fix compliance plugin

lib/bundles/inspec-compliance/target.rb

@@ -14,7 +14,7 @@ module Compliance
     name 'compliance'
     priority 500
 
-    def self.resolve(target, opts = {})
+    def self.resolve(target, _opts = {})
       # check for local scheme compliance://
       uri = URI(target)
       return nil unless URI(uri).scheme == 'compliance'
@@ -25,10 +25,8 @@ module Compliance
 
       # verifies that the target e.g base/ssh exists
       profile = uri.host + uri.path
-      Compliance::API.exist?(profile)
+      Compliance::API.exist?(config, profile)
-
+      super(target_url(config, profile), config)
-      opts['user'] = config['token']
-      super(target_url(config, profile), opts)
     rescue URI::Error => _e
       nil
     end

lib/fetchers/url.rb

@@ -65,10 +65,15 @@ module Fetchers
 
     # download url into archive using opts,
     # returns File object and content-type from HTTP headers
-    def self.download_archive(url, opts)
+    def self.download_archive(url, opts = {})
+      http_opts = {}
+      # http_opts['http_basic_authentication'] = [opts['user'] || '', opts['password'] || ''] if opts['user']
+      http_opts['ssl_verify_mode'.to_sym] = OpenSSL::SSL::VERIFY_NONE if opts['insecure']
+      http_opts['Authorization'] = "Bearer #{opts['token']}" if opts['token']
+
       remote = open(
         url,
-        http_basic_authentication: [opts['user'] || '', opts['password'] || ''],
+        http_opts,
       )
 
       content_type = remote.meta['content-type']