inspec-core 2.3.5 → 2.3.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +21 -8
  3. data/lib/bundles/inspec-compliance/api.rb +3 -353
  4. data/lib/bundles/inspec-compliance/configuration.rb +3 -102
  5. data/lib/bundles/inspec-compliance/http.rb +3 -115
  6. data/lib/bundles/inspec-compliance/support.rb +3 -35
  7. data/lib/bundles/inspec-compliance/target.rb +3 -142
  8. data/lib/inspec/base_cli.rb +4 -1
  9. data/lib/inspec/cli.rb +1 -1
  10. data/lib/inspec/control_eval_context.rb +2 -2
  11. data/lib/inspec/version.rb +1 -1
  12. data/lib/matchers/matchers.rb +3 -3
  13. data/lib/{bundles → plugins}/inspec-compliance/README.md +0 -0
  14. data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +12 -0
  15. data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +358 -0
  16. data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +192 -0
  17. data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +266 -0
  18. data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +103 -0
  19. data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +116 -0
  20. data/lib/{bundles → plugins/inspec-compliance/lib}/inspec-compliance/images/cc-token.png +0 -0
  21. data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +36 -0
  22. data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +143 -0
  23. data/lib/plugins/inspec-compliance/test/functional/inspec_compliance_test.rb +43 -0
  24. data/lib/{bundles → plugins}/inspec-compliance/test/integration/default/cli.rb +0 -0
  25. data/lib/plugins/inspec-compliance/test/unit/api/login_test.rb +190 -0
  26. data/lib/plugins/inspec-compliance/test/unit/api_test.rb +385 -0
  27. data/lib/plugins/inspec-compliance/test/unit/target_test.rb +155 -0
  28. data/lib/resources/processes.rb +19 -3
  29. metadata +17 -10
  30. data/lib/bundles/inspec-compliance.rb +0 -16
  31. data/lib/bundles/inspec-compliance/.kitchen.yml +0 -20
  32. data/lib/bundles/inspec-compliance/api/login.rb +0 -193
  33. data/lib/bundles/inspec-compliance/bootstrap.sh +0 -41
  34. data/lib/bundles/inspec-compliance/cli.rb +0 -276
@@ -0,0 +1,190 @@
1
+ require 'minitest/autorun'
2
+ require 'mocha/setup'
3
+ require 'webmock/minitest'
4
+ require_relative '../../../lib/inspec-compliance/api.rb'
5
+
6
+ describe InspecPlugins::Compliance::API do
7
+ let(:automate_options) do
8
+ {
9
+ 'server' => 'https://automate.example.com',
10
+ 'ent' => 'automate',
11
+ 'user' => 'someone',
12
+ 'token' => 'token',
13
+ }
14
+ end
15
+
16
+ let(:compliance_options) do
17
+ {
18
+ 'server' => 'https://compliance.example.com',
19
+ 'user' => 'someone',
20
+ 'password' => 'password',
21
+ 'token' => 'token',
22
+ 'refresh_token' => 'refresh_token',
23
+ }
24
+ end
25
+
26
+ let(:fake_config) do
27
+ class FakeConfig
28
+ def initialize
29
+ @config = {}
30
+ end
31
+
32
+ def [](key)
33
+ @config[key]
34
+ end
35
+
36
+ def []=(key, value)
37
+ @config[key] = value
38
+ end
39
+
40
+ def clean
41
+ @config = {}
42
+ end
43
+
44
+ def store
45
+ nil
46
+ end
47
+ end
48
+
49
+ FakeConfig.new
50
+ end
51
+
52
+ describe '.login' do
53
+ describe 'when target is a Chef Automate2 server' do
54
+ before do
55
+ InspecPlugins::Compliance::API.expects(:determine_server_type).returns(:automate2)
56
+ end
57
+
58
+ it 'raises an error if `--user` is missing' do
59
+ options = automate_options
60
+ options.delete('user')
61
+ err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
62
+ err.message.must_match(/Please specify a user.*/)
63
+ err.message.lines.length.must_equal(1)
64
+ end
65
+
66
+ it 'raises an error if `--token` and `--dctoken` are missing' do
67
+ options = automate_options
68
+ options.delete('token')
69
+ options.delete('dctoken')
70
+ err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
71
+ err.message.must_match(/Please specify a token.*/)
72
+ err.message.lines.length.must_equal(1)
73
+ end
74
+
75
+ it 'stores an access token' do
76
+ stub_request(:get, automate_options['server'] + '/compliance/version')
77
+ .to_return(status: 200, body: '', headers: {})
78
+ options = automate_options
79
+ InspecPlugins::Compliance::Configuration.expects(:new).returns(fake_config)
80
+
81
+ InspecPlugins::Compliance::API.login(options)
82
+ fake_config['automate']['ent'].must_equal('automate')
83
+ fake_config['automate']['token_type'].must_equal('dctoken')
84
+ fake_config['user'].must_equal('someone')
85
+ fake_config['server'].must_equal('https://automate.example.com/api/v0')
86
+ fake_config['server_type'].must_equal('automate2')
87
+ fake_config['token'].must_equal('token')
88
+ end
89
+ end
90
+
91
+ describe 'when target is a Chef Automate server' do
92
+ before do
93
+ InspecPlugins::Compliance::API.expects(:determine_server_type).returns(:automate)
94
+ end
95
+
96
+ it 'raises an error if `--user` is missing' do
97
+ options = automate_options
98
+ options.delete('user')
99
+ err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
100
+ err.message.must_match(/Please specify a user.*/)
101
+ err.message.lines.length.must_equal(1)
102
+ end
103
+
104
+ it 'raises an error if `--ent` is missing' do
105
+ options = automate_options
106
+ options.delete('ent')
107
+ err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
108
+ err.message.must_match(/Please specify an enterprise.*/)
109
+ err.message.lines.length.must_equal(1)
110
+ end
111
+
112
+ it 'raises an error if `--token` and `--dctoken` are missing' do
113
+ options = automate_options
114
+ options.delete('token')
115
+ options.delete('dctoken')
116
+ err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
117
+ err.message.must_match(/Please specify a token.*/)
118
+ err.message.lines.length.must_equal(1)
119
+ end
120
+
121
+ it 'stores an access token' do
122
+ stub_request(:get, automate_options['server'] + '/compliance/version')
123
+ .to_return(status: 200, body: '', headers: {})
124
+ options = automate_options
125
+ InspecPlugins::Compliance::Configuration.expects(:new).returns(fake_config)
126
+
127
+ InspecPlugins::Compliance::API.login(options)
128
+ fake_config['automate']['ent'].must_equal('automate')
129
+ fake_config['automate']['token_type'].must_equal('usertoken')
130
+ fake_config['user'].must_equal('someone')
131
+ fake_config['server'].must_equal('https://automate.example.com/compliance')
132
+ fake_config['server_type'].must_equal('automate')
133
+ fake_config['token'].must_equal('token')
134
+ end
135
+ end
136
+
137
+ describe 'when target is a Chef Compliance server' do
138
+ before do
139
+ InspecPlugins::Compliance::API.expects(:determine_server_type).returns(:compliance)
140
+ end
141
+
142
+ it 'raises an error if `--user` and `--refresh-token` are missing' do
143
+ options = automate_options
144
+ options.delete('user')
145
+ options.delete('refresh_token')
146
+ err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
147
+ err.message.must_match(/Please specify a.*--user.*--refresh-token.*/)
148
+ err.message.lines.length.must_equal(1)
149
+ end
150
+
151
+ it 'raises an error if `--user` is present but authentication method missing' do
152
+ options = automate_options
153
+ options.delete('password')
154
+ options.delete('token')
155
+ options.delete('refresh_token')
156
+ err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
157
+ err.message.must_match(/Please specify.*--password.*--token.*--refresh-token.*/)
158
+ err.message.lines.length.must_equal(1)
159
+ end
160
+
161
+ it 'stores an access token' do
162
+ stub_request(:get, compliance_options['server'] + '/api/version')
163
+ .to_return(status: 200, body: '', headers: {})
164
+ options = compliance_options
165
+ InspecPlugins::Compliance::Configuration.expects(:new).returns(fake_config)
166
+
167
+ InspecPlugins::Compliance::API.login(options)
168
+ fake_config['user'].must_equal('someone')
169
+ fake_config['server'].must_equal('https://compliance.example.com/api')
170
+ fake_config['server_type'].must_equal('compliance')
171
+ fake_config['token'].must_equal('token')
172
+ end
173
+ end
174
+
175
+ describe 'when target is neither a Chef Compliance nor Chef Automate server' do
176
+ it 'raises an error if `https://SERVER` is missing' do
177
+ options = {}
178
+ err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
179
+ err.message.must_match(/Please specify a server.*/)
180
+ err.message.lines.length.must_equal(1)
181
+ end
182
+
183
+ it 'rasies a `CannotDetermineServerType` error' do
184
+ InspecPlugins::Compliance::API.expects(:determine_server_type).returns(nil)
185
+ err = proc { InspecPlugins::Compliance::API.login(automate_options) }.must_raise(StandardError)
186
+ err.message.must_match(/Unable to determine/)
187
+ end
188
+ end
189
+ end
190
+ end
@@ -0,0 +1,385 @@
1
+ require 'minitest/autorun'
2
+ require 'mocha/setup'
3
+ require_relative '../../lib/inspec-compliance/api.rb'
4
+
5
+ describe InspecPlugins::Compliance::API do
6
+ let(:profiles_response) do
7
+ [{ 'name'=>'apache-baseline',
8
+ 'title'=>'DevSec Apache Baseline',
9
+ 'maintainer'=>'DevSec Hardening Framework Team',
10
+ 'copyright'=>'DevSec Hardening Framework Team',
11
+ 'copyright_email'=>'hello@dev-sec.io',
12
+ 'license'=>'Apache 2 license',
13
+ 'summary'=>'Test-suite for best-practice apache hardening',
14
+ 'version'=>'2.0.2',
15
+ 'supports'=>[{ 'os-family'=>'unix' }],
16
+ 'depends'=>nil,
17
+ 'owner_id'=>'admin' },
18
+ { 'name'=>'apache-baseline',
19
+ 'title'=>'DevSec Apache Baseline',
20
+ 'maintainer'=>'Hardening Framework Team',
21
+ 'copyright'=>'Hardening Framework Team',
22
+ 'copyright_email'=>'hello@dev-sec.io',
23
+ 'license'=>'Apache 2 license',
24
+ 'summary'=>'Test-suite for best-practice apache hardening',
25
+ 'version'=>'2.0.1',
26
+ 'supports'=>[{ 'os-family'=>'unix' }],
27
+ 'depends'=>nil,
28
+ 'latest_version'=>'2.0.2',
29
+ 'owner_id'=>'admin' },
30
+ { 'name'=>'cis-aix-5.3-6.1-level1',
31
+ 'title'=>'CIS AIX 5.3 and AIX 6.1 Benchmark Level 1',
32
+ 'maintainer'=>'Chef Software, Inc.',
33
+ 'copyright'=>'Chef Software, Inc.',
34
+ 'copyright_email'=>'support@chef.io',
35
+ 'license'=>'Proprietary, All rights reserved',
36
+ 'summary'=>'CIS AIX 5.3 and AIX 6.1 Benchmark Level 1 translated from SCAP',
37
+ 'version'=>'1.1.0',
38
+ 'supports'=>nil,
39
+ 'depends'=>nil,
40
+ 'latest_version'=>'1.1.0-3',
41
+ 'owner_id'=>'admin' }]
42
+ end
43
+
44
+ describe '.version' do
45
+ let(:headers) { 'test-headers' }
46
+ let(:config) do
47
+ {
48
+ 'server' => 'myserver',
49
+ 'insecure' => true,
50
+ }
51
+ end
52
+
53
+ before do
54
+ InspecPlugins::Compliance::API.expects(:get_headers).returns(headers)
55
+ end
56
+
57
+ describe 'when a 404 is received' do
58
+ it 'should return an empty hash' do
59
+ response = mock
60
+ response.stubs(:code).returns('404')
61
+ InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
62
+ InspecPlugins::Compliance::API.version(config).must_equal({})
63
+ end
64
+ end
65
+
66
+ describe 'when the returned body is nil' do
67
+ it 'should return an empty hash' do
68
+ response = mock
69
+ response.stubs(:code).returns('200')
70
+ response.stubs(:body).returns(nil)
71
+ InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
72
+ InspecPlugins::Compliance::API.version(config).must_equal({})
73
+ end
74
+ end
75
+
76
+ describe 'when the returned body is an empty string' do
77
+ it 'should return an empty hash' do
78
+ response = mock
79
+ response.stubs(:code).returns('200')
80
+ response.stubs(:body).returns('')
81
+ InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
82
+ InspecPlugins::Compliance::API.version(config).must_equal({})
83
+ end
84
+ end
85
+
86
+ describe 'when the returned body has no version key' do
87
+ it 'should return an empty hash' do
88
+ response = mock
89
+ response.stubs(:code).returns('200')
90
+ response.stubs(:body).returns('{"api":"compliance"}')
91
+ InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
92
+ InspecPlugins::Compliance::API.version(config).must_equal({})
93
+ end
94
+ end
95
+
96
+ describe 'when the returned body has an empty version key' do
97
+ it 'should return an empty hash' do
98
+ response = mock
99
+ response.stubs(:code).returns('200')
100
+ response.stubs(:body).returns('{"api":"compliance","version":""}')
101
+ InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
102
+ InspecPlugins::Compliance::API.version(config).must_equal({})
103
+ end
104
+ end
105
+
106
+ describe 'when the returned body has a proper version' do
107
+ it 'should return an empty hash' do
108
+ response = mock
109
+ response.stubs(:code).returns('200')
110
+ response.stubs(:body).returns('{"api":"compliance","version":"1.2.3"}')
111
+ InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
112
+ InspecPlugins::Compliance::API.version(config).must_equal({ 'version' => '1.2.3', 'api' => 'compliance' })
113
+ end
114
+ end
115
+ end
116
+
117
+ describe 'automate/compliance is? checks' do
118
+ describe 'when the config has a compliance server_type' do
119
+ it 'automate/compliance server is? methods return correctly' do
120
+ config = InspecPlugins::Compliance::Configuration.new
121
+ config.clean
122
+ config['server_type'] = 'compliance'
123
+ InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal true
124
+ InspecPlugins::Compliance::API.is_automate_server?(config).must_equal false
125
+ InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal false
126
+ InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
127
+ InspecPlugins::Compliance::API.is_automate2_server?(config).must_equal false
128
+ end
129
+ end
130
+
131
+ describe 'when the config has a automate2 server_type' do
132
+ it 'automate/compliance server is? methods return correctly' do
133
+ config = InspecPlugins::Compliance::Configuration.new
134
+ config.clean
135
+ config['server_type'] = 'automate2'
136
+ InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
137
+ InspecPlugins::Compliance::API.is_automate_server?(config).must_equal false
138
+ InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal false
139
+ InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
140
+ InspecPlugins::Compliance::API.is_automate2_server?(config).must_equal true
141
+ end
142
+ end
143
+
144
+ describe 'when the config has an automate server_type and no version key' do
145
+ it 'automate/compliance server is? methods return correctly' do
146
+ config = InspecPlugins::Compliance::Configuration.new
147
+ config.clean
148
+ config['server_type'] = 'automate'
149
+ InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
150
+ InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
151
+ InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal true
152
+ InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
153
+ InspecPlugins::Compliance::API.is_automate2_server?(config).must_equal false
154
+ end
155
+ end
156
+
157
+ describe 'when the config has an automate server_type and a version key that is not a hash' do
158
+ it 'automate/compliance server is? methods return correctly' do
159
+ config = InspecPlugins::Compliance::Configuration.new
160
+ config.clean
161
+ config['server_type'] = 'automate'
162
+ config['version'] = '1.2.3'
163
+ InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
164
+ InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
165
+ InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal true
166
+ InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
167
+ InspecPlugins::Compliance::API.is_automate2_server?(config).must_equal false
168
+ end
169
+ end
170
+
171
+ describe 'when the config has an automate server_type and a version hash with no version' do
172
+ it 'automate/compliance server is? methods return correctly' do
173
+ config = InspecPlugins::Compliance::Configuration.new
174
+ config.clean
175
+ config['server_type'] = 'automate'
176
+ config['version'] = {}
177
+ InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
178
+ InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
179
+ InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal true
180
+ InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
181
+ end
182
+ end
183
+
184
+ describe 'when the config has an automate server_type and a version hash with a version' do
185
+ it 'automate/compliance server is? methods return correctly' do
186
+ config = InspecPlugins::Compliance::Configuration.new
187
+ config.clean
188
+ config['server_type'] = 'automate'
189
+ config['version'] = { 'version' => '0.8.1' }
190
+ InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
191
+ InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
192
+ InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal false
193
+ InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal true
194
+ end
195
+ end
196
+ end
197
+
198
+ describe '.server_version_from_config' do
199
+ it 'returns nil when the config has no version key' do
200
+ config = {}
201
+ InspecPlugins::Compliance::API.server_version_from_config(config).must_be_nil
202
+ end
203
+
204
+ it 'returns nil when the version value is not a hash' do
205
+ config = { 'version' => '123' }
206
+ InspecPlugins::Compliance::API.server_version_from_config(config).must_be_nil
207
+ end
208
+
209
+ it 'returns nil when the version value is a hash but has no version key inside' do
210
+ config = { 'version' => {} }
211
+ InspecPlugins::Compliance::API.server_version_from_config(config).must_be_nil
212
+ end
213
+
214
+ it 'returns the version if the version value is a hash containing a version' do
215
+ config = { 'version' => { 'version' => '1.2.3' } }
216
+ InspecPlugins::Compliance::API.server_version_from_config(config).must_equal '1.2.3'
217
+ end
218
+ end
219
+
220
+ describe 'profile_split' do
221
+ it 'handles a profile without version' do
222
+ InspecPlugins::Compliance::API.profile_split('admin/apache-baseline').must_equal ['admin', 'apache-baseline', nil]
223
+ end
224
+
225
+ it 'handles a profile with a version' do
226
+ InspecPlugins::Compliance::API.profile_split('admin/apache-baseline#2.0.1').must_equal ['admin', 'apache-baseline', '2.0.1']
227
+ end
228
+ end
229
+
230
+ describe 'target_url' do
231
+ it 'handles a automate profile with and without version' do
232
+ config = InspecPlugins::Compliance::Configuration.new
233
+ config.clean
234
+ config['server_type'] = 'automate'
235
+ config['server'] = 'https://myautomate'
236
+ config['version'] = '1.6.99'
237
+ InspecPlugins::Compliance::API.target_url(config, 'admin/apache-baseline').must_equal 'https://myautomate/profiles/admin/apache-baseline/tar'
238
+ InspecPlugins::Compliance::API.target_url(config, 'admin/apache-baseline#2.0.2').must_equal 'https://myautomate/profiles/admin/apache-baseline/version/2.0.2/tar'
239
+ end
240
+
241
+ it 'handles a chef-compliance profile with and without version' do
242
+ config = InspecPlugins::Compliance::Configuration.new
243
+ config.clean
244
+ config['server_type'] = 'compliance'
245
+ config['server'] = 'https://mychefcompliance'
246
+ config['version'] = '1.1.2'
247
+ InspecPlugins::Compliance::API.target_url(config, 'admin/apache-baseline').must_equal 'https://mychefcompliance/owners/admin/compliance/apache-baseline/tar'
248
+ InspecPlugins::Compliance::API.target_url(config, 'admin/apache-baseline#2.0.2').must_equal 'https://mychefcompliance/owners/admin/compliance/apache-baseline/tar'
249
+ end
250
+ end
251
+
252
+ describe 'exist?' do
253
+ it 'works with profiles returned by Automate' do
254
+ # ruby 2.3.3 has issues running stub_requests properly
255
+ # skipping for that specific version
256
+ return if RUBY_VERSION = '2.3.3'
257
+
258
+ config = InspecPlugins::Compliance::Configuration.new
259
+ config.clean
260
+ config['owner'] = 'admin'
261
+ config['server_type'] = 'automate'
262
+ config['server'] = 'https://myautomate'
263
+ config['version'] = '1.6.99'
264
+ config['automate'] = { 'ent'=>'automate', 'token_type'=>'dctoken' }
265
+ config['version'] = { 'api'=> 'compliance', 'version'=>'0.8.24' }
266
+
267
+ stub_request(:get, 'https://myautomate/profiles/admin')
268
+ .with(headers: { 'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'Chef-Delivery-Enterprise'=>'automate', 'User-Agent'=>'Ruby', 'X-Data-Collector-Token'=>'' })
269
+ .to_return(status: 200, body: profiles_response.to_json, headers: {})
270
+
271
+ InspecPlugins::Compliance::API.exist?(config, 'admin/apache-baseline').must_equal true
272
+ InspecPlugins::Compliance::API.exist?(config, 'admin/apache-baseline#2.0.1').must_equal true
273
+ InspecPlugins::Compliance::API.exist?(config, 'admin/apache-baseline#2.0.999').must_equal false
274
+ InspecPlugins::Compliance::API.exist?(config, 'admin/missing-in-action').must_equal false
275
+ end
276
+ end
277
+
278
+ describe '.determine_server_type' do
279
+ let(:url) { 'https://someserver.onthe.net/' }
280
+
281
+ let(:compliance_endpoint) { '/api/version' }
282
+ let(:automate_endpoint) { '/compliance/version' }
283
+ let(:automate2_endpoint) { '/dex/auth' }
284
+ let(:headers) { nil }
285
+ let(:insecure) { true }
286
+
287
+ let(:good_response) { mock }
288
+ let(:bad_response) { mock }
289
+
290
+ it 'returns `:automate2` when a 400 is received from `https://URL/dex/auth`' do
291
+ good_response.stubs(:code).returns('400')
292
+
293
+ InspecPlugins::Compliance::HTTP.expects(:get)
294
+ .with(url + automate2_endpoint, headers, insecure)
295
+ .returns(good_response)
296
+
297
+ InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:automate2)
298
+ end
299
+
300
+ it 'returns `:automate` when a 401 is received from `https://URL/compliance/version`' do
301
+ good_response.stubs(:code).returns('401')
302
+ bad_response.stubs(:code).returns('404')
303
+
304
+ InspecPlugins::Compliance::HTTP.expects(:get)
305
+ .with(url + automate2_endpoint, headers, insecure)
306
+ .returns(bad_response)
307
+ InspecPlugins::Compliance::HTTP.expects(:get)
308
+ .with(url + automate_endpoint, headers, insecure)
309
+ .returns(good_response)
310
+
311
+ InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:automate)
312
+ end
313
+
314
+ # Chef Automate currently returns 401 for `/compliance/version` but some
315
+ # versions of OpsWorks Chef Automate return 200 and a Chef Manage page when
316
+ # unauthenticated requests are received.
317
+ it 'returns `:automate` when a 200 is received from `https://URL/compliance/version`' do
318
+ bad_response.stubs(:code).returns('404')
319
+ good_response.stubs(:code).returns('200')
320
+ good_response.stubs(:body).returns('Are You Looking For the Chef Server?')
321
+
322
+ InspecPlugins::Compliance::HTTP.expects(:get)
323
+ .with(url + automate2_endpoint, headers, insecure)
324
+ .returns(bad_response)
325
+ InspecPlugins::Compliance::HTTP.expects(:get)
326
+ .with(url + automate_endpoint, headers, insecure)
327
+ .returns(good_response)
328
+
329
+ InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:automate)
330
+ end
331
+
332
+ it 'returns `nil` if a 200 is received from `https://URL/compliance/version` but not redirected to Chef Manage' do
333
+ bad_response.stubs(:code).returns('200')
334
+ bad_response.stubs(:body).returns('No Chef Manage here')
335
+
336
+ InspecPlugins::Compliance::HTTP.expects(:get)
337
+ .with(url + automate_endpoint, headers, insecure)
338
+ .returns(bad_response)
339
+ InspecPlugins::Compliance::HTTP.expects(:get)
340
+ .with(url + automate2_endpoint, headers, insecure)
341
+ .returns(bad_response)
342
+
343
+ mock_compliance_response = mock
344
+ mock_compliance_response.stubs(:code).returns('404')
345
+ InspecPlugins::Compliance::HTTP.expects(:get)
346
+ .with(url + compliance_endpoint, headers, insecure)
347
+ .returns(mock_compliance_response)
348
+
349
+ InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_be_nil
350
+ end
351
+
352
+ it 'returns `:compliance` when a 200 is received from `https://URL/api/version`' do
353
+ good_response.stubs(:code).returns('200')
354
+ bad_response.stubs(:code).returns('404')
355
+
356
+ InspecPlugins::Compliance::HTTP.expects(:get)
357
+ .with(url + automate_endpoint, headers, insecure)
358
+ .returns(bad_response)
359
+ InspecPlugins::Compliance::HTTP.expects(:get)
360
+ .with(url + automate2_endpoint, headers, insecure)
361
+ .returns(bad_response)
362
+ InspecPlugins::Compliance::HTTP.expects(:get)
363
+ .with(url + compliance_endpoint, headers, insecure)
364
+ .returns(good_response)
365
+
366
+ InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:compliance)
367
+ end
368
+
369
+ it 'returns `nil` if it cannot determine the server type' do
370
+ bad_response.stubs(:code).returns('404')
371
+
372
+ InspecPlugins::Compliance::HTTP.expects(:get)
373
+ .with(url + automate2_endpoint, headers, insecure)
374
+ .returns(bad_response)
375
+ InspecPlugins::Compliance::HTTP.expects(:get)
376
+ .with(url + automate_endpoint, headers, insecure)
377
+ .returns(bad_response)
378
+ InspecPlugins::Compliance::HTTP.expects(:get)
379
+ .with(url + compliance_endpoint, headers, insecure)
380
+ .returns(bad_response)
381
+
382
+ InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_be_nil
383
+ end
384
+ end
385
+ end