Backport-6410: Dependent profiles fix for any scheme of version used in profiles (#6471)

* CFINSPEC-580 Dependent profiles fix for any scheme of version used in profiles (#6410) * Dependent profiles fix for any scheme of version used in profiles Signed-off-by: Nikita Mathur <nikita.mathur@chef.io> * Dependent profile fix when version is blank in dependent profiles Signed-off-by: Nikita Mathur <nikita.mathur@chef.io> --------- Signed-off-by: Nikita Mathur <nikita.mathur@chef.io> * LINT: Fix lint offense Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Remove tests for enhanced outcomes and resource_ids Signed-off-by: Sonu Saha <sonu.saha@progress.com> * Add missing changes for test fixtures Signed-off-by: Sonu Saha <sonu.saha@progress.com> --------- Signed-off-by: Nikita Mathur <nikita.mathur@chef.io> Signed-off-by: Sonu Saha <sonu.saha@progress.com> Co-authored-by: Nikita Mathur <Nik08@users.noreply.github.com>
2024-11-22 12:43:07 +00:00 · 2023-10-11 18:37:52 +05:30 · 2023-10-11 18:37:52 +05:30 · 6ee21986bb
commit 6ee21986bb
parent db966c964e
11 changed files with 119 additions and 17 deletions
--- a/lib/inspec/dependencies/dependency_set.rb
+++ b/lib/inspec/dependencies/dependency_set.rb
@ -26,7 +26,7 @@ module Inspec
      dep_list = {}
      dependencies.each do |d|
        # if depedent profile does not have a source version then only name is used in dependency hash
-        key_name = (d.source_version ? "#{d.name}-#{d.source_version}" : "#{d.name}") rescue "#{d.name}"
+        key_name = (d.source_version.blank? ? "#{d.name}" : "#{d.name}-#{d.source_version}") rescue "#{d.name}"
        dep_list[key_name] = d
      end
      new(cwd, cache, dep_list, backend)
@ -42,7 +42,7 @@ module Inspec
      dep_list = {}
      dep_tree.each do |d|
        # if depedent profile does not have a source version then only name is used in dependency hash
-        key_name = (d.source_version ? "#{d.name}-#{d.source_version}" : "#{d.name}") rescue d.name
+        key_name = (d.source_version.blank? ? "#{d.name}" : "#{d.name}-#{d.source_version}") rescue "#{d.name}"
        dep_list[key_name] = d
        dep_list.merge!(flatten_dep_tree(d.dependencies))
      end
--- a/lib/inspec/dsl.rb
+++ b/lib/inspec/dsl.rb
@ -82,11 +82,14 @@ module Inspec::DSL
    if profile_version
      new_profile_id = "#{profile_id}-#{profile_version}"
    else
-      dependencies.list.keys.each do |key|
-        # If dep profile does not contain a source version, key does not contain a version as well. In that case new_profile_id will be always nil and instead profile_id would be used to fetch profile from dependency list.
-        profile_id_key = key.split("-")
-        profile_id_key.pop
-        new_profile_id = key if profile_id_key.join("-") == profile_id
+      dependencies.list.each do |key, value|
+        # 1. Fetching VERSION from a profile dependency name which is in a format NAME-VERSION.
+        # 2. Matching original profile dependency name with profile name used with include or require control DSL.
+        source_version = value.source_version
+        unless source_version.blank?
+          profile_id_key = key.split("-#{source_version}")[0]
+          new_profile_id = key if profile_id_key == profile_id
+        end
      end
    end
    dep_entry = new_profile_id ? dependencies.list[new_profile_id] : dependencies.list[profile_id]
--- a/test/fixtures/profiles/git-fetcher/inheritance-windows/child-profile-2/inspec.yml
+++ b/test/fixtures/profiles/git-fetcher/inheritance-windows/child-profile-2/inspec.yml
@ -0,0 +1,14 @@
+name: child-profile-2
+title: InSpec Profile
+maintainer: The Authors
+copyright: The Authors
+copyright_email: you@example.com
+license: Apache-2.0
+summary: An InSpec Compliance Profile
+version: 0.1.0 Release Inspec 5 NotASemverVersion 1
+supports:
+  platform: os
+depends:
+  - name: ssh
+    git: https://github.com/dev-sec/windows-baseline.git
+    tag: 1.1.0
--- a/test/fixtures/profiles/git-fetcher/inheritance/child-profile-2/inspec.yml
+++ b/test/fixtures/profiles/git-fetcher/inheritance/child-profile-2/inspec.yml
@ -5,7 +5,7 @@ copyright: The Authors
 copyright_email: you@example.com
 license: Apache-2.0
 summary: An InSpec Compliance Profile
-version: 0.1.0
+version: 0.1.0 Release Inspec 5 NotASemverVersion 1
 supports:
  platform: os
 depends:
--- a/test/fixtures/profiles/git-fetcher/inheritance/child-profile-3/controls/example.rb
+++ b/test/fixtures/profiles/git-fetcher/inheritance/child-profile-3/controls/example.rb
@ -0,0 +1,3 @@
+require_controls "ssh-2.6.0" do
+  control "sshd-01"
+end
--- a/test/fixtures/profiles/git-fetcher/inheritance/child-profile-3/inspec.yml
+++ b/test/fixtures/profiles/git-fetcher/inheritance/child-profile-3/inspec.yml
@ -0,0 +1,14 @@
+name: child-profile-3
+title: InSpec Profile
+maintainer: The Authors
+copyright: The Authors
+copyright_email: you@example.com
+license: Apache-2.0
+summary: An InSpec Compliance Profile
+version: 0.1.0
+supports:
+  platform: os
+depends:
+  - name: ssh
+    git: https://github.com/dev-sec/ssh-baseline.git
+    tag: 2.6.0
--- a/test/fixtures/profiles/git-fetcher/inheritance/child-profile-4/controls/example.rb
+++ b/test/fixtures/profiles/git-fetcher/inheritance/child-profile-4/controls/example.rb
@ -0,0 +1 @@
+include_controls "child-profile-5"
--- a/test/fixtures/profiles/git-fetcher/inheritance/child-profile-4/inspec.yml
+++ b/test/fixtures/profiles/git-fetcher/inheritance/child-profile-4/inspec.yml
@ -0,0 +1,13 @@
+name: child-profile-4
+title: InSpec Profile
+maintainer: The Authors
+copyright: The Authors
+copyright_email: you@example.com
+license: Apache-2.0
+summary: An InSpec Compliance Profile
+version: 0.1.0
+supports:
+  platform: os
+depends:
+  - name: child-profile-5
+    path: ../child-profile-5
--- a/test/fixtures/profiles/git-fetcher/inheritance/child-profile-5/controls/example.rb
+++ b/test/fixtures/profiles/git-fetcher/inheritance/child-profile-5/controls/example.rb
@ -0,0 +1,3 @@
+require_controls "ssh" do
+  control "sshd-01"
+end
--- a/test/fixtures/profiles/git-fetcher/inheritance/child-profile-5/inspec.yml
+++ b/test/fixtures/profiles/git-fetcher/inheritance/child-profile-5/inspec.yml
@ -0,0 +1,13 @@
+name: child-profile-5
+title: InSpec Profile
+maintainer: The Authors
+copyright: The Authors
+copyright_email: you@example.com
+license: Apache-2.0
+summary: An InSpec Compliance Profile
+supports:
+  platform: os
+depends:
+  - name: ssh
+    git: https://github.com/dev-sec/ssh-baseline.git
+    tag: 2.6.0
--- a/test/functional/inspec_exec_test.rb
+++ b/test/functional/inspec_exec_test.rb
@ -1304,15 +1304,53 @@ EOT
  end

  unless windows?
-    describe "when profiles are dependent on different versions of same profile - test in unix" do
-      let(:profile) { "#{profile_path}/git-fetcher/inheritance/parent-profile" }
-      let(:run_result) { run_inspec_process("exec #{profile}") }
-      it "should evaluate all test controls of all versions correctly" do
-        _(run_result.stderr).must_be_empty
-        _(run_result.stdout).must_include "2.7.0"
-        _(run_result.stdout).must_include "2.6.0"
-        _(run_result.stdout).must_include "sshd-01"
-        _(run_result.stdout).must_include "sshd-50"
+    unless windows?
+      describe "when profiles are dependent on different versions of same profile - test in unix - test in unix" do
+        let(:profile) { "#{profile_path}/git-fetcher/inheritance/parent-profile" }
+        let(:run_result) { run_inspec_process("exec #{profile}") }
+        it "should evaluate all test controls of all versions correctly" do
+          skip_windows!
+          _(run_result.stderr).must_be_empty
+          _(run_result.stdout).must_include "2.7.0"
+          _(run_result.stdout).must_include "2.6.0"
+          _(run_result.stdout).must_include "sshd-01"
+          _(run_result.stdout).must_include "sshd-50"
+          # Test with version which is not following semver scheme.
+          _(run_result.stdout).must_include "0.1.0 Release Inspec 5 NotASemverVersion 1"
+        end
+      end
+
+      describe "Using require control with version: when profiles are dependent on different versions of same profile" do
+        let(:profile) { "#{profile_path}/git-fetcher/inheritance/child-profile-3" }
+        let(:run_result) { run_inspec_process("exec #{profile}") }
+        it "should evaluate all test controls of all versions correctly" do
+          skip_windows!
+          _(run_result.stderr).must_be_empty
+          _(run_result.stdout).must_include "2.6.0"
+          _(run_result.stdout).must_include "sshd-01"
+        end
+      end
+
+      describe "When profiles are dependent on a profile with no version" do
+        let(:profile) { "#{profile_path}/git-fetcher/inheritance/child-profile-4" }
+        let(:run_result) { run_inspec_process("exec #{profile}") }
+        it "should evaluate all test controls of all versions correctly" do
+          skip_windows!
+          _(run_result.stderr).must_be_empty
+        end
+      end
+    end
+
+    if windows?
+      describe "when profiles are dependent on different versions of same profile - test in windows" do
+        let(:profile) { "#{profile_path}/git-fetcher/inheritance-windows/parent-profile" }
+        let(:run_result) { run_inspec_process("exec #{profile}") }
+        it "should evaluate all test controls of all versions correctly" do
+          _(run_result.stdout).must_include "1.1.2"
+          _(run_result.stdout).must_include "1.1.0"
+          # Test with version which is not following semver scheme.
+          _(run_result.stdout).must_include "0.1.0 Release Inspec 5 NotASemverVersion 1"
+        end
      end
    end
  end