mirror of
https://github.com/inspec/inspec
synced 2024-12-24 03:53:15 +00:00
91403d8c81
* Merge `login` and `login_automate` commands This provides a single interface for logging into either Chef Automate or Chef Compliance servers. Server type is evaluated at run time via HTTP responses from designated endpoints. This also moves the login logic from `Compliance::ComplianceCLI` to a separate set of modules in `Compliance::API`. This removes logic from Thor and allows for more in depth Unit testing. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Remove empty line below class definition Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add message to `raise CannotDetermineServerType` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Refactor `token_info` assignment Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Remove unnecessary rubocop disable Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `Login` module namespacing Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Remove mentions of login_automate and --usertoken Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Modify `determine_server_type` to return a symbol Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add support for `login_automate` and `--usertoken` Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Fix encoding typo Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Address PR feedback This does the following: - Moves `CannotDetermineServerType` error to `.login` - Changes methods that store configuration to return the configuration - Moves user output to one location in `.login` - Makes other small improvements Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
278 lines
12 KiB
Ruby
278 lines
12 KiB
Ruby
require 'helper'
|
|
|
|
describe Compliance::API do
|
|
let(:profiles_response) do
|
|
[{"name"=>"apache-baseline",
|
|
"title"=>"DevSec Apache Baseline",
|
|
"maintainer"=>"DevSec Hardening Framework Team",
|
|
"copyright"=>"DevSec Hardening Framework Team",
|
|
"copyright_email"=>"hello@dev-sec.io",
|
|
"license"=>"Apache 2 license",
|
|
"summary"=>"Test-suite for best-practice apache hardening",
|
|
"version"=>"2.0.2",
|
|
"supports"=>[{"os-family"=>"unix"}],
|
|
"depends"=>nil,
|
|
"owner_id"=>"admin"},
|
|
{"name"=>"apache-baseline",
|
|
"title"=>"DevSec Apache Baseline",
|
|
"maintainer"=>"Hardening Framework Team",
|
|
"copyright"=>"Hardening Framework Team",
|
|
"copyright_email"=>"hello@dev-sec.io",
|
|
"license"=>"Apache 2 license",
|
|
"summary"=>"Test-suite for best-practice apache hardening",
|
|
"version"=>"2.0.1",
|
|
"supports"=>[{"os-family"=>"unix"}],
|
|
"depends"=>nil,
|
|
"latest_version"=>"2.0.2",
|
|
"owner_id"=>"admin"},
|
|
{"name"=>"cis-aix-5.3-6.1-level1",
|
|
"title"=>"CIS AIX 5.3 and AIX 6.1 Benchmark Level 1",
|
|
"maintainer"=>"Chef Software, Inc.",
|
|
"copyright"=>"Chef Software, Inc.",
|
|
"copyright_email"=>"support@chef.io",
|
|
"license"=>"Proprietary, All rights reserved",
|
|
"summary"=>"CIS AIX 5.3 and AIX 6.1 Benchmark Level 1 translated from SCAP",
|
|
"version"=>"1.1.0",
|
|
"supports"=>nil,
|
|
"depends"=>nil,
|
|
"latest_version"=>"1.1.0-3",
|
|
"owner_id"=>"admin"}]
|
|
end
|
|
|
|
describe '.version' do
|
|
let(:headers) { 'test-headers' }
|
|
let(:config) do
|
|
{
|
|
'server' => 'myserver',
|
|
'insecure' => true
|
|
}
|
|
end
|
|
|
|
before do
|
|
Compliance::API.expects(:get_headers).returns(headers)
|
|
end
|
|
|
|
describe 'when a 404 is received' do
|
|
it 'should return an empty hash' do
|
|
response = mock
|
|
response.stubs(:code).returns('404')
|
|
Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
|
|
Compliance::API.version(config).must_equal({})
|
|
end
|
|
end
|
|
|
|
describe 'when the returned body is nil' do
|
|
it 'should return an empty hash' do
|
|
response = mock
|
|
response.stubs(:code).returns('200')
|
|
response.stubs(:body).returns(nil)
|
|
Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
|
|
Compliance::API.version(config).must_equal({})
|
|
end
|
|
end
|
|
|
|
describe 'when the returned body is an empty string' do
|
|
it 'should return an empty hash' do
|
|
response = mock
|
|
response.stubs(:code).returns('200')
|
|
response.stubs(:body).returns('')
|
|
Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
|
|
Compliance::API.version(config).must_equal({})
|
|
end
|
|
end
|
|
|
|
describe 'when the returned body has no version key' do
|
|
it 'should return an empty hash' do
|
|
response = mock
|
|
response.stubs(:code).returns('200')
|
|
response.stubs(:body).returns('{"api":"compliance"}')
|
|
Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
|
|
Compliance::API.version(config).must_equal({})
|
|
end
|
|
end
|
|
|
|
describe 'when the returned body has an empty version key' do
|
|
it 'should return an empty hash' do
|
|
response = mock
|
|
response.stubs(:code).returns('200')
|
|
response.stubs(:body).returns('{"api":"compliance","version":""}')
|
|
Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
|
|
Compliance::API.version(config).must_equal({})
|
|
end
|
|
end
|
|
|
|
describe 'when the returned body has a proper version' do
|
|
it 'should return an empty hash' do
|
|
response = mock
|
|
response.stubs(:code).returns('200')
|
|
response.stubs(:body).returns('{"api":"compliance","version":"1.2.3"}')
|
|
Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
|
|
Compliance::API.version(config).must_equal({'version' => '1.2.3', 'api' => 'compliance'})
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'automate/compliance is? checks' do
|
|
describe 'when the config has a compliance server_type' do
|
|
it 'automate/compliance server is? methods return correctly' do
|
|
config = Compliance::Configuration.new
|
|
config.clean
|
|
config['server_type'] = 'compliance'
|
|
Compliance::API.is_compliance_server?(config).must_equal true
|
|
Compliance::API.is_automate_server?(config).must_equal false
|
|
Compliance::API.is_automate_server_pre_080?(config).must_equal false
|
|
Compliance::API.is_automate_server_080_and_later?(config).must_equal false
|
|
end
|
|
end
|
|
|
|
describe 'when the config has an automate server_type and no version key' do
|
|
it 'automate/compliance server is? methods return correctly' do
|
|
config = Compliance::Configuration.new
|
|
config.clean
|
|
config['server_type'] = 'automate'
|
|
Compliance::API.is_compliance_server?(config).must_equal false
|
|
Compliance::API.is_automate_server?(config).must_equal true
|
|
Compliance::API.is_automate_server_pre_080?(config).must_equal true
|
|
Compliance::API.is_automate_server_080_and_later?(config).must_equal false
|
|
end
|
|
end
|
|
|
|
describe 'when the config has an automate server_type and a version key that is not a hash' do
|
|
it 'automate/compliance server is? methods return correctly' do
|
|
config = Compliance::Configuration.new
|
|
config.clean
|
|
config['server_type'] = 'automate'
|
|
config['version'] = '1.2.3'
|
|
Compliance::API.is_compliance_server?(config).must_equal false
|
|
Compliance::API.is_automate_server?(config).must_equal true
|
|
Compliance::API.is_automate_server_pre_080?(config).must_equal true
|
|
Compliance::API.is_automate_server_080_and_later?(config).must_equal false
|
|
end
|
|
end
|
|
|
|
describe 'when the config has an automate server_type and a version hash with no version' do
|
|
it 'automate/compliance server is? methods return correctly' do
|
|
config = Compliance::Configuration.new
|
|
config.clean
|
|
config['server_type'] = 'automate'
|
|
config['version'] = {}
|
|
Compliance::API.is_compliance_server?(config).must_equal false
|
|
Compliance::API.is_automate_server?(config).must_equal true
|
|
Compliance::API.is_automate_server_pre_080?(config).must_equal true
|
|
Compliance::API.is_automate_server_080_and_later?(config).must_equal false
|
|
end
|
|
end
|
|
|
|
describe 'when the config has an automate server_type and a version hash with a version' do
|
|
it 'automate/compliance server is? methods return correctly' do
|
|
config = Compliance::Configuration.new
|
|
config.clean
|
|
config['server_type'] = 'automate'
|
|
config['version'] = { 'version' => '0.8.1' }
|
|
Compliance::API.is_compliance_server?(config).must_equal false
|
|
Compliance::API.is_automate_server?(config).must_equal true
|
|
Compliance::API.is_automate_server_pre_080?(config).must_equal false
|
|
Compliance::API.is_automate_server_080_and_later?(config).must_equal true
|
|
end
|
|
end
|
|
end
|
|
|
|
describe '.server_version_from_config' do
|
|
it 'returns nil when the config has no version key' do
|
|
config = {}
|
|
Compliance::API.server_version_from_config(config).must_be_nil
|
|
end
|
|
|
|
it 'returns nil when the version value is not a hash' do
|
|
config = { 'version' => '123' }
|
|
Compliance::API.server_version_from_config(config).must_be_nil
|
|
end
|
|
|
|
it 'returns nil when the version value is a hash but has no version key inside' do
|
|
config = { 'version' => {} }
|
|
Compliance::API.server_version_from_config(config).must_be_nil
|
|
end
|
|
|
|
it 'returns the version if the version value is a hash containing a version' do
|
|
config = { 'version' => { 'version' => '1.2.3' } }
|
|
Compliance::API.server_version_from_config(config).must_equal '1.2.3'
|
|
end
|
|
end
|
|
|
|
describe 'profile_split' do
|
|
it 'handles a profile without version' do
|
|
Compliance::API.profile_split('admin/apache-baseline').must_equal ['admin', 'apache-baseline', nil]
|
|
end
|
|
|
|
it 'handles a profile with a version' do
|
|
Compliance::API.profile_split('admin/apache-baseline#2.0.1').must_equal ['admin', 'apache-baseline', '2.0.1']
|
|
end
|
|
end
|
|
|
|
describe 'target_url' do
|
|
it 'handles a automate profile with and without version' do
|
|
config = Compliance::Configuration.new
|
|
config.clean
|
|
config['server_type'] = 'automate'
|
|
config['server'] = 'https://myautomate'
|
|
config['version'] = '1.6.99'
|
|
Compliance::API.target_url(config, 'admin/apache-baseline').must_equal 'https://myautomate/profiles/admin/apache-baseline/tar'
|
|
Compliance::API.target_url(config, 'admin/apache-baseline#2.0.2').must_equal 'https://myautomate/profiles/admin/apache-baseline/version/2.0.2/tar'
|
|
end
|
|
|
|
it 'handles a chef-compliance profile with and without version' do
|
|
config = Compliance::Configuration.new
|
|
config.clean
|
|
config['server_type'] = 'compliance'
|
|
config['server'] = 'https://mychefcompliance'
|
|
config['version'] = '1.1.2'
|
|
Compliance::API.target_url(config, 'admin/apache-baseline').must_equal 'https://mychefcompliance/owners/admin/compliance/apache-baseline/tar'
|
|
Compliance::API.target_url(config, 'admin/apache-baseline#2.0.2').must_equal 'https://mychefcompliance/owners/admin/compliance/apache-baseline/tar'
|
|
end
|
|
end
|
|
|
|
describe 'exist?' do
|
|
it 'works with profiles returned by Automate' do
|
|
config = Compliance::Configuration.new
|
|
config.clean
|
|
config['server_type'] = 'automate'
|
|
config['server'] = 'https://myautomate'
|
|
config['version'] = '1.6.99'
|
|
Compliance::API.stubs(:profiles).returns([nil, profiles_response])
|
|
Compliance::API.exist?(config, 'admin/apache-baseline').must_equal true
|
|
Compliance::API.exist?(config, 'admin/apache-baseline#2.0.1').must_equal true
|
|
Compliance::API.exist?(config, 'admin/apache-baseline#2.0.999').must_equal false
|
|
Compliance::API.exist?(config, 'admin/missing-in-action').must_equal false
|
|
end
|
|
end
|
|
|
|
describe '.determine_server_type' do
|
|
it 'returns `automate` when a 401 is received from `https://automate.example.com/compliance/version`' do
|
|
good_response = mock
|
|
good_response.stubs(:code).returns('401')
|
|
url = 'https://automate.example.com'
|
|
Compliance::HTTP.expects(:get).with(url + '/compliance/version', nil, true).returns(good_response)
|
|
Compliance::API.determine_server_type(url, true).must_equal(:automate)
|
|
end
|
|
|
|
it 'returns `compliance` when a 200 is received from `https://compliance.example.com/api/version`' do
|
|
good_response = mock
|
|
good_response.stubs(:code).returns('200')
|
|
bad_response = mock
|
|
bad_response.stubs(:code).returns('404')
|
|
url = 'https://compliance.example.com'
|
|
Compliance::HTTP.expects(:get).with(url + '/compliance/version', nil, true).returns(bad_response)
|
|
Compliance::HTTP.expects(:get).with(url + '/api/version', nil, true).returns(good_response)
|
|
Compliance::API.determine_server_type(url, true).must_equal(:compliance)
|
|
end
|
|
|
|
it 'returns `nil` if no response returns favorably' do
|
|
bad_response = mock
|
|
bad_response.stubs(:code).returns('404')
|
|
url = 'https://bad.example.com'
|
|
Compliance::HTTP.expects(:get).with(url + '/compliance/version', nil, true).returns(bad_response)
|
|
Compliance::HTTP.expects(:get).with(url + '/api/version', nil, true).returns(bad_response)
|
|
Compliance::API.determine_server_type(url, true).must_be_nil
|
|
end
|
|
end
|
|
end
|