inspec-chef 0.3.2 → 0.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +10 -3
- data/lib/inspec-chef/input.rb +15 -3
- data/lib/inspec-chef/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cf13aeb2415399d3c00d3bf0e03f64aa6d46161dbcaf028f7ce9d105476b46c8
|
|
4
|
+
data.tar.gz: 9e721f499a57caf6ba16babc18c4e638a269db8fa6aa25f03048a0b3ef4049be
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1edb515f0338855b9c6a3b266a70c808b48fcf01b12b0e88f750e4a530be9770a01fefea0c67ea4145f04836b93e5af6668dcfdad2f29f8ab0ca5f6b76cd299b
|
|
7
|
+
data.tar.gz: '087bcae728e94fd4d4ea1c9f0f2774fe04c82b093bd5ecc61ffed86c61f9aedd757ca892fbf20293ce72f35560389699ca546a50908b8edf42421d2ef1198e96'
|
data/README.md
CHANGED
|
@@ -51,6 +51,11 @@ This plugin supports the following options:
|
|
|
51
51
|
| INSPEC_CHEF_CLIENT | chef_api_client | The name of the client of the Chef server to connect as |
|
|
52
52
|
| INSPEC_CHEF_KEY | chef_api_key | Path to the private certificate identifying the node |
|
|
53
53
|
|
|
54
|
+
Using this plugin with Windows instances is broken with `chef-api` versions up to 0.10.4 due
|
|
55
|
+
to a dependency issue within the deprecated `logify` gem. Versions starting with 0.10.5 use Chef's
|
|
56
|
+
native logging system and work on both Linux and Windows. Other versions will only work with Linux
|
|
57
|
+
instances.
|
|
58
|
+
|
|
54
59
|
## Configuration for TestKitchen
|
|
55
60
|
|
|
56
61
|
To allow for more dev/prod parity, this input plugin detects if it is called
|
|
@@ -69,9 +74,8 @@ suites:
|
|
|
69
74
|
install_flavor: "oracle"
|
|
70
75
|
```
|
|
71
76
|
|
|
72
|
-
Please note, that support for `load_plugins`
|
|
73
|
-
|
|
74
|
-
[kitchen-inspec PR #247 on GitHub](https://github.com/inspec/kitchen-inspec/pull/247) for finding official versions supporting this feature.
|
|
77
|
+
Please note, that support for `load_plugins` was introduced in version 1.3.2 of
|
|
78
|
+
the `kitchen-inspec` verifier plugin. Earlier versions are unable to load InSpec V2 plugins.
|
|
75
79
|
|
|
76
80
|
## Usage
|
|
77
81
|
|
|
@@ -130,3 +134,6 @@ is __not__ done on the clients tested, but the workstation executing InSpec.
|
|
|
130
134
|
`ipaddress`, `hostname` or `fqdn` fields. One case would be IPv6 target
|
|
131
135
|
nodes. Trying to resolve will result in error "Unable too lookup remote Chef
|
|
132
136
|
client name"
|
|
137
|
+
- Using TestKitchen to run InSpec from a Chef cookbook on a remote machine will
|
|
138
|
+
fail. As InSpec is not invoked as a verifier from within Kitchen, but as a
|
|
139
|
+
standalone binary, it cannot access the passed kitchen attributes and databags.
|
data/lib/inspec-chef/input.rb
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
require "chef-api"
|
|
2
2
|
require "jmespath"
|
|
3
|
+
require "json"
|
|
3
4
|
require "resolv"
|
|
4
5
|
require "uri"
|
|
5
6
|
|
|
@@ -31,8 +32,11 @@ module InspecPlugins
|
|
|
31
32
|
|
|
32
33
|
# Fetch method used for Input plugins
|
|
33
34
|
def fetch(_profile_name, input_uri)
|
|
35
|
+
logger.trace format("Inspec-Chef received query for input %<uri>s", uri: input_uri)
|
|
34
36
|
return nil unless valid_plugin_input?(input_uri)
|
|
35
37
|
|
|
38
|
+
logger.debug format("Inspec-Chef input schema detected")
|
|
39
|
+
|
|
36
40
|
connect_to_chef_server
|
|
37
41
|
|
|
38
42
|
input = parse_input(input_uri)
|
|
@@ -40,15 +44,18 @@ module InspecPlugins
|
|
|
40
44
|
data = get_databag_item(input[:object], input[:item])
|
|
41
45
|
elsif input[:type] == :node && input[:item] == "attributes"
|
|
42
46
|
# Search Chef node name, if no host given explicitly
|
|
43
|
-
input[:object] = get_clientname(scan_target) unless input[:object]
|
|
47
|
+
input[:object] = get_clientname(scan_target) unless input[:object] || inside_testkitchen?
|
|
44
48
|
|
|
45
49
|
data = get_attributes(input[:object])
|
|
46
50
|
end
|
|
47
51
|
|
|
48
|
-
|
|
52
|
+
# Quote components to allow "-" as part of search query.
|
|
53
|
+
# @see https://github.com/jmespath/jmespath.rb/issues/12
|
|
54
|
+
expression = input[:query].map { |component| '"' + component + '"' }.join(".")
|
|
55
|
+
result = JMESPath.search(expression, data)
|
|
49
56
|
raise format("Could not resolve value for %s, check if databag/item or attribute exist", input_uri) unless result
|
|
50
57
|
|
|
51
|
-
result
|
|
58
|
+
stringify(result)
|
|
52
59
|
end
|
|
53
60
|
|
|
54
61
|
private
|
|
@@ -101,6 +108,11 @@ module InspecPlugins
|
|
|
101
108
|
}
|
|
102
109
|
end
|
|
103
110
|
|
|
111
|
+
# Deeply stringify keys of Array/Hash
|
|
112
|
+
def stringify(result)
|
|
113
|
+
JSON.parse(JSON.dump(result))
|
|
114
|
+
end
|
|
115
|
+
|
|
104
116
|
# ========================================================================
|
|
105
117
|
# Interfacing with Inspec and Chef
|
|
106
118
|
|
data/lib/inspec-chef/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: inspec-chef
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Thomas Heinen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-04-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: chef-api
|