Commit graph

31 commits

Author SHA1 Message Date
stubblyhead
ba0a1ea7a7 add bitbucket repo url handling (#1866)
* add bitbucket repo url handling

Signed-off-by: Mike Stevenson <Mike.Stevenson@us.logicalis.com>

* backout changes to .gitignore

* adding unit tests for bitbucket url transformers

Signed-off-by: Mike Stevenson <Mike.Stevenson@us.logicalis.com>

* fixing some indents

Signed-off-by: Mike Stevenson <Mike.Stevenson@us.logicalis.com>

* fix some indents

Signed-off-by: Mike Stevenson <Mike.Stevenson@us.logicalis.com>
2017-06-05 16:02:56 +02:00
Dominik Richter
7d1f16d9bf support FIPS 140-2 compliant digest calls
Calling the `digest` library directly unfortunately causes issues in FIPS 140-2 mode:

    sha512.c(81): OpenSSL internal error, assertion failed: Low level API call to digest SHA512 forbidden in FIPS mode!

Switching to `OpenSSL` as the caller resolve these issues

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-03 02:17:24 +02:00
Adam Leff
e1c664272e Break out profile vendor activities into separate class
Per PR feedback, `Inspec::ProfileVendor` is created to centralize
the logic and data of vendoring profile dependencies. The `BaseCLI`
class and the `Habitat::Profile` class have been modified to use it

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-29 10:22:20 +02:00
Adam Leff
8269d0da9e Support vendored profiles in Habitat-packaged profiles
This change adds support in Habitat-packaged profiles for
profiles that depend on other profiles. When `inspec habitat
profile create` or `inspec habitat profile upload` is run,
it will see if the profile's dependencies have been vendored
yet, and if not, it will vendor them before creating the
habitat artifact.

For the git and URL fetchers, more explicit creation of the
target directories for the vendored profiles is done. This
is implicitly done via normal CLI interactions a user may
go through, but in our case, we want to ensure those directories
are there before the fetchers try to write out content.

By adding this support, we also fix a bug experienced in Habitat
where a profile that was packaged before an `inspec exec` was run
for the profile would cause a failure in Habitat. This is caused
by `inspec exec` doing a vendor of the dependencies if necessary
and generating the inspec.lock file. In Habitat, the package dir
is not writable by the hab user and InSpec would fail to run due
to an inability to write out an inspec.lock.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-29 10:22:20 +02:00
Tom Duffield
1ea83f526c Address rubocop violations
Signed-off-by: Tom Duffield <tom@chef.io>
2017-02-08 16:49:16 -06:00
Victoria Jeffrey
60009b292b address comments
Signed-off-by: Victoria Jeffrey <vjeffrey@chef.io>
2016-11-30 13:27:50 +01:00
Victoria Jeffrey
bdf5eae15e Extend inspec compliance cli to support automate backend
Signed-off-by: Victoria Jeffrey <vjeffrey@chef.io>
2016-11-30 13:27:50 +01:00
Steven Danna
50b27c4b32 Avoid spurious downloads during dependency management
Before, a URL based source might be downloaded multiple times during the
dependency fetching and lockfile creation. This commit tries to avoid
this by:

1) Memoizing data about the archive to avoid re-fetching the archive

2) Adding a CachedFetcher wrapper around the fetcher class to help
ensure that callers always consult the cache before fetching.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-22 18:36:00 +02:00
Steven Danna
2f3a916080 Always write lockfiles for local top-level profiles
This commit threads through some state related to whether or not a
profile is "local", that is whether it is a directory on disk.  If it
is, we then write out the lockfile to disk.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-22 10:08:32 +02:00
Steven Danna
8d63db9a2b
Change :shasum key to :sha256 for future upgrade
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-21 10:51:04 +01:00
Steven Danna
6814d6ad2b
Fail if a remote source content doesn't match lockfile
If a URL based source does not match the shasum recorded in the
lockfile, it likely means a new version has been pushed to the remote
source. In this case, we fail to help ensure that when using a lockfile
we always run the same code as when the lockfile was created.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-21 10:15:52 +01:00
Steven Danna
120b3d895a
Allow supermarket:// and compliance:// in inspec.yml
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-09 14:14:37 +01:00
Steven Danna
85cbe713d7
Add GitFetcher and rework Fetchers+SourceReaders
This adds a new git fetcher. In doing so, it also refactors how the
fetchers work a bit to better support fetchers that need to resolve
user-provided sources to fully specified sources appropriate for a
lockfile.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-09 14:14:36 +01:00
Christoph Hartmann
1300900693 add unit test for local fetcher with windows path support 2016-08-24 16:23:27 +02:00
Annie Hedgpeth
fe5c7c49a4 Attempt at a bug fix to read backslashes as forward slashes in local fetcher 2016-08-24 15:11:20 +02:00
Steven Danna
d9b6210d30
Remove unused url functions from fetchers
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-23 13:54:56 +01:00
Steven Danna
02d611e68c
Add archive_path helper to Tar and Url fetchers
Eventually I think we'll want this as part of the fetcher API generally.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-23 13:54:56 +01:00
Steven Danna
9c1b82e7d4
Add prototype of inspec.lock
This adds a basic prototype of inspec.lock. When the lockfile exists on
disk, the dependencies tree is constructed using the information in the
lock file rather than using the resolver.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-23 13:54:55 +01:00
Kartik Null Cating-Subramanian
33ae22d313 Support controls and describe blocks in InSpec shell 2016-08-19 19:07:23 +02:00
Steven Danna
34ae3122e9 Fix recursive deps for path-based deps
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-18 16:02:16 +02:00
Christoph Hartmann
8678ab6625 fix compliance plugin 2016-04-29 00:39:25 +02:00
Dominik Richter
b7e438eabc add a mock fetcher 2016-03-17 23:37:09 +01:00
Dominik Richter
c1d2da5bf3 ensure fetchers test against strings 2016-03-17 23:37:09 +01:00
Stephan Renatus
01d7d5bf8a fetchers/tar: slight simplification 2016-02-22 12:06:42 +01:00
Dominik Richter
82195d82d6 make url fetcher less restrictive on file-endings 2016-02-22 12:06:42 +01:00
Dominik Richter
202a781f6a fail on incorrect metadata of url download 2016-02-22 11:24:35 +01:00
Dominik Richter
d293550375 chain fetchers together 2016-02-22 11:24:35 +01:00
Dominik Richter
7b073fe153 add url fetcher 2016-02-22 11:24:35 +01:00
Dominik Richter
4e830ffc24 add tar fetcher 2016-02-22 11:24:35 +01:00
Dominik Richter
1c29667523 add zip fetcher 2016-02-22 11:24:35 +01:00
Dominik Richter
a83e29cc01 add local fetcher 2016-02-22 11:24:35 +01:00