inspec-core 2.1.67
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CHANGELOG.md +3136 -0
- data/Gemfile +56 -0
- data/LICENSE +14 -0
- data/MAINTAINERS.md +33 -0
- data/MAINTAINERS.toml +52 -0
- data/README.md +453 -0
- data/bin/inspec +12 -0
- data/docs/.gitignore +2 -0
- data/docs/README.md +40 -0
- data/docs/dev/control-eval.md +62 -0
- data/docs/dsl_inspec.md +258 -0
- data/docs/dsl_resource.md +100 -0
- data/docs/glossary.md +99 -0
- data/docs/habitat.md +192 -0
- data/docs/inspec_and_friends.md +114 -0
- data/docs/matchers.md +169 -0
- data/docs/migration.md +293 -0
- data/docs/platforms.md +119 -0
- data/docs/plugin_kitchen_inspec.md +50 -0
- data/docs/profiles.md +378 -0
- data/docs/reporters.md +105 -0
- data/docs/resources/aide_conf.md.erb +76 -0
- data/docs/resources/apache.md.erb +67 -0
- data/docs/resources/apache_conf.md.erb +68 -0
- data/docs/resources/apt.md.erb +71 -0
- data/docs/resources/audit_policy.md.erb +47 -0
- data/docs/resources/auditd.md.erb +79 -0
- data/docs/resources/auditd_conf.md.erb +68 -0
- data/docs/resources/bash.md.erb +75 -0
- data/docs/resources/bond.md.erb +90 -0
- data/docs/resources/bridge.md.erb +57 -0
- data/docs/resources/bsd_service.md.erb +67 -0
- data/docs/resources/chocolatey_package.md.erb +58 -0
- data/docs/resources/command.md.erb +138 -0
- data/docs/resources/cpan.md.erb +79 -0
- data/docs/resources/cran.md.erb +64 -0
- data/docs/resources/crontab.md.erb +89 -0
- data/docs/resources/csv.md.erb +54 -0
- data/docs/resources/dh_params.md.erb +205 -0
- data/docs/resources/directory.md.erb +30 -0
- data/docs/resources/docker.md.erb +219 -0
- data/docs/resources/docker_container.md.erb +103 -0
- data/docs/resources/docker_image.md.erb +94 -0
- data/docs/resources/docker_service.md.erb +114 -0
- data/docs/resources/elasticsearch.md.erb +242 -0
- data/docs/resources/etc_fstab.md.erb +125 -0
- data/docs/resources/etc_group.md.erb +75 -0
- data/docs/resources/etc_hosts.md.erb +78 -0
- data/docs/resources/etc_hosts_allow.md.erb +74 -0
- data/docs/resources/etc_hosts_deny.md.erb +74 -0
- data/docs/resources/file.md.erb +526 -0
- data/docs/resources/filesystem.md.erb +41 -0
- data/docs/resources/firewalld.md.erb +107 -0
- data/docs/resources/gem.md.erb +79 -0
- data/docs/resources/group.md.erb +61 -0
- data/docs/resources/grub_conf.md.erb +101 -0
- data/docs/resources/host.md.erb +86 -0
- data/docs/resources/http.md.erb +197 -0
- data/docs/resources/iis_app.md.erb +122 -0
- data/docs/resources/iis_site.md.erb +135 -0
- data/docs/resources/inetd_conf.md.erb +94 -0
- data/docs/resources/ini.md.erb +76 -0
- data/docs/resources/interface.md.erb +58 -0
- data/docs/resources/iptables.md.erb +64 -0
- data/docs/resources/json.md.erb +63 -0
- data/docs/resources/kernel_module.md.erb +120 -0
- data/docs/resources/kernel_parameter.md.erb +53 -0
- data/docs/resources/key_rsa.md.erb +85 -0
- data/docs/resources/launchd_service.md.erb +57 -0
- data/docs/resources/limits_conf.md.erb +75 -0
- data/docs/resources/login_defs.md.erb +71 -0
- data/docs/resources/mount.md.erb +69 -0
- data/docs/resources/mssql_session.md.erb +60 -0
- data/docs/resources/mysql_conf.md.erb +99 -0
- data/docs/resources/mysql_session.md.erb +74 -0
- data/docs/resources/nginx.md.erb +79 -0
- data/docs/resources/nginx_conf.md.erb +138 -0
- data/docs/resources/npm.md.erb +60 -0
- data/docs/resources/ntp_conf.md.erb +60 -0
- data/docs/resources/oneget.md.erb +53 -0
- data/docs/resources/oracledb_session.md.erb +52 -0
- data/docs/resources/os.md.erb +141 -0
- data/docs/resources/os_env.md.erb +91 -0
- data/docs/resources/package.md.erb +120 -0
- data/docs/resources/packages.md.erb +67 -0
- data/docs/resources/parse_config.md.erb +103 -0
- data/docs/resources/parse_config_file.md.erb +138 -0
- data/docs/resources/passwd.md.erb +141 -0
- data/docs/resources/pip.md.erb +67 -0
- data/docs/resources/port.md.erb +137 -0
- data/docs/resources/postgres_conf.md.erb +79 -0
- data/docs/resources/postgres_hba_conf.md.erb +93 -0
- data/docs/resources/postgres_ident_conf.md.erb +76 -0
- data/docs/resources/postgres_session.md.erb +69 -0
- data/docs/resources/powershell.md.erb +102 -0
- data/docs/resources/processes.md.erb +109 -0
- data/docs/resources/rabbitmq_config.md.erb +41 -0
- data/docs/resources/registry_key.md.erb +158 -0
- data/docs/resources/runit_service.md.erb +57 -0
- data/docs/resources/security_policy.md.erb +47 -0
- data/docs/resources/service.md.erb +121 -0
- data/docs/resources/shadow.md.erb +146 -0
- data/docs/resources/ssh_config.md.erb +73 -0
- data/docs/resources/sshd_config.md.erb +83 -0
- data/docs/resources/ssl.md.erb +119 -0
- data/docs/resources/sys_info.md.erb +42 -0
- data/docs/resources/systemd_service.md.erb +57 -0
- data/docs/resources/sysv_service.md.erb +57 -0
- data/docs/resources/upstart_service.md.erb +57 -0
- data/docs/resources/user.md.erb +140 -0
- data/docs/resources/users.md.erb +127 -0
- data/docs/resources/vbscript.md.erb +55 -0
- data/docs/resources/virtualization.md.erb +57 -0
- data/docs/resources/windows_feature.md.erb +47 -0
- data/docs/resources/windows_hotfix.md.erb +53 -0
- data/docs/resources/windows_task.md.erb +95 -0
- data/docs/resources/wmi.md.erb +81 -0
- data/docs/resources/x509_certificate.md.erb +151 -0
- data/docs/resources/xinetd_conf.md.erb +156 -0
- data/docs/resources/xml.md.erb +85 -0
- data/docs/resources/yaml.md.erb +69 -0
- data/docs/resources/yum.md.erb +98 -0
- data/docs/resources/zfs_dataset.md.erb +53 -0
- data/docs/resources/zfs_pool.md.erb +47 -0
- data/docs/ruby_usage.md +203 -0
- data/docs/shared/matcher_be.md.erb +1 -0
- data/docs/shared/matcher_cmp.md.erb +43 -0
- data/docs/shared/matcher_eq.md.erb +3 -0
- data/docs/shared/matcher_include.md.erb +1 -0
- data/docs/shared/matcher_match.md.erb +1 -0
- data/docs/shell.md +217 -0
- data/examples/README.md +8 -0
- data/examples/inheritance/README.md +65 -0
- data/examples/inheritance/controls/example.rb +14 -0
- data/examples/inheritance/inspec.yml +15 -0
- data/examples/kitchen-ansible/.kitchen.yml +25 -0
- data/examples/kitchen-ansible/Gemfile +19 -0
- data/examples/kitchen-ansible/README.md +53 -0
- data/examples/kitchen-ansible/files/nginx.repo +6 -0
- data/examples/kitchen-ansible/tasks/main.yml +16 -0
- data/examples/kitchen-ansible/test/integration/default/default.yml +5 -0
- data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -0
- data/examples/kitchen-chef/.kitchen.yml +20 -0
- data/examples/kitchen-chef/Berksfile +3 -0
- data/examples/kitchen-chef/Gemfile +19 -0
- data/examples/kitchen-chef/README.md +27 -0
- data/examples/kitchen-chef/metadata.rb +7 -0
- data/examples/kitchen-chef/recipes/default.rb +6 -0
- data/examples/kitchen-chef/recipes/nginx.rb +30 -0
- data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -0
- data/examples/kitchen-puppet/.kitchen.yml +23 -0
- data/examples/kitchen-puppet/Gemfile +20 -0
- data/examples/kitchen-puppet/Puppetfile +25 -0
- data/examples/kitchen-puppet/README.md +53 -0
- data/examples/kitchen-puppet/manifests/site.pp +33 -0
- data/examples/kitchen-puppet/metadata.json +11 -0
- data/examples/kitchen-puppet/modules/.gitkeep +0 -0
- data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -0
- data/examples/meta-profile/README.md +37 -0
- data/examples/meta-profile/controls/example.rb +13 -0
- data/examples/meta-profile/inspec.yml +13 -0
- data/examples/profile-attribute.yml +2 -0
- data/examples/profile-attribute/README.md +14 -0
- data/examples/profile-attribute/controls/example.rb +11 -0
- data/examples/profile-attribute/inspec.yml +8 -0
- data/examples/profile-sensitive/README.md +29 -0
- data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -0
- data/examples/profile-sensitive/controls/sensitive.rb +9 -0
- data/examples/profile-sensitive/inspec.yml +8 -0
- data/examples/profile/README.md +48 -0
- data/examples/profile/controls/example.rb +23 -0
- data/examples/profile/controls/gordon.rb +36 -0
- data/examples/profile/controls/meta.rb +34 -0
- data/examples/profile/inspec.yml +10 -0
- data/examples/profile/libraries/gordon_config.rb +59 -0
- data/inspec-core.gemspec +43 -0
- data/lib/bundles/README.md +3 -0
- data/lib/bundles/inspec-artifact.rb +7 -0
- data/lib/bundles/inspec-artifact/README.md +1 -0
- data/lib/bundles/inspec-artifact/cli.rb +277 -0
- data/lib/bundles/inspec-compliance.rb +16 -0
- data/lib/bundles/inspec-compliance/.kitchen.yml +20 -0
- data/lib/bundles/inspec-compliance/README.md +193 -0
- data/lib/bundles/inspec-compliance/api.rb +360 -0
- data/lib/bundles/inspec-compliance/api/login.rb +193 -0
- data/lib/bundles/inspec-compliance/bootstrap.sh +41 -0
- data/lib/bundles/inspec-compliance/cli.rb +260 -0
- data/lib/bundles/inspec-compliance/configuration.rb +103 -0
- data/lib/bundles/inspec-compliance/http.rb +125 -0
- data/lib/bundles/inspec-compliance/images/cc-token.png +0 -0
- data/lib/bundles/inspec-compliance/support.rb +36 -0
- data/lib/bundles/inspec-compliance/target.rb +106 -0
- data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -0
- data/lib/bundles/inspec-habitat.rb +12 -0
- data/lib/bundles/inspec-habitat/cli.rb +36 -0
- data/lib/bundles/inspec-habitat/log.rb +10 -0
- data/lib/bundles/inspec-habitat/profile.rb +391 -0
- data/lib/bundles/inspec-init.rb +8 -0
- data/lib/bundles/inspec-init/README.md +31 -0
- data/lib/bundles/inspec-init/cli.rb +97 -0
- data/lib/bundles/inspec-init/templates/profile/README.md +3 -0
- data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -0
- data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -0
- data/lib/bundles/inspec-init/templates/profile/libraries/.gitkeep +0 -0
- data/lib/bundles/inspec-supermarket.rb +13 -0
- data/lib/bundles/inspec-supermarket/README.md +45 -0
- data/lib/bundles/inspec-supermarket/api.rb +84 -0
- data/lib/bundles/inspec-supermarket/cli.rb +73 -0
- data/lib/bundles/inspec-supermarket/target.rb +34 -0
- data/lib/fetchers/git.rb +163 -0
- data/lib/fetchers/local.rb +74 -0
- data/lib/fetchers/mock.rb +35 -0
- data/lib/fetchers/url.rb +247 -0
- data/lib/inspec.rb +24 -0
- data/lib/inspec/archive/tar.rb +29 -0
- data/lib/inspec/archive/zip.rb +19 -0
- data/lib/inspec/backend.rb +93 -0
- data/lib/inspec/base_cli.rb +368 -0
- data/lib/inspec/cached_fetcher.rb +66 -0
- data/lib/inspec/cli.rb +292 -0
- data/lib/inspec/completions/bash.sh.erb +45 -0
- data/lib/inspec/completions/fish.sh.erb +34 -0
- data/lib/inspec/completions/zsh.sh.erb +61 -0
- data/lib/inspec/control_eval_context.rb +179 -0
- data/lib/inspec/dependencies/cache.rb +72 -0
- data/lib/inspec/dependencies/dependency_set.rb +92 -0
- data/lib/inspec/dependencies/lockfile.rb +115 -0
- data/lib/inspec/dependencies/requirement.rb +123 -0
- data/lib/inspec/dependencies/resolver.rb +86 -0
- data/lib/inspec/describe.rb +27 -0
- data/lib/inspec/dsl.rb +66 -0
- data/lib/inspec/dsl_shared.rb +33 -0
- data/lib/inspec/env_printer.rb +157 -0
- data/lib/inspec/errors.rb +14 -0
- data/lib/inspec/exceptions.rb +12 -0
- data/lib/inspec/expect.rb +45 -0
- data/lib/inspec/fetcher.rb +45 -0
- data/lib/inspec/file_provider.rb +275 -0
- data/lib/inspec/formatters.rb +3 -0
- data/lib/inspec/formatters/base.rb +259 -0
- data/lib/inspec/formatters/json_rspec.rb +20 -0
- data/lib/inspec/formatters/show_progress.rb +12 -0
- data/lib/inspec/library_eval_context.rb +58 -0
- data/lib/inspec/log.rb +11 -0
- data/lib/inspec/metadata.rb +247 -0
- data/lib/inspec/method_source.rb +24 -0
- data/lib/inspec/objects.rb +14 -0
- data/lib/inspec/objects/attribute.rb +75 -0
- data/lib/inspec/objects/control.rb +61 -0
- data/lib/inspec/objects/describe.rb +92 -0
- data/lib/inspec/objects/each_loop.rb +36 -0
- data/lib/inspec/objects/list.rb +15 -0
- data/lib/inspec/objects/or_test.rb +40 -0
- data/lib/inspec/objects/ruby_helper.rb +15 -0
- data/lib/inspec/objects/tag.rb +27 -0
- data/lib/inspec/objects/test.rb +87 -0
- data/lib/inspec/objects/value.rb +27 -0
- data/lib/inspec/plugins.rb +60 -0
- data/lib/inspec/plugins/cli.rb +24 -0
- data/lib/inspec/plugins/fetcher.rb +86 -0
- data/lib/inspec/plugins/resource.rb +135 -0
- data/lib/inspec/plugins/secret.rb +15 -0
- data/lib/inspec/plugins/source_reader.rb +40 -0
- data/lib/inspec/polyfill.rb +12 -0
- data/lib/inspec/profile.rb +513 -0
- data/lib/inspec/profile_context.rb +208 -0
- data/lib/inspec/profile_vendor.rb +66 -0
- data/lib/inspec/reporters.rb +60 -0
- data/lib/inspec/reporters/automate.rb +76 -0
- data/lib/inspec/reporters/base.rb +25 -0
- data/lib/inspec/reporters/cli.rb +356 -0
- data/lib/inspec/reporters/json.rb +116 -0
- data/lib/inspec/reporters/json_min.rb +48 -0
- data/lib/inspec/reporters/junit.rb +78 -0
- data/lib/inspec/require_loader.rb +33 -0
- data/lib/inspec/resource.rb +190 -0
- data/lib/inspec/rule.rb +280 -0
- data/lib/inspec/runner.rb +345 -0
- data/lib/inspec/runner_mock.rb +41 -0
- data/lib/inspec/runner_rspec.rb +175 -0
- data/lib/inspec/runtime_profile.rb +26 -0
- data/lib/inspec/schema.rb +213 -0
- data/lib/inspec/secrets.rb +19 -0
- data/lib/inspec/secrets/yaml.rb +30 -0
- data/lib/inspec/shell.rb +220 -0
- data/lib/inspec/shell_detector.rb +90 -0
- data/lib/inspec/source_reader.rb +29 -0
- data/lib/inspec/version.rb +8 -0
- data/lib/matchers/matchers.rb +339 -0
- data/lib/resources/aide_conf.rb +151 -0
- data/lib/resources/apache.rb +48 -0
- data/lib/resources/apache_conf.rb +149 -0
- data/lib/resources/apt.rb +149 -0
- data/lib/resources/audit_policy.rb +63 -0
- data/lib/resources/auditd.rb +231 -0
- data/lib/resources/auditd_conf.rb +46 -0
- data/lib/resources/bash.rb +35 -0
- data/lib/resources/bond.rb +69 -0
- data/lib/resources/bridge.rb +122 -0
- data/lib/resources/chocolatey_package.rb +78 -0
- data/lib/resources/command.rb +73 -0
- data/lib/resources/cpan.rb +58 -0
- data/lib/resources/cran.rb +64 -0
- data/lib/resources/crontab.rb +169 -0
- data/lib/resources/csv.rb +56 -0
- data/lib/resources/dh_params.rb +77 -0
- data/lib/resources/directory.rb +25 -0
- data/lib/resources/docker.rb +236 -0
- data/lib/resources/docker_container.rb +89 -0
- data/lib/resources/docker_image.rb +83 -0
- data/lib/resources/docker_object.rb +57 -0
- data/lib/resources/docker_service.rb +90 -0
- data/lib/resources/elasticsearch.rb +169 -0
- data/lib/resources/etc_fstab.rb +94 -0
- data/lib/resources/etc_group.rb +154 -0
- data/lib/resources/etc_hosts.rb +66 -0
- data/lib/resources/etc_hosts_allow_deny.rb +112 -0
- data/lib/resources/file.rb +298 -0
- data/lib/resources/filesystem.rb +31 -0
- data/lib/resources/firewalld.rb +143 -0
- data/lib/resources/gem.rb +70 -0
- data/lib/resources/groups.rb +215 -0
- data/lib/resources/grub_conf.rb +227 -0
- data/lib/resources/host.rb +306 -0
- data/lib/resources/http.rb +253 -0
- data/lib/resources/iis_app.rb +101 -0
- data/lib/resources/iis_site.rb +148 -0
- data/lib/resources/inetd_conf.rb +54 -0
- data/lib/resources/ini.rb +29 -0
- data/lib/resources/interface.rb +129 -0
- data/lib/resources/iptables.rb +80 -0
- data/lib/resources/json.rb +111 -0
- data/lib/resources/kernel_module.rb +107 -0
- data/lib/resources/kernel_parameter.rb +58 -0
- data/lib/resources/key_rsa.rb +63 -0
- data/lib/resources/limits_conf.rb +46 -0
- data/lib/resources/login_def.rb +57 -0
- data/lib/resources/mount.rb +88 -0
- data/lib/resources/mssql_session.rb +101 -0
- data/lib/resources/mysql.rb +82 -0
- data/lib/resources/mysql_conf.rb +127 -0
- data/lib/resources/mysql_session.rb +85 -0
- data/lib/resources/nginx.rb +96 -0
- data/lib/resources/nginx_conf.rb +226 -0
- data/lib/resources/npm.rb +48 -0
- data/lib/resources/ntp_conf.rb +51 -0
- data/lib/resources/oneget.rb +71 -0
- data/lib/resources/oracledb_session.rb +139 -0
- data/lib/resources/os.rb +36 -0
- data/lib/resources/os_env.rb +86 -0
- data/lib/resources/package.rb +370 -0
- data/lib/resources/packages.rb +111 -0
- data/lib/resources/parse_config.rb +112 -0
- data/lib/resources/passwd.rb +76 -0
- data/lib/resources/pip.rb +130 -0
- data/lib/resources/platform.rb +109 -0
- data/lib/resources/port.rb +771 -0
- data/lib/resources/postgres.rb +131 -0
- data/lib/resources/postgres_conf.rb +114 -0
- data/lib/resources/postgres_hba_conf.rb +90 -0
- data/lib/resources/postgres_ident_conf.rb +79 -0
- data/lib/resources/postgres_session.rb +71 -0
- data/lib/resources/powershell.rb +67 -0
- data/lib/resources/processes.rb +204 -0
- data/lib/resources/rabbitmq_conf.rb +51 -0
- data/lib/resources/registry_key.rb +297 -0
- data/lib/resources/security_policy.rb +180 -0
- data/lib/resources/service.rb +794 -0
- data/lib/resources/shadow.rb +159 -0
- data/lib/resources/ssh_conf.rb +97 -0
- data/lib/resources/ssl.rb +99 -0
- data/lib/resources/sys_info.rb +28 -0
- data/lib/resources/toml.rb +32 -0
- data/lib/resources/users.rb +654 -0
- data/lib/resources/vbscript.rb +68 -0
- data/lib/resources/virtualization.rb +247 -0
- data/lib/resources/windows_feature.rb +84 -0
- data/lib/resources/windows_hotfix.rb +35 -0
- data/lib/resources/windows_task.rb +102 -0
- data/lib/resources/wmi.rb +110 -0
- data/lib/resources/x509_certificate.rb +137 -0
- data/lib/resources/xinetd.rb +106 -0
- data/lib/resources/xml.rb +46 -0
- data/lib/resources/yaml.rb +43 -0
- data/lib/resources/yum.rb +180 -0
- data/lib/resources/zfs_dataset.rb +60 -0
- data/lib/resources/zfs_pool.rb +49 -0
- data/lib/source_readers/flat.rb +39 -0
- data/lib/source_readers/inspec.rb +75 -0
- data/lib/utils/command_wrapper.rb +27 -0
- data/lib/utils/convert.rb +12 -0
- data/lib/utils/database_helpers.rb +77 -0
- data/lib/utils/enumerable_delegation.rb +9 -0
- data/lib/utils/erlang_parser.rb +192 -0
- data/lib/utils/file_reader.rb +25 -0
- data/lib/utils/filter.rb +273 -0
- data/lib/utils/filter_array.rb +27 -0
- data/lib/utils/find_files.rb +47 -0
- data/lib/utils/hash.rb +41 -0
- data/lib/utils/json_log.rb +18 -0
- data/lib/utils/latest_version.rb +22 -0
- data/lib/utils/modulator.rb +12 -0
- data/lib/utils/nginx_parser.rb +105 -0
- data/lib/utils/object_traversal.rb +49 -0
- data/lib/utils/parser.rb +274 -0
- data/lib/utils/pkey_reader.rb +15 -0
- data/lib/utils/plugin_registry.rb +93 -0
- data/lib/utils/simpleconfig.rb +120 -0
- data/lib/utils/spdx.rb +13 -0
- data/lib/utils/spdx.txt +344 -0
- metadata +713 -0
data/lib/inspec/rule.rb
ADDED
|
@@ -0,0 +1,280 @@
|
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
# copyright: 2015, Dominik Richter
|
|
3
|
+
# author: Dominik Richter
|
|
4
|
+
# author: Christoph Hartmann
|
|
5
|
+
|
|
6
|
+
require 'method_source'
|
|
7
|
+
require 'inspec/describe'
|
|
8
|
+
require 'inspec/expect'
|
|
9
|
+
|
|
10
|
+
module Inspec
|
|
11
|
+
class Rule
|
|
12
|
+
include ::RSpec::Matchers
|
|
13
|
+
|
|
14
|
+
#
|
|
15
|
+
# Include any resources from the given resource DSL. The passed
|
|
16
|
+
# resource_dsl will also be included in any Inspec::Expect objects
|
|
17
|
+
# we make.
|
|
18
|
+
#
|
|
19
|
+
# @params resource_dsl [Module]
|
|
20
|
+
# @returns [TrueClass]
|
|
21
|
+
#
|
|
22
|
+
def self.with_resource_dsl(resource_dsl)
|
|
23
|
+
include resource_dsl
|
|
24
|
+
@resource_dsl = resource_dsl
|
|
25
|
+
true
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def self.resource_dsl # rubocop:disable Style/TrivialAccessors
|
|
29
|
+
@resource_dsl
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def initialize(id, profile_id, opts, &block)
|
|
33
|
+
@impact = nil
|
|
34
|
+
@title = nil
|
|
35
|
+
@desc = nil
|
|
36
|
+
@refs = []
|
|
37
|
+
@tags = {}
|
|
38
|
+
|
|
39
|
+
# not changeable by the user:
|
|
40
|
+
@__block = block
|
|
41
|
+
@__source_location = __get_block_source_location(&block)
|
|
42
|
+
@__rule_id = id
|
|
43
|
+
@__profile_id = profile_id
|
|
44
|
+
@__checks = []
|
|
45
|
+
@__skip_rule = nil
|
|
46
|
+
@__merge_count = 0
|
|
47
|
+
@__skip_only_if_eval = opts[:skip_only_if_eval]
|
|
48
|
+
|
|
49
|
+
# evaluate the given definition
|
|
50
|
+
return unless block_given?
|
|
51
|
+
begin
|
|
52
|
+
instance_eval(&block)
|
|
53
|
+
rescue StandardError => e
|
|
54
|
+
# We've encountered an exception while trying to eval the code inside the
|
|
55
|
+
# control block. We need to prevent the exception from bubbling up, and
|
|
56
|
+
# fail the control. Controls are failed by having a failed resource within
|
|
57
|
+
# them; but since our control block is unsafe (and opaque) to us, let's
|
|
58
|
+
# make a dummy and fail that.
|
|
59
|
+
location = block.source_location.compact.join(':')
|
|
60
|
+
describe 'Control Source Code Error' do
|
|
61
|
+
# Rubocop thinks we are raising an exception - we're actually calling RSpec's fail()
|
|
62
|
+
its(location) { fail e.message } # rubocop: disable Style/SignalException
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
def to_s
|
|
68
|
+
Inspec::Rule.rule_id(self)
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
def id(*_)
|
|
72
|
+
# never overwrite the ID
|
|
73
|
+
@id
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def impact(v = nil)
|
|
77
|
+
@impact = v unless v.nil?
|
|
78
|
+
@impact
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
def title(v = nil)
|
|
82
|
+
@title = v unless v.nil?
|
|
83
|
+
@title
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
def desc(v = nil)
|
|
87
|
+
@desc = unindent(v) unless v.nil?
|
|
88
|
+
@desc
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
def ref(ref = nil, opts = {})
|
|
92
|
+
return @refs if ref.nil? && opts.empty?
|
|
93
|
+
if opts.empty? && ref.is_a?(Hash)
|
|
94
|
+
opts = ref
|
|
95
|
+
else
|
|
96
|
+
opts[:ref] = ref
|
|
97
|
+
end
|
|
98
|
+
@refs.push(opts)
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
def tag(*args)
|
|
102
|
+
args.each do |arg|
|
|
103
|
+
if arg.is_a?(Hash)
|
|
104
|
+
@tags.merge!(arg)
|
|
105
|
+
else
|
|
106
|
+
@tags[arg] ||= nil
|
|
107
|
+
end
|
|
108
|
+
end
|
|
109
|
+
@tags
|
|
110
|
+
end
|
|
111
|
+
|
|
112
|
+
def source_file
|
|
113
|
+
@__file
|
|
114
|
+
end
|
|
115
|
+
|
|
116
|
+
# Skip all checks if only_if is false
|
|
117
|
+
#
|
|
118
|
+
# @param [Type] &block returns true if tests are added, false otherwise
|
|
119
|
+
# @return [nil]
|
|
120
|
+
def only_if
|
|
121
|
+
return unless block_given?
|
|
122
|
+
return if @__skip_only_if_eval == true
|
|
123
|
+
|
|
124
|
+
@__skip_rule ||= !yield
|
|
125
|
+
end
|
|
126
|
+
|
|
127
|
+
# Describe will add one or more tests to this control. There is 2 ways
|
|
128
|
+
# of calling it:
|
|
129
|
+
#
|
|
130
|
+
# describe resource do ... end
|
|
131
|
+
#
|
|
132
|
+
# or
|
|
133
|
+
#
|
|
134
|
+
# describe.one do ... end
|
|
135
|
+
#
|
|
136
|
+
# @param [any] Resource to be describe, string, or nil
|
|
137
|
+
# @param [Proc] An optional block containing tests for the described resource
|
|
138
|
+
# @return [nil|DescribeBase] if called without arguments, returns DescribeBase
|
|
139
|
+
def describe(*values, &block)
|
|
140
|
+
if values.empty? && !block_given?
|
|
141
|
+
dsl = self.class.ancestors[1]
|
|
142
|
+
Class.new(DescribeBase) do
|
|
143
|
+
include dsl
|
|
144
|
+
end.new(method(:__add_check))
|
|
145
|
+
else
|
|
146
|
+
__add_check('describe', values, with_dsl(block))
|
|
147
|
+
end
|
|
148
|
+
end
|
|
149
|
+
|
|
150
|
+
def expect(value, &block)
|
|
151
|
+
target = Inspec::Expect.new(value, &with_dsl(block))
|
|
152
|
+
__add_check('expect', [value], target)
|
|
153
|
+
target
|
|
154
|
+
end
|
|
155
|
+
|
|
156
|
+
def self.rule_id(rule)
|
|
157
|
+
rule.instance_variable_get(:@__rule_id)
|
|
158
|
+
end
|
|
159
|
+
|
|
160
|
+
def self.set_rule_id(rule, value)
|
|
161
|
+
rule.instance_variable_set(:@__rule_id, value)
|
|
162
|
+
end
|
|
163
|
+
|
|
164
|
+
def self.profile_id(rule)
|
|
165
|
+
rule.instance_variable_get(:@__profile_id)
|
|
166
|
+
end
|
|
167
|
+
|
|
168
|
+
def self.checks(rule)
|
|
169
|
+
rule.instance_variable_get(:@__checks)
|
|
170
|
+
end
|
|
171
|
+
|
|
172
|
+
def self.skip_status(rule)
|
|
173
|
+
rule.instance_variable_get(:@__skip_rule)
|
|
174
|
+
end
|
|
175
|
+
|
|
176
|
+
def self.set_skip_rule(rule, value)
|
|
177
|
+
rule.instance_variable_set(:@__skip_rule, value)
|
|
178
|
+
end
|
|
179
|
+
|
|
180
|
+
def self.merge_count(rule)
|
|
181
|
+
rule.instance_variable_get(:@__merge_count)
|
|
182
|
+
end
|
|
183
|
+
|
|
184
|
+
def self.prepare_checks(rule)
|
|
185
|
+
msg = skip_status(rule)
|
|
186
|
+
return checks(rule) unless msg
|
|
187
|
+
msg = 'Skipped control due to only_if condition.' if msg == true
|
|
188
|
+
|
|
189
|
+
# TODO: we use os as the carrier here, but should consider
|
|
190
|
+
# a separate resource to do skipping
|
|
191
|
+
resource = rule.os
|
|
192
|
+
resource.skip_resource(msg)
|
|
193
|
+
[['describe', [resource], nil]]
|
|
194
|
+
end
|
|
195
|
+
|
|
196
|
+
def self.merge(dst, src)
|
|
197
|
+
if src.id != dst.id
|
|
198
|
+
# TODO: register an error, this case should not happen
|
|
199
|
+
return
|
|
200
|
+
end
|
|
201
|
+
sp = rule_id(src)
|
|
202
|
+
dp = rule_id(dst)
|
|
203
|
+
if sp != dp
|
|
204
|
+
# TODO: register an error, this case should not happen
|
|
205
|
+
return
|
|
206
|
+
end
|
|
207
|
+
# merge all fields
|
|
208
|
+
dst.impact(src.impact) unless src.impact.nil?
|
|
209
|
+
dst.title(src.title) unless src.title.nil?
|
|
210
|
+
dst.desc(src.desc) unless src.desc.nil?
|
|
211
|
+
# merge indirect fields
|
|
212
|
+
# checks defined in the source will completely eliminate
|
|
213
|
+
# all checks that were defined in the destination
|
|
214
|
+
sc = checks(src)
|
|
215
|
+
dst.instance_variable_set(:@__checks, sc) unless sc.empty?
|
|
216
|
+
sr = skip_status(src)
|
|
217
|
+
set_skip_rule(dst, sr) unless sr.nil?
|
|
218
|
+
# increment merge count
|
|
219
|
+
dst.instance_variable_set(:@__merge_count, merge_count(dst) + 1)
|
|
220
|
+
end
|
|
221
|
+
|
|
222
|
+
private
|
|
223
|
+
|
|
224
|
+
def __add_check(describe_or_expect, values, block)
|
|
225
|
+
@__checks.push([describe_or_expect, values, block])
|
|
226
|
+
end
|
|
227
|
+
|
|
228
|
+
#
|
|
229
|
+
# Takes a block and returns a block that will run the given block
|
|
230
|
+
# with access to the resource_dsl of the current class. This is to
|
|
231
|
+
# ensure that inside the constructed Rspec::ExampleGroup users
|
|
232
|
+
# have access to DSL methods. Previous this was done in
|
|
233
|
+
# Inspec::Runner before sending the example groups to rspec. It
|
|
234
|
+
# was moved here to ensure that code inside `its` blocks hae the
|
|
235
|
+
# same visibility into resources as code outside its blocks.
|
|
236
|
+
#
|
|
237
|
+
# @param [Proc] block
|
|
238
|
+
# @return [Proc]
|
|
239
|
+
#
|
|
240
|
+
def with_dsl(block)
|
|
241
|
+
return nil if block.nil?
|
|
242
|
+
if self.class.resource_dsl
|
|
243
|
+
dsl = self.class.resource_dsl
|
|
244
|
+
proc do |*args|
|
|
245
|
+
include dsl
|
|
246
|
+
instance_exec(*args, &block)
|
|
247
|
+
end
|
|
248
|
+
else
|
|
249
|
+
block
|
|
250
|
+
end
|
|
251
|
+
end
|
|
252
|
+
|
|
253
|
+
# Idio(ma)tic unindent, behaves similar to Ruby2.3 curly heredocs.
|
|
254
|
+
# Find the shortest indentation of non-empty lines and strip that from every line
|
|
255
|
+
# See: https://bugs.ruby-lang.org/issues/9098
|
|
256
|
+
#
|
|
257
|
+
# It is implemented here to support pre-Ruby2.3 with this feature and
|
|
258
|
+
# to not force non-programmers to understand heredocs.
|
|
259
|
+
#
|
|
260
|
+
# Please note: tabs are not supported! (they will be removed but they are not
|
|
261
|
+
# treated the same as in Ruby2.3 heredocs)
|
|
262
|
+
#
|
|
263
|
+
# @param [String] text string which needs to be unindented
|
|
264
|
+
# @return [String] input with indentation removed; '' if input is nil
|
|
265
|
+
def unindent(text)
|
|
266
|
+
return '' if text.nil?
|
|
267
|
+
len = text.split("\n").reject { |l| l.strip.empty? }.map { |x| x.index(/[^\s]/) }.compact.min
|
|
268
|
+
text.gsub(/^[[:blank:]]{#{len}}/, '').strip
|
|
269
|
+
end
|
|
270
|
+
|
|
271
|
+
# get the source location of the block
|
|
272
|
+
def __get_block_source_location(&block)
|
|
273
|
+
return {} unless block_given?
|
|
274
|
+
r, l = block.source_location
|
|
275
|
+
{ ref: r, line: l }
|
|
276
|
+
rescue MethodSource::SourceNotFoundError
|
|
277
|
+
{}
|
|
278
|
+
end
|
|
279
|
+
end
|
|
280
|
+
end
|
|
@@ -0,0 +1,345 @@
|
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
# copyright: 2015, Dominik Richter
|
|
3
|
+
# author: Dominik Richter
|
|
4
|
+
# author: Christoph Hartmann
|
|
5
|
+
|
|
6
|
+
require 'forwardable'
|
|
7
|
+
require 'uri'
|
|
8
|
+
require 'inspec/backend'
|
|
9
|
+
require 'inspec/profile_context'
|
|
10
|
+
require 'inspec/profile'
|
|
11
|
+
require 'inspec/metadata'
|
|
12
|
+
require 'inspec/secrets'
|
|
13
|
+
require 'inspec/dependencies/cache'
|
|
14
|
+
# spec requirements
|
|
15
|
+
|
|
16
|
+
module Inspec
|
|
17
|
+
#
|
|
18
|
+
# Inspec::Runner coordinates the running of tests and is the main
|
|
19
|
+
# entry point to the application.
|
|
20
|
+
#
|
|
21
|
+
# Users are expected to insantiate a runner, add targets to be run,
|
|
22
|
+
# and then call the run method:
|
|
23
|
+
#
|
|
24
|
+
# ```
|
|
25
|
+
# r = Inspec::Runner.new()
|
|
26
|
+
# r.add_target("/path/to/some/profile")
|
|
27
|
+
# r.add_target("http://url/to/some/profile")
|
|
28
|
+
# r.run
|
|
29
|
+
# ```
|
|
30
|
+
#
|
|
31
|
+
class Runner
|
|
32
|
+
extend Forwardable
|
|
33
|
+
|
|
34
|
+
attr_reader :backend, :rules, :attributes
|
|
35
|
+
def initialize(conf = {})
|
|
36
|
+
@rules = []
|
|
37
|
+
@conf = conf.dup
|
|
38
|
+
@conf[:logger] ||= Logger.new(nil)
|
|
39
|
+
@target_profiles = []
|
|
40
|
+
@controls = @conf[:controls] || []
|
|
41
|
+
@depends = @conf[:depends] || []
|
|
42
|
+
@ignore_supports = @conf[:ignore_supports]
|
|
43
|
+
@create_lockfile = @conf[:create_lockfile]
|
|
44
|
+
@cache = Inspec::Cache.new(@conf[:vendor_cache])
|
|
45
|
+
|
|
46
|
+
# parse any ad-hoc runners reporter formats
|
|
47
|
+
# this has to happen before we load the test_collector
|
|
48
|
+
@conf = Inspec::BaseCLI.parse_reporters(@conf) if @conf[:type].nil?
|
|
49
|
+
|
|
50
|
+
@test_collector = @conf.delete(:test_collector) || begin
|
|
51
|
+
require 'inspec/runner_rspec'
|
|
52
|
+
RunnerRspec.new(@conf)
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
# list of profile attributes
|
|
56
|
+
@attributes = []
|
|
57
|
+
|
|
58
|
+
load_attributes(@conf)
|
|
59
|
+
configure_transport
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
def tests
|
|
63
|
+
@test_collector.tests
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
def configure_transport
|
|
67
|
+
@backend = Inspec::Backend.create(@conf)
|
|
68
|
+
@test_collector.backend = @backend
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
def reset
|
|
72
|
+
@test_collector.reset
|
|
73
|
+
@target_profiles.each do |profile|
|
|
74
|
+
profile.runner_context.rules = {}
|
|
75
|
+
end
|
|
76
|
+
@rules = []
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
def load
|
|
80
|
+
all_controls = []
|
|
81
|
+
|
|
82
|
+
@target_profiles.each do |profile|
|
|
83
|
+
@test_collector.add_profile(profile)
|
|
84
|
+
write_lockfile(profile) if @create_lockfile
|
|
85
|
+
profile.locked_dependencies
|
|
86
|
+
profile_context = profile.load_libraries
|
|
87
|
+
|
|
88
|
+
profile_context.dependencies.list.values.each do |requirement|
|
|
89
|
+
@test_collector.add_profile(requirement.profile)
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
@attributes |= profile.runner_context.attributes
|
|
93
|
+
all_controls += profile.collect_tests
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
all_controls.each do |rule|
|
|
97
|
+
register_rule(rule) unless rule.nil?
|
|
98
|
+
end
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
def run(with = nil)
|
|
102
|
+
Inspec::Log.debug "Starting run with targets: #{@target_profiles.map(&:to_s)}"
|
|
103
|
+
load
|
|
104
|
+
run_tests(with)
|
|
105
|
+
end
|
|
106
|
+
|
|
107
|
+
def render_output(run_data)
|
|
108
|
+
return if @conf['reporter'].nil?
|
|
109
|
+
|
|
110
|
+
@conf['reporter'].each do |reporter|
|
|
111
|
+
Inspec::Reporters.render(reporter, run_data)
|
|
112
|
+
end
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
def report
|
|
116
|
+
Inspec::Reporters.report(@conf['reporter'].first, @run_data)
|
|
117
|
+
end
|
|
118
|
+
|
|
119
|
+
def write_lockfile(profile)
|
|
120
|
+
return false if !profile.writable?
|
|
121
|
+
|
|
122
|
+
if profile.lockfile_exists?
|
|
123
|
+
Inspec::Log.debug "Using existing lockfile #{profile.lockfile_path}"
|
|
124
|
+
else
|
|
125
|
+
Inspec::Log.debug "Creating lockfile: #{profile.lockfile_path}"
|
|
126
|
+
lockfile = profile.generate_lockfile
|
|
127
|
+
File.write(profile.lockfile_path, lockfile.to_yaml)
|
|
128
|
+
end
|
|
129
|
+
end
|
|
130
|
+
|
|
131
|
+
def run_tests(with = nil)
|
|
132
|
+
@run_data = @test_collector.run(with)
|
|
133
|
+
# dont output anything if we want a report
|
|
134
|
+
render_output(@run_data) unless @conf['report']
|
|
135
|
+
@test_collector.exit_code
|
|
136
|
+
end
|
|
137
|
+
|
|
138
|
+
# determine all attributes before the execution, fetch data from secrets backend
|
|
139
|
+
def load_attributes(options)
|
|
140
|
+
options[:attributes] ||= {}
|
|
141
|
+
|
|
142
|
+
secrets_targets = options[:attrs]
|
|
143
|
+
return options[:attributes] if secrets_targets.nil?
|
|
144
|
+
|
|
145
|
+
secrets_targets.each do |target|
|
|
146
|
+
validate_attributes_file_readability!(target)
|
|
147
|
+
|
|
148
|
+
secrets = Inspec::SecretsBackend.resolve(target)
|
|
149
|
+
if secrets.nil?
|
|
150
|
+
raise Inspec::Exceptions::SecretsBackendNotFound,
|
|
151
|
+
"Cannot find parser for attributes file '#{target}'. " \
|
|
152
|
+
'Check to make sure file has the appropriate extension.'
|
|
153
|
+
end
|
|
154
|
+
|
|
155
|
+
next if secrets.attributes.nil?
|
|
156
|
+
options[:attributes].merge!(secrets.attributes)
|
|
157
|
+
end
|
|
158
|
+
|
|
159
|
+
options[:attributes]
|
|
160
|
+
end
|
|
161
|
+
|
|
162
|
+
#
|
|
163
|
+
# add_target allows the user to add a target whose tests will be
|
|
164
|
+
# run when the user calls the run method.
|
|
165
|
+
#
|
|
166
|
+
# A target is a path or URL that points to a profile. Using this
|
|
167
|
+
# target we generate a Profile and a ProfileContext. The content
|
|
168
|
+
# (libraries, tests, and attributes) from the Profile are loaded
|
|
169
|
+
# into the ProfileContext.
|
|
170
|
+
#
|
|
171
|
+
# If the profile depends on other profiles, those profiles will be
|
|
172
|
+
# loaded on-demand when include_content or required_content are
|
|
173
|
+
# called using similar code in Inspec::DSL.
|
|
174
|
+
#
|
|
175
|
+
# Once the we've loaded all of the tests files in the profile, we
|
|
176
|
+
# query the profile for the full list of rules. Those rules are
|
|
177
|
+
# registered with the @test_collector which is ultimately
|
|
178
|
+
# responsible for actually running the tests.
|
|
179
|
+
#
|
|
180
|
+
# TODO: Deduplicate/clarify the loading code that exists in here,
|
|
181
|
+
# the ProfileContext, the Profile, and Inspec::DSL
|
|
182
|
+
#
|
|
183
|
+
# @params target [String] A path or URL to a profile or raw test.
|
|
184
|
+
# @params _opts [Hash] Unused, but still here to avoid breaking kitchen-inspec
|
|
185
|
+
#
|
|
186
|
+
# @eturns [Inspec::ProfileContext]
|
|
187
|
+
#
|
|
188
|
+
def add_target(target, _opts = [])
|
|
189
|
+
profile = Inspec::Profile.for_target(target,
|
|
190
|
+
vendor_cache: @cache,
|
|
191
|
+
backend: @backend,
|
|
192
|
+
controls: @controls,
|
|
193
|
+
attributes: @conf[:attributes])
|
|
194
|
+
raise "Could not resolve #{target} to valid input." if profile.nil?
|
|
195
|
+
@target_profiles << profile if supports_profile?(profile)
|
|
196
|
+
end
|
|
197
|
+
|
|
198
|
+
def supports_profile?(profile)
|
|
199
|
+
return true if @ignore_supports
|
|
200
|
+
|
|
201
|
+
if !profile.supports_runtime?
|
|
202
|
+
raise 'This profile requires InSpec version '\
|
|
203
|
+
"#{profile.metadata.inspec_requirement}. You are running "\
|
|
204
|
+
"InSpec v#{Inspec::VERSION}.\n"
|
|
205
|
+
end
|
|
206
|
+
|
|
207
|
+
if !profile.supports_platform?
|
|
208
|
+
raise "This OS/platform (#{@backend.platform.name}/#{@backend.platform.release}) is not supported by this profile."
|
|
209
|
+
end
|
|
210
|
+
|
|
211
|
+
true
|
|
212
|
+
end
|
|
213
|
+
|
|
214
|
+
# In some places we read the rules off of the runner, in other
|
|
215
|
+
# places we read it off of the profile context. To keep the API's
|
|
216
|
+
# the same, we provide an #all_rules method here as well.
|
|
217
|
+
def all_rules
|
|
218
|
+
@rules
|
|
219
|
+
end
|
|
220
|
+
|
|
221
|
+
def register_rules(ctx)
|
|
222
|
+
new_tests = false
|
|
223
|
+
ctx.rules.each do |rule_id, rule|
|
|
224
|
+
next if block_given? && !(yield rule_id, rule)
|
|
225
|
+
new_tests = true
|
|
226
|
+
register_rule(rule)
|
|
227
|
+
end
|
|
228
|
+
new_tests
|
|
229
|
+
end
|
|
230
|
+
|
|
231
|
+
def eval_with_virtual_profile(command)
|
|
232
|
+
require 'fetchers/mock'
|
|
233
|
+
add_target({ 'inspec.yml' => 'name: inspec-shell' })
|
|
234
|
+
our_profile = @target_profiles.first
|
|
235
|
+
ctx = our_profile.runner_context
|
|
236
|
+
|
|
237
|
+
# Load local profile dependencies. This is used in inspec shell
|
|
238
|
+
# to provide access to local profiles that add resources.
|
|
239
|
+
@depends
|
|
240
|
+
.map { |x| Inspec::Profile.for_path(x, { profile_context: ctx }) }
|
|
241
|
+
.each(&:load_libraries)
|
|
242
|
+
|
|
243
|
+
ctx.load(command)
|
|
244
|
+
end
|
|
245
|
+
|
|
246
|
+
private
|
|
247
|
+
|
|
248
|
+
def block_source_info(block)
|
|
249
|
+
return {} if block.nil? || !block.respond_to?(:source_location)
|
|
250
|
+
opts = {}
|
|
251
|
+
file_path, line = block.source_location
|
|
252
|
+
opts['file_path'] = file_path
|
|
253
|
+
opts['line_number'] = line
|
|
254
|
+
opts
|
|
255
|
+
end
|
|
256
|
+
|
|
257
|
+
def get_check_example(method_name, arg, block)
|
|
258
|
+
opts = block_source_info(block)
|
|
259
|
+
|
|
260
|
+
return nil if arg.empty?
|
|
261
|
+
|
|
262
|
+
resource = arg[0]
|
|
263
|
+
# check to see if we are using a filtertable object
|
|
264
|
+
resource = arg[0].resource if arg[0].class.superclass == FilterTable::Table
|
|
265
|
+
if resource.respond_to?(:resource_skipped?) && resource.resource_skipped?
|
|
266
|
+
return rspec_skipped_block(arg, opts, resource.resource_exception_message)
|
|
267
|
+
end
|
|
268
|
+
|
|
269
|
+
if resource.respond_to?(:resource_failed?) && resource.resource_failed?
|
|
270
|
+
return rspec_failed_block(arg, opts, resource.resource_exception_message)
|
|
271
|
+
end
|
|
272
|
+
|
|
273
|
+
# If neither skipped nor failed then add the resource
|
|
274
|
+
add_resource(method_name, arg, opts, block)
|
|
275
|
+
end
|
|
276
|
+
|
|
277
|
+
def register_rule(rule)
|
|
278
|
+
Inspec::Log.debug "Registering rule #{rule}"
|
|
279
|
+
@rules << rule
|
|
280
|
+
checks = ::Inspec::Rule.prepare_checks(rule)
|
|
281
|
+
examples = checks.flat_map do |m, a, b|
|
|
282
|
+
get_check_example(m, a, b)
|
|
283
|
+
end.compact
|
|
284
|
+
|
|
285
|
+
examples.each { |e| @test_collector.add_test(e, rule) }
|
|
286
|
+
end
|
|
287
|
+
|
|
288
|
+
def validate_attributes_file_readability!(target)
|
|
289
|
+
unless File.exist?(target)
|
|
290
|
+
raise Inspec::Exceptions::AttributesFileDoesNotExist,
|
|
291
|
+
"Cannot find attributes file '#{target}'. " \
|
|
292
|
+
'Check to make sure file exists.'
|
|
293
|
+
end
|
|
294
|
+
|
|
295
|
+
unless File.readable?(target)
|
|
296
|
+
raise Inspec::Exceptions::AttributesFileNotReadable,
|
|
297
|
+
"Cannot read attributes file '#{target}'. " \
|
|
298
|
+
'Check to make sure file is readable.'
|
|
299
|
+
end
|
|
300
|
+
|
|
301
|
+
true
|
|
302
|
+
end
|
|
303
|
+
|
|
304
|
+
def rspec_skipped_block(arg, opts, message)
|
|
305
|
+
@test_collector.example_group(*arg, opts) do
|
|
306
|
+
# Send custom `it` block to RSpec
|
|
307
|
+
it message
|
|
308
|
+
end
|
|
309
|
+
end
|
|
310
|
+
|
|
311
|
+
def rspec_failed_block(arg, opts, message)
|
|
312
|
+
@test_collector.example_group(*arg, opts) do
|
|
313
|
+
# Send custom `it` block to RSpec
|
|
314
|
+
it '' do
|
|
315
|
+
# Raising here to fail the test and get proper formatting
|
|
316
|
+
raise Inspec::Exceptions::ResourceFailed, message
|
|
317
|
+
end
|
|
318
|
+
end
|
|
319
|
+
end
|
|
320
|
+
|
|
321
|
+
def add_resource(method_name, arg, opts, block)
|
|
322
|
+
case method_name
|
|
323
|
+
when 'describe'
|
|
324
|
+
@test_collector.example_group(*arg, opts, &block)
|
|
325
|
+
when 'expect'
|
|
326
|
+
block.example_group
|
|
327
|
+
when 'describe.one'
|
|
328
|
+
tests = arg.map do |x|
|
|
329
|
+
@test_collector.example_group(x[1][0], block_source_info(x[2]), &x[2])
|
|
330
|
+
end
|
|
331
|
+
return nil if tests.empty?
|
|
332
|
+
|
|
333
|
+
successful_tests = tests.find_all(&:run)
|
|
334
|
+
|
|
335
|
+
# Return all tests if none succeeds; we will just report full failure
|
|
336
|
+
return tests if successful_tests.empty?
|
|
337
|
+
|
|
338
|
+
successful_tests
|
|
339
|
+
else
|
|
340
|
+
raise "A rule was registered with #{method_name.inspect}," \
|
|
341
|
+
"which isn't understood and cannot be processed."
|
|
342
|
+
end
|
|
343
|
+
end
|
|
344
|
+
end
|
|
345
|
+
end
|