mirror of
https://github.com/inspec/inspec
synced 2024-11-30 08:30:39 +00:00
2bbcdbde9b
* Remove deprecated yumrepo. (#3435) * Remove deprecations for cli `--format` and metadata.rb (#3452) * Remove deprecated database_helpers stderr/stdout methods. Update deprecation text for processes/apache. * Remove deprecations for `--format` and metadata.rb Remove deprecated `format` code. Remove deprecated code test and change json-config format test to use reporter. Remove deprecated metadata.rb code Remove deprecation notice for old supports syntax. Deprecate metadata.rb from source_reader Remove rubocop disables as they are no longer required for this code block. Remove deprecated legacy metadata.rb mock profiles. Remove deprecated metadata.rb profile tests. Remove deprecated yumrepo test. * Allow inspec-3.0 branch to be tested. * Allow appveyor to test inspec-3.0 branch * Change runner tests to use reporter rather than format. Remove deprecated `supports: linux` tests. * Remove skip from inherited profiles from showing up in reporting (breaking change) (#3332) * Skip loading dependency profiles if they are unsupported on the current platform. Skip loading dependencies if they are unsupported on the current platform. Wrap our log and next in a conditional checking if the platform is supported. Change a `if !` into a `unless` Check if the backend is a Train Mock Connection and if so say that the profile does support the platform. While iterating through tests being loaded skip when the platform is unsupported. We now log a WARN when a profile is skipped due to unsupported platform, so lets check that. Modified existing test to log that there are 0 skipped tests, instead of 2. Add functional test that loads profile-support-skip with a json reporter to check that our controls are not loaded and that stderr contains our warning. * Rather than iterating through each test return before recursion if the platform is unsupported. * Resolve tests using a supported platform different from testing platform Add a control to `test/unit/mock/profiles/complete-profile` that would work on any OS with a Internet connection. This allows the profile to execute on any OS with success. `filesystem_spec.rb` was a control that would only work on Linux and some BSD's. We want profile tests to consistently work across development and testing platforms, and not get 'skipped' in some cases. Travis-CI tests on Linux, Inspec Dev team uses Linux and MacOS, Appveyor tests on Windows Also Updated `file_provider_test.rb` for `complete-profile` content changes. If you `MockLoader.load_profile` on a unsupported platform you might not hit the usual skip. Lets handle situations where the tests array in Profile#load_checks_params could be nil. * Use safe navigation rather than checking if tests is nil. Update tests to point to unsupported_inspec and account for WARN changes. Make unsupported_inspec profile support os-family 'unsupported_inspec' * Fix skip bug when using include/require controls. (#3487) * Fix skip bug when using include/require controls. * fix test and feedback. * Remove need for UUID detection for Automate report (#3507) * Add json metadata for skipped profiles (#3495) * Add skip metadata to json reports * Unify skip messages. * Update with status field. * Add testing. * Fix tests. * lint * Add skip exit codes for profile skips. * Update website for 3.0 launch Add `plugins` to sidebar. Change 2.0 -> 3.0 in slim files. Update 3.0 features list. * Fix comments * Update float to numeric. * Change Float to numeric. * updated feature list and impact doc * Change "What's new in InSpec 3.0" -> "Announcing InSpec 3.0" * Bump VERSION to 3.0.0 (#3511) * Remove 3.0 testing checks. * Fix azure link.
155 lines
3.4 KiB
Ruby
155 lines
3.4 KiB
Ruby
# encoding: utf-8
|
|
|
|
# Usage:
|
|
# describe yum do
|
|
# its('repos') { should exist }
|
|
# end
|
|
#
|
|
# describe yum do
|
|
# its('repos') { should include 'base/7/x86_64' }
|
|
# its('epel') { should exist }
|
|
# its('epel') { should be_enabled }
|
|
# end
|
|
#
|
|
# Filter for a specific repo by name
|
|
# - use full identifier e.g. 'updates/7/x86_64'
|
|
# - use short identifier e.g. 'updates'
|
|
#
|
|
# describe yum.repo('epel') do
|
|
# it { should exist }
|
|
# it { should be_enabled }
|
|
# its('baseurl') { should include 'mycompany.biz' }
|
|
# end
|
|
#
|
|
# deprecated:
|
|
# describe yumrepo('epel') do
|
|
# it { should exist }
|
|
# it { should be_enabled }
|
|
# end
|
|
|
|
module Inspec::Resources
|
|
class Yum < Inspec.resource(1)
|
|
name 'yum'
|
|
supports platform: 'unix'
|
|
desc 'Use the yum InSpec audit resource to test the configuration of Yum repositories.'
|
|
example "
|
|
describe yum.repo('name') do
|
|
it { should exist }
|
|
it { should be_enabled }
|
|
end
|
|
"
|
|
|
|
# returns all repositories
|
|
# works as following:
|
|
# search for Repo-id
|
|
# parse data in hashmap
|
|
# store data in object
|
|
# until \n
|
|
def repositories
|
|
return @cache if defined?(@cache)
|
|
# parse the repository data from yum
|
|
# we cannot use -C, because this is not reliable and may lead to errors
|
|
@command_result = inspec.command('yum -v repolist all')
|
|
@content = @command_result.stdout
|
|
@cache = []
|
|
repo = {}
|
|
in_repo = false
|
|
@content.each_line do |line|
|
|
# detect repo start
|
|
in_repo = true if line =~ /^\s*Repo-id\s*:\s*(.*)\b/
|
|
# detect repo end
|
|
if line == "\n" && in_repo
|
|
in_repo = false
|
|
@cache.push(repo)
|
|
repo = {}
|
|
end
|
|
# parse repo content
|
|
if in_repo == true
|
|
val = /^\s*([^:]*?)\s*:\s*(.*?)\s*$/.match(line)
|
|
repo[repo_key(strip(val[1]))] = strip(val[2])
|
|
end
|
|
end
|
|
@cache
|
|
end
|
|
|
|
def repos
|
|
repositories.map { |repo| repo['id'] }
|
|
end
|
|
|
|
def repo(repo)
|
|
YumRepo.new(self, repo)
|
|
end
|
|
|
|
# alias for yum.repo('reponame')
|
|
def method_missing(name)
|
|
repo(name.to_s) if !name.nil?
|
|
end
|
|
|
|
def to_s
|
|
'Yum Repository'
|
|
end
|
|
|
|
private
|
|
|
|
# Removes lefthand and righthand whitespace
|
|
def strip(value)
|
|
value&.strip
|
|
end
|
|
|
|
# Optimize the key value
|
|
def repo_key(key)
|
|
return key if key.nil?
|
|
key.gsub('Repo-', '').downcase
|
|
end
|
|
end
|
|
|
|
class YumRepo
|
|
def initialize(yum, reponame)
|
|
@yum = yum
|
|
@reponame = reponame
|
|
end
|
|
|
|
# extracts the shortname from a repo id
|
|
# e.g. extras/7/x86_64 -> extras
|
|
def shortname(id)
|
|
val = %r{^\s*([^/]*?)/(.*?)\s*$}.match(id)
|
|
val.nil? ? nil : val[1]
|
|
end
|
|
|
|
def info
|
|
return @cache if defined?(@cache)
|
|
selection = @yum.repositories.select { |e| e['id'] == @reponame || shortname(e['id']) == @reponame }
|
|
@cache = selection.empty? ? {} : selection.first
|
|
@cache
|
|
end
|
|
|
|
def exist?
|
|
!info.empty?
|
|
end
|
|
|
|
def enabled?
|
|
return false unless exist?
|
|
info['status'] == 'enabled'
|
|
end
|
|
|
|
# provide a method for each of the repo metadata items we know about
|
|
[
|
|
:baseurl,
|
|
:expire,
|
|
:filename,
|
|
:mirrors,
|
|
:pkgs,
|
|
:size,
|
|
:status,
|
|
:updated,
|
|
].each do |key|
|
|
define_method key do
|
|
info[key.to_s]
|
|
end
|
|
end
|
|
|
|
def to_s
|
|
"YumRepo #{@reponame}"
|
|
end
|
|
end
|
|
end
|