inspec-chef 0.3.1 → 0.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5d92257a6fe51e2e753b38cec027da0e1d81578cf9cd96bc941e17ffbf2957ab
-  data.tar.gz: 93d8dea2ff6a1f8d8040543e4bccb4316001c017459cb392f12edaf49ec33633
+  metadata.gz: 29c070e9e924069b6c2f7418bdfd8164b0c69f9ae3ad7447928b3cdb99ca6e30
+  data.tar.gz: 875794f04d148b86a41a401c481bc0fb53e6b398059668fc1d307820e4b285ff
 SHA512:
-  metadata.gz: c43fc11316341123dfff07d7eb1d8afe4515d53ab4f0bb7c8d36cb5e7f94683dad316be341d79fbd3f484f23dabdd554e5ae17bacef97e6b02fa17fc8422c09c
-  data.tar.gz: de6d24d7ed8d75e6f297d9ca30605db58009308b1e09397f9f8c46413f173037501cec8afb2533665fb7b98b7e2d881e056d4ce77b748d824b36f7275142fab7
+  metadata.gz: e87dee841335d6e05a96cdb2d74bd8a77b7b975d9a54f73a0eae94766cb7def48adc20291ea821d0b3d51096b9cb4b5ad1419d8105f9f253a784d22f06b42f02
+  data.tar.gz: 47360a9eb493ddf659535f7f59b3810bd271a2ba49b3e84677e3cc4c6e936b7273eb764d211fc7d8d4ad6272cc2a027311f46c4690eb7aabd4cff03637a8fcd2

data/Gemfile

@@ -9,6 +9,7 @@ group :development do
   gem "chefstyle", "0.13.0"
   gem "m"
   gem "bundler"
+  gem "minitest"
   gem "rake"
   gem "rubocop"
 end

data/inspec-chef.gemspec

@@ -38,4 +38,5 @@ Gem::Specification.new do |spec|
   spec.add_dependency "jmespath", "~> 1.4"
 
   spec.add_development_dependency "bump", "~> 0.8"
+  spec.add_development_dependency "minitest", "~> 5.11"
 end

data/lib/inspec-chef/input.rb

@@ -3,191 +3,223 @@ require "jmespath"
 require "resolv"
 require "uri"
 
-module InspecPlugins::Chef
-  class Input < Inspec.plugin(2, :input)
-    VALID_PATTERNS = [
-      Regexp.new("^databag://[^/]+/[^/]+/.+$"),
-      Regexp.new("^node://[^/]*/attributes/.+$"),
-    ].freeze
-
-    attr_reader :plugin_conf, :chef_endpoint, :chef_client, :chef_api_key
-    attr_reader :chef_api
-
-    # Set up new class
-    def initialize
-      @plugin_conf = Inspec::Config.cached.fetch_plugin_config("inspec-chef")
-    end
+module InspecPlugins
+  module Chef
+    class Input < Inspec.plugin(2, :input)
+      VALID_PATTERNS = [
+        Regexp.new("^databag://[^/]+/[^/]+/.+$"),
+        Regexp.new("^node://[^/]*/attributes/.+$"),
+      ].freeze
+
+      attr_reader :chef_server
 
-    # Fetch method used for Input plugins
-    def fetch(_profile_name, input_uri)
-      return nil unless valid_plugin_input? input_uri
+      # ========================================================================
+      # Dependency Injection
 
-      connect_to_chef_server
+      attr_writer :inspec_config, :logger
 
-      input = parse_input(input_uri)
-      if input[:type] == :databag
-        data = get_databag_item(input[:object], input[:item])
-      elsif input[:type] == :node
-        data = get_attributes(input[:object]) if input[:item] == "attributes"
+      def inspec_config
+        @inspec_config ||= Inspec::Config.cached
       end
 
-      result = JMESPath.search(input[:query].join("."), data)
-      raise format("Could not resolve value for %s, check if databag/item or attribute exist", input_uri) if result.nil?
+      def logger
+        @logger ||= Inspec::Log
+      end
 
-      result
-    end
+      # ========================================================================
+      # Input Plugin API
 
-    private
+      # Fetch method used for Input plugins
+      def fetch(_profile_name, input_uri)
+        return nil unless valid_plugin_input?(input_uri)
 
-    # Check if this is called from within TestKitchen
-    def inside_testkitchen?
-      !! defined?(::Kitchen::Logger)
-    end
+        connect_to_chef_server
 
-    # Check if this is an IP
-    def ip?(ip_or_name)
-      # Get address always returns an IP, so if nothing changes this was one
-      Resolv.getaddress(ip_or_name) == ip_or_name
-    rescue Resolv::ResolvError
-      false
-    end
+        input = parse_input(input_uri)
+        if input[:type] == :databag
+          data = get_databag_item(input[:object], input[:item])
+        elsif input[:type] == :node && input[:item] == "attributes"
+          # Search Chef node name, if no host given explicitly
+          input[:object] = get_clientname(scan_target) unless input[:object]
 
-    # Check if this is an FQDN
-    def fqdn?(ip_or_name)
-      # If it is not an IP but contains a Dot, it is an FQDN
-      !ip?(ip_or_name) && ip_or_name.include?(".")
-    end
+          data = get_attributes(input[:object])
+        end
 
-    # Reach for Kitchen data and return its evaluated config
-    def kitchen_provisioner_config
-      require "binding_of_caller"
-      kitchen = binding.callers.find { |b| b.frame_description == "verify" }.receiver
+        result = JMESPath.search(input[:query].join("."), data)
+        raise format("Could not resolve value for %s, check if databag/item or attribute exist", input_uri) unless result
 
-      kitchen.provisioner.send(:provided_config)
-    end
+        result
+      end
 
-    # Get plugin setting via environment, config file or default
-    def fetch_plugin_setting(setting_name, default = nil)
-      env_var_name = "INSPEC_CHEF_#{setting_name.upcase}"
-      config_name = "chef_api_#{setting_name.downcase}"
-      ENV[env_var_name] || plugin_conf[config_name] || default
-    end
+      private
 
-    # Get remote address for this scan from InSpec
-    def inspec_target
-      target = Inspec::Config.cached.final_options["target"]
-      URI.parse(target)&.host
-    end
+      # ========================================================================
+      # Helper Methods
 
-    # Establish a Chef Server connection
-    def connect_to_chef_server
-      # From within TestKitchen we need no Chef Server connection
-      if defined?(Kitchen)
-        Inspec::Log.info "Running from TestKitchen, using provisioner settings instead of Chef Server"
+      # Check if this is called from within TestKitchen
+      def inside_testkitchen?
+        !! defined?(::Kitchen)
+      end
 
-      # Only connect once
-      elsif !connected?
-        @chef_endpoint = fetch_plugin_setting("endpoint")
-        @chef_client   = fetch_plugin_setting("client")
-        @chef_api_key  = fetch_plugin_setting("key")
+      # Check if this is an IP
+      def ip?(ip_or_name)
+        # Get address always returns an IP, so if nothing changes this was one
+        Resolv.getaddress(ip_or_name) == ip_or_name
+      rescue Resolv::ResolvError
+        false
+      end
 
-        if chef_endpoint.nil? || chef_client.nil? || chef_api_key.nil?
-          raise "ERROR: Plugin inspec-chef needs configuration of chef endpoint, client name and api key."
-        end
+      # Check if this is an FQDN
+      def fqdn?(ip_or_name)
+        # If it is not an IP but contains a Dot, it is an FQDN
+        !ip?(ip_or_name) && ip_or_name.include?(".")
+      end
 
-        @chef_api ||= ChefAPI::Connection.new(
-          endpoint: chef_endpoint,
-          client:   chef_client,
-          key:      chef_api_key
-        )
+      # Merge attributes in hierarchy like Chef
+      def merge_attributes(data)
+        data.fetch("default", {})
+          .merge(data.fetch("normal", {}))
+          .merge(data.fetch("override", {}))
+          .merge(data.fetch("automatic", {}))
+      end
 
-        Inspec::Log.debug format("Connected to %s as client %s", chef_endpoint, chef_client)
+      # Verify if input is valid for this plugin
+      def valid_plugin_input?(input)
+        VALID_PATTERNS.any? { |regex| regex.match? input }
       end
-    end
 
-    # Return if connection is established
-    def connected?
-      ! @chef_api.nil?
-    end
+      # Parse InSpec input name into Databag, Item and search query
+      def parse_input(input_uri)
+        uri = URI(input_uri)
+        item, *components = uri.path.slice(1..-1).split("/")
+
+        {
+          type: uri.scheme.to_sym,
+          object: uri.host,
+          item: item,
+          query: components,
+        }
+      end
 
-    # Retrieve a Databag item from Chef Server
-    def get_databag_item(databag, item)
-      unless inside_testkitchen?
-        unless chef_api.data_bags.any? { |k| k.name == databag }
-          raise format('Databag "%s" not found on Chef Infra Server', databag)
-        end
+      # ========================================================================
+      # Interfacing with Inspec and Chef
+
+      # Reach for Kitchen data and return its evaluated config
+      # @todo DI
+      def kitchen_provisioner_config
+        require "binding_of_caller"
+        kitchen = binding.callers.find { |b| b.frame_description == "verify" }.receiver
+
+        kitchen.provisioner.send(:provided_config)
+      end
 
-        chef_api.data_bag_item.fetch(item, bag: databag).data
-      else
-        config = kitchen_provisioner_config
-        filename = File.join(config[:data_bags_path], databag, item + ".json")
+      # Get plugin specific configuration
+      def plugin_conf
+        inspec_config.fetch_plugin_config("inspec-chef")
+      end
+
+      # Get plugin setting via environment, config file or default
+      def fetch_plugin_setting(setting_name, default = nil)
+        env_var_name = "INSPEC_CHEF_#{setting_name.upcase}"
+        config_name = "chef_api_#{setting_name.downcase}"
+        ENV[env_var_name] || plugin_conf[config_name] || default
+      end
+
+      # Get remote address for this scan from InSpec
+      def scan_target
+        target = inspec_config.final_options["target"]
+        URI.parse(target)&.host
+      end
+
+      # Establish a Chef Server connection
+      def connect_to_chef_server
+        # From within TestKitchen we need no Chef Server connection
+        if inside_testkitchen?
+          logger.info "Running from TestKitchen, using provisioner settings instead of Chef Server"
 
-        begin
-          return JSON.load(File.read(filename))
-        rescue
-          raise format("Error accessing databag file %s, check TestKitchen configuration", filename)
+        # Only connect once
+        elsif !server_connected?
+          @plugin_conf = inspec_config.fetch_plugin_config("inspec-chef")
+
+          chef_endpoint = fetch_plugin_setting("endpoint")
+          chef_client   = fetch_plugin_setting("client")
+          chef_api_key  = fetch_plugin_setting("key")
+
+          unless chef_endpoint && chef_client && chef_api_key
+            raise "ERROR: Plugin inspec-chef needs configuration of chef endpoint, client name and api key."
+          end
+
+          # @todo: DI this
+          @chef_server ||= ChefAPI::Connection.new(
+            endpoint: chef_endpoint,
+            client:   chef_client,
+            key:      chef_api_key
+          )
+
+          logger.debug format("Connected to %s as client %s", chef_endpoint, chef_client)
         end
       end
-    end
 
-    # Retrieve attributes of a node
-    def get_attributes(node)
-      unless inside_testkitchen?
-        data = get_search(:node, "name:#{node}")
+      # Return if connection is established
+      def server_connected?
+        ! chef_server.nil?
+      end
 
-        merge_attributes(data)
-      else
-        kitchen_provisioner_config[:attributes]
+      # Low-level Chef search expression
+      def get_search(index, expression)
+        chef_server.search.query(index, expression, rows: 1).rows.first
       end
-    end
 
-    # Try to look up Chef Client name by the address requested
-    def get_clientname(ip_or_name)
-      query = "hostname:%<address>s"
-      query = "ipaddress:%<address>s" if ip?(ip_or_name)
-      query = "fqdn:%<address>s" if fqdn?(ip_or_name)
-      result = get_search(:node, format(query, address: ip_or_name))
-      Inspec::Log.debug format("Automatic lookup of node name (IPv4 or hostname) returned: %s", result&.fetch("name") || "(nothing)")
-
-      # Try EC2 lookup, if nothing found (assuming public IP)
-      if result.nil?
-        query = "ec2_public_ipv4:%<address>s OR ec2_public_hostname:%<address>s"
-        result = get_search(:node, format(query, address: ip_or_name))
-        Inspec::Log.debug format("Automatic lookup of node name (EC2 public IPv4 or hostname) returned: %s", result&.fetch("name"))
+      # Retrieve a Databag item from Chef Server
+      def get_databag_item(databag, item)
+        unless inside_testkitchen?
+          unless chef_server.data_bags.any? { |k| k.name == databag }
+            raise format('Databag "%s" not found on Chef Infra Server', databag)
+          end
+
+          chef_server.data_bag_item.fetch(item, bag: databag).data
+        else
+          config = kitchen_provisioner_config
+          filename = File.join(config[:data_bags_path], databag, item + ".json")
+
+          begin
+            return JSON.load(File.read(filename))
+          rescue
+            raise format("Error accessing databag file %s, check TestKitchen configuration", filename)
+          end
+        end
       end
 
-      # This will fail for cases like trying to connect to IPv6, so it will
-      # need extension in the future
+      # Retrieve attributes of a node
+      def get_attributes(node)
+        unless inside_testkitchen?
+          data = get_search(:node, "name:#{node}")
 
-      result&.fetch("name") || raise(format("Unable too lookup remote Chef client name from %s", ip_or_name))
-    end
+          merge_attributes(data)
+        else
+          kitchen_provisioner_config[:attributes]
+        end
+      end
 
-    # Low-level Chef search expression
-    def get_search(index, expression)
-      chef_api.search.query(index, expression, rows: 1).rows.first
-    end
+      # Try to look up Chef Client name by the address requested
+      def get_clientname(ip_or_name)
+        query = "hostname:%<address>s"
+        query = "ipaddress:%<address>s" if ip?(ip_or_name)
+        query = "fqdn:%<address>s" if fqdn?(ip_or_name)
+        result = get_search(:node, format(query, address: ip_or_name))
+        logger.debug format("Automatic lookup of node name (IPv4 or hostname) returned: %s", result&.fetch("name") || "(nothing)")
 
-    # Merge attributes in hierarchy like Chef
-    def merge_attributes(data)
-      data["default"].merge(data["normal"]).merge(data["override"]).merge(data["automatic"])
-    end
+        # Try EC2 lookup, if nothing found (assuming public IP)
+        unless result
+          query = "ec2_public_ipv4:%<address>s OR ec2_public_hostname:%<address>s"
+          result = get_search(:node, format(query, address: ip_or_name))
+          logger.debug format("Automatic lookup of node name (EC2 public IPv4 or hostname) returned: %s", result&.fetch("name"))
+        end
 
-    # Verify if input is valid for this plugin
-    def valid_plugin_input?(input)
-      VALID_PATTERNS.any? { |regex| regex.match? input }
-    end
+        # This will fail for cases like trying to connect to IPv6, so it will need extension in the future
 
-    # Parse InSpec input name into Databag, Item and search query
-    def parse_input(input_uri)
-      uri = URI(input_uri)
-      item, *components = uri.path.slice(1..-1).split("/")
-
-      {
-        type: uri.scheme.to_sym,
-        object: uri.host || get_clientname(inspec_target),
-        item: item,
-        query: components,
-      }
+        result&.fetch("name") || raise(format("Unable too lookup remote Chef client name from %s", ip_or_name))
+      end
     end
   end
 end

data/lib/inspec-chef/version.rb

@@ -5,6 +5,6 @@
 # to learn the current version.
 module InspecPlugins
   module Chef
-    VERSION = "0.3.1".freeze
+    VERSION = "0.3.2".freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-chef
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.3.2
 platform: ruby
 authors:
 - Thomas Heinen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-01-23 00:00:00.000000000 Z
+date: 2020-01-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-api
@@ -52,6 +52,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.11'
 description: This plugin allows InSpec 'inputs' to be provided by Chef Server.
 email:
 - theinen@tecracer.de