Commit graph

1303 commits

Author SHA1 Message Date
Steven Danna
9bb65bd60c Use per-profile execution contexts for library loading
Previously, libraries were loaded by instance_eval'ing them against
the same execution context used for control files.  All resources were
registered against a single global registry when the `name` dsl method
was invoked.  To obtain seperation of resources, we would mutate the
instance variable holding the globale registry and then change it back
at the end.

Now, we instance_eval library files inside an anonymous class.  This
class has its own version of `Inspec.resource` that returns another
class with the resource DSL method and the profile-specific resource
registry.
2016-09-04 20:55:20 +02:00
Steven Danna
5fdf659df1 Load all dependent libraries, even if include_context isn't called
The goal of these changes is to ensure that the libraries from
dependencies are loaded even if their controls are never included.  To
facilitate this, we break up the loading into seperate steps, and move
the loading code into the Profile which has acceess to the dependency
information.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-04 20:55:20 +02:00
Steven Danna
384ccb610c Initial attempt at isolating resources between dependencies
Previously, all resources were loaded into a single resource registry.
Now, each profile context has a resource registry, when a profile's
library is loaded into the profile context, we update the
profile-context-specific resource registry.  This local registry is
then used to populate the execution context that the rules are
evaluated in.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-04 20:55:20 +02:00
Christoph Hartmann
a116406b4e Merge pull request #1014 from jeremymv2/fix_apache_conf
Fix apache conf
2016-09-04 20:18:16 +02:00
Jeremy J. Miller
898fe125f2 keep os logic in apache resource 2016-09-04 13:27:14 -04:00
Victoria Jeffrey
0667c334e9 fix inherited profile cli report for realz this time 2016-09-04 18:28:01 +02:00
Victoria Jeffrey
99ce09c4ac fix inherited profile cli report 2016-09-04 18:28:01 +02:00
Jeremy J. Miller
5774dacfea use inspec.os.debian? 2016-09-02 13:57:35 -04:00
Jeremy J. Miller
3919d33ccb fixing apache_conf.conf_dir 2016-09-02 13:44:16 -04:00
Alex Pop
f1b1794ee5 fix os exception 2016-09-02 15:24:50 +01:00
Victoria Jeffrey
5d5aa6354d fix and add test 2016-09-01 20:39:52 -04:00
Victoria Jeffrey
a779d1813d print exception msg for tests in anonymous describe block 2016-09-01 20:39:52 -04:00
Victoria Jeffrey
662de80d1d include status icon in printed tests even when only one 2016-09-01 20:39:52 -04:00
Victoria Jeffrey
1d15e8bc4b only print no tests executed when no tests have been executed 2016-09-01 20:39:52 -04:00
Martin Hegarty
e6eb6d8d36 Allow for windows service name with spaces 2016-08-31 15:01:07 +01:00
Jeremy J. Miller
0d817017bb changed regex for integer to allow 0 2016-08-29 19:39:39 -04:00
Jeremy J. Miller
53dbaa9c3e add test 2016-08-29 15:57:46 -04:00
Steven Danna
4941ec69fd
Minor refactor and explanatory comments
This is a minor refactor that I did while studying our loading code in
preparation for some deeper changes to how content loading works. The
overall goal of the refactor is to remove a few places where we were
passing a generic options hash and then only accessing a single item.

The comment hopefully clarifies to new developers in the code base how
content loading works at a high level.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-29 10:23:15 +01:00
Christoph Hartmann
202d4e0f97 0.32.0 2016-08-26 11:45:00 +02:00
Victoria Jeffrey
d6ee153aaa print controls, then tests. print describe block header then each test 2016-08-26 10:12:56 +02:00
Victoria Jeffrey
1c31e3779e print individual tests when in describe block 2016-08-26 10:12:24 +02:00
Christoph Hartmann
dd06709d6e switch from deprecated script resource to powershell resource for user resource 2016-08-26 09:33:35 +02:00
Kartik Null Cating-Subramanian
89976219b9 Add windows user SID as 'UID' in user resource. Fix #960 2016-08-26 09:27:03 +02:00
Christoph Hartmann
8de1b9fe7b Merge pull request #978 from nvtkaszpir/patch-1
Update port.rb Documentation
2016-08-26 09:12:35 +02:00
Kartik Null Cating-Subramanian
1243d9475d Rubocoooop! 2016-08-25 14:22:15 -04:00
Michał Sochoń
3c106096b9 Update port.rb 2016-08-25 19:57:41 +02:00
Michał Sochoń
8b6107c5b9 Update port.rb
fix comment section, expand example section
2016-08-25 17:03:41 +02:00
Steven Danna
fd87b679be Minor refactor of Inspec::Profile#load_checks_params 2016-08-25 14:42:55 +02:00
Steven Danna
6034ece853 Initial control isolation support
The goal of this change is to provide an isolated view of the available
profiles when the user calls the include_controls or require_controls
APIs.  Namely,

- A profile should only be able to reference profiles that are part of
  its transitive dependency tree. That is, if the dependency tree for a
  profile looks like the following:

  A
  |- B --> C
  |
  |- D --> E

  Then profile B should only be able to see profile C and fail if it
  tries to reference A, D, or E.

- The same profile should be include-able at different versions from
  different parts of the tree without conflict.  That is, if the
  dependency tree for a profile looks like the following:

  A
  |- B --> C@1.0
  |
  |- D --> C@2.0

  Then profile B should see the 1.0 version of C and profile D should
  see the 2.0 profile C with respect to the included controls.

To achieve these goals we:

- Ensure that we construct ProfileContext objects with respect to the
  correct dependencies in Inspec::DSL.

- Provide a method of accessing all transitively defined rules on a
  ProfileContext without pushing all of the rules onto the same global
  namespace.

This does not yet handle attributes or libraries.
2016-08-25 14:42:55 +02:00
Christoph Hartmann
1300900693 add unit test for local fetcher with windows path support 2016-08-24 16:23:27 +02:00
Annie Hedgpeth
fe5c7c49a4 Attempt at a bug fix to read backslashes as forward slashes in local fetcher 2016-08-24 15:11:20 +02:00
Christoph Hartmann
3182978e85 fix lint 2016-08-24 14:40:26 +02:00
Kartik Null Cating-Subramanian
db032e437e Speed up windows package lookup - maybe 2016-08-24 14:33:56 +02:00
Steven Danna
ed179ac088
Only redirect logging to STDERR if format=json
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-24 09:12:59 +01:00
Steven Danna
80fe61b8cd
Expand relative paths based on profile location
Also: Log to STDERR by default

NB: This will result in absolute paths being rendered to lock files. We
think that is OK for now since we are going to build some UX around
path-based dependencies and lock files.  Namely, we are going to tell
people it is a bad idea.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-24 09:12:56 +01:00
Anirudh Gupta
4041f1898e can check windows service startup mode now 2016-08-24 02:01:10 +05:30
username-is-already-taken2
52c52d565f Update host.rb
Resolved an issue checking ports on windows

The previous version wasn't really checking if a port was accessible as we were only validating if the ping succeeded. Using TcpTestSucceeded to determine if the connection worked or not.
2016-08-23 17:15:33 +02:00
Steven Danna
366e65b198
Add the start of tests for the Resolver class
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-23 14:50:12 +01:00
Steven Danna
d64b72d71d
Replace Molinillo-based resolver
The Molinillo library is a good library for systems that need a
constraint solver that will solve dependency problems requiring a single
version of each named dependency.

In our case, the eventual goal is to allow libraries to have conflicting
transitive dependencies at runtime. Isolation will be provided by
restricting all calls within a given profile to scope which can only see
that profile's dependencies.

To facilitate working on the isolation feature, I've replaced the
Molinillo-based resolver with a minimal resolver which will allow us to
load multiple versions of the same library.

Since we will likely want a good amount of logging around this feature
in the future, I've added a Inspec::Log singleton-style class, replacing
the previous Inpsec::Log which appeared unused in the code base.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-23 14:27:57 +01:00
Steven Danna
d9b6210d30
Remove unused url functions from fetchers
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-23 13:54:56 +01:00
Steven Danna
02d611e68c
Add archive_path helper to Tar and Url fetchers
Eventually I think we'll want this as part of the fetcher API generally.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-23 13:54:56 +01:00
Steven Danna
a6ec345eac
Don't set nil cwd in inspec/profile 2016-08-23 13:54:56 +01:00
Steven Danna
3049eb1388
Add comments based on code review and plans for future work
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-23 13:54:56 +01:00
Steven Danna
9c1b82e7d4
Add prototype of inspec.lock
This adds a basic prototype of inspec.lock. When the lockfile exists on
disk, the dependencies tree is constructed using the information in the
lock file rather than using the resolver.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-23 13:54:55 +01:00
Christoph Hartmann
13e9a69701 Merge pull request #945 from chef/os_helpers
Add darwin helper
2016-08-23 13:55:58 +02:00
Tim Smith
d953986d25 Add darwin helper
Signed-off-by: Tim Smith <tsmith@chef.io>
2016-08-23 10:37:52 +02:00
Kartik Null Cating-Subramanian
039c760545 Fixup behavior and add functional tests 2016-08-23 03:07:23 +02:00
Kartik Null Cating-Subramanian
01763d43ed Fix command evaluation for inspec shell -c 2016-08-23 03:07:23 +02:00
Christoph Hartmann
2ac94cb947 0.31.0 2016-08-19 20:05:56 +02:00
Kartik Null Cating-Subramanian
83d9deda4f inspec shell documentation 2016-08-19 19:29:32 +02:00