Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2025-02-17 06:28:40 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update deprecation settings for v4 (#3973)

Browse source 
Update deprecation settings for v4
This commit is contained in:
Clinton Wolfe 2019-04-25 18:56:43 -04:00 committed by GitHub
commit b74f61e9de
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 153 additions and 202 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

60
etc/deprecations.json
View file

@ -3,12 +3,12 @@
"unknown_group_action": "ignore",
"groups": {
"attrs_value_replaces_default": {
"action": "ignore",
"action": "warn",
"prefix": "The 'default' option for attributes is being replaced by 'value' - please use it instead."
},
"aws_resources_in_resource_pack": {
"comment": "See #3822",
"action": "ignore",
"action": "warn",
"prefix": "AWS resources shipped with core InSpec are being to moved to a resource pack for faster iteration. Please update your profiles to depend on git@github.com:inspec/inspec-aws.git ."
},
"cli_option_json_config": {
@ -17,11 +17,11 @@
"comment": "See #3661"
},
"file_resource_be_mounted_matchers": {
"action": "warn",
"action": "fail_control",
"suffix": "This will not be supported in InSpec 4.0."
},
"host_resource_proto_usage": {
"action": "warn",
"action": "fail_control",
"suffix": "This will not be supported in InSpec 4.0."
},
"inspec_ui_methods": {
@ -30,67 +30,67 @@
"comment": "See #3715"
},
"mssql_session_pass_option": {
"action": "warn",
"action": "exit",
"suffix": "This will not be supported in InSpec 4.0."
},
"oracledb_session_pass_option": {
"action": "warn",
"suffix": "This will not be supported in InSpec 4.0."
"action": "exit",
"suffix": "This is not supported in InSpec 4.0."
},
"property_filesystem_size": {
"action": "ignore",
"action": "warn",
"comment": "See #3778"
},
"property_processes_list": {
"action": "warn",
"suffix": "This property will be removed in InSpec 4.0."
"action": "fail_control",
"suffix": "This property was removed in InSpec 4.0."
},
"properties_aws_iam_user": {
"action": "warn",
"suffix": "This property will be removed in InSpec 4.0."
"action": "fail_control",
"suffix": "This property was removed in InSpec 4.0."
},
"properties_shadow": {
"action": "warn",
"suffix": "This property will be removed in InSpec 4.0."
"action": "fail_control",
"suffix": "This property was removed in InSpec 4.0."
},
"rename_attributes_to_inputs": {
"action": "ignore",
"action": "warn",
"prefix": "InSpec Attributes are being renamed to InSpec Inputs to avoid confusion with Chef Attributes.",
"comment": "See #3802"
},
"resource_apache": {
"action": "warn",
"suffix": "This resource will be removed in InSpec 4.0."
"action": "exit",
"suffix": "This resource was removed in InSpec 4.0."
},
"resource_azure_generic_resource": {
"action": "warn",
"prefix": "The azure_generic_resource is deprecated. Please use a specific resource. See: 'https://github.com/inspec/inspec/issues/3131'"
},
"resource_iis_website": {
"action": "warn",
"suffix": "This resource will be removed in InSpec 4.0.",
"action": "exit",
"suffix": "This resource was removed in InSpec 4.0.",
"comment": "Needed for ServerSpec compatibility"
},
"resource_linux_kernel_parameter": {
"action": "warn",
"suffix": "This resource will be removed in InSpec 4.0.",
"action": "exit",
"suffix": "This resource was removed in InSpec 4.0.",
"comment": "Needed for ServerSpec compatibility"
},
"resource_ppa": {
"action": "warn",
"suffix": "This resource will be removed in InSpec 4.0.",
"action": "exit",
"suffix": "This resource was removed in InSpec 4.0.",
"comment": "Needed for ServerSpec compatibility"
},
"resource_script": {
"action": "warn",
"action": "exit",
"suffix": "This resource will be removed in InSpec 4.0"
},
"resource_user_serverspec_compat": {
"action": "warn"
"action": "fail_control"
},
"resource_windows_registry_key": {
"action": "warn",
"suffix": "This resource will be removed in InSpec 4.0.",
"action": "exit",
"suffix": "This resource was removed in InSpec 4.0.",
"comment": "Needed for ServerSpec compatibility"
},
"serverspec_compatibility": {
@ -101,11 +101,11 @@
"action": "warn"
},
"mount_parser_serverspec_compat": {
"action": "warn"
"action": "fail_control"
},
"wmi_non_hash_usage": {
"action": "warn",
"suffix": "This property will be removed in InSpec 4.0."
"action": "fail_control",
"suffix": "This property was removed in InSpec 4.0."
}
}
}

268
test/functional/filter_table_test.rb
View file

@ -1,192 +1,126 @@
require 'functional/helper'
describe '2943 inspec exec for filter table profile, method mode for `where' do
describe 'filtertable functional tests' do
include FunctionalHelper
let(:run_opts) { { json: true, ignore_rspec_deprecations: true } }
let(:ft_profile_path) { File.join(profile_path, 'filter_table') }
it 'positive tests should pass' do
controls = [
'2943_pass_undeclared_field_in_hash',
'2943_pass_irregular_row_key',
'2943_pass_raise_error_when_key_not_in_data',
'2943_pass_allow_symbols_as_criteria_when_data_is_string_keyed',
'2943_pass_allow_strings_as_criteria_when_data_is_symbol_keyed',
'2943_pass_no_error_when_no_data',
]
cmd = 'exec ' + File.join(profile_path, 'filter_table')
cmd += ' --reporter json --no-create-lockfile'
cmd += ' --controls ' + controls.join(' ')
cmd = inspec(cmd)
# RSpec keeps issuing a deprecation count to stdout; I can't seem to disable it.
output = cmd.stdout.split("\n").reject {|line| line =~ /deprecation/}.join("\n")
data = JSON.parse(output)
failed_controls = data['profiles'][0]['controls'].select { |ctl| ctl['results'][0]['status'] == 'failed' }
control_hash = {}
failed_controls.each do |ctl|
control_hash[ctl['id']] = ctl['results'][0]['message']
end
control_hash.must_be_empty
cmd.exit_status.must_equal 0
def run_result_for_controls(controls)
cmd = 'exec ' + ft_profile_path + ' --controls ' + controls.join(' ')
run_inspec_process(cmd, run_opts)
end
it 'negative tests should fail but not abort' do
controls = [
'2943_fail_derail_check',
]
def failed_control_test_outcomes(run_result)
failed_controls = run_result.payload.json['profiles'][0]['controls'].select { |ctl| ctl['results'][0]['status'] == 'failed' }
cmd = inspec('exec ' + File.join(profile_path, 'filter_table') + ' --reporter json --no-create-lockfile' + ' --controls ' + controls.join(' '))
data = JSON.parse(cmd.stdout)
failed_controls = data['profiles'][0]['controls'].select { |ctl| ctl['results'][0]['status'] == 'failed' }
# Re-package any failed controls into a hash mapping control_id => message
# We will later test against this, as it provides more informative test output
control_hash = {}
failed_controls.each do |ctl|
control_hash[ctl['id']] = ctl['results'][0]['message']
end
control_hash
end
def expect_clean_run(controls)
run_result = run_result_for_controls(controls)
outcome_hash = failed_control_test_outcomes(run_result)
outcome_hash.must_be_empty
run_result.exit_status.must_equal 0
end
def expect_all_fail_run(controls)
run_result = run_result_for_controls(controls)
outcome_hash = failed_control_test_outcomes(run_result)
controls.each do |expected_control|
control_hash.keys.must_include(expected_control)
outcome_hash.keys.must_include(expected_control)
end
cmd.stderr.must_equal ''
cmd.exit_status.must_equal 100
end
end
describe '3103 default methods for filter table' do
include FunctionalHelper
it 'positive tests should pass' do
controls = [
'3103_where_defined',
'3103_entries_defined',
'3103_raw_data_defined',
'3103_exists_defined',
'3103_count_defined',
]
cmd = 'exec ' + File.join(profile_path, 'filter_table')
cmd += ' --reporter json --no-create-lockfile'
cmd += ' --controls ' + controls.join(' ')
cmd = inspec(cmd)
# RSpec keeps issuing a deprecation count to stdout
# See https://github.com/inspec/inspec/pull/3560
output = cmd.stdout.split("\n").reject {|line| line =~ /deprecation/}.join("\n")
data = JSON.parse(output)
failed_controls = data['profiles'][0]['controls'].select { |ctl| ctl['results'][0]['status'] == 'failed' }
control_hash = {}
failed_controls.each do |ctl|
control_hash[ctl['id']] = ctl['results'][0]['message']
end
control_hash.must_be_empty
cmd.exit_status.must_equal 0
end
end
describe '2370 lazy_load for filter table' do
include FunctionalHelper
it 'positive tests should pass' do
controls = [
'2370_where_block',
'2370_where_block_only_referenced',
'2370_where_method',
'2370_where_method_only_referenced',
'2370_populate_once',
'2370_no_side_populate',
'2370_no_clobber',
'2370_list_property',
'2370_list_property_filter_method',
'2370_list_property_filter_block',
'2370_no_rows',
]
cmd = 'exec ' + File.join(profile_path, 'filter_table')
cmd += ' --reporter json --no-create-lockfile'
cmd += ' --controls ' + controls.join(' ')
cmd = inspec(cmd)
# RSpec keeps issuing a deprecation count to stdout
# See https://github.com/inspec/inspec/pull/3560
output = cmd.stdout.split("\n").reject {|line| line =~ /deprecation/}.join("\n")
data = JSON.parse(output)
failed_controls = data['profiles'][0]['controls'].select { |ctl| ctl['results'][0]['status'] == 'failed' }
control_hash = {}
failed_controls.each do |ctl|
control_hash[ctl['id']] = ctl['results'][0]['message']
end
control_hash.must_be_empty
cmd.exit_status.must_equal 0
run_result.stderr_ignore_deprecations.must_equal '' # TODO: we have a cli_option_json_config triggering somewhere
run_result.exit_status.must_equal 100
end
it 'negative tests should fail but not abort' do
controls = [
'2370_fail_proc_handle_exception',
]
cmd = inspec('exec ' + File.join(profile_path, 'filter_table') + ' --reporter json --no-create-lockfile' + ' --controls ' + controls.join(' '))
data = JSON.parse(cmd.stdout)
failed_controls = data['profiles'][0]['controls'].select { |ctl| ctl['results'][0]['status'] == 'failed' }
control_hash = {}
failed_controls.each do |ctl|
control_hash[ctl['id']] = ctl['results'][0]['message']
end
controls.each do |expected_control|
control_hash.keys.must_include(expected_control)
describe '2943 inspec exec for filter table profile, method mode for `where' do
it 'positive tests should pass' do
controls = [
'2943_pass_undeclared_field_in_hash',
'2943_pass_irregular_row_key',
'2943_pass_raise_error_when_key_not_in_data',
'2943_pass_allow_symbols_as_criteria_when_data_is_string_keyed',
'2943_pass_allow_strings_as_criteria_when_data_is_symbol_keyed',
'2943_pass_no_error_when_no_data',
]
expect_clean_run(controls)
end
cmd.stderr.must_equal ''
cmd.exit_status.must_equal 100
it 'negative tests should fail but not abort' do
controls = [
'2943_fail_derail_check',
]
expect_all_fail_run(controls)
end
end
end
describe '2929 exceptions in block-mode where' do
include FunctionalHelper
it 'positive tests should pass' do
controls = [
'2929_exception_in_where',
]
cmd = inspec('exec ' + File.join(profile_path, 'filter_table') + ' --reporter json --no-create-lockfile' + ' --controls ' + controls.join(' '))
data = JSON.parse(cmd.stdout)
failed_controls = data['profiles'][0]['controls'].select { |ctl| ctl['results'][0]['status'] == 'failed' }
control_hash = {}
failed_controls.each do |ctl|
control_hash[ctl['id']] = ctl['results'][0]['message']
describe '3103 default methods for filter table' do
it 'positive tests should pass' do
controls = [
'3103_where_defined',
'3103_entries_defined',
'3103_raw_data_defined',
'3103_exists_defined',
'3103_count_defined',
]
expect_clean_run(controls)
end
control_hash.must_be_empty
cmd.stderr.must_equal ''
cmd.exit_status.must_equal 0
end
end
describe '3110 do not expose block-valued properties in raw data' do
include FunctionalHelper
it 'positive tests should pass' do
controls = [
'3110_entries_defined',
'3110_raw_data_defined',
]
cmd = 'exec ' + File.join(profile_path, 'filter_table')
cmd += ' --reporter json --no-create-lockfile'
cmd += ' --controls ' + controls.join(' ')
cmd = inspec(cmd)
# RSpec keeps issuing a deprecation count to stdout
# See https://github.com/inspec/inspec/pull/3560
output = cmd.stdout.split("\n").reject {|line| line =~ /deprecation/}.join("\n")
data = JSON.parse(output)
failed_controls = data['profiles'][0]['controls'].select { |ctl| ctl['results'][0]['status'] == 'failed' }
control_hash = {}
failed_controls.each do |ctl|
control_hash[ctl['id']] = ctl['results'][0]['message']
describe '2370 lazy_load for filter table' do
it 'positive tests should pass' do
controls = [
'2370_where_block',
'2370_where_block_only_referenced',
'2370_where_method',
'2370_where_method_only_referenced',
'2370_populate_once',
'2370_no_side_populate',
'2370_no_clobber',
'2370_list_property',
'2370_list_property_filter_method',
'2370_list_property_filter_block',
'2370_no_rows',
]
expect_clean_run(controls)
end
it 'negative tests should fail but not abort' do
controls = [
'2370_fail_proc_handle_exception',
]
expect_all_fail_run(controls)
end
control_hash.must_be_empty
cmd.exit_status.must_equal 0
end
end
describe '2929 exceptions in block-mode where' do
include FunctionalHelper
it 'positive tests should pass' do
controls = [
'2929_exception_in_where',
]
expect_clean_run(controls)
end
end
describe '3110 do not expose block-valued properties in raw data' do
include FunctionalHelper
it 'positive tests should pass' do
controls = [
'3110_entries_defined',
'3110_raw_data_defined',
]
expect_clean_run(controls)
end
end
end

16
test/functional/helper.rb
View file

@ -42,6 +42,16 @@ module Inspec
msg += "\nSTDERR:\n" + stderr
msg.must_equal ''
end
def stderr_ignore_deprecations
suffix = stderr.end_with?("\n") ? "\n" : ''
stderr.split("\n").reject { |l| l.include? ' DEPRECATION: ' }.join("\n") + suffix
end
def stdout_ignore_deprecations
suffix = stdout.end_with?("\n") ? "\n" : ''
stdout.split("\n").reject { |l| l.include? ' DEPRECATION: ' }.join("\n") + suffix
end
end
end
@ -154,6 +164,12 @@ module FunctionalHelper
run_result = inspec(command_line, prefix)
end
if opts[:ignore_rspec_deprecations]
# RSpec keeps issuing a deprecation count to stdout when .should is called explicitly
# See https://github.com/inspec/inspec/pull/3560
run_result.stdout.sub!("\n1 deprecation warning total\n", '')
end
if opts[:json]
begin
run_result.payload.json = JSON.parse(run_result.stdout)

2
test/functional/inspec_check_test.rb
View file

@ -11,7 +11,7 @@ describe 'inspec check' do
describe 'inspec check with json formatter' do
it 'can check a profile and produce valid JSON' do
out = inspec('check ' + integration_test_path + ' --format json')
out = inspec('check ' + example_profile + ' --format json')
out.exit_status.must_equal 0
JSON.parse(out.stdout)
end

7
test/functional/inspec_vendor_test.rb
View file

@ -101,18 +101,19 @@ describe 'example inheritance profile' do
end
it 'ensure json/check command do not fetch remote profiles if vendored' do
prepare_examples('meta-profile') do |dir|
prepare_examples('profile') do |dir|
out = inspec('vendor ' + dir + ' --overwrite')
out.stderr.must_equal ''
out.exit_status.must_equal 0
out = inspec('json ' + dir + ' --output ' + dst.path)
out.stderr.must_equal ''
out.exit_status.must_equal 0
hm = JSON.load(File.read(dst.path))
hm['name'].must_equal 'meta-profile'
hm['controls'].length.must_be :>=, 78
hm['name'].must_equal 'profile'
hm['controls'].length.must_be :>=, 4
# out.stdout.scan(/Copy .* to cache directory/).length.must_equal 3
# out.stdout.scan(/Dependency does not exist in the cache/).length.must_equal 1

2
test/unit/mock/profiles/inputs/metadata-invalid/inspec.yml
View file

@ -9,4 +9,4 @@ version: 0.1.0
attributes:
- name: val_color
type: color
default: black
value: black