inspec/lib/plugins/inspec-habitat
Clinton Wolfe 393b8072e8
Feature Config File and Logger Support (#6260)
* Convenience method skeleton

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Basic support for a config file

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add features() array method

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Accept config as an option to with_feature

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Accept logger as an option to with_feature

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Refactor to push code into its own files

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Basic logger integration

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Crude validation of feature names, simply issues a warning log message

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Linting

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add basic tamperproofing to feature config

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Convenience method skeleton

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Basic support for a config file

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add features() array method

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Accept config as an option to with_feature

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Accept logger as an option to with_feature

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Refactor to push code into its own files

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Basic logger integration

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Crude validation of feature names, simply issues a warning log message

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Linting

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add basic tamperproofing to feature config

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* CFINSPEC-464 CLI commands declaration using with_feature functionality (#6263)

* Declared inspec cli commands within feature_with function

Signed-off-by: Nikita Mathur <nikita.mathur@chef.io>

* Added enhanced outcomes, waivers, reporters and streaming reporters within with_feature block

Signed-off-by: Nikita Mathur <nikita.mathur@chef.io>

* Added with_feature declaration for attestations

Signed-off-by: Nikita Mathur <nikita.mathur@chef.io>

Signed-off-by: Nikita Mathur <nikita.mathur@chef.io>

* Update features.yaml signature after adding in new feature flags

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Fix lint

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Resolved undefined method with_feature in reporters.rb

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Fix for features tampered file test failing

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Fixed the failing functional test for junit2: Missing the entry in the features.yaml
Added progress-bar reporter entry in features.yaml

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Signed-off-by: Nikita Mathur <nikita.mathur@chef.io>
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
Co-authored-by: Nikita Mathur <Nik08@users.noreply.github.com>
Co-authored-by: Vasu1105 <vasundhara.jagdale@chef.io>
2022-10-19 19:17:56 +05:30
..
lib Feature Config File and Logger Support (#6260) 2022-10-19 19:17:56 +05:30
templates/habitat remove inspec/jq from pkg_deps/pkg_build_deps 2019-12-03 18:04:51 -05:00
test Apply chefstyle -a, and manually remove duplicate requires 2020-12-21 13:25:04 -05:00
Berksfile blindly applied chefstyle -a 2019-06-11 18:52:03 -07:00
inspec-habitat.gemspec Added gemspec file to core plugins to be used in plugin listing for description 2022-03-18 17:27:11 +05:30
kitchen.yml Rewrite inspec-habitat plugin 2019-02-19 00:47:14 -08:00
README.md Fix typos/grammer/etc in README.md 2019-02-21 15:02:37 -08:00

InSpec Habitat Plugin

Summary

This plugin allows you to do the following:

  1. Add Habitat configuration to a profile
  2. Create/Upload a Habitat package from an InSpec profile

Creating a Habitat package from an InSpec profile allows you to execute that profile as a service (via a Habitat Supervisor) on any Linux based platform.

When running as a service, an InSpec report will be created in JSON format (by default at /hab/svc/YOUR_SERVICE/logs/inspec_last_run.json). Additionally, a log of the last run will be located at /hab/svc/YOUR_SERVICE/logs/inspec_log.txt and CLI output is viewable in the Supervisor logs by default. You can also configure this service to report to Chef Automate.

See below for usage instructions.

Plugin Usage

Adding Habitat Configuration to an InSpec Profile

Run the following command:

inspec habitat profile setup PATH

This will create the following files:

  • habitat/plan.sh (Provides build time instructions to Habitat)
  • habitat/default.toml (Used to configure the running Habitat service)
  • habitat/hooks/run (Shell script to execute this profile as a service)
  • habitat/config/inspec_exec_config.json (JSON for inspec exec CLI options)

Creating a Habitat Package

This command requires Habitat to be installed and configured. For instructions on how to do that see here.

Run the following command:

inspec habitat profile create PATH

This command will:

  • Create a Habitat artifact (.hart file).

NOTE: If you are fetching packages from Chef Automate see below.

Uploading a Habitat Package

This command requires Habitat to be installed and configured. For instructions on how to do that see here.

Run the following command:

inspec habitat profile upload PATH

This command will:

  • Create a Habitat artifact (.hart file).
  • Upload the Habitat artifact to bldr.habitat.sh.

NOTE: If you are fetching packages from Chef Automate see below.

Habitat Package Usage

This command requires Habitat to be installed and configured. For instructions on how to do that see here.

General usage instructions for using Habitat packages can be found here.

Installing the package from a HART file:

# See Habitat docs for more info. The below is for testing only.
hab pkg install PATH_TO_CREATED_HART_FILE
hab sup run YOUR_ORIGIN/inspec-profile-YOUR_PROFILE_NAME

Installing the package from the Public Builder Depot:

# See Habitat docs for more info. The below is for testing only.
hab pkg install YOUR_ORIGIN/inspec-profile-YOUR_PROFILE_NAME
hab sup run YOUR_ORIGIN/inspec-profile-YOUR_PROFILE_NAME

Integrating with Chef Automate

Fetching Profiles from Chef Automate During Build

Fetching profiles from Chef Automate requires authentication.

Run the following commands prior to creating/uploading your Habitat package:

# Remove -k if you are not using a self-signed certificate
inspec compliance login -k --user USER --token API_TOKEN https://AUTOMATE_FQDN
export HAB_STUDIO_SECRET_COMPLIANCE_CREDS=$(cat ~/.inspec/compliance/config.json)

Sending InSpec Reports to Chef Automate

After running your Habitat package as a service you can configure it to report to Chef Automate via a configuration update.

For example, create a TOML file (config.toml) that matches the below:

[automate]
url = 'https://chef-automate.test'
token = 'TOKEN'
user = 'admin'

Then apply it like so:

# The '1' here is the config version (increment this with each change)
hab config apply inspec-profile-PROFILE_NAME.default 1 /path/to/config.toml

This will apply the configuration to all services in the service group. For more info on service groups see the Habitat docs

Testing

Lint, unit, and functional tests are ran from the root of the InSpec source:

bundle exec rake test

To execute the integration tests (Test Kitchen + Vagrant + VirtualBox) run the following from the directory containing this README.md:

bundle exec kitchen test