inspec-chef 0.3.2 → 0.3.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +10 -3
- data/lib/inspec-chef/input.rb +15 -3
- data/lib/inspec-chef/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cf13aeb2415399d3c00d3bf0e03f64aa6d46161dbcaf028f7ce9d105476b46c8
|
|
4
|
+
data.tar.gz: 9e721f499a57caf6ba16babc18c4e638a269db8fa6aa25f03048a0b3ef4049be
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1edb515f0338855b9c6a3b266a70c808b48fcf01b12b0e88f750e4a530be9770a01fefea0c67ea4145f04836b93e5af6668dcfdad2f29f8ab0ca5f6b76cd299b
|
|
7
|
+
data.tar.gz: '087bcae728e94fd4d4ea1c9f0f2774fe04c82b093bd5ecc61ffed86c61f9aedd757ca892fbf20293ce72f35560389699ca546a50908b8edf42421d2ef1198e96'
|
data/README.md
CHANGED
|
@@ -51,6 +51,11 @@ This plugin supports the following options:
|
|
|
51
51
|
| INSPEC_CHEF_CLIENT | chef_api_client | The name of the client of the Chef server to connect as |
|
|
52
52
|
| INSPEC_CHEF_KEY | chef_api_key | Path to the private certificate identifying the node |
|
|
53
53
|
|
|
54
|
+
Using this plugin with Windows instances is broken with `chef-api` versions up to 0.10.4 due
|
|
55
|
+
to a dependency issue within the deprecated `logify` gem. Versions starting with 0.10.5 use Chef's
|
|
56
|
+
native logging system and work on both Linux and Windows. Other versions will only work with Linux
|
|
57
|
+
instances.
|
|
58
|
+
|
|
54
59
|
## Configuration for TestKitchen
|
|
55
60
|
|
|
56
61
|
To allow for more dev/prod parity, this input plugin detects if it is called
|
|
@@ -69,9 +74,8 @@ suites:
|
|
|
69
74
|
install_flavor: "oracle"
|
|
70
75
|
```
|
|
71
76
|
|
|
72
|
-
Please note, that support for `load_plugins`
|
|
73
|
-
|
|
74
|
-
[kitchen-inspec PR #247 on GitHub](https://github.com/inspec/kitchen-inspec/pull/247) for finding official versions supporting this feature.
|
|
77
|
+
Please note, that support for `load_plugins` was introduced in version 1.3.2 of
|
|
78
|
+
the `kitchen-inspec` verifier plugin. Earlier versions are unable to load InSpec V2 plugins.
|
|
75
79
|
|
|
76
80
|
## Usage
|
|
77
81
|
|
|
@@ -130,3 +134,6 @@ is __not__ done on the clients tested, but the workstation executing InSpec.
|
|
|
130
134
|
`ipaddress`, `hostname` or `fqdn` fields. One case would be IPv6 target
|
|
131
135
|
nodes. Trying to resolve will result in error "Unable too lookup remote Chef
|
|
132
136
|
client name"
|
|
137
|
+
- Using TestKitchen to run InSpec from a Chef cookbook on a remote machine will
|
|
138
|
+
fail. As InSpec is not invoked as a verifier from within Kitchen, but as a
|
|
139
|
+
standalone binary, it cannot access the passed kitchen attributes and databags.
|
data/lib/inspec-chef/input.rb
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
require "chef-api"
|
|
2
2
|
require "jmespath"
|
|
3
|
+
require "json"
|
|
3
4
|
require "resolv"
|
|
4
5
|
require "uri"
|
|
5
6
|
|
|
@@ -31,8 +32,11 @@ module InspecPlugins
|
|
|
31
32
|
|
|
32
33
|
# Fetch method used for Input plugins
|
|
33
34
|
def fetch(_profile_name, input_uri)
|
|
35
|
+
logger.trace format("Inspec-Chef received query for input %<uri>s", uri: input_uri)
|
|
34
36
|
return nil unless valid_plugin_input?(input_uri)
|
|
35
37
|
|
|
38
|
+
logger.debug format("Inspec-Chef input schema detected")
|
|
39
|
+
|
|
36
40
|
connect_to_chef_server
|
|
37
41
|
|
|
38
42
|
input = parse_input(input_uri)
|
|
@@ -40,15 +44,18 @@ module InspecPlugins
|
|
|
40
44
|
data = get_databag_item(input[:object], input[:item])
|
|
41
45
|
elsif input[:type] == :node && input[:item] == "attributes"
|
|
42
46
|
# Search Chef node name, if no host given explicitly
|
|
43
|
-
input[:object] = get_clientname(scan_target) unless input[:object]
|
|
47
|
+
input[:object] = get_clientname(scan_target) unless input[:object] || inside_testkitchen?
|
|
44
48
|
|
|
45
49
|
data = get_attributes(input[:object])
|
|
46
50
|
end
|
|
47
51
|
|
|
48
|
-
|
|
52
|
+
# Quote components to allow "-" as part of search query.
|
|
53
|
+
# @see https://github.com/jmespath/jmespath.rb/issues/12
|
|
54
|
+
expression = input[:query].map { |component| '"' + component + '"' }.join(".")
|
|
55
|
+
result = JMESPath.search(expression, data)
|
|
49
56
|
raise format("Could not resolve value for %s, check if databag/item or attribute exist", input_uri) unless result
|
|
50
57
|
|
|
51
|
-
result
|
|
58
|
+
stringify(result)
|
|
52
59
|
end
|
|
53
60
|
|
|
54
61
|
private
|
|
@@ -101,6 +108,11 @@ module InspecPlugins
|
|
|
101
108
|
}
|
|
102
109
|
end
|
|
103
110
|
|
|
111
|
+
# Deeply stringify keys of Array/Hash
|
|
112
|
+
def stringify(result)
|
|
113
|
+
JSON.parse(JSON.dump(result))
|
|
114
|
+
end
|
|
115
|
+
|
|
104
116
|
# ========================================================================
|
|
105
117
|
# Interfacing with Inspec and Chef
|
|
106
118
|
|
data/lib/inspec-chef/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: inspec-chef
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Thomas Heinen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-04-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: chef-api
|