From a12dfcfdc069dbc01300464e2de835b81b6fefde Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Fri, 24 Apr 2020 13:57:28 -0400 Subject: [PATCH 1/5] Add a failing test case for 4769 Signed-off-by: Clinton Wolfe --- .../inputs/undeclared/controls/undeclared.rb | 3 +++ .../inputs/undeclared/files/inputs.yaml | 5 +++++ .../profiles/inputs/undeclared/inspec.yml | 17 +++++++++++++++++ test/functional/inputs_test.rb | 12 ++++++++++++ 4 files changed, 37 insertions(+) create mode 100644 test/fixtures/profiles/inputs/undeclared/files/inputs.yaml diff --git a/test/fixtures/profiles/inputs/undeclared/controls/undeclared.rb b/test/fixtures/profiles/inputs/undeclared/controls/undeclared.rb index 815c666df..ba0fe5e66 100644 --- a/test/fixtures/profiles/inputs/undeclared/controls/undeclared.rb +++ b/test/fixtures/profiles/inputs/undeclared/controls/undeclared.rb @@ -1,3 +1,6 @@ +# Note this one is outside a control block +discard_me = input('undeclared_00') + control 'start_marker' do describe('dummy_test_01') do it { should cmp 'dummy_test_01'} diff --git a/test/fixtures/profiles/inputs/undeclared/files/inputs.yaml b/test/fixtures/profiles/inputs/undeclared/files/inputs.yaml new file mode 100644 index 000000000..8e52f0c69 --- /dev/null +++ b/test/fixtures/profiles/inputs/undeclared/files/inputs.yaml @@ -0,0 +1,5 @@ +undeclared_00: "undeclared_00" +undeclared_01: "undeclared_01" +undeclared_02: "undeclared_02" +undeclared_03: "undeclared_03" +undeclared_04: "undeclared_04" diff --git a/test/fixtures/profiles/inputs/undeclared/inspec.yml b/test/fixtures/profiles/inputs/undeclared/inspec.yml index 32725e419..178286276 100644 --- a/test/fixtures/profiles/inputs/undeclared/inspec.yml +++ b/test/fixtures/profiles/inputs/undeclared/inspec.yml @@ -6,3 +6,20 @@ copyright_email: you@example.com license: Apache-2.0 summary: A profile mentioning an attribute in a control file that has not otherwise been mentioned version: 0.1.0 + +inputs: + - name: undeclared_00 + required: true + type: string + - name: undeclared_01 + required: true + type: string + - name: undeclared_02 + required: true + type: string + - name: undeclared_03 + required: true + type: string + - name: undeclared_04 + required: true + type: string diff --git a/test/functional/inputs_test.rb b/test/functional/inputs_test.rb index 26dd75233..2644cf864 100644 --- a/test/functional/inputs_test.rb +++ b/test/functional/inputs_test.rb @@ -293,4 +293,16 @@ describe "inputs" do assert_json_controls_passing(result) end end + # Addresses https://github.com/inspec/inspec/issues/4769 + describe "when using a profile with undeclared (valueless) inputs and an input file" do + it "should not warn and run normally" do + cmd = "exec #{inputs_profiles_path}/undeclared --input-file #{inputs_profiles_path}/undeclared/files/inputs.yaml" + + result = run_inspec_process(cmd, json: true) + + _(result.stderr).must_be_empty + assert_json_controls_passing(result) + end + end + end From e88dab4365c5de4c82d1aea5d048ee978a0960e2 Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Fri, 24 Apr 2020 14:13:07 -0400 Subject: [PATCH 2/5] Update message when input has no value Signed-off-by: Clinton Wolfe --- lib/inspec/input.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/inspec/input.rb b/lib/inspec/input.rb index 6c1987418..44037618d 100644 --- a/lib/inspec/input.rb +++ b/lib/inspec/input.rb @@ -105,8 +105,8 @@ module Inspec if Inspec::BaseCLI.inspec_cli_command == :exec Inspec::Log.warn( "Input '#{@name}' does not have a value. "\ - "Use --input-file to provide a value for '#{@name}' or specify a "\ - "value with `attribute('#{@name}', value: 'somevalue', ...)`." + "Use --input-file or --input to provide a value for '#{@name}' or specify a "\ + "value with `input('#{@name}', value: 'somevalue', ...)`." ) end end From 58e8bc516714c3a91cbbb543665fcd08c0bff758 Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Fri, 24 Apr 2020 16:38:11 -0400 Subject: [PATCH 3/5] Divide tests into undeclared and required groups Signed-off-by: Clinton Wolfe --- .../inputs/required/controls/required.rb | 14 +++++++ .../inputs/required/files/inputs.yaml | 1 + .../profiles/inputs/required/inspec.yml | 13 +++++++ .../inputs/undeclared/files/inputs.yaml | 5 --- .../profiles/inputs/undeclared/inspec.yml | 17 --------- test/functional/inputs_test.rb | 37 +++++++++++++++---- 6 files changed, 58 insertions(+), 29 deletions(-) create mode 100644 test/fixtures/profiles/inputs/required/controls/required.rb create mode 100644 test/fixtures/profiles/inputs/required/files/inputs.yaml create mode 100644 test/fixtures/profiles/inputs/required/inspec.yml delete mode 100644 test/fixtures/profiles/inputs/undeclared/files/inputs.yaml diff --git a/test/fixtures/profiles/inputs/required/controls/required.rb b/test/fixtures/profiles/inputs/required/controls/required.rb new file mode 100644 index 000000000..438b51a0e --- /dev/null +++ b/test/fixtures/profiles/inputs/required/controls/required.rb @@ -0,0 +1,14 @@ + +control 'start_marker' do + describe('dummy_test_01') do + it { should cmp 'dummy_test_01'} + end +end + +discard_me = input('required_01') + +control 'end_marker' do + describe('dummy_test_04') do + it { should cmp 'dummy_test_04'} + end +end diff --git a/test/fixtures/profiles/inputs/required/files/inputs.yaml b/test/fixtures/profiles/inputs/required/files/inputs.yaml new file mode 100644 index 000000000..46945bfcf --- /dev/null +++ b/test/fixtures/profiles/inputs/required/files/inputs.yaml @@ -0,0 +1 @@ +required_01: "required_01" diff --git a/test/fixtures/profiles/inputs/required/inspec.yml b/test/fixtures/profiles/inputs/required/inspec.yml new file mode 100644 index 000000000..f0009c8c9 --- /dev/null +++ b/test/fixtures/profiles/inputs/required/inspec.yml @@ -0,0 +1,13 @@ +name: required_inputs +title: InSpec Profile +maintainer: The Authors +copyright: The Authors +copyright_email: you@example.com +license: Apache-2.0 +summary: A profile mentioning an input in a control file that is required +version: 0.1.0 + +inputs: + - name: required_01 + required: true + type: string diff --git a/test/fixtures/profiles/inputs/undeclared/files/inputs.yaml b/test/fixtures/profiles/inputs/undeclared/files/inputs.yaml deleted file mode 100644 index 8e52f0c69..000000000 --- a/test/fixtures/profiles/inputs/undeclared/files/inputs.yaml +++ /dev/null @@ -1,5 +0,0 @@ -undeclared_00: "undeclared_00" -undeclared_01: "undeclared_01" -undeclared_02: "undeclared_02" -undeclared_03: "undeclared_03" -undeclared_04: "undeclared_04" diff --git a/test/fixtures/profiles/inputs/undeclared/inspec.yml b/test/fixtures/profiles/inputs/undeclared/inspec.yml index 178286276..32725e419 100644 --- a/test/fixtures/profiles/inputs/undeclared/inspec.yml +++ b/test/fixtures/profiles/inputs/undeclared/inspec.yml @@ -6,20 +6,3 @@ copyright_email: you@example.com license: Apache-2.0 summary: A profile mentioning an attribute in a control file that has not otherwise been mentioned version: 0.1.0 - -inputs: - - name: undeclared_00 - required: true - type: string - - name: undeclared_01 - required: true - type: string - - name: undeclared_02 - required: true - type: string - - name: undeclared_03 - required: true - type: string - - name: undeclared_04 - required: true - type: string diff --git a/test/functional/inputs_test.rb b/test/functional/inputs_test.rb index 2644cf864..f13cd122b 100644 --- a/test/functional/inputs_test.rb +++ b/test/functional/inputs_test.rb @@ -293,16 +293,39 @@ describe "inputs" do assert_json_controls_passing(result) end end + # Addresses https://github.com/inspec/inspec/issues/4769 - describe "when using a profile with undeclared (valueless) inputs and an input file" do - it "should not warn and run normally" do - cmd = "exec #{inputs_profiles_path}/undeclared --input-file #{inputs_profiles_path}/undeclared/files/inputs.yaml" + describe "when using a profile with required inputs" do + describe "when the values are not provided" do + it "should emit an error and exit code 1" do + cmd = "exec #{inputs_profiles_path}/required" - result = run_inspec_process(cmd, json: true) + result = run_inspec_process(cmd, json: true) - _(result.stderr).must_be_empty - assert_json_controls_passing(result) + _(result.stderr).must_include "Input 'required_01'" + _(result.stderr).must_include "does not have a value" + assert_exit_code 1, result + end + end + describe "when the values are provided by an input file" do + it "should not warn and run normally" do + cmd = "exec #{inputs_profiles_path}/required --input-file #{inputs_profiles_path}/required/files/inputs.yaml" + + result = run_inspec_process(cmd, json: true) + + _(result.stderr).must_be_empty + assert_json_controls_passing(result) + end + end + describe "when the values are provided by a CLI flag" do + it "should not warn and run normally" do + cmd = "exec #{inputs_profiles_path}/required --input required_01=anything" + + result = run_inspec_process(cmd, json: true) + + _(result.stderr).must_be_empty + assert_json_controls_passing(result) + end end end - end From 131d6678dece0726c639d39a32ae2f13f5e5873c Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Fri, 24 Apr 2020 16:38:57 -0400 Subject: [PATCH 4/5] Fix for prematurely warning when checking for input value Signed-off-by: Clinton Wolfe --- lib/inspec/input.rb | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/inspec/input.rb b/lib/inspec/input.rb index 44037618d..d3f5d6abe 100644 --- a/lib/inspec/input.rb +++ b/lib/inspec/input.rb @@ -98,11 +98,11 @@ module Inspec # not been assigned a value. This allows a user to explicitly assign nil # to an input. class NO_VALUE_SET # rubocop: disable Naming/ClassAndModuleCamelCase - def initialize(name) + def initialize(name, obnoxiously_warn = true) @name = name # output warn message if we are in a exec call - if Inspec::BaseCLI.inspec_cli_command == :exec + if obnoxiously_warn && Inspec::BaseCLI.inspec_cli_command == :exec Inspec::Log.warn( "Input '#{@name}' does not have a value. "\ "Use --input-file or --input to provide a value for '#{@name}' or specify a "\ @@ -277,7 +277,7 @@ module Inspec end # Determine the current winning value, but don't validate it - def current_value + def current_value(warn_on_missing = true) # Examine the events to determine highest-priority value. Tie-break # by using the last one set. events_that_set_a_value = events.select(&:value_has_been_set?) @@ -287,7 +287,7 @@ module Inspec if winning_event.nil? # No value has been set - return special no value object - NO_VALUE_SET.new(name) + NO_VALUE_SET.new(name, warn_on_missing) else winning_event.value # May still be nil end @@ -315,7 +315,7 @@ module Inspec end def has_value? - !current_value.is_a? NO_VALUE_SET + !current_value(false).is_a? NO_VALUE_SET end def to_hash @@ -348,7 +348,7 @@ module Inspec # skip if we are not doing an exec call (archive/vendor/check) return unless Inspec::BaseCLI.inspec_cli_command == :exec - proposed_value = current_value + proposed_value = current_value(false) if proposed_value.nil? || proposed_value.is_a?(NO_VALUE_SET) error = Inspec::Input::RequiredError.new error.input_name = name @@ -363,7 +363,7 @@ module Inspec type_req = type return if type_req == "Any" - proposed_value = current_value + proposed_value = current_value(false) invalid_type = false if type_req == "Regexp" From 5a7ad0c3525581a4d33f59194a6f97f79fc3bc68 Mon Sep 17 00:00:00 2001 From: Clinton Wolfe Date: Thu, 30 Apr 2020 15:36:25 -0400 Subject: [PATCH 5/5] Don't be obnoxious Signed-off-by: Clinton Wolfe --- lib/inspec/input.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/inspec/input.rb b/lib/inspec/input.rb index d3f5d6abe..62df7ea79 100644 --- a/lib/inspec/input.rb +++ b/lib/inspec/input.rb @@ -98,11 +98,11 @@ module Inspec # not been assigned a value. This allows a user to explicitly assign nil # to an input. class NO_VALUE_SET # rubocop: disable Naming/ClassAndModuleCamelCase - def initialize(name, obnoxiously_warn = true) + def initialize(name, warn_on_create = true) @name = name # output warn message if we are in a exec call - if obnoxiously_warn && Inspec::BaseCLI.inspec_cli_command == :exec + if warn_on_create && Inspec::BaseCLI.inspec_cli_command == :exec Inspec::Log.warn( "Input '#{@name}' does not have a value. "\ "Use --input-file or --input to provide a value for '#{@name}' or specify a "\