Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-23 13:13:22 +00:00
Code Issues Projects Releases Packages Wiki Activity
inspec/lib/resources/yum.rb
Jared Quick 2bbcdbde9b
Inspec 3.0 (#3512) 
* Remove deprecated yumrepo. (#3435)

* Remove deprecations for cli `--format` and metadata.rb (#3452)

* Remove deprecated database_helpers stderr/stdout methods.
Update deprecation text for processes/apache.

* Remove deprecations for `--format` and metadata.rb
Remove deprecated `format` code.
Remove deprecated code test and change json-config format test to use
reporter.
Remove deprecated metadata.rb code
Remove deprecation notice for old supports syntax.
Deprecate metadata.rb from source_reader
Remove rubocop disables as they are no longer required for this code block.
Remove deprecated legacy metadata.rb mock profiles.
Remove deprecated metadata.rb profile tests.
Remove deprecated yumrepo test.

* Allow inspec-3.0 branch to be tested.
* Allow appveyor to test inspec-3.0 branch
* Change runner tests to use reporter rather than format.
Remove deprecated `supports: linux` tests.

* Remove skip from inherited profiles from showing up in reporting (breaking change) (#3332)

* Skip loading dependency profiles if they are unsupported on the current
platform.

Skip loading dependencies if they are unsupported on the current
platform.

Wrap our log and next in a conditional checking if the platform is
supported.

Change a `if !` into a `unless`

Check if the backend is a Train Mock Connection and if so say that the
profile does support the platform.

While iterating through tests being loaded skip when the platform is
unsupported.

We now log a WARN when a profile is skipped due to unsupported platform,
so lets check that.

Modified existing test to log that there are 0 skipped tests, instead of
2.

Add functional test that loads profile-support-skip with a json reporter
to check that our controls are not loaded and that stderr contains our
warning.

* Rather than iterating through each test return before recursion if the platform is
unsupported.

* Resolve tests using a supported platform different from testing platform

Add a control to `test/unit/mock/profiles/complete-profile` that would
work on any OS with a Internet connection. This allows the profile
to execute on any OS with success. `filesystem_spec.rb` was a control
that would only work on Linux and some BSD's.

We want profile tests to consistently work across development and testing
platforms, and not get 'skipped' in some cases.  Travis-CI tests on Linux,
Inspec Dev team uses Linux and MacOS, Appveyor tests on Windows

Also Updated `file_provider_test.rb` for `complete-profile` content changes.

If you `MockLoader.load_profile` on a unsupported platform you might not
hit the usual skip. Lets handle situations where the tests array in
Profile#load_checks_params could be nil.

* Use safe navigation rather than checking if tests is nil.
Update tests to point to unsupported_inspec and account for WARN changes.
Make unsupported_inspec profile support os-family 'unsupported_inspec'

* Fix skip bug when using include/require controls. (#3487)

* Fix skip bug when using include/require controls.
* fix test and feedback.

* Remove need for UUID detection for Automate report (#3507)
* Add json metadata for skipped profiles (#3495)

* Add skip metadata to json reports
* Unify skip messages.
* Update with status field.
* Add testing.
* Fix tests.
* lint
* Add skip exit codes for profile skips.
* Update website for 3.0 launch

Add `plugins` to sidebar.
Change 2.0 -> 3.0 in slim files.
Update 3.0 features list.
* Fix comments
* Update float to numeric.
* Change Float to numeric.
* updated feature list and impact doc
* Change "What's new in InSpec 3.0" -> "Announcing InSpec 3.0"
* Bump VERSION to 3.0.0 (#3511)

* Remove 3.0 testing checks.

* Fix azure link.
2018-10-15 18:25:27 -04:00

155 lines
3.4 KiB
Ruby
Raw Blame History

# encoding: utf-8
# Usage:
# describe yum do
# its('repos') { should exist }
# end
#
# describe yum do
# its('repos') { should include 'base/7/x86_64' }
# its('epel') { should exist }
# its('epel') { should be_enabled }
# end
#
# Filter for a specific repo by name
# - use full identifier e.g. 'updates/7/x86_64'
# - use short identifier e.g. 'updates'
#
# describe yum.repo('epel') do
# it { should exist }
# it { should be_enabled }
# its('baseurl') { should include 'mycompany.biz' }
# end
#
# deprecated:
# describe yumrepo('epel') do
# it { should exist }
# it { should be_enabled }
# end
module Inspec::Resources
class Yum < Inspec.resource(1)
name 'yum'
supports platform: 'unix'
desc 'Use the yum InSpec audit resource to test the configuration of Yum repositories.'
example "
describe yum.repo('name') do
it { should exist }
it { should be_enabled }
end
"
# returns all repositories
# works as following:
# search for Repo-id
# parse data in hashmap
# store data in object
# until \n
def repositories
return @cache if defined?(@cache)
# parse the repository data from yum
# we cannot use -C, because this is not reliable and may lead to errors
@command_result = inspec.command('yum -v repolist all')
@content = @command_result.stdout
@cache = []
repo = {}
in_repo = false
@content.each_line do |line|
# detect repo start
in_repo = true if line =~ /^\s*Repo-id\s*:\s*(.*)\b/
# detect repo end
if line == "\n" && in_repo
in_repo = false
@cache.push(repo)
repo = {}
end
# parse repo content
if in_repo == true
val = /^\s*([^:]*?)\s*:\s*(.*?)\s*$/.match(line)
repo[repo_key(strip(val[1]))] = strip(val[2])
end
end
@cache
end
def repos
repositories.map { |repo| repo['id'] }
end
def repo(repo)
YumRepo.new(self, repo)
end
# alias for yum.repo('reponame')
def method_missing(name)
repo(name.to_s) if !name.nil?
end
def to_s
'Yum Repository'
end
private
# Removes lefthand and righthand whitespace
def strip(value)
value&.strip
end
# Optimize the key value
def repo_key(key)
return key if key.nil?
key.gsub('Repo-', '').downcase
end
end
class YumRepo
def initialize(yum, reponame)
@yum = yum
@reponame = reponame
end
# extracts the shortname from a repo id
# e.g. extras/7/x86_64 -> extras
def shortname(id)
val = %r{^\s*([^/]*?)/(.*?)\s*$}.match(id)
val.nil? ? nil : val[1]
end
def info
return @cache if defined?(@cache)
selection = @yum.repositories.select { |e| e['id'] == @reponame || shortname(e['id']) == @reponame }
@cache = selection.empty? ? {} : selection.first
@cache
end
def exist?
!info.empty?
end
def enabled?
return false unless exist?
info['status'] == 'enabled'
end
# provide a method for each of the repo metadata items we know about
[
:baseurl,
:expire,
:filename,
:mirrors,
:pkgs,
:size,
:status,
:updated,
].each do |key|
define_method key do
info[key.to_s]
end
end
def to_s
"YumRepo #{@reponame}"
end
end
end
Reference in a new issue View git blame Copy permalink