mirror of
https://github.com/inspec/inspec
synced 2024-11-22 12:43:07 +00:00
Backport-6410: Dependent profiles fix for any scheme of version used in profiles (#6471)
* CFINSPEC-580 Dependent profiles fix for any scheme of version used in profiles (#6410) * Dependent profiles fix for any scheme of version used in profiles Signed-off-by: Nikita Mathur <nikita.mathur@chef.io> * Dependent profile fix when version is blank in dependent profiles Signed-off-by: Nikita Mathur <nikita.mathur@chef.io> --------- Signed-off-by: Nikita Mathur <nikita.mathur@chef.io> * LINT: Fix lint offense Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Remove tests for enhanced outcomes and resource_ids Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Add missing changes for test fixtures Signed-off-by: Sonu Saha <sonu.saha@progress.com> --------- Signed-off-by: Nikita Mathur <nikita.mathur@chef.io> Signed-off-by: Sonu Saha <sonu.saha@progress.com> Co-authored-by: Nikita Mathur <Nik08@users.noreply.github.com>
This commit is contained in:
parent
db966c964e
commit
6ee21986bb
11 changed files with 119 additions and 17 deletions
|
@ -26,7 +26,7 @@ module Inspec
|
|||
dep_list = {}
|
||||
dependencies.each do |d|
|
||||
# if depedent profile does not have a source version then only name is used in dependency hash
|
||||
key_name = (d.source_version ? "#{d.name}-#{d.source_version}" : "#{d.name}") rescue "#{d.name}"
|
||||
key_name = (d.source_version.blank? ? "#{d.name}" : "#{d.name}-#{d.source_version}") rescue "#{d.name}"
|
||||
dep_list[key_name] = d
|
||||
end
|
||||
new(cwd, cache, dep_list, backend)
|
||||
|
@ -42,7 +42,7 @@ module Inspec
|
|||
dep_list = {}
|
||||
dep_tree.each do |d|
|
||||
# if depedent profile does not have a source version then only name is used in dependency hash
|
||||
key_name = (d.source_version ? "#{d.name}-#{d.source_version}" : "#{d.name}") rescue d.name
|
||||
key_name = (d.source_version.blank? ? "#{d.name}" : "#{d.name}-#{d.source_version}") rescue "#{d.name}"
|
||||
dep_list[key_name] = d
|
||||
dep_list.merge!(flatten_dep_tree(d.dependencies))
|
||||
end
|
||||
|
|
|
@ -82,11 +82,14 @@ module Inspec::DSL
|
|||
if profile_version
|
||||
new_profile_id = "#{profile_id}-#{profile_version}"
|
||||
else
|
||||
dependencies.list.keys.each do |key|
|
||||
# If dep profile does not contain a source version, key does not contain a version as well. In that case new_profile_id will be always nil and instead profile_id would be used to fetch profile from dependency list.
|
||||
profile_id_key = key.split("-")
|
||||
profile_id_key.pop
|
||||
new_profile_id = key if profile_id_key.join("-") == profile_id
|
||||
dependencies.list.each do |key, value|
|
||||
# 1. Fetching VERSION from a profile dependency name which is in a format NAME-VERSION.
|
||||
# 2. Matching original profile dependency name with profile name used with include or require control DSL.
|
||||
source_version = value.source_version
|
||||
unless source_version.blank?
|
||||
profile_id_key = key.split("-#{source_version}")[0]
|
||||
new_profile_id = key if profile_id_key == profile_id
|
||||
end
|
||||
end
|
||||
end
|
||||
dep_entry = new_profile_id ? dependencies.list[new_profile_id] : dependencies.list[profile_id]
|
||||
|
|
14
test/fixtures/profiles/git-fetcher/inheritance-windows/child-profile-2/inspec.yml
vendored
Normal file
14
test/fixtures/profiles/git-fetcher/inheritance-windows/child-profile-2/inspec.yml
vendored
Normal file
|
@ -0,0 +1,14 @@
|
|||
name: child-profile-2
|
||||
title: InSpec Profile
|
||||
maintainer: The Authors
|
||||
copyright: The Authors
|
||||
copyright_email: you@example.com
|
||||
license: Apache-2.0
|
||||
summary: An InSpec Compliance Profile
|
||||
version: 0.1.0 Release Inspec 5 NotASemverVersion 1
|
||||
supports:
|
||||
platform: os
|
||||
depends:
|
||||
- name: ssh
|
||||
git: https://github.com/dev-sec/windows-baseline.git
|
||||
tag: 1.1.0
|
|
@ -5,7 +5,7 @@ copyright: The Authors
|
|||
copyright_email: you@example.com
|
||||
license: Apache-2.0
|
||||
summary: An InSpec Compliance Profile
|
||||
version: 0.1.0
|
||||
version: 0.1.0 Release Inspec 5 NotASemverVersion 1
|
||||
supports:
|
||||
platform: os
|
||||
depends:
|
||||
|
|
3
test/fixtures/profiles/git-fetcher/inheritance/child-profile-3/controls/example.rb
vendored
Normal file
3
test/fixtures/profiles/git-fetcher/inheritance/child-profile-3/controls/example.rb
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
require_controls "ssh-2.6.0" do
|
||||
control "sshd-01"
|
||||
end
|
14
test/fixtures/profiles/git-fetcher/inheritance/child-profile-3/inspec.yml
vendored
Normal file
14
test/fixtures/profiles/git-fetcher/inheritance/child-profile-3/inspec.yml
vendored
Normal file
|
@ -0,0 +1,14 @@
|
|||
name: child-profile-3
|
||||
title: InSpec Profile
|
||||
maintainer: The Authors
|
||||
copyright: The Authors
|
||||
copyright_email: you@example.com
|
||||
license: Apache-2.0
|
||||
summary: An InSpec Compliance Profile
|
||||
version: 0.1.0
|
||||
supports:
|
||||
platform: os
|
||||
depends:
|
||||
- name: ssh
|
||||
git: https://github.com/dev-sec/ssh-baseline.git
|
||||
tag: 2.6.0
|
1
test/fixtures/profiles/git-fetcher/inheritance/child-profile-4/controls/example.rb
vendored
Normal file
1
test/fixtures/profiles/git-fetcher/inheritance/child-profile-4/controls/example.rb
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
include_controls "child-profile-5"
|
13
test/fixtures/profiles/git-fetcher/inheritance/child-profile-4/inspec.yml
vendored
Normal file
13
test/fixtures/profiles/git-fetcher/inheritance/child-profile-4/inspec.yml
vendored
Normal file
|
@ -0,0 +1,13 @@
|
|||
name: child-profile-4
|
||||
title: InSpec Profile
|
||||
maintainer: The Authors
|
||||
copyright: The Authors
|
||||
copyright_email: you@example.com
|
||||
license: Apache-2.0
|
||||
summary: An InSpec Compliance Profile
|
||||
version: 0.1.0
|
||||
supports:
|
||||
platform: os
|
||||
depends:
|
||||
- name: child-profile-5
|
||||
path: ../child-profile-5
|
3
test/fixtures/profiles/git-fetcher/inheritance/child-profile-5/controls/example.rb
vendored
Normal file
3
test/fixtures/profiles/git-fetcher/inheritance/child-profile-5/controls/example.rb
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
require_controls "ssh" do
|
||||
control "sshd-01"
|
||||
end
|
13
test/fixtures/profiles/git-fetcher/inheritance/child-profile-5/inspec.yml
vendored
Normal file
13
test/fixtures/profiles/git-fetcher/inheritance/child-profile-5/inspec.yml
vendored
Normal file
|
@ -0,0 +1,13 @@
|
|||
name: child-profile-5
|
||||
title: InSpec Profile
|
||||
maintainer: The Authors
|
||||
copyright: The Authors
|
||||
copyright_email: you@example.com
|
||||
license: Apache-2.0
|
||||
summary: An InSpec Compliance Profile
|
||||
supports:
|
||||
platform: os
|
||||
depends:
|
||||
- name: ssh
|
||||
git: https://github.com/dev-sec/ssh-baseline.git
|
||||
tag: 2.6.0
|
|
@ -1304,15 +1304,53 @@ EOT
|
|||
end
|
||||
|
||||
unless windows?
|
||||
describe "when profiles are dependent on different versions of same profile - test in unix" do
|
||||
let(:profile) { "#{profile_path}/git-fetcher/inheritance/parent-profile" }
|
||||
let(:run_result) { run_inspec_process("exec #{profile}") }
|
||||
it "should evaluate all test controls of all versions correctly" do
|
||||
_(run_result.stderr).must_be_empty
|
||||
_(run_result.stdout).must_include "2.7.0"
|
||||
_(run_result.stdout).must_include "2.6.0"
|
||||
_(run_result.stdout).must_include "sshd-01"
|
||||
_(run_result.stdout).must_include "sshd-50"
|
||||
unless windows?
|
||||
describe "when profiles are dependent on different versions of same profile - test in unix - test in unix" do
|
||||
let(:profile) { "#{profile_path}/git-fetcher/inheritance/parent-profile" }
|
||||
let(:run_result) { run_inspec_process("exec #{profile}") }
|
||||
it "should evaluate all test controls of all versions correctly" do
|
||||
skip_windows!
|
||||
_(run_result.stderr).must_be_empty
|
||||
_(run_result.stdout).must_include "2.7.0"
|
||||
_(run_result.stdout).must_include "2.6.0"
|
||||
_(run_result.stdout).must_include "sshd-01"
|
||||
_(run_result.stdout).must_include "sshd-50"
|
||||
# Test with version which is not following semver scheme.
|
||||
_(run_result.stdout).must_include "0.1.0 Release Inspec 5 NotASemverVersion 1"
|
||||
end
|
||||
end
|
||||
|
||||
describe "Using require control with version: when profiles are dependent on different versions of same profile" do
|
||||
let(:profile) { "#{profile_path}/git-fetcher/inheritance/child-profile-3" }
|
||||
let(:run_result) { run_inspec_process("exec #{profile}") }
|
||||
it "should evaluate all test controls of all versions correctly" do
|
||||
skip_windows!
|
||||
_(run_result.stderr).must_be_empty
|
||||
_(run_result.stdout).must_include "2.6.0"
|
||||
_(run_result.stdout).must_include "sshd-01"
|
||||
end
|
||||
end
|
||||
|
||||
describe "When profiles are dependent on a profile with no version" do
|
||||
let(:profile) { "#{profile_path}/git-fetcher/inheritance/child-profile-4" }
|
||||
let(:run_result) { run_inspec_process("exec #{profile}") }
|
||||
it "should evaluate all test controls of all versions correctly" do
|
||||
skip_windows!
|
||||
_(run_result.stderr).must_be_empty
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
if windows?
|
||||
describe "when profiles are dependent on different versions of same profile - test in windows" do
|
||||
let(:profile) { "#{profile_path}/git-fetcher/inheritance-windows/parent-profile" }
|
||||
let(:run_result) { run_inspec_process("exec #{profile}") }
|
||||
it "should evaluate all test controls of all versions correctly" do
|
||||
_(run_result.stdout).must_include "1.1.2"
|
||||
_(run_result.stdout).must_include "1.1.0"
|
||||
# Test with version which is not following semver scheme.
|
||||
_(run_result.stdout).must_include "0.1.0 Release Inspec 5 NotASemverVersion 1"
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue