* Leverage existance check in Compliance::Fetcher.resolve to not re-download locally cached profiles
* Move logic from Compliance::API.exist? to Compliance::API.profiles to reuse code in cases where we need to access profiles' metadata directly.
* Declare @upstream_sha256 if target is a string
* Handle other fetchers that don't support upstream_sha256 within Inspec::CachedFetcher.initialize
* Add initialize for Compliance::Fetcher to not pollute Fetchers::Url with its logic
* Add Compliance::Fetcher.sha256 to leverage upstream_sha256 instead of relying on inherited method from Fetchers::Url
* Revert changes to cached fetcher that are unnecessary after refactor
* Pacify the god of ruby syntax
* Move Compliance::API.profiles filtering logic to end of method to leverage normalization of mapped_profiles
* Add and update unit tests to support caching with Compliance::Fetcher.upstream_sha256
Signed-off-by: Josh Hudson <jhudson@chef.io>
* Functional tests for userdir option
* Accepts --config-dir CLI option
* Actually loads a config file from the config dir, more cases to test
* Able to load config and verify contents from config-dir
* Functional tests to ensure precedence for config options
* Enable setting config dir via env var
* .inspec, not .inspec.d
* Begin converting PluginCtl to PluginLoader/Registry
* Able to load and partially validate the plugins.json file
* More work on the plugin loader
* Break the world, move next gen stuff to plugin/
* Be sure to require base cli in bundled plugins
* Move test file
* Revert changes to v1 plugin, so we can have a separate one
* Checkpoint commit
* Move v2 plugin work to v2 area
* Move plugins v1 code into an isolated directory
* rubocop fixes
* Rip out the stuff about a user-dir config file, just use a plugin file
* Two psuedocode test file
* Working base API, moock plugin type, and loader.
* Adjust load path to be more welcoming
* Silence circular depencency warning, which was breaking a unit test
* Linting
* Fix plugin type registry, add tests to cover
* Feedback from Jerry
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add insecure option to the automate report json.
* Add in automate and compliance json documentation.
* Fix typo.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add handling for OWCA login via `compliance login`
OpsWorks Chef Automate currently returns a 200 for the
`/compliance/version` endpoint and redirects to the Chef Manage page.
This adds support to `inspec compliance login` to accept this as valid
behavior and continue with the login.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Add test case for 200 response but no Chef Manage
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Add debug info and split `determine_server_type`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Appease RuboCop
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Remove forced returns from `determine_server_type`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Add `false` code path for non-200/non-401 response
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Reword debug messages
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
Neither of these cops is helping us write good code, and GuardClause
specifically is actually contributing to us writing sometimes-unclear
code. Disabling both of these cops and removing all unnecessary disable
decorators in the codebase.
Signed-off-by: Adam Leff <adam@leff.co>
* Bump Rubocop to 0.49.1
This change bumps Rubocop to 0.49.1. There have been a lot of changes
since 0.39.0 and this PR is hopefully a nice compromise of turning off
certain cops and updating our codebase to take advantage of new Ruby
2.3 methods and operators.
Signed-off-by: Adam Leff <adam@leff.co>
* Set end-of-line format to line-feed only, avoid Windows-related CRLF issues
Signed-off-by: Adam Leff <adam@leff.co>
* allow users to configure the profiles namespace
By default it uses the username of the user that is logged into the system. However, the user can now specify the `--user` on the cli to list profiles from a user other than his own domain.
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
* allow users to provide owner for profile listing and uploading
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
* use config only
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
This allows a user to specify an Automate server without prepending
`https://`. Without this, anything using the `url` fetcher will fail
because `open` doesn't interpret the argument as a URL.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Merge `login` and `login_automate` commands
This provides a single interface for logging into either Chef Automate
or Chef Compliance servers. Server type is evaluated at run time via
HTTP responses from designated endpoints.
This also moves the login logic from `Compliance::ComplianceCLI` to a
separate set of modules in `Compliance::API`. This removes logic from
Thor and allows for more in depth Unit testing.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Remove empty line below class definition
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Add message to `raise CannotDetermineServerType`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Refactor `token_info` assignment
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Remove unnecessary rubocop disable
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Modify `Login` module namespacing
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Remove mentions of login_automate and --usertoken
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Modify `determine_server_type` to return a symbol
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Add support for `login_automate` and `--usertoken`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Fix encoding typo
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Address PR feedback
This does the following:
- Moves `CannotDetermineServerType` error to `.login`
- Changes methods that store configuration to return the configuration
- Moves user output to one location in `.login`
- Makes other small improvements
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Support profile versions for automate profiles storage
Signed-off-by: Alex Pop <apop@chef.io>
* Add unit tests for inspec-compliance bundle
Signed-off-by: Alex Pop <apop@chef.io>
* Refactor target_url method, fix tests, fix rubocop errors
Signed-off-by: Adam Leff <adam@leff.co>
For cleanliness and ease of testing, I've moved the logic that
parses the server version from the compliance config to a
separate method.
Signed-off-by: Adam Leff <adam@leff.co>
The is_automate_server_pre_080? and is_automate_server_080_and_later?
methods needed some fixing. The Compliance configuration could have
a "version" key that was not nil but was an empty hash, indicating
that it came from a pre-0.8.x Automate server. What we really need
to look for is config['version']['version'] being nil?.
Signed-off-by: Adam Leff <adam@leff.co>
The Compliance::API.version method could potentially return
a hash containing no "version" key but would return an empty
hash upon any expected failure. Downstream callers of the
Compliance::API.version method were looking for a "version"
key to always be present when, in some cases, it would not be.
This change ensures that if a version is not available, there
is no "version" key in the hash, and downstream callers of this
method have been changed to check for nil instead of empty.
Signed-off-by: Adam Leff <adam@leff.co>
Non-url URIs may have lead to broader crashes than initially fixed. Overwrite all URL resolvers in the plugin to work with these non-schema URLs.
Fixes#1473
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
When attempting to parse the profile out of the target URL, we
were not raising an exception if we failed to do so. Such a situation
could arise if a user's inspec config.json is incorrect either due to
manual editing or failure to re-login after an upgrade past Automate
0.8.0.
This change provides a clear exception if this occurs and also adds
tests for the compliance_profile_name method.
Signed-off-by: Adam Leff <adam@leff.co>
We do not store a token in the config file but rather generate one on
each commmand. This is just a first pass and needs some work.
Signed-off-by: Montague, Brent <brent@bmontague.com>