inspec-core 2.3.5 → 2.3.10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +21 -8
- data/lib/bundles/inspec-compliance/api.rb +3 -353
- data/lib/bundles/inspec-compliance/configuration.rb +3 -102
- data/lib/bundles/inspec-compliance/http.rb +3 -115
- data/lib/bundles/inspec-compliance/support.rb +3 -35
- data/lib/bundles/inspec-compliance/target.rb +3 -142
- data/lib/inspec/base_cli.rb +4 -1
- data/lib/inspec/cli.rb +1 -1
- data/lib/inspec/control_eval_context.rb +2 -2
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +3 -3
- data/lib/{bundles → plugins}/inspec-compliance/README.md +0 -0
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +12 -0
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +358 -0
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +192 -0
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +266 -0
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +103 -0
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +116 -0
- data/lib/{bundles → plugins/inspec-compliance/lib}/inspec-compliance/images/cc-token.png +0 -0
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +36 -0
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +143 -0
- data/lib/plugins/inspec-compliance/test/functional/inspec_compliance_test.rb +43 -0
- data/lib/{bundles → plugins}/inspec-compliance/test/integration/default/cli.rb +0 -0
- data/lib/plugins/inspec-compliance/test/unit/api/login_test.rb +190 -0
- data/lib/plugins/inspec-compliance/test/unit/api_test.rb +385 -0
- data/lib/plugins/inspec-compliance/test/unit/target_test.rb +155 -0
- data/lib/resources/processes.rb +19 -3
- metadata +17 -10
- data/lib/bundles/inspec-compliance.rb +0 -16
- data/lib/bundles/inspec-compliance/.kitchen.yml +0 -20
- data/lib/bundles/inspec-compliance/api/login.rb +0 -193
- data/lib/bundles/inspec-compliance/bootstrap.sh +0 -41
- data/lib/bundles/inspec-compliance/cli.rb +0 -276
@@ -0,0 +1,190 @@
|
|
1
|
+
require 'minitest/autorun'
|
2
|
+
require 'mocha/setup'
|
3
|
+
require 'webmock/minitest'
|
4
|
+
require_relative '../../../lib/inspec-compliance/api.rb'
|
5
|
+
|
6
|
+
describe InspecPlugins::Compliance::API do
|
7
|
+
let(:automate_options) do
|
8
|
+
{
|
9
|
+
'server' => 'https://automate.example.com',
|
10
|
+
'ent' => 'automate',
|
11
|
+
'user' => 'someone',
|
12
|
+
'token' => 'token',
|
13
|
+
}
|
14
|
+
end
|
15
|
+
|
16
|
+
let(:compliance_options) do
|
17
|
+
{
|
18
|
+
'server' => 'https://compliance.example.com',
|
19
|
+
'user' => 'someone',
|
20
|
+
'password' => 'password',
|
21
|
+
'token' => 'token',
|
22
|
+
'refresh_token' => 'refresh_token',
|
23
|
+
}
|
24
|
+
end
|
25
|
+
|
26
|
+
let(:fake_config) do
|
27
|
+
class FakeConfig
|
28
|
+
def initialize
|
29
|
+
@config = {}
|
30
|
+
end
|
31
|
+
|
32
|
+
def [](key)
|
33
|
+
@config[key]
|
34
|
+
end
|
35
|
+
|
36
|
+
def []=(key, value)
|
37
|
+
@config[key] = value
|
38
|
+
end
|
39
|
+
|
40
|
+
def clean
|
41
|
+
@config = {}
|
42
|
+
end
|
43
|
+
|
44
|
+
def store
|
45
|
+
nil
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
FakeConfig.new
|
50
|
+
end
|
51
|
+
|
52
|
+
describe '.login' do
|
53
|
+
describe 'when target is a Chef Automate2 server' do
|
54
|
+
before do
|
55
|
+
InspecPlugins::Compliance::API.expects(:determine_server_type).returns(:automate2)
|
56
|
+
end
|
57
|
+
|
58
|
+
it 'raises an error if `--user` is missing' do
|
59
|
+
options = automate_options
|
60
|
+
options.delete('user')
|
61
|
+
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
62
|
+
err.message.must_match(/Please specify a user.*/)
|
63
|
+
err.message.lines.length.must_equal(1)
|
64
|
+
end
|
65
|
+
|
66
|
+
it 'raises an error if `--token` and `--dctoken` are missing' do
|
67
|
+
options = automate_options
|
68
|
+
options.delete('token')
|
69
|
+
options.delete('dctoken')
|
70
|
+
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
71
|
+
err.message.must_match(/Please specify a token.*/)
|
72
|
+
err.message.lines.length.must_equal(1)
|
73
|
+
end
|
74
|
+
|
75
|
+
it 'stores an access token' do
|
76
|
+
stub_request(:get, automate_options['server'] + '/compliance/version')
|
77
|
+
.to_return(status: 200, body: '', headers: {})
|
78
|
+
options = automate_options
|
79
|
+
InspecPlugins::Compliance::Configuration.expects(:new).returns(fake_config)
|
80
|
+
|
81
|
+
InspecPlugins::Compliance::API.login(options)
|
82
|
+
fake_config['automate']['ent'].must_equal('automate')
|
83
|
+
fake_config['automate']['token_type'].must_equal('dctoken')
|
84
|
+
fake_config['user'].must_equal('someone')
|
85
|
+
fake_config['server'].must_equal('https://automate.example.com/api/v0')
|
86
|
+
fake_config['server_type'].must_equal('automate2')
|
87
|
+
fake_config['token'].must_equal('token')
|
88
|
+
end
|
89
|
+
end
|
90
|
+
|
91
|
+
describe 'when target is a Chef Automate server' do
|
92
|
+
before do
|
93
|
+
InspecPlugins::Compliance::API.expects(:determine_server_type).returns(:automate)
|
94
|
+
end
|
95
|
+
|
96
|
+
it 'raises an error if `--user` is missing' do
|
97
|
+
options = automate_options
|
98
|
+
options.delete('user')
|
99
|
+
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
100
|
+
err.message.must_match(/Please specify a user.*/)
|
101
|
+
err.message.lines.length.must_equal(1)
|
102
|
+
end
|
103
|
+
|
104
|
+
it 'raises an error if `--ent` is missing' do
|
105
|
+
options = automate_options
|
106
|
+
options.delete('ent')
|
107
|
+
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
108
|
+
err.message.must_match(/Please specify an enterprise.*/)
|
109
|
+
err.message.lines.length.must_equal(1)
|
110
|
+
end
|
111
|
+
|
112
|
+
it 'raises an error if `--token` and `--dctoken` are missing' do
|
113
|
+
options = automate_options
|
114
|
+
options.delete('token')
|
115
|
+
options.delete('dctoken')
|
116
|
+
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
117
|
+
err.message.must_match(/Please specify a token.*/)
|
118
|
+
err.message.lines.length.must_equal(1)
|
119
|
+
end
|
120
|
+
|
121
|
+
it 'stores an access token' do
|
122
|
+
stub_request(:get, automate_options['server'] + '/compliance/version')
|
123
|
+
.to_return(status: 200, body: '', headers: {})
|
124
|
+
options = automate_options
|
125
|
+
InspecPlugins::Compliance::Configuration.expects(:new).returns(fake_config)
|
126
|
+
|
127
|
+
InspecPlugins::Compliance::API.login(options)
|
128
|
+
fake_config['automate']['ent'].must_equal('automate')
|
129
|
+
fake_config['automate']['token_type'].must_equal('usertoken')
|
130
|
+
fake_config['user'].must_equal('someone')
|
131
|
+
fake_config['server'].must_equal('https://automate.example.com/compliance')
|
132
|
+
fake_config['server_type'].must_equal('automate')
|
133
|
+
fake_config['token'].must_equal('token')
|
134
|
+
end
|
135
|
+
end
|
136
|
+
|
137
|
+
describe 'when target is a Chef Compliance server' do
|
138
|
+
before do
|
139
|
+
InspecPlugins::Compliance::API.expects(:determine_server_type).returns(:compliance)
|
140
|
+
end
|
141
|
+
|
142
|
+
it 'raises an error if `--user` and `--refresh-token` are missing' do
|
143
|
+
options = automate_options
|
144
|
+
options.delete('user')
|
145
|
+
options.delete('refresh_token')
|
146
|
+
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
147
|
+
err.message.must_match(/Please specify a.*--user.*--refresh-token.*/)
|
148
|
+
err.message.lines.length.must_equal(1)
|
149
|
+
end
|
150
|
+
|
151
|
+
it 'raises an error if `--user` is present but authentication method missing' do
|
152
|
+
options = automate_options
|
153
|
+
options.delete('password')
|
154
|
+
options.delete('token')
|
155
|
+
options.delete('refresh_token')
|
156
|
+
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
157
|
+
err.message.must_match(/Please specify.*--password.*--token.*--refresh-token.*/)
|
158
|
+
err.message.lines.length.must_equal(1)
|
159
|
+
end
|
160
|
+
|
161
|
+
it 'stores an access token' do
|
162
|
+
stub_request(:get, compliance_options['server'] + '/api/version')
|
163
|
+
.to_return(status: 200, body: '', headers: {})
|
164
|
+
options = compliance_options
|
165
|
+
InspecPlugins::Compliance::Configuration.expects(:new).returns(fake_config)
|
166
|
+
|
167
|
+
InspecPlugins::Compliance::API.login(options)
|
168
|
+
fake_config['user'].must_equal('someone')
|
169
|
+
fake_config['server'].must_equal('https://compliance.example.com/api')
|
170
|
+
fake_config['server_type'].must_equal('compliance')
|
171
|
+
fake_config['token'].must_equal('token')
|
172
|
+
end
|
173
|
+
end
|
174
|
+
|
175
|
+
describe 'when target is neither a Chef Compliance nor Chef Automate server' do
|
176
|
+
it 'raises an error if `https://SERVER` is missing' do
|
177
|
+
options = {}
|
178
|
+
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
179
|
+
err.message.must_match(/Please specify a server.*/)
|
180
|
+
err.message.lines.length.must_equal(1)
|
181
|
+
end
|
182
|
+
|
183
|
+
it 'rasies a `CannotDetermineServerType` error' do
|
184
|
+
InspecPlugins::Compliance::API.expects(:determine_server_type).returns(nil)
|
185
|
+
err = proc { InspecPlugins::Compliance::API.login(automate_options) }.must_raise(StandardError)
|
186
|
+
err.message.must_match(/Unable to determine/)
|
187
|
+
end
|
188
|
+
end
|
189
|
+
end
|
190
|
+
end
|
@@ -0,0 +1,385 @@
|
|
1
|
+
require 'minitest/autorun'
|
2
|
+
require 'mocha/setup'
|
3
|
+
require_relative '../../lib/inspec-compliance/api.rb'
|
4
|
+
|
5
|
+
describe InspecPlugins::Compliance::API do
|
6
|
+
let(:profiles_response) do
|
7
|
+
[{ 'name'=>'apache-baseline',
|
8
|
+
'title'=>'DevSec Apache Baseline',
|
9
|
+
'maintainer'=>'DevSec Hardening Framework Team',
|
10
|
+
'copyright'=>'DevSec Hardening Framework Team',
|
11
|
+
'copyright_email'=>'hello@dev-sec.io',
|
12
|
+
'license'=>'Apache 2 license',
|
13
|
+
'summary'=>'Test-suite for best-practice apache hardening',
|
14
|
+
'version'=>'2.0.2',
|
15
|
+
'supports'=>[{ 'os-family'=>'unix' }],
|
16
|
+
'depends'=>nil,
|
17
|
+
'owner_id'=>'admin' },
|
18
|
+
{ 'name'=>'apache-baseline',
|
19
|
+
'title'=>'DevSec Apache Baseline',
|
20
|
+
'maintainer'=>'Hardening Framework Team',
|
21
|
+
'copyright'=>'Hardening Framework Team',
|
22
|
+
'copyright_email'=>'hello@dev-sec.io',
|
23
|
+
'license'=>'Apache 2 license',
|
24
|
+
'summary'=>'Test-suite for best-practice apache hardening',
|
25
|
+
'version'=>'2.0.1',
|
26
|
+
'supports'=>[{ 'os-family'=>'unix' }],
|
27
|
+
'depends'=>nil,
|
28
|
+
'latest_version'=>'2.0.2',
|
29
|
+
'owner_id'=>'admin' },
|
30
|
+
{ 'name'=>'cis-aix-5.3-6.1-level1',
|
31
|
+
'title'=>'CIS AIX 5.3 and AIX 6.1 Benchmark Level 1',
|
32
|
+
'maintainer'=>'Chef Software, Inc.',
|
33
|
+
'copyright'=>'Chef Software, Inc.',
|
34
|
+
'copyright_email'=>'support@chef.io',
|
35
|
+
'license'=>'Proprietary, All rights reserved',
|
36
|
+
'summary'=>'CIS AIX 5.3 and AIX 6.1 Benchmark Level 1 translated from SCAP',
|
37
|
+
'version'=>'1.1.0',
|
38
|
+
'supports'=>nil,
|
39
|
+
'depends'=>nil,
|
40
|
+
'latest_version'=>'1.1.0-3',
|
41
|
+
'owner_id'=>'admin' }]
|
42
|
+
end
|
43
|
+
|
44
|
+
describe '.version' do
|
45
|
+
let(:headers) { 'test-headers' }
|
46
|
+
let(:config) do
|
47
|
+
{
|
48
|
+
'server' => 'myserver',
|
49
|
+
'insecure' => true,
|
50
|
+
}
|
51
|
+
end
|
52
|
+
|
53
|
+
before do
|
54
|
+
InspecPlugins::Compliance::API.expects(:get_headers).returns(headers)
|
55
|
+
end
|
56
|
+
|
57
|
+
describe 'when a 404 is received' do
|
58
|
+
it 'should return an empty hash' do
|
59
|
+
response = mock
|
60
|
+
response.stubs(:code).returns('404')
|
61
|
+
InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
|
62
|
+
InspecPlugins::Compliance::API.version(config).must_equal({})
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
describe 'when the returned body is nil' do
|
67
|
+
it 'should return an empty hash' do
|
68
|
+
response = mock
|
69
|
+
response.stubs(:code).returns('200')
|
70
|
+
response.stubs(:body).returns(nil)
|
71
|
+
InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
|
72
|
+
InspecPlugins::Compliance::API.version(config).must_equal({})
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
describe 'when the returned body is an empty string' do
|
77
|
+
it 'should return an empty hash' do
|
78
|
+
response = mock
|
79
|
+
response.stubs(:code).returns('200')
|
80
|
+
response.stubs(:body).returns('')
|
81
|
+
InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
|
82
|
+
InspecPlugins::Compliance::API.version(config).must_equal({})
|
83
|
+
end
|
84
|
+
end
|
85
|
+
|
86
|
+
describe 'when the returned body has no version key' do
|
87
|
+
it 'should return an empty hash' do
|
88
|
+
response = mock
|
89
|
+
response.stubs(:code).returns('200')
|
90
|
+
response.stubs(:body).returns('{"api":"compliance"}')
|
91
|
+
InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
|
92
|
+
InspecPlugins::Compliance::API.version(config).must_equal({})
|
93
|
+
end
|
94
|
+
end
|
95
|
+
|
96
|
+
describe 'when the returned body has an empty version key' do
|
97
|
+
it 'should return an empty hash' do
|
98
|
+
response = mock
|
99
|
+
response.stubs(:code).returns('200')
|
100
|
+
response.stubs(:body).returns('{"api":"compliance","version":""}')
|
101
|
+
InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
|
102
|
+
InspecPlugins::Compliance::API.version(config).must_equal({})
|
103
|
+
end
|
104
|
+
end
|
105
|
+
|
106
|
+
describe 'when the returned body has a proper version' do
|
107
|
+
it 'should return an empty hash' do
|
108
|
+
response = mock
|
109
|
+
response.stubs(:code).returns('200')
|
110
|
+
response.stubs(:body).returns('{"api":"compliance","version":"1.2.3"}')
|
111
|
+
InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
|
112
|
+
InspecPlugins::Compliance::API.version(config).must_equal({ 'version' => '1.2.3', 'api' => 'compliance' })
|
113
|
+
end
|
114
|
+
end
|
115
|
+
end
|
116
|
+
|
117
|
+
describe 'automate/compliance is? checks' do
|
118
|
+
describe 'when the config has a compliance server_type' do
|
119
|
+
it 'automate/compliance server is? methods return correctly' do
|
120
|
+
config = InspecPlugins::Compliance::Configuration.new
|
121
|
+
config.clean
|
122
|
+
config['server_type'] = 'compliance'
|
123
|
+
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal true
|
124
|
+
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal false
|
125
|
+
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal false
|
126
|
+
InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
|
127
|
+
InspecPlugins::Compliance::API.is_automate2_server?(config).must_equal false
|
128
|
+
end
|
129
|
+
end
|
130
|
+
|
131
|
+
describe 'when the config has a automate2 server_type' do
|
132
|
+
it 'automate/compliance server is? methods return correctly' do
|
133
|
+
config = InspecPlugins::Compliance::Configuration.new
|
134
|
+
config.clean
|
135
|
+
config['server_type'] = 'automate2'
|
136
|
+
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
137
|
+
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal false
|
138
|
+
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal false
|
139
|
+
InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
|
140
|
+
InspecPlugins::Compliance::API.is_automate2_server?(config).must_equal true
|
141
|
+
end
|
142
|
+
end
|
143
|
+
|
144
|
+
describe 'when the config has an automate server_type and no version key' do
|
145
|
+
it 'automate/compliance server is? methods return correctly' do
|
146
|
+
config = InspecPlugins::Compliance::Configuration.new
|
147
|
+
config.clean
|
148
|
+
config['server_type'] = 'automate'
|
149
|
+
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
150
|
+
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
|
151
|
+
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal true
|
152
|
+
InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
|
153
|
+
InspecPlugins::Compliance::API.is_automate2_server?(config).must_equal false
|
154
|
+
end
|
155
|
+
end
|
156
|
+
|
157
|
+
describe 'when the config has an automate server_type and a version key that is not a hash' do
|
158
|
+
it 'automate/compliance server is? methods return correctly' do
|
159
|
+
config = InspecPlugins::Compliance::Configuration.new
|
160
|
+
config.clean
|
161
|
+
config['server_type'] = 'automate'
|
162
|
+
config['version'] = '1.2.3'
|
163
|
+
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
164
|
+
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
|
165
|
+
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal true
|
166
|
+
InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
|
167
|
+
InspecPlugins::Compliance::API.is_automate2_server?(config).must_equal false
|
168
|
+
end
|
169
|
+
end
|
170
|
+
|
171
|
+
describe 'when the config has an automate server_type and a version hash with no version' do
|
172
|
+
it 'automate/compliance server is? methods return correctly' do
|
173
|
+
config = InspecPlugins::Compliance::Configuration.new
|
174
|
+
config.clean
|
175
|
+
config['server_type'] = 'automate'
|
176
|
+
config['version'] = {}
|
177
|
+
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
178
|
+
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
|
179
|
+
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal true
|
180
|
+
InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
|
181
|
+
end
|
182
|
+
end
|
183
|
+
|
184
|
+
describe 'when the config has an automate server_type and a version hash with a version' do
|
185
|
+
it 'automate/compliance server is? methods return correctly' do
|
186
|
+
config = InspecPlugins::Compliance::Configuration.new
|
187
|
+
config.clean
|
188
|
+
config['server_type'] = 'automate'
|
189
|
+
config['version'] = { 'version' => '0.8.1' }
|
190
|
+
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
191
|
+
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
|
192
|
+
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal false
|
193
|
+
InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal true
|
194
|
+
end
|
195
|
+
end
|
196
|
+
end
|
197
|
+
|
198
|
+
describe '.server_version_from_config' do
|
199
|
+
it 'returns nil when the config has no version key' do
|
200
|
+
config = {}
|
201
|
+
InspecPlugins::Compliance::API.server_version_from_config(config).must_be_nil
|
202
|
+
end
|
203
|
+
|
204
|
+
it 'returns nil when the version value is not a hash' do
|
205
|
+
config = { 'version' => '123' }
|
206
|
+
InspecPlugins::Compliance::API.server_version_from_config(config).must_be_nil
|
207
|
+
end
|
208
|
+
|
209
|
+
it 'returns nil when the version value is a hash but has no version key inside' do
|
210
|
+
config = { 'version' => {} }
|
211
|
+
InspecPlugins::Compliance::API.server_version_from_config(config).must_be_nil
|
212
|
+
end
|
213
|
+
|
214
|
+
it 'returns the version if the version value is a hash containing a version' do
|
215
|
+
config = { 'version' => { 'version' => '1.2.3' } }
|
216
|
+
InspecPlugins::Compliance::API.server_version_from_config(config).must_equal '1.2.3'
|
217
|
+
end
|
218
|
+
end
|
219
|
+
|
220
|
+
describe 'profile_split' do
|
221
|
+
it 'handles a profile without version' do
|
222
|
+
InspecPlugins::Compliance::API.profile_split('admin/apache-baseline').must_equal ['admin', 'apache-baseline', nil]
|
223
|
+
end
|
224
|
+
|
225
|
+
it 'handles a profile with a version' do
|
226
|
+
InspecPlugins::Compliance::API.profile_split('admin/apache-baseline#2.0.1').must_equal ['admin', 'apache-baseline', '2.0.1']
|
227
|
+
end
|
228
|
+
end
|
229
|
+
|
230
|
+
describe 'target_url' do
|
231
|
+
it 'handles a automate profile with and without version' do
|
232
|
+
config = InspecPlugins::Compliance::Configuration.new
|
233
|
+
config.clean
|
234
|
+
config['server_type'] = 'automate'
|
235
|
+
config['server'] = 'https://myautomate'
|
236
|
+
config['version'] = '1.6.99'
|
237
|
+
InspecPlugins::Compliance::API.target_url(config, 'admin/apache-baseline').must_equal 'https://myautomate/profiles/admin/apache-baseline/tar'
|
238
|
+
InspecPlugins::Compliance::API.target_url(config, 'admin/apache-baseline#2.0.2').must_equal 'https://myautomate/profiles/admin/apache-baseline/version/2.0.2/tar'
|
239
|
+
end
|
240
|
+
|
241
|
+
it 'handles a chef-compliance profile with and without version' do
|
242
|
+
config = InspecPlugins::Compliance::Configuration.new
|
243
|
+
config.clean
|
244
|
+
config['server_type'] = 'compliance'
|
245
|
+
config['server'] = 'https://mychefcompliance'
|
246
|
+
config['version'] = '1.1.2'
|
247
|
+
InspecPlugins::Compliance::API.target_url(config, 'admin/apache-baseline').must_equal 'https://mychefcompliance/owners/admin/compliance/apache-baseline/tar'
|
248
|
+
InspecPlugins::Compliance::API.target_url(config, 'admin/apache-baseline#2.0.2').must_equal 'https://mychefcompliance/owners/admin/compliance/apache-baseline/tar'
|
249
|
+
end
|
250
|
+
end
|
251
|
+
|
252
|
+
describe 'exist?' do
|
253
|
+
it 'works with profiles returned by Automate' do
|
254
|
+
# ruby 2.3.3 has issues running stub_requests properly
|
255
|
+
# skipping for that specific version
|
256
|
+
return if RUBY_VERSION = '2.3.3'
|
257
|
+
|
258
|
+
config = InspecPlugins::Compliance::Configuration.new
|
259
|
+
config.clean
|
260
|
+
config['owner'] = 'admin'
|
261
|
+
config['server_type'] = 'automate'
|
262
|
+
config['server'] = 'https://myautomate'
|
263
|
+
config['version'] = '1.6.99'
|
264
|
+
config['automate'] = { 'ent'=>'automate', 'token_type'=>'dctoken' }
|
265
|
+
config['version'] = { 'api'=> 'compliance', 'version'=>'0.8.24' }
|
266
|
+
|
267
|
+
stub_request(:get, 'https://myautomate/profiles/admin')
|
268
|
+
.with(headers: { 'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'Chef-Delivery-Enterprise'=>'automate', 'User-Agent'=>'Ruby', 'X-Data-Collector-Token'=>'' })
|
269
|
+
.to_return(status: 200, body: profiles_response.to_json, headers: {})
|
270
|
+
|
271
|
+
InspecPlugins::Compliance::API.exist?(config, 'admin/apache-baseline').must_equal true
|
272
|
+
InspecPlugins::Compliance::API.exist?(config, 'admin/apache-baseline#2.0.1').must_equal true
|
273
|
+
InspecPlugins::Compliance::API.exist?(config, 'admin/apache-baseline#2.0.999').must_equal false
|
274
|
+
InspecPlugins::Compliance::API.exist?(config, 'admin/missing-in-action').must_equal false
|
275
|
+
end
|
276
|
+
end
|
277
|
+
|
278
|
+
describe '.determine_server_type' do
|
279
|
+
let(:url) { 'https://someserver.onthe.net/' }
|
280
|
+
|
281
|
+
let(:compliance_endpoint) { '/api/version' }
|
282
|
+
let(:automate_endpoint) { '/compliance/version' }
|
283
|
+
let(:automate2_endpoint) { '/dex/auth' }
|
284
|
+
let(:headers) { nil }
|
285
|
+
let(:insecure) { true }
|
286
|
+
|
287
|
+
let(:good_response) { mock }
|
288
|
+
let(:bad_response) { mock }
|
289
|
+
|
290
|
+
it 'returns `:automate2` when a 400 is received from `https://URL/dex/auth`' do
|
291
|
+
good_response.stubs(:code).returns('400')
|
292
|
+
|
293
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
294
|
+
.with(url + automate2_endpoint, headers, insecure)
|
295
|
+
.returns(good_response)
|
296
|
+
|
297
|
+
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:automate2)
|
298
|
+
end
|
299
|
+
|
300
|
+
it 'returns `:automate` when a 401 is received from `https://URL/compliance/version`' do
|
301
|
+
good_response.stubs(:code).returns('401')
|
302
|
+
bad_response.stubs(:code).returns('404')
|
303
|
+
|
304
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
305
|
+
.with(url + automate2_endpoint, headers, insecure)
|
306
|
+
.returns(bad_response)
|
307
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
308
|
+
.with(url + automate_endpoint, headers, insecure)
|
309
|
+
.returns(good_response)
|
310
|
+
|
311
|
+
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:automate)
|
312
|
+
end
|
313
|
+
|
314
|
+
# Chef Automate currently returns 401 for `/compliance/version` but some
|
315
|
+
# versions of OpsWorks Chef Automate return 200 and a Chef Manage page when
|
316
|
+
# unauthenticated requests are received.
|
317
|
+
it 'returns `:automate` when a 200 is received from `https://URL/compliance/version`' do
|
318
|
+
bad_response.stubs(:code).returns('404')
|
319
|
+
good_response.stubs(:code).returns('200')
|
320
|
+
good_response.stubs(:body).returns('Are You Looking For the Chef Server?')
|
321
|
+
|
322
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
323
|
+
.with(url + automate2_endpoint, headers, insecure)
|
324
|
+
.returns(bad_response)
|
325
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
326
|
+
.with(url + automate_endpoint, headers, insecure)
|
327
|
+
.returns(good_response)
|
328
|
+
|
329
|
+
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:automate)
|
330
|
+
end
|
331
|
+
|
332
|
+
it 'returns `nil` if a 200 is received from `https://URL/compliance/version` but not redirected to Chef Manage' do
|
333
|
+
bad_response.stubs(:code).returns('200')
|
334
|
+
bad_response.stubs(:body).returns('No Chef Manage here')
|
335
|
+
|
336
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
337
|
+
.with(url + automate_endpoint, headers, insecure)
|
338
|
+
.returns(bad_response)
|
339
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
340
|
+
.with(url + automate2_endpoint, headers, insecure)
|
341
|
+
.returns(bad_response)
|
342
|
+
|
343
|
+
mock_compliance_response = mock
|
344
|
+
mock_compliance_response.stubs(:code).returns('404')
|
345
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
346
|
+
.with(url + compliance_endpoint, headers, insecure)
|
347
|
+
.returns(mock_compliance_response)
|
348
|
+
|
349
|
+
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_be_nil
|
350
|
+
end
|
351
|
+
|
352
|
+
it 'returns `:compliance` when a 200 is received from `https://URL/api/version`' do
|
353
|
+
good_response.stubs(:code).returns('200')
|
354
|
+
bad_response.stubs(:code).returns('404')
|
355
|
+
|
356
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
357
|
+
.with(url + automate_endpoint, headers, insecure)
|
358
|
+
.returns(bad_response)
|
359
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
360
|
+
.with(url + automate2_endpoint, headers, insecure)
|
361
|
+
.returns(bad_response)
|
362
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
363
|
+
.with(url + compliance_endpoint, headers, insecure)
|
364
|
+
.returns(good_response)
|
365
|
+
|
366
|
+
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:compliance)
|
367
|
+
end
|
368
|
+
|
369
|
+
it 'returns `nil` if it cannot determine the server type' do
|
370
|
+
bad_response.stubs(:code).returns('404')
|
371
|
+
|
372
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
373
|
+
.with(url + automate2_endpoint, headers, insecure)
|
374
|
+
.returns(bad_response)
|
375
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
376
|
+
.with(url + automate_endpoint, headers, insecure)
|
377
|
+
.returns(bad_response)
|
378
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
379
|
+
.with(url + compliance_endpoint, headers, insecure)
|
380
|
+
.returns(bad_response)
|
381
|
+
|
382
|
+
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_be_nil
|
383
|
+
end
|
384
|
+
end
|
385
|
+
end
|