inspec-core 2.3.5 → 2.3.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +21 -8
- data/lib/bundles/inspec-compliance/api.rb +3 -353
- data/lib/bundles/inspec-compliance/configuration.rb +3 -102
- data/lib/bundles/inspec-compliance/http.rb +3 -115
- data/lib/bundles/inspec-compliance/support.rb +3 -35
- data/lib/bundles/inspec-compliance/target.rb +3 -142
- data/lib/inspec/base_cli.rb +4 -1
- data/lib/inspec/cli.rb +1 -1
- data/lib/inspec/control_eval_context.rb +2 -2
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +3 -3
- data/lib/{bundles → plugins}/inspec-compliance/README.md +0 -0
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +12 -0
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +358 -0
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +192 -0
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +266 -0
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +103 -0
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +116 -0
- data/lib/{bundles → plugins/inspec-compliance/lib}/inspec-compliance/images/cc-token.png +0 -0
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +36 -0
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +143 -0
- data/lib/plugins/inspec-compliance/test/functional/inspec_compliance_test.rb +43 -0
- data/lib/{bundles → plugins}/inspec-compliance/test/integration/default/cli.rb +0 -0
- data/lib/plugins/inspec-compliance/test/unit/api/login_test.rb +190 -0
- data/lib/plugins/inspec-compliance/test/unit/api_test.rb +385 -0
- data/lib/plugins/inspec-compliance/test/unit/target_test.rb +155 -0
- data/lib/resources/processes.rb +19 -3
- metadata +17 -10
- data/lib/bundles/inspec-compliance.rb +0 -16
- data/lib/bundles/inspec-compliance/.kitchen.yml +0 -20
- data/lib/bundles/inspec-compliance/api/login.rb +0 -193
- data/lib/bundles/inspec-compliance/bootstrap.sh +0 -41
- data/lib/bundles/inspec-compliance/cli.rb +0 -276
@@ -0,0 +1,190 @@
|
|
1
|
+
require 'minitest/autorun'
|
2
|
+
require 'mocha/setup'
|
3
|
+
require 'webmock/minitest'
|
4
|
+
require_relative '../../../lib/inspec-compliance/api.rb'
|
5
|
+
|
6
|
+
describe InspecPlugins::Compliance::API do
|
7
|
+
let(:automate_options) do
|
8
|
+
{
|
9
|
+
'server' => 'https://automate.example.com',
|
10
|
+
'ent' => 'automate',
|
11
|
+
'user' => 'someone',
|
12
|
+
'token' => 'token',
|
13
|
+
}
|
14
|
+
end
|
15
|
+
|
16
|
+
let(:compliance_options) do
|
17
|
+
{
|
18
|
+
'server' => 'https://compliance.example.com',
|
19
|
+
'user' => 'someone',
|
20
|
+
'password' => 'password',
|
21
|
+
'token' => 'token',
|
22
|
+
'refresh_token' => 'refresh_token',
|
23
|
+
}
|
24
|
+
end
|
25
|
+
|
26
|
+
let(:fake_config) do
|
27
|
+
class FakeConfig
|
28
|
+
def initialize
|
29
|
+
@config = {}
|
30
|
+
end
|
31
|
+
|
32
|
+
def [](key)
|
33
|
+
@config[key]
|
34
|
+
end
|
35
|
+
|
36
|
+
def []=(key, value)
|
37
|
+
@config[key] = value
|
38
|
+
end
|
39
|
+
|
40
|
+
def clean
|
41
|
+
@config = {}
|
42
|
+
end
|
43
|
+
|
44
|
+
def store
|
45
|
+
nil
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
FakeConfig.new
|
50
|
+
end
|
51
|
+
|
52
|
+
describe '.login' do
|
53
|
+
describe 'when target is a Chef Automate2 server' do
|
54
|
+
before do
|
55
|
+
InspecPlugins::Compliance::API.expects(:determine_server_type).returns(:automate2)
|
56
|
+
end
|
57
|
+
|
58
|
+
it 'raises an error if `--user` is missing' do
|
59
|
+
options = automate_options
|
60
|
+
options.delete('user')
|
61
|
+
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
62
|
+
err.message.must_match(/Please specify a user.*/)
|
63
|
+
err.message.lines.length.must_equal(1)
|
64
|
+
end
|
65
|
+
|
66
|
+
it 'raises an error if `--token` and `--dctoken` are missing' do
|
67
|
+
options = automate_options
|
68
|
+
options.delete('token')
|
69
|
+
options.delete('dctoken')
|
70
|
+
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
71
|
+
err.message.must_match(/Please specify a token.*/)
|
72
|
+
err.message.lines.length.must_equal(1)
|
73
|
+
end
|
74
|
+
|
75
|
+
it 'stores an access token' do
|
76
|
+
stub_request(:get, automate_options['server'] + '/compliance/version')
|
77
|
+
.to_return(status: 200, body: '', headers: {})
|
78
|
+
options = automate_options
|
79
|
+
InspecPlugins::Compliance::Configuration.expects(:new).returns(fake_config)
|
80
|
+
|
81
|
+
InspecPlugins::Compliance::API.login(options)
|
82
|
+
fake_config['automate']['ent'].must_equal('automate')
|
83
|
+
fake_config['automate']['token_type'].must_equal('dctoken')
|
84
|
+
fake_config['user'].must_equal('someone')
|
85
|
+
fake_config['server'].must_equal('https://automate.example.com/api/v0')
|
86
|
+
fake_config['server_type'].must_equal('automate2')
|
87
|
+
fake_config['token'].must_equal('token')
|
88
|
+
end
|
89
|
+
end
|
90
|
+
|
91
|
+
describe 'when target is a Chef Automate server' do
|
92
|
+
before do
|
93
|
+
InspecPlugins::Compliance::API.expects(:determine_server_type).returns(:automate)
|
94
|
+
end
|
95
|
+
|
96
|
+
it 'raises an error if `--user` is missing' do
|
97
|
+
options = automate_options
|
98
|
+
options.delete('user')
|
99
|
+
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
100
|
+
err.message.must_match(/Please specify a user.*/)
|
101
|
+
err.message.lines.length.must_equal(1)
|
102
|
+
end
|
103
|
+
|
104
|
+
it 'raises an error if `--ent` is missing' do
|
105
|
+
options = automate_options
|
106
|
+
options.delete('ent')
|
107
|
+
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
108
|
+
err.message.must_match(/Please specify an enterprise.*/)
|
109
|
+
err.message.lines.length.must_equal(1)
|
110
|
+
end
|
111
|
+
|
112
|
+
it 'raises an error if `--token` and `--dctoken` are missing' do
|
113
|
+
options = automate_options
|
114
|
+
options.delete('token')
|
115
|
+
options.delete('dctoken')
|
116
|
+
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
117
|
+
err.message.must_match(/Please specify a token.*/)
|
118
|
+
err.message.lines.length.must_equal(1)
|
119
|
+
end
|
120
|
+
|
121
|
+
it 'stores an access token' do
|
122
|
+
stub_request(:get, automate_options['server'] + '/compliance/version')
|
123
|
+
.to_return(status: 200, body: '', headers: {})
|
124
|
+
options = automate_options
|
125
|
+
InspecPlugins::Compliance::Configuration.expects(:new).returns(fake_config)
|
126
|
+
|
127
|
+
InspecPlugins::Compliance::API.login(options)
|
128
|
+
fake_config['automate']['ent'].must_equal('automate')
|
129
|
+
fake_config['automate']['token_type'].must_equal('usertoken')
|
130
|
+
fake_config['user'].must_equal('someone')
|
131
|
+
fake_config['server'].must_equal('https://automate.example.com/compliance')
|
132
|
+
fake_config['server_type'].must_equal('automate')
|
133
|
+
fake_config['token'].must_equal('token')
|
134
|
+
end
|
135
|
+
end
|
136
|
+
|
137
|
+
describe 'when target is a Chef Compliance server' do
|
138
|
+
before do
|
139
|
+
InspecPlugins::Compliance::API.expects(:determine_server_type).returns(:compliance)
|
140
|
+
end
|
141
|
+
|
142
|
+
it 'raises an error if `--user` and `--refresh-token` are missing' do
|
143
|
+
options = automate_options
|
144
|
+
options.delete('user')
|
145
|
+
options.delete('refresh_token')
|
146
|
+
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
147
|
+
err.message.must_match(/Please specify a.*--user.*--refresh-token.*/)
|
148
|
+
err.message.lines.length.must_equal(1)
|
149
|
+
end
|
150
|
+
|
151
|
+
it 'raises an error if `--user` is present but authentication method missing' do
|
152
|
+
options = automate_options
|
153
|
+
options.delete('password')
|
154
|
+
options.delete('token')
|
155
|
+
options.delete('refresh_token')
|
156
|
+
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
157
|
+
err.message.must_match(/Please specify.*--password.*--token.*--refresh-token.*/)
|
158
|
+
err.message.lines.length.must_equal(1)
|
159
|
+
end
|
160
|
+
|
161
|
+
it 'stores an access token' do
|
162
|
+
stub_request(:get, compliance_options['server'] + '/api/version')
|
163
|
+
.to_return(status: 200, body: '', headers: {})
|
164
|
+
options = compliance_options
|
165
|
+
InspecPlugins::Compliance::Configuration.expects(:new).returns(fake_config)
|
166
|
+
|
167
|
+
InspecPlugins::Compliance::API.login(options)
|
168
|
+
fake_config['user'].must_equal('someone')
|
169
|
+
fake_config['server'].must_equal('https://compliance.example.com/api')
|
170
|
+
fake_config['server_type'].must_equal('compliance')
|
171
|
+
fake_config['token'].must_equal('token')
|
172
|
+
end
|
173
|
+
end
|
174
|
+
|
175
|
+
describe 'when target is neither a Chef Compliance nor Chef Automate server' do
|
176
|
+
it 'raises an error if `https://SERVER` is missing' do
|
177
|
+
options = {}
|
178
|
+
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
179
|
+
err.message.must_match(/Please specify a server.*/)
|
180
|
+
err.message.lines.length.must_equal(1)
|
181
|
+
end
|
182
|
+
|
183
|
+
it 'rasies a `CannotDetermineServerType` error' do
|
184
|
+
InspecPlugins::Compliance::API.expects(:determine_server_type).returns(nil)
|
185
|
+
err = proc { InspecPlugins::Compliance::API.login(automate_options) }.must_raise(StandardError)
|
186
|
+
err.message.must_match(/Unable to determine/)
|
187
|
+
end
|
188
|
+
end
|
189
|
+
end
|
190
|
+
end
|
@@ -0,0 +1,385 @@
|
|
1
|
+
require 'minitest/autorun'
|
2
|
+
require 'mocha/setup'
|
3
|
+
require_relative '../../lib/inspec-compliance/api.rb'
|
4
|
+
|
5
|
+
describe InspecPlugins::Compliance::API do
|
6
|
+
let(:profiles_response) do
|
7
|
+
[{ 'name'=>'apache-baseline',
|
8
|
+
'title'=>'DevSec Apache Baseline',
|
9
|
+
'maintainer'=>'DevSec Hardening Framework Team',
|
10
|
+
'copyright'=>'DevSec Hardening Framework Team',
|
11
|
+
'copyright_email'=>'hello@dev-sec.io',
|
12
|
+
'license'=>'Apache 2 license',
|
13
|
+
'summary'=>'Test-suite for best-practice apache hardening',
|
14
|
+
'version'=>'2.0.2',
|
15
|
+
'supports'=>[{ 'os-family'=>'unix' }],
|
16
|
+
'depends'=>nil,
|
17
|
+
'owner_id'=>'admin' },
|
18
|
+
{ 'name'=>'apache-baseline',
|
19
|
+
'title'=>'DevSec Apache Baseline',
|
20
|
+
'maintainer'=>'Hardening Framework Team',
|
21
|
+
'copyright'=>'Hardening Framework Team',
|
22
|
+
'copyright_email'=>'hello@dev-sec.io',
|
23
|
+
'license'=>'Apache 2 license',
|
24
|
+
'summary'=>'Test-suite for best-practice apache hardening',
|
25
|
+
'version'=>'2.0.1',
|
26
|
+
'supports'=>[{ 'os-family'=>'unix' }],
|
27
|
+
'depends'=>nil,
|
28
|
+
'latest_version'=>'2.0.2',
|
29
|
+
'owner_id'=>'admin' },
|
30
|
+
{ 'name'=>'cis-aix-5.3-6.1-level1',
|
31
|
+
'title'=>'CIS AIX 5.3 and AIX 6.1 Benchmark Level 1',
|
32
|
+
'maintainer'=>'Chef Software, Inc.',
|
33
|
+
'copyright'=>'Chef Software, Inc.',
|
34
|
+
'copyright_email'=>'support@chef.io',
|
35
|
+
'license'=>'Proprietary, All rights reserved',
|
36
|
+
'summary'=>'CIS AIX 5.3 and AIX 6.1 Benchmark Level 1 translated from SCAP',
|
37
|
+
'version'=>'1.1.0',
|
38
|
+
'supports'=>nil,
|
39
|
+
'depends'=>nil,
|
40
|
+
'latest_version'=>'1.1.0-3',
|
41
|
+
'owner_id'=>'admin' }]
|
42
|
+
end
|
43
|
+
|
44
|
+
describe '.version' do
|
45
|
+
let(:headers) { 'test-headers' }
|
46
|
+
let(:config) do
|
47
|
+
{
|
48
|
+
'server' => 'myserver',
|
49
|
+
'insecure' => true,
|
50
|
+
}
|
51
|
+
end
|
52
|
+
|
53
|
+
before do
|
54
|
+
InspecPlugins::Compliance::API.expects(:get_headers).returns(headers)
|
55
|
+
end
|
56
|
+
|
57
|
+
describe 'when a 404 is received' do
|
58
|
+
it 'should return an empty hash' do
|
59
|
+
response = mock
|
60
|
+
response.stubs(:code).returns('404')
|
61
|
+
InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
|
62
|
+
InspecPlugins::Compliance::API.version(config).must_equal({})
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
describe 'when the returned body is nil' do
|
67
|
+
it 'should return an empty hash' do
|
68
|
+
response = mock
|
69
|
+
response.stubs(:code).returns('200')
|
70
|
+
response.stubs(:body).returns(nil)
|
71
|
+
InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
|
72
|
+
InspecPlugins::Compliance::API.version(config).must_equal({})
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
describe 'when the returned body is an empty string' do
|
77
|
+
it 'should return an empty hash' do
|
78
|
+
response = mock
|
79
|
+
response.stubs(:code).returns('200')
|
80
|
+
response.stubs(:body).returns('')
|
81
|
+
InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
|
82
|
+
InspecPlugins::Compliance::API.version(config).must_equal({})
|
83
|
+
end
|
84
|
+
end
|
85
|
+
|
86
|
+
describe 'when the returned body has no version key' do
|
87
|
+
it 'should return an empty hash' do
|
88
|
+
response = mock
|
89
|
+
response.stubs(:code).returns('200')
|
90
|
+
response.stubs(:body).returns('{"api":"compliance"}')
|
91
|
+
InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
|
92
|
+
InspecPlugins::Compliance::API.version(config).must_equal({})
|
93
|
+
end
|
94
|
+
end
|
95
|
+
|
96
|
+
describe 'when the returned body has an empty version key' do
|
97
|
+
it 'should return an empty hash' do
|
98
|
+
response = mock
|
99
|
+
response.stubs(:code).returns('200')
|
100
|
+
response.stubs(:body).returns('{"api":"compliance","version":""}')
|
101
|
+
InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
|
102
|
+
InspecPlugins::Compliance::API.version(config).must_equal({})
|
103
|
+
end
|
104
|
+
end
|
105
|
+
|
106
|
+
describe 'when the returned body has a proper version' do
|
107
|
+
it 'should return an empty hash' do
|
108
|
+
response = mock
|
109
|
+
response.stubs(:code).returns('200')
|
110
|
+
response.stubs(:body).returns('{"api":"compliance","version":"1.2.3"}')
|
111
|
+
InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
|
112
|
+
InspecPlugins::Compliance::API.version(config).must_equal({ 'version' => '1.2.3', 'api' => 'compliance' })
|
113
|
+
end
|
114
|
+
end
|
115
|
+
end
|
116
|
+
|
117
|
+
describe 'automate/compliance is? checks' do
|
118
|
+
describe 'when the config has a compliance server_type' do
|
119
|
+
it 'automate/compliance server is? methods return correctly' do
|
120
|
+
config = InspecPlugins::Compliance::Configuration.new
|
121
|
+
config.clean
|
122
|
+
config['server_type'] = 'compliance'
|
123
|
+
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal true
|
124
|
+
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal false
|
125
|
+
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal false
|
126
|
+
InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
|
127
|
+
InspecPlugins::Compliance::API.is_automate2_server?(config).must_equal false
|
128
|
+
end
|
129
|
+
end
|
130
|
+
|
131
|
+
describe 'when the config has a automate2 server_type' do
|
132
|
+
it 'automate/compliance server is? methods return correctly' do
|
133
|
+
config = InspecPlugins::Compliance::Configuration.new
|
134
|
+
config.clean
|
135
|
+
config['server_type'] = 'automate2'
|
136
|
+
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
137
|
+
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal false
|
138
|
+
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal false
|
139
|
+
InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
|
140
|
+
InspecPlugins::Compliance::API.is_automate2_server?(config).must_equal true
|
141
|
+
end
|
142
|
+
end
|
143
|
+
|
144
|
+
describe 'when the config has an automate server_type and no version key' do
|
145
|
+
it 'automate/compliance server is? methods return correctly' do
|
146
|
+
config = InspecPlugins::Compliance::Configuration.new
|
147
|
+
config.clean
|
148
|
+
config['server_type'] = 'automate'
|
149
|
+
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
150
|
+
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
|
151
|
+
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal true
|
152
|
+
InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
|
153
|
+
InspecPlugins::Compliance::API.is_automate2_server?(config).must_equal false
|
154
|
+
end
|
155
|
+
end
|
156
|
+
|
157
|
+
describe 'when the config has an automate server_type and a version key that is not a hash' do
|
158
|
+
it 'automate/compliance server is? methods return correctly' do
|
159
|
+
config = InspecPlugins::Compliance::Configuration.new
|
160
|
+
config.clean
|
161
|
+
config['server_type'] = 'automate'
|
162
|
+
config['version'] = '1.2.3'
|
163
|
+
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
164
|
+
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
|
165
|
+
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal true
|
166
|
+
InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
|
167
|
+
InspecPlugins::Compliance::API.is_automate2_server?(config).must_equal false
|
168
|
+
end
|
169
|
+
end
|
170
|
+
|
171
|
+
describe 'when the config has an automate server_type and a version hash with no version' do
|
172
|
+
it 'automate/compliance server is? methods return correctly' do
|
173
|
+
config = InspecPlugins::Compliance::Configuration.new
|
174
|
+
config.clean
|
175
|
+
config['server_type'] = 'automate'
|
176
|
+
config['version'] = {}
|
177
|
+
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
178
|
+
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
|
179
|
+
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal true
|
180
|
+
InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
|
181
|
+
end
|
182
|
+
end
|
183
|
+
|
184
|
+
describe 'when the config has an automate server_type and a version hash with a version' do
|
185
|
+
it 'automate/compliance server is? methods return correctly' do
|
186
|
+
config = InspecPlugins::Compliance::Configuration.new
|
187
|
+
config.clean
|
188
|
+
config['server_type'] = 'automate'
|
189
|
+
config['version'] = { 'version' => '0.8.1' }
|
190
|
+
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
191
|
+
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
|
192
|
+
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal false
|
193
|
+
InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal true
|
194
|
+
end
|
195
|
+
end
|
196
|
+
end
|
197
|
+
|
198
|
+
describe '.server_version_from_config' do
|
199
|
+
it 'returns nil when the config has no version key' do
|
200
|
+
config = {}
|
201
|
+
InspecPlugins::Compliance::API.server_version_from_config(config).must_be_nil
|
202
|
+
end
|
203
|
+
|
204
|
+
it 'returns nil when the version value is not a hash' do
|
205
|
+
config = { 'version' => '123' }
|
206
|
+
InspecPlugins::Compliance::API.server_version_from_config(config).must_be_nil
|
207
|
+
end
|
208
|
+
|
209
|
+
it 'returns nil when the version value is a hash but has no version key inside' do
|
210
|
+
config = { 'version' => {} }
|
211
|
+
InspecPlugins::Compliance::API.server_version_from_config(config).must_be_nil
|
212
|
+
end
|
213
|
+
|
214
|
+
it 'returns the version if the version value is a hash containing a version' do
|
215
|
+
config = { 'version' => { 'version' => '1.2.3' } }
|
216
|
+
InspecPlugins::Compliance::API.server_version_from_config(config).must_equal '1.2.3'
|
217
|
+
end
|
218
|
+
end
|
219
|
+
|
220
|
+
describe 'profile_split' do
|
221
|
+
it 'handles a profile without version' do
|
222
|
+
InspecPlugins::Compliance::API.profile_split('admin/apache-baseline').must_equal ['admin', 'apache-baseline', nil]
|
223
|
+
end
|
224
|
+
|
225
|
+
it 'handles a profile with a version' do
|
226
|
+
InspecPlugins::Compliance::API.profile_split('admin/apache-baseline#2.0.1').must_equal ['admin', 'apache-baseline', '2.0.1']
|
227
|
+
end
|
228
|
+
end
|
229
|
+
|
230
|
+
describe 'target_url' do
|
231
|
+
it 'handles a automate profile with and without version' do
|
232
|
+
config = InspecPlugins::Compliance::Configuration.new
|
233
|
+
config.clean
|
234
|
+
config['server_type'] = 'automate'
|
235
|
+
config['server'] = 'https://myautomate'
|
236
|
+
config['version'] = '1.6.99'
|
237
|
+
InspecPlugins::Compliance::API.target_url(config, 'admin/apache-baseline').must_equal 'https://myautomate/profiles/admin/apache-baseline/tar'
|
238
|
+
InspecPlugins::Compliance::API.target_url(config, 'admin/apache-baseline#2.0.2').must_equal 'https://myautomate/profiles/admin/apache-baseline/version/2.0.2/tar'
|
239
|
+
end
|
240
|
+
|
241
|
+
it 'handles a chef-compliance profile with and without version' do
|
242
|
+
config = InspecPlugins::Compliance::Configuration.new
|
243
|
+
config.clean
|
244
|
+
config['server_type'] = 'compliance'
|
245
|
+
config['server'] = 'https://mychefcompliance'
|
246
|
+
config['version'] = '1.1.2'
|
247
|
+
InspecPlugins::Compliance::API.target_url(config, 'admin/apache-baseline').must_equal 'https://mychefcompliance/owners/admin/compliance/apache-baseline/tar'
|
248
|
+
InspecPlugins::Compliance::API.target_url(config, 'admin/apache-baseline#2.0.2').must_equal 'https://mychefcompliance/owners/admin/compliance/apache-baseline/tar'
|
249
|
+
end
|
250
|
+
end
|
251
|
+
|
252
|
+
describe 'exist?' do
|
253
|
+
it 'works with profiles returned by Automate' do
|
254
|
+
# ruby 2.3.3 has issues running stub_requests properly
|
255
|
+
# skipping for that specific version
|
256
|
+
return if RUBY_VERSION = '2.3.3'
|
257
|
+
|
258
|
+
config = InspecPlugins::Compliance::Configuration.new
|
259
|
+
config.clean
|
260
|
+
config['owner'] = 'admin'
|
261
|
+
config['server_type'] = 'automate'
|
262
|
+
config['server'] = 'https://myautomate'
|
263
|
+
config['version'] = '1.6.99'
|
264
|
+
config['automate'] = { 'ent'=>'automate', 'token_type'=>'dctoken' }
|
265
|
+
config['version'] = { 'api'=> 'compliance', 'version'=>'0.8.24' }
|
266
|
+
|
267
|
+
stub_request(:get, 'https://myautomate/profiles/admin')
|
268
|
+
.with(headers: { 'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'Chef-Delivery-Enterprise'=>'automate', 'User-Agent'=>'Ruby', 'X-Data-Collector-Token'=>'' })
|
269
|
+
.to_return(status: 200, body: profiles_response.to_json, headers: {})
|
270
|
+
|
271
|
+
InspecPlugins::Compliance::API.exist?(config, 'admin/apache-baseline').must_equal true
|
272
|
+
InspecPlugins::Compliance::API.exist?(config, 'admin/apache-baseline#2.0.1').must_equal true
|
273
|
+
InspecPlugins::Compliance::API.exist?(config, 'admin/apache-baseline#2.0.999').must_equal false
|
274
|
+
InspecPlugins::Compliance::API.exist?(config, 'admin/missing-in-action').must_equal false
|
275
|
+
end
|
276
|
+
end
|
277
|
+
|
278
|
+
describe '.determine_server_type' do
|
279
|
+
let(:url) { 'https://someserver.onthe.net/' }
|
280
|
+
|
281
|
+
let(:compliance_endpoint) { '/api/version' }
|
282
|
+
let(:automate_endpoint) { '/compliance/version' }
|
283
|
+
let(:automate2_endpoint) { '/dex/auth' }
|
284
|
+
let(:headers) { nil }
|
285
|
+
let(:insecure) { true }
|
286
|
+
|
287
|
+
let(:good_response) { mock }
|
288
|
+
let(:bad_response) { mock }
|
289
|
+
|
290
|
+
it 'returns `:automate2` when a 400 is received from `https://URL/dex/auth`' do
|
291
|
+
good_response.stubs(:code).returns('400')
|
292
|
+
|
293
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
294
|
+
.with(url + automate2_endpoint, headers, insecure)
|
295
|
+
.returns(good_response)
|
296
|
+
|
297
|
+
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:automate2)
|
298
|
+
end
|
299
|
+
|
300
|
+
it 'returns `:automate` when a 401 is received from `https://URL/compliance/version`' do
|
301
|
+
good_response.stubs(:code).returns('401')
|
302
|
+
bad_response.stubs(:code).returns('404')
|
303
|
+
|
304
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
305
|
+
.with(url + automate2_endpoint, headers, insecure)
|
306
|
+
.returns(bad_response)
|
307
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
308
|
+
.with(url + automate_endpoint, headers, insecure)
|
309
|
+
.returns(good_response)
|
310
|
+
|
311
|
+
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:automate)
|
312
|
+
end
|
313
|
+
|
314
|
+
# Chef Automate currently returns 401 for `/compliance/version` but some
|
315
|
+
# versions of OpsWorks Chef Automate return 200 and a Chef Manage page when
|
316
|
+
# unauthenticated requests are received.
|
317
|
+
it 'returns `:automate` when a 200 is received from `https://URL/compliance/version`' do
|
318
|
+
bad_response.stubs(:code).returns('404')
|
319
|
+
good_response.stubs(:code).returns('200')
|
320
|
+
good_response.stubs(:body).returns('Are You Looking For the Chef Server?')
|
321
|
+
|
322
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
323
|
+
.with(url + automate2_endpoint, headers, insecure)
|
324
|
+
.returns(bad_response)
|
325
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
326
|
+
.with(url + automate_endpoint, headers, insecure)
|
327
|
+
.returns(good_response)
|
328
|
+
|
329
|
+
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:automate)
|
330
|
+
end
|
331
|
+
|
332
|
+
it 'returns `nil` if a 200 is received from `https://URL/compliance/version` but not redirected to Chef Manage' do
|
333
|
+
bad_response.stubs(:code).returns('200')
|
334
|
+
bad_response.stubs(:body).returns('No Chef Manage here')
|
335
|
+
|
336
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
337
|
+
.with(url + automate_endpoint, headers, insecure)
|
338
|
+
.returns(bad_response)
|
339
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
340
|
+
.with(url + automate2_endpoint, headers, insecure)
|
341
|
+
.returns(bad_response)
|
342
|
+
|
343
|
+
mock_compliance_response = mock
|
344
|
+
mock_compliance_response.stubs(:code).returns('404')
|
345
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
346
|
+
.with(url + compliance_endpoint, headers, insecure)
|
347
|
+
.returns(mock_compliance_response)
|
348
|
+
|
349
|
+
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_be_nil
|
350
|
+
end
|
351
|
+
|
352
|
+
it 'returns `:compliance` when a 200 is received from `https://URL/api/version`' do
|
353
|
+
good_response.stubs(:code).returns('200')
|
354
|
+
bad_response.stubs(:code).returns('404')
|
355
|
+
|
356
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
357
|
+
.with(url + automate_endpoint, headers, insecure)
|
358
|
+
.returns(bad_response)
|
359
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
360
|
+
.with(url + automate2_endpoint, headers, insecure)
|
361
|
+
.returns(bad_response)
|
362
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
363
|
+
.with(url + compliance_endpoint, headers, insecure)
|
364
|
+
.returns(good_response)
|
365
|
+
|
366
|
+
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:compliance)
|
367
|
+
end
|
368
|
+
|
369
|
+
it 'returns `nil` if it cannot determine the server type' do
|
370
|
+
bad_response.stubs(:code).returns('404')
|
371
|
+
|
372
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
373
|
+
.with(url + automate2_endpoint, headers, insecure)
|
374
|
+
.returns(bad_response)
|
375
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
376
|
+
.with(url + automate_endpoint, headers, insecure)
|
377
|
+
.returns(bad_response)
|
378
|
+
InspecPlugins::Compliance::HTTP.expects(:get)
|
379
|
+
.with(url + compliance_endpoint, headers, insecure)
|
380
|
+
.returns(bad_response)
|
381
|
+
|
382
|
+
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_be_nil
|
383
|
+
end
|
384
|
+
end
|
385
|
+
end
|