Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-10 15:14:23 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'cw/reporters-as-plugins' of github.com:inspec/inspec into cw/reporters-as-plugins

Browse source
This commit is contained in:
Clinton Wolfe 2020-05-05 18:38:40 -04:00
commit 726a111dc1
12 changed files with 72 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
CHANGELOG.md
View file

@ -1,15 +1,19 @@
# Change Log
<!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
<!-- latest_release 4.18.109 -->
## [v4.18.109](https://github.com/inspec/inspec/tree/v4.18.109) (2020-05-01)
<!-- latest_release 4.18.111 -->
## [v4.18.111](https://github.com/inspec/inspec/tree/v4.18.111) (2020-05-05)
#### Bug Fixes
- Fix for warning when input is provided [#4995](https://github.com/inspec/inspec/pull/4995) ([clintoncwolfe](https://github.com/clintoncwolfe))
#### Merged Pull Requests
- Allows input and control to have the same name [#5001](https://github.com/inspec/inspec/pull/5001) ([Schwad](https://github.com/Schwad))
<!-- latest_release -->
<!-- release_rollup since=4.18.108 -->
### Changes since 4.18.108 release
#### Merged Pull Requests
- Allows input and control to have the same name [#5001](https://github.com/inspec/inspec/pull/5001) ([Schwad](https://github.com/Schwad)) <!-- 4.18.111 -->
- Updating automate reporter example config to valid json [#5010](https://github.com/inspec/inspec/pull/5010) ([devopsdina](https://github.com/devopsdina)) <!-- 4.18.110 -->
#### Bug Fixes
- Fix for warning when input is provided [#4995](https://github.com/inspec/inspec/pull/4995) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 4.18.109 -->
<!-- release_rollup -->

2
VERSION
View file

@ -1 +1 @@
4.18.109
4.18.111

10
docs/dev/plugins.md
View file

@ -330,11 +330,11 @@ end
## Implementing Reporter Plugins
Reporter plugins offer the opportunity to customize or create entirely new output formats for Chef InSpec. Reporter plugins operate at the very end of the Chef InSpec run, when all test data has been finalized.
Reporter plugins offer the opportunity to customize or create entirely new output formats for Chef InSpec. Reporter plugins operate at the very end of the Chef InSpec run when all test data has finalized.
### Declare your plugin activators
In your `plugin.rb`, include one or more `reporter` activation blocks. The activation block name will be matched against the value passed in to the `--reporter` option, and if one matches, your activator will fire (in which case it should load any needed libraries) and should return your implementation class.
In your `plugin.rb`, include one or more `reporter` activation blocks. The activation block name will be matched against the value passed into the `--reporter` option. If a match occurs, your activator will fire, which loads any needed libraries, and return your implementation class.
#### Reporter Activator Example
@ -353,7 +353,7 @@ module InspecPlugins::Sweeten
end
```
Like any activator, the block above will only be called if needed. For Reporter plugins, the plugin system examines the `--reporter` argument (or the `reporter:` JSON config option) looking for the activation name as a prefix. Multiple Reporter activations may occur if several different names match, though each activation will only occur once.
Like any activator, the block above will only be called if needed. For Reporter plugins, the plugin system examines the `--reporter` argument, or the `reporter:` JSON config option, and looks for the activation name as a prefix. Multiple Reporter activations may occur if several different names match, though each activation will only occur once.
```bash
you@machine $ inspec exec --reporter sweet # Your Reporter implementation is activated and executed
@ -378,11 +378,11 @@ end
#### Implement render()
The primary responsibility you must fulfill is to implement render. Typically, you will examine the `run_data` Hash (which is provided as an accessor). Call `output(String, newline_wanted = true)` to send output.
The primary responsibility you must fulfill is to implement render. Typically, you will examine the `run_data` Hash, which is provided as an accessor. Call `output(String, newline_wanted = true)` to send output.
#### The run_data structure
The `run_data` object contains all data from the Chef Inspec run. It is simply a Hash, but it has numerous fields and is often quite large; there is no specific documentation for the object at this time. See [the legacy JSON reporter](https://github.com/inspec/inspec/blob/2e887a94afcca819da781d4774aa2a5a0b56785e/lib/inspec/reporters/json.rb#L10) for one example of how to iterate over the object.
The `run_data` object contains all data from the Chef InSpec run. This object is a Hash, but includes many fields and is often large. No specific documentation exists for the `run_data` object. See [the legacy JSON reporter](https://github.com/inspec/inspec/blob/2e887a94afcca819da781d4774aa2a5a0b56785e/lib/inspec/reporters/json.rb#L10) for one example of how to iterate over the object.
## Implementing Input Plugins

18
docs/reporters.md
View file

@ -131,14 +131,16 @@ The `automate` reporter type is a special reporter used with [Chef Automate](htt
Example config:
```json
"reporter": {
"automate" : {
"stdout" : false,
"url" : "https://YOUR_A2_URL/data-collector/v0/",
"token" : "YOUR_A2_ADMIN_TOKEN",
"insecure" : true,
"node_name" : "inspec_test_node",
"environment" : "prod"
{
"reporter": {
"automate" : {
"stdout" : false,
"url" : "https://YOUR_A2_URL/data-collector/v0/",
"token" : "YOUR_A2_ADMIN_TOKEN",
"insecure" : true,
"node_name" : "inspec_test_node",
"environment" : "prod"
}
}
}
```

2
inspec-bin/lib/inspec-bin/version.rb
View file

@ -1,5 +1,5 @@
# This file managed by automation - do not edit manually
module InspecBin
INSPECBIN_ROOT = File.expand_path("../..", __FILE__)
VERSION = "4.18.109".freeze
VERSION = "4.18.111".freeze
end

2
lib/inspec/rule.rb
View file

@ -332,7 +332,7 @@ module Inspec
input_name = @__rule_id # TODO: control ID slugging
registry = Inspec::InputRegistry.instance
input = registry.inputs_by_profile.dig(__profile_id, input_name)
return unless input
return unless input && input.has_value? && input.value.is_a?(Hash)
# An InSpec Input is a datastructure that tracks a profile parameter
# over time. Its value can be set by many sources, and it keeps a

2
lib/inspec/version.rb
View file

@ -1,3 +1,3 @@
module Inspec
VERSION = "4.18.109".freeze
VERSION = "4.18.111".freeze
end

7
test/fixtures/profiles/waivers/namespace-clash/controls/namespace_clash.rb vendored Normal file
View file

@ -0,0 +1,7 @@
# This fixture tests for a regression found here: https://github.com/inspec/inspec/issues/4936
control '01_my_control' do
only_if { input('01_my_control', value: 'false') == 'false' }
describe true do
it { should eq true }
end
end

5
test/fixtures/profiles/waivers/namespace-clash/inspec.yml vendored Normal file
View file

@ -0,0 +1,5 @@
name: namespace-clash
summary: Verifies input and control namespace can safely clash
version: 0.1.0
supports:
platform: os

2
test/functional/inspec_exec_json_test.rb
View file

@ -176,8 +176,8 @@ describe "inspec exec with json formatter" do
"summary" => "Demonstrates the use of InSpec Compliance Profile",
"version" => "1.0.0",
"supports" => [{ "platform-family" => "unix" }, { "platform-family" => "windows" }],
"status" => "loaded",
"attributes" => [],
"status" => "loaded",
})
_(groups.sort_by { |x| x["id"] }).must_equal([

4
test/functional/inspec_exec_junit_test.rb
View file

@ -42,11 +42,11 @@ describe "inspec exec with junit formatter" do
describe "the test suite" do
let(:suite) { doc.elements.to_a("//testsuites/testsuite").first }
it "must have 6 testcase children" do
it "must have 4 testcase children" do
_(suite.elements.to_a("//testcase").length).must_equal 4
end
it "has the tests attribute with 5 total tests" do
it "has the tests attribute with 4 total tests" do
_(suite.attribute("tests").value).must_equal "4"
end

30
test/functional/waivers_test.rb
View file

@ -10,6 +10,23 @@ describe "waivers" do
let(:controls_by_id) { run_result; @json.dig("profiles", 0, "controls").map { |c| [c["id"], c] }.to_h }
let(:cmd) { "exec #{waivers_profiles_path}/#{profile_name} --input-file #{waivers_profiles_path}/#{profile_name}/files/#{waiver_file}" }
attr_accessor :out
def inspec(commandline, prefix = nil)
@stdout = @stderr = nil
self.out = super
end
def stdout
@stdout ||= out.stdout
.force_encoding(Encoding::UTF_8)
end
def stderr
@stderr ||= out.stderr
.force_encoding(Encoding::UTF_8)
end
def assert_test_outcome(expected, control_id)
assert_equal expected, controls_by_id.dig(control_id, "results", 0, "status")
end
@ -88,6 +105,19 @@ describe "waivers" do
end
end
describe "an input and control with the same name" do
# This is a test for a regression articulated here:
# https://github.com/inspec/inspec/issues/4936
it "can execute when control namespace clashes with input" do
inspec("exec " + "#{waivers_profiles_path}/namespace-clash" + " --no-create-lockfile" + " --no-color")
_(stdout).wont_include("Control Source Code Error")
_(stdout).must_include "\nProfile Summary: 1 successful control, 0 control failures, 0 controls skipped\n"
_(stderr).must_equal ""
assert_exit_code 0, out
end
end
describe "an inherited profile" do
let(:profile_name) { "waiver-wrapper" }
let(:waiver_file) { "waivers.yaml" }