Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-09-20 14:31:58 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'master' into license-check

Browse source
This commit is contained in:
Miah Johnson 2019-06-19 11:46:23 -07:00 committed by GitHub
commit aa52697725
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
774 changed files with 18584 additions and 17644 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
.codeclimate.yml
View file

@ -2,6 +2,9 @@ version: "2"
checks:
file-lines:
enabled: false
identical-code:
config:
threshold: 40 # Unfortunately, we have a lot of duplicate code in places like lib/inspec/control_eval_context.rb
plugins:
fixme:
enabled: true
@ -11,10 +14,9 @@ plugins:
- rubocop:disable
flog:
enabled: true
config:
score_threshold: 30
markdownlint:
enabled: true
rubocop:
enabled: true
channel: rubocop-0-49
config:
file: .rubocop.yml
exclude_patterns:
- "www/source/javascripts/"

2
.expeditor/config.yml
View file

@ -8,6 +8,8 @@ rubygems:
- inspec-core
- inspec-bin:
gemspec_path: ./inspec-bin/
- inspec-core-bin:
gemspec_path: ./inspec-bin/
docker_images:
- inspec:

4
.expeditor/update_version.sh
View file

@ -6,5 +6,5 @@
set -evx
sed -i -r "s/VERSION = '.*'/VERSION = '$(cat VERSION)'/" lib/inspec/version.rb
sed -i -r "s/VERSION = '.*'/VERSION = '$(cat VERSION)'/" inspec-bin/lib/inspec-bin/version.rb
sed -i -r "s/VERSION = \".*\"/VERSION = \"$(cat VERSION)\"/" lib/inspec/version.rb
sed -i -r "s/VERSION = \".*\"/VERSION = \"$(cat VERSION)\"/" inspec-bin/lib/inspec-bin/version.rb

11
.github/stale.yml vendored
View file

@ -1,7 +1,7 @@
# Number of days of inactivity before an issue becomes stale
daysUntilStale: 365
# Number of days of inactivity before a stale issue is closed
daysUntilClose: false
daysUntilClose: 400
# Issues with these labels will never be considered stale
exemptLabels:
- "Aspect: Security"
@ -11,8 +11,11 @@ staleLabel: Stale
# Comment to post when marking an issue as stale. Set to `false` to disable
markComment: >
This issue has been automatically marked as stale because it has not had
recent activity. It will be closed if no further activity occurs.
recent activity. It will be closed if no further activity occurs.
We value your input and contribution.
Please leave a comment if this issue still affects you.
Please leave a comment if this issue still affects you.
# Comment to post when closing a stale issue. Set to `false` to disable
closeComment: false
closeComment: >
This issue has been automatically closed after being stale for 400 days.
We still value your input and contribution.
Please re-open the issue if desired and leave a comment with details.

60
.gitignore vendored
View file

@ -1,42 +1,40 @@
Gemfile.lock
Gemfile.local
coverage
*.gem
.attribute.yml
.bundle
.delivery/cli.toml
.gallery
.kitchen
.delivery/cli.toml
Berksfile.lock
.bundle
.librarian
Puppetfile.lock
.kitchen.local.yml
kitchen.local.yml
profile.tar.gz
omnibus/.cache
omnibus/pkg
test/**/*.lock
.librarian
.terraform/
/.direnv
/.envrc
/.ruby-gemset
/.ruby-version
/Berksfile.lock
/Gemfile.local
Gemfile.lock
Puppetfile.lock
contrib/*
coverage
examples/**/*.lock
examples/meta-profile/vendor/
habitat/VERSION
habitat/results
/.ruby-gemset
/.ruby-version
/.direnv
/.envrc
results/
www/source/index.html.slim
www/Gemfile.lock
meta-profile-0.2.0.tar.gz
profile-1.0.0.tar.gz
.attribute.yml
.terraform/
terraform.tfvars
terraform.tfstate*
terraform.tfstate.backup
inspec-azure.plan
inspec-aws-*.plan
contrib/*
inspec-azure.plan
inspec-deprecations-in-cfg.txt
inspec-deprecations-in-lib.txt
kitchen.local.yml
meta-profile-0.2.0.tar.gz
omnibus/.cache
omnibus/pkg
profile-1.0.0.tar.gz
profile.tar.gz
results/
terraform.tfstate*
terraform.tfstate.backup
terraform.tfvars
test/**/*.lock
www/Gemfile.lock
www/source/index.html.slim

1
.mdlrc Normal file
View file

@ -0,0 +1 @@
line-length false

116
.rubocop.yml
View file

@ -1,112 +1,8 @@
---
AllCops:
DisplayCopNames: true
TargetRubyVersion: 2.4
Exclude:
- Gemfile
- Rakefile
- 'test/**/*'
- 'lib/plugins/*/test/**/*'
- 'lib/plugins/inspec-init/templates/**/*'
# This is delicate; we want to include examples/plugins/*/lib
# but not anything else.
- 'examples/*profile*/**/*'
- 'examples/kitchen*/**/*'
- 'examples/inheritance/**/*'
- 'examples/custom-resource/**/*'
- 'examples/plugins/*/test/**/*'
- 'vendor/**/*'
- 'lib/bundles/inspec-init/templates/**/*'
- 'www/demo/**/*'
AlignParameters:
Enabled: true
BlockDelimiters:
Enabled: false
Documentation:
Enabled: false
EmptyLinesAroundBlockBody:
Enabled: false
FrozenStringLiteralComment:
Enabled: false
HashSyntax:
Enabled: true
LineLength:
Enabled: false
Layout/AlignHash:
Enabled: false
Layout/EmptyLineAfterMagicComment:
Enabled: false
Layout/EndOfLine:
Enabled: true
EnforcedStyle: lf
Layout/SpaceAroundOperators:
Enabled: false
MethodLength:
Max: 40
Metrics/AbcSize:
Max: 33
Metrics/BlockLength:
Max: 50
Metrics/ClassLength:
Enabled: false
Metrics/CyclomaticComplexity:
Max: 10
Metrics/PerceivedComplexity:
Max: 11
NumericLiterals:
MinDigits: 10
Performance/RegexpMatch:
Enabled: false
Security/YAMLLoad:
Enabled: false
Style/AndOr:
Enabled: false
Style/BracesAroundHashParameters:
Enabled: false
Style/ClassAndModuleChildren:
Enabled: false
Style/ConditionalAssignment:
Enabled: false
Style/EmptyMethod:
Enabled: false
Style/Encoding:
Enabled: false
Style/FileName:
Enabled: false
Style/GuardClause:
Enabled: false
Style/IfUnlessModifier:
Enabled: false
Style/MethodMissing:
Enabled: false
Style/MultilineIfModifier:
Enabled: false
Style/NegatedIf:
Enabled: false
Style/Not:
Enabled: false
Style/NumericLiteralPrefix:
Enabled: false
Style/NumericPredicate:
Enabled: false
Style/PercentLiteralDelimiters:
PreferredDelimiters:
'%': '{}'
'%i': ()
'%q': '{}'
'%Q': ()
'%r': '{}'
'%s': ()
'%w': '{}'
'%W': ()
'%x': ()
Style/PredicateName:
Enabled: false
Style/SymbolArray:
Enabled: false
Style/TrailingCommaInArguments:
EnforcedStyleForMultiline: comma
Style/TrailingCommaInLiteral:
EnforcedStyleForMultiline: comma
Style/UnlessElse:
Enabled: false
- 'test/integration/**/controls/**/*.rb'
- 'test/unit/mock/profiles/**/*.rb'
- 'test/unit/mock/config_dirs/**/*.rb'
- 'lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/**/*'
- 'examples/**/controls/*.rb'
- 'vendor/bundle/**/*'

124
.travis.yml
View file

@ -1,110 +1,50 @@
branches:
only:
- master
- 3-stable
- /.*-stable/
- /cw.*/
- /mj.*/
- /zenspider.*/
language: ruby
cache:
- bundler
- directories:
bundler: true
directories:
- /home/travis/.rvm
dist: xenial
os:
- linux
- osx
services:
- docker
bundler_args: "--without integration tools maintenance deploy"
bundler_args: "--without tools maintenance deploy"
before_install:
- gem update --system
- "gem update --system '3.0'"
- gem --version
- bundle --version
env:
- SLOW=1
- SLOW=1 NO_AWS=1
- CI_ENABLE_COVERAGE=true SLOW=1
script: bundle exec rake $SUITE
matrix:
fast_finish: true
exclude:
- os: osx
env: CI_ENABLE_COVERAGE=true SLOW=1
- os: linux
env: SLOW=1 NO_AWS=1
include:
- rvm: 2.4.5
env: UNIT_TESTS_24=1
- rvm: 2.5.5
env: UNIT_TESTS_25=1
- rvm: 2.6.3
env: UNIT_TESTS_26=1
- rvm: 2.5.5
- rvm: 2.4.5
script: bundle exec rake $SUITE
env: SUITE="test:functional"
- rvm: 2.5.5
script: bundle exec rake $SUITE
env: SUITE="test:functional"
- rvm: 2.6.2
script: bundle exec rake $SUITE
env: SUITE="test:functional"
- rvm: 2.5.5
script: bundle exec rake $SUITE
bundler_args: "--without tools maintenance deploy"
env: SUITE=test:integration[default-ubuntu-1604]
- rvm: 2.5.5
script: bundle exec rake $SUITE
bundler_args: "--without tools maintenance deploy"
env: SUITE=test:integration[default-ubuntu-1804]
- rvm: 2.5.5
script: bundle exec rake $SUITE
bundler_args: "--without tools maintenance deploy"
env: SUITE=test:integration[default-centos-6]
- rvm: 2.5.5
script: bundle exec rake $SUITE
bundler_args: "--without tools maintenance deploy"
env: SUITE=test:integration[default-centos-7]
- rvm: 2.5.5
script: bundle exec rake $SUITE
bundler_args: "--without tools maintenance deploy"
env: SUITE=test:integration[default-debian-8]
- rvm: 2.5.5
script: bundle exec rake $SUITE
bundler_args: "--without tools maintenance deploy"
env: SUITE=test:integration[default-debian-9]
- rvm: 2.5.5
script: bundle exec rake $SUITE
bundler_args: "--without tools maintenance deploy"
env: SUITE=test:integration[default-debian-10]
- rvm: 2.5.5
script: bundle exec rake $SUITE
bundler_args: "--without tools maintenance deploy"
env: SUITE=test:integration[default-oraclelinux-6]
- rvm: 2.5.5
script: bundle exec rake $SUITE
bundler_args: "--without tools maintenance deploy"
env: SUITE=test:integration[default-oraclelinux-7]
- rvm: 2.5.5
script: bundle exec rake $SUITE
bundler_args: "--without tools maintenance deploy"
env: SUITE=test:integration[default-fedora-29]
- rvm: 2.4.5
sudo: false
cache:
apt: true
bundle: true
addons:
apt:
packages:
- curl
- nodejs
env:
- AFFECTED_DIRS="www"
- secure: "jdzXUhP1o7RkfSikZLKgUcCIaKqLjqWa35dnxWnz7qAQ2draRKa7I7cXmUv76BZkW8HBUUH11dOi8YOVxPYPOzaqvcTCfqNqGVxsT9epgWa7rA8aXMXkECp548ry1rYJQpti9zpwsoe2GQyNPr9vNiWMiyj51CaABmZ6JzmFEEqlZc8vqpqWeqJvIqaibQGk7ByLKmi4R44fVwFKIG39RuxV+alc/G4nnQ2zmNTFuy8uFGs5EghQvRytzWY+s2AKtDiZ0YXYOII1Nl1unXNnNoQt9oI209ztlSm1+XOuTPelW6bEIx5i7OZFaSRPgJzWnkGN85C9nBE08L2az9Jz18/rYJF4fdVRttdGskueyYI21lh1FwlAg51ZG0RfLTYk2Pq+k4c+NO1cfmGcaXBwihfD5BWqrILU5HHkYszXCSmgl4hscC7/BS4Kgcq2z32JJwV8B+x4XngM0G4uzIn1Soia3lZXEKdnfVsxFDdMQ7FK60F3uQlq/44LRkZujRhqfAKOiz+0tsLexWzj7wK+DJY9Y00CUfh7xcxRxDxFNpOv1FWYFB9lUlaOt3HDHgUoksqbURiUzhOZZzTE/1MAtF2K6mbpME5CbN08J88L5JBlb+CX79XCzj30lNMeS0I/dCRQEmkygr2eJYxvRO2qsBNuphs4SWk8NZyS/llVZFI="
before_install: ./support/ci/fast_pass.sh || exit 0
script: ./support/ci/deploy_website_to_acceptance.sh
- env: SUITE=test:integration[default-ubuntu-1604]
- env: SUITE=test:integration[default-ubuntu-1804]
- env: SUITE=test:integration[default-centos-6]
- env: SUITE=test:integration[default-centos-7]
- env: SUITE=test:integration[default-debian-8]
- env: SUITE=test:integration[default-debian-9]
- env: SUITE=test:integration[default-debian-10]
- env: SUITE=test:integration[default-oraclelinux-6]
- env: SUITE=test:integration[default-oraclelinux-7]
- env: SUITE=test:integration[default-fedora-29]
allow_failures:
- env:
- AFFECTED_DIRS="www"
- secure: "jdzXUhP1o7RkfSikZLKgUcCIaKqLjqWa35dnxWnz7qAQ2draRKa7I7cXmUv76BZkW8HBUUH11dOi8YOVxPYPOzaqvcTCfqNqGVxsT9epgWa7rA8aXMXkECp548ry1rYJQpti9zpwsoe2GQyNPr9vNiWMiyj51CaABmZ6JzmFEEqlZc8vqpqWeqJvIqaibQGk7ByLKmi4R44fVwFKIG39RuxV+alc/G4nnQ2zmNTFuy8uFGs5EghQvRytzWY+s2AKtDiZ0YXYOII1Nl1unXNnNoQt9oI209ztlSm1+XOuTPelW6bEIx5i7OZFaSRPgJzWnkGN85C9nBE08L2az9Jz18/rYJF4fdVRttdGskueyYI21lh1FwlAg51ZG0RfLTYk2Pq+k4c+NO1cfmGcaXBwihfD5BWqrILU5HHkYszXCSmgl4hscC7/BS4Kgcq2z32JJwV8B+x4XngM0G4uzIn1Soia3lZXEKdnfVsxFDdMQ7FK60F3uQlq/44LRkZujRhqfAKOiz+0tsLexWzj7wK+DJY9Y00CUfh7xcxRxDxFNpOv1FWYFB9lUlaOt3HDHgUoksqbURiUzhOZZzTE/1MAtF2K6mbpME5CbN08J88L5JBlb+CX79XCzj30lNMeS0I/dCRQEmkygr2eJYxvRO2qsBNuphs4SWk8NZyS/llVZFI="
notifications:
slack:
secure: zwOu1gWt8wBDzlhXrYJ39jBDYTYj4Zb8/Z5XH6PalFOyYBytOLYqmpPzxw5KTzFapmcxYt1/biViX25+zapSSmDBuDa94ZneaXuCZAPXX0UJb82ORALMDsdbV1TkkS4Q6N4soigLJ5UaJwIgkZze9VtXeUvo3g8L8+mDYX4J0Poi7Kf/f1KZycNhgaVs7N/i2AI3lBeiVJv+giQbA99OR5dxPzkbx1BeZCK+W+YEPFmg1xycAItiHq0unT+kBN4pm9gW8TT1s/ZucUsKVu6Q8inw5N0PjZwboOkqsQFi5BweVicZBcbOVsW3Xs/f8DX2G823y73Al3QQg+ENxnIpizsHfjE+YzXUVsZ7v/UdsOq01Khxz1GK/X/PYrvIdHQKBwZ86RPJP61BvGIaQ4Hy6f9z+o2Tl/EaAmiOMScpdFi7sMskm8xknI0G24ZG5hkd7XNQ1eVvu33dvs+u12DsBGIylnwrppMDGnh022I5Hg8pS9tJ9gAsJlSFoIBn/yOryoFYb4avB8ujvN6+8cbZgkQ41k6ydqCHk2DxWmhsM4dUVXqC36sOePDE8a/DK5uQ057DSai5M+go5LeEJyK5r4fT5nbTk3nW6CGH0k2bPGWH5aP22mSKB9r2alDzqVfVyArfgtBIX2OXS/cZLER26a1EcB4mf3PMPDB06Aekyj0=
on_success: change
on_failure: always
on_pull_requests: false
deploy:
provider: rubygems
on:
tags: true
api_key:
secure: uI2Zy3z4ljvOoG/6E4XPmSDg4QX5jmUfp6N9lzOfOosuZGjiGG6cWe4QMfidIz4/B5Ctp9X78bYCPxLkhCPmY9qcsR6eimQsC5AwGJhQF2Fz5fSX12LO+P4H7bis/A7cP+6QYNU8n9oXy6MYIdaw8aLJoEK4tKlNueWYhKG99O1taiF6qXsKkuNXZW7LT3B774IRCK0+BUknfW22ksAOeSpk10dkPXW5lEluXq/Q60L6+Cy01Yix1gLNav7ftMeOtE968mK3L1mzf0L3q8Tih3PLwEzYZRYQRTsd8f1J6XmNZtpdW5QiehvX08ZiFT28Dx15GMp5OKc7TnfU5avm8ryxFJB8xfdrkwNPf/UB3z1IVpHIJ6ZQlHDaiJBL429ZgYSCwrdk71IHWaAK4zSuOZyE+y9EmXbdgLLMgY6QIVrgoBLzzHLCQADXchrMaYR8LIkKI5euOfl3d96sSqXrIN/v1LSlPG/Z1LVO07cYarVGy3J/iM5aTghw3ixZcdlepGrU9DIxe7kRhmz7OLDGTZiPyRzXX1IRjaxSBMGmQSJVv6+r2UJRLmpC3W+1ysXY7nZtffzrFXHGacyvcIHxm8KSPvHgfloPvgFeebcTHcly50TOcZuBc4ZF9HZwWR5lEg/1OX5puBYE7IYfLyFm48+pqFk++tbn2glE742BhkY=
- env: CI_ENABLE_COVERAGE=true SLOW=1

6
Berksfile
View file

@ -1,4 +1,4 @@
source 'https://supermarket.chef.io'
source "https://supermarket.chef.io"
cookbook 'audit'
cookbook 'os_prepare', path: './test/cookbooks/os_prepare'
cookbook "audit"
cookbook "os_prepare", path: "./test/cookbooks/os_prepare"

200
CHANGELOG.md
View file

@ -1,96 +1,123 @@
# Change Log
<!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
<!-- latest_release 4.4.65 -->
## [v4.4.65](https://github.com/inspec/inspec/tree/v4.4.65) (2019-05-31)
#### Merged Pull Requests
- Remove all leading newlines. [#4152](https://github.com/inspec/inspec/pull/4152) ([miah](https://github.com/miah))
<!-- latest_release -->
<!-- latest_release -->
<!-- release_rollup since=4.3.2 -->
### Changes since 4.3.2 release
#### Bug Fixes
- inspec check: Send log to STDERR when running with --format json [#4001](https://github.com/inspec/inspec/pull/4001) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 4.4.55 -->
#### New Features
- Rename &#39;attribute&#39; DSL method to &#39;input&#39; [#4008](https://github.com/inspec/inspec/pull/4008) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 4.4.0 -->
#### Enhancements
- Add missing tests for DataSeries#enabled? #disable [#4036](https://github.com/inspec/inspec/pull/4036) ([miah](https://github.com/miah)) <!-- 4.4.5 -->
- Improve testing on inputs that do not have values [#4007](https://github.com/inspec/inspec/pull/4007) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 4.4.0 -->
- Add inspec-*-bin to the plugin filter list [#4018](https://github.com/inspec/inspec/pull/4018) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 4.3.5 -->
#### Merged Pull Requests
- Remove all leading newlines. [#4152](https://github.com/inspec/inspec/pull/4152) ([miah](https://github.com/miah)) <!-- 4.4.65 -->
- Mention inspec-bin gem in installation instructions [#4163](https://github.com/inspec/inspec/pull/4163) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 4.4.64 -->
- Replace Jenkins omnibus build/test pipeline with Buildkite [#4169](https://github.com/inspec/inspec/pull/4169) ([jeremiahsnapp](https://github.com/jeremiahsnapp)) <!-- 4.4.63 -->
- This should fix our licensing failures [#4165](https://github.com/inspec/inspec/pull/4165) ([zenspider](https://github.com/zenspider)) <!-- 4.4.62 -->
- Update sunset messages on 2 resources [#4164](https://github.com/inspec/inspec/pull/4164) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 4.4.61 -->
- Clean unnecessary requires [#4142](https://github.com/inspec/inspec/pull/4142) ([zenspider](https://github.com/zenspider)) <!-- 4.4.61 -->
- Windows fixes [#4159](https://github.com/inspec/inspec/pull/4159) ([zenspider](https://github.com/zenspider)) <!-- 4.4.60 -->
- Make travis green again [#4160](https://github.com/inspec/inspec/pull/4160) ([zenspider](https://github.com/zenspider)) <!-- 4.4.59 -->
- Cache the .rvm directory in travis [#4153](https://github.com/inspec/inspec/pull/4153) ([miah](https://github.com/miah)) <!-- 4.4.58 -->
- Dist branding for some of plugins [#4136](https://github.com/inspec/inspec/pull/4136) ([artem-sidorenko](https://github.com/artem-sidorenko)) <!-- 4.4.57 -->
- Remove authors tags from source files. [#4147](https://github.com/inspec/inspec/pull/4147) ([miah](https://github.com/miah)) <!-- 4.4.56 -->
- Move utils under inspec directory namespace [#4063](https://github.com/inspec/inspec/pull/4063) ([miah](https://github.com/miah)) <!-- 4.4.54 -->
- Update author/email tags in gemspec [#4137](https://github.com/inspec/inspec/pull/4137) ([miah](https://github.com/miah)) <!-- 4.4.53 -->
- Extracting mock_loader to its own helper file. [#4141](https://github.com/inspec/inspec/pull/4141) ([zenspider](https://github.com/zenspider)) <!-- 4.4.52 -->
- supermakert -&gt; supermarket [#4140](https://github.com/inspec/inspec/pull/4140) ([zenspider](https://github.com/zenspider)) <!-- 4.4.51 -->
- No tabs. [#4143](https://github.com/inspec/inspec/pull/4143) ([zenspider](https://github.com/zenspider)) <!-- 4.4.50 -->
- Flag `rubocop:disable` comments as something to be fixed. [#4123](https://github.com/inspec/inspec/pull/4123) ([miah](https://github.com/miah)) <!-- 4.4.49 -->
- GCP Update for InSpec Cloud Platform documentation [#4122](https://github.com/inspec/inspec/pull/4122) ([mjingle](https://github.com/mjingle)) <!-- 4.4.48 -->
- Fix github url regex. Add period for repo [#4089](https://github.com/inspec/inspec/pull/4089) ([mirskiy](https://github.com/mirskiy)) <!-- 4.4.47 -->
- Ensure AwsResourceMixin returns a resource name in deprecation message [#4104](https://github.com/inspec/inspec/pull/4104) ([miah](https://github.com/miah)) <!-- 4.4.46 -->
- Minor require cleanup for telemetry. [#4107](https://github.com/inspec/inspec/pull/4107) ([zenspider](https://github.com/zenspider)) <!-- 4.4.45 -->
- Fixed missing requires. [#4100](https://github.com/inspec/inspec/pull/4100) ([zenspider](https://github.com/zenspider)) <!-- 4.4.44 -->
- Delete test/unit/helper.rb [#4108](https://github.com/inspec/inspec/pull/4108) ([zenspider](https://github.com/zenspider)) <!-- 4.4.43 -->
- Stop using method(...).call(...) [#4115](https://github.com/inspec/inspec/pull/4115) ([zenspider](https://github.com/zenspider)) <!-- 4.4.42 -->
- Clean more requires [#4116](https://github.com/inspec/inspec/pull/4116) ([zenspider](https://github.com/zenspider)) <!-- 4.4.41 -->
- Just use math. [#4113](https://github.com/inspec/inspec/pull/4113) ([zenspider](https://github.com/zenspider)) <!-- 4.4.40 -->
- Clean up API doco [#4114](https://github.com/inspec/inspec/pull/4114) ([zenspider](https://github.com/zenspider)) <!-- 4.4.39 -->
- Add support for Gemfile.local [#4105](https://github.com/inspec/inspec/pull/4105) ([zenspider](https://github.com/zenspider)) <!-- 4.4.38 -->
- Fix missing requires in toml, postgres_conf resources [#4119](https://github.com/inspec/inspec/pull/4119) ([miah](https://github.com/miah)) <!-- 4.4.37 -->
- json was required twice. [#4118](https://github.com/inspec/inspec/pull/4118) ([miah](https://github.com/miah)) <!-- 4.4.36 -->
- Fixes a test interaction bug between installer and loader. [#4111](https://github.com/inspec/inspec/pull/4111) ([zenspider](https://github.com/zenspider)) <!-- 4.4.35 -->
- This needed to be a flat_map because :profiles was an array. [#4110](https://github.com/inspec/inspec/pull/4110) ([zenspider](https://github.com/zenspider)) <!-- 4.4.34 -->
- Fix @unique_controls uninitialized warning [#4079](https://github.com/inspec/inspec/pull/4079) ([miah](https://github.com/miah)) <!-- 4.4.33 -->
- Turn off logging in our test. [#4103](https://github.com/inspec/inspec/pull/4103) ([zenspider](https://github.com/zenspider)) <!-- 4.4.32 -->
- Use #key? rather than #has_key? in profile_name ternary [#4101](https://github.com/inspec/inspec/pull/4101) ([miah](https://github.com/miah)) <!-- 4.4.31 -->
- Fix @profile_name not initialized [#4081](https://github.com/inspec/inspec/pull/4081) ([miah](https://github.com/miah)) <!-- 4.4.30 -->
- Fix circular require in telemetry [#4083](https://github.com/inspec/inspec/pull/4083) ([miah](https://github.com/miah)) <!-- 4.4.29 -->
- Fix up sporadically failing tests and ensure tests can run independently [#4031](https://github.com/inspec/inspec/pull/4031) ([zenspider](https://github.com/zenspider)) <!-- 4.4.28 -->
- Updates the init profile description to show proper usage [#4085](https://github.com/inspec/inspec/pull/4085) ([burtlo](https://github.com/burtlo)) <!-- 4.4.27 -->
- `rubocop -a` on kitchen directory [#4082](https://github.com/inspec/inspec/pull/4082) ([miah](https://github.com/miah)) <!-- 4.4.26 -->
- Remove the deprecated linux_kernel_parameter resource test [#4078](https://github.com/inspec/inspec/pull/4078) ([tas50](https://github.com/tas50)) <!-- 4.4.25 -->
- Build the InSpec gem directly in Kitchen so we can run locally [#4077](https://github.com/inspec/inspec/pull/4077) ([tas50](https://github.com/tas50)) <!-- 4.4.24 -->
- Add kitchen rake testing [#4076](https://github.com/inspec/inspec/pull/4076) ([lamont-granquist](https://github.com/lamont-granquist)) <!-- 4.4.23 -->
- Cleanup and fix failing Kitchen tests [#4074](https://github.com/inspec/inspec/pull/4074) ([tas50](https://github.com/tas50)) <!-- 4.4.22 -->
- Upgrade to Ruby 2.6.3 [#4073](https://github.com/inspec/inspec/pull/4073) ([tas50](https://github.com/tas50)) <!-- 4.4.21 -->
- Update our Code of Conduct [#4072](https://github.com/inspec/inspec/pull/4072) ([miah](https://github.com/miah)) <!-- 4.4.20 -->
- Include info about Chef License Requirements [#4071](https://github.com/inspec/inspec/pull/4071) ([mjingle](https://github.com/mjingle)) <!-- 4.4.19 -->
- Removed unneeded &#39;supports: windows&#39; [#4052](https://github.com/inspec/inspec/pull/4052) ([aaronlippold](https://github.com/aaronlippold)) <!-- 4.4.18 -->
- Make the postgres resource more defensive [#4037](https://github.com/inspec/inspec/pull/4037) ([alexpop](https://github.com/alexpop)) <!-- 4.4.17 -->
- Add codeclimate to our pipeline [#4044](https://github.com/inspec/inspec/pull/4044) ([miah](https://github.com/miah)) <!-- 4.4.16 -->
- Emergency test fixes! [#4066](https://github.com/inspec/inspec/pull/4066) ([zenspider](https://github.com/zenspider)) <!-- 4.4.15 -->
- Remove more magic comments [#4050](https://github.com/inspec/inspec/pull/4050) ([miah](https://github.com/miah)) <!-- 4.4.14 -->
- Fix broken tests after removing magic comments. [#4046](https://github.com/inspec/inspec/pull/4046) ([miah](https://github.com/miah)) <!-- 4.4.13 -->
- Wrap resources in backticks and remove resource name capitalizing [#4043](https://github.com/inspec/inspec/pull/4043) ([alexpop](https://github.com/alexpop)) <!-- 4.4.12 -->
- Relocate core resources from lib/resources to lib/inspec/resources [#4042](https://github.com/inspec/inspec/pull/4042) ([miah](https://github.com/miah)) <!-- 4.4.11 -->
- Convert Chef EULA to a local file [#4045](https://github.com/inspec/inspec/pull/4045) ([btm](https://github.com/btm)) <!-- 4.4.10 -->
- Configure expeditor to delete the branch after it is merged. [#4024](https://github.com/inspec/inspec/pull/4024) ([miah](https://github.com/miah)) <!-- 4.4.9 -->
- Remove `# encoding: utf8` magic comments [#4041](https://github.com/inspec/inspec/pull/4041) ([miah](https://github.com/miah)) <!-- 4.4.8 -->
- Add Coveralls.io support to InSpec [#3988](https://github.com/inspec/inspec/pull/3988) ([miah](https://github.com/miah)) <!-- 4.4.7 -->
- Enable user telemetry opt-in / opt-out on cli [#4025](https://github.com/inspec/inspec/pull/4025) ([miah](https://github.com/miah)) <!-- 4.4.6 -->
- First step to get inspec names changeable [#3954](https://github.com/inspec/inspec/pull/3954) ([artem-sidorenko](https://github.com/artem-sidorenko)) <!-- 4.4.4 -->
- Change software name from InSpec to Chef Inspec in documentation [#3987](https://github.com/inspec/inspec/pull/3987) ([IanMadd](https://github.com/IanMadd)) <!-- 4.4.3 -->
- Modernize use of Minitest. [#4023](https://github.com/inspec/inspec/pull/4023) ([zenspider](https://github.com/zenspider)) <!-- 4.4.2 -->
- Update the omnibus build license to the Chef EULA [#4038](https://github.com/inspec/inspec/pull/4038) ([btm](https://github.com/btm)) <!-- 4.4.1 -->
- Update resource registry_key documentation example [#4004](https://github.com/inspec/inspec/pull/4004) ([miah](https://github.com/miah)) <!-- 4.3.4 -->
- Update software names in readme [#4014](https://github.com/inspec/inspec/pull/4014) ([mjingle](https://github.com/mjingle)) <!-- 4.3.3 -->
<!-- release_rollup -->
<!-- release_rollup -->
<!-- latest_stable_release -->
## [v4.6.4](https://github.com/inspec/inspec/tree/v4.6.4) (2019-06-19)
#### Bug Fixes
- nginx_conf: Fix commented/empty file parsing [#4215](https://github.com/inspec/inspec/pull/4215) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
<!-- latest_stable_release -->
## [v4.6.3](https://github.com/inspec/inspec/tree/v4.6.3) (2019-06-17)
#### New Features
- Rename &#39;attribute&#39; DSL method to &#39;input&#39; [#4008](https://github.com/inspec/inspec/pull/4008) ([clintoncwolfe](https://github.com/clintoncwolfe))
- New plugin type: Input [#4019](https://github.com/inspec/inspec/pull/4019) ([clintoncwolfe](https://github.com/clintoncwolfe))
- Rename attributes -&gt; inputs in profile metadata files [#4017](https://github.com/inspec/inspec/pull/4017) ([clintoncwolfe](https://github.com/clintoncwolfe))
#### Enhancements
- Add inspec-*-bin to the plugin filter list [#4018](https://github.com/inspec/inspec/pull/4018) ([clintoncwolfe](https://github.com/clintoncwolfe))
- Improve testing on inputs that do not have values [#4007](https://github.com/inspec/inspec/pull/4007) ([clintoncwolfe](https://github.com/clintoncwolfe))
- Add missing tests for DataSeries#enabled? #disable [#4036](https://github.com/inspec/inspec/pull/4036) ([miah](https://github.com/miah))
- Add inspec-core-bin as a gem [#4009](https://github.com/inspec/inspec/pull/4009) ([clintoncwolfe](https://github.com/clintoncwolfe))
#### Bug Fixes
- inspec check: Send log to STDERR when running with --format json [#4001](https://github.com/inspec/inspec/pull/4001) ([clintoncwolfe](https://github.com/clintoncwolfe))
- Fix two misrendering hyperlinks in resource docs [#4173](https://github.com/inspec/inspec/pull/4173) ([clintoncwolfe](https://github.com/clintoncwolfe))
- Fix Expeditor Version Bump Script [#4205](https://github.com/inspec/inspec/pull/4205) ([clintoncwolfe](https://github.com/clintoncwolfe))
- Remove clean-static-libs from omnibus build [#4207](https://github.com/inspec/inspec/pull/4207) ([clintoncwolfe](https://github.com/clintoncwolfe))
#### Merged Pull Requests
- Update software names in readme [#4014](https://github.com/inspec/inspec/pull/4014) ([mjingle](https://github.com/mjingle))
- Update resource registry_key documentation example [#4004](https://github.com/inspec/inspec/pull/4004) ([miah](https://github.com/miah))
- Update the omnibus build license to the Chef EULA [#4038](https://github.com/inspec/inspec/pull/4038) ([btm](https://github.com/btm))
- Modernize use of Minitest. [#4023](https://github.com/inspec/inspec/pull/4023) ([zenspider](https://github.com/zenspider))
- Change software name from InSpec to Chef Inspec in documentation [#3987](https://github.com/inspec/inspec/pull/3987) ([IanMadd](https://github.com/IanMadd))
- First step to get inspec names changeable [#3954](https://github.com/inspec/inspec/pull/3954) ([artem-sidorenko](https://github.com/artem-sidorenko))
- Enable user telemetry opt-in / opt-out on cli [#4025](https://github.com/inspec/inspec/pull/4025) ([miah](https://github.com/miah))
- Add Coveralls.io support to InSpec [#3988](https://github.com/inspec/inspec/pull/3988) ([miah](https://github.com/miah))
- Remove `# encoding: utf8` magic comments [#4041](https://github.com/inspec/inspec/pull/4041) ([miah](https://github.com/miah))
- Configure expeditor to delete the branch after it is merged. [#4024](https://github.com/inspec/inspec/pull/4024) ([miah](https://github.com/miah))
- Convert Chef EULA to a local file [#4045](https://github.com/inspec/inspec/pull/4045) ([btm](https://github.com/btm))
- Relocate core resources from lib/resources to lib/inspec/resources [#4042](https://github.com/inspec/inspec/pull/4042) ([miah](https://github.com/miah))
- Wrap resources in backticks and remove resource name capitalizing [#4043](https://github.com/inspec/inspec/pull/4043) ([alexpop](https://github.com/alexpop))
- Fix broken tests after removing magic comments. [#4046](https://github.com/inspec/inspec/pull/4046) ([miah](https://github.com/miah))
- Remove more magic comments [#4050](https://github.com/inspec/inspec/pull/4050) ([miah](https://github.com/miah))
- Emergency test fixes! [#4066](https://github.com/inspec/inspec/pull/4066) ([zenspider](https://github.com/zenspider))
- Add codeclimate to our pipeline [#4044](https://github.com/inspec/inspec/pull/4044) ([miah](https://github.com/miah))
- Make the postgres resource more defensive [#4037](https://github.com/inspec/inspec/pull/4037) ([alexpop](https://github.com/alexpop))
- Removed unneeded &#39;supports: windows&#39; [#4052](https://github.com/inspec/inspec/pull/4052) ([aaronlippold](https://github.com/aaronlippold))
- Include info about Chef License Requirements [#4071](https://github.com/inspec/inspec/pull/4071) ([mjingle](https://github.com/mjingle))
- Update our Code of Conduct [#4072](https://github.com/inspec/inspec/pull/4072) ([miah](https://github.com/miah))
- Upgrade to Ruby 2.6.3 [#4073](https://github.com/inspec/inspec/pull/4073) ([tas50](https://github.com/tas50))
- Cleanup and fix failing Kitchen tests [#4074](https://github.com/inspec/inspec/pull/4074) ([tas50](https://github.com/tas50))
- Add kitchen rake testing [#4076](https://github.com/inspec/inspec/pull/4076) ([lamont-granquist](https://github.com/lamont-granquist))
- Build the InSpec gem directly in Kitchen so we can run locally [#4077](https://github.com/inspec/inspec/pull/4077) ([tas50](https://github.com/tas50))
- Remove the deprecated linux_kernel_parameter resource test [#4078](https://github.com/inspec/inspec/pull/4078) ([tas50](https://github.com/tas50))
- `rubocop -a` on kitchen directory [#4082](https://github.com/inspec/inspec/pull/4082) ([miah](https://github.com/miah))
- Updates the init profile description to show proper usage [#4085](https://github.com/inspec/inspec/pull/4085) ([burtlo](https://github.com/burtlo))
- Fix up sporadically failing tests and ensure tests can run independently [#4031](https://github.com/inspec/inspec/pull/4031) ([zenspider](https://github.com/zenspider))
- Fix circular require in telemetry [#4083](https://github.com/inspec/inspec/pull/4083) ([miah](https://github.com/miah))
- Fix @profile_name not initialized [#4081](https://github.com/inspec/inspec/pull/4081) ([miah](https://github.com/miah))
- Use #key? rather than #has_key? in profile_name ternary [#4101](https://github.com/inspec/inspec/pull/4101) ([miah](https://github.com/miah))
- Turn off logging in our test. [#4103](https://github.com/inspec/inspec/pull/4103) ([zenspider](https://github.com/zenspider))
- Fix @unique_controls uninitialized warning [#4079](https://github.com/inspec/inspec/pull/4079) ([miah](https://github.com/miah))
- This needed to be a flat_map because :profiles was an array. [#4110](https://github.com/inspec/inspec/pull/4110) ([zenspider](https://github.com/zenspider))
- Fixes a test interaction bug between installer and loader. [#4111](https://github.com/inspec/inspec/pull/4111) ([zenspider](https://github.com/zenspider))
- json was required twice. [#4118](https://github.com/inspec/inspec/pull/4118) ([miah](https://github.com/miah))
- Fix missing requires in toml, postgres_conf resources [#4119](https://github.com/inspec/inspec/pull/4119) ([miah](https://github.com/miah))
- Add support for Gemfile.local [#4105](https://github.com/inspec/inspec/pull/4105) ([zenspider](https://github.com/zenspider))
- Clean up API doco [#4114](https://github.com/inspec/inspec/pull/4114) ([zenspider](https://github.com/zenspider))
- Just use math. [#4113](https://github.com/inspec/inspec/pull/4113) ([zenspider](https://github.com/zenspider))
- Clean more requires [#4116](https://github.com/inspec/inspec/pull/4116) ([zenspider](https://github.com/zenspider))
- Stop using method(...).call(...) [#4115](https://github.com/inspec/inspec/pull/4115) ([zenspider](https://github.com/zenspider))
- Delete test/unit/helper.rb [#4108](https://github.com/inspec/inspec/pull/4108) ([zenspider](https://github.com/zenspider))
- Fixed missing requires. [#4100](https://github.com/inspec/inspec/pull/4100) ([zenspider](https://github.com/zenspider))
- Minor require cleanup for telemetry. [#4107](https://github.com/inspec/inspec/pull/4107) ([zenspider](https://github.com/zenspider))
- Ensure AwsResourceMixin returns a resource name in deprecation message [#4104](https://github.com/inspec/inspec/pull/4104) ([miah](https://github.com/miah))
- Fix github url regex. Add period for repo [#4089](https://github.com/inspec/inspec/pull/4089) ([mirskiy](https://github.com/mirskiy))
- GCP Update for InSpec Cloud Platform documentation [#4122](https://github.com/inspec/inspec/pull/4122) ([mjingle](https://github.com/mjingle))
- Flag `rubocop:disable` comments as something to be fixed. [#4123](https://github.com/inspec/inspec/pull/4123) ([miah](https://github.com/miah))
- No tabs. [#4143](https://github.com/inspec/inspec/pull/4143) ([zenspider](https://github.com/zenspider))
- supermakert -&gt; supermarket [#4140](https://github.com/inspec/inspec/pull/4140) ([zenspider](https://github.com/zenspider))
- Extracting mock_loader to its own helper file. [#4141](https://github.com/inspec/inspec/pull/4141) ([zenspider](https://github.com/zenspider))
- Update author/email tags in gemspec [#4137](https://github.com/inspec/inspec/pull/4137) ([miah](https://github.com/miah))
- Move utils under inspec directory namespace [#4063](https://github.com/inspec/inspec/pull/4063) ([miah](https://github.com/miah))
- Remove authors tags from source files. [#4147](https://github.com/inspec/inspec/pull/4147) ([miah](https://github.com/miah))
- Dist branding for some of plugins [#4136](https://github.com/inspec/inspec/pull/4136) ([artem-sidorenko](https://github.com/artem-sidorenko))
- Cache the .rvm directory in travis [#4153](https://github.com/inspec/inspec/pull/4153) ([miah](https://github.com/miah))
- Make travis green again [#4160](https://github.com/inspec/inspec/pull/4160) ([zenspider](https://github.com/zenspider))
- Windows fixes [#4159](https://github.com/inspec/inspec/pull/4159) ([zenspider](https://github.com/zenspider))
- Clean unnecessary requires [#4142](https://github.com/inspec/inspec/pull/4142) ([zenspider](https://github.com/zenspider))
- Update sunset messages on 2 resources [#4164](https://github.com/inspec/inspec/pull/4164) ([clintoncwolfe](https://github.com/clintoncwolfe))
- This should fix our licensing failures [#4165](https://github.com/inspec/inspec/pull/4165) ([zenspider](https://github.com/zenspider))
- Replace Jenkins omnibus build/test pipeline with Buildkite [#4169](https://github.com/inspec/inspec/pull/4169) ([jeremiahsnapp](https://github.com/jeremiahsnapp))
- Mention inspec-bin gem in installation instructions [#4163](https://github.com/inspec/inspec/pull/4163) ([clintoncwolfe](https://github.com/clintoncwolfe))
- Remove all leading newlines. [#4152](https://github.com/inspec/inspec/pull/4152) ([miah](https://github.com/miah))
- Minor cleanup on test/helper.rb [#4109](https://github.com/inspec/inspec/pull/4109) ([zenspider](https://github.com/zenspider))
- Creating and Publishing InSpec Team Working Agreement [#4171](https://github.com/inspec/inspec/pull/4171) ([kekaichinose](https://github.com/kekaichinose))
- Replace jsonschema with json-schema [#4172](https://github.com/inspec/inspec/pull/4172) ([miah](https://github.com/miah))
- Turn off parallel testing (for now?) [#4177](https://github.com/inspec/inspec/pull/4177) ([zenspider](https://github.com/zenspider))
- Stabilize windows functional testing [#4180](https://github.com/inspec/inspec/pull/4180) ([zenspider](https://github.com/zenspider))
- Fixing docs so Warning note appears [#4183](https://github.com/inspec/inspec/pull/4183) ([mjingle](https://github.com/mjingle))
- Changed version check network timeout from 1 to 3 seconds. [#4132](https://github.com/inspec/inspec/pull/4132) ([zenspider](https://github.com/zenspider))
- Fixed up interactions between minitest &amp; simplecov. [#4188](https://github.com/inspec/inspec/pull/4188) ([zenspider](https://github.com/zenspider))
- Add maintainer branches to travis [#4184](https://github.com/inspec/inspec/pull/4184) ([zenspider](https://github.com/zenspider))
- Test execution changes for Rake, Travis, and Appveyor [#4102](https://github.com/inspec/inspec/pull/4102) ([miah](https://github.com/miah))
- Close at 400 days, with a message. [#4189](https://github.com/inspec/inspec/pull/4189) ([miah](https://github.com/miah))
- Apply chefstyle to codebase [#4194](https://github.com/inspec/inspec/pull/4194) ([zenspider](https://github.com/zenspider))
- Speed up inspec [#4193](https://github.com/inspec/inspec/pull/4193) ([zenspider](https://github.com/zenspider))
- Disable rubocop on Code Climate. [#4195](https://github.com/inspec/inspec/pull/4195) ([miah](https://github.com/miah))
- Create Inputs documentation page [#4185](https://github.com/inspec/inspec/pull/4185) ([clintoncwolfe](https://github.com/clintoncwolfe))
- Re-add `rake test:` [#4197](https://github.com/inspec/inspec/pull/4197) ([miah](https://github.com/miah))
- Update test code to rename attribute() to input() in DSL [#4192](https://github.com/inspec/inspec/pull/4192) ([clintoncwolfe](https://github.com/clintoncwolfe))
- Lets discuss this next week when we&#39;re all around =) [#4204](https://github.com/inspec/inspec/pull/4204) ([miah](https://github.com/miah))
## [v4.3.2](https://github.com/inspec/inspec/tree/v4.3.2) (2019-04-30)
#### New Features
@ -146,7 +173,6 @@
- Use a updated OS Image in Appveyor [#3985](https://github.com/inspec/inspec/pull/3985) ([miah](https://github.com/miah))
- Package inspec executable as a separate gem [#3982](https://github.com/inspec/inspec/pull/3982) ([clintoncwolfe](https://github.com/clintoncwolfe))
- Accidently not updating main InSpec version via Expeditor [#3997](https://github.com/inspec/inspec/pull/3997) ([tyler-ball](https://github.com/tyler-ball))
<!-- latest_stable_release -->
## [v3.9.0](https://github.com/inspec/inspec/tree/v3.9.0) (2019-04-02)

2
Dockerfile
View file

@ -1,7 +1,7 @@
FROM ruby:alpine
MAINTAINER Chef Software, Inc. <docker@chef.io>
ARG VERSION=4.3.2
ARG VERSION=
ARG GEM_SOURCE=https://rubygems.org
RUN mkdir -p /share

71
Gemfile
View file

@ -1,66 +1,61 @@
source 'https://rubygems.org'
source "https://rubygems.org"
gem 'inspec', path: '.'
gem "inspec", path: "."
# This dependency is NOT used for normal gem deployment
# - instead, inspec-bin gemspec-depends on inspec
#
# However, AppBundler requires a top-level Gemfile.lock with inspec-bin
# in it in order to package the executable. Hence the odd backwards dependency.
gem 'inspec-bin', path: './inspec-bin'
gem "inspec-bin", path: "./inspec-bin"
gem 'ffi', '>= 1.9.14'
gem "ffi", ">= 1.9.14"
group :omnibus do
gem 'rb-readline'
gem 'appbundler'
gem 'ed25519' # ed25519 ssh key support done here as its a native gem we can't put in the gemspec
gem 'bcrypt_pbkdf' # ed25519 ssh key support done here as its a native gem we can't put in the gemspec
gem "rb-readline"
gem "appbundler"
gem "ed25519" # ed25519 ssh key support done here as its a native gem we can't put in the gemspec
gem "bcrypt_pbkdf" # ed25519 ssh key support done here as its a native gem we can't put in the gemspec
end
group :test do
gem 'coveralls', require: false
gem 'minitest', '~> 5.5'
gem 'rake', '>= 10'
gem 'rubocop', '= 0.49.1'
gem 'simplecov', '~> 0.10'
gem 'concurrent-ruby', '~> 1.0'
gem 'mocha', '~> 1.1'
gem 'ruby-progressbar', '~> 1.8'
gem 'webmock', '~> 3.0'
gem 'jsonschema', '~> 2.0.2'
gem 'passgen'
gem 'm'
gem 'pry-byebug'
gem "chefstyle", "~> 0.6"
gem "coveralls", require: false
gem "minitest", "~> 5.5"
gem "rake", ">= 10"
gem "simplecov", "~> 0.10"
gem "concurrent-ruby", "~> 1.0"
gem "mocha", "~> 1.1"
gem "ruby-progressbar", "~> 1.8"
gem "webmock", "~> 3.0"
gem "passgen"
gem "m"
gem "pry", "~> 0.10"
gem "pry-byebug"
end
group :integration do
gem 'berkshelf', '~> 7'
gem 'test-kitchen', '~> 1.17'
gem 'kitchen-vagrant'
# we need winrm v2 support >= 0.15.1
gem 'kitchen-inspec', '>= 0.15.1'
gem 'kitchen-ec2'
gem 'kitchen-dokken'
end
group :tools do
gem 'pry', '~> 0.10'
gem 'license_finder'
gem 'git', '~> 1.4'
gem "berkshelf"
gem "chef", "< 15"
gem "test-kitchen"
gem "kitchen-vagrant"
gem "kitchen-inspec"
gem "kitchen-ec2"
gem "kitchen-dokken"
gem "git"
end
# gems for Maintainers.md generation
group :maintenance do
gem 'tomlrb'
gem "tomlrb"
# To sync maintainers with github
gem 'octokit'
gem 'netrc'
gem "octokit"
gem "netrc"
end
group :deploy do
gem 'inquirer'
gem "inquirer"
end
# add these additional dependencies into Gemfile.local

273
Rakefile
View file

@ -1,15 +1,15 @@
#!/usr/bin/env rake
require 'bundler'
require 'bundler/gem_helper'
require 'rake/testtask'
require 'passgen'
require 'train'
require_relative 'tasks/maintainers'
require_relative 'tasks/spdx'
require 'fileutils'
require "bundler"
require "bundler/gem_helper"
require "rake/testtask"
require "passgen"
require "train"
require_relative "tasks/maintainers"
require_relative "tasks/spdx"
require "fileutils"
Bundler::GemHelper.install_tasks name: 'inspec'
Bundler::GemHelper.install_tasks name: "inspec"
def prompt(message)
print(message)
@ -21,25 +21,17 @@ end
# when the "tests" gem group in the Gemfile has been excluded, such as
# during an appbundle-updater run.
begin
require 'ruby-progressbar'
require_relative 'tasks/docs'
require "ruby-progressbar"
require_relative "tasks/docs"
rescue LoadError
puts 'docs tasks are unavailable because the ruby-progressbar gem is not available.'
puts "docs tasks are unavailable because the ruby-progressbar gem is not available."
end
begin
require 'git'
require_relative 'tasks/contrib'
require "git"
require_relative "tasks/contrib"
rescue LoadError
puts 'contrib tasks are unavailable because the git gem is not available.'
end
# Rubocop
begin
require 'rubocop/rake_task'
RuboCop::RakeTask.new(:lint)
rescue LoadError
puts 'rubocop is not available. Install the rubocop gem to run the lint tests.'
puts "contrib tasks are unavailable because the git gem is not available."
end
task :install do
@ -48,45 +40,46 @@ task :install do
sh("rake install")
end
# update command output for demo
desc 'Run inspec commands and save results to www/app/responses'
task :update_demo do
ruby 'www/tutorial/scripts/build_simulator_runtime.rb'
ruby 'www/tutorial/scripts/run_simulator_recording.rb'
end
GLOBS = [
"test/unit/**/*_test.rb",
"test/functional/**/*_test.rb",
"lib/plugins/inspec-*/test/**/*_test.rb",
].freeze
# run tests
task default: [:lint, :test]
Rake::TestTask.new do |t|
t.libs << 'test'
t.test_files = Dir.glob([
'test/unit/**/*_test.rb',
'lib/plugins/inspec-*/test/unit/**/*_test.rb',
])
t.warning = false
t.verbose = !!ENV["V"] # default to off. the test commands are _huge_.
t.ruby_opts = ['--dev'] if defined?(JRUBY_VERSION)
end
task default: ["test:lint", "test:default"]
task test: ["test:lint", "test:default"]
namespace :test do
GLOBS = [
"test/unit/**/*_test.rb",
"test/functional/**/*_test.rb",
"lib/plugins/inspec-*/test/**/*_test.rb",
]
Rake::TestTask.new(:default) do |t|
t.libs << "test"
t.test_files = Dir[*GLOBS].sort
t.warning = !!ENV["W"]
t.verbose = !!ENV["V"] # default to off. the test commands are _huge_.
t.ruby_opts = ["--dev"] if defined?(JRUBY_VERSION)
end
task default: [:accept_license]
begin
require "chefstyle"
require "rubocop/rake_task"
RuboCop::RakeTask.new(:lint) do |task|
task.options += ["--display-cop-names", "--no-color", "--parallel"]
end
rescue LoadError
puts "rubocop is not available. Install the rubocop gem to run the lint tests."
end
task :list do
puts Dir[*GLOBS].sort
end
task :isolated do
clean = true
failures = Dir[*GLOBS]
failures.reject! { |file|
system(Gem.ruby, '-Ilib:test', file)
}
failures.reject! do |file|
system(Gem.ruby, "-Ilib:test", file)
end
unless failures.empty?
puts "These test files failed:\n"
@ -96,97 +89,91 @@ namespace :test do
end
task :accept_license do
FileUtils.mkdir_p(File.join(Dir.home, '.chef', 'accepted_licenses'))
FileUtils.mkdir_p(File.join(Dir.home, ".chef", "accepted_licenses"))
# If the user has not accepted the license, touch the acceptance
# file, but also touch a marker that it is only for testing.
unless File.exist?(File.join(Dir.home, '.chef', 'accepted_licenses', 'inspec'))
unless File.exist?(File.join(Dir.home, ".chef", "accepted_licenses", "inspec"))
puts "\n\nTemporarily accepting Chef user license for the duration of testing...\n"
FileUtils.touch(File.join(Dir.home, '.chef', 'accepted_licenses', 'inspec'))
FileUtils.touch(File.join(Dir.home, '.chef', 'accepted_licenses', 'inspec.for_testing'))
FileUtils.touch(File.join(Dir.home, ".chef", "accepted_licenses", "inspec"))
FileUtils.touch(File.join(Dir.home, ".chef", "accepted_licenses", "inspec.for_testing"))
end
# Regardless of what happens, when this process exits, check for cleanup.
at_exit do
if File.exist?(File.join(Dir.home, '.chef', 'accepted_licenses', 'inspec.for_testing'))
if File.exist?(File.join(Dir.home, ".chef", "accepted_licenses", "inspec.for_testing"))
puts "\n\nRemoving temporary Chef user license acceptance file that was placed for test duration.\n"
FileUtils.rm_f(File.join(Dir.home, '.chef', 'accepted_licenses', 'inspec'))
FileUtils.rm_f(File.join(Dir.home, '.chef', 'accepted_licenses', 'inspec.for_testing'))
FileUtils.rm_f(File.join(Dir.home, ".chef", "accepted_licenses", "inspec"))
FileUtils.rm_f(File.join(Dir.home, ".chef", "accepted_licenses", "inspec.for_testing"))
end
end
end
Rake::TestTask.new(:functional) do |t|
t.libs << 'test'
t.libs << "test"
t.test_files = Dir.glob([
'test/functional/**/*_test.rb',
'lib/plugins/inspec-*/test/functional/**/*_test.rb',
"test/functional/**/*_test.rb",
"lib/plugins/inspec-*/test/functional/**/*_test.rb",
])
t.warning = false # This just complains about things in underlying libraries
t.verbose = true
t.ruby_opts = ['--dev'] if defined?(JRUBY_VERSION)
t.warning = !!ENV["W"]
t.verbose = !!ENV["V"] # default to off. the test commands are _huge_.
t.ruby_opts = ["--dev"] if defined?(JRUBY_VERSION)
end
# Inject a prerequisite task
task :functional => [:accept_license]
task functional: [:accept_license]
# Functional tests on Windows take a bit to run. This
# optionally takes a env to breake the tests up into 3 workers.
Rake::TestTask.new(:'functional:windows') do |t, args|
files = Dir.glob('test/functional/*_test.rb').sort
if ENV['WORKER_NUMBER']
count = (files.count / 3).abs+1
start = (ENV['WORKER_NUMBER'].to_i - 1) * count
files = files[start..start+count-1]
end
t.libs << 'test'
t.test_files = files
t.warning = false # This just complains about things in underlying libraries
t.verbose = true
t.ruby_opts = ['--dev'] if defined?(JRUBY_VERSION)
Rake::TestTask.new(:unit) do |t|
t.libs << "test"
t.test_files = Dir.glob([
"test/unit/**/*_test.rb",
"lib/plugins/inspec-*/test/unit/**/*_test.rb",
])
t.warning = !!ENV["W"]
t.verbose = !!ENV["V"] # default to off. the test commands are _huge_.
t.ruby_opts = ["--dev"] if defined?(JRUBY_VERSION)
end
# Inject a prerequisite task
task :'functional:windows' => [:accept_license]
task unit: [:accept_license]
task :resources do
tests = Dir['test/unit/resource/*_test.rb']
tests = Dir["test/unit/resource/*_test.rb"]
return if tests.empty?
sh(Gem.ruby, 'test/docker_test.rb', *tests)
sh(Gem.ruby, "test/docker_test.rb", *tests)
end
task :integration, [:os] do |task, args|
concurrency = ENV['CONCURRENCY'] || 1
os = args[:os] || ENV['OS'] || ''
ENV['DOCKER'] = 'true' if ENV['docker'].nil?
concurrency = ENV["CONCURRENCY"] || 1
os = args[:os] || ENV["OS"] || ""
ENV["DOCKER"] = "true" if ENV["docker"].nil?
sh("bundle exec kitchen test -c #{concurrency} #{os}")
end
# Inject a prerequisite task
task :'integration' => [:accept_license]
task 'integration': [:accept_license]
task :ssh, [:target] do |_t, args|
tests_path = File.join(File.dirname(__FILE__), 'test', 'integration', 'test', 'integration', 'default')
key_files = ENV['key_files'] || File.join(ENV['HOME'], '.ssh', 'id_rsa')
tests_path = File.join(File.dirname(__FILE__), "test", "integration", "test", "integration", "default")
key_files = ENV["key_files"] || File.join(ENV["HOME"], ".ssh", "id_rsa")
sh_cmd = "bin/inspec exec #{tests_path}/"
sh_cmd += ENV['test'] ? "#{ENV['test']}_spec.rb" : '*'
sh_cmd += " --sudo" unless args[:target].split('@')[0] == 'root'
sh_cmd += ENV["test"] ? "#{ENV['test']}_spec.rb" : "*"
sh_cmd += " --sudo" unless args[:target].split("@")[0] == "root"
sh_cmd += " -t ssh://#{args[:target]}"
sh_cmd += " --key_files=#{key_files}"
sh_cmd += " --format=#{ENV['format']}" if ENV['format']
sh_cmd += " --format=#{ENV['format']}" if ENV["format"]
sh('sh', '-c', sh_cmd)
sh("sh", "-c", sh_cmd)
end
project_dir = File.dirname(__FILE__)
namespace :aws do
['default', 'minimal'].each do |account|
integration_dir = File.join(project_dir, 'test', 'integration', 'aws', account)
attribute_file = File.join(integration_dir, '.attribute.yml')
%w{default minimal}.each do |account|
integration_dir = File.join(project_dir, "test", "integration", "aws", account)
attribute_file = File.join(integration_dir, ".attribute.yml")
task :"setup:#{account}", :tf_workspace do |t, args|
tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
tf_workspace = args[:tf_workspace] || ENV["INSPEC_TERRAFORM_ENV"]
abort("You must either call the top-level test:aws:#{account} task, or set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
puts "----> Setup"
abort("You must set the environment variable AWS_REGION") unless ENV['AWS_REGION']
abort("You must set the environment variable AWS_REGION") unless ENV["AWS_REGION"]
puts "----> Checking for required AWS profile..."
sh("aws configure get aws_access_key_id --profile inspec-aws-test-#{account} > /dev/null")
sh("cd #{integration_dir}/build/ && terraform init -upgrade")
@ -200,7 +187,7 @@ namespace :test do
sh("cd #{integration_dir}/build/ && AWS_PROFILE=inspec-aws-test-#{account} terraform output > #{attribute_file}")
raw_output = File.read(attribute_file)
yaml_output = raw_output.gsub(" = ", " : ")
File.open(attribute_file, "w") {|file| file.puts yaml_output}
File.open(attribute_file, "w") { |file| file.puts yaml_output }
end
task :"run:#{account}" do
@ -209,7 +196,7 @@ namespace :test do
end
task :"cleanup:#{account}", :tf_workspace do |t, args|
tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
tf_workspace = args[:tf_workspace] || ENV["INSPEC_TERRAFORM_ENV"]
abort("You must either call the top-level test:aws:#{account} task, or set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
puts "----> Cleanup"
sh("cd #{integration_dir}/build/ && AWS_PROFILE=inspec-aws-test-#{account} terraform destroy -force")
@ -218,14 +205,14 @@ namespace :test do
end
task :"#{account}" do
tf_workspace = ENV['INSPEC_TERRAFORM_ENV'] || prompt("Please enter a workspace for your integration tests to run in: ")
tf_workspace = ENV["INSPEC_TERRAFORM_ENV"] || prompt("Please enter a workspace for your integration tests to run in: ")
begin
Rake::Task["test:aws:setup:#{account}"].execute({:tf_workspace => tf_workspace})
Rake::Task["test:aws:setup:#{account}"].execute({ tf_workspace: tf_workspace })
Rake::Task["test:aws:run:#{account}"].execute
rescue
abort("Integration testing has failed for the #{account} account")
ensure
Rake::Task["test:aws:cleanup:#{account}"].execute({:tf_workspace => tf_workspace})
Rake::Task["test:aws:cleanup:#{account}"].execute({ tf_workspace: tf_workspace })
end
end
end
@ -235,15 +222,15 @@ namespace :test do
namespace :azure do
# Specify the directory for the integration tests
integration_dir = File.join(project_dir, 'test', 'integration', 'azure')
tf_vars_file = File.join(integration_dir, 'build', 'terraform.tfvars')
attribute_file = File.join(integration_dir, '.attribute.yml')
integration_dir = File.join(project_dir, "test", "integration", "azure")
tf_vars_file = File.join(integration_dir, "build", "terraform.tfvars")
attribute_file = File.join(integration_dir, ".attribute.yml")
task :setup, :tf_workspace do |t, args|
tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
tf_workspace = args[:tf_workspace] || ENV["INSPEC_TERRAFORM_ENV"]
abort("You must either call the top-level test:azure task, or set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
puts '----> Setup Terraform Workspace'
puts "----> Setup Terraform Workspace"
sh("cd #{integration_dir}/build/ && terraform init -upgrade")
sh("cd #{integration_dir}/build/ && terraform workspace new #{tf_workspace}")
@ -258,15 +245,15 @@ namespace :test do
next if File.exist?(tf_vars_file)
puts '----> Generating Vars'
puts "----> Generating Vars"
# Generate Azure crendentials
connection = Train.create('azure').connection
connection = Train.create("azure").connection
creds = connection.options
# Determine the storage account name and the admin password
sa_name = (0...15).map { (65 + rand(26)).chr }.join.downcase
admin_password = Passgen::generate(length: 12, uppercase: true, lowercase: true, symbols: true, digits: true)
admin_password = Passgen.generate(length: 12, uppercase: true, lowercase: true, symbols: true, digits: true)
# Use the first 4 characters of the storage account to create a suffix
suffix = sa_name[0..3]
@ -281,28 +268,26 @@ namespace :test do
suffix = "#{suffix}"
VARS
content << "location = \"#{ENV['AZURE_LOCATION']}\"\n" if ENV['AZURE_LOCATION']
content << "location = \"#{ENV['AZURE_LOCATION']}\"\n" if ENV["AZURE_LOCATION"]
File.write(tf_vars_file, content)
end
desc "generate plan from state using terraform.tfvars file"
task :plan, [:tf_workspace] => [:vars] do |t, args|
tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
tf_workspace = args[:tf_workspace] || ENV["INSPEC_TERRAFORM_ENV"]
abort("You must set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
puts '----> Generating Plan'
result = sh("cd #{integration_dir}/build/ && terraform workspace select #{tf_workspace}")
puts "----> Generating Plan"
sh("cd #{integration_dir}/build/ && terraform plan -out inspec-azure.plan")
end
desc "apply terraform plan"
task :apply, [:tf_workspace] => [:plan] do |t, args|
tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
tf_workspace = args[:tf_workspace] || ENV["INSPEC_TERRAFORM_ENV"]
abort("You must set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
puts '----> Applying Plan'
puts "----> Applying Plan"
sh("cd #{integration_dir}/build/ && terraform workspace select #{tf_workspace}")
@ -311,22 +296,22 @@ namespace :test do
Rake::Task["test:azure:dump_attrs"].execute
end
task :"dump_attrs" do
task :dump_attrs do
sh("cd #{integration_dir}/build/ && terraform output > #{attribute_file}")
raw_output = File.read(attribute_file)
yaml_output = raw_output.gsub(" = ", " : ")
File.open(attribute_file, "w") {|file| file.puts yaml_output}
raw_output = File.read(attribute_file)
yaml_output = raw_output.gsub(" = ", " : ")
File.open(attribute_file, "w") { |file| file.puts yaml_output }
end
task :run do
puts '----> Run'
puts "----> Run"
sh("bundle exec inspec exec #{integration_dir}/verify -t azure://1e0b427a-d58b-494e-ae4f-ee558463ebbf")
end
task :cleanup, :tf_workspace do |t, args|
tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
tf_workspace = args[:tf_workspace] || ENV["INSPEC_TERRAFORM_ENV"]
abort("You must either call the top-level test:azure task, or set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
puts '----> Cleanup'
puts "----> Cleanup"
sh("cd #{integration_dir}/build/ && terraform destroy -force ")
@ -338,14 +323,14 @@ namespace :test do
desc "Perform Azure Integration Tests"
task :azure do
tf_workspace = ENV['INSPEC_TERRAFORM_ENV'] || prompt("Please enter a workspace for your integration tests to run in: ")
tf_workspace = ENV["INSPEC_TERRAFORM_ENV"] || prompt("Please enter a workspace for your integration tests to run in: ")
begin
Rake::Task["test:azure:setup"].execute({:tf_workspace => tf_workspace})
Rake::Task["test:azure:setup"].execute({ tf_workspace: tf_workspace })
Rake::Task["test:azure:run"].execute
rescue
abort("Integration testing has failed")
ensure
Rake::Task["test:azure:cleanup"].execute({:tf_workspace => tf_workspace})
Rake::Task["test:azure:cleanup"].execute({ tf_workspace: tf_workspace })
end
end
end
@ -354,10 +339,10 @@ end
#
# @param [Type] target the new version you want to set, or nil if you only want to show
def inspec_version(target = nil)
path = 'lib/inspec/version.rb'
require_relative path.sub(/.rb$/, '')
path = "lib/inspec/version.rb"
require_relative path.sub(/.rb$/, "")
nu_version = target.nil? ? '' : " -> #{target}"
nu_version = target.nil? ? "" : " -> #{target}"
puts "Inspec: #{Inspec::VERSION}#{nu_version}"
unless target.nil?
@ -374,7 +359,7 @@ end
# @param [Type] msg the message to display if the command is missing
def require_command(x, msg = nil)
return if system("command -v #{x} || exit 1")
msg ||= 'Please install it first!'
msg ||= "Please install it first!"
puts "\033[31;1mCan't find command #{x.inspect}. #{msg}\033[0m"
exit 1
end
@ -392,16 +377,16 @@ end
# Check the requirements for running an update of this repository.
def check_update_requirements
require_command 'git'
require_command "git"
end
# Show the current version of this gem.
desc 'Show the version of this gem'
desc "Show the version of this gem"
task :version do
inspec_version
end
desc 'Release a new docker image'
desc "Release a new docker image"
task :release_docker do
version = Inspec::VERSION
cmd = "rm *.gem; gem build *gemspec && "\
@ -411,21 +396,5 @@ task :release_docker do
"docker tag chef/inspec:#{version} chef/inspec:latest &&"\
"docker push chef/inspec:latest"
puts "--> #{cmd}"
sh('sh', '-c', cmd)
end
desc 'Release the website [deprecated]'
task :www do
puts 'The Rake tasks for releasing the website are now in the www/ directory.'
puts 'Run `cd www` and then `rake --tasks` for a list of the www-related tasks available.'
exit(1)
end
namespace :www do
desc 'Release the website [deprecated]'
task :release do
puts 'The Rake tasks for releasing the website are now in the www/ directory.'
puts 'Run `cd www` and then `rake --tasks` for a list of the www-related tasks available.'
exit(1)
end
sh("sh", "-c", cmd)
end

2
VERSION
View file

@ -1 +1 @@
4.4.65
4.6.4

45
appveyor.yml
View file

@ -10,18 +10,12 @@ platform:
environment:
matrix:
- name: unit-tests-ruby-2.4.4
ruby_version: "24-x64"
- name: unit-tests-ruby-2.5
- name: ruby-2.6
ruby_version: "26-x64"
- name: ruby-2.5
ruby_version: "25-x64"
- name: unit-tests-ruby-2.6
ruby_version: "26-x64"
- name: functional-tests-1
ruby_version: "26-x64"
- name: functional-tests-2
ruby_version: "26-x64"
- name: functional-tests-3
ruby_version: "26-x64"
- name: ruby-2.4
ruby_version: "24-x64"
clone_folder: c:\projects\inspec
clone_depth: 1
# Disable MSBuild mode entirely
@ -67,32 +61,3 @@ test_script:
- SET SPEC_OPTS=--format progress
- SET SLOW=1
- bundle exec rake
for:
-
matrix:
only:
- name: functional-tests-1
test_script:
- SET SPEC_OPTS=--format progress
- SET WORKER_NUMBER=1
- SET SLOW=1
- bundle exec rake test:functional:windows
-
matrix:
only:
- name: functional-tests-2
test_script:
- SET SPEC_OPTS=--format progress
- SET WORKER_NUMBER=2
- SET SLOW=1
- bundle exec rake test:functional:windows
-
matrix:
only:
- name: functional-tests-3
test_script:
- SET SPEC_OPTS=--format progress
- SET WORKER_NUMBER=3
- SET SLOW=1
- bundle exec rake test:functional:windows

95
docs/dev/plugins.md
View file

@ -322,6 +322,101 @@ no_command do
end
```
## Implementing Input Plugins
Input plugins provide values for Chef InSpec Inputs - the parameters you can place within profile control code.
For example, you might implement an Input plugin to fetch vales from a key-value store, such as `etcd`.
Input plugins have a simple API which is intended to be easy to adapt to a number of input backend implementations.
### Declare your input plugin activators
Generally speaking, an input plugin will only need to have one activator.
In your `plugin.rb`, include one or more `input` activation blocks. The activation block will fire when the InputRegistry is initialized, at which time case it should load any needed libraries and should return your implementation class.
The Input subsystem always activates all activators.
#### Input Activator Example
```ruby
# In plugin.rb
module InspecPlugins::Sweeten
class Plugin < Inspec.plugin(2)
# ... other plugin stuff
input :coffee_fixins_bar do
require_relative 'input.rb'
InspecPlugins::Sweeten::Input
end
end
end
```
The Input subsystem always activates all activators when InputRegistry is initialized. Future work may enable us to dynamically load plugins; but we need to poll plugins when any input value is used.
### Implementation class for Input plugins
In your `input.rb`, you should begin by requesting the superclass from `Inspec.plugin`:
```ruby
module InspecPlugins::Sweeten
class Input < Inspec.plugin(2, :input)
# ...
end
end
```
### Implementing your Input plugin
Within your implementation, you need to implement 2 mandatory methods and two optional methods.
#### default_priority
Optional, returns an integer 0-100, default 60. This value determines precedence when multiple input providers supply a value; higher values lend more precedence.
#### list_inputs(profile_name)
Mandatory. Given a String profile name, return an Array of String input names that may be fetched from this plugin. This may be used to optimize calls to fetch().
#### fetch(profile_name, input_name)
Mandatory. Given a String profile_name and String input_name, return the input value (whatever that means for your plugin).
#### Using a constructor to get config values
Optional. Implement `initialize()` to perform any startup tasks such as authorization. You can get to the InSpec config settings via `Inspec::Config.cached[some_key]`.
#### Implementation example
```ruby
module InspecPlugins::Sweeten
class Input < Inspec.plugin(2, :input)
def default_priority
99 # Extremely opinionated
end
def fetch(profile_name, input_name)
return nil unless profile_name = 'coffee_shop'
case input_name
when 'sugar'
'delicious raw sugar in an eclectic brown packet'
when "sweet'n'low"
'how can you even do that to yourself'
end
end
def list_input_names
['sugar',"sweet'n'low"]
end
end
end
```
## Implementing DSL Plugins
A DSL is a _domain specific language_, or a set of keywords you can use to write Chef InSpec profiles and resources more fluently.

16
docs/glossary.md
View file

@ -108,11 +108,7 @@ _be >=_ is an [operator matcher](#operator matcher). It allows you to perform nu
### attribute
An _attribute_ is a parameter that Chef InSpec reads from a YAML file provided on the command line. You can use this feature either to change a [profile's](#profile) behavior by passing different attribute files or to store secrets that should not be directly present in a profile. Chef InSpec attributes are unrelated to Chef attributes.
The CLI syntax for attributes is documented under the [`inspec exec`](https://www.inspec.io/docs/reference/cli/#exec) command.
The syntax for accessing attributes within a profile is documented in the [profiles documentation](https://www.inspec.io/docs/reference/profiles/#profile-attributes).
Deprecated name for [input](#input).
### control
@ -204,6 +200,16 @@ describe cars.where { engine_cylinders >= 6 } do
end
```
### input
An _`input`_ is a value that Chef InSpec can source from a number of providers, including from the command line, profile metadata, or within the control file DSL itself. You can use this feature either to change a [profile's](#profile) behavior by passing different attribute files or to store secrets that should not be directly present in a profile.
Inputs were formerly known as `attributes`. Chef InSpec inputs are unrelated to Chef Infra attributes.
The CLI syntax for inputs is documented under the [`inspec exec`](https://www.inspec.io/docs/reference/cli/#exec) command.
Inputs are documented in detail in the [input documentation](https://www.inspec.io/docs/reference/inputs/).
### it
Within a [describe block](#describe), _`it`_ declares an individual [test](#test) directly against the [resource](#resource) (as opposed to testing against one of the resource's [properties](#property), as [its](#its) does). Though it is possible to use [universal matchers](#universal-matcher) with `it`, it is much more typical to use [resource-specific matchers](#resource-specific-matchers).

320
docs/inputs.md Normal file
View file

@ -0,0 +1,320 @@
# Chef InSpec Inputs
## What are Inputs?
Inputs are the "knobs" you can use to customize the behavior of Chef InSpec profiles. If a profile supports inputs, you can set the inputs in a variety of ways, allowing flexibility. Profiles that include other profiles can set inputs in the included profile, enabling a multi-layered approach to configuring profiles.
### A Simple Example
Suppose you have a profile named `rock_critic`. In its profile metadata file (inspec.yml):
```yaml
# Optionally declare inputs in the profile metadata
# This lets you set up things like type checking, etc.
inputs:
- name: amplifier_max_volume
description: How loud the amplifiers can go
type: numeric
# More options, including value: and priority: are possible here
```
In the profile's control code:
```ruby
# Set a default value for an input. This is optional.
input('amplifier_max_volume', value: 10)
control 'Big Rock Show' do
describe input('amplifier_max_volume') do # This line reads the value of the input
it { should eq 11 } # The UK'S LOUDEST BAND
end
end
```
When the above profile is executed by using `inspec exec rock_critic`, you would see something like:
```
11
× should eq 10
expected: 10
got: 11
(compared using ==)
Test Summary: 0 successful, 1 failure, 0 skipped
```
That result clearly won't do. Let's override the input's default value. Create a file, `custom_amps.yml`:
```yaml
amplifier_max_volume: 11
```
We can now run that profile with `inspec exec rock_critic --input-file custom_amps.yaml`:
```
11
✔ should eq 11
Test Summary: 1 successful, 0 failures, 0 skipped
```
### Which profiles support inputs?
The best way for a profile to indicate it supports inputs is to list them in the metadata file, `inspec.yml`. Any profile that has an `inputs` (or the deprecated `attributes`) section in its `inspec.yml` metadata file is [configuring](#configuring-inputs-in-profile-metadata) inputs.
That said, any profile that uses the DSL keyword `input()` (or the deprecated `attribute()`) in the control source code supports inputs. These profiles are *reading* (and possibly setting) input values and using them to make decisions.
### How can I set Inputs?
As installed (without specialized plugins), Chef InSpec supports five ways of setting inputs:
* Inline in control code, using `input('input_name', value: 42)`.
* In profile `inspec.yml` metadata files
* Using the CLI option `--input-file somefile.yaml`
* In kitchen-inspec, using the `verifier/inputs` settings
* In the Audit Cookbook, using the `node[:audit][:inputs]`
In addition, Chef InSpec supports Input Plugins, which can provide optional integrations to specific key-value stores.
### How does Input precedence work?
#### Simple Precedence
Briefly:
inline DSL < metadata < ( cli-input-file or kitchen-inspec or audit-cookbook )
In addition, for inherited profiles:
dependent profile metadata < wrapper profile metadata
This precedence lets you override input values on the command line, as well as override child profile inline values from the parent profile.
This description matches the general behavior of InSpec v3, while also making some edge cases easier to reason.
#### The Details of Input Precedence
Whenever an input provider sets a value on an input, a *priority value* is assigned to the operation. Over the life of the input, multiple assignments with varying priority values may occur. When the input is evaluated, the current value is determined by finding the setting event with the highest priority.
Note that this approach does not rely on execution order, nor does it rely on multiple named precedence levels. Each setting operation is preserved and this allows the user to [debug](#debugging-inputs-with-the-event-log) the history of the input values.
Some input providers allow you to set a priority when you set the value. For example, to set a priority of 50 in a metadata file, use:
```yaml
inputs:
- name: very_important_input
value: 12
priority: 50
```
To set a priority in DSL, use:
```ruby
input('also_important', value: 42, priority: 45)
```
As packaged, Chef InSpec uses the following priority values:
| Input Provider | Priority | May change priority |
| -------------------------------------- | -------- | ------------------- |
| Inline DSL | 20 | Yes |
| Metadata | 30 | Yes |
| Metadata in a wrapper cookbook | 35 | Yes |
| CLI `--input-file` option | 40 | No |
| inspec-kitchen `inputs:` section | 40 | No |
| audit cookbook `node[:audit][:inputs]` | 40 | No |
### What happened to "Attributes"?
When originally introduced, the Input facility was named *Attributes*. This name was problematic, because:
* The Chef Infra tool uses the same word to describe its parameterization system.
* Chef Infra attributes have a completely different and much more complex precedence system.
* This caused confusion about passing Chef Infra attributes into InSpec when using Audit Cookbook and kitchen-inspec.
Based on these concerns, InSpec attributes have been renamed to InSpec inputs in Chef InSpec v4.
Support for using the DSL keyword `attribute()`, the metadata field `attributes:`, and the corresponding kitchen-inspec and audit cookbook values are anticipated to continue through Chef InSpec v5.
## Working with Inputs in Control Code
### Input Scope
Inputs are available throughout the InSpec profile DSL. You can use them anywhere.
```ruby
# some_controls.rb
input('outer_input', value: 1) # here
control 'control-1' do
input('control_dsl_input', value: 2) # here too
describe some_resource do
input('test_dsl_input', value: 3) # even here
it { should cmp input('expectation_dsl_input') } # and yes here too
end
end
```
### Setting Inputs in Control DSL
When you write `input('some_name', value: 'some_value')`, you are *setting* an input value in the DSL. Because the `value:` option is present, a new value will be set. You may also pass any other option listed in the [input option reference](#input-options-reference).
### Reading Inputs in Control DSL
When you call `input('some_name')`, with or without additional options, the value of the input will be resolved and returned. Note that this process may involve sourcing the value from another provider, using the value set in DSL, or overriding the value provided in the same call.
```ruby
# You can use the value in a Ruby variable
some_var = input('some_input_name')
# Or more directly in a resource parameter
describe file(input('important_path')) do
it { should exist }
end
# Or as the resource itself (this could be a string, here)
describe input('some_setting') do
it { should cmp 'correct_value' }
end
# Or as the expected value
describe file('/etc/httpd/httpd.conf') do
its('owner') { should_not cmp input('webserver_user') }
end
```
The value returned can be used anywhere a Ruby value is used.
## Configuring Inputs in Profile Metadata
Each Chef InSpec profile has a metadata file at the top level named `inspec.yml`. In that file, you may add a section for inputs. You may define inputs there, clearly setting options including values, type checking, and whether the input is required.
```yaml
name: my_profile
inputs:
- name: webserver_user # Name is the only required field
- name: favorite_fruit
value: banana # You can set a value; priority is 30 for metadata
- name: meaning_of_life
type: Numeric
value: 42
required: true
priority: 70
```
All [input options](#input-options-reference) are supported in metadata files.
There are two major advantages to defining inputs in profile metadata:
1. The inputs and their configuration are listed explicitly in simple YAML in one place - a consumer of your profile does not need to read through the control code to find the inputs.
2. You can set inputs in other profiles that you depend on using profile inheritance.
### Using inputs with Profile inheritance
When your profile relies on another profile using the `depends` key in the metadata file, you can set — that is, override — the value of the input in the dependent profile by including the `profile` option and naming the dependent profile.
```yaml
# child inspec.yml
name: child
inputs:
- name: favorite_food
value: pizza
```
```yaml
# wrapper inspec.yml
name: wrapper
depends:
- name: child
path: ../child
inputs:
- name: favorite_food
value: broccoli
profile: child # <----- REQUIRED to override the value in InSpec 4
```
In Chef InSpec 4+, every input is namespaced. For example, you could have an input named `wrapper/favorite_food` and one named `child/favorite_food`. If no explicit profile option is set within the `wrapper` profile metadata file, then `wrapper` is assumed to be the profile.
## Setting Input values using `--input-file`
You may also provide inputs and values via YAML files on the command line. The format can be seen below:
```yaml
an_input: a_value
another_input: another_value
```
CLI-set inputs have a priority of 40.
As of Chef InSpec 4.3.2, this mechanism has the following limitations:
1. No [input options](#input-options-reference) may be set - only the name and value.
2. Because the CLI is outside the scope of any individual profile and the inputs don't take options, the inputs are clumsily copied into every profile, effectively making the CLI mechanism global.
## Input Options Reference
### Name
Required `String`. This option identifies the input.
Allowed in: All. When used in DSL and Metadata, the name is unique within the current profile. When used in CLI input files, audit cookbook, and kitchen-inspec, the input is copied across all profiles using the same name.
### Description
Optional `String`. Human-meaningful explanation of the input.
Allowed in: DSL, Metadata
### Value
Optional, any Ruby or YAML type. This is the value that will be available when you read the input. See the [Reading Inputs](#reading-inputs-in-control-dsl) section for more information.
Allowed in: All
### Type
Optional, `String`. This value must be one of `String`, `Numeric`, `Regexp`, `Array`, `Hash`, `Boolean`, or `Any`. If provided, the value of the input will be checked to see if it is of the corresponding type. Note that `Regexp` indicates that the input value itself should be a regular expression, not that it should match any particular regular expression.
Allowed in: DSL, Metadata
### Required
Optional, `true` or `false`. If `true`, a control using the input will be failed if it [reads](#reading-inputs-in-control-dsl) the value when none has been set.
Allowed in: DSL, Metadata
### Priority
Optional, `Integer`, 0-100. Higher values make this assignment have higher precedence. This is an advanced feature.
Allowed in: DSL, Metadata
### Profile
Optional, `String`. Allows you to set an input in another profile from your profile.
Allowed in: DSL, Metadata
## Advanced Topics
### Debugging Inputs with the Event Log
If it is difficult to determine why a particular value is being used, you can use the Event Log to determine what is happening.
First, use the `input_object()` DSL method. This method is like `input()` in that it looks up an input, but instead of evaluating the current value, it returns the underlying `Inspec::Input` object.
```ruby
puts input_object('troublesome_input').diagnostic_string
# Or
require 'pp'
pp input_object('troublesome_input').events
```
`diagnostic_string` assembles the Event Log into a printable log message for convenience.
The Event Log contains entries for every time that the value changed, as well as one for when the input was first created. When possible, stack probing is used to determine file and line numbers. Most importantly, you will see priority numbers; remember that highest priority wins; order only matters to break a tie.

161
docs/profiles.md
View file

@ -335,166 +335,9 @@ require_resource(profile: 'my_dep', resource: 'my_res',
This will allow you to reference the resource `my_res` from the
profile `my_dep` using the name `my_res2`.
# Profile Attributes
# Profile Inputs
Attributes are frequently used to parameterize a profile for use in different environments or targets. It can also be used define secrets, such as user names and passwords, that should not otherwise be stored in plain-text in a cookbook. Attributes may be set for the whole profile in the `inspec.yml`.
Attributes may contain the following options:
* Use `value` to set a value for the attribute.
* Use `type` to restrict an attribute to a specific type (any, string, numeric, array, hash, boolean, regex).
* Use `required` to mandate the attribute has a value at the time of evaluation.
* Use `description` to set a brief description for the attribute.
## Setting Attributes in the Profile Metadata File
You can specify attributes in your `inspec.yml` using the `attributes` setting. For example, to add a `user` attribute for your profile:
```YAML
attributes:
- name: user
type: string
value: bob
```
Example of adding a array object of servers:
```YAML
attributes:
- name: servers
type: array
value:
- server1
- server2
- server3
```
To access an attribute you will use the `attribute` keyword. You can use this anywhere in your control code.
For example:
```Ruby
current_user = attribute('user')
control 'system-users' do
describe attribute('user') do
it { should eq 'bob' }
end
describe current_user do
it { should eq attribute('user') }
end
end
```
## Setting Attributes in an External YAML Attributes File
For sensitive data it is recommended to use a YAML file located on the local machine to populate the values of attributes. To read values from a YAML file, use run `inspec exec` and specify the path to that YAML file using the `--attrs` attribute.
For example, your profile's metadata file, inspec.yml:
```YAML
attributes:
- name: username
type: string
required: true
- name: password
type: string
required: true
```
The control:
```Ruby
control 'system-users' do
impact 0.8
desc '
This test assures that the user "Bob" has a user installed on the system, along with a
specified password.
'
describe attribute('username') do
it { should eq 'bob' }
end
describe attribute('password') do
it { should eq 'secret' }
end
end
```
And a YAML file named `profile-attribute.yml`:
```YAML
username: bob
password: secret
```
The following command runs the tests and applies the secrets specified in `profile-attribute.yml`:
```bash
$ inspec exec examples/profile-attribute --attrs examples/profile-attribute.yml
```
To change your attributes for platform specific cases you can setup multiple `--attrs` files.
For example, a inspec.yml:
```YAML
attributes:
- name: users
type: array
required: true
```
A YAML file named `windows.yml`
```YAML
users:
- Administrator
- Guest
- Randy
```
A YAML file named `linux.yml`
```YAML
users:
- root
- shadow
- rmadison
```
The control file:
```RUBY
control 'system-users' do
impact 0.8
desc 'Confirm the proper users are created on the system'
describe users do
its('usernames') { should eq attribute('users') }
end
end
```
The following command runs the tests and applies the attributes specified:
```bash
$ inspec exec examples/profile-attribute --attrs examples/windows.yml
$ inspec exec examples/profile-attribute --attrs examples/linux.yml
```
See the full example in the Chef InSpec open source repository: [Example Chef InSpec Profile with Attributes](https://github.com/chef/inspec/tree/master/examples/profile-attribute)
## Attribute Value Precedence
Attribute values are always set in the following precedence (highest to lowest):
1. Values from a file specified on the command line using --attrs
2. Values from a profile metadata file - an inspec.yml with an `attributes:` section
3. Values provided directly in control code - `attribute('user', value: 'bob')`
Our documentation regarding [Inputs](docs/reference/inputs/) is now on a dedicated page.
# Profile files

2
docs/resources/apache.md.erb
View file

@ -5,7 +5,7 @@ platform: linux
# apache
<p class="warning">This resource is deprecated and should not be used. It was removed in Chef InSpec 4.0. The documentation below is preserved as a reference. Replacement functionality is available in the [apache_conf](apache_conf/) resource.</p>
**Warning**:This resource is deprecated and should not be used. It was removed in Chef InSpec 4.0. The documentation below is preserved as a reference. Replacement functionality is available in the [`apache_conf`](/docs/reference/resources/apache_conf) resource.
Use the `apache` Chef InSpec audit resource to test the state of the Apache server on Linux/Unix systems.

2
docs/resources/azure_generic_resource.md.erb
View file

@ -4,7 +4,7 @@ title: About the azure_generic_resource Resource
# azure\_generic\_resource
<p class="warning">This resource is deprecated and should not be used. It will be removed in Chef InSpec 5.0. Instead of using any of the demonstration Azure resources included with Chef InSpec, use the [`inspec-azure`](https://github.com/inspec/inspec-azure) resource pack, which offers rich functionality and specific resources to fit many common use cases.</p>
**Warning**: This resource is deprecated and should not be used. It will be removed in Chef InSpec 5.0. Instead of using any of the demonstration Azure resources included with Chef InSpec, use the [`inspec-azure`](https://github.com/inspec/inspec-azure) resource pack, which offers rich functionality and specific resources to fit many common use cases.
Use the `azure_generic_resource` Chef InSpec audit resource to test any valid Azure Resource. This is very useful if you need to test something that we do not yet have a specific Chef InSpec resource for.

10
docs/resources/registry_key.md.erb
View file

@ -61,9 +61,8 @@ or may be enclosed in a double-quoted string with an extra backslash as an escap
"HKCU\\SOFTWARE\\path\\to\\key\\Themes"
<p class="warning">
Please make sure that you use backslashes instead of forward slashes. Forward slashes will not work for registry keys.
</p>
**Warning**: Please make sure that you use backslashes instead of forward slashes. Forward slashes will not work for registry keys.
# The following will not work:
# describe registry_key('HKLM/SOFTWARE/Microsoft/NET Framework Setup/NDP/v4/Full/1033') do
@ -158,9 +157,8 @@ The `name` matcher tests the value for the specified registry setting:
its('name') { should eq 'value' }
<p class="warning">
Any name with a dot will not work as expected: <code>its('explorer.exe') { should eq 'test' }</code>. For details, see <a href="https://github.com/inspec/inspec/issues/1281">https://github.com/inspec/inspec/issues/1281</a>
</p>
**Warning**: Any name with a dot will not work as expected: <code>its('explorer.exe') { should eq 'test' }</code>. For details, see <a href="https://github.com/inspec/inspec/issues/1281">https://github.com/inspec/inspec/issues/1281</a>
# instead of:
# its('explorer.exe') { should eq 'test' }

5
etc/deprecations.json
View file

@ -11,6 +11,11 @@
"comment": "See #3853",
"prefix": "The 'attribute' DSL keyword is being replaced by 'input' - please use it instead."
},
"attrs_rename_in_metadata": {
"action": "ignore",
"comment": "See 3854",
"prefix": "Inputs should be specified by using the 'inputs' key in profile metadata, not 'attributes'."
},
"aws_resources_in_resource_pack": {
"comment": "See #3822",
"action": "warn",

4
examples/custom-resource/libraries/batsignal.rb
View file

@ -1,5 +1,5 @@
class Batsignal < Inspec.resource(1)
name 'batsignal'
name "batsignal"
example "
describe batsignal do
@ -15,6 +15,6 @@ class Batsignal < Inspec.resource(1)
def local_command_call
# call out to a core resource
inspec.command('echo 4').stdout.to_i
inspec.command("echo 4").stdout.to_i
end
end

3
examples/custom-resource/libraries/gordon.rb
View file

@ -1,5 +1,5 @@
class Gordon < Inspec.resource(1)
name 'gordon'
name "gordon"
example "
describe gordon do
@ -18,4 +18,3 @@ class Gordon < Inspec.resource(1)
true
end
end

22
examples/kitchen-ansible/Gemfile
View file

@ -1,18 +1,18 @@
source 'https://rubygems.org'
source "https://rubygems.org"
gem 'inspec', path: '../../.'
gem "inspec", path: "../../."
group :test do
gem 'bundler', '~> 1.5'
gem 'minitest', '~> 5.5'
gem 'rake', '~> 10'
gem 'simplecov', '~> 0.10'
gem "bundler", "~> 1.5"
gem "minitest", "~> 5.5"
gem "rake", "~> 10"
gem "simplecov", "~> 0.10"
end
group :integration do
gem 'test-kitchen', '~> 1.4'
gem 'kitchen-ansible'
gem 'kitchen-vagrant'
gem 'kitchen-inspec'
gem 'concurrent-ruby', '~> 1.0'
gem "test-kitchen", "~> 1.4"
gem "kitchen-ansible"
gem "kitchen-vagrant"
gem "kitchen-inspec"
gem "concurrent-ruby", "~> 1.0"
end

14
examples/kitchen-ansible/test/integration/default/web_spec.rb
View file

@ -1,14 +1,14 @@
# use basic tests
describe package('nginx') do
describe package("nginx") do
it { should be_installed }
end
# extend tests with metadata
control '01' do
control "01" do
impact 0.7
title 'Verify nginx service'
desc 'Ensures nginx service is up and running'
describe service('nginx') do
title "Verify nginx service"
desc "Ensures nginx service is up and running"
describe service("nginx") do
it { should be_enabled }
it { should be_installed }
it { should be_running }
@ -16,8 +16,8 @@ control '01' do
end
# implement os dependent tests
web_user = 'www-data'
web_user = 'nginx' if os[:family] == 'centos'
web_user = "www-data"
web_user = "nginx" if os[:family] == "centos"
describe user(web_user) do
it { should exist }

2
examples/kitchen-chef/Berksfile
View file

@ -1,3 +1,3 @@
source 'https://supermarket.chef.io'
source "https://supermarket.chef.io"
metadata

22
examples/kitchen-chef/Gemfile
View file

@ -1,18 +1,18 @@
source 'https://rubygems.org'
source "https://rubygems.org"
gem 'inspec', path: '../../.'
gem "inspec", path: "../../."
group :test do
gem 'bundler', '~> 1.5'
gem 'minitest', '~> 5.5'
gem 'rake', '~> 10'
gem 'simplecov', '~> 0.10'
gem "bundler", "~> 1.5"
gem "minitest", "~> 5.5"
gem "rake", "~> 10"
gem "simplecov", "~> 0.10"
end
group :integration do
gem 'berkshelf', '~> 4.0'
gem 'test-kitchen', '~> 1.4'
gem 'kitchen-vagrant'
gem 'kitchen-inspec'
gem 'concurrent-ruby', '~> 0.9'
gem "berkshelf", "~> 4.0"
gem "test-kitchen", "~> 1.4"
gem "kitchen-vagrant"
gem "kitchen-inspec"
gem "concurrent-ruby", "~> 0.9"
end

14
examples/kitchen-chef/metadata.rb
View file

@ -1,7 +1,7 @@
name 'prepare'
maintainer 'Chef Software, Inc.'
maintainer_email 'support@chef.io'
description 'This cookbook prepares the test operating systems'
version '1.0.0'
depends 'apt'
depends 'yum'
name "prepare"
maintainer "Chef Software, Inc."
maintainer_email "support@chef.io"
description "This cookbook prepares the test operating systems"
version "1.0.0"
depends "apt"
depends "yum"

2
examples/kitchen-chef/recipes/default.rb
View file

@ -1,2 +1,2 @@
# install nginx
include_recipe('prepare::nginx')
include_recipe("prepare::nginx")

24
examples/kitchen-chef/recipes/nginx.rb
View file

@ -1,25 +1,25 @@
# install repositories for nginx
case node['platform']
when 'ubuntu'
case node["platform"]
when "ubuntu"
# if ubuntu, install
apt_repository 'nginx-php' do
uri 'ppa:nginx/stable'
distribution node['lsb']['codename']
apt_repository "nginx-php" do
uri "ppa:nginx/stable"
distribution node["lsb"]["codename"]
end
when 'centos'
when "centos"
# add repo for Centos 7
yum_repository 'nginx' do
description 'Nginx Repo'
baseurl 'http://nginx.org/packages/centos/7/x86_64'
gpgkey 'http://nginx.org/keys/nginx_signing.key'
yum_repository "nginx" do
description "Nginx Repo"
baseurl "http://nginx.org/packages/centos/7/x86_64"
gpgkey "http://nginx.org/keys/nginx_signing.key"
action :create
end
end
# install nginx package
package 'nginx'
package "nginx"
# start the service
service 'nginx' do
service "nginx" do
action :start
end

14
examples/kitchen-chef/test/integration/default/web_spec.rb
View file

@ -1,14 +1,14 @@
# use basic tests
describe package('nginx') do
describe package("nginx") do
it { should be_installed }
end
# extend tests with metadata
control '01' do
control "01" do
impact 0.7
title 'Verify nginx service'
desc 'Ensures nginx service is up and running'
describe service('nginx') do
title "Verify nginx service"
desc "Ensures nginx service is up and running"
describe service("nginx") do
it { should be_enabled }
it { should be_installed }
it { should be_running }
@ -16,8 +16,8 @@ control '01' do
end
# implement os dependent tests
web_user = 'www-data'
web_user = 'nginx' if os[:family] == 'centos'
web_user = "www-data"
web_user = "nginx" if os[:family] == "centos"
describe user(web_user) do
it { should exist }

24
examples/kitchen-puppet/Gemfile
View file

@ -1,19 +1,19 @@
source 'https://rubygems.org'
source "https://rubygems.org"
gem 'inspec', path: '../../.'
gem "inspec", path: "../../."
group :test do
gem 'bundler', '~> 1.5'
gem 'minitest', '~> 5.5'
gem 'rake', '~> 10'
gem 'simplecov', '~> 0.10'
gem "bundler", "~> 1.5"
gem "minitest", "~> 5.5"
gem "rake", "~> 10"
gem "simplecov", "~> 0.10"
end
group :integration do
gem 'test-kitchen', '~> 1.4'
gem 'kitchen-vagrant'
gem 'kitchen-puppet'
gem 'librarian-puppet'
gem 'kitchen-inspec'
gem 'concurrent-ruby', '~> 0.9'
gem "test-kitchen", "~> 1.4"
gem "kitchen-vagrant"
gem "kitchen-puppet"
gem "librarian-puppet"
gem "kitchen-inspec"
gem "concurrent-ruby", "~> 0.9"
end

2
examples/kitchen-puppet/Puppetfile
View file

@ -1,5 +1,5 @@
#!/usr/bin/env ruby
#^syntax detection
# ^syntax detection
forge "https://forgeapi.puppetlabs.com"

14
examples/kitchen-puppet/test/integration/default/web_spec.rb
View file

@ -1,14 +1,14 @@
# use basic tests
describe package('nginx') do
describe package("nginx") do
it { should be_installed }
end
# extend tests with metadata
control '01' do
control "01" do
impact 0.7
title 'Verify nginx service'
desc 'Ensures nginx service is up and running'
describe service('nginx') do
title "Verify nginx service"
desc "Ensures nginx service is up and running"
describe service("nginx") do
it { should be_enabled }
it { should be_installed }
it { should be_running }
@ -16,8 +16,8 @@ control '01' do
end
# implement os dependent tests
web_user = 'www-data'
web_user = 'nginx' if os[:family] == 'centos'
web_user = "www-data"
web_user = "nginx" if os[:family] == "centos"
describe user(web_user) do
it { should exist }

12
examples/plugins/inspec-resource-lister/Gemfile
View file

@ -1,11 +1,11 @@
source 'https://rubygems.org'
source "https://rubygems.org"
gemspec
group :development do
gem 'bundler'
gem 'byebug'
gem 'minitest'
gem 'rake'
gem 'rubocop', '= 0.49.1' # Need to keep in sync with main InSpec project, so config files will work
gem "bundler"
gem "byebug"
gem "minitest"
gem "rake"
gem "rubocop", "= 0.49.1" # Need to keep in sync with main InSpec project, so config files will work
end

16
examples/plugins/inspec-resource-lister/Rakefile
View file

@ -7,13 +7,13 @@
# This task template will make a task named 'test', and run
# the tests that it finds.
require 'rake/testtask'
require "rake/testtask"
Rake::TestTask.new do |t|
t.libs.push 'lib'
t.libs.push "lib"
t.test_files = FileList[
'test/unit/*_test.rb',
'test/functional/*_test.rb',
"test/unit/*_test.rb",
"test/functional/*_test.rb",
]
t.verbose = true
# Ideally, we'd run tests with warnings enabled,
@ -26,15 +26,15 @@ end
#------------------------------------------------------------------#
# Code Style Tasks
#------------------------------------------------------------------#
require 'rubocop/rake_task'
require "rubocop/rake_task"
RuboCop::RakeTask.new(:lint) do |t|
# Choices of rubocop rules to enforce are deeply personal.
# Here, we set things up so that your plugin will use the Bundler-installed
# inspec gem's copy of the InSpec project's rubocop.yml file (which
# is indeed packaged with the inspec gem).
require 'inspec/globals'
inspec_rubocop_yml = File.join(Inspec.src_root, '.rubocop.yml')
require "inspec/globals"
inspec_rubocop_yml = File.join(Inspec.src_root, ".rubocop.yml")
t.options = ['--display-cop-names', '--config', inspec_rubocop_yml]
t.options = ["--display-cop-names", "--config", inspec_rubocop_yml]
end

24
examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec
View file

@ -4,23 +4,23 @@
# It is traditional in a gemspec to dynamically load the current version
# from a file in the source tree. The next three lines make that happen.
lib = File.expand_path('../lib', __FILE__)
lib = File.expand_path("../lib", __FILE__)
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
require 'inspec-resource-lister/version'
require "inspec-resource-lister/version"
Gem::Specification.new do |spec|
# Importantly, all InSpec plugins must be prefixed with `inspec-` (most
# plugins) or `train-` (plugins which add new connectivity features).
spec.name = 'inspec-resource-lister'
spec.name = "inspec-resource-lister"
# It is polite to namespace your plugin under InspecPlugins::YourPluginInCamelCase
spec.version = InspecPlugins::ResourceLister::VERSION
spec.authors = ['Clinton Wolfe']
spec.email = ['cwolfe@chef.io']
spec.summary = 'InSpec Plugin example, lists available resources'
spec.description = 'Example for implementing an InSpec Plugin. This simply lists available resources.'
spec.homepage = 'https://github.com/inspec/inspec/tree/master/examples/plugin'
spec.license = 'Apache-2.0'
spec.authors = ["Clinton Wolfe"]
spec.email = ["cwolfe@chef.io"]
spec.summary = "InSpec Plugin example, lists available resources"
spec.description = "Example for implementing an InSpec Plugin. This simply lists available resources."
spec.homepage = "https://github.com/inspec/inspec/tree/master/examples/plugin"
spec.license = "Apache-2.0"
# Though complicated-looking, this is pretty standard for a gemspec.
# It just filters what will actually be packaged in the gem (leaving
@ -28,9 +28,9 @@ Gem::Specification.new do |spec|
spec.files = %w{
README.md inspec-resource-lister.gemspec Gemfile
} + Dir.glob(
'lib/**/*', File::FNM_DOTMATCH
"lib/**/*", File::FNM_DOTMATCH
).reject { |f| File.directory?(f) }
spec.require_paths = ['lib']
spec.require_paths = ["lib"]
# If you rely on any other gems, list them here with any constraints.
# This is how `inspec plugin install` is able to manage your dependencies.
@ -39,5 +39,5 @@ Gem::Specification.new do |spec|
# All plugins should mention inspec, > 2.2.78
# 2.2.78 included the v2 Plugin API
spec.add_dependency 'inspec', '>=2.2.78', '<4.0.0'
spec.add_dependency "inspec", ">=2.2.78", "<4.0.0"
end

2
examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb
View file

@ -11,4 +11,4 @@
libdir = File.dirname(__FILE__)
$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
require 'inspec-resource-lister/plugin'
require "inspec-resource-lister/plugin"

12
examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb
View file

@ -1,4 +1,4 @@
require 'inspec/resource'
require "inspec/resource"
module InspecPlugins::ResourceLister
# This class will provide the actual CLI implementation.
@ -16,18 +16,18 @@ module InspecPlugins::ResourceLister
# register the subcommand. Args are a usage message, and a short decription.
# These will appear when someone has installed the plugin, and then they
# run `inspec help`.
subcommand_desc 'list-resources [COMMAND]', 'List resources that InSpec finds.'
subcommand_desc "list-resources [COMMAND]", "List resources that InSpec finds."
# The usual rhythm for a Thor CLI file is description, options, command method.
# Thor just has you call DSL methods in sequence prior to each command.
# Let's make a command, 'core', that lists all of the resources included with InSpec.
# First, provide a usage / description. This will appear in `inspec help list-resources`.
desc 'core [OPTIONS]', 'List resources that are included with InSpec.'
desc "core [OPTIONS]", "List resources that are included with InSpec."
# Let's include an option, -s, to summarize the list.
# Refer to the Thors docs; there is a lot you can do here.
option :summary, desc: 'Include a total at the bottom', \
option :summary, desc: "Include a total at the bottom", \
type: :boolean, default: true, aliases: [:s]
# OK, now the actual method itself. If you provide params, you're telling Thor that
@ -42,7 +42,7 @@ module InspecPlugins::ResourceLister
# If we were passed a CLI arg, wrap the arg in Regexp matchers so
# we will match anywhere in the name.
unless pattern == /.+/
pattern = Regexp.new('.*' + pattern + '.*')
pattern = Regexp.new(".*" + pattern + ".*")
end
# This gets a bit into InSpec innards; but this is simply a Hash.
@ -53,7 +53,7 @@ module InspecPlugins::ResourceLister
resource_names.each { |name| puts name }
if options[:summary]
puts '-' * 30
puts "-" * 30
puts "#{resource_names.count} resources total"
end
end

4
examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb
View file

@ -7,7 +7,7 @@
# fast and light by only loading heavy things when they are needed.
# Presumably this is light
require 'inspec-resource-lister/version'
require "inspec-resource-lister/version"
# The InspecPlugins namespace is where all plugins should declare themselves.
# The 'Inspec' capitalization is used throughout the InSpec source code; yes, it's
@ -42,7 +42,7 @@ module InspecPlugins
# functionality.
# For example, InSpec will activate this hook when `inspec help` is
# executed, so that this plugin's usage message will be included in the help.
require 'inspec-resource-lister/cli_command'
require "inspec-resource-lister/cli_command"
# Having loaded our functionality, return a class that will let the
# CLI engine tap into it.

2
examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb
View file

@ -3,6 +3,6 @@
# to learn the current version.
module InspecPlugins
module ResourceLister
VERSION = '0.1.0'.freeze
VERSION = "0.1.0".freeze
end
end

24
examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb
View file

@ -4,11 +4,11 @@
# Functional tests generally do not have inside knowledge of how the plugin works.
# Include our test harness
require_relative '../helper'
require_relative "../helper"
# Because InSpec is a Spec-style test suite, we're going to use Minitest::Spec
# here, for familiar look and feel. However, this isn't InSpec (or RSpec) code.
describe 'inspec list-resources core' do
describe "inspec list-resources core" do
# Our helper.rb locates this library from the InSpec install that
# Bundler installed for us. If we want its methods, we still must
# import it. Including it here will make it available in all child
@ -30,7 +30,7 @@ describe 'inspec list-resources core' do
# think that this plugin we are currently testing is installed as a
# user plugin, by writing a plugin config file in a temp dir.
# To use it, just provide a command line, minus the word `inspec`.
let (:outcome) { run_inspec_process_with_this_plugin('listresources core') }
let(:outcome) { run_inspec_process_with_this_plugin("listresources core") }
# Some tests through here use minitest Expectations, which attach to all
# Objects, and begin with 'must' (positive) or 'wont' (negative)
@ -40,7 +40,7 @@ describe 'inspec list-resources core' do
# A selection of core resources, just spot checking.
# This is an example of using Ruby to define sets of tests.
['process', 'service', 'user', 'file'].each do |resource_name|
%w{process service user file}.each do |resource_name|
it "should mention the '#{resource_name}' resource" do
outcome.stdout.must_include(resource_name)
end
@ -48,7 +48,7 @@ describe 'inspec list-resources core' do
# Check for the summary
it "should mention the summary" do
outcome.stdout.must_include('resources total')
outcome.stdout.must_include("resources total")
end
end
@ -56,19 +56,19 @@ describe 'inspec list-resources core' do
describe "when run with a search pattern that matches things" do
# Notice that the command line is changed here:
# "list all resources that have the word user in them"
let (:outcome) { run_inspec_process_with_this_plugin('listresources core user') }
let(:outcome) { run_inspec_process_with_this_plugin("listresources core user") }
# Should be well-behaved...
it("should exit successfully") { outcome.exit_status.must_equal(0) }
it("should be silent on stderr") { outcome.stderr.must_be_empty }
# Here, we want to know it DID match some things, and NOT some others.
['user', 'users'].each do |resource_name|
%w{user users}.each do |resource_name|
it "should mention the '#{resource_name}' resource" do
outcome.stdout.must_include(resource_name)
end
end
['process', 'service', 'file'].each do |resource_name|
%w{process service file}.each do |resource_name|
it "should NOT mention the '#{resource_name}' resource" do
outcome.stdout.wont_include(resource_name)
end
@ -76,7 +76,7 @@ describe 'inspec list-resources core' do
end
describe "when run with a search pattern that matches nothing" do
# Unlikely we'll have a resource with the string 'autogyro' in it.
let (:outcome) { run_inspec_process_with_this_plugin('listresources core autogyro') }
let(:outcome) { run_inspec_process_with_this_plugin("listresources core autogyro") }
# Should be well-behaved...
it("should exit successfully") { outcome.exit_status.must_equal(0) }
@ -89,14 +89,14 @@ describe 'inspec list-resources core' do
# Check for the summary
it "should mention a zero-resource summary" do
outcome.stdout.must_include('0 resources total')
outcome.stdout.must_include("0 resources total")
end
end
# Exercise the summary option, which defaults to 'true'.
describe "when run with the no-summary flag" do
# Alter the command string to include the no-summary option
let(:outcome) { run_inspec_process_with_this_plugin('listresources core --no-summary') }
let(:outcome) { run_inspec_process_with_this_plugin("listresources core --no-summary") }
# Should be well-behaved...
it("should exit successfully") { outcome.exit_status.must_equal(0) }
@ -104,7 +104,7 @@ describe 'inspec list-resources core' do
# Check for the summary
it "should NOT mention summary" do
outcome.stdout.wont_include('0 resources total')
outcome.stdout.wont_include("0 resources total")
end
end
end

8
examples/plugins/inspec-resource-lister/test/helper.rb
View file

@ -6,11 +6,11 @@
# InSpec core provides a number of such libraries and facilities, in the file
# lib/pligins/shared/core_plugin_test_helper.rb . So, one job in this file is
# to locate and load that file.
require 'inspec/../plugins/shared/core_plugin_test_helper'
require "inspec/../plugins/shared/core_plugin_test_helper"
# Also load the InSpec plugin system. We need this so we can unit-test the plugin
# classes, which will rely on the plugin system.
require 'inspec/plugin/v2'
require "inspec/plugin/v2"
# Caution: loading all of InSpec (i.e. require 'inspec') may cause interference with
# minitest/spec; one symptom would be appearing to have no tests.
@ -19,8 +19,8 @@ require 'inspec/plugin/v2'
# You can select from a number of test harnesses. Since InSpec uses Spec-style controls
# in profile code, you will probably want to use something like minitest/spec, which provides
# Spec-style tests.
require 'minitest/spec'
require 'minitest/autorun'
require "minitest/spec"
require "minitest/autorun"
# You might want to put some debugging tools here. We run tests to find bugs, after all.
# require 'byebug'

8
examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb
View file

@ -2,10 +2,10 @@
# inspec-resource-lister are correct.
# Include our test harness
require_relative '../helper'
require_relative "../helper"
# Load the class under test, the CliCommand definition.
require 'inspec-resource-lister/cli_command'
require "inspec-resource-lister/cli_command"
# Because InSpec is a Spec-style test suite, we're going to use Minitest::Spec
# here, for familiar look and feel. However, this isn't InSpec (or RSpec) code.
@ -20,11 +20,11 @@ describe InspecPlugins::ResourceLister::CliCommand do
let(:cli_class) { InspecPlugins::ResourceLister::CliCommand }
# This is a Hash of Structs that tells us details of options for the 'core' subcommand.
let(:core_options) { cli_class.all_commands['core'].options }
let(:core_options) { cli_class.all_commands["core"].options }
# To group tests together, you can nest 'describe' in minitest/spec
# (that is discouraged in InSpec control code.)
describe 'the core command' do
describe "the core command" do
# Some tests through here use minitest Expectations, which attach to all
# Objects, and begin with 'must' (positive) or 'wont' (negative)

4
examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb
View file

@ -2,10 +2,10 @@
# the inspec-resource-lister plugin is configured correctly.
# Include our test harness
require_relative '../helper'
require_relative "../helper"
# Load the class under test, the Plugin definition.
require 'inspec-resource-lister/plugin'
require "inspec-resource-lister/plugin"
# Because InSpec is a Spec-style test suite, we're going to use Minitest::Spec
# here, for familiar look and feel. However, this isn't InSpec (or RSpec) code.

4
examples/profile-attribute/controls/example.rb
View file

@ -1,5 +1,5 @@
val_user = attribute('user', value: 'alice', description: 'An identification for the user')
val_password = attribute('password', description: 'A value for the password')
val_user = input('user', value: 'alice', description: 'An identification for the user')
val_password = input('password', description: 'A value for the password')
describe val_user do
it { should eq 'bob' }

18
examples/profile/libraries/gordon_config.rb
View file

@ -1,11 +1,11 @@
require 'yaml'
require "yaml"
# Custom resource based on the InSpec resource DSL
class GordonConfig < Inspec.resource(1)
name 'gordon_config'
name "gordon_config"
supports platform: 'unix'
supports platform: 'windows'
supports platform: "unix"
supports platform: "windows"
desc "
Gordon's resource description ...
@ -21,7 +21,7 @@ class GordonConfig < Inspec.resource(1)
# Load the configuration file on initialization
def initialize
@params = {}
@path = '/tmp/gordon/config.yaml'
@path = "/tmp/gordon/config.yaml"
@file = inspec.file(@path)
unless @file.file?
@ -32,9 +32,9 @@ class GordonConfig < Inspec.resource(1)
begin
@params = YAML.load(@file.content)
# Add two extra matchers
@params['file_size'] = @file.size
@params['file_path'] = @path
@params['ruby'] = 'RUBY IS HERE TO HELP ME!'
@params["file_size"] = @file.size
@params["file_path"] = @path
@params["ruby"] = "RUBY IS HERE TO HELP ME!"
rescue StandardError => e
raise Inspec::Exceptions::ResourceSkipped, "#{@file}: #{e.message}"
end
@ -49,7 +49,7 @@ class GordonConfig < Inspec.resource(1)
# Example matcher for the number of commas in the file
def comma_count
text = @file.content
text.count(',')
text.count(",")
end
# Expose all parameters

4
inspec-bin/Gemfile
View file

@ -1,2 +1,2 @@
source 'https://rubygems.org'
gemspec
source "https://rubygems.org"
gemspec name: "inspec-bin"

5
inspec-bin/bin/inspec
View file

@ -4,9 +4,8 @@
Encoding.default_external = Encoding::UTF_8
Encoding.default_internal = Encoding::UTF_8
lib = File.expand_path('../lib', __FILE__)
lib = File.expand_path("../lib", __FILE__)
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
require 'inspec'
require 'inspec/cli'
require "inspec/cli"
Inspec::InspecCLI.start(ARGV, enforce_license: true)

32
inspec-bin/inspec-bin.gemspec
View file

@ -1,27 +1,27 @@
lib = File.expand_path('../lib', __FILE__)
lib = File.expand_path("../lib", __FILE__)
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
require 'inspec-bin/version'
require "inspec-bin/version"
Gem::Specification.new do |spec|
spec.name = 'inspec-bin'
spec.name = "inspec-bin"
spec.version = InspecBin::VERSION
spec.authors = ['Chef InSpec Core Engineering ']
spec.email = ['inspec@chef.io']
spec.summary = 'Infrastructure and compliance testing.'
spec.description = 'InSpec executable for inspec gem. Use of this executable may require accepting a license agreement.'
spec.homepage = 'https://github.com/inspec/inspec/tree/master/inspec-bin'
spec.license = 'Apache-2.0'
spec.authors = ["Chef InSpec Core Engineering "]
spec.email = ["inspec@chef.io"]
spec.summary = "Infrastructure and compliance testing."
spec.description = "InSpec executable for inspec gem. Use of this executable may require accepting a license agreement."
spec.homepage = "https://github.com/inspec/inspec/tree/master/inspec-bin"
spec.license = "Apache-2.0"
spec.require_paths = ['lib']
spec.required_ruby_version = '>= 2.4'
spec.require_paths = ["lib"]
spec.required_ruby_version = ">= 2.4"
spec.add_dependency 'inspec', "= #{InspecBin::VERSION}"
spec.add_development_dependency 'rake'
spec.add_dependency "inspec", "= #{InspecBin::VERSION}"
spec.add_development_dependency "rake"
spec.files = %w{README.md LICENSE Gemfile} + Dir.glob('*.gemspec') +
Dir.glob('{lib,bin}/**/*', File::FNM_DOTMATCH).reject { |f| File.directory?(f) }
spec.files = %w{README.md LICENSE Gemfile} + Dir.glob("*.gemspec") +
Dir.glob("{lib,bin}/**/*", File::FNM_DOTMATCH).reject { |f| File.directory?(f) }
spec.bindir = 'bin'
spec.bindir = "bin"
spec.executables = %w{inspec}
end

30
inspec-bin/inspec-core-bin.gemspec Normal file
View file

@ -0,0 +1,30 @@
lib = File.expand_path("../lib", __FILE__)
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
require "inspec-bin/version"
# This is just link inspec-bin, but relies on inspec-core instead of inspec
# inspec-core is a stripped-down version of the inspec gem with fewer exotic dependencies
Gem::Specification.new do |spec|
spec.name = "inspec-core-bin" # dallas multi-pass
spec.version = InspecBin::VERSION
spec.authors = ["Chef InSpec Core Engineering "]
spec.email = ["inspec@chef.io"]
spec.summary = "Infrastructure and compliance testing."
spec.description = "InSpec executable for inspec-core gem. Use of this executable may require accepting a license agreement."
spec.homepage = "https://github.com/inspec/inspec/tree/master/inspec-bin"
spec.license = "Apache-2.0"
spec.require_paths = ["lib"]
spec.required_ruby_version = ">= 2.4"
spec.add_dependency "inspec-core", "= #{InspecBin::VERSION}"
spec.add_development_dependency "rake"
spec.files = %w{README.md LICENSE Gemfile} + ["inspec-core-bin.gemspec"] +
Dir.glob("{lib,bin}/**/*", File::FNM_DOTMATCH).reject { |f| File.directory?(f) }
spec.bindir = "bin"
spec.executables = %w{inspec}
end

4
inspec-bin/lib/inspec-bin/version.rb
View file

@ -1,5 +1,5 @@
# This file managed by automation - do not edit manually
module InspecBin
INSPECBIN_ROOT = File.expand_path('../..', __FILE__)
VERSION = '4.4.65'.freeze
INSPECBIN_ROOT = File.expand_path("../..", __FILE__)
VERSION = "4.6.4".freeze
end

72
inspec-core.gemspec
View file

@ -1,46 +1,46 @@
lib = File.expand_path('../lib', __FILE__)
lib = File.expand_path("../lib", __FILE__)
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
require 'inspec/version'
require "inspec/version"
Gem::Specification.new do |spec|
spec.name = 'inspec-core'
spec.name = "inspec-core"
spec.version = Inspec::VERSION
spec.authors = ['Dominik Richter']
spec.email = ['dominik.richter@gmail.com']
spec.summary = 'Just InSpec'
spec.description = 'Core InSpec, local support only. See `inspec` for full support.'
spec.homepage = 'https://github.com/chef/inspec'
spec.license = 'Apache-2.0'
spec.authors = ["Dominik Richter"]
spec.email = ["dominik.richter@gmail.com"]
spec.summary = "Just InSpec"
spec.description = "Core InSpec, local support only. See `inspec` for full support."
spec.homepage = "https://github.com/chef/inspec"
spec.license = "Apache-2.0"
spec.files = %w{README.md LICENSE} + Dir.glob('{bin,lib,etc}/**/*', File::FNM_DOTMATCH)
spec.files = %w{README.md LICENSE} + Dir.glob("{bin,lib,etc}/**/*", File::FNM_DOTMATCH)
.reject { |f| File.directory?(f) || f =~ /aws|azure|gcp/ || f =~ %r{lib/plugins/.*/test/} }
spec.require_paths = ['lib']
spec.require_paths = ["lib"]
spec.required_ruby_version = '>= 2.4'
spec.required_ruby_version = ">= 2.4"
spec.add_dependency 'train-core', '~> 2.0'
spec.add_dependency 'license-acceptance', '>= 0.2.13', '< 2.0'
spec.add_dependency 'thor', '~> 0.20'
spec.add_dependency 'json', '>= 1.8', '< 3.0'
spec.add_dependency 'method_source', '~> 0.8'
spec.add_dependency 'rubyzip', '~> 1.1'
spec.add_dependency 'rspec', '~> 3'
spec.add_dependency 'rspec-its', '~> 1.2'
spec.add_dependency 'hashie', '~> 3.4'
spec.add_dependency 'mixlib-log'
spec.add_dependency 'pry', '~> 0'
spec.add_dependency 'sslshake', '~> 1.2'
spec.add_dependency 'parallel', '~> 1.9'
spec.add_dependency 'faraday', '>=0.9.0'
spec.add_dependency 'faraday_middleware', '~> 0.12.2'
spec.add_dependency 'tomlrb', '~> 1.2'
spec.add_dependency 'addressable', '~> 2.4'
spec.add_dependency 'parslet', '~> 1.5'
spec.add_dependency 'semverse'
spec.add_dependency 'htmlentities'
spec.add_dependency 'multipart-post'
spec.add_dependency 'tty-table', '~> 0.10'
spec.add_dependency 'tty-prompt', '~> 0.17'
spec.add_dependency 'term-ansicolor'
spec.add_dependency "train-core", "~> 2.0"
spec.add_dependency "license-acceptance", ">= 0.2.13", "< 2.0"
spec.add_dependency "thor", "~> 0.20"
spec.add_dependency "json-schema", "~> 2.8"
spec.add_dependency "method_source", "~> 0.8"
spec.add_dependency "rubyzip", "~> 1.1"
spec.add_dependency "rspec", "~> 3"
spec.add_dependency "rspec-its", "~> 1.2"
spec.add_dependency "hashie", "~> 3.4"
spec.add_dependency "mixlib-log"
spec.add_dependency "pry", "~> 0"
spec.add_dependency "sslshake", "~> 1.2"
spec.add_dependency "parallel", "~> 1.9"
spec.add_dependency "faraday", ">=0.9.0"
spec.add_dependency "faraday_middleware", "~> 0.12.2"
spec.add_dependency "tomlrb", "~> 1.2"
spec.add_dependency "addressable", "~> 2.4"
spec.add_dependency "parslet", "~> 1.5"
spec.add_dependency "semverse"
spec.add_dependency "htmlentities"
spec.add_dependency "multipart-post"
spec.add_dependency "tty-table", "~> 0.10"
spec.add_dependency "tty-prompt", "~> 0.17"
spec.add_dependency "term-ansicolor"
end

76
inspec.gemspec
View file

@ -1,56 +1,56 @@
lib = File.expand_path('../lib', __FILE__)
lib = File.expand_path("../lib", __FILE__)
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
require 'inspec/version'
require "inspec/version"
Gem::Specification.new do |spec|
spec.name = 'inspec'
spec.name = "inspec"
spec.version = Inspec::VERSION
spec.authors = ['Chef InSpec Team']
spec.email = ['inspec@chef.io']
spec.summary = 'Infrastructure and compliance testing.'
spec.description = 'InSpec provides a framework for creating end-to-end infrastructure tests. You can use it for integration or even compliance testing. Create fully portable test profiles and use them in your workflow to ensure stability and security. Integrate InSpec in your change lifecycle for local testing, CI/CD, and deployment verification.'
spec.homepage = 'https://github.com/inspec/inspec'
spec.license = 'Apache-2.0'
spec.authors = ["Chef InSpec Team"]
spec.email = ["inspec@chef.io"]
spec.summary = "Infrastructure and compliance testing."
spec.description = "InSpec provides a framework for creating end-to-end infrastructure tests. You can use it for integration or even compliance testing. Create fully portable test profiles and use them in your workflow to ensure stability and security. Integrate InSpec in your change lifecycle for local testing, CI/CD, and deployment verification."
spec.homepage = "https://github.com/inspec/inspec"
spec.license = "Apache-2.0"
# the gemfile and gemspec are necessary for appbundler so don't remove it
spec.files = %w{Gemfile inspec.gemspec README.md LICENSE} + Dir.glob(
'{bin,lib,etc}/**/*', File::FNM_DOTMATCH
"{bin,lib,etc}/**/*", File::FNM_DOTMATCH
).reject { |f| File.directory?(f) }
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
.reject { |f| File.directory?(f) || f =~ %r{lib/plugins/.*/test/} }
spec.require_paths = ['lib']
spec.require_paths = ["lib"]
spec.required_ruby_version = '>= 2.4'
spec.required_ruby_version = ">= 2.4"
spec.add_dependency 'train', '~> 2.0' # Inspec 4 must have train 2+
spec.add_dependency "train", "~> 2.0" # Inspec 4 must have train 2+
# Train plugins we ship with InSpec
spec.add_dependency 'train-habitat', '~> 0.1'
spec.add_dependency 'train-aws', '~> 0.1'
spec.add_dependency "train-habitat", "~> 0.1"
spec.add_dependency "train-aws", "~> 0.1"
# Implementation dependencies
spec.add_dependency 'license-acceptance', '>= 0.2.13', '< 2.0'
spec.add_dependency 'thor', '~> 0.20'
spec.add_dependency 'json', '>= 1.8', '< 3.0'
spec.add_dependency 'method_source', '~> 0.8'
spec.add_dependency 'rubyzip', '~> 1.2', '>= 1.2.2'
spec.add_dependency 'rspec', '~> 3'
spec.add_dependency 'rspec-its', '~> 1.2'
spec.add_dependency 'pry', '~> 0'
spec.add_dependency 'hashie', '~> 3.4'
spec.add_dependency 'mixlib-log'
spec.add_dependency 'sslshake', '~> 1.2'
spec.add_dependency 'parallel', '~> 1.9'
spec.add_dependency 'faraday', '>=0.9.0'
spec.add_dependency 'tty-table', '~> 0.10'
spec.add_dependency 'tty-prompt', '~> 0.17'
spec.add_dependency "license-acceptance", ">= 0.2.13", "< 2.0"
spec.add_dependency "thor", "~> 0.20"
spec.add_dependency "json-schema", "~> 2.8"
spec.add_dependency "method_source", "~> 0.8"
spec.add_dependency "rubyzip", "~> 1.2", ">= 1.2.2"
spec.add_dependency "rspec", "~> 3"
spec.add_dependency "rspec-its", "~> 1.2"
spec.add_dependency "pry", "~> 0"
spec.add_dependency "hashie", "~> 3.4"
spec.add_dependency "mixlib-log"
spec.add_dependency "sslshake", "~> 1.2"
spec.add_dependency "parallel", "~> 1.9"
spec.add_dependency "faraday", ">=0.9.0"
spec.add_dependency "tty-table", "~> 0.10"
spec.add_dependency "tty-prompt", "~> 0.17"
# Used for Azure profile until integrated into train
spec.add_dependency 'faraday_middleware', '~> 0.12.2'
spec.add_dependency 'tomlrb', '~> 1.2'
spec.add_dependency 'addressable', '~> 2.4'
spec.add_dependency 'parslet', '~> 1.5'
spec.add_dependency 'semverse'
spec.add_dependency 'htmlentities'
spec.add_dependency 'multipart-post'
spec.add_dependency 'term-ansicolor'
spec.add_dependency "faraday_middleware", "~> 0.12.2"
spec.add_dependency "tomlrb", "~> 1.2"
spec.add_dependency "addressable", "~> 2.4"
spec.add_dependency "parslet", "~> 1.5"
spec.add_dependency "semverse"
spec.add_dependency "htmlentities"
spec.add_dependency "multipart-post"
spec.add_dependency "term-ansicolor"
end

128
inspec_team-working_agreement.md Normal file
View file

@ -0,0 +1,128 @@
# Overview
This document covers the working agreement used by the Chef InSpec team. Its goal is to make transparent the team's practices, processes, communication, and coordination functions.
## Scope
While the key audience of the working agreement is the Chef InSpec product and engineering team, it is expected that all contributors of Chef InSpec abide by the agreement if they are contributing code to the product.
# Practices
*(e.g. Test Driven Development, Pairing, etc)*
## Architecture/Design
* Group discussion for new major tickets or responsibilities
* We do Agile, and this tends to get covered in sprint planning.
* Software design / architecture is a group effort
* done with pictures or prose, not code
* Graphical software design technology
* google slides is generally "good enough"
* capture final approach in version control ... or GH issue?
* must link or otherwise ensure searchability later
## Testing
* We embrace TDD as often as possible, which (practically) means tests for functionality exists on the same or a preceding commit.
* Testing requirements for community PRs
* acknowledge it is currently a barrier
* may have an initiative to improve in 2019H2
* may adopt PRs - discuss in triage
## Other
* When doing a pairing session, mention it in the group chat in case others want to watch and learn.
* Keep your calendar up to date. Make it a reliable place to know your availability.
* It's OK to iterate. For example, a new resource doesn't have to be 100% "feature complete" (whatever that means!)... if it adds value to our users, and their feedback can help make the next iteration better, it's worth shipping.
* What we DO ship should still be our best work for the value that we choose to ship.
* We strictly follow SemVer, especially with regards to breaking changes.
* Any breaking change must happen in a major release and be preceded by deprecation warnings.
# Processes
*(e.g. board, demos, etc)*
* Do engineering prod demos on Fridays for your new work!
* Only demo completed (merged) work.
* When working on a contribution, we create a short-lived topic branch that contains the topic contribution.
* Naming convention: `<initials/name>/<shortname>`
* Remember when creating an issue to add plenty of context - even things that are "obvious". Depending on when the issue is addressed, you may not be the one working on it so giving context to the assignee is important.
## Issues
* __SLA: 3 business days__
* This applies to all contributors - both InSpec team members as well as the community
* EXAMPLE:
* I'm a community member
* I file a PR
* InSpec team member reviews PR; provides feedback to be fixed
* If I don't respond within 3 business days, I can expect the issue to be closed
* For more info on SLAs, see [this documentation](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md)
## Pull Requests
* __SLA: 3 business days__
* This applies to all contributors - both InSpec team members as well as the community
* EXAMPLE:
* I'm a community member
* I file a PR
* InSpec team member reviews PR; provides feedback to be fixed
* If I don't respond within 3 business days, I can expect the PR to be closed
* For more info on SLAs, see [this documentation](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md)
* Have a reasonable number of commits per PR.
* For a typical PR, 1 is too few and 50 is too many.
* As we work on a PR, we occasionally rebase to master. We always rebase prior to merge.
* When merging a PR, we do not squash.
* Keep your PR Title and Description on topic for the entire change.
* Prefer small, frequent, coherent commits during development on your PR. (see commits-per-PR note)
* Avoid stale PRs
* Consider GH feature which allow "not-a-PR PRs"
* Avoid WIP PRs by pairing and additional collaboration.
* Assign issues to yourself when working them.
* Try to keep number of active assigned issues low.
* If you're not working on an issue or seeing it through to completion then unassign.
* Break down overcomplicated issues into smaller issues and relate them accordingly.
* To break down, pull out all info from the parent ticket then close it.
* When a PR resolves an open issue, use GitHub keywords in the PR description to automatically close the issue upon merge.
* https://help.GitHub.com/articles/closing-issues-using-keywords/
# Communication
*(e.g. leaving context, cross team coordination)*
* Keep conversations as public as possible
* Default to team chat rather than DMs
* Default to GitHub issues or PR comments as much as possible
* Also use community-slack inpsec-dev, but be sure to capture important conversations in a persistent medium (i.e. issues)
* Feedback on code reviews go in GitHub reviews
* InSpec code reviews require two sign-offs
## Chat
* Does not convey emotion well.
* Emojis can help that.
* If conversations become tense in chat, shift to Zoom.
* Please recap the conversation from zoom with any outcome. This way anyone who saw the conversation started in slack can see the outcome
* Consider if the outcome should go on GitHub as well
## Etiquette
* Be aware
* Be gentle and sensitive when telling another team member something that is obvious to you.
* Don't call out ignorance - the field is way too large for us all to have been exposed to everything.
* These are a good starting point: https://www.recurse.com/manual#sec-environment
* Be gentle about the state of the codebase
* Avoid insulting it
* Avoid associating personal ownership as you critique something (e.g. "Ugh, you are doing X, yuck")
* Be thankful
* Thank community members verbosely
* Reach out to first time contributors and welcome them!
* Be a mentor
* Explaining something to another person can be a great way to check knowledge
* You also solidify your knowledge of a topic as a different rigor is required to teach that very topic
* Be curious
* Don't hesitate to ask questions! Asking questions helps check if a topic has shared understanding among the team
## Miscellaneous
* Coffeeshops
* Sure! but...
* be respectful about background noise
* mute while in a conference
* Slack
* is an asynchronous communication medium
* We will endeavor to respond to our colleagues in a timely manner, but there is no guarantee on response time.
* @here messages in #inspec-team are completely acceptable; users should alter their own personal notification settings as they see fit.
* Recommended Channels
* #inspec - where community members can chat with each other about how to use InSpec, idea sharing, etc.
* #inspec-dev - where developers go to chat about specific development efforts around InSpec
* #general - treated like #random
# Coordination
*(e.g. how we prioritize work)*

2
kitchen.yml
View file

@ -22,8 +22,6 @@ provisioner:
verifier:
name: inspec
sudo: true
attributes:
verifier_attribute: 'Attribute Override!'
platforms:
- name: amazonlinux

6
kitchen/rake-tests/Gemfile
View file

@ -1,4 +1,4 @@
source 'https://www.rubygems.org'
source "https://www.rubygems.org"
gem 'kitchen-docker'
gem 'test-kitchen'
gem "kitchen-docker"
gem "test-kitchen"

2
lib/bundles/inspec-compliance/api.rb
View file

@ -1,7 +1,7 @@
# This file has been moved to the v2.0 plugins. This redirect allows for legacy use.
# TODO: Remove in inspec 4.0
require 'plugins/inspec-compliance/lib/inspec-compliance/api'
require "plugins/inspec-compliance/lib/inspec-compliance/api"
# Backport old namespace
Compliance = InspecPlugins::Compliance unless defined?(Compliance)

2
lib/bundles/inspec-compliance/configuration.rb
View file

@ -1,7 +1,7 @@
# This file has been moved to the v2.0 plugins. This redirect allows for legacy use.
# TODO: Remove in inspec 4.0
require 'plugins/inspec-compliance/lib/inspec-compliance/configuration'
require "plugins/inspec-compliance/lib/inspec-compliance/configuration"
# Backport old namespace
Compliance = InspecPlugins::Compliance unless defined?(Compliance)

2
lib/bundles/inspec-compliance/http.rb
View file

@ -1,7 +1,7 @@
# This file has been moved to the v2.0 plugins. This redirect allows for legacy use.
# TODO: Remove in inspec 4.0
require 'plugins/inspec-compliance/lib/inspec-compliance/http'
require "plugins/inspec-compliance/lib/inspec-compliance/http"
# Backport old namespace
Compliance = InspecPlugins::Compliance unless defined?(Compliance)

2
lib/bundles/inspec-compliance/support.rb
View file

@ -1,7 +1,7 @@
# This file has been moved to the v2.0 plugins. This redirect allows for legacy use.
# TODO: Remove in inspec 4.0
require 'plugins/inspec-compliance/lib/inspec-compliance/support'
require "plugins/inspec-compliance/lib/inspec-compliance/support"
# Backport old namespace
Compliance = InspecPlugins::Compliance unless defined?(Compliance)

2
lib/bundles/inspec-compliance/target.rb
View file

@ -1,7 +1,7 @@
# This file has been moved to the v2.0 plugins. This redirect allows for legacy use.
# TODO: Remove in inspec 4.0
require 'plugins/inspec-compliance/lib/inspec-compliance/target'
require "plugins/inspec-compliance/lib/inspec-compliance/target"
# Backport old namespace
Compliance = InspecPlugins::Compliance unless defined?(Compliance)

6
lib/bundles/inspec-supermarket.rb
View file

@ -2,8 +2,8 @@ libdir = File.dirname(__FILE__)
$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
module Supermarket
autoload :API, 'inspec-supermarket/api'
autoload :API, "inspec-supermarket/api"
end
require 'inspec-supermarket/cli'
require 'inspec-supermarket/target'
require "inspec-supermarket/cli"
require "inspec-supermarket/target"

20
lib/bundles/inspec-supermarket/api.rb
View file

@ -1,23 +1,23 @@
# frozen_string_literal: true
require 'net/http'
require 'addressable/uri'
require "net/http"
require "addressable/uri"
module Supermarket
class API
SUPERMARKET_URL = 'https://supermarket.chef.io'
SUPERMARKET_URL = "https://supermarket.chef.io"
# displays a list of profiles
def self.profiles(supermarket_url = SUPERMARKET_URL)
url = "#{supermarket_url}/api/v1/tools-search"
_success, data = get(url, { type: 'compliance_profile', items: 100 })
_success, data = get(url, { type: "compliance_profile", items: 100 })
if !data.nil?
profiles = JSON.parse(data)
profiles['items'].map { |x|
m = %r{^#{supermarket_url}/api/v1/tools/(?<slug>[\w-]+)(/)?$}.match(x['tool'])
x['slug'] = m[:slug]
profiles["items"].map do |x|
m = %r{^#{supermarket_url}/api/v1/tools/(?<slug>[\w-]+)(/)?$}.match(x["tool"])
x["slug"] = m[:slug]
x
}
end
else
[]
end
@ -51,7 +51,7 @@ module Supermarket
# Tool name in Supermarket URL is downcased so we need to downcase
tool = "#{supermarket_url}/api/v1/tools/#{tool_name.downcase}"
supermarket_tool['tool_owner'] == tool_owner && supermarket_tool['tool'] == tool
supermarket_tool["tool_owner"] == tool_owner && supermarket_tool["tool"] == tool
end
def self.find(profile, supermarket_url = SUPERMARKET_URL)
@ -77,7 +77,7 @@ module Supermarket
def self.send_request(uri, req)
# send request
res = Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == 'https') do |http|
res = Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == "https") do |http|
http.request(req)
end
[res.is_a?(Net::HTTPSuccess), res.body]

24
lib/bundles/inspec-supermarket/cli.rb
View file

@ -1,8 +1,8 @@
require 'inspec/base_cli'
require "inspec/base_cli"
module Supermarket
class SupermarketCLI < Inspec::BaseCLI
namespace 'supermarket'
namespace "supermarket"
# TODO: find another solution, once https://github.com/erikhuda/thor/issues/261 is fixed
def self.banner(command, _namespace = nil, _subcommand = false)
@ -13,18 +13,18 @@ module Supermarket
namespace
end
desc 'profiles', 'list all available profiles in Chef Supermarket'
desc "profiles", "list all available profiles in Chef Supermarket"
def profiles
# display profiles in format user/profile
supermarket_profiles = Supermarket::API.profiles
headline('Available profiles:')
supermarket_profiles.each { |p|
headline("Available profiles:")
supermarket_profiles.each do |p|
li("#{p['tool_name']} #{mark_text(p['tool_owner'] + '/' + p['slug'])}")
}
end
end
desc 'exec PROFILE', 'execute a Supermarket profile'
desc "exec PROFILE", "execute a Supermarket profile"
exec_options
def exec(*tests)
o = config
@ -32,7 +32,7 @@ module Supermarket
configure_logger(o)
# iterate over tests and add compliance scheme
tests = tests.map { |t| 'supermarket://' + t }
tests = tests.map { |t| "supermarket://" + t }
runner = Inspec::Runner.new(o)
tests.each { |target| runner.add_target(target) }
@ -43,13 +43,13 @@ module Supermarket
exit 1
end
desc 'info PROFILE', 'display Supermarket profile details'
desc "info PROFILE", "display Supermarket profile details"
def info(profile)
# check that the profile is available
supermarket_profiles = Supermarket::API.profiles
found = supermarket_profiles.select { |p|
found = supermarket_profiles.select do |p|
profile == "#{p['tool_owner']}/#{p['slug']}"
}
end
if found.empty?
puts "#{mark_text(profile)} is not available on Supermarket"
@ -67,5 +67,5 @@ module Supermarket
end
# register the subcommand to InSpec CLI registry
Inspec::Plugins::CLI.add_subcommand(SupermarketCLI, 'supermarket', 'supermarket SUBCOMMAND ...', 'Supermarket commands', {})
Inspec::Plugins::CLI.add_subcommand(SupermarketCLI, "supermarket", "supermarket SUBCOMMAND ...", "Supermarket commands", {})
end

14
lib/bundles/inspec-supermarket/target.rb
View file

@ -1,15 +1,15 @@
require 'uri'
require 'inspec/fetcher'
require 'fetchers/url'
require "uri"
require "inspec/fetcher"
require "fetchers/url"
# InSpec Target Helper for Supermarket
module Supermarket
class Fetcher < Inspec.fetcher(1)
name 'supermarket'
name "supermarket"
priority 500
def self.resolve(target, opts = {})
supermarket_uri, supermarket_server = if target.is_a?(String) && URI(target).scheme == 'supermarket'
supermarket_uri, supermarket_server = if target.is_a?(String) && URI(target).scheme == "supermarket"
[target, Supermarket::API::SUPERMARKET_URL]
elsif target.respond_to?(:key?) && target.key?(:supermarket)
supermarket_server = target[:supermarket_url] || Supermarket::API::SUPERMARKET_URL
@ -18,13 +18,13 @@ module Supermarket
return nil unless supermarket_uri
return nil unless Supermarket::API.exist?(supermarket_uri, supermarket_server)
tool_info = Supermarket::API.find(supermarket_uri, supermarket_server)
resolve_next(tool_info['tool_source_url'], opts)
resolve_next(tool_info["tool_source_url"], opts)
rescue URI::Error
nil
end
def to_s
'Chef Compliance Profile Loader'
"Chef Compliance Profile Loader"
end
end
end

28
lib/fetchers/git.rb
View file

@ -1,7 +1,7 @@
require 'tmpdir'
require 'fileutils'
require 'mixlib/shellout'
require 'inspec/log'
require "tmpdir"
require "fileutils"
require "mixlib/shellout"
require "inspec/log"
module Fetchers
#
@ -24,12 +24,12 @@ module Fetchers
# omnibus source for hints.
#
class Git < Inspec.fetcher(1)
name 'git'
name "git"
priority 200
def self.resolve(target, opts = {})
if target.is_a?(String)
new(target, opts) if target.start_with?('git@') || target.end_with?('.git')
new(target, opts) if target.start_with?("git@") || target.end_with?(".git")
elsif target.respond_to?(:has_key?) && target.key?(:git)
new(target[:git], opts.merge(target))
end
@ -53,7 +53,7 @@ module Fetchers
Dir.mktmpdir do |tmpdir|
checkout(tmpdir)
Inspec::Log.debug("Checkout of #{resolved_ref} successful. Moving checkout to #{dir}")
FileUtils.cp_r(tmpdir + '/.', @repo_directory)
FileUtils.cp_r(tmpdir + "/.", @repo_directory)
end
end
@repo_directory
@ -81,7 +81,7 @@ module Fetchers
elsif @tag
resolve_ref(@tag)
else
resolve_ref('master')
resolve_ref("master")
end
end
@ -129,7 +129,7 @@ module Fetchers
end
def cloned?
File.directory?(File.join(@repo_directory, '.git'))
File.directory?(File.join(@repo_directory, ".git"))
end
def clone(dir = @repo_directory)
@ -148,7 +148,7 @@ module Fetchers
cmd.error!
cmd.status
rescue Errno::ENOENT
raise 'To use git sources, you must have git installed.'
raise "To use git sources, you must have git installed."
end
def shellout(cmd, opts = {})
@ -156,12 +156,12 @@ module Fetchers
cmd = Mixlib::ShellOut.new(cmd, opts)
cmd.run_command
Inspec::Log.debug("External command: completed with exit status: #{cmd.exitstatus}")
Inspec::Log.debug('External command: STDOUT BEGIN')
Inspec::Log.debug("External command: STDOUT BEGIN")
Inspec::Log.debug(cmd.stdout)
Inspec::Log.debug('External command: STDOUT END')
Inspec::Log.debug('External command: STDERR BEGIN')
Inspec::Log.debug("External command: STDOUT END")
Inspec::Log.debug("External command: STDERR BEGIN")
Inspec::Log.debug(cmd.stderr)
Inspec::Log.debug('External command: STDERR END')
Inspec::Log.debug("External command: STDERR END")
cmd
end
end

12
lib/fetchers/local.rb
View file

@ -1,8 +1,8 @@
require 'openssl'
require "openssl"
module Fetchers
class Local < Inspec.fetcher(1)
name 'local'
name "local"
priority 0
def self.resolve(target)
@ -27,11 +27,11 @@ module Fetchers
def self.resolve_from_string(target)
# Support "urls" in the form of file://
if target.start_with?('file://')
target = target.gsub(%r{^file://}, '')
if target.start_with?("file://")
target = target.gsub(%r{^file://}, "")
else
# support for windows paths
target = target.tr('\\', '/')
target = target.tr('\\', "/")
end
target if File.exist?(File.expand_path(target))
@ -101,7 +101,7 @@ module Fetchers
end
def perform_shasum(target)
@archive_shasum ||= OpenSSL::Digest::SHA256.digest(File.read(target)).unpack('H*')[0]
@archive_shasum ||= OpenSSL::Digest::SHA256.digest(File.read(target)).unpack("H*")[0]
end
def resolved_source

6
lib/fetchers/mock.rb
View file

@ -1,6 +1,8 @@
require "inspec/fetcher"
module Fetchers
class Mock < Inspec.fetcher(1)
name 'mock'
name "mock"
priority 0
def self.resolve(target)
@ -25,7 +27,7 @@ module Fetchers
end
def cache_key
''
""
end
end
end

82
lib/fetchers/url.rb
View file

@ -1,18 +1,18 @@
require 'uri'
require 'openssl'
require 'tempfile'
require 'open-uri'
require "uri"
require "openssl"
require "tempfile"
require "open-uri"
module Fetchers
class Url < Inspec.fetcher(1)
MIME_TYPES = {
'application/x-zip-compressed' => '.zip',
'application/zip' => '.zip',
'application/x-gzip' => '.tar.gz',
'application/gzip' => '.tar.gz',
"application/x-zip-compressed" => ".zip",
"application/zip" => ".zip",
"application/x-gzip" => ".tar.gz",
"application/gzip" => ".tar.gz",
}.freeze
name 'url'
name "url"
priority 200
def self.resolve(target, opts = {})
@ -27,7 +27,7 @@ module Fetchers
def self.resolve_from_string(target, opts, username = nil, password = nil)
uri = URI.parse(target)
return nil if uri.nil? or uri.scheme.nil?
return nil if uri.nil? || uri.scheme.nil?
return nil unless %{ http https }.include? uri.scheme
target = transform(target)
opts[:username] = username if username
@ -62,11 +62,11 @@ module Fetchers
# https://bitbucket.org/username/repo/commits/95ce1f83d5bbe9eec34c5973f6894617e8d6d8cc is transformed to
# https://bitbucket.org/username/repo/get/95ce1f83d5bbe9eec34c5973f6894617e8d6d8cc.tar.gz
GITHUB_URL_REGEX = %r{^https?://(www\.)?github\.com/(?<user>[\w-]+)/(?<repo>[\w.-]+?)(\.git)?(/)?$}
GITHUB_URL_WITH_TREE_REGEX = %r{^https?://(www\.)?github\.com/(?<user>[\w-]+)/(?<repo>[\w.-]+)/tree/(?<commit>[\w\.]+)(/)?$}
BITBUCKET_URL_REGEX = %r{^https?://(www\.)?bitbucket\.org/(?<user>[\w-]+)/(?<repo>[\w-]+)(\.git)?(/)?$}
BITBUCKET_URL_BRANCH_REGEX = %r{^https?://(www\.)?bitbucket\.org/(?<user>[\w-]+)/(?<repo>[\w-]+)/branch/(?<branch>[\w\.]+)(/)?$}
BITBUCKET_URL_COMMIT_REGEX = %r{^https?://(www\.)?bitbucket\.org/(?<user>[\w-]+)/(?<repo>[\w-]+)/commits/(?<commit>[\w\.]+)(/)?$}
GITHUB_URL_REGEX = %r{^https?://(www\.)?github\.com/(?<user>[\w-]+)/(?<repo>[\w.-]+?)(\.git)?(/)?$}.freeze
GITHUB_URL_WITH_TREE_REGEX = %r{^https?://(www\.)?github\.com/(?<user>[\w-]+)/(?<repo>[\w.-]+)/tree/(?<commit>[\w\.]+)(/)?$}.freeze
BITBUCKET_URL_REGEX = %r{^https?://(www\.)?bitbucket\.org/(?<user>[\w-]+)/(?<repo>[\w-]+)(\.git)?(/)?$}.freeze
BITBUCKET_URL_BRANCH_REGEX = %r{^https?://(www\.)?bitbucket\.org/(?<user>[\w-]+)/(?<repo>[\w-]+)/branch/(?<branch>[\w\.]+)(/)?$}.freeze
BITBUCKET_URL_COMMIT_REGEX = %r{^https?://(www\.)?bitbucket\.org/(?<user>[\w-]+)/(?<repo>[\w-]+)/commits/(?<commit>[\w\.]+)(/)?$}.freeze
def self.transform(target)
transformed_target = if m = GITHUB_URL_REGEX.match(target) # rubocop:disable Lint/AssignmentInCondition
@ -94,8 +94,8 @@ module Fetchers
def initialize(url, opts)
@target = url.to_s
@target_uri = url.is_a?(URI) ? url : parse_uri(url)
@insecure = opts['insecure']
@token = opts['token']
@insecure = opts["insecure"]
@token = opts["token"]
@config = opts
@archive_path = nil
@temp_archive_path = nil
@ -126,23 +126,23 @@ module Fetchers
def sha256
file = @archive_path || temp_archive_path
OpenSSL::Digest::SHA256.digest(File.read(file)).unpack('H*')[0]
OpenSSL::Digest::SHA256.digest(File.read(file)).unpack("H*")[0]
end
def file_type_from_remote(remote)
content_type = remote.meta['content-type']
content_type = remote.meta["content-type"]
file_type = MIME_TYPES[content_type]
if file_type.nil?
Inspec::Log.warn("Unrecognized content type: #{content_type}. Assuming tar.gz")
file_type = '.tar.gz'
file_type = ".tar.gz"
end
file_type
end
def temp_archive_path
@temp_archive_path ||= if @config['server_type'] == 'automate2'
@temp_archive_path ||= if @config["server_type"] == "automate2"
download_automate2_archive_to_temp
else
download_archive_to_temp
@ -154,13 +154,13 @@ module Fetchers
Inspec::Log.debug("Fetching URL: #{@target}")
json = {
owner: @config['profile'][0],
name: @config['profile'][1],
version: @config['profile'][2],
owner: @config["profile"][0],
name: @config["profile"][1],
version: @config["profile"][2],
}.to_json
opts = http_opts
opts[:use_ssl] = @target_uri.scheme == 'https'
opts[:use_ssl] = @target_uri.scheme == "https"
if @insecure
opts[:verify_mode] = OpenSSL::SSL::VERIFY_NONE
@ -173,12 +173,12 @@ module Fetchers
req.add_field(key, value)
end
req.body = json
res = Net::HTTP.start(@target_uri.host, @target_uri.port, opts) { |http|
res = Net::HTTP.start(@target_uri.host, @target_uri.port, opts) do |http|
http.request(req)
}
end
@archive_type = '.tar.gz'
archive = Tempfile.new(['inspec-dl-', @archive_type])
@archive_type = ".tar.gz"
archive = Tempfile.new(["inspec-dl-", @archive_type])
archive.binmode
archive.write(res.body)
archive.rewind
@ -193,7 +193,7 @@ module Fetchers
Inspec::Log.debug("Fetching URL: #{@target}")
remote = open_via_uri(@target)
@archive_type = file_type_from_remote(remote) # side effect :(
archive = Tempfile.new(['inspec-dl-', @archive_type])
archive = Tempfile.new(["inspec-dl-", @archive_type])
archive.binmode
archive.write(remote.read)
archive.rewind
@ -207,7 +207,7 @@ module Fetchers
if opts[:http_basic_authentication]
# OpenURI does not support userinfo so we need to remove it
open(target.sub("#{@target_uri.userinfo}@", ''), opts)
open(target.sub("#{@target_uri.userinfo}@", ""), opts)
else
open(target, opts)
end
@ -227,16 +227,16 @@ module Fetchers
opts = {}
opts[:ssl_verify_mode] = OpenSSL::SSL::VERIFY_NONE if @insecure
if @config['server_type'] =~ /automate/
opts['chef-delivery-enterprise'] = @config['automate']['ent']
if @config['automate']['token_type'] == 'dctoken'
opts['x-data-collector-token'] = @config['token']
if @config["server_type"] =~ /automate/
opts["chef-delivery-enterprise"] = @config["automate"]["ent"]
if @config["automate"]["token_type"] == "dctoken"
opts["x-data-collector-token"] = @config["token"]
else
opts['chef-delivery-user'] = @config['user']
opts['chef-delivery-token'] = @config['token']
opts["chef-delivery-user"] = @config["user"]
opts["chef-delivery-token"] = @config["token"]
end
elsif @token
opts['Authorization'] = "Bearer #{@token}"
opts["Authorization"] = "Bearer #{@token}"
end
username = @config[:username] || @target_uri.user
@ -260,8 +260,10 @@ module Fetchers
true
end
end
raise 'Unable to fetch profile - the following HTTP headers have no value: ' \
"#{keys_missing_values.join(', ')}" unless keys_missing_values.empty?
unless keys_missing_values.empty?
raise "Unable to fetch profile - the following HTTP headers have no value: " \
"#{keys_missing_values.join(', ')}"
end
end
end
end

46
lib/inspec.rb
View file

@ -3,29 +3,29 @@
libdir = File.dirname(__FILE__)
$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
require 'inspec/version'
require 'inspec/exceptions'
require 'inspec/utils/deprecation'
require 'inspec/profile'
require 'inspec/rule'
require 'matchers/matchers'
require 'inspec/runner'
require 'inspec/shell'
require 'inspec/formatters'
require 'inspec/reporters'
require 'inspec/input_registry'
require 'inspec/rspec_extensions'
require 'inspec/globals'
require 'inspec/impact'
require 'inspec/utils/telemetry'
require 'inspec/utils/telemetry/global_methods'
require "inspec/version"
require "inspec/exceptions"
require "inspec/utils/deprecation"
require "inspec/profile"
require "inspec/rule"
require "matchers/matchers"
require "inspec/runner"
require "inspec/shell"
require "inspec/formatters"
require "inspec/reporters"
require "inspec/input_registry"
require "inspec/rspec_extensions"
require "inspec/globals"
require "inspec/impact"
require "inspec/utils/telemetry"
require "inspec/utils/telemetry/global_methods"
require 'inspec/plugin/v2'
require 'inspec/plugin/v1'
require "inspec/plugin/v2"
require "inspec/plugin/v1"
# all utils that may be required by legacy plugins
require 'inspec/base_cli'
require 'inspec/fetcher'
require 'inspec/source_reader'
require 'inspec/resource'
require 'inspec/resources'
require "inspec/base_cli"
require "inspec/fetcher"
require "inspec/source_reader"
require "inspec/resource"
require "inspec/resources"

4
lib/inspec/archive/tar.rb
View file

@ -1,9 +1,9 @@
require 'rubygems/package'
require "rubygems/package"
module Inspec::Archive
class TarArchiveGenerator
def archive(base_dir, files, archive)
File.open(archive, 'wb') do |file|
File.open(archive, "wb") do |file|
Zlib::GzipWriter.wrap(file) do |gz|
Gem::Package::TarWriter.new(gz) do |tar|
files.each do |input_filename|

6
lib/inspec/archive/zip.rb
View file

@ -1,6 +1,6 @@
require 'rubygems'
require 'zip'
require 'pathname'
require "rubygems"
require "zip"
require "pathname"
module Inspec::Archive
class ZipArchiveGenerator

14
lib/inspec/backend.rb
View file

@ -1,7 +1,9 @@
# copyright: 2015, Dominik Richter
require 'train'
require 'inspec/config'
require "train"
require "inspec/config"
require "inspec/version"
require "inspec/resource"
module Inspec
module Backend
@ -25,7 +27,7 @@ module Inspec
# Ruby internal for printing a nice name for this class
def to_s
'Inspec::Backend::Class'
"Inspec::Backend::Class"
end
# Ruby internal for pretty-printing a summary for this class
@ -54,15 +56,15 @@ module Inspec
# Set caching settings. We always want to enable caching for
# the Mock transport for testing.
if config[:backend_cache] || config[:backend] == :mock
Inspec::Log.debug 'Option backend_cache is enabled'
Inspec::Log.debug "Option backend_cache is enabled"
connection.enable_cache(:file)
connection.enable_cache(:command)
elsif config[:debug_shell]
Inspec::Log.debug 'Option backend_cache is disabled'
Inspec::Log.debug "Option backend_cache is disabled"
connection.disable_cache(:file)
connection.disable_cache(:command)
else
Inspec::Log.debug 'Option backend_cache is disabled'
Inspec::Log.debug "Option backend_cache is disabled"
connection.disable_cache(:file)
connection.disable_cache(:command)
end

123
lib/inspec/base_cli.rb
View file

@ -1,8 +1,9 @@
require 'thor'
require 'inspec/log'
require 'inspec/profile_vendor'
require 'inspec/ui'
require 'inspec/dist'
require "thor"
require "inspec/log"
require "inspec/ui"
require "inspec/config"
require "inspec/dist"
require "inspec/utils/deprecation/global_method"
# Allow end of options during array type parsing
# https://github.com/erikhuda/thor/issues/631
@ -57,107 +58,107 @@ module Inspec
def self.target_options # rubocop:disable MethodLength
option :target, aliases: :t, type: :string,
desc: 'Simple targeting option using URIs, e.g. ssh://user:pass@host:port'
desc: "Simple targeting option using URIs, e.g. ssh://user:pass@host:port"
option :backend, aliases: :b, type: :string,
desc: 'Choose a backend: local, ssh, winrm, docker.'
desc: "Choose a backend: local, ssh, winrm, docker."
option :host, type: :string,
desc: 'Specify a remote host which is tested.'
desc: "Specify a remote host which is tested."
option :port, aliases: :p, type: :numeric,
desc: 'Specify the login port for a remote scan.'
desc: "Specify the login port for a remote scan."
option :user, type: :string,
desc: 'The login user for a remote scan.'
desc: "The login user for a remote scan."
option :password, type: :string, lazy_default: -1,
desc: 'Login password for a remote scan, if required.'
desc: "Login password for a remote scan, if required."
option :enable_password, type: :string, lazy_default: -1,
desc: 'Password for enable mode on Cisco IOS devices.'
desc: "Password for enable mode on Cisco IOS devices."
option :key_files, aliases: :i, type: :array,
desc: 'Login key or certificate file for a remote scan.'
desc: "Login key or certificate file for a remote scan."
option :path, type: :string,
desc: 'Login path to use when connecting to the target (WinRM).'
desc: "Login path to use when connecting to the target (WinRM)."
option :sudo, type: :boolean,
desc: 'Run scans with sudo. Only activates on Unix and non-root user.'
desc: "Run scans with sudo. Only activates on Unix and non-root user."
option :sudo_password, type: :string, lazy_default: -1,
desc: 'Specify a sudo password, if it is required.'
desc: "Specify a sudo password, if it is required."
option :sudo_options, type: :string,
desc: 'Additional sudo options for a remote scan.'
desc: "Additional sudo options for a remote scan."
option :sudo_command, type: :string,
desc: 'Alternate command for sudo.'
desc: "Alternate command for sudo."
option :shell, type: :boolean,
desc: 'Run scans in a subshell. Only activates on Unix.'
desc: "Run scans in a subshell. Only activates on Unix."
option :shell_options, type: :string,
desc: 'Additional shell options.'
desc: "Additional shell options."
option :shell_command, type: :string,
desc: 'Specify a particular shell to use.'
desc: "Specify a particular shell to use."
option :ssl, type: :boolean,
desc: 'Use SSL for transport layer encryption (WinRM).'
desc: "Use SSL for transport layer encryption (WinRM)."
option :self_signed, type: :boolean,
desc: 'Allow remote scans with self-signed certificates (WinRM).'
option :winrm_transport, type: :string, default: 'negotiate',
desc: 'Specify which transport to use, defaults to negotiate (WinRM).'
desc: "Allow remote scans with self-signed certificates (WinRM)."
option :winrm_transport, type: :string, default: "negotiate",
desc: "Specify which transport to use, defaults to negotiate (WinRM)."
option :winrm_disable_sspi, type: :boolean,
desc: 'Whether to use disable sspi authentication, defaults to false (WinRM).'
desc: "Whether to use disable sspi authentication, defaults to false (WinRM)."
option :winrm_basic_auth, type: :boolean,
desc: 'Whether to use basic authentication, defaults to false (WinRM).'
desc: "Whether to use basic authentication, defaults to false (WinRM)."
option :config, type: :string,
desc: 'Read configuration from JSON file (`-` reads from stdin).'
desc: "Read configuration from JSON file (`-` reads from stdin)."
option :json_config, type: :string, hide: true
option :proxy_command, type: :string,
desc: 'Specifies the command to use to connect to the server'
desc: "Specifies the command to use to connect to the server"
option :bastion_host, type: :string,
desc: 'Specifies the bastion host if applicable'
desc: "Specifies the bastion host if applicable"
option :bastion_user, type: :string,
desc: 'Specifies the bastion user if applicable'
desc: "Specifies the bastion user if applicable"
option :bastion_port, type: :string,
desc: 'Specifies the bastion port if applicable'
desc: "Specifies the bastion port if applicable"
option :insecure, type: :boolean, default: false,
desc: 'Disable SSL verification on select targets'
desc: "Disable SSL verification on select targets"
option :target_id, type: :string,
desc: 'Provide a ID which will be included on reports'
desc: "Provide a ID which will be included on reports"
end
def self.profile_options
option :profiles_path, type: :string,
desc: 'Folder which contains referenced profiles.'
desc: "Folder which contains referenced profiles."
option :vendor_cache, type: :string,
desc: 'Use the given path for caching dependencies. (default: ~/.inspec/cache)'
desc: "Use the given path for caching dependencies. (default: ~/.inspec/cache)"
end
def self.exec_options
target_options
profile_options
option :controls, type: :array,
desc: 'A list of control names to run, or a list of /regexes/ to match against control names. Ignore all other tests.'
desc: "A list of control names to run, or a list of /regexes/ to match against control names. Ignore all other tests."
option :reporter, type: :array,
banner: 'one two:/output/file/path',
desc: 'Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit, yaml'
banner: "one two:/output/file/path",
desc: "Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit, yaml"
option :input_file, type: :array,
desc: 'Load one or more input files, a YAML file with values for the profile to use'
desc: "Load one or more input files, a YAML file with values for the profile to use"
option :attrs, type: :array,
desc: 'Legacy name for --input-file - deprecated.'
desc: "Legacy name for --input-file - deprecated."
option :create_lockfile, type: :boolean,
desc: 'Write out a lockfile based on this execution (unless one already exists)'
desc: "Write out a lockfile based on this execution (unless one already exists)"
option :backend_cache, type: :boolean,
desc: 'Allow caching for backend command output. (default: true)'
desc: "Allow caching for backend command output. (default: true)"
option :show_progress, type: :boolean,
desc: 'Show progress while executing tests.'
desc: "Show progress while executing tests."
option :distinct_exit, type: :boolean, default: true,
desc: 'Exit with code 101 if any tests fail, and 100 if any are skipped (default). If disabled, exit 0 on skips and 1 for failures.'
desc: "Exit with code 101 if any tests fail, and 100 if any are skipped (default). If disabled, exit 0 on skips and 1 for failures."
end
def self.format_platform_info(params: {}, indent: 0, color: 39)
str = ''
params.each { |item, info|
str = ""
params.each do |item, info|
data = info
# Format Array for better output if applicable
data = data.join(', ') if data.is_a?(Array)
data = data.join(", ") if data.is_a?(Array)
# Do not output fields of data is missing ('unknown' is fine)
next if data.nil?
data = "\e[1m\e[#{color}m#{data}\e[0m"
str << format("#{' ' * indent}%-10s %s\n", item.to_s.capitalize + ':', data)
}
str << format("#{' ' * indent}%-10s %s\n", item.to_s.capitalize + ":", data)
end
str
end
@ -216,12 +217,12 @@ module Inspec
private
def suppress_log_output?(opts)
return false if opts['reporter'].nil?
match = %w{json json-min json-rspec json-automate junit html yaml documentation progress} & opts['reporter'].keys
return false if opts["reporter"].nil?
match = %w{json json-min json-rspec json-automate junit html yaml documentation progress} & opts["reporter"].keys
unless match.empty?
match.each do |m|
# check to see if we are outputting to stdout
return true if opts['reporter'][m]['stdout'] == true
return true if opts["reporter"][m]["stdout"] == true
end
end
false
@ -243,7 +244,7 @@ module Inspec
if valid.include?(level)
l = level
else
l = 'info'
l = "info"
end
Logger.const_get(l.upcase)
@ -260,11 +261,13 @@ module Inspec
end
def vendor_deps(path, opts)
require "inspec/profile_vendor"
profile_path = path || Dir.pwd
profile_vendor = Inspec::ProfileVendor.new(profile_path)
if (profile_vendor.cache_path.exist? || profile_vendor.lockfile.exist?) && !opts[:overwrite]
puts 'Profile is already vendored. Use --overwrite.'
puts "Profile is already vendored. Use --overwrite."
return false
end
@ -280,8 +283,8 @@ module Inspec
# logging singleton Inspec::Log. Eventually it would be nice to
# move internal debug logging to use this logging singleton.
#
loc = if o['log_location']
o['log_location']
loc = if o["log_location"]
o["log_location"]
elsif suppress_log_output?(o)
$stderr
else
@ -289,14 +292,14 @@ module Inspec
end
Inspec::Log.init(loc)
Inspec::Log.level = get_log_level(o['log_level'])
Inspec::Log.level = get_log_level(o["log_level"])
o[:logger] = Logger.new(loc)
# output json if we have activated the json formatter
if o['log-format'] == 'json'
if o["log-format"] == "json"
o[:logger].formatter = Logger::JSONFormatter.new
end
o[:logger].level = get_log_level(o['log_level'])
o[:logger].level = get_log_level(o["log_level"])
end
end
end

4
lib/inspec/cached_fetcher.rb
View file

@ -1,5 +1,5 @@
require 'inspec/fetcher'
require 'forwardable'
require "inspec/fetcher"
require "forwardable"
module Inspec
class CachedFetcher

180
lib/inspec/cli.rb
View file

@ -1,58 +1,75 @@
# Copyright 2015 Dominik Richter
require 'logger'
require 'thor'
require 'json'
require 'pp'
require 'inspec/utils/json_log'
require 'inspec/utils/latest_version'
require 'inspec/base_cli'
require 'inspec/plugin/v1'
require 'inspec/plugin/v2'
require 'inspec/runner_mock'
require 'inspec/env_printer'
require 'inspec/schema'
require 'inspec/config'
require 'inspec/dist'
require "inspec/utils/deprecation/deprecator"
require "inspec/dist"
require "inspec/backend"
require "inspec/dependencies/cache"
module Inspec # TODO: move this somewhere "better"?
autoload :BaseCLI, "inspec/base_cli"
autoload :Deprecation, "inspec/utils/deprecation"
autoload :Exceptions, "inspec/exceptions"
autoload :Fetcher, "inspec/fetcher"
autoload :Formatters, "inspec/formatters"
autoload :Globals, "inspec/globals"
autoload :Impact, "inspec/impact"
autoload :Impact, "inspec/impact"
autoload :InputRegistry, "inspec/input_registry"
autoload :Profile, "inspec/profile"
autoload :Reporters, "inspec/reporters"
autoload :Resource, "inspec/resource"
autoload :Rule, "inspec/rule"
autoload :Runner, "inspec/runner"
autoload :Runner, "inspec/runner"
autoload :Shell, "inspec/shell"
autoload :SourceReader, "inspec/source_reader"
autoload :Telemetry, "inspec/utils/telemetry"
autoload :V1, "inspec/plugin/v1"
autoload :V2, "inspec/plugin/v2"
autoload :VERSION, "inspec/version"
end
class Inspec::InspecCLI < Inspec::BaseCLI
class_option :log_level, aliases: :l, type: :string,
desc: 'Set the log level: info (default), debug, warn, error'
desc: "Set the log level: info (default), debug, warn, error"
class_option :log_location, type: :string,
desc: 'Location to send diagnostic log messages to. (default: $stdout or Inspec::Log.error)'
desc: "Location to send diagnostic log messages to. (default: $stdout or Inspec::Log.error)"
class_option :diagnose, type: :boolean,
desc: 'Show diagnostics (versions, configurations)'
desc: "Show diagnostics (versions, configurations)"
class_option :color, type: :boolean,
desc: 'Use colors in output.'
desc: "Use colors in output."
class_option :interactive, type: :boolean,
desc: 'Allow or disable user interaction'
desc: "Allow or disable user interaction"
class_option :disable_core_plugins, type: :string, banner: '', # Actually a boolean, but this suppresses the creation of a --no-disable...
desc: 'Disable loading all plugins that are shipped in the lib/plugins directory of InSpec. Useful in development.'
class_option :disable_core_plugins, type: :string, banner: "", # Actually a boolean, but this suppresses the creation of a --no-disable...
desc: "Disable loading all plugins that are shipped in the lib/plugins directory of InSpec. Useful in development."
class_option :disable_user_plugins, type: :string, banner: '',
desc: 'Disable loading all plugins that the user installed.'
class_option :disable_user_plugins, type: :string, banner: "",
desc: "Disable loading all plugins that the user installed."
class_option :enable_telemetry, type: :boolean,
desc: 'Allow or disable telemetry', default: false
desc: "Allow or disable telemetry", default: false
require 'license_acceptance/cli_flags/thor'
require "license_acceptance/cli_flags/thor"
include LicenseAcceptance::CLIFlags::Thor
desc 'json PATH', 'read all tests in PATH and generate a JSON summary'
desc "json PATH", "read all tests in PATH and generate a JSON summary"
option :output, aliases: :o, type: :string,
desc: 'Save the created profile to a path'
desc: "Save the created profile to a path"
option :controls, type: :array,
desc: 'A list of controls to include. Ignore all other tests.'
desc: "A list of controls to include. Ignore all other tests."
profile_options
def json(target)
require "inspec/resources"
require "json"
o = config
diagnose(o)
o['log_location'] = $stderr
o["log_location"] = $stderr
configure_logger(o)
o[:backend] = Inspec::Backend.create(Inspec::Config.mock)
@ -63,7 +80,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
info = profile.info
# add in inspec version
info[:generator] = {
name: 'inspec',
name: "inspec",
version: Inspec::VERSION,
}
dst = o[:output].to_s
@ -82,14 +99,16 @@ class Inspec::InspecCLI < Inspec::BaseCLI
pretty_handle_exception(e)
end
desc 'check PATH', 'verify all tests at the specified PATH'
desc "check PATH", "verify all tests at the specified PATH"
option :format, type: :string
profile_options
def check(path) # rubocop:disable Metrics/AbcSize,Metrics/MethodLength
require "inspec/resources"
o = config
diagnose(o)
o['log_location'] ||= STDERR if o['format'] == 'json'
o['log_level'] ||= 'warn'
o["log_location"] ||= STDERR if o["format"] == "json"
o["log_level"] ||= "warn"
configure_logger(o)
o[:backend] = Inspec::Backend.create(Inspec::Config.mock)
@ -100,25 +119,25 @@ class Inspec::InspecCLI < Inspec::BaseCLI
profile = Inspec::Profile.for_target(path, o)
result = profile.check
if o['format'] == 'json'
if o["format"] == "json"
puts JSON.generate(result)
else
%w{location profile controls timestamp valid}.each do |item|
puts format('%-12s %s', item.to_s.capitalize + ':',
puts format("%-12s %s", item.to_s.capitalize + ":",
mark_text(result[:summary][item.to_sym]))
end
puts
if result[:errors].empty? and result[:warnings].empty?
puts 'No errors or warnings'
if result[:errors].empty? && result[:warnings].empty?
puts "No errors or warnings"
else
red = "\033[31m"
yellow = "\033[33m"
rst = "\033[0m"
item_msg = lambda { |item|
pos = [item[:file], item[:line], item[:column]].compact.join(':')
pos.empty? ? item[:msg] : pos + ': ' + item[:msg]
pos = [item[:file], item[:line], item[:column]].compact.join(":")
pos.empty? ? item[:msg] : pos + ": " + item[:msg]
}
result[:errors].each do |item|
puts "#{red}#{item_msg.call(item)}#{rst}"
@ -128,7 +147,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
end
puts
puts format('Summary: %s%d errors%s, %s%d warnings%s',
puts format("Summary: %s%d errors%s, %s%d warnings%s",
red, result[:errors].length, rst,
yellow, result[:warnings].length, rst)
end
@ -138,10 +157,12 @@ class Inspec::InspecCLI < Inspec::BaseCLI
pretty_handle_exception(e)
end
desc 'vendor PATH', 'Download all dependencies and generate a lockfile in a `vendor` directory'
desc "vendor PATH", "Download all dependencies and generate a lockfile in a `vendor` directory"
option :overwrite, type: :boolean, default: false,
desc: 'Overwrite existing vendored dependencies and lockfile.'
desc: "Overwrite existing vendored dependencies and lockfile."
def vendor(path = nil)
require "inspec/resources"
o = config
configure_logger(o)
o[:logger] = Logger.new($stdout)
@ -150,19 +171,21 @@ class Inspec::InspecCLI < Inspec::BaseCLI
vendor_deps(path, o)
end
desc 'archive PATH', 'archive a profile to tar.gz (default) or zip'
desc "archive PATH", "archive a profile to tar.gz (default) or zip"
profile_options
option :output, aliases: :o, type: :string,
desc: 'Save the archive to a path'
desc: "Save the archive to a path"
option :zip, type: :boolean, default: false,
desc: 'Generates a zip archive.'
desc: "Generates a zip archive."
option :tar, type: :boolean, default: false,
desc: 'Generates a tar.gz archive.'
desc: "Generates a tar.gz archive."
option :overwrite, type: :boolean, default: false,
desc: 'Overwrite existing archive.'
desc: "Overwrite existing archive."
option :ignore_errors, type: :boolean, default: false,
desc: 'Ignore profile warnings.'
desc: "Ignore profile warnings."
def archive(path)
require "inspec/resources"
o = config
diagnose(o)
@ -179,7 +202,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
result = profile.check
if result && !o[:ignore_errors] == false
o[:logger].info 'Profile check failed. Please fix the profile before generating an archive.'
o[:logger].info "Profile check failed. Please fix the profile before generating an archive."
return exit 1
end
@ -189,7 +212,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
pretty_handle_exception(e)
end
desc 'exec LOCATIONS', 'run all test files at the specified LOCATIONS.'
desc "exec LOCATIONS", "run all test files at the specified LOCATIONS."
# TODO: find a way for Thor not to butcher the formatting of this
long_desc <<~EOT
Loads the given profile(s) and fetches their dependencies if needed. Then
@ -279,17 +302,17 @@ class Inspec::InspecCLI < Inspec::BaseCLI
pretty_handle_exception(e)
end
desc 'detect', 'detect the target OS'
desc "detect", "detect the target OS"
target_options
option :format, type: :string
def detect
o = config
o[:command] = 'platform.params'
o[:command] = "platform.params"
(_, res) = run_command(o)
if o['format'] == 'json'
if o["format"] == "json"
puts res.to_json
else
headline('Platform Details')
headline("Platform Details")
puts Inspec::BaseCLI.format_platform_info(params: res, indent: 0, color: 36)
end
rescue ArgumentError, RuntimeError, Train::UserError => e
@ -299,17 +322,17 @@ class Inspec::InspecCLI < Inspec::BaseCLI
pretty_handle_exception(e)
end
desc 'shell', 'open an interactive debugging shell'
desc "shell", "open an interactive debugging shell"
target_options
option :command, aliases: :c,
desc: 'A single command string to run instead of launching the shell'
desc: "A single command string to run instead of launching the shell"
option :reporter, type: :array,
banner: 'one two:/output/file/path',
desc: 'Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit'
banner: "one two:/output/file/path",
desc: "Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit"
option :depends, type: :array, default: [],
desc: 'A space-delimited list of local folders containing profiles whose libraries and resources will be loaded into the new shell'
desc: "A space-delimited list of local folders containing profiles whose libraries and resources will be loaded into the new shell"
option :distinct_exit, type: :boolean, default: true,
desc: 'Exit with code 100 if any tests fail, and 101 if any are skipped but none failed (default). If disabled, exit 0 on skips and 1 for failures.'
desc: "Exit with code 100 if any tests fail, and 101 if any are skipped but none failed (default). If disabled, exit 0 on skips and 1 for failures."
def shell_func
o = config
diagnose(o)
@ -328,7 +351,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
exit res unless run_type == :ruby_eval
# No InSpec tests - just print evaluation output.
res = (res.respond_to?(:to_json) ? res.to_json : JSON.dump(res)) if o['reporter']&.keys&.include?('json')
res = (res.respond_to?(:to_json) ? res.to_json : JSON.dump(res)) if o["reporter"]&.keys&.include?("json")
puts res
exit 0
rescue RuntimeError, Train::UserError => e
@ -337,7 +360,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
pretty_handle_exception(e)
end
desc 'env', 'Output shell-appropriate completion configuration'
desc "env", "Output shell-appropriate completion configuration"
def env(shell = nil)
p = Inspec::EnvPrinter.new(self.class, shell)
p.print_and_exit!
@ -345,24 +368,28 @@ class Inspec::InspecCLI < Inspec::BaseCLI
pretty_handle_exception(e)
end
desc 'schema NAME', 'print the JSON schema', hide: true
desc "schema NAME", "print the JSON schema", hide: true
def schema(name)
require "inspec/schema"
puts Inspec::Schema.json(name)
rescue StandardError => e
puts e
puts "Valid schemas are #{Inspec::Schema.names.join(', ')}"
end
desc 'version', 'prints the version of this tool'
desc "version", "prints the version of this tool"
option :format, type: :string
def version
if config['format'] == 'json'
if config["format"] == "json"
v = { version: Inspec::VERSION }
puts v.to_json
else
require "inspec/utils/latest_version"
puts Inspec::VERSION
# display outdated version
latest = LatestInSpecVersion.new.latest
# TODO: remove this. Don't notify of update to a gem when they install omnibus
latest = LatestInSpecVersion.new.latest || Inspec::VERSION
if Gem::Version.new(Inspec::VERSION) < Gem::Version.new(latest)
puts "\nYour version of #{Inspec::Dist::PRODUCT_NAME} is out of date! The latest version is #{latest}."
end
@ -370,6 +397,11 @@ class Inspec::InspecCLI < Inspec::BaseCLI
end
map %w{-v --version} => :version
desc "nothing", "does nothing"
def nothing
puts "you did nothing"
end
private
def run_command(opts)
@ -403,10 +435,12 @@ end
#---------------------------------------------------------------------#
# Plugin Loading
#---------------------------------------------------------------------#
require "inspec/plugin/v2"
begin
# Load v2 plugins. Manually check for plugin disablement.
omit_core = ARGV.delete('--disable-core-plugins')
omit_user = ARGV.delete('--disable-user-plugins')
omit_core = ARGV.delete("--disable-core-plugins")
omit_user = ARGV.delete("--disable-user-plugins")
v2_loader = Inspec::Plugin::V2::Loader.new(omit_core_plugins: omit_core, omit_user_plugins: omit_user)
v2_loader.load_all
v2_loader.exit_on_load_error
@ -417,23 +451,23 @@ begin
ctl.list.each { |x| ctl.load(x) }
# load v1 CLI plugins before the InSpec CLI has been started
Inspec::Plugins::CLI.subcommands.each { |_subcommand, params|
Inspec::Plugins::CLI.subcommands.each do |_subcommand, params|
Inspec::InspecCLI.register(
params[:klass],
params[:subcommand_name],
params[:usage],
params[:description],
params[:options],
params[:options]
)
}
end
rescue Inspec::Plugin::V2::Exception => v2ex
Inspec::Log.error v2ex.message
if ARGV.include?('--debug')
if ARGV.include?("--debug")
Inspec::Log.error v2ex.class.name
Inspec::Log.error v2ex.backtrace.join("\n")
else
Inspec::Log.error 'Run again with --debug for a stacktrace.'
Inspec::Log.error "Run again with --debug for a stacktrace."
end
exit 2
end

132
lib/inspec/config.rb
View file

@ -1,12 +1,12 @@
# Represents InSpec configuration. Merges defaults, config file options,
# and CLI arguments.
require 'pp'
require 'stringio'
require 'forwardable'
require 'thor'
require 'base64'
require 'inspec/base_cli'
require "pp"
require "stringio"
require "forwardable"
require "thor"
require "base64"
require "inspec/base_cli"
module Inspec
class Config
@ -31,7 +31,7 @@ module Inspec
# This makes it easy to make a config with a mock backend.
def self.mock(opts = {})
Inspec::Config.new({ backend: :mock }.merge(opts), StringIO.new('{}'))
Inspec::Config.new({ backend: :mock }.merge(opts), StringIO.new("{}"))
end
# Use this to get a cached version of the config. This prevents you from
@ -62,11 +62,11 @@ module Inspec
return unless self[:diagnose]
puts "InSpec version: #{Inspec::VERSION}"
puts "Train version: #{Train::VERSION}"
puts 'Command line configuration:'
puts "Command line configuration:"
pp @cli_opts
puts 'JSON configuration file:'
puts "JSON configuration file:"
pp @cfg_file_contents
puts 'Merged configuration:'
puts "Merged configuration:"
pp @merged_options
puts
end
@ -74,7 +74,7 @@ module Inspec
# return all telemetry options from config
# @return [Hash]
def telemetry_options
final_options.select { |key, _| key.include?('telemetry') }
final_options.select { |key, _| key.include?("telemetry") }
end
#-----------------------------------------------------------------------#
@ -131,7 +131,7 @@ module Inspec
credentials.merge!(unprefixed_transport_options)
# If there are any prefixed options, merge them in, stripping the prefix.
transport_prefix = transport_name.downcase.tr('-', '_') + '_'
transport_prefix = transport_name.downcase.tr("-", "_") + "_"
transport_options.each do |bare_option_name|
prefixed_option_name = transport_prefix + bare_option_name.to_s
if final_options.key?(prefixed_option_name)
@ -150,7 +150,7 @@ module Inspec
# Default to local
unless @final_options.key?(:target)
credentials[:backend] = 'local'
credentials[:backend] = "local"
return
end
@ -167,7 +167,7 @@ module Inspec
credset_name = _utc_find_credset_name(credentials, transport_name)
if credset_name
credset = @cfg_file_contents.dig('credentials', transport_name, credset_name)
credset = @cfg_file_contents.dig("credentials", transport_name, credset_name)
if credset
credentials.merge!(credset)
else
@ -195,7 +195,7 @@ module Inspec
# Regardless of our situation, end up with a readable IO object
def resolve_cfg_io(cli_opts, cfg_io)
raise(ArgumentError, 'Inspec::Config must use an IO to read from') if cfg_io && !cfg_io.respond_to?(:read)
raise(ArgumentError, "Inspec::Config must use an IO to read from") if cfg_io && !cfg_io.respond_to?(:read)
cfg_io ||= check_for_piped_config(cli_opts)
return cfg_io if cfg_io
@ -210,10 +210,10 @@ module Inspec
Inspec.deprecate(:cli_option_json_config) if cli_opts.key?(:json_config)
return nil unless cli_opt
return nil unless cli_opt == '-'
return nil unless cli_opt == "-"
# This warning is here so that if a user invokes inspec with --config=-,
# they will have an explanation for why it appears to hang.
Inspec::Log.warn 'Reading JSON config from standard input' if STDIN.tty?
Inspec::Log.warn "Reading JSON config from standard input" if STDIN.tty?
STDIN
end
@ -222,7 +222,7 @@ module Inspec
Inspec.deprecate(:cli_option_json_config) if cli_opts.key?(:json_config)
if path.nil?
default_path = File.join(Inspec.config_dir, 'config.json')
default_path = File.join(Inspec.config_dir, "config.json")
path = default_path if File.exist?(default_path)
elsif !File.exist?(path)
raise ArgumentError, "Could not read configuration file at #{path}"
@ -249,7 +249,7 @@ module Inspec
end
def file_version
@cfg_file_contents['version'] || :legacy
@cfg_file_contents["version"] || :legacy
end
def legacy_file?
@ -261,26 +261,26 @@ module Inspec
# Assume everything in the file is a CLI option
@cfg_file_contents
else
@cfg_file_contents['cli_options'] || {}
@cfg_file_contents["cli_options"] || {}
end
end
def config_file_reporter_options
# This is assumed to be top-level in both legacy and 1.1.
# Technically, you could sneak it in the 1.1 cli opts area.
@cfg_file_contents.key?('reporter') ? { 'reporter' => @cfg_file_contents['reporter'] } : {}
@cfg_file_contents.key?("reporter") ? { "reporter" => @cfg_file_contents["reporter"] } : {}
end
#-----------------------------------------------------------------------#
# Validation
#-----------------------------------------------------------------------#
def validate_config_file_contents!
version = @cfg_file_contents['version']
version = @cfg_file_contents["version"]
# Assume legacy format, which is unconstrained
return unless version
unless version == '1.1'
unless version == "1.1"
raise Inspec::ConfigError::Invalid, "Unsupported config file version '#{version}' - currently supported versions: 1.1"
end
@ -296,23 +296,23 @@ module Inspec
return if reporters.nil?
# TODO: move this into a reporter plugin type system
valid_types = [
'automate',
'cli',
'documentation',
'html',
'json',
'json-automate',
'json-min',
'json-rspec',
'junit',
'progress',
'yaml',
"automate",
"cli",
"documentation",
"html",
"json",
"json-automate",
"json-min",
"json-rspec",
"junit",
"progress",
"yaml",
]
reporters.each do |reporter_name, reporter_config|
raise NotImplementedError, "'#{reporter_name}' is not a valid reporter type." unless valid_types.include?(reporter_name)
next unless reporter_name == 'automate'
next unless reporter_name == "automate"
%w{token url}.each do |option|
raise Inspec::ReporterError, "You must specify a automate #{option} via the config file." if reporter_config[option].nil?
end
@ -321,10 +321,10 @@ module Inspec
# check to make sure we are only reporting one type to stdout
stdout_reporters = 0
reporters.each_value do |reporter_config|
stdout_reporters += 1 if reporter_config['stdout'] == true
stdout_reporters += 1 if reporter_config["stdout"] == true
end
raise ArgumentError, 'The option --reporter can only have a single report outputting to stdout.' if stdout_reporters > 1
raise ArgumentError, "The option --reporter can only have a single report outputting to stdout." if stdout_reporters > 1
end
#-----------------------------------------------------------------------#
@ -368,36 +368,36 @@ module Inspec
def finalize_parse_reporters(options) # rubocop:disable Metrics/AbcSize
# default to cli report for ad-hoc runners
options['reporter'] = ['cli'] if options['reporter'].nil?
options["reporter"] = ["cli"] if options["reporter"].nil?
# parse out cli to proper report format
if options['reporter'].is_a?(Array)
if options["reporter"].is_a?(Array)
reports = {}
options['reporter'].each do |report|
reporter_name, destination = report.split(':', 2)
if destination.nil? || destination.strip == '-'
reports[reporter_name] = { 'stdout' => true }
options["reporter"].each do |report|
reporter_name, destination = report.split(":", 2)
if destination.nil? || destination.strip == "-"
reports[reporter_name] = { "stdout" => true }
else
reports[reporter_name] = {
'file' => destination,
'stdout' => false,
"file" => destination,
"stdout" => false,
}
reports[reporter_name]['target_id'] = options['target_id'] if options['target_id']
reports[reporter_name]["target_id"] = options["target_id"] if options["target_id"]
end
end
options['reporter'] = reports
options["reporter"] = reports
end
# add in stdout if not specified
if options['reporter'].is_a?(Hash)
options['reporter'].each do |reporter_name, config|
options['reporter'][reporter_name] = {} if config.nil?
options['reporter'][reporter_name]['stdout'] = true if options['reporter'][reporter_name].empty?
options['reporter'][reporter_name]['target_id'] = options['target_id'] if options['target_id']
if options["reporter"].is_a?(Hash)
options["reporter"].each do |reporter_name, config|
options["reporter"][reporter_name] = {} if config.nil?
options["reporter"][reporter_name]["stdout"] = true if options["reporter"][reporter_name].empty?
options["reporter"][reporter_name]["target_id"] = options["target_id"] if options["target_id"]
end
end
validate_reporters!(options['reporter'])
validate_reporters!(options["reporter"])
options
end
@ -408,38 +408,38 @@ module Inspec
# whenever it is used, it requires a value. Handle options that were
# defined in such a way and require a value here:
%w{password sudo-password}.each do |option_name|
snake_case_option_name = option_name.tr('-', '_').to_s
snake_case_option_name = option_name.tr("-", "_").to_s
next unless options[snake_case_option_name] == -1 # Thor sets -1 for missing value - see #1918
raise ArgumentError, "Please provide a value for --#{option_name}. For example: --#{option_name}=hello."
end
# Infer `--sudo` if using `--sudo-password` without `--sudo`
if options['sudo_password'] && !options['sudo']
options['sudo'] = true
Inspec::Log.warn '`--sudo-password` used without `--sudo`. Adding `--sudo`.'
if options["sudo_password"] && !options["sudo"]
options["sudo"] = true
Inspec::Log.warn "`--sudo-password` used without `--sudo`. Adding `--sudo`."
end
end
def finalize_compliance_login(options)
# check for compliance settings
# This is always a hash, comes from config file, not CLI opts
if options.key?('compliance')
require 'plugins/inspec-compliance/lib/inspec-compliance/api'
InspecPlugins::Compliance::API.login(options['compliance'])
if options.key?("compliance")
require "plugins/inspec-compliance/lib/inspec-compliance/api"
InspecPlugins::Compliance::API.login(options["compliance"])
end
end
class Defaults
DEFAULTS = {
exec: {
'reporter' => ['cli'],
'show_progress' => false,
'color' => true,
'create_lockfile' => true,
'backend_cache' => true,
"reporter" => ["cli"],
"show_progress" => false,
"color" => true,
"create_lockfile" => true,
"backend_cache" => true,
},
shell: {
'reporter' => ['cli'],
"reporter" => ["cli"],
},
}.freeze

12
lib/inspec/control_eval_context.rb
View file

@ -1,6 +1,6 @@
require 'inspec/dsl'
require 'inspec/dsl_shared'
require 'rspec/core/dsl'
require "inspec/dsl"
require "inspec/dsl_shared"
require "rspec/core/dsl"
module Inspec
#
@ -28,7 +28,7 @@ module Inspec
# Simply an access, no event here
Inspec::InputRegistry.find_or_register_input(input_name, profile_id).value
else
options[:priority] = 20
options[:priority] ||= 20
options[:provider] = :inline_control_code
evt = Inspec::Input.infer_event(options)
Inspec::InputRegistry.find_or_register_input(input_name, profile_id, event: evt).value
@ -188,7 +188,7 @@ module Inspec
# Simply an access, no event here
Inspec::InputRegistry.find_or_register_input(input_name, profile_id).value
else
options[:priority] = 20
options[:priority] ||= 20
options[:provider] = :inline_control_code
evt = Inspec::Input.infer_event(options)
Inspec::InputRegistry.find_or_register_input(input_name, profile_id, event: evt).value
@ -233,7 +233,7 @@ module Inspec
def block_location(block, alternate_caller)
if block.nil?
alternate_caller[/^(.+:\d+):in .+$/, 1] || 'unknown'
alternate_caller[/^(.+:\d+):in .+$/, 1] || "unknown"
else
path, line = block.source_location
"#{File.basename(path)}:#{line}"

4
lib/inspec/dependencies/cache.rb
View file

@ -1,4 +1,4 @@
require 'fileutils'
require "fileutils"
module Inspec
#
@ -17,7 +17,7 @@ module Inspec
class Cache
attr_reader :path
def initialize(path = nil)
@path = path || File.join(Inspec.config_dir, 'cache')
@path = path || File.join(Inspec.config_dir, "cache")
FileUtils.mkdir_p(@path) unless File.directory?(@path)
end

4
lib/inspec/dependencies/dependency_set.rb
View file

@ -1,5 +1,5 @@
require 'inspec/dependencies/requirement'
require 'inspec/dependencies/resolver'
require "inspec/dependencies/requirement"
require "inspec/dependencies/resolver"
module Inspec
#

16
lib/inspec/dependencies/lockfile.rb
View file

@ -1,4 +1,4 @@
require 'yaml'
require "yaml"
module Inspec
class Lockfile
@ -8,15 +8,15 @@ module Inspec
def self.from_dependency_set(dep_set)
lockfile_content = {
'lockfile_version' => CURRENT_LOCKFILE_VERSION,
'depends' => dep_set.to_array,
"lockfile_version" => CURRENT_LOCKFILE_VERSION,
"depends" => dep_set.to_array,
}
new(lockfile_content)
end
def self.from_content(content)
parsed_content = YAML.load(content)
version = parsed_content['lockfile_version']
version = parsed_content["lockfile_version"]
raise "No lockfile_version set in #{path}!" if version.nil?
validate_lockfile_version!(version.to_i)
new(parsed_content)
@ -50,15 +50,15 @@ module Inspec
attr_reader :version, :deps
def initialize(lockfile_content_hash)
version = lockfile_content_hash['lockfile_version']
version = lockfile_content_hash["lockfile_version"]
@version = version.to_i
parse_content_hash(lockfile_content_hash)
end
def to_yaml
{
'lockfile_version' => CURRENT_LOCKFILE_VERSION,
'depends' => @deps.map { |i| stringify_keys(i) },
"lockfile_version" => CURRENT_LOCKFILE_VERSION,
"depends" => @deps.map { |i| stringify_keys(i) },
}.to_yaml
end
@ -84,7 +84,7 @@ module Inspec
end
def parse_content_hash_1(lockfile_content_hash)
@deps = lockfile_content_hash['depends']&.map { |i| symbolize_keys(i) }
@deps = lockfile_content_hash["depends"]&.map { |i| symbolize_keys(i) }
end
def mutate_hash_keys_with(hash, fun)

14
lib/inspec/dependencies/requirement.rb
View file

@ -1,5 +1,5 @@
require 'inspec/cached_fetcher'
require 'semverse'
require "inspec/cached_fetcher"
require "semverse"
module Inspec
#
@ -8,7 +8,7 @@ module Inspec
#
class Requirement
def self.from_metadata(dep, cache, opts)
raise 'Cannot load empty dependency.' if dep.nil? || dep.empty?
raise "Cannot load empty dependency." if dep.nil? || dep.empty?
req_path = opts[:cwd]
@ -81,13 +81,13 @@ module Inspec
def to_hash
h = {
'name' => name,
'resolved_source' => resolved_source,
'version_constraints' => version_constraints,
"name" => name,
"resolved_source" => resolved_source,
"version_constraints" => version_constraints,
}
if !dependencies.empty?
h['dependencies'] = dependencies.map(&:to_hash)
h["dependencies"] = dependencies.map(&:to_hash)
end
h

10
lib/inspec/dependencies/resolver.rb
View file

@ -1,5 +1,5 @@
require 'inspec/log'
require 'inspec/errors'
require "inspec/log"
require "inspec/errors"
module Inspec
#
@ -35,7 +35,7 @@ module Inspec
deps.each do |dep|
if seen_items_local.include?(dep.name)
problem_cookbook = if top_level
'the inspec.yml for this profile.'
"the inspec.yml for this profile."
else
"the dependency information for #{path_string.split(' ').last}"
end
@ -47,7 +47,7 @@ module Inspec
end
# Here deps is an Array of Inspec::Requirement
def resolve(deps, top_level = true, seen_items = {}, path_string = '') # rubocop:disable Metrics/AbcSize
def resolve(deps, top_level = true, seen_items = {}, path_string = "") # rubocop:disable Metrics/AbcSize
graph = {}
if top_level
Inspec::Log.debug("Starting traversal of dependencies #{deps.map(&:to_s)}")
@ -79,7 +79,7 @@ module Inspec
end
end
Inspec::Log.debug('Dependency traversal complete.') if top_level
Inspec::Log.debug("Dependency traversal complete.") if top_level
graph
end
end

4
lib/inspec/describe.rb
View file

@ -13,11 +13,11 @@ module Inspec
def one(&block)
return unless block_given?
instance_eval(&block)
@action.call('describe.one', @checks, nil)
@action.call("describe.one", @checks, nil)
end
def describe(*args, &block)
@checks.push(['describe', args, block])
@checks.push(["describe", args, block])
end
end
end

10
lib/inspec/dist.rb
View file

@ -3,18 +3,18 @@
module Inspec
module Dist
# When referencing a product directly, like InSpec
PRODUCT_NAME = 'Chef InSpec'
PRODUCT_NAME = "Chef InSpec"
# The inspec executable
EXEC_NAME = 'inspec'
EXEC_NAME = "inspec"
# The name of the server product
SERVER_PRODUCT_NAME = 'Chef Server'
SERVER_PRODUCT_NAME = "Chef Server"
# name of the automate product
AUTOMATE_PRODUCT_NAME = 'Chef Automate'
AUTOMATE_PRODUCT_NAME = "Chef Automate"
# name of the compliance product
COMPLIANCE_PRODUCT_NAME = 'Chef Compliance'
COMPLIANCE_PRODUCT_NAME = "Chef Compliance"
end
end

8
lib/inspec/dsl.rb
View file

@ -1,6 +1,6 @@
# copyright: 2015, Dominik Richter
require 'inspec/log'
require 'inspec/plugin/v2'
require "inspec/log"
require "inspec/plugin/v2"
module Inspec::DSL
def require_controls(id, &block)
@ -17,7 +17,7 @@ module Inspec::DSL
alias include_rules include_controls
def require_resource(options = {})
raise 'You must specify a specific resource name when calling require_resource()' if options[:resource].nil?
raise "You must specify a specific resource name when calling require_resource()" if options[:resource].nil?
from_profile = options[:profile] || profile_name
target_name = options[:as] || options[:resource]
@ -81,7 +81,7 @@ module Inspec::DSL
# remove all rules that were not registered
context.all_rules.each do |r|
id = Inspec::Rule.rule_id(r)
fid = Inspec::Rule.profile_id(r) + '/' + id
fid = Inspec::Rule.profile_id(r) + "/" + id
unless include_ctx.rules[id] || include_ctx.rules[fid]
context.remove_rule(fid)
end

2
lib/inspec/dsl_shared.rb
View file

@ -9,7 +9,7 @@ module Inspec
alias __ruby_require require
def require(path)
rbpath = path + '.rb'
rbpath = path + ".rb"
return __ruby_require(path) if !@require_loader.exists?(rbpath)
return false if @require_loader.loaded?(rbpath)

22
lib/inspec/env_printer.rb
View file

@ -1,15 +1,15 @@
require 'inspec/shell_detector'
require 'erb'
require 'shellwords'
require "inspec/shell_detector"
require "erb"
require "shellwords"
module Inspec
class EnvPrinter
attr_reader :shell
EVAL_COMMANDS = {
'bash' => 'eval \"$(inspec env bash)\"',
'fish' => 'inspec env fish > ~/.config/fish/completions/inspec.fish',
'zsh' => 'eval \"$(inspec env zsh)\"',
"bash" => 'eval \"$(inspec env bash)\"',
"fish" => "inspec env fish > ~/.config/fish/completions/inspec.fish",
"zsh" => 'eval \"$(inspec env zsh)\"',
}.freeze
def initialize(command_class, shell = nil)
@ -35,7 +35,7 @@ module Inspec
private
def print_completion_for_shell
erb = ERB.new(File.read(completion_template_path), nil, '-')
erb = ERB.new(File.read(completion_template_path), nil, "-")
puts erb.result(TemplateContext.new(@command_class).get_bindings)
end
@ -48,7 +48,7 @@ module Inspec
end
def completion_dir
File.join(File.dirname(__FILE__), 'completions')
File.join(File.dirname(__FILE__), "completions")
end
def completion_template_path
@ -56,7 +56,7 @@ module Inspec
end
def shells_with_completions
Dir.glob("#{completion_dir}/*.sh.erb").map { |f| File.basename(f, '.sh.erb') }
Dir.glob("#{completion_dir}/*.sh.erb").map { |f| File.basename(f, ".sh.erb") }
end
def print_usage_guidance
@ -90,7 +90,7 @@ module Inspec
def exit_no_shell
if @detected
$stderr.puts '# Unable to automatically detect shell and no shell was provided.'
$stderr.puts "# Unable to automatically detect shell and no shell was provided."
end
$stderr.puts <<~EOF
#
@ -108,7 +108,7 @@ module Inspec
@command_class = command_class
end
def get_bindings # rubocop:disable Style/AccessorMethodName
def get_bindings # rubocop:disable Naming/AccessorMethodName
binding
end

10
lib/inspec/expect.rb
View file

@ -1,6 +1,6 @@
# copyright: 2016, Chef Software Inc.
require 'rspec/expectations'
require "rspec/expectations"
module Inspec
class Expect
@ -22,11 +22,11 @@ module Inspec
def example_group
that = self
opts = { 'caller' => calls[0][3] } # TODO: this needs overhaul. no magic #s
opts = { "caller" => calls[0][3] } # TODO: this needs overhaul. no magic #s
if !calls[0][3].nil? && !calls[0][3].empty? &&
(m = calls[0][3][0].match(/^([^:]*):(\d+):/))
opts['file_path'] = m[0]
opts['line_number'] = m[1]
(m = calls[0][3][0].match(/^([^:]*):(\d+):/))
opts["file_path"] = m[0]
opts["line_number"] = m[1]
end
RSpec::Core::ExampleGroup.describe(that.value, opts) do

13
lib/inspec/fetcher.rb
View file

@ -1,4 +1,4 @@
require 'inspec/plugin/v1'
require "inspec/plugin/v1"
module Inspec
class FetcherRegistry < PluginRegistry
@ -29,15 +29,16 @@ module Inspec
def self.fetcher(version)
if version != 1
raise 'Only fetcher version 1 is supported!'
raise "Only fetcher version 1 is supported!"
end
Inspec::Plugins::Fetcher
end
end
require 'fetchers/local'
require 'fetchers/url'
require 'fetchers/git'
# TODO: remove. require up, not down.
require "fetchers/local"
require "fetchers/url"
require "fetchers/git"
# TODO: Remove in 4.0 when Compliance fetcher plugin is created
require 'plugins/inspec-compliance/lib/inspec-compliance/api'
require "plugins/inspec-compliance/lib/inspec-compliance/api"

47
lib/inspec/file_provider.rb
View file

@ -1,6 +1,7 @@
require 'rubygems/package'
require 'zlib'
require 'zip'
require "rubygems/package"
require "pathname"
require "zlib"
require "zip"
module Inspec
class FileProvider
@ -9,9 +10,9 @@ module Inspec
MockProvider.new(path)
elsif File.directory?(path)
DirProvider.new(path)
elsif File.exist?(path) && path.end_with?('.tar.gz', 'tgz')
elsif File.exist?(path) && path.end_with?(".tar.gz", "tgz")
TarProvider.new(path)
elsif File.exist?(path) && path.end_with?('.zip')
elsif File.exist?(path) && path.end_with?(".zip")
ZipProvider.new(path)
elsif File.exist?(path)
DirProvider.new(path)
@ -71,7 +72,7 @@ module Inspec
@files = if File.file?(path)
[path]
else
Dir[File.join(Shellwords.shellescape(path), '**', '*')]
Dir[File.join(Shellwords.shellescape(path), "**", "*")]
end
@path = path
end
@ -98,13 +99,13 @@ module Inspec
@files = []
walk_zip(@path) do |io|
while (entry = io.get_next_entry)
name = entry.name.sub(%r{/+$}, '')
@files.push(name) unless name.empty? || name.squeeze('/') =~ %r{\.{2}(?:/|\z)}
name = entry.name.sub(%r{/+$}, "")
@files.push(name) unless name.empty? || name.squeeze("/") =~ %r{\.{2}(?:/|\z)}
end
end
end
def extract(destination_path = '.')
def extract(destination_path = ".")
FileUtils.mkdir_p(destination_path)
Zip::File.open(@path) do |archive|
@ -155,17 +156,17 @@ module Inspec
@files = tar.find_all(&:file?)
# delete all entries with no name
@files = @files.find_all { |x| !x.full_name.empty? && x.full_name.squeeze('/') !~ %r{\.{2}(?:/|\z)} }
@files = @files.find_all { |x| !x.full_name.empty? && x.full_name.squeeze("/") !~ %r{\.{2}(?:/|\z)} }
# delete all entries that have a PaxHeader
@files = @files.delete_if { |x| x.full_name.include?('PaxHeader/') }
@files = @files.delete_if { |x| x.full_name.include?("PaxHeader/") }
# replace all items of the array simply with the relative filename of the file
@files.map! { |x| Pathname.new(x.full_name).relative_path_from(Pathname.new('.')).to_s }
@files.map! { |x| Pathname.new(x.full_name).relative_path_from(Pathname.new(".")).to_s }
end
end
def extract(destination_path = '.')
def extract(destination_path = ".")
FileUtils.mkdir_p(destination_path)
walk_tar(@path) do |files|
@ -178,7 +179,7 @@ module Inspec
FileUtils.remove_entry(final_path) if File.exist?(final_path)
FileUtils.mkdir_p(File.dirname(final_path))
File.open(final_path, 'wb') { |f| f.write(file.read) }
File.open(final_path, "wb") { |f| f.write(file.read) }
end
end
end
@ -213,8 +214,8 @@ module Inspec
class RelativeFileProvider
BLACKLIST_FILES = [
'/pax_global_header',
'pax_global_header',
"/pax_global_header",
"pax_global_header",
].freeze
attr_reader :files
@ -238,7 +239,7 @@ module Inspec
.map { |x| x[prefix.length..-1] }
.map do |x|
path = Pathname.new(x)
path.absolute? ? path.to_s : path.relative_path_from(Pathname.new('.')).to_s
path.absolute? ? path.to_s : path.relative_path_from(Pathname.new(".")).to_s
end
end
@ -258,7 +259,7 @@ module Inspec
private
def get_prefix(fs)
return '' if fs.empty?
return "" if fs.empty?
# filter backlisted files
fs -= BLACKLIST_FILES
@ -287,15 +288,15 @@ module Inspec
end
def get_files_prefix(fs)
return '' if fs.empty?
return "" if fs.empty?
file = fs[0]
bn = File.basename(file)
# no more prefixes
return '' if bn == file
return "" if bn == file
i = file.rindex(bn)
pre = file[0..i-1]
pre = file[0..i - 1]
rest = fs.find_all { |f| !f.start_with?(pre) }
return pre if rest.empty?
@ -303,8 +304,8 @@ module Inspec
new_pre = get_prefix(rest)
return new_pre if pre.start_with? new_pre
# edge case: completely different prefixes; retry prefix detection
a = File.dirname(pre + 'a')
b = File.dirname(new_pre + 'b')
a = File.dirname(pre + "a")
b = File.dirname(new_pre + "b")
get_prefix([a, b])
end
end

6
lib/inspec/formatters.rb
View file

@ -1,3 +1,3 @@
require 'inspec/formatters/base'
require 'inspec/formatters/json_rspec'
require 'inspec/formatters/show_progress'
require "inspec/formatters/base"
require "inspec/formatters/json_rspec"
require "inspec/formatters/show_progress"

16
lib/inspec/formatters/base.rb
View file

@ -1,5 +1,5 @@
require 'rspec/core'
require 'rspec/core/formatters/base_formatter'
require "rspec/core"
require "rspec/core/formatters/base_formatter"
module Inspec::Formatters
class Base < RSpec::Core::Formatters::BaseFormatter
@ -43,7 +43,7 @@ module Inspec::Formatters
next unless e
if example.metadata[:sensitive]
hash[:message] = '*** sensitive output suppressed ***'
hash[:message] = "*** sensitive output suppressed ***"
else
hash[:message] = exception_message(e)
end
@ -101,9 +101,9 @@ module Inspec::Formatters
all_unique_controls.each do |control|
next unless control[:results]
if control[:results].any? { |r| r[:status] == 'failed' }
if control[:results].any? { |r| r[:status] == "failed" }
failed += 1
elsif control[:results].any? { |r| r[:status] == 'skipped' }
elsif control[:results].any? { |r| r[:status] == "skipped" }
skipped += 1
else
passed += 1
@ -162,8 +162,8 @@ module Inspec::Formatters
res[:profile_id] = pid
end
if res[:status] == 'pending'
res[:status] = 'skipped'
if res[:status] == "pending"
res[:status] = "skipped"
res[:skip_message] = example.metadata[:description]
res[:resource] = example.metadata[:described_class].to_s
end
@ -173,7 +173,7 @@ module Inspec::Formatters
def format_expectation_message(example)
if (example.metadata[:example_group][:description_args].first == example.metadata[:example_group][:described_class]) ||
example.metadata[:example_group][:described_class].nil?
example.metadata[:example_group][:described_class].nil?
example.metadata[:description]
else
"#{example.metadata[:example_group][:description]} #{example.metadata[:description]}"

4
lib/inspec/globals.rb
View file

@ -1,9 +1,9 @@
module Inspec
def self.config_dir
ENV['INSPEC_CONFIG_DIR'] ? ENV['INSPEC_CONFIG_DIR'] : File.join(Dir.home, '.inspec')
ENV["INSPEC_CONFIG_DIR"] ? ENV["INSPEC_CONFIG_DIR"] : File.join(Dir.home, ".inspec")
end
def self.src_root
File.expand_path(File.join(__FILE__, '..', '..', '..'))
File.expand_path(File.join(__FILE__, "..", "..", ".."))
end
end

10
lib/inspec/impact.rb
View file

@ -1,11 +1,11 @@
# Impact scores based off CVSS 3.0
module Inspec::Impact
IMPACT_SCORES = {
'none' => 0.0,
'low' => 0.1,
'medium' => 0.4,
'high' => 0.7,
'critical' => 0.9,
"none" => 0.0,
"low" => 0.1,
"medium" => 0.4,
"high" => 0.7,
"critical" => 0.9,
}.freeze
def self.impact_from_string(value)

117
lib/inspec/input_registry.rb
View file

@ -1,8 +1,9 @@
require 'forwardable'
require 'singleton'
require 'inspec/objects/input'
require 'inspec/secrets'
require 'inspec/exceptions'
require "forwardable"
require "singleton"
require "inspec/objects/input"
require "inspec/secrets"
require "inspec/exceptions"
require "inspec/plugin/v2"
module Inspec
# The InputRegistry's responsibilities include:
@ -12,7 +13,7 @@ module Inspec
include Singleton
extend Forwardable
attr_reader :inputs_by_profile, :profile_aliases
attr_reader :inputs_by_profile, :profile_aliases, :plugins
def_delegator :inputs_by_profile, :each
def_delegator :inputs_by_profile, :[]
def_delegator :inputs_by_profile, :key?, :profile_known?
@ -25,6 +26,14 @@ module Inspec
# this is a list of optional profile name overrides set in the inspec.yml
@profile_aliases = {}
# Upon creation, activate all input plugins
activators = Inspec::Plugin::V2::Registry.instance.find_activators(plugin_type: :input)
@plugins = activators.map do |activator|
activator.activate!
activator.implementation_class.new
end
end
#-------------------------------------------------------------#
@ -35,32 +44,58 @@ module Inspec
@profile_aliases[name] = alias_name
end
# Returns an Hash, name => Input that have actually been mentioned
def list_inputs_for_profile(profile)
inputs_by_profile[profile] = {} unless profile_known?(profile)
inputs_by_profile[profile]
end
# Returns an Array of input names. This includes input names
# that plugins may be able to fetch, but have not actually been
# mentioned in the control code.
def list_potential_input_names_for_profile(profile_name)
input_names_from_dsl = inputs_by_profile[profile_name].keys
input_names_from_plugins = plugins.map { |plugin| plugin.list_inputs(profile_name) }
(input_names_from_dsl + input_names_from_plugins).flatten.uniq
end
#-------------------------------------------------------------#
# Support for Individual Inputs
#-------------------------------------------------------------#
def find_or_register_input(input_name, profile_name, options = {})
if profile_alias?(profile_name)
if profile_alias?(profile_name) && !profile_aliases[profile_name].nil?
alias_name = profile_name
profile_name = profile_aliases[profile_name]
handle_late_arriving_alias(alias_name, profile_name) if profile_known?(alias_name)
end
# Find or create the input
inputs_by_profile[profile_name] ||= {}
if inputs_by_profile[profile_name].key?(input_name)
inputs_by_profile[profile_name][input_name].update(options)
else
inputs_by_profile[profile_name][input_name] = Inspec::Input.new(input_name, options)
poll_plugins_for_update(profile_name, input_name)
end
inputs_by_profile[profile_name][input_name]
end
def poll_plugins_for_update(profile_name, input_name)
plugins.each do |plugin|
response = plugin.fetch(profile_name, input_name)
evt = Inspec::Input::Event.new(
action: :fetch,
provider: plugin.class.plugin_name,
priority: plugin.default_priority,
hit: !response.nil?
)
evt.value = response unless response.nil?
inputs_by_profile[profile_name][input_name].events << evt
end
end
# It is possible for a wrapper profile to create an input in metadata,
# referring to the child profile by an alias that has not yet been registered.
# The registry will then store the inputs under the alias, as if the alias
@ -115,7 +150,7 @@ module Inspec
provider: :runner_api, # TODO: suss out if audit cookbook or kitchen-inspec or something unknown
priority: 40,
file: loc.path,
line: loc.lineno,
line: loc.lineno
)
find_or_register_input(input_name, profile_name, event: evt)
end
@ -135,7 +170,7 @@ module Inspec
if data.nil?
raise Inspec::Exceptions::SecretsBackendNotFound,
"Cannot find parser for inputs file '#{path}'. " \
'Check to make sure file has the appropriate extension.'
"Check to make sure file has the appropriate extension."
end
next if data.inputs.nil?
@ -144,7 +179,7 @@ module Inspec
value: input_value,
provider: :cli_files,
priority: 40,
file: path,
file: path
# TODO: any way we could get a line number?
)
find_or_register_input(input_name, profile_name, event: evt)
@ -156,13 +191,13 @@ module Inspec
unless File.exist?(path)
raise Inspec::Exceptions::InputsFileDoesNotExist,
"Cannot find input file '#{path}'. " \
'Check to make sure file exists.'
"Check to make sure file exists."
end
unless File.readable?(path)
raise Inspec::Exceptions::InputsFileNotReadable,
"Cannot read input file '#{path}'. " \
'Check to make sure file is readable.'
"Check to make sure file is readable."
end
true
@ -170,31 +205,46 @@ module Inspec
def bind_inputs_from_metadata(profile_name, profile_metadata_obj)
# TODO: move this into a core plugin
# TODO: add deprecation stuff
return if profile_metadata_obj.nil? # Metadata files are technically optional
if profile_metadata_obj.params.key?(:attributes) && profile_metadata_obj.params[:attributes].is_a?(Array)
profile_metadata_obj.params[:attributes].each do |input_orig|
input_options = input_orig.dup
input_name = input_options.delete(:name)
input_options.merge!({ priority: 30, provider: :profile_metadata, file: File.join(profile_name, 'inspec.yml') })
evt = Inspec::Input.infer_event(input_options)
# Profile metadata may set inputs in other profiles by naming them.
if input_options[:profile]
profile_name = input_options[:profile] || profile_name
# Override priority to force this to win. Allow user to set their own priority.
evt.priority = input_orig[:priority] || 35
end
find_or_register_input(input_name,
profile_name,
type: input_options[:type],
required: input_options[:required],
event: evt)
end
if profile_metadata_obj.params.key?(:inputs)
raw_inputs = profile_metadata_obj.params[:inputs]
elsif profile_metadata_obj.params.key?(:attributes)
Inspec::Log.warn 'Inputs must be defined as an Array. Skipping current definition.'
Inspec.deprecate(:attrs_rename_in_metadata, "Profile: '#{profile_name}'.")
raw_inputs = profile_metadata_obj.params[:attributes]
else
return
end
unless raw_inputs.is_a?(Array)
Inspec::Log.warn "Inputs must be defined as an Array in metadata files. Skipping definition from #{profile_name}."
return
end
raw_inputs.each { |i| handle_raw_input_from_metadata(i, profile_name) }
end
def handle_raw_input_from_metadata(input_orig, profile_name)
input_options = input_orig.dup
input_name = input_options.delete(:name)
input_options[:provider] = :profile_metadata
input_options[:file] = File.join(profile_name, "inspec.yml")
input_options[:priority] ||= 30
evt = Inspec::Input.infer_event(input_options)
# Profile metadata may set inputs in other profiles by naming them.
if input_options[:profile]
profile_name = input_options[:profile] || profile_name
# Override priority to force this to win. Allow user to set their own priority.
evt.priority = input_orig[:priority] || 35
end
find_or_register_input(
input_name,
profile_name,
type: input_options[:type],
required: input_options[:required],
event: evt
)
end
#-------------------------------------------------------------#
@ -214,6 +264,7 @@ module Inspec
:find_or_register_input,
:register_profile_alias,
:list_inputs_for_profile,
:list_potential_input_names_for_profile,
:bind_profile_inputs,
].each do |meth|
define_singleton_method(meth) do |*args|

6
lib/inspec/library_eval_context.rb
View file

@ -1,5 +1,5 @@
require 'inspec/plugin/v1/plugin_types/resource'
require 'inspec/dsl_shared'
require "inspec/plugin/v1/plugin_types/resource"
require "inspec/dsl_shared"
module Inspec
#
@ -48,7 +48,7 @@ module Inspec
# Provide the local binding for this context which is necessary for
# calls to `require` to create all dependent objects in the correct
# context.
res.instance_variable_set('@inspec_binding', res.instance_eval('binding'))
res.instance_variable_set("@inspec_binding", res.instance_eval("binding"))
res
end
end

Some files were not shown because too many files have changed in this diff Show more