From c3c648eeb9982c9820d6347930fea2e804ec1527 Mon Sep 17 00:00:00 2001 From: Christoph Hartmann Date: Sun, 4 Sep 2016 19:32:48 +0200 Subject: [PATCH 1/3] fix integration tests for usage with winrm v2 --- lib/resources/powershell.rb | 10 +++------- lib/resources/vbscript.rb | 18 +++++++++++++++++- test/integration/default/vbscript_spec.rb | 21 +++++++++++++-------- 3 files changed, 33 insertions(+), 16 deletions(-) diff --git a/lib/resources/powershell.rb b/lib/resources/powershell.rb index 61e2f8078..93c962e8e 100644 --- a/lib/resources/powershell.rb +++ b/lib/resources/powershell.rb @@ -22,13 +22,9 @@ module Inspec::Resources unless inspec.os.windows? return skip_resource 'The `script` resource is not supported on your OS yet.' end - - # encodes a script as base64 to run as powershell encodedCommand - # this comes with performance issues: @see https://gist.github.com/fnichol/7b20596b950e65fb96f9 - require 'winrm' - script = WinRM::PowershellScript.new(script) - cmd = "powershell -encodedCommand #{script.encoded}" - super(cmd) + # since WinRM 2.0 and the default use of powershell for local execution in + # train, we do not need to wrap the script here anymore + super(script) end # we cannot determine if a command exists, because that does not work for scripts diff --git a/lib/resources/vbscript.rb b/lib/resources/vbscript.rb index b55830b33..d0ed5ad96 100644 --- a/lib/resources/vbscript.rb +++ b/lib/resources/vbscript.rb @@ -2,6 +2,8 @@ # author: Christoph Hartmann # author: Dominik Richter +require 'securerandom' + module Inspec::Resources # This resource allows users to run vbscript on windows machines. We decided # not to use scriptcontrol, due to the fact that it works on 32 bit systems only: @@ -34,10 +36,11 @@ module Inspec::Resources def initialize(vbscript) return skip_resource 'The `vbscript` resource is not supported on your OS yet.' unless inspec.os.windows? - + @seperator = SecureRandom.uuid cmd = <<-EOH $vbscript = @" #{vbscript} +Wscript.Stdout.Write "#{@seperator}" "@ $filename = [System.IO.Path]::GetTempFileName() + ".vbs" New-Item $filename -type file -force -value $vbscript | Out-Null @@ -47,8 +50,21 @@ EOH super(cmd) end + def result + @result ||= parse_stdout + end + def to_s 'Windows VBScript' end + + private + + def parse_stdout + res = inspec.backend.run_command(@command) + parsed_result = res.stdout.gsub(/#{@seperator}\r\n$/, '') + res.stdout = parsed_result + res + end end end diff --git a/test/integration/default/vbscript_spec.rb b/test/integration/default/vbscript_spec.rb index 37f661155..34037d9a5 100644 --- a/test/integration/default/vbscript_spec.rb +++ b/test/integration/default/vbscript_spec.rb @@ -2,18 +2,23 @@ return unless os.windows? -# script that may have multiple lines -vbscript = <<-EOH - WScript.Echo "hello" -EOH - -describe vbscript(vbscript) do +describe vbscript("WScript.Echo \"hello\"") do its('stdout') { should eq "hello\r\n" } end -# remove whitespace \r\n from stdout +# script that may have multiple lines +vbscript = <<-EOH + WScript.Echo "hello" + Wscript.Stdout.Write "end" +EOH + describe vbscript(vbscript) do - its('strip') { should eq "hello" } + its('stdout') { should eq "hello\r\nend" } +end + +# remove whitespace from stdout +describe vbscript("WScript.Echo \"hello\"") do + its('strip') { should eq 'hello' } end # ensure that we do not require a newline From 73f93c2756ae3a14ff723e0602ee99c884a79484 Mon Sep 17 00:00:00 2001 From: Christoph Hartmann Date: Mon, 5 Sep 2016 12:12:34 +0200 Subject: [PATCH 2/3] fix powershell based unit tests --- test/helper.rb | 11 +++++------ test/unit/resources/powershell_test.rb | 14 ++++---------- test/unit/resources/vbscript_test.rb | 2 +- 3 files changed, 10 insertions(+), 17 deletions(-) diff --git a/test/helper.rb b/test/helper.rb index 643b70e1e..ef4be3c4b 100644 --- a/test/helper.rb +++ b/test/helper.rb @@ -146,9 +146,9 @@ class MockLoader 'Remove-Item win_secpol.cfg' => cmd.call('success'), 'env' => cmd.call('env'), '${Env:PATH}' => cmd.call('$env-PATH'), - # registry key test (winrm 1.6.0, 1.6.1) - 'dd429dd12596fa193ba4111469b4417ecbd78a1d7ba4317c334c9111644bae44' => cmd.call('reg_schedule'), - 'Fdd429dd12596fa193ba4111469b4417ecbd78a1d7ba4317c334c9111644bae44' => cmd.call('reg_schedule'), + # registry key test using winrm 2.0 + '2376c7b3d81de9382303356e1efdea99385effb84788562c3e697032d51bf942' => cmd.call('reg_schedule'), + 'F2376c7b3d81de9382303356e1efdea99385effb84788562c3e697032d51bf942' => cmd.call('reg_schedule'), 'Auditpol /get /subcategory:\'User Account Management\' /r' => cmd.call('auditpol'), '/sbin/auditctl -l' => cmd.call('auditctl'), '/sbin/auditctl -s' => cmd.call('auditctl-s'), @@ -210,8 +210,7 @@ class MockLoader # user info for freebsd 'pw usershow root -7' => cmd.call('pw-usershow-root-7'), # user info for windows (winrm 1.6.0, 1.6.1) - '650b6b72a66316418b25421a54afe21a230704558082914c54711904bb10e370' => cmd.call('GetUserAccount'), - '174686f0441b8dd387b35cf1cbeed3f98441544351de5d8fb7b54f655e75583f' => cmd.call('GetUserAccount'), + '1f2dd0691487fe7ca8169dfd764e0197e6303f17de416e7c1b7439aedef87ae7' => cmd.call('GetUserAccount'), # group info for windows 'Get-WmiObject Win32_Group | Select-Object -Property Caption, Domain, Name, SID, LocalAccount | ConvertTo-Json' => cmd.call('GetWin32Group'), # network interface @@ -248,7 +247,7 @@ class MockLoader # xinetd configuration 'find /etc/xinetd.d -type f' => cmd.call('find-xinetd.d'), # wmi test - "4762fab9e8180997634ae70aae6d5f59e641084111fb9f5e5bf2848a583aa5f5" => cmd.call('get-wmiobject'), + "2979ebeb80a475107d85411f109209a580ccf569071b3dc7acff030b8635c6b9" => cmd.call('get-wmiobject'), #user info on hpux "logins -x -l root" => cmd.call('logins-x'), #packages on hpux diff --git a/test/unit/resources/powershell_test.rb b/test/unit/resources/powershell_test.rb index 2260cae4b..3584d524b 100644 --- a/test/unit/resources/powershell_test.rb +++ b/test/unit/resources/powershell_test.rb @@ -14,19 +14,13 @@ describe 'Inspec::Resources::Powershell' do it 'check if `powershell` for windows is properly generated ' do resource = MockLoader.new(:windows).load_resource('powershell', ps1_script) - if Gem.loaded_specs['winrm'].version < Gem::Version.new('1.6.1') - _(resource.command).must_equal 'powershell -encodedCommand IAAgACAAIAAjACAAYwBhAGwAbAAgAGgAZQBsAHAAIABmAG8AcgAgAGcAZQB0ACAAYwBvAG0AbQBhAG4AZAAKACAAIAAgACAARwBlAHQALQBIAGUAbABwACAARwBlAHQALQBDAG8AbQBtAGEAbgBkAAoA' - else - _(resource.command).must_equal 'powershell -encodedCommand JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnADsAIAAgACAAIAAjACAAYwBhAGwAbAAgAGgAZQBsAHAAIABmAG8AcgAgAGcAZQB0ACAAYwBvAG0AbQBhAG4AZAAKACAAIAAgACAARwBlAHQALQBIAGUAbABwACAARwBlAHQALQBDAG8AbQBtAGEAbgBkAAoA' - end + # string should be the same + _(resource.command.to_s).must_equal ps1_script end it 'check if legacy `script` for windows is properly generated ' do resource = MockLoader.new(:windows).load_resource('script', ps1_script) - if Gem.loaded_specs['winrm'].version < Gem::Version.new('1.6.1') - _(resource.command).must_equal 'powershell -encodedCommand IAAgACAAIAAjACAAYwBhAGwAbAAgAGgAZQBsAHAAIABmAG8AcgAgAGcAZQB0ACAAYwBvAG0AbQBhAG4AZAAKACAAIAAgACAARwBlAHQALQBIAGUAbABwACAARwBlAHQALQBDAG8AbQBtAGEAbgBkAAoA' - else - _(resource.command).must_equal 'powershell -encodedCommand JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnADsAIAAgACAAIAAjACAAYwBhAGwAbAAgAGgAZQBsAHAAIABmAG8AcgAgAGcAZQB0ACAAYwBvAG0AbQBhAG4AZAAKACAAIAAgACAARwBlAHQALQBIAGUAbABwACAARwBlAHQALQBDAG8AbQBtAGEAbgBkAAoA' - end + # string should be the same + _(resource.command.to_s).must_equal ps1_script end end diff --git a/test/unit/resources/vbscript_test.rb b/test/unit/resources/vbscript_test.rb index 1f72c8a48..853a5d92a 100644 --- a/test/unit/resources/vbscript_test.rb +++ b/test/unit/resources/vbscript_test.rb @@ -13,6 +13,6 @@ describe 'Inspec::Resources::VbScript' do it 'check if `vbscript` for windows is properly generated ' do resource = MockLoader.new(:windows).load_resource('vbscript', vb_script) - _(resource.command).must_equal 'powershell -encodedCommand JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnADsAJAB2AGIAcwBjAHIAaQBwAHQAIAA9ACAAQAAiAAoAIAAgACAAIABXAFMAYwByAGkAcAB0AC4ARQBjAGgAbwAgACIAaABlAGwAbABvACAAdgBiAHMAYwByAGkAcAB0ACIACgAKACIAQAAKACQAZgBpAGwAZQBuAGEAbQBlACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBQAGEAdABoAF0AOgA6AEcAZQB0AFQAZQBtAHAARgBpAGwAZQBOAGEAbQBlACgAKQAgACsAIAAiAC4AdgBiAHMAIgAKAE4AZQB3AC0ASQB0AGUAbQAgACQAZgBpAGwAZQBuAGEAbQBlACAALQB0AHkAcABlACAAZgBpAGwAZQAgAC0AZgBvAHIAYwBlACAALQB2AGEAbAB1AGUAIAAkAHYAYgBzAGMAcgBpAHAAdAAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgBjAHMAYwByAGkAcAB0AC4AZQB4AGUAIAAvAG4AbwBsAG8AZwBvACAAJABmAGkAbABlAG4AYQBtAGUACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAkAGYAaQBsAGUAbgBhAG0AZQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgA=' + _(resource.command.to_s).must_include vb_script end end From 2dbcbb6cb1987905fa70d5840a8e9f4e7fabc213 Mon Sep 17 00:00:00 2001 From: Christoph Hartmann Date: Sun, 4 Sep 2016 19:32:18 +0200 Subject: [PATCH 3/3] update train and kitchen-inspec version to support winrm v2 --- Gemfile | 3 ++- inspec.gemspec | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index 3338657fd..3c40ef78e 100644 --- a/Gemfile +++ b/Gemfile @@ -29,7 +29,8 @@ group :integration do gem 'berkshelf', '~> 4.3' gem 'test-kitchen', '~> 1.6' gem 'kitchen-vagrant' - gem 'kitchen-inspec', '0.12.5' + # we need winrm v2 support >= 0.15.1 + gem 'kitchen-inspec', '>= 0.15.1' gem 'kitchen-ec2' gem 'kitchen-dokken' end diff --git a/inspec.gemspec b/inspec.gemspec index 334f9d882..30ceb8631 100644 --- a/inspec.gemspec +++ b/inspec.gemspec @@ -24,7 +24,7 @@ Gem::Specification.new do |spec| spec.test_files = spec.files.grep(%r{^(test|spec|features)/}) spec.require_paths = ['lib'] - spec.add_dependency 'train', '>=0.16.0', '<1.0' + spec.add_dependency 'train', '>=0.19.0', '<1.0' spec.add_dependency 'thor', '~> 0.19' spec.add_dependency 'json', '>= 1.8', '< 3.0' spec.add_dependency 'rainbow', '~> 2'