prevent duplicate profile-loading

this happens when the profile is run (exec) and also interpreted (via profile.params). It will load 2 profile context calls (both via Runner) which in turn gets 2 rounds of interpreter+runner executions. This is an issue with auto-generated IDs, due to their random component, which changes in this case
2024-11-10 23:24:18 +00:00 · 2016-04-20 00:50:18 -04:00 · 2016-04-20 00:50:18 -04:00 · b14495051a
commit b14495051a
parent 20d08a63b5
10 changed files with 183 additions and 167 deletions
--- a/lib/inspec/profile.rb
+++ b/lib/inspec/profile.rb
@ -11,7 +11,6 @@ require 'inspec/metadata'
 module Inspec
  class Profile # rubocop:disable Metrics/ClassLength
    extend Forwardable
-    attr_reader :path

    def self.resolve_target(target, opts)
      # Fetchers retrieve file contents
@ -35,6 +34,7 @@ module Inspec
    end

    attr_reader :source_reader
+    attr_accessor :runner_context
    def_delegator :@source_reader, :tests
    def_delegator :@source_reader, :libraries
    def_delegator :@source_reader, :metadata
@ -46,6 +46,7 @@ module Inspec
      @logger = @options[:logger] || Logger.new(nil)
      @source_reader = source_reader
      @profile_id = @options[:id]
+      @runner_context = nil
      Metadata.finalize(@source_reader.metadata, @profile_id)
    end

@ -222,27 +223,37 @@ module Inspec
    def load_params
      params = @source_reader.metadata.params
      params[:name] = @profile_id unless @profile_id.nil?
+      load_checks_params(params)
+      @profile_id ||= params[:name]
+      params
+    end
+
+    def load_checks_params(params)
      params[:controls] = controls = {}
      params[:groups] = groups = {}
      prefix = @source_reader.target.prefix || ''

-      # we're checking a profile, we don't care if it runs on the host machine
-      opts = @options.dup
-      opts[:ignore_supports] = true
-      runner = Runner.new(
-        id: @profile_id,
-        backend: :mock,
-        test_collector: opts.delete(:test_collector),
-      )
-      runner.add_profile(self, opts)
-
-      runner.rules.values.each do |rule|
-        f = load_rule_filepath(prefix, rule)
-        load_rule(rule, f, controls, groups)
+      if @runner_context.nil?
+        # we're checking a profile, we don't care if it runs on the host machine
+        opts = @options.dup
+        opts[:ignore_supports] = true
+        runner = Runner.new(
+          id: @profile_id,
+          backend: :mock,
+          test_collector: opts.delete(:test_collector),
+        )
+        runner.add_profile(self, opts)
+        runner.rules.values.each do |rule|
+          f = load_rule_filepath(prefix, rule)
+          load_rule(rule, f, controls, groups)
+        end
+      else
+        # load from context
+        @runner_context.rules.values.each do |rule|
+          f = load_rule_filepath(prefix, rule)
+          load_rule(rule, f, controls, groups)
+        end
      end
-
-      @profile_id ||= params[:name]
-      params
    end

    def load_rule_filepath(prefix, rule)
--- a/lib/inspec/rspec_json_formatter.rb
+++ b/lib/inspec/rspec_json_formatter.rb
@ -109,6 +109,7 @@ class InspecRspecFullJson < InspecRspecJson
    end

    @output_hash[:profiles] = profiles
+    @output_hash[:other_checks] = missing
  end

  private
--- a/lib/inspec/runner.rb
+++ b/lib/inspec/runner.rb
@ -104,6 +104,11 @@ module Inspec
        ctx.reload_dsl
      end

+      # hand the context to the profile for further evaluation
+      unless (profile = options['profile']).nil?
+        profile.runner_context = ctx
+      end
+
      # evaluate the test content
      tests = [tests] unless tests.is_a? Array
      tests.each { |t| add_test_to_context(t, ctx) }
--- a/test/functional/helper.rb
+++ b/test/functional/helper.rb
@ -20,6 +20,7 @@ module FunctionalHelper
  let(:examples_path) { File.join(repo_path, 'examples') }

  let(:example_profile) { File.join(examples_path, 'profile') }
+  let(:example_control) { File.join(example_profile, 'controls', 'example.rb') }
  let(:inheritance_profile) { File.join(examples_path, 'profile') }

  let(:dst) {
--- a/test/functional/inheritance_test.rb
+++ b/test/functional/inheritance_test.rb
@ -44,6 +44,6 @@ describe 'example inheritance profile' do
    s = out.stdout
    hm = JSON.load(s)
    hm['name'].must_equal 'inheritance'
-    hm['rules'].length.must_equal 1 # TODO: flatten out or search deeper!
+    hm['controls'].length.must_equal 3
  end
 end
--- a/test/functional/inspec_exec_fulljson_test.rb
+++ b/test/functional/inspec_exec_fulljson_test.rb
@ -0,0 +1,122 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+require 'functional/helper'
+
+describe 'inspec exec with fulljson formatter' do
+  include FunctionalHelper
+
+  it 'can execute a simple file with the fulljson formatter' do
+    out = inspec('exec ' + example_control + ' --format fulljson')
+    out.stderr.must_equal ''
+    out.exit_status.must_equal 0
+    JSON.load(out.stdout).must_be_kind_of Hash
+  end
+
+  it 'can execute the profile with the fulljson formatter' do
+    out = inspec('exec ' + example_profile + ' --format fulljson')
+    out.stderr.must_equal ''
+    out.exit_status.must_equal 0
+    JSON.load(out.stdout).must_be_kind_of Hash
+  end
+
+  describe 'execute a profile with fulljson formatting' do
+    let(:json) { JSON.load(inspec('exec ' + example_profile + ' --format fulljson').stdout) }
+    let(:profile) { json['profiles']['profile'] }
+    let(:controls) { profile['controls'] }
+    let(:ex1) { controls['tmp-1.0'] }
+    let(:ex2) {
+      k = controls.keys.find { |x| x =~ /generated/ }
+      controls[k]
+    }
+    let(:ex3) { profile['controls']['gordon-1.0'] }
+    let(:check_result) {
+      ex3['results'].find { |x| x['resource'] == 'gordon_config' }
+    }
+
+    it 'has all the metadata' do
+      actual = profile.dup
+      key = actual.delete('controls').keys
+                  .find { |x| x =~ /generated from example.rb/ }
+
+      actual.must_equal({
+        "name" => "profile",
+        "title" => "InSpec Example Profile",
+        "maintainer" => "Chef Software, Inc.",
+        "copyright" => "Chef Software, Inc.",
+        "copyright_email" => "support@chef.io",
+        "license" => "Apache 2 license",
+        "summary" => "Demonstrates the use of InSpec Compliance Profile",
+        "version" => "1.0.0",
+        "supports" => [{"os-family" => "unix"}],
+        "groups" => {
+          "controls/meta.rb" => {"title"=>"SSH Server Configuration", "controls"=>["ssh-1"]},
+          "controls/example.rb" => {"title"=>"/tmp profile", "controls"=>["tmp-1.0", key]},
+          "controls/gordon.rb" => {"title"=>"Gordon Config Checks", "controls"=>["gordon-1.0"]},
+        },
+      })
+    end
+
+    it 'must have 4 controls' do
+      controls.length.must_equal 4
+    end
+
+    it 'has an id for every control' do
+      controls.keys.find(&:nil?).must_be :nil?
+    end
+
+    it 'has no missing checks' do
+      json['other_checks'].must_equal([])
+    end
+
+    it 'has results for every control' do
+      ex1['results'].length.must_equal 1
+      ex2['results'].length.must_equal 1
+      ex3['results'].length.must_equal 2
+    end
+
+    it 'has the right result for tmp-1.0' do
+      actual = ex1.dup
+
+      src = actual.delete('source_location')
+      src[0].must_match %r{examples/profile/controls/example.rb$}
+      src[1].must_equal 8
+
+      result = actual.delete('results')[0]
+      result.wont_be :nil?
+      result['status'].must_equal 'passed'
+      result['code_desc'].must_equal 'File /tmp should be directory'
+      result['run_time'].wont_be :nil?
+      result['start_time'].wont_be :nil?
+
+      actual.must_equal({
+        "title" => "Create /tmp directory",
+        "desc" => "An optional description...",
+        "impact" => 0.7,
+        "refs" => [
+          {
+            "url" => "http://...",
+            "ref" => "Document A-12"
+          }
+        ],
+        "tags" => {
+          "data" => "temp data",
+          "security" => nil
+        },
+        "code" => "control \"tmp-1.0\" do                        # A unique ID for this control\n  impact 0.7                                # The criticality, if this control fails.\n  title \"Create /tmp directory\"             # A human-readable title\n  desc \"An optional description...\"         # Describe why this is needed\n  tag data: \"temp data\"                     # A tag allows you to associate key information\n  tag \"security\"                            # to the test\n  ref \"Document A-12\", url: 'http://...'    # Additional references\n\n  describe file('/tmp') do                  # The actual test\n    it { should be_directory }\n  end\nend\n",
+      })
+    end
+  end
+
+  describe 'with a profile that is not supported on this OS/platform' do
+    let(:out) { inspec('exec ' + File.join(profile_path, 'skippy-profile-os') + ' --format fulljson') }
+    let(:json) { JSON.load(out.stdout) }
+
+    # TODO: failure handling in json formatters...
+
+    it 'never runs the actual resource' do
+      File.exist?('/tmp/inspec_test_DONT_CREATE').must_equal false
+    end
+  end
+end
--- a/test/functional/inspec_exec_test.rb
+++ b/test/functional/inspec_exec_test.rb
@ -29,8 +29,6 @@ describe 'inspec exec' do
    JSON.load(out.stdout).must_be_kind_of Hash
  end

-  let(:example_control) { File.join(example_profile, 'controls', 'example.rb') }
-
  it 'can execute a simple file with the default formatter' do
    out = inspec('exec ' + example_control)
    out.stderr.must_equal ''
@ -45,13 +43,6 @@ describe 'inspec exec' do
    JSON.load(out.stdout).must_be_kind_of Hash
  end

-  it 'can execute a simple file with the fulljson formatter' do
-    out = inspec('exec ' + example_control + ' --format fulljson')
-    out.stderr.must_equal ''
-    out.exit_status.must_equal 0
-    JSON.load(out.stdout).must_be_kind_of Hash
-  end
-
  describe 'execute a profile with json formatting' do
    let(:json) { JSON.load(inspec('exec ' + example_profile + ' --format json').stdout) }
    let(:controls) { json['controls'] }
@ -87,108 +78,6 @@ describe 'inspec exec' do
    end
  end

-  it 'can execute the profile with the fulljson formatter' do
-    out = inspec('exec ' + example_profile + ' --format fulljson')
-    out.stderr.must_equal ''
-    out.exit_status.must_equal 0
-    JSON.load(out.stdout).must_be_kind_of Hash
-  end
-
-  describe 'execute a profile with fulljson formatting' do
-    let(:json) { JSON.load(inspec('exec ' + example_profile + ' --format fulljson').stdout) }
-    let(:profile) { json['profiles']['profile'] }
-    let(:controls) { profile['controls'] }
-    let(:ex1) { controls['tmp-1.0'] }
-    let(:ex2) {
-      k = controls.keys.find { |x| x =~ /generated/ }
-      controls[k]
-    }
-    let(:ex3) { controls['gordon-1.0'] }
-    let(:check_result) { ex1['results'][0] }
-
-    it 'has all the metadata' do
-      controls = profile.delete('controls')
-      key = controls.keys.find { |x| x =~ /generated from example.rb/ }
-
-      profile.must_equal({
-        "name" => "profile",
-        "title" => "InSpec Example Profile",
-        "maintainer" => "Chef Software, Inc.",
-        "copyright" => "Chef Software, Inc.",
-        "copyright_email" => "support@chef.io",
-        "license" => "Apache 2 license",
-        "summary" => "Demonstrates the use of InSpec Compliance Profile",
-        "version" => "1.0.0",
-        "supports" => [{"os-family" => "unix"}],
-        "groups" => {
-          "controls/meta.rb" => {"title"=>"SSH Server Configuration", "controls"=>["ssh-1"]},
-          "controls/example.rb" => {"title"=>"/tmp profile", "controls"=>["tmp-1.0", key]},
-          "controls/gordon.rb" => {"title"=>"Gordon Config Checks", "controls"=>["gordon-1.0"]},
-        },
-      })
-    end
-
-    it 'must have 4 controls' do
-      controls.length.must_equal 4
-    end
-
-    it 'has an id for every control' do
-      controls.keys.find(&:nil?).must_be :nil?
-    end
-
-    it 'title in json' do
-      ex3['title'].must_equal 'Verify the version number of Gordon'
-    end
-
-    it 'desc in json' do
-      ex3['desc'].must_equal 'An optional description...'
-    end
-
-    it 'code in json' do
-      ex3['code'].wont_be :nil?
-    end
-
-    it 'code_desc in json' do
-      ex3['code_desc'].wont_be :nil?
-    end
-
-    it 'impact in json' do
-      ex1['impact'].must_equal 0.7
-      ex2['impact'].must_be :nil?
-    end
-
-    it 'source location in json' do
-      ex1['source_location'][0].must_match %r{examples/profile/controls/example.rb$}
-    end
-
-    it 'source line in json' do
-      ex1['source_location'][1].must_equal 8
-    end
-
-    it 'has all needed results' do
-      ex1['results'].length.must_equal 1
-      ex2['results'].length.must_equal 1
-      ex3['results'].length.must_equal 2
-    end
-
-    it 'has a status in its check result' do
-      check_result['status'].must_equal 'passed'
-    end
-
-    it 'has a code description in its check result' do
-      check_result['code_desc'].must_equal 'File /tmp should be directory'
-    end
-
-    it 'has a run_time in its check result' do
-      check_result['run_time'].must_be > 0
-      check_result['run_time'].must_be < 1
-    end
-
-    it 'has a start_time in its check result' do
-      check_result['start_time'].wont_be :nil?
-    end
-  end
-
  describe 'with a profile that is not supported on this OS/platform' do
    let(:out) { inspec('exec ' + File.join(profile_path, 'skippy-profile-os')) }
    let(:json) { JSON.load(out.stdout) }
@ -199,17 +88,6 @@ describe 'inspec exec' do
    end
  end

-  describe 'with a profile that is not supported on this OS/platform' do
-    let(:out) { inspec('exec ' + File.join(profile_path, 'skippy-profile-os') + ' --format fulljson') }
-    let(:json) { JSON.load(out.stdout) }
-
-    # TODO: failure handling in json formatters...
-
-    it 'never runs the actual resource' do
-      File.exist?('/tmp/inspec_test_DONT_CREATE').must_equal false
-    end
-  end
-
  describe 'with a profile that is supported on this version of inspec' do
    let(:out) { inspec('exec ' + File.join(profile_path, 'supported_inspec')) }

--- a/test/functional/inspec_json_test.rb
+++ b/test/functional/inspec_json_test.rb
@ -42,36 +42,36 @@ describe 'inspec json' do
      json['copyright'].must_equal 'Chef Software, Inc.'
    end

-    it 'has rules' do
-      json['rules'].length.must_equal 3 # TODO: flatten out or search deeper!
+    it 'has controls' do
+      json['controls'].length.must_equal 4
    end

-    describe 'a rule' do
-      let(:rule) { json['rules']['controls/example.rb']['rules']['tmp-1.0'] }
+    describe 'a control' do
+      let(:control) { json['controls']['tmp-1.0'] }

      it 'has a title' do
-        rule['title'].must_equal 'Create /tmp directory'
+        control['title'].must_equal 'Create /tmp directory'
      end

      it 'has a description' do
-        rule['desc'].must_equal 'An optional description...'
+        control['desc'].must_equal 'An optional description...'
      end

      it 'has an impact' do
-        rule['impact'].must_equal 0.7
+        control['impact'].must_equal 0.7
      end

      it 'has a ref' do
-        rule['refs'].must_equal([{'ref' => 'Document A-12', 'url' => 'http://...'}])
+        control['refs'].must_equal([{'ref' => 'Document A-12', 'url' => 'http://...'}])
      end

      it 'has a source location' do
        loc = File.join(example_profile, '/controls/example.rb')
-        rule['source_location'].must_equal [loc, 8]
+        control['source_location'].must_equal [loc, 8]
      end

      it 'has a the source code' do
-        rule['code'].must_match /\Acontrol \"tmp-1.0\" do.*end\n\Z/m
+        control['code'].must_match /\Acontrol \"tmp-1.0\" do.*end\n\Z/m
      end
    end
  end
@ -86,10 +86,8 @@ describe 'inspec json' do

    it 'only has one control included' do
      json = JSON.load(out.stdout)
-      grps = json['rules']
-      grps.keys.must_equal ['controls/example.rb']
-      rules = grps.values[0]['rules']
-      rules.keys.must_equal ['tmp-1.0']
+      json['controls'].keys.must_equal %w{tmp-1.0}
+      json['groups'].keys.must_equal %w{controls/example.rb}
    end
  end

@ -99,6 +97,6 @@ describe 'inspec json' do
    out.exit_status.must_equal 0
    hm = JSON.load(File.read(dst.path))
    hm['name'].must_equal 'profile'
-    hm['rules'].length.must_equal 3 # TODO: flatten out or search deeper!
+    hm['controls'].length.must_equal 4
  end
 end
--- a/test/unit/control_test.rb
+++ b/test/unit/control_test.rb
@ -12,7 +12,7 @@ describe 'controls' do
    }
    opts = { test_collector: Inspec::RunnerMock.new }
    Inspec::Profile.for_target(data, opts)
-                   .params[:rules]['1']
+                   .params[:controls]['1']
  end

  it 'works with empty refs' do
--- a/test/unit/profile_test.rb
+++ b/test/unit/profile_test.rb
@ -16,8 +16,8 @@ describe Inspec::Profile do
      profile.params[:name].must_be_nil
    end

-    it 'has no rules' do
-      profile.params[:rules].must_equal({})
+    it 'has no controls' do
+      profile.params[:controls].must_equal({})
    end
  end

@ -28,8 +28,8 @@ describe Inspec::Profile do
      profile.params[:name].must_be_nil
    end

-    it 'has no rules' do
-      profile.params[:rules].must_equal({})
+    it 'has no controls' do
+      profile.params[:controls].must_equal({})
    end
  end

@ -41,8 +41,8 @@ describe Inspec::Profile do
      profile.params[:name].must_equal 'yumyum profile'
    end

-    it 'has no rules' do
-      profile.params[:rules].must_equal({})
+    it 'has no controls' do
+      profile.params[:controls].must_equal({})
    end

    it 'can overwrite the profile ID' do
@ -59,8 +59,8 @@ describe Inspec::Profile do
      profile.params[:name].must_equal 'metadata profile'
    end

-    it 'has no rules' do
-      profile.params[:rules].must_equal({})
+    it 'has no controls' do
+      profile.params[:controls].must_equal({})
    end
  end

@ -179,7 +179,7 @@ describe Inspec::Profile do
    describe 'a complete metadata profile with controls' do
      let(:profile_id) { 'complete-profile' }

-      it 'prints ok messages and counts the rules' do
+      it 'prints ok messages and counts the controls' do
        logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
        logger.expect :info, nil, ['Metadata OK.']
        logger.expect :info, nil, ['Found 1 controls.']
@ -204,7 +204,7 @@ describe Inspec::Profile do
      let(:profile_path) { MockLoader.profile_tgz(profile_id) }
      let(:profile) { MockLoader.load_profile(profile_path, {logger: logger}) }

-      it 'prints ok messages and counts the rules' do
+      it 'prints ok messages and counts the controls' do
        logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
        logger.expect :info, nil, ['Metadata OK.']
        logger.expect :info, nil, ['Found 1 controls.']
@ -229,7 +229,7 @@ describe Inspec::Profile do
      let(:profile_path) { MockLoader.profile_zip(profile_id) }
      let(:profile) { MockLoader.load_profile(profile_path, {logger: logger}) }

-      it 'prints ok messages and counts the rules' do
+      it 'prints ok messages and counts the controls' do
        logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
        logger.expect :info, nil, ['Metadata OK.']
        logger.expect :info, nil, ['Found 1 controls.']