Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-09-20 14:31:58 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #5757 from inspec/vasundhara/add_proxy_parameter_to_http_resource

Browse source 
Add proxy parameter to http resource
This commit is contained in:
Clinton Wolfe 2021-12-14 04:30:06 -05:00 committed by GitHub
commit a8170b257c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 70 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
docs-chef-io/content/inspec/resources/http.md
View file

@ -168,6 +168,42 @@ Beginning with Chef InSpec 1.41, you can enable the ability to have the HTTP tes
...
end
### proxy
Specify a `proxy` to test by passing in the proxy URI or a hash of the proxy URI, a username, and password. Specify `disable` to ignore a proxy set as an environment variable.
You can include the username and password in the `proxy` parameter:
describe http('http://localhost:8080/ping', proxy: "http://username:password@www.example.com:3128") do
...
end
The `proxy` parameter also accepts proxy options in hash format:
describe http('http://localhost:8080/ping', proxy: { uri: 'http://www.example.com:3128', user: 'username', password: 'proxypassword'}) do
...
end
Use `disable` to ignore the proxy set in the environment variable:
describe http('http://localhost:8080/ping', proxy: 'disable') do
...
end
{{< note >}}
Windows remote targets do not accept username and password values in a string; use the hash format instead.
{{< /note >}}
{{< note >}}
Special characters in the URI must be converted to their UTF-8 equivalent when passed in to the `proxy` parameter as a string. For example, the string `http://username:bar@123@www.example.com:3128` must be passed in as `http://username:bar%40123@www.example.com:3128` instead.
Special characters may be passed into the hash format without conversion to UTF-8 characters.
{{< /note >}}
## Properties
### body

33
lib/inspec/resources/http.rb
View file

@ -121,6 +121,10 @@ module Inspec::Resources
def max_redirects
opts.fetch(:max_redirects, nil)
end
def proxy
opts.fetch(:proxy, nil)
end
end
class Local < Base
@ -141,12 +145,18 @@ module Inspec::Resources
def response
return @response if @response
Faraday.ignore_env_proxy = true if proxy == "disable"
conn = Faraday.new(url: url, headers: request_headers, params: params, ssl: { verify: ssl_verify? }) do |builder|
builder.request :url_encoded
builder.use FaradayMiddleware::FollowRedirects, limit: max_redirects unless max_redirects.nil?
builder.adapter Faraday.default_adapter
end
unless proxy == "disable" || proxy.nil?
conn.proxy = proxy
end
# set basic authentication
conn.basic_auth username, password unless username.nil? || password.nil?
@ -252,6 +262,14 @@ module Inspec::Resources
cmd << "-X #{http_method}"
end
cmd << "--noproxy '*'" if proxy == "disable"
unless proxy == "disable" || proxy.nil?
if proxy.is_a?(Hash)
cmd << "--proxy #{proxy[:uri]} --proxy-user #{proxy[:user]}:#{proxy[:password]}"
else
cmd << "--proxy #{proxy}"
end
end
cmd << "--connect-timeout #{open_timeout}"
cmd << "--max-time #{open_timeout + read_timeout}"
cmd << "--user \'#{username}:#{password}\'" unless username.nil? || password.nil?
@ -292,6 +310,17 @@ module Inspec::Resources
else
cmd << "'#{url}?#{params.map { |e| e.join("=") }.join("&")}'"
end
proxy_script = ""
unless proxy == "disable" || proxy.nil?
cmd << "-Proxy #{proxy[:uri]}"
cmd << "-ProxyCredential $proxyCreds"
proxy_script = <<-EOH
$secPasswd = ConvertTo-SecureString "#{proxy[:password]}" -AsPlainText -Force
$proxyCreds = New-Object System.Management.Automation.PSCredential -ArgumentList "#{proxy[:user]}",$secPasswd
EOH
end
command = cmd.join(" ")
body = "\'#{request_body}\'"
script = <<-EOH
@ -302,10 +331,10 @@ module Inspec::Resources
foreach ($property in $Body.PSObject.Properties) {
$HashTable[$property.Name] = $property.Value
}
$response = #{command} -Body $HashTable
$response = #{command} -Body $HashTable -UseBasicParsing
$response | Select-Object -Property * | ConvertTo-json # We use `Select-Object -Property * ` to get around an odd PowerShell error
EOH
script.strip
proxy_script.strip + "\n" + script.strip
end
end
end

6
test/helpers/mock_loader.rb
View file

@ -543,9 +543,9 @@ class MockLoader
"curl -i -X OPTIONS --connect-timeout 60 --max-time 120 -H 'Access-Control-Request-Method: GET' -H 'Access-Control-Request-Headers: origin, x-requested-with' -H 'Origin: http://www.example.com' 'http://www.example.com'" => cmd.call("http-remote-options-request"),
# http resource - windows
"$body = \n $Body = $body | ConvertFrom-Json\n #convert to hashtable\n $HashTable = @{}\n foreach ($property in $Body.PSObject.Properties) {\n $HashTable[$property.Name] = $property.Value\n }\n $response = Invoke-WebRequest -Method HEAD -TimeoutSec 120 'https://www.example.com' -Body $HashTable\n $response | Select-Object -Property * | ConvertTo-json # We use `Select-Object -Property * ` to get around an odd PowerShell error" => cmd.call("http-windows-remote-no-options"),
"$body = \n $Body = $body | ConvertFrom-Json\n #convert to hashtable\n $HashTable = @{}\n foreach ($property in $Body.PSObject.Properties) {\n $HashTable[$property.Name] = $property.Value\n }\n $response = Invoke-WebRequest -Method GET -TimeoutSec 120 'https://www.example.com' -Body $HashTable\n $response | Select-Object -Property * | ConvertTo-json # We use `Select-Object -Property * ` to get around an odd PowerShell error" => cmd.call("http-windows-remote-head"),
"$body = '{ \"a\" : \"1\", \"b\" : \"five\" }'\n $Body = $body | ConvertFrom-Json\n #convert to hashtable\n $HashTable = @{}\n foreach ($property in $Body.PSObject.Properties) {\n $HashTable[$property.Name] = $property.Value\n }\n $response = Invoke-WebRequest -Method POST -TimeoutSec 120 'https://www.example.com' -Body $HashTable\n $response | Select-Object -Property * | ConvertTo-json # We use `Select-Object -Property * ` to get around an odd PowerShell error" => cmd.call("http-windows-remote-head"),
"\n$body = \n $Body = $body | ConvertFrom-Json\n #convert to hashtable\n $HashTable = @{}\n foreach ($property in $Body.PSObject.Properties) {\n $HashTable[$property.Name] = $property.Value\n }\n $response = Invoke-WebRequest -Method HEAD -TimeoutSec 120 'https://www.example.com' -Body $HashTable -UseBasicParsing\n $response | Select-Object -Property * | ConvertTo-json # We use `Select-Object -Property * ` to get around an odd PowerShell error" => cmd.call("http-windows-remote-no-options"),
"\n$body = \n $Body = $body | ConvertFrom-Json\n #convert to hashtable\n $HashTable = @{}\n foreach ($property in $Body.PSObject.Properties) {\n $HashTable[$property.Name] = $property.Value\n }\n $response = Invoke-WebRequest -Method GET -TimeoutSec 120 'https://www.example.com' -Body $HashTable -UseBasicParsing\n $response | Select-Object -Property * | ConvertTo-json # We use `Select-Object -Property * ` to get around an odd PowerShell error" => cmd.call("http-windows-remote-head"),
"\n$body = '{ \"a\" : \"1\", \"b\" : \"five\" }'\n $Body = $body | ConvertFrom-Json\n #convert to hashtable\n $HashTable = @{}\n foreach ($property in $Body.PSObject.Properties) {\n $HashTable[$property.Name] = $property.Value\n }\n $response = Invoke-WebRequest -Method POST -TimeoutSec 120 'https://www.example.com' -Body $HashTable -UseBasicParsing\n $response | Select-Object -Property * | ConvertTo-json # We use `Select-Object -Property * ` to get around an odd PowerShell error" => cmd.call("http-windows-remote-head"),
# elasticsearch resource
"curl -H 'Content-Type: application/json' http://localhost:9200/_nodes" => cmd.call("elasticsearch-cluster-nodes-default"),
"curl -k -H 'Content-Type: application/json' http://localhost:9200/_nodes" => cmd.call("elasticsearch-cluster-no-ssl"),