --overwrite', "cd #{inheritance_path} &&")
     out.stdout.force_encoding(Encoding::UTF_8).must_include "Vendor dependencies of #{inheritance_path} into #{inheritance_path}/vendor"
     out.stderr.must_equal ''
@@ -34,6 +38,10 @@ describe 'example inheritance profile' do
   end
 
   it 'ensure nothing is loaded from external source if vendored profile is used' do
+    # clean existing vendor directory
+    FileUtils.rm_r ("#{meta_path}/vendor")
+
+    # vendor all dependencies
     out = inspec('vendor ' + meta_path + ' --overwrite')
     out.exit_status.must_equal 0
 
@@ -44,7 +52,7 @@ describe 'example inheritance profile' do
     File.exist?(lockfile).must_equal true
 
     out = inspec('exec ' + meta_path + ' -l debug --no-create-lockfile')
-    out.stdout.force_encoding(Encoding::UTF_8).must_include   'Using cached dependency for {:url=>"https://github.com/dev-sec/tests-ssh-hardening/archive/master.tar.gz", :sha256=>"01414bd307ea2f7d4dc8cd141085ba7ad61d4c3b2606d57b2dae987c1c3954cb"'
+    out.stdout.force_encoding(Encoding::UTF_8).must_include 'Using cached dependency for {:url=>"https://github.com/dev-sec/tests-ssh-hardening/archive/master.tar.gz", :sha256=>"01414bd307ea2f7d4dc8cd141085ba7ad61d4c3b2606d57b2dae987c1c3954cb"'
     out.stdout.force_encoding(Encoding::UTF_8).must_include 'Using cached dependency for {:git=>"https://github.com/dev-sec/ssl-benchmark.git", :ref=>"e17486c864434c818f96ca13edd2c5a420100a45"'
     out.stdout.force_encoding(Encoding::UTF_8).must_include 'Using cached dependency for {:git=>"https://github.com/chris-rock/windows-patch-benchmark.git", :ref=>"c183d08eb25638e7f5eac97e521640ea314c8e3d"'
     out.stdout.force_encoding(Encoding::UTF_8).index('Fetching URL:').must_be_nil
@@ -53,10 +61,51 @@ describe 'example inheritance profile' do
     out.stderr.must_equal ''
   end
 
+  it 'ensure json command is not fetching remote profiles if vendored' do
+    # ensure the profile is vendored
+    out = inspec('vendor ' + meta_path + ' --overwrite')
+
+    # clean cache directory
+    FileUtils.rm_r "#{Dir.home}/.inspec/cache"
+
+    # execute json command
+    out = inspec('json ' + meta_path + ' -l debug')
+    out.exit_status.must_equal 0
+    length = out.stdout.scan(/Dependency does not exist in the cache/).length
+    length.must_equal 1
+  end
+
+  it 'ensure check command is not fetching remote profiles if vendored' do
+    # ensure the profile is vendored
+    out = inspec('vendor ' + meta_path + ' --overwrite')
+
+    # clean cache directory
+    FileUtils.rm_r "#{Dir.home}/.inspec/cache"
+
+    # execute check command
+    out = inspec('check ' + meta_path + ' -l debug')
+    out.exit_status.must_equal 0
+    length = out.stdout.scan(/Dependency does not exist in the cache/).length
+    length.must_equal 1
+  end
+
   it 'ensure json command works for vendored profile' do
     out = inspec('json ' + meta_path + ' --output ' + dst.path)
     hm = JSON.load(File.read(dst.path))
     hm['name'].must_equal 'meta-profile'
     hm['controls'].length.must_equal 79
   end
+
+  it 'can vendor profile dependencies from the profile path' do
+    out = inspec('vendor --overwrite', "cd #{inheritance_path} &&")
+    out.stdout.force_encoding(Encoding::UTF_8).must_include "Vendor dependencies of #{inheritance_path} into #{inheritance_path}/vendor"
+    out.stderr.must_equal ''
+    out.exit_status.must_equal 0
+
+    vendor_dir = File.join(inheritance_path, 'vendor')
+    File.exist?(vendor_dir).must_equal true
+
+    lockfile = File.join(inheritance_path, 'inspec.lock')
+    File.exist?(lockfile).must_equal true
+  end
 end