inspec/test/unit/fetchers/url_test.rb
Dan Mirsky 1e20e2998e Fix github tree url regex. Add period for repo
Signed-off-by: Dan Mirsky <mirskiy@gmail.com>
2019-05-18 10:50:39 -07:00

371 lines
12 KiB
Ruby

# author: Dominik Richter
# author: Christoph Hartmann
require 'helper'
describe Fetchers::Url do
it 'registers with the fetchers registry' do
reg = Inspec::Fetcher.registry
_(reg['url']).must_equal Fetchers::Url
end
describe 'testing different urls' do
# We don't use the MockLoader here becuase it produces tarballs
# with different sha's on each run
let(:expected_shasum) { "98b1ae45059b004178a8eee0c1f6179dcea139c0fd8a69ee47a6f02d97af1f17" }
let(:mock_open) {
m = Minitest::Mock.new
m.expect :meta, {'content-type' => 'application/gzip'}
m.expect :read, "fake content"
m
}
def expect_url_transform
@mock_logger = Minitest::Mock.new
@mock_logger.expect(:warn, nil, [/URL target.*transformed/])
Inspec::Log.stub :warn, proc { |message| @mock_logger.warn(message) } do
yield
end
@mock_logger.verify
end
it 'handles a http url' do
url = 'http://chef.io/some.tar.gz'
res = Fetchers::Url.resolve(url)
res.expects(:open).returns(mock_open)
_(res).must_be_kind_of Fetchers::Url
_(res.resolved_source).must_equal({url: 'http://chef.io/some.tar.gz', sha256: expected_shasum})
end
it 'handles a https url' do
url = 'https://chef.io/some.tar.gz'
res = Fetchers::Url.resolve(url)
res.expects(:open).returns(mock_open)
_(res).must_be_kind_of Fetchers::Url
_(res.resolved_source).must_equal({url: 'https://chef.io/some.tar.gz', sha256: expected_shasum})
end
it 'handles an https URI' do
uri = URI.parse('https://chef.io/some.tar.gz')
res = Fetchers::Url.resolve(uri)
res.expects(:open).returns(mock_open)
_(res).must_be_kind_of Fetchers::Url
_(res.resolved_source).must_equal({url: 'https://chef.io/some.tar.gz', sha256: expected_shasum})
end
it 'doesnt handle other schemas' do
Fetchers::Url.resolve('gopher://chef.io/some.tar.gz').must_be_nil
end
it 'only handles URLs' do
Fetchers::Url.resolve(__FILE__).must_be_nil
end
%w{https://github.com/chef/inspec
https://github.com/chef/inspec.git
https://www.github.com/chef/inspec.git
http://github.com/chef/inspec
http://github.com/chef/inspec.git
http://www.github.com/chef/inspec.git}.each do |github|
it "resolves a github url #{github}" do
expect_url_transform do
res = Fetchers::Url.resolve(github)
res.expects(:open).returns(mock_open)
_(res).wont_be_nil
_(res.resolved_source).must_equal({url: 'https://github.com/chef/inspec/archive/master.tar.gz', sha256: expected_shasum})
end
end
end
it "resolves a github url with dot" do
expect_url_transform do
github = 'https://github.com/mitre/aws-rds-oracle-mysql-ee-5.7-cis-baseline'
res = Fetchers::Url.resolve(github)
res.expects(:open).returns(mock_open)
_(res).wont_be_nil
_(res.resolved_source).must_equal({url: 'https://github.com/mitre/aws-rds-oracle-mysql-ee-5.7-cis-baseline/archive/master.tar.gz', sha256: expected_shasum})
end
end
it "resolves a github branch url" do
expect_url_transform do
github = 'https://github.com/hardening-io/tests-os-hardening/tree/2.0'
res = Fetchers::Url.resolve(github)
res.expects(:open).returns(mock_open)
_(res).wont_be_nil
_(res.resolved_source).must_equal({url: 'https://github.com/hardening-io/tests-os-hardening/archive/2.0.tar.gz', sha256: expected_shasum})
end
end
it "resolves a github commit url" do
expect_url_transform do
github = 'https://github.com/hardening-io/tests-os-hardening/tree/48bd4388ddffde68badd83aefa654e7af3231876'
res = Fetchers::Url.resolve(github)
res.expects(:open).returns(mock_open)
_(res).wont_be_nil
_(res.resolved_source).must_equal({url: 'https://github.com/hardening-io/tests-os-hardening/archive/48bd4388ddffde68badd83aefa654e7af3231876.tar.gz',
sha256: expected_shasum})
end
end
%w{https://bitbucket.org/chef/inspec
https://bitbucket.org/chef/inspec.git
https://www.bitbucket.org/chef/inspec.git
http://bitbucket.org/chef/inspec
http://bitbucket.org/chef/inspec.git
http://www.bitbucket.org/chef/inspec.git}.each do |bitbucket|
it "resolves a bitbucket url #{bitbucket}" do
expect_url_transform do
res = Fetchers::Url.resolve(bitbucket)
res.expects(:open).returns(mock_open)
_(res).wont_be_nil
_(res.resolved_source).must_equal({url: 'https://bitbucket.org/chef/inspec/get/master.tar.gz', sha256: expected_shasum})
end
end
end
it "resolves a bitbucket branch url" do
expect_url_transform do
bitbucket = 'https://bitbucket.org/chef/inspec/branch/newbranch'
res = Fetchers::Url.resolve(bitbucket)
res.expects(:open).returns(mock_open)
_(res).wont_be_nil
_(res.resolved_source).must_equal({url: 'https://bitbucket.org/chef/inspec/get/newbranch.tar.gz', sha256: expected_shasum})
end
end
it "resolves a bitbucket commit url" do
expect_url_transform do
bitbucket = 'https://bitbucket.org/chef/inspec/commits/48bd4388ddffde68badd83aefa654e7af3231876'
res = Fetchers::Url.resolve(bitbucket)
res.expects(:open).returns(mock_open)
_(res).wont_be_nil
_(res.resolved_source).must_equal({url: 'https://bitbucket.org/chef/inspec/get/48bd4388ddffde68badd83aefa654e7af3231876.tar.gz', sha256: expected_shasum})
end
end
end
describe 'download_automate2_archive_to_temp' do
let(:target) { 'https://myurl/file.tar.gz' }
let(:options) do
{
'automate' => {
'ent' => 'automate',
'token_type' => 'dctoken',
},
'token' => '1234abcd',
'server_type' => 'automate2',
'profile' => ['admin', 'ssh-baseline', '2.0']
}
end
let(:subject) { Fetchers::Url.resolve(target, options) }
it "downloads tar to tmp file" do
mock = Object.new
mock.stubs(:body).returns('this is the body')
Net::HTTP.expects(:start)
.returns(mock)
path = subject.send(:download_automate2_archive_to_temp)
File.read(path).must_equal 'this is the body'
end
it "sets default http options" do
mock = Object.new
mock.stubs(:body).returns('this is the body')
opts = {"chef-delivery-enterprise"=>"automate", "x-data-collector-token"=>"1234abcd", :use_ssl=>true, :verify_mode=>1}
Net::HTTP.expects(:start)
.with('myurl', 443, opts)
.returns(mock)
subject.send(:download_automate2_archive_to_temp)
end
it "sets insecure http options" do
options['insecure'] = true
mock = Object.new
mock.stubs(:body).returns('this is the body')
opts = {:ssl_verify_mode => 0, "chef-delivery-enterprise"=>"automate", "x-data-collector-token"=>"1234abcd", :use_ssl=>true, :verify_mode=>0}
Net::HTTP.expects(:start)
.with('myurl', 443, opts)
.returns(mock)
subject.send(:download_automate2_archive_to_temp)
end
end
describe 'applied to a valid url (mocked tar.gz)' do
let(:mock_file) { MockLoader.profile_tgz('complete-profile') }
let(:target) { 'http://myurl/file.tar.gz' }
let(:subject) { Fetchers::Url.resolve(target) }
let(:mock_open) {
m = Minitest::Mock.new
m.expect :meta, {'content-type' => 'application/gzip'}
m.expect :read, File.open(mock_file, 'rb').read
m
}
let(:mock_dest) {
f = Tempfile.new("url-fetch-test")
f.path
}
it 'tries to fetch the file' do
subject.expects(:open).returns(mock_open)
subject.fetch(mock_dest)
end
it "returns the resolved_source hash" do
subject.expects(:open).returns(mock_open)
subject.resolved_source[:url].must_equal(target)
end
end
describe '#http_opts' do
let(:subject) { Fetchers::Url.new('fake_url', config) }
describe 'when username and password is specified' do
let(:config) { { :username => 'dummy', :password => 'dummy' } }
it 'returns a hash containing http_basic_authentication setting' do
subject.send(:http_opts)[:http_basic_authentication].must_equal ["dummy", "dummy"]
end
end
describe 'when only password is specified' do
let(:config) { { :password => 'dummy'} }
it 'returns a hash containing http_basic_authentication setting as nil' do
subject.send(:http_opts)[:http_basic_authentication].must_be_nil
end
end
describe 'when insecure is specified' do
let(:config) { { 'insecure' => true } }
it 'returns a hash containing an ssl_verify_mode setting' do
subject.send(:http_opts)[:ssl_verify_mode].must_equal OpenSSL::SSL::VERIFY_NONE
end
end
describe 'when insecure is not specific' do
let(:config) { {} }
it 'returns a hash that does not contain an ssl_verify_mode setting' do
subject.send(:http_opts).key?(:ssl_verify_mode).must_equal false
end
end
describe 'when the server is an automate server using dctoken' do
describe 'when the config is properly populated' do
let(:config) do
{
'server_type' => 'automate',
'automate' => {
'ent' => 'my_ent',
'token_type' => 'dctoken',
},
'token' => 'my_token',
}
end
it 'returns a properly formatted headers hash' do
headers = subject.send(:http_opts)
headers['chef-delivery-enterprise'].must_equal 'my_ent'
headers['x-data-collector-token'].must_equal 'my_token'
end
end
describe 'when the enterprise is not supplied' do
it 'raises an exception' do
proc {
config = {
'server_type' => 'automate',
'automate' => { 'token_type' => 'dctoken' },
'token' => 'my_token',
}
Fetchers::Url.new('fake_url', config).send(:http_opts)
}.must_raise RuntimeError
end
end
describe 'when the token is not supplied' do
it 'raises an exception' do
proc {
config = {
'server_type' => 'automate',
'automate' => {
'ent' => 'my_ent',
'token_type' => 'dctoken',
},
}
Fetchers::Url.new('fake_url', config).send(:http_opts)
}.must_raise RuntimeError
end
end
end
describe 'when the server is an automate server not using dctoken' do
describe 'when the config is properly populated' do
let(:config) do
{
'server_type' => 'automate',
'automate' => {
'ent' => 'my_ent',
'token_type' => 'usertoken',
},
'user' => 'my_user',
'token' => 'my_token',
}
end
it 'returns a properly formatted headers hash' do
headers = subject.send(:http_opts)
headers['chef-delivery-enterprise'].must_equal 'my_ent'
headers['chef-delivery-user'].must_equal 'my_user'
headers['chef-delivery-token'].must_equal 'my_token'
end
end
describe 'when the user is not supplied' do
it 'raises an exception' do
proc {
config = {
'server_type' => 'automate',
'automate' => {
'ent' => 'my_ent',
'token_type' => 'usertoken',
},
'token' => 'my_token',
}
Fetchers::Url.new('fake_url', config).send(:http_opts)
}.must_raise RuntimeError
end
end
describe 'when the token is not supplied' do
it 'raises an exception' do
proc {
config = {
'server_type' => 'automate',
'automate' => {
'ent' => 'my_ent',
'token_type' => 'usertoken',
},
'user' => 'my_user',
}
Fetchers::Url.new('fake_url', config).send(:http_opts)
}.must_raise RuntimeError
end
end
end
describe 'when only a token is supplied' do
let(:config) { { 'token' => 'my_token' } }
it 'returns a hash containing an Authorization header' do
subject.send(:http_opts)['Authorization'].must_equal "Bearer my_token"
end
end
end
end