mirror of
https://github.com/inspec/inspec
synced 2024-11-10 15:14:23 +00:00
Merge branch 'cw/reporters-as-plugins' of github.com:inspec/inspec into cw/reporters-as-plugins
This commit is contained in:
commit
726a111dc1
12 changed files with 72 additions and 24 deletions
12
CHANGELOG.md
12
CHANGELOG.md
|
@ -1,15 +1,19 @@
|
|||
# Change Log
|
||||
<!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
|
||||
<!-- latest_release 4.18.109 -->
|
||||
## [v4.18.109](https://github.com/inspec/inspec/tree/v4.18.109) (2020-05-01)
|
||||
<!-- latest_release 4.18.111 -->
|
||||
## [v4.18.111](https://github.com/inspec/inspec/tree/v4.18.111) (2020-05-05)
|
||||
|
||||
#### Bug Fixes
|
||||
- Fix for warning when input is provided [#4995](https://github.com/inspec/inspec/pull/4995) ([clintoncwolfe](https://github.com/clintoncwolfe))
|
||||
#### Merged Pull Requests
|
||||
- Allows input and control to have the same name [#5001](https://github.com/inspec/inspec/pull/5001) ([Schwad](https://github.com/Schwad))
|
||||
<!-- latest_release -->
|
||||
|
||||
<!-- release_rollup since=4.18.108 -->
|
||||
### Changes since 4.18.108 release
|
||||
|
||||
#### Merged Pull Requests
|
||||
- Allows input and control to have the same name [#5001](https://github.com/inspec/inspec/pull/5001) ([Schwad](https://github.com/Schwad)) <!-- 4.18.111 -->
|
||||
- Updating automate reporter example config to valid json [#5010](https://github.com/inspec/inspec/pull/5010) ([devopsdina](https://github.com/devopsdina)) <!-- 4.18.110 -->
|
||||
|
||||
#### Bug Fixes
|
||||
- Fix for warning when input is provided [#4995](https://github.com/inspec/inspec/pull/4995) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 4.18.109 -->
|
||||
<!-- release_rollup -->
|
||||
|
|
2
VERSION
2
VERSION
|
@ -1 +1 @@
|
|||
4.18.109
|
||||
4.18.111
|
|
@ -330,11 +330,11 @@ end
|
|||
|
||||
## Implementing Reporter Plugins
|
||||
|
||||
Reporter plugins offer the opportunity to customize or create entirely new output formats for Chef InSpec. Reporter plugins operate at the very end of the Chef InSpec run, when all test data has been finalized.
|
||||
Reporter plugins offer the opportunity to customize or create entirely new output formats for Chef InSpec. Reporter plugins operate at the very end of the Chef InSpec run when all test data has finalized.
|
||||
|
||||
### Declare your plugin activators
|
||||
|
||||
In your `plugin.rb`, include one or more `reporter` activation blocks. The activation block name will be matched against the value passed in to the `--reporter` option, and if one matches, your activator will fire (in which case it should load any needed libraries) and should return your implementation class.
|
||||
In your `plugin.rb`, include one or more `reporter` activation blocks. The activation block name will be matched against the value passed into the `--reporter` option. If a match occurs, your activator will fire, which loads any needed libraries, and return your implementation class.
|
||||
|
||||
#### Reporter Activator Example
|
||||
|
||||
|
@ -353,7 +353,7 @@ module InspecPlugins::Sweeten
|
|||
end
|
||||
```
|
||||
|
||||
Like any activator, the block above will only be called if needed. For Reporter plugins, the plugin system examines the `--reporter` argument (or the `reporter:` JSON config option) looking for the activation name as a prefix. Multiple Reporter activations may occur if several different names match, though each activation will only occur once.
|
||||
Like any activator, the block above will only be called if needed. For Reporter plugins, the plugin system examines the `--reporter` argument, or the `reporter:` JSON config option, and looks for the activation name as a prefix. Multiple Reporter activations may occur if several different names match, though each activation will only occur once.
|
||||
|
||||
```bash
|
||||
you@machine $ inspec exec --reporter sweet # Your Reporter implementation is activated and executed
|
||||
|
@ -378,11 +378,11 @@ end
|
|||
|
||||
#### Implement render()
|
||||
|
||||
The primary responsibility you must fulfill is to implement render. Typically, you will examine the `run_data` Hash (which is provided as an accessor). Call `output(String, newline_wanted = true)` to send output.
|
||||
The primary responsibility you must fulfill is to implement render. Typically, you will examine the `run_data` Hash, which is provided as an accessor. Call `output(String, newline_wanted = true)` to send output.
|
||||
|
||||
#### The run_data structure
|
||||
|
||||
The `run_data` object contains all data from the Chef Inspec run. It is simply a Hash, but it has numerous fields and is often quite large; there is no specific documentation for the object at this time. See [the legacy JSON reporter](https://github.com/inspec/inspec/blob/2e887a94afcca819da781d4774aa2a5a0b56785e/lib/inspec/reporters/json.rb#L10) for one example of how to iterate over the object.
|
||||
The `run_data` object contains all data from the Chef InSpec run. This object is a Hash, but includes many fields and is often large. No specific documentation exists for the `run_data` object. See [the legacy JSON reporter](https://github.com/inspec/inspec/blob/2e887a94afcca819da781d4774aa2a5a0b56785e/lib/inspec/reporters/json.rb#L10) for one example of how to iterate over the object.
|
||||
|
||||
## Implementing Input Plugins
|
||||
|
||||
|
|
|
@ -131,14 +131,16 @@ The `automate` reporter type is a special reporter used with [Chef Automate](htt
|
|||
Example config:
|
||||
|
||||
```json
|
||||
"reporter": {
|
||||
"automate" : {
|
||||
"stdout" : false,
|
||||
"url" : "https://YOUR_A2_URL/data-collector/v0/",
|
||||
"token" : "YOUR_A2_ADMIN_TOKEN",
|
||||
"insecure" : true,
|
||||
"node_name" : "inspec_test_node",
|
||||
"environment" : "prod"
|
||||
{
|
||||
"reporter": {
|
||||
"automate" : {
|
||||
"stdout" : false,
|
||||
"url" : "https://YOUR_A2_URL/data-collector/v0/",
|
||||
"token" : "YOUR_A2_ADMIN_TOKEN",
|
||||
"insecure" : true,
|
||||
"node_name" : "inspec_test_node",
|
||||
"environment" : "prod"
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
# This file managed by automation - do not edit manually
|
||||
module InspecBin
|
||||
INSPECBIN_ROOT = File.expand_path("../..", __FILE__)
|
||||
VERSION = "4.18.109".freeze
|
||||
VERSION = "4.18.111".freeze
|
||||
end
|
||||
|
|
|
@ -332,7 +332,7 @@ module Inspec
|
|||
input_name = @__rule_id # TODO: control ID slugging
|
||||
registry = Inspec::InputRegistry.instance
|
||||
input = registry.inputs_by_profile.dig(__profile_id, input_name)
|
||||
return unless input
|
||||
return unless input && input.has_value? && input.value.is_a?(Hash)
|
||||
|
||||
# An InSpec Input is a datastructure that tracks a profile parameter
|
||||
# over time. Its value can be set by many sources, and it keeps a
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
module Inspec
|
||||
VERSION = "4.18.109".freeze
|
||||
VERSION = "4.18.111".freeze
|
||||
end
|
||||
|
|
7
test/fixtures/profiles/waivers/namespace-clash/controls/namespace_clash.rb
vendored
Normal file
7
test/fixtures/profiles/waivers/namespace-clash/controls/namespace_clash.rb
vendored
Normal file
|
@ -0,0 +1,7 @@
|
|||
# This fixture tests for a regression found here: https://github.com/inspec/inspec/issues/4936
|
||||
control '01_my_control' do
|
||||
only_if { input('01_my_control', value: 'false') == 'false' }
|
||||
describe true do
|
||||
it { should eq true }
|
||||
end
|
||||
end
|
5
test/fixtures/profiles/waivers/namespace-clash/inspec.yml
vendored
Normal file
5
test/fixtures/profiles/waivers/namespace-clash/inspec.yml
vendored
Normal file
|
@ -0,0 +1,5 @@
|
|||
name: namespace-clash
|
||||
summary: Verifies input and control namespace can safely clash
|
||||
version: 0.1.0
|
||||
supports:
|
||||
platform: os
|
|
@ -176,8 +176,8 @@ describe "inspec exec with json formatter" do
|
|||
"summary" => "Demonstrates the use of InSpec Compliance Profile",
|
||||
"version" => "1.0.0",
|
||||
"supports" => [{ "platform-family" => "unix" }, { "platform-family" => "windows" }],
|
||||
"status" => "loaded",
|
||||
"attributes" => [],
|
||||
"status" => "loaded",
|
||||
})
|
||||
|
||||
_(groups.sort_by { |x| x["id"] }).must_equal([
|
||||
|
|
|
@ -42,11 +42,11 @@ describe "inspec exec with junit formatter" do
|
|||
describe "the test suite" do
|
||||
let(:suite) { doc.elements.to_a("//testsuites/testsuite").first }
|
||||
|
||||
it "must have 6 testcase children" do
|
||||
it "must have 4 testcase children" do
|
||||
_(suite.elements.to_a("//testcase").length).must_equal 4
|
||||
end
|
||||
|
||||
it "has the tests attribute with 5 total tests" do
|
||||
it "has the tests attribute with 4 total tests" do
|
||||
_(suite.attribute("tests").value).must_equal "4"
|
||||
end
|
||||
|
||||
|
|
|
@ -10,6 +10,23 @@ describe "waivers" do
|
|||
let(:controls_by_id) { run_result; @json.dig("profiles", 0, "controls").map { |c| [c["id"], c] }.to_h }
|
||||
let(:cmd) { "exec #{waivers_profiles_path}/#{profile_name} --input-file #{waivers_profiles_path}/#{profile_name}/files/#{waiver_file}" }
|
||||
|
||||
attr_accessor :out
|
||||
|
||||
def inspec(commandline, prefix = nil)
|
||||
@stdout = @stderr = nil
|
||||
self.out = super
|
||||
end
|
||||
|
||||
def stdout
|
||||
@stdout ||= out.stdout
|
||||
.force_encoding(Encoding::UTF_8)
|
||||
end
|
||||
|
||||
def stderr
|
||||
@stderr ||= out.stderr
|
||||
.force_encoding(Encoding::UTF_8)
|
||||
end
|
||||
|
||||
def assert_test_outcome(expected, control_id)
|
||||
assert_equal expected, controls_by_id.dig(control_id, "results", 0, "status")
|
||||
end
|
||||
|
@ -88,6 +105,19 @@ describe "waivers" do
|
|||
end
|
||||
end
|
||||
|
||||
describe "an input and control with the same name" do
|
||||
# This is a test for a regression articulated here:
|
||||
# https://github.com/inspec/inspec/issues/4936
|
||||
it "can execute when control namespace clashes with input" do
|
||||
inspec("exec " + "#{waivers_profiles_path}/namespace-clash" + " --no-create-lockfile" + " --no-color")
|
||||
|
||||
_(stdout).wont_include("Control Source Code Error")
|
||||
_(stdout).must_include "\nProfile Summary: 1 successful control, 0 control failures, 0 controls skipped\n"
|
||||
_(stderr).must_equal ""
|
||||
assert_exit_code 0, out
|
||||
end
|
||||
end
|
||||
|
||||
describe "an inherited profile" do
|
||||
let(:profile_name) { "waiver-wrapper" }
|
||||
let(:waiver_file) { "waivers.yaml" }
|
||||
|
|
Loading…
Reference in a new issue