inspec-core 2.1.67
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CHANGELOG.md +3136 -0
- data/Gemfile +56 -0
- data/LICENSE +14 -0
- data/MAINTAINERS.md +33 -0
- data/MAINTAINERS.toml +52 -0
- data/README.md +453 -0
- data/bin/inspec +12 -0
- data/docs/.gitignore +2 -0
- data/docs/README.md +40 -0
- data/docs/dev/control-eval.md +62 -0
- data/docs/dsl_inspec.md +258 -0
- data/docs/dsl_resource.md +100 -0
- data/docs/glossary.md +99 -0
- data/docs/habitat.md +192 -0
- data/docs/inspec_and_friends.md +114 -0
- data/docs/matchers.md +169 -0
- data/docs/migration.md +293 -0
- data/docs/platforms.md +119 -0
- data/docs/plugin_kitchen_inspec.md +50 -0
- data/docs/profiles.md +378 -0
- data/docs/reporters.md +105 -0
- data/docs/resources/aide_conf.md.erb +76 -0
- data/docs/resources/apache.md.erb +67 -0
- data/docs/resources/apache_conf.md.erb +68 -0
- data/docs/resources/apt.md.erb +71 -0
- data/docs/resources/audit_policy.md.erb +47 -0
- data/docs/resources/auditd.md.erb +79 -0
- data/docs/resources/auditd_conf.md.erb +68 -0
- data/docs/resources/bash.md.erb +75 -0
- data/docs/resources/bond.md.erb +90 -0
- data/docs/resources/bridge.md.erb +57 -0
- data/docs/resources/bsd_service.md.erb +67 -0
- data/docs/resources/chocolatey_package.md.erb +58 -0
- data/docs/resources/command.md.erb +138 -0
- data/docs/resources/cpan.md.erb +79 -0
- data/docs/resources/cran.md.erb +64 -0
- data/docs/resources/crontab.md.erb +89 -0
- data/docs/resources/csv.md.erb +54 -0
- data/docs/resources/dh_params.md.erb +205 -0
- data/docs/resources/directory.md.erb +30 -0
- data/docs/resources/docker.md.erb +219 -0
- data/docs/resources/docker_container.md.erb +103 -0
- data/docs/resources/docker_image.md.erb +94 -0
- data/docs/resources/docker_service.md.erb +114 -0
- data/docs/resources/elasticsearch.md.erb +242 -0
- data/docs/resources/etc_fstab.md.erb +125 -0
- data/docs/resources/etc_group.md.erb +75 -0
- data/docs/resources/etc_hosts.md.erb +78 -0
- data/docs/resources/etc_hosts_allow.md.erb +74 -0
- data/docs/resources/etc_hosts_deny.md.erb +74 -0
- data/docs/resources/file.md.erb +526 -0
- data/docs/resources/filesystem.md.erb +41 -0
- data/docs/resources/firewalld.md.erb +107 -0
- data/docs/resources/gem.md.erb +79 -0
- data/docs/resources/group.md.erb +61 -0
- data/docs/resources/grub_conf.md.erb +101 -0
- data/docs/resources/host.md.erb +86 -0
- data/docs/resources/http.md.erb +197 -0
- data/docs/resources/iis_app.md.erb +122 -0
- data/docs/resources/iis_site.md.erb +135 -0
- data/docs/resources/inetd_conf.md.erb +94 -0
- data/docs/resources/ini.md.erb +76 -0
- data/docs/resources/interface.md.erb +58 -0
- data/docs/resources/iptables.md.erb +64 -0
- data/docs/resources/json.md.erb +63 -0
- data/docs/resources/kernel_module.md.erb +120 -0
- data/docs/resources/kernel_parameter.md.erb +53 -0
- data/docs/resources/key_rsa.md.erb +85 -0
- data/docs/resources/launchd_service.md.erb +57 -0
- data/docs/resources/limits_conf.md.erb +75 -0
- data/docs/resources/login_defs.md.erb +71 -0
- data/docs/resources/mount.md.erb +69 -0
- data/docs/resources/mssql_session.md.erb +60 -0
- data/docs/resources/mysql_conf.md.erb +99 -0
- data/docs/resources/mysql_session.md.erb +74 -0
- data/docs/resources/nginx.md.erb +79 -0
- data/docs/resources/nginx_conf.md.erb +138 -0
- data/docs/resources/npm.md.erb +60 -0
- data/docs/resources/ntp_conf.md.erb +60 -0
- data/docs/resources/oneget.md.erb +53 -0
- data/docs/resources/oracledb_session.md.erb +52 -0
- data/docs/resources/os.md.erb +141 -0
- data/docs/resources/os_env.md.erb +91 -0
- data/docs/resources/package.md.erb +120 -0
- data/docs/resources/packages.md.erb +67 -0
- data/docs/resources/parse_config.md.erb +103 -0
- data/docs/resources/parse_config_file.md.erb +138 -0
- data/docs/resources/passwd.md.erb +141 -0
- data/docs/resources/pip.md.erb +67 -0
- data/docs/resources/port.md.erb +137 -0
- data/docs/resources/postgres_conf.md.erb +79 -0
- data/docs/resources/postgres_hba_conf.md.erb +93 -0
- data/docs/resources/postgres_ident_conf.md.erb +76 -0
- data/docs/resources/postgres_session.md.erb +69 -0
- data/docs/resources/powershell.md.erb +102 -0
- data/docs/resources/processes.md.erb +109 -0
- data/docs/resources/rabbitmq_config.md.erb +41 -0
- data/docs/resources/registry_key.md.erb +158 -0
- data/docs/resources/runit_service.md.erb +57 -0
- data/docs/resources/security_policy.md.erb +47 -0
- data/docs/resources/service.md.erb +121 -0
- data/docs/resources/shadow.md.erb +146 -0
- data/docs/resources/ssh_config.md.erb +73 -0
- data/docs/resources/sshd_config.md.erb +83 -0
- data/docs/resources/ssl.md.erb +119 -0
- data/docs/resources/sys_info.md.erb +42 -0
- data/docs/resources/systemd_service.md.erb +57 -0
- data/docs/resources/sysv_service.md.erb +57 -0
- data/docs/resources/upstart_service.md.erb +57 -0
- data/docs/resources/user.md.erb +140 -0
- data/docs/resources/users.md.erb +127 -0
- data/docs/resources/vbscript.md.erb +55 -0
- data/docs/resources/virtualization.md.erb +57 -0
- data/docs/resources/windows_feature.md.erb +47 -0
- data/docs/resources/windows_hotfix.md.erb +53 -0
- data/docs/resources/windows_task.md.erb +95 -0
- data/docs/resources/wmi.md.erb +81 -0
- data/docs/resources/x509_certificate.md.erb +151 -0
- data/docs/resources/xinetd_conf.md.erb +156 -0
- data/docs/resources/xml.md.erb +85 -0
- data/docs/resources/yaml.md.erb +69 -0
- data/docs/resources/yum.md.erb +98 -0
- data/docs/resources/zfs_dataset.md.erb +53 -0
- data/docs/resources/zfs_pool.md.erb +47 -0
- data/docs/ruby_usage.md +203 -0
- data/docs/shared/matcher_be.md.erb +1 -0
- data/docs/shared/matcher_cmp.md.erb +43 -0
- data/docs/shared/matcher_eq.md.erb +3 -0
- data/docs/shared/matcher_include.md.erb +1 -0
- data/docs/shared/matcher_match.md.erb +1 -0
- data/docs/shell.md +217 -0
- data/examples/README.md +8 -0
- data/examples/inheritance/README.md +65 -0
- data/examples/inheritance/controls/example.rb +14 -0
- data/examples/inheritance/inspec.yml +15 -0
- data/examples/kitchen-ansible/.kitchen.yml +25 -0
- data/examples/kitchen-ansible/Gemfile +19 -0
- data/examples/kitchen-ansible/README.md +53 -0
- data/examples/kitchen-ansible/files/nginx.repo +6 -0
- data/examples/kitchen-ansible/tasks/main.yml +16 -0
- data/examples/kitchen-ansible/test/integration/default/default.yml +5 -0
- data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -0
- data/examples/kitchen-chef/.kitchen.yml +20 -0
- data/examples/kitchen-chef/Berksfile +3 -0
- data/examples/kitchen-chef/Gemfile +19 -0
- data/examples/kitchen-chef/README.md +27 -0
- data/examples/kitchen-chef/metadata.rb +7 -0
- data/examples/kitchen-chef/recipes/default.rb +6 -0
- data/examples/kitchen-chef/recipes/nginx.rb +30 -0
- data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -0
- data/examples/kitchen-puppet/.kitchen.yml +23 -0
- data/examples/kitchen-puppet/Gemfile +20 -0
- data/examples/kitchen-puppet/Puppetfile +25 -0
- data/examples/kitchen-puppet/README.md +53 -0
- data/examples/kitchen-puppet/manifests/site.pp +33 -0
- data/examples/kitchen-puppet/metadata.json +11 -0
- data/examples/kitchen-puppet/modules/.gitkeep +0 -0
- data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -0
- data/examples/meta-profile/README.md +37 -0
- data/examples/meta-profile/controls/example.rb +13 -0
- data/examples/meta-profile/inspec.yml +13 -0
- data/examples/profile-attribute.yml +2 -0
- data/examples/profile-attribute/README.md +14 -0
- data/examples/profile-attribute/controls/example.rb +11 -0
- data/examples/profile-attribute/inspec.yml +8 -0
- data/examples/profile-sensitive/README.md +29 -0
- data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -0
- data/examples/profile-sensitive/controls/sensitive.rb +9 -0
- data/examples/profile-sensitive/inspec.yml +8 -0
- data/examples/profile/README.md +48 -0
- data/examples/profile/controls/example.rb +23 -0
- data/examples/profile/controls/gordon.rb +36 -0
- data/examples/profile/controls/meta.rb +34 -0
- data/examples/profile/inspec.yml +10 -0
- data/examples/profile/libraries/gordon_config.rb +59 -0
- data/inspec-core.gemspec +43 -0
- data/lib/bundles/README.md +3 -0
- data/lib/bundles/inspec-artifact.rb +7 -0
- data/lib/bundles/inspec-artifact/README.md +1 -0
- data/lib/bundles/inspec-artifact/cli.rb +277 -0
- data/lib/bundles/inspec-compliance.rb +16 -0
- data/lib/bundles/inspec-compliance/.kitchen.yml +20 -0
- data/lib/bundles/inspec-compliance/README.md +193 -0
- data/lib/bundles/inspec-compliance/api.rb +360 -0
- data/lib/bundles/inspec-compliance/api/login.rb +193 -0
- data/lib/bundles/inspec-compliance/bootstrap.sh +41 -0
- data/lib/bundles/inspec-compliance/cli.rb +260 -0
- data/lib/bundles/inspec-compliance/configuration.rb +103 -0
- data/lib/bundles/inspec-compliance/http.rb +125 -0
- data/lib/bundles/inspec-compliance/images/cc-token.png +0 -0
- data/lib/bundles/inspec-compliance/support.rb +36 -0
- data/lib/bundles/inspec-compliance/target.rb +106 -0
- data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -0
- data/lib/bundles/inspec-habitat.rb +12 -0
- data/lib/bundles/inspec-habitat/cli.rb +36 -0
- data/lib/bundles/inspec-habitat/log.rb +10 -0
- data/lib/bundles/inspec-habitat/profile.rb +391 -0
- data/lib/bundles/inspec-init.rb +8 -0
- data/lib/bundles/inspec-init/README.md +31 -0
- data/lib/bundles/inspec-init/cli.rb +97 -0
- data/lib/bundles/inspec-init/templates/profile/README.md +3 -0
- data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -0
- data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -0
- data/lib/bundles/inspec-init/templates/profile/libraries/.gitkeep +0 -0
- data/lib/bundles/inspec-supermarket.rb +13 -0
- data/lib/bundles/inspec-supermarket/README.md +45 -0
- data/lib/bundles/inspec-supermarket/api.rb +84 -0
- data/lib/bundles/inspec-supermarket/cli.rb +73 -0
- data/lib/bundles/inspec-supermarket/target.rb +34 -0
- data/lib/fetchers/git.rb +163 -0
- data/lib/fetchers/local.rb +74 -0
- data/lib/fetchers/mock.rb +35 -0
- data/lib/fetchers/url.rb +247 -0
- data/lib/inspec.rb +24 -0
- data/lib/inspec/archive/tar.rb +29 -0
- data/lib/inspec/archive/zip.rb +19 -0
- data/lib/inspec/backend.rb +93 -0
- data/lib/inspec/base_cli.rb +368 -0
- data/lib/inspec/cached_fetcher.rb +66 -0
- data/lib/inspec/cli.rb +292 -0
- data/lib/inspec/completions/bash.sh.erb +45 -0
- data/lib/inspec/completions/fish.sh.erb +34 -0
- data/lib/inspec/completions/zsh.sh.erb +61 -0
- data/lib/inspec/control_eval_context.rb +179 -0
- data/lib/inspec/dependencies/cache.rb +72 -0
- data/lib/inspec/dependencies/dependency_set.rb +92 -0
- data/lib/inspec/dependencies/lockfile.rb +115 -0
- data/lib/inspec/dependencies/requirement.rb +123 -0
- data/lib/inspec/dependencies/resolver.rb +86 -0
- data/lib/inspec/describe.rb +27 -0
- data/lib/inspec/dsl.rb +66 -0
- data/lib/inspec/dsl_shared.rb +33 -0
- data/lib/inspec/env_printer.rb +157 -0
- data/lib/inspec/errors.rb +14 -0
- data/lib/inspec/exceptions.rb +12 -0
- data/lib/inspec/expect.rb +45 -0
- data/lib/inspec/fetcher.rb +45 -0
- data/lib/inspec/file_provider.rb +275 -0
- data/lib/inspec/formatters.rb +3 -0
- data/lib/inspec/formatters/base.rb +259 -0
- data/lib/inspec/formatters/json_rspec.rb +20 -0
- data/lib/inspec/formatters/show_progress.rb +12 -0
- data/lib/inspec/library_eval_context.rb +58 -0
- data/lib/inspec/log.rb +11 -0
- data/lib/inspec/metadata.rb +247 -0
- data/lib/inspec/method_source.rb +24 -0
- data/lib/inspec/objects.rb +14 -0
- data/lib/inspec/objects/attribute.rb +75 -0
- data/lib/inspec/objects/control.rb +61 -0
- data/lib/inspec/objects/describe.rb +92 -0
- data/lib/inspec/objects/each_loop.rb +36 -0
- data/lib/inspec/objects/list.rb +15 -0
- data/lib/inspec/objects/or_test.rb +40 -0
- data/lib/inspec/objects/ruby_helper.rb +15 -0
- data/lib/inspec/objects/tag.rb +27 -0
- data/lib/inspec/objects/test.rb +87 -0
- data/lib/inspec/objects/value.rb +27 -0
- data/lib/inspec/plugins.rb +60 -0
- data/lib/inspec/plugins/cli.rb +24 -0
- data/lib/inspec/plugins/fetcher.rb +86 -0
- data/lib/inspec/plugins/resource.rb +135 -0
- data/lib/inspec/plugins/secret.rb +15 -0
- data/lib/inspec/plugins/source_reader.rb +40 -0
- data/lib/inspec/polyfill.rb +12 -0
- data/lib/inspec/profile.rb +513 -0
- data/lib/inspec/profile_context.rb +208 -0
- data/lib/inspec/profile_vendor.rb +66 -0
- data/lib/inspec/reporters.rb +60 -0
- data/lib/inspec/reporters/automate.rb +76 -0
- data/lib/inspec/reporters/base.rb +25 -0
- data/lib/inspec/reporters/cli.rb +356 -0
- data/lib/inspec/reporters/json.rb +116 -0
- data/lib/inspec/reporters/json_min.rb +48 -0
- data/lib/inspec/reporters/junit.rb +78 -0
- data/lib/inspec/require_loader.rb +33 -0
- data/lib/inspec/resource.rb +190 -0
- data/lib/inspec/rule.rb +280 -0
- data/lib/inspec/runner.rb +345 -0
- data/lib/inspec/runner_mock.rb +41 -0
- data/lib/inspec/runner_rspec.rb +175 -0
- data/lib/inspec/runtime_profile.rb +26 -0
- data/lib/inspec/schema.rb +213 -0
- data/lib/inspec/secrets.rb +19 -0
- data/lib/inspec/secrets/yaml.rb +30 -0
- data/lib/inspec/shell.rb +220 -0
- data/lib/inspec/shell_detector.rb +90 -0
- data/lib/inspec/source_reader.rb +29 -0
- data/lib/inspec/version.rb +8 -0
- data/lib/matchers/matchers.rb +339 -0
- data/lib/resources/aide_conf.rb +151 -0
- data/lib/resources/apache.rb +48 -0
- data/lib/resources/apache_conf.rb +149 -0
- data/lib/resources/apt.rb +149 -0
- data/lib/resources/audit_policy.rb +63 -0
- data/lib/resources/auditd.rb +231 -0
- data/lib/resources/auditd_conf.rb +46 -0
- data/lib/resources/bash.rb +35 -0
- data/lib/resources/bond.rb +69 -0
- data/lib/resources/bridge.rb +122 -0
- data/lib/resources/chocolatey_package.rb +78 -0
- data/lib/resources/command.rb +73 -0
- data/lib/resources/cpan.rb +58 -0
- data/lib/resources/cran.rb +64 -0
- data/lib/resources/crontab.rb +169 -0
- data/lib/resources/csv.rb +56 -0
- data/lib/resources/dh_params.rb +77 -0
- data/lib/resources/directory.rb +25 -0
- data/lib/resources/docker.rb +236 -0
- data/lib/resources/docker_container.rb +89 -0
- data/lib/resources/docker_image.rb +83 -0
- data/lib/resources/docker_object.rb +57 -0
- data/lib/resources/docker_service.rb +90 -0
- data/lib/resources/elasticsearch.rb +169 -0
- data/lib/resources/etc_fstab.rb +94 -0
- data/lib/resources/etc_group.rb +154 -0
- data/lib/resources/etc_hosts.rb +66 -0
- data/lib/resources/etc_hosts_allow_deny.rb +112 -0
- data/lib/resources/file.rb +298 -0
- data/lib/resources/filesystem.rb +31 -0
- data/lib/resources/firewalld.rb +143 -0
- data/lib/resources/gem.rb +70 -0
- data/lib/resources/groups.rb +215 -0
- data/lib/resources/grub_conf.rb +227 -0
- data/lib/resources/host.rb +306 -0
- data/lib/resources/http.rb +253 -0
- data/lib/resources/iis_app.rb +101 -0
- data/lib/resources/iis_site.rb +148 -0
- data/lib/resources/inetd_conf.rb +54 -0
- data/lib/resources/ini.rb +29 -0
- data/lib/resources/interface.rb +129 -0
- data/lib/resources/iptables.rb +80 -0
- data/lib/resources/json.rb +111 -0
- data/lib/resources/kernel_module.rb +107 -0
- data/lib/resources/kernel_parameter.rb +58 -0
- data/lib/resources/key_rsa.rb +63 -0
- data/lib/resources/limits_conf.rb +46 -0
- data/lib/resources/login_def.rb +57 -0
- data/lib/resources/mount.rb +88 -0
- data/lib/resources/mssql_session.rb +101 -0
- data/lib/resources/mysql.rb +82 -0
- data/lib/resources/mysql_conf.rb +127 -0
- data/lib/resources/mysql_session.rb +85 -0
- data/lib/resources/nginx.rb +96 -0
- data/lib/resources/nginx_conf.rb +226 -0
- data/lib/resources/npm.rb +48 -0
- data/lib/resources/ntp_conf.rb +51 -0
- data/lib/resources/oneget.rb +71 -0
- data/lib/resources/oracledb_session.rb +139 -0
- data/lib/resources/os.rb +36 -0
- data/lib/resources/os_env.rb +86 -0
- data/lib/resources/package.rb +370 -0
- data/lib/resources/packages.rb +111 -0
- data/lib/resources/parse_config.rb +112 -0
- data/lib/resources/passwd.rb +76 -0
- data/lib/resources/pip.rb +130 -0
- data/lib/resources/platform.rb +109 -0
- data/lib/resources/port.rb +771 -0
- data/lib/resources/postgres.rb +131 -0
- data/lib/resources/postgres_conf.rb +114 -0
- data/lib/resources/postgres_hba_conf.rb +90 -0
- data/lib/resources/postgres_ident_conf.rb +79 -0
- data/lib/resources/postgres_session.rb +71 -0
- data/lib/resources/powershell.rb +67 -0
- data/lib/resources/processes.rb +204 -0
- data/lib/resources/rabbitmq_conf.rb +51 -0
- data/lib/resources/registry_key.rb +297 -0
- data/lib/resources/security_policy.rb +180 -0
- data/lib/resources/service.rb +794 -0
- data/lib/resources/shadow.rb +159 -0
- data/lib/resources/ssh_conf.rb +97 -0
- data/lib/resources/ssl.rb +99 -0
- data/lib/resources/sys_info.rb +28 -0
- data/lib/resources/toml.rb +32 -0
- data/lib/resources/users.rb +654 -0
- data/lib/resources/vbscript.rb +68 -0
- data/lib/resources/virtualization.rb +247 -0
- data/lib/resources/windows_feature.rb +84 -0
- data/lib/resources/windows_hotfix.rb +35 -0
- data/lib/resources/windows_task.rb +102 -0
- data/lib/resources/wmi.rb +110 -0
- data/lib/resources/x509_certificate.rb +137 -0
- data/lib/resources/xinetd.rb +106 -0
- data/lib/resources/xml.rb +46 -0
- data/lib/resources/yaml.rb +43 -0
- data/lib/resources/yum.rb +180 -0
- data/lib/resources/zfs_dataset.rb +60 -0
- data/lib/resources/zfs_pool.rb +49 -0
- data/lib/source_readers/flat.rb +39 -0
- data/lib/source_readers/inspec.rb +75 -0
- data/lib/utils/command_wrapper.rb +27 -0
- data/lib/utils/convert.rb +12 -0
- data/lib/utils/database_helpers.rb +77 -0
- data/lib/utils/enumerable_delegation.rb +9 -0
- data/lib/utils/erlang_parser.rb +192 -0
- data/lib/utils/file_reader.rb +25 -0
- data/lib/utils/filter.rb +273 -0
- data/lib/utils/filter_array.rb +27 -0
- data/lib/utils/find_files.rb +47 -0
- data/lib/utils/hash.rb +41 -0
- data/lib/utils/json_log.rb +18 -0
- data/lib/utils/latest_version.rb +22 -0
- data/lib/utils/modulator.rb +12 -0
- data/lib/utils/nginx_parser.rb +105 -0
- data/lib/utils/object_traversal.rb +49 -0
- data/lib/utils/parser.rb +274 -0
- data/lib/utils/pkey_reader.rb +15 -0
- data/lib/utils/plugin_registry.rb +93 -0
- data/lib/utils/simpleconfig.rb +120 -0
- data/lib/utils/spdx.rb +13 -0
- data/lib/utils/spdx.txt +344 -0
- metadata +713 -0
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
_inspec() {
|
|
2
|
+
local _inspec_top_level_commands="<%= top_level_commands.join(" ") %>"
|
|
3
|
+
<% subcommands_with_commands.each do |name, subcommands| -%>
|
|
4
|
+
local _inspec_<%= name %>_commands="<%= subcommands.join(" ") -%>"
|
|
5
|
+
<% end -%>
|
|
6
|
+
|
|
7
|
+
cur=${COMP_WORDS[COMP_CWORD]}
|
|
8
|
+
prev=${COMP_WORDS[COMP_CWORD-1]}
|
|
9
|
+
|
|
10
|
+
if [ "$COMP_CWORD" -eq 1 ]; then
|
|
11
|
+
case "$prev" in
|
|
12
|
+
inspec)
|
|
13
|
+
COMPREPLY=( $( compgen -W "$_inspec_top_level_commands" -- "$cur" ) )
|
|
14
|
+
;;
|
|
15
|
+
esac
|
|
16
|
+
elif [ "$COMP_CWORD" -eq 2 ]; then
|
|
17
|
+
case "$prev" in
|
|
18
|
+
archive|check|exec|json)
|
|
19
|
+
COMPREPLY=( $( compgen -f -- "$cur" ) )
|
|
20
|
+
;;
|
|
21
|
+
help)
|
|
22
|
+
COMPREPLY=( $( compgen -W "$_inspec_top_level_commands" -- "$cur" ) )
|
|
23
|
+
;;
|
|
24
|
+
<% subcommands_with_commands.each do |name, subcommands| -%>
|
|
25
|
+
<%= name %>)
|
|
26
|
+
COMPREPLY=( $( compgen -W "$_inspec_<%= name %>_commands" -- "$cur" ) )
|
|
27
|
+
;;
|
|
28
|
+
<% end -%>
|
|
29
|
+
esac
|
|
30
|
+
elif [ "$COMP_CWORD" -eq 3 ]; then
|
|
31
|
+
prev2=${COMP_WORDS[COMP_CWORD-2]}
|
|
32
|
+
case "$prev2-$prev" in
|
|
33
|
+
compliance-upload)
|
|
34
|
+
COMPREPLY=( $( compgen -f -- "$cur" ) )
|
|
35
|
+
;;
|
|
36
|
+
<% subcommands_with_commands.each do |name, subcommands| -%>
|
|
37
|
+
<%= name %>-help)
|
|
38
|
+
COMPREPLY=( $( compgen -W "$_inspec_<%= name %>_commands" -- "$cur" ) )
|
|
39
|
+
;;
|
|
40
|
+
<% end -%>
|
|
41
|
+
esac
|
|
42
|
+
fi
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
complete -F _inspec inspec
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
function __fish_inspec_no_command --description 'Test if inspec has yet to be given the main command'
|
|
2
|
+
set -l cmd (commandline -opc)
|
|
3
|
+
test (count $cmd) -eq 1
|
|
4
|
+
end
|
|
5
|
+
|
|
6
|
+
function __fish_inspec_using_command
|
|
7
|
+
set -l cmd (commandline -opc)
|
|
8
|
+
set -q cmd[2]; and test "$argv[1]" = $cmd[2]
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
function __fish_inspec_using_command_and_no_subcommand
|
|
12
|
+
set -l cmd (commandline -opc)
|
|
13
|
+
test (count $cmd) -eq 2; and test "$argv[1]" = "$cmd[2]"
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
function __fish_inspec_using_subcommand --argument-names cmd_main cmd_sub
|
|
17
|
+
set -l cmd (commandline -opc)
|
|
18
|
+
set -q cmd[3]; and test "$cmd_main" = $cmd[2] -a "$cmd_sub" = $cmd[3]
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
<% top_level_commands_with_descriptions.each do |command_and_description| %>
|
|
22
|
+
<% command, description = command_and_description.split(':') %>
|
|
23
|
+
<% description.gsub!(/\\/, '') %>
|
|
24
|
+
# <%= command %> commands
|
|
25
|
+
complete -c inspec -f -n '__fish_inspec_no_command' -a <%= command %> -d "<%= description %>"
|
|
26
|
+
# <%= command %> help
|
|
27
|
+
complete -c inspec -f -n '__fish_inspec_using_command help' -a <%= command %> -d "<%= description %>"
|
|
28
|
+
|
|
29
|
+
<% (subcommands_with_commands_and_descriptions[command] || []).each do |command_and_description| %>
|
|
30
|
+
<% subcommand, description = command_and_description.split(':') %>
|
|
31
|
+
<% description.gsub!(/\\/, '') %>
|
|
32
|
+
complete -c inspec -f -n '__fish_inspec_using_command_and_no_subcommand <%= command %>' -a <%= subcommand %> -d "<%= description %>"
|
|
33
|
+
<% end %>
|
|
34
|
+
<% end %>
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
function _inspec() {
|
|
2
|
+
local curcontext="$curcontext" state line
|
|
3
|
+
typeset -A opt_args
|
|
4
|
+
|
|
5
|
+
local -a _top_level_commands <%= subcommands_with_commands_and_descriptions.keys.map {|i| "_#{i}_commands" }.join(' ') %>
|
|
6
|
+
|
|
7
|
+
_top_level_commands=(
|
|
8
|
+
<%= top_level_commands_with_descriptions.map {|i| " "*8 + "\"#{i}\"" }. join("\n") %>
|
|
9
|
+
)
|
|
10
|
+
|
|
11
|
+
<% subcommands_with_commands_and_descriptions.each do |name, entry| -%>
|
|
12
|
+
_<%= name %>_commands=(
|
|
13
|
+
<%= entry.map {|i| " "*8 + "\"#{i}\"" }.join("\n") %>
|
|
14
|
+
)
|
|
15
|
+
|
|
16
|
+
<% end -%>
|
|
17
|
+
_arguments '1:::->toplevel' && return 0
|
|
18
|
+
_arguments '2:::->subcommand' && return 0
|
|
19
|
+
_arguments '3:::->subsubcommand' && return 0
|
|
20
|
+
|
|
21
|
+
#
|
|
22
|
+
# Are you thinking? "Jeez, whoever wrote this really doesn't get
|
|
23
|
+
# zsh's completion system?" If so, you are correct. However, I
|
|
24
|
+
# have goodnews! Pull requests are accepted!
|
|
25
|
+
#
|
|
26
|
+
case $state in
|
|
27
|
+
toplevel)
|
|
28
|
+
_describe -t commands "InSpec subcommands" _top_level_commands
|
|
29
|
+
;;
|
|
30
|
+
subcommand)
|
|
31
|
+
case "$words[2]" in
|
|
32
|
+
archive|check|exec|json)
|
|
33
|
+
_alternative 'files:filenames:_files'
|
|
34
|
+
;;
|
|
35
|
+
help)
|
|
36
|
+
_describe -t commands "InSpec subcommands" _top_level_commands
|
|
37
|
+
;;
|
|
38
|
+
<% subcommands_with_commands_and_descriptions.each do |name, entry| -%>
|
|
39
|
+
<%= name %>)
|
|
40
|
+
_describe -t <%= name %>_commands "InSpec <%= name -%> subcommands" _<%= name %>_commands
|
|
41
|
+
;;
|
|
42
|
+
<% end -%>
|
|
43
|
+
esac
|
|
44
|
+
;;
|
|
45
|
+
subsubcommand)
|
|
46
|
+
case "$words[2]-$words[3]" in
|
|
47
|
+
compliance-upload)
|
|
48
|
+
_alternative 'files:filenames:_files'
|
|
49
|
+
;;
|
|
50
|
+
<% subcommands_with_commands_and_descriptions.each do |name, entry| -%>
|
|
51
|
+
<%= name %>-help)
|
|
52
|
+
_describe -t <%= name %>_commands "InSpec <%= name %> subcommands" _<%= name %>_commands
|
|
53
|
+
;;
|
|
54
|
+
<% end -%>
|
|
55
|
+
esac
|
|
56
|
+
|
|
57
|
+
esac
|
|
58
|
+
|
|
59
|
+
}
|
|
60
|
+
|
|
61
|
+
compdef _inspec inspec
|
|
@@ -0,0 +1,179 @@
|
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
# author: Dominik Richter
|
|
3
|
+
# author: Christoph Hartmann
|
|
4
|
+
require 'inspec/dsl'
|
|
5
|
+
require 'inspec/dsl_shared'
|
|
6
|
+
|
|
7
|
+
module Inspec
|
|
8
|
+
#
|
|
9
|
+
# ControlEvalContext constructs an anonymous class that control
|
|
10
|
+
# files will be instance_exec'd against.
|
|
11
|
+
#
|
|
12
|
+
# The anonymous class includes the given passed resource_dsl as well
|
|
13
|
+
# as the basic DSL of the control files (describe, control, title,
|
|
14
|
+
# etc).
|
|
15
|
+
#
|
|
16
|
+
class ControlEvalContext
|
|
17
|
+
# Create the context for controls. This includes all components of the DSL,
|
|
18
|
+
# including matchers and resources.
|
|
19
|
+
#
|
|
20
|
+
# @param [ResourcesDSL] resources_dsl which has all resources to attach
|
|
21
|
+
# @return [RuleContext] the inner context of rules
|
|
22
|
+
def self.rule_context(resources_dsl)
|
|
23
|
+
require 'rspec/core/dsl'
|
|
24
|
+
Class.new(Inspec::Rule) do
|
|
25
|
+
include RSpec::Core::DSL
|
|
26
|
+
with_resource_dsl resources_dsl
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
# Creates the heart of the control eval context:
|
|
31
|
+
#
|
|
32
|
+
# An instantiated object which has all resources registered to it
|
|
33
|
+
# and exposes them to the a test file.
|
|
34
|
+
#
|
|
35
|
+
# @param profile_context [Inspec::ProfileContext]
|
|
36
|
+
# @param outer_dsl [OuterDSLClass]
|
|
37
|
+
# @return [ProfileContextClass]
|
|
38
|
+
def self.create(profile_context, resources_dsl) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
|
|
39
|
+
rule_class = rule_context(resources_dsl)
|
|
40
|
+
profile_context_owner = profile_context
|
|
41
|
+
profile_id = profile_context.profile_id
|
|
42
|
+
|
|
43
|
+
Class.new do # rubocop:disable Metrics/BlockLength
|
|
44
|
+
include Inspec::DSL
|
|
45
|
+
include Inspec::DSL::RequireOverride
|
|
46
|
+
include resources_dsl
|
|
47
|
+
|
|
48
|
+
attr_accessor :skip_file
|
|
49
|
+
|
|
50
|
+
def initialize(backend, conf, dependencies, require_loader, skip_only_if_eval)
|
|
51
|
+
@backend = backend
|
|
52
|
+
@conf = conf
|
|
53
|
+
@dependencies = dependencies
|
|
54
|
+
@require_loader = require_loader
|
|
55
|
+
@skip_file = false
|
|
56
|
+
@skip_only_if_eval = skip_only_if_eval
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
define_method :title do |arg|
|
|
60
|
+
profile_context_owner.set_header(:title, arg)
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
def to_s
|
|
64
|
+
"Control Evaluation Context (#{profile_name})"
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
define_method :profile_name do
|
|
68
|
+
profile_id
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
define_method :control do |*args, &block|
|
|
72
|
+
id = args[0]
|
|
73
|
+
opts = args[1] || {}
|
|
74
|
+
opts[:skip_only_if_eval] = @skip_only_if_eval
|
|
75
|
+
register_control(rule_class.new(id, profile_id, opts, &block))
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
#
|
|
79
|
+
# Describe allows users to write rspec-like bare describe
|
|
80
|
+
# blocks without declaring an inclosing control. Here, we
|
|
81
|
+
# generate a control for them automatically and then execute
|
|
82
|
+
# the describe block in the context of that control.
|
|
83
|
+
#
|
|
84
|
+
define_method :describe do |*args, &block|
|
|
85
|
+
loc = block_location(block, caller(1..1).first)
|
|
86
|
+
id = "(generated from #{loc} #{SecureRandom.hex})"
|
|
87
|
+
|
|
88
|
+
res = nil
|
|
89
|
+
rule = rule_class.new(id, profile_id, {}) do
|
|
90
|
+
res = describe(*args, &block)
|
|
91
|
+
end
|
|
92
|
+
register_control(rule, &block)
|
|
93
|
+
|
|
94
|
+
res
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
define_method :add_resource do |name, new_res|
|
|
98
|
+
resources_dsl.module_exec do
|
|
99
|
+
define_method name.to_sym do |*args|
|
|
100
|
+
new_res.new(@backend, name.to_s, *args)
|
|
101
|
+
end
|
|
102
|
+
end
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
define_method :add_resources do |context|
|
|
106
|
+
self.class.class_eval do
|
|
107
|
+
include context.to_resources_dsl
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
rule_class.class_eval do
|
|
111
|
+
include context.to_resources_dsl
|
|
112
|
+
end
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
define_method :add_subcontext do |context|
|
|
116
|
+
profile_context_owner.add_subcontext(context)
|
|
117
|
+
end
|
|
118
|
+
|
|
119
|
+
define_method :register_control do |control, &block|
|
|
120
|
+
if @skip_file
|
|
121
|
+
::Inspec::Rule.set_skip_rule(control, true)
|
|
122
|
+
end
|
|
123
|
+
|
|
124
|
+
unless profile_context_owner.profile_supports_platform?
|
|
125
|
+
platform = inspec.platform
|
|
126
|
+
msg = "Profile #{profile_context_owner.profile_id} is not supported on platform #{platform.name}/#{platform.release}."
|
|
127
|
+
::Inspec::Rule.set_skip_rule(control, msg)
|
|
128
|
+
end
|
|
129
|
+
|
|
130
|
+
unless profile_context_owner.profile_supports_inspec_version?
|
|
131
|
+
msg = "Profile #{profile_context_owner.profile_id} is not supported on InSpec version (#{Inspec::VERSION})."
|
|
132
|
+
::Inspec::Rule.set_skip_rule(control, msg)
|
|
133
|
+
end
|
|
134
|
+
|
|
135
|
+
profile_context_owner.register_rule(control, &block) unless control.nil?
|
|
136
|
+
end
|
|
137
|
+
|
|
138
|
+
# method for attributes; import attribute handling
|
|
139
|
+
define_method :attribute do |name, options|
|
|
140
|
+
profile_context_owner.register_attribute(name, options)
|
|
141
|
+
end
|
|
142
|
+
|
|
143
|
+
define_method :skip_control do |id|
|
|
144
|
+
profile_context_owner.unregister_rule(id)
|
|
145
|
+
end
|
|
146
|
+
|
|
147
|
+
define_method :only_if do |&block|
|
|
148
|
+
return unless block
|
|
149
|
+
return if @skip_file == true
|
|
150
|
+
return if @skip_only_if_eval == true
|
|
151
|
+
|
|
152
|
+
return if block.yield == true
|
|
153
|
+
|
|
154
|
+
# Apply `set_skip_rule` for other rules in the same file
|
|
155
|
+
profile_context_owner.rules.values.each do |r|
|
|
156
|
+
sources_match = r.source_file == block.source_location[0]
|
|
157
|
+
Inspec::Rule.set_skip_rule(r, true) if sources_match
|
|
158
|
+
end
|
|
159
|
+
|
|
160
|
+
@skip_file = true
|
|
161
|
+
end
|
|
162
|
+
|
|
163
|
+
alias_method :rule, :control
|
|
164
|
+
alias_method :skip_rule, :skip_control
|
|
165
|
+
|
|
166
|
+
private
|
|
167
|
+
|
|
168
|
+
def block_location(block, alternate_caller)
|
|
169
|
+
if block.nil?
|
|
170
|
+
alternate_caller[/^(.+:\d+):in .+$/, 1] || 'unknown'
|
|
171
|
+
else
|
|
172
|
+
path, line = block.source_location
|
|
173
|
+
"#{File.basename(path)}:#{line}"
|
|
174
|
+
end
|
|
175
|
+
end
|
|
176
|
+
end
|
|
177
|
+
end
|
|
178
|
+
end
|
|
179
|
+
end
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
require 'fileutils'
|
|
3
|
+
|
|
4
|
+
module Inspec
|
|
5
|
+
#
|
|
6
|
+
# Inspec::Cache manages an on-disk cache of inspec profiles. The
|
|
7
|
+
# cache can contain:
|
|
8
|
+
#
|
|
9
|
+
# - .tar.gz profile archives
|
|
10
|
+
# - .zip profile archives
|
|
11
|
+
# - unpacked profiles
|
|
12
|
+
#
|
|
13
|
+
# Cache entries names include a hash of their source to prevent
|
|
14
|
+
# conflicts between depenedencies with the same name from different
|
|
15
|
+
# sources.
|
|
16
|
+
#
|
|
17
|
+
#
|
|
18
|
+
class Cache
|
|
19
|
+
attr_reader :path
|
|
20
|
+
def initialize(path = nil)
|
|
21
|
+
@path = path || File.join(Dir.home, '.inspec', 'cache')
|
|
22
|
+
FileUtils.mkdir_p(@path) unless File.directory?(@path)
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def prefered_entry_for(key)
|
|
26
|
+
path = base_path_for(key)
|
|
27
|
+
if File.directory?(path)
|
|
28
|
+
path
|
|
29
|
+
else
|
|
30
|
+
archive_entry_for(key)
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
def archive_entry_for(key)
|
|
35
|
+
path = base_path_for(key)
|
|
36
|
+
if File.exist?("#{path}.tar.gz")
|
|
37
|
+
"#{path}.tar.gz"
|
|
38
|
+
elsif File.exist?("#{path}.zip")
|
|
39
|
+
"#{path}.zip"
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
#
|
|
44
|
+
# For a given name and source_url, return true if the
|
|
45
|
+
# profile exists in the Cache.
|
|
46
|
+
#
|
|
47
|
+
# @param [String] name
|
|
48
|
+
# @param [String] source_url
|
|
49
|
+
# @return [Boolean]
|
|
50
|
+
#
|
|
51
|
+
def exists?(key)
|
|
52
|
+
return false if key.nil? || key.empty?
|
|
53
|
+
path = base_path_for(key)
|
|
54
|
+
File.directory?(path) || File.exist?("#{path}.tar.gz") || File.exist?("#{path}.zip")
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
#
|
|
58
|
+
# Return the path to given profile in the cache.
|
|
59
|
+
#
|
|
60
|
+
# The `source_url` parameter should be a URI-like string that
|
|
61
|
+
# fully specifies the source of the exact version we want to pull
|
|
62
|
+
# down.
|
|
63
|
+
#
|
|
64
|
+
# @param [String] name
|
|
65
|
+
# @param [String] source_url
|
|
66
|
+
# @return [String]
|
|
67
|
+
#
|
|
68
|
+
def base_path_for(cache_key)
|
|
69
|
+
File.join(@path, cache_key)
|
|
70
|
+
end
|
|
71
|
+
end
|
|
72
|
+
end
|
|
@@ -0,0 +1,92 @@
|
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
require 'inspec/dependencies/requirement'
|
|
3
|
+
require 'inspec/dependencies/resolver'
|
|
4
|
+
|
|
5
|
+
module Inspec
|
|
6
|
+
#
|
|
7
|
+
# A DependencySet manages a list of dependencies for a profile.
|
|
8
|
+
#
|
|
9
|
+
class DependencySet
|
|
10
|
+
#
|
|
11
|
+
# Return a dependency set given a lockfile.
|
|
12
|
+
#
|
|
13
|
+
# @param lockfile [Inspec::Lockfile] A lockfile to generate the dependency set from
|
|
14
|
+
# @param cwd [String] Current working directory for relative path includes
|
|
15
|
+
# @param vendor_path [String] Path to the vendor directory
|
|
16
|
+
#
|
|
17
|
+
def self.from_lockfile(lockfile, cwd, cache, backend, opts = {})
|
|
18
|
+
dep_tree = lockfile.deps.map do |dep|
|
|
19
|
+
Inspec::Requirement.from_lock_entry(dep, cwd, cache, backend, opts)
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
dep_list = flatten_dep_tree(dep_tree)
|
|
23
|
+
new(cwd, cache, dep_list, backend)
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def self.from_array(dependencies, cwd, cache, backend)
|
|
27
|
+
dep_list = {}
|
|
28
|
+
dependencies.each do |d|
|
|
29
|
+
dep_list[d.name] = d
|
|
30
|
+
end
|
|
31
|
+
new(cwd, cache, dep_list, backend)
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
# This is experimental code to test the working of the
|
|
35
|
+
# dependency loader - perform a proper dependency related search
|
|
36
|
+
# in the future.
|
|
37
|
+
#
|
|
38
|
+
# Flatten tree because that is all we know how to deal with for
|
|
39
|
+
# right now. Last dep seen for a given name wins right now.
|
|
40
|
+
def self.flatten_dep_tree(dep_tree)
|
|
41
|
+
dep_list = {}
|
|
42
|
+
dep_tree.each do |d|
|
|
43
|
+
dep_list[d.name] = d
|
|
44
|
+
dep_list.merge!(flatten_dep_tree(d.dependencies))
|
|
45
|
+
end
|
|
46
|
+
dep_list
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
attr_reader :vendor_path
|
|
50
|
+
attr_writer :dep_list
|
|
51
|
+
# initialize
|
|
52
|
+
#
|
|
53
|
+
# @param cwd [String] current working directory for relative path includes
|
|
54
|
+
# @param vendor_path [String] path which contains vendored dependencies
|
|
55
|
+
# @return [dependencies] this
|
|
56
|
+
def initialize(cwd, cache, dep_list, backend)
|
|
57
|
+
@cwd = cwd
|
|
58
|
+
@cache = cache
|
|
59
|
+
@dep_list = dep_list
|
|
60
|
+
@backend = backend
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
def each
|
|
64
|
+
@dep_list.each do |_k, v|
|
|
65
|
+
yield v.profile
|
|
66
|
+
end
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
def list
|
|
70
|
+
@dep_list || {}
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
def to_array
|
|
74
|
+
return [] if @dep_list.nil?
|
|
75
|
+
@dep_list.map do |_k, v|
|
|
76
|
+
v.to_hash
|
|
77
|
+
end.compact
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
#
|
|
81
|
+
# 1. Get dependencies, pull things to a local cache if necessary
|
|
82
|
+
# 2. Resolve dependencies
|
|
83
|
+
#
|
|
84
|
+
# @param dependencies [Gem::Dependency] list of dependencies
|
|
85
|
+
# @return [nil]
|
|
86
|
+
#
|
|
87
|
+
def vendor(dependencies)
|
|
88
|
+
return nil if dependencies.nil? || dependencies.empty?
|
|
89
|
+
@dep_list = Resolver.resolve(dependencies, @cache, @cwd, @backend)
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
end
|