inspec-core 3.5.0 → 3.6.2

data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb

@@ -0,0 +1,49 @@
+# encoding: utf-8
+
+require 'pathname'
+require_relative 'renderer'
+
+module InspecPlugins
+  module Init
+    class CLI < Inspec.plugin(2, :cli_command)
+      #-------------------------------------------------------------------#
+      #                     inspec init profile
+      #-------------------------------------------------------------------#
+      def self.valid_profile_platforms
+        # Look in the 'template/profiles' directory and detect which platforms are available.
+        profile_templates_dir = File.join(TEMPLATES_PATH, 'profiles')
+        Dir.glob(File.join(profile_templates_dir, '*')).select { |p| File.directory?(p) }.map { |d| File.basename(d) }
+      end
+
+      no_commands do
+        def valid_profile_platforms
+          self.class.valid_profile_platforms
+        end
+      end
+
+      desc 'profile [OPTIONS] NAME', 'Generate a new profile'
+      option :platform, default: 'os', type: :string, aliases: [:p],
+             desc: "Which platform to generate a profile for: choose from #{valid_profile_platforms.join(', ')}"
+      option :overwrite, type: :boolean, default: false,
+             desc: 'Overwrites existing directory'
+      def profile(new_profile_name)
+        unless valid_profile_platforms.include?(options[:platform])
+          ui.error "Unable to generate profile: No template available for platform '#{options[:platform]}' (expected one of: #{valid_profile_platforms.join(', ')})"
+          ui.exit(:usage_error)
+        end
+        template_path = File.join('profiles', options[:platform])
+
+        render_opts = {
+          templates_path: TEMPLATES_PATH,
+          overwrite: options[:overwrite],
+        }
+        renderer = InspecPlugins::Init::Renderer.new(ui, render_opts)
+
+        vars = {
+          name: new_profile_name,
+        }
+        renderer.render_with_values(template_path, 'profile', vars)
+      end
+    end
+  end
+end

data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb

@@ -7,58 +7,70 @@ module InspecPlugins
       # Creates a renderer able to render the given template type
       # 1. iterate over all files
       # 2. read content in erb
-      # 3. write to full_destination_root_path
+      # 3. write to destination path
 
-      attr_reader :overwrite_mode, :ui
-      def initialize(cli_ui, cli_options = {})
+      attr_reader :file_rename_map, :overwrite_mode, :skip_files, :templates_path, :ui
+      def initialize(cli_ui, options = {})
         @ui = cli_ui
-        @overwrite_mode = cli_options['overwrite']
+        @overwrite_mode = options[:overwrite]
+        @templates_path ||= options[:templates_path]
+        @file_rename_map = options[:file_rename_map] || {}
+        @skip_files = options[:skip_files] || []
       end
 
       # rubocop: disable Metrics/AbcSize
-      def render_with_values(template_subdir_path, template_values = {})
+      def render_with_values(template_subdir_path, template_type, template_values = {})
         # look for template directory
-        base_dir = File.join(File.dirname(__FILE__), 'templates', template_subdir_path)
+        source_dir = File.join(templates_path, template_subdir_path)
+
         # prepare glob for all subdirectories and files
-        template_glob = File.join(base_dir, '**', '{*,.*}')
-        # Use the name attribute to define the path to the profile.
-        profile_path = template_values[:name]
-        # Use slashes (\, /) to split up the name into an Array then use the last entry
-        # to reset the name of the profile.
-        template_values[:name] = template_values[:name].split(%r{\\|\/}).last
-        # Generate the full full_destination_root_path path on disk
-        full_destination_root_path = Pathname.new(Dir.pwd).join(profile_path)
+        template_glob = File.join(source_dir, '**', '{*,.*}')
+
+        # Use the name attribute to define the path to the new thing.
+        # May contain slashes.
+        relative_destination_path = template_values[:name]
+
+        # Now reset the :name variable to be the basename.
+        # This is important in profiles, for example.
+        template_values[:name] = File.basename(template_values[:name])
 
-        # This is a bit gross
-        generator_type = template_subdir_path.split(%r{[\/]}).first.sub(/s$/, '')
-        ui.plain_text "Create new #{generator_type} at #{ui.mark_text(full_destination_root_path)}"
+        # Generate the full full_destination_path path on disk
+        full_destination_path = Pathname.new(Dir.pwd).join(relative_destination_path)
 
         # check that the directory does not exist
-        if File.exist?(full_destination_root_path) && !overwrite_mode
-          ui.plain_text "#{ui.mark_text(full_destination_root_path)} exists already, use --overwrite"
-          ui.exit(1)
+        if File.exist?(full_destination_path) && !overwrite_mode
+          ui.plain_line "#{ui.emphasis(full_destination_path)} exists already, use --overwrite"
+          ui.exit(:usage_error)
         end
 
+        ui.headline('InSpec Code Generator')
+
+        ui.plain_line "Creating new #{template_type} at #{ui.emphasis(full_destination_path)}"
+
         # ensure that full_destination_root_path directory is available
-        FileUtils.mkdir_p(full_destination_root_path)
+        FileUtils.mkdir_p(full_destination_path)
 
-        # iterate over files and write to full_destination_root_path
-        Dir.glob(template_glob) do |file|
-          relative_destination_item_path = Pathname.new(file).relative_path_from(Pathname.new(base_dir))
-          full_destination_item_path = Pathname.new(full_destination_root_path).join(relative_destination_item_path)
-          if File.directory?(file)
-            ui.li "Create directory #{ui.mark_text(relative_destination_item_path)}"
+        # iterate over files and write to full_destination_path
+        Dir.glob(template_glob) do |source_file|
+          relative_destination_item_path = Pathname.new(source_file).relative_path_from(Pathname.new(source_dir)).to_s
+          next if skip_files.include? relative_destination_item_path
+          relative_destination_item_path = file_rename_map[relative_destination_item_path] || relative_destination_item_path
+          full_destination_item_path = Pathname.new(full_destination_path).join(relative_destination_item_path)
+          if File.directory?(source_file)
+            ui.list_item "Creating directory #{ui.emphasis(relative_destination_item_path)}"
             FileUtils.mkdir_p(full_destination_item_path)
-          elsif File.file?(file)
-            ui.li "Create file #{ui.mark_text(relative_destination_item_path)}"
+          elsif File.file?(source_file)
+            ui.list_item "Creating file #{ui.emphasis(relative_destination_item_path)}"
             # read & render content
-            content = render(File.read(file), template_values)
+            content = render(File.read(source_file), template_values)
             # write file content
             File.write(full_destination_item_path, content)
           else
-            ui.plain_text "Ignore #{file}, because its not an file or directoy"
+            ui.warning "Ignoring #{ui.emphasis(source_file)}, because its not an file or directoy"
           end
         end
+
+        ui.plain_line
       end
       # rubocop: enable Metrics/AbcSize
 

data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile

@@ -0,0 +1,12 @@
+# encoding: utf-8
+source 'https://rubygems.org'
+
+gemspec
+
+group :development do
+  gem 'bundler'
+  gem 'byebug'
+  gem 'minitest'
+  gem 'rake'
+  gem 'rubocop', '= 0.49.1' # Need to keep in sync with main InSpec project, so config files will work
+end

data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/LICENSE

@@ -0,0 +1,2 @@
+<%= copyright %>
+<%= license_text %>

data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/README.md

@@ -0,0 +1,28 @@
+# <%= module_name %> Plugin
+
+This plugin was generated by `inspec init plugin`, and apparently the author, '<%= author_name %>', did not update the README.
+
+## To Install This Plugin
+
+Assuming it has been published to RubyGems, you can install this gem using:
+
+```
+you@machine $ inspec plugin install <%= plugin_name %>
+```
+
+## What This Plugin Does
+
+No idea.
+
+## Developing This Plugin
+
+The generated plugin contains everything a real-world, industrial grade plugin would have, including:
+
+* an (possibly incomplete) implementation of one or more InSpec Plugin Types
+* documentation (you are reading it now)
+* tests, at the unit and functional level
+* a .gemspec, for packaging and publishing it as a gem
+* a Gemfile, for managing its dependencies
+* a Rakefile, for running development tasks
+* Rubocop linting support for using the base InSpec project rubocop.yml (See Rakefile)
+

data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Rakefile

@@ -0,0 +1,40 @@
+# A Rakefile defines tasks to help maintain your project.
+# Rake provides several task templates that are useful.
+
+#------------------------------------------------------------------#
+#                    Test Runner Tasks
+#------------------------------------------------------------------#
+
+# This task template will make a task named 'test', and run
+# the tests that it finds.
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs.push 'lib'
+  t.test_files = FileList[
+    'test/unit/*_test.rb',
+    'test/functional/*_test.rb',
+  ]
+  t.verbose = true
+  # Ideally, we'd run tests with warnings enabled,
+  # but the dependent gems have many warnings. As this
+  # is an example, let's disable them so the testing
+  # experience is cleaner.
+  t.warning = false
+end
+
+#------------------------------------------------------------------#
+#                    Code Style Tasks
+#------------------------------------------------------------------#
+require 'rubocop/rake_task'
+
+RuboCop::RakeTask.new(:lint) do |t|
+  # Choices of RuboCop rules to enforce are deeply personal.
+  # Here, we set things up so that your plugin will use the Bundler-installed
+  # inspec gem's copy of the InSpec project's rubocop.yml file (which
+  # is indeed packaged with the inspec gem).
+  require 'inspec/globals'
+  inspec_rubocop_yml = File.join(Inspec.src_root, '.rubocop.yml')
+
+  t.options = ['--display-cop-names', '--config', inspec_rubocop_yml]
+end

data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec

@@ -0,0 +1,45 @@
+# coding: utf-8
+
+# As plugins are usually packaged and distributed as a RubyGem,
+# we have to provide a .gemspec file, which controls the gembuild
+# and publish process.  This is a fairly generic gemspec.
+
+# It is traditional in a gemspec to dynamically load the current version
+# from a file in the source tree.  The next three lines make that happen.
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require '<%= plugin_name %>/version'
+
+Gem::Specification.new do |spec|
+  # Importantly, all InSpec plugins must be prefixed with `inspec-` (most
+  # plugins) or `train-` (plugins which add new connectivity features).
+  spec.name          = '<%= plugin_name %>'
+
+  # It is polite to namespace your plugin under InspecPlugins::YourPluginInCamelCase
+  spec.version       = InspecPlugins::<%= module_name %>::VERSION
+  spec.authors       = ['<%= author_name %>']
+  spec.email         = ['<%= author_email %>']
+  spec.summary       = '<%= summary %>'
+  spec.description   = '<%= description %>'
+  spec.homepage      = '<%= homepage %>'
+  spec.license       = '<%= license_name %>'
+
+  # Though complicated-looking, this is pretty standard for a gemspec.
+  # It just filters what will actually be packaged in the gem (leaving
+  # out tests, etc)
+  spec.files = %w{
+    README.md <%= snake_case %>.gemspec Gemfile
+  } + Dir.glob(
+    'lib/**/*', File::FNM_DOTMATCH
+  ).reject { |f| File.directory?(f) }
+  spec.require_paths = ['lib']
+
+  # If you rely on any other gems, list them here with any constraints.
+  # This is how `inspec plugin install` is able to manage your dependencies.
+  # For example, perhaps you are writing a thing that talks to AWS, and you
+  # want to ensure you have `aws-sdk` in a certain version.
+
+  # All plugins should mention inspec, > 2.2.78
+  # 2.2.78 included the v2 Plugin API
+  spec.add_dependency 'inspec', '>=2.2.78', '<4.0.0'
+end

data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb

@@ -0,0 +1,16 @@
+# encoding: utf-8
+
+# This file is known as the "entry point."
+# This is the file InSpec will try to load if it
+# thinks your plugin is installed.
+
+# The *only* thing this file should do is setup the
+# load path, then load the plugin definition file.
+
+# Next two lines simply add the path of the gem to the load path.
+# This is not needed when being loaded as a gem; but when doing
+# plugin development, you may need it.  Either way, it's harmless.
+libdir = File.dirname(__FILE__)
+$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
+
+require '<%= plugin_name %>/plugin'

data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb

@@ -0,0 +1,64 @@
+# encoding: utf-8
+
+require 'inspec/resource'
+
+module InspecPlugins::<%= module_name %>
+  # This class will provide the actual CLI implementation.
+  # Its superclass is provided by another call to Inspec.plugin,
+  # this time with two args.  The first arg specifies we are requesting
+  # version 2 of the Plugins API.  The second says we are making a CLI
+  # Command plugin component, so please make available any DSL needed
+  # for that.
+  #  In fact, aside from a some housekeeping DSL methods, most of the
+  # DSL provided is that of Thor. Inspec.plugin(2, :cli_command)
+  # promises to return a class that is a subclass of Thor.  So, to add
+  # commands, usage information, and options, use the Thor documentation.
+  class CliCommand < Inspec.plugin(2, :cli_command)
+    # This isn't provided by Thor, but is needed by InSpec so that it can
+    # register the top-level subcommand.  That is to say, subcommand_desc
+    # makes `inspec <%= command_name_dashes %> ...` work.  Args to sub_command_desc are
+    # a usage message, and a short decription.
+    # These will appear when someone has installed the plugin, and then they
+    # run `inspec help`.
+    # Note: if you want your command (or subcommand) to have dashes in it,
+    # use underscores where you want a dash, and Thor will convert them.
+    # Thor will fail to find a command that is directly named with dashes.
+    subcommand_desc '<%= command_name_snake %> [COMMAND]', 'Your Usage Message Here'
+
+    # The usual rhythm for a Thor CLI file is description, options, command method.
+    # Thor just has you call DSL methods in sequence prior to each command.
+
+    # Let's make a command, 'do_something'. This will then be available
+    # as `inspec <%= command_name_dashes %> do-something
+    # (Change this method name to be something sensible for your plugin.)
+
+    # First, provide a usage / description. This will appear
+    # in `inspec help <%= command_name_dashes %>`.
+    # As this is a usage message, you should write the command as it should appear
+    # to the user (if you want it to have dashes, use dashes)
+    desc 'do-something WHAT [OPTIONS]', 'Does something'
+
+    # Let's include an option, -s, to summarize
+    # Refer to the Thors docs; there is a lot you can do here.
+    option :summary, desc: 'Include a total at the bottom', \
+                     type: :boolean, default: true, aliases: [:s]
+
+    # OK, now the actual method itself.  If you provide params, you're telling Thor that
+    # you accept CLI arguments after all options have been consumed.
+    # Note again that the method name has an underscore, but when invoked
+    # on the CLI, use a dash.
+    def do_something(what = 'nothing')
+      # The code here will *only* be executed if someone actually
+      # runs `inspec <%= command_name_dashes %> do-something`.
+
+      # `what` will be the command line arg
+      # `options` will be a hash of CLI option values
+
+      # Talk to the user using the `ui` object (see Inspec::UI)
+      # ui.error('Whoops!')
+
+      ui.warning('This is a generated plugin with a default implementation.  Edit lib/<%= plugin_name %>/cli_command.rb to make it do what you want.')
+      ui.exit(:success) # or :usage_error
+    end
+  end
+end

data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb

@@ -0,0 +1,55 @@
+# encoding: UTF-8
+
+# Plugin Definition file
+# The purpose of this file is to declare to InSpec what plugin_types (capabilities)
+# are included in this plugin, and provide hooks that will load them as needed.
+
+# It is important that this file load successfully and *quickly*.
+# Your plugin's functionality may never be used on this InSpec run; so we keep things
+# fast and light by only loading heavy things when they are needed.
+
+# Presumably this is light
+require '<%= plugin_name %>/version'
+
+# The InspecPlugins namespace is where all plugins should declare themselves.
+# The 'Inspec' capitalization is used throughout the InSpec source code; yes, it's
+# strange.
+module InspecPlugins
+  # Pick a reasonable namespace here for your plugin.  A reasonable choice
+  # would be the CamelCase version of your plugin gem name.
+  # <%= plugin_name %> => <%= module_name %>
+  module <%= module_name %>
+    # This simple class handles the plugin definition, so calling it simply Plugin is OK.
+    #   Inspec.plugin returns various Classes, intended to be superclasses for various
+    # plugin components. Here, the one-arg form gives you the Plugin Definition superclass,
+    # which mainly gives you access to the hook / plugin_type DSL.
+    #   The number '2' says you are asking for version 2 of the plugin API. If there are
+    # future versions, InSpec promises plugin API v2 will work for at least two more InSpec
+    # major versions.
+    class Plugin < ::Inspec.plugin(2)
+      # Internal machine name of the plugin. InSpec will use this in errors, etc.
+      plugin_name :'<%= plugin_name %>'
+
+      # Define a new CLI subcommand.
+      # The argument here will be used to match against the command line args,
+      # and if the user said `inspec list-resources`, this hook will get called.
+      # Notice that you can define multiple hooks with different names, and they
+      # don't have to match the plugin name.
+
+      # We'd like this to be list-resources, but Thor does not support hyphens
+      # see https://github.com/erikhuda/thor/pull/613
+      cli_command :<%= command_name_snake %> do
+        # Calling this hook doesn't mean the subcommand is being executed - just
+        # that we should be ready to do so. So, load the file that defines the
+        # functionality.
+        # For example, InSpec will activate this hook when `inspec help` is
+        # executed, so that this plugin's usage message will be included in the help.
+        require '<%= plugin_name %>/cli_command'
+
+        # Having loaded our functionality, return a class that will let the
+        # CLI engine tap into it.
+        InspecPlugins::<%= module_name %>::CliCommand
+      end
+    end
+  end
+end

data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb

@@ -0,0 +1,10 @@
+# encoding: UTF-8
+
+# This file simply makes it easier for CI engines to update
+# the version stamp, and provide a clean way for the gemspec
+# to learn the current version.
+module InspecPlugins
+  module <%= module_name %>
+    VERSION = '0.1.0'.freeze
+  end
+end

data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/fixtures/README.md

@@ -0,0 +1,24 @@
+# Test Fixtures Area
+
+In this directory, you would place things that you need during testing.  For example, if you were making a plugin that counts the number of controls in a profile, you might have a directory tree like this:
+
+```
+  fixtures/
+    profiles/
+      zero-controls/
+        inspec.yml
+        controls/
+      twelve-controls/
+        inspec.yml
+        controls/
+          nine.rb
+          three.rb
+```
+
+When writing your functional tests, you can point InSpec at the various test fixture profiles, and know that when it points at the zero-controls profile, it should find no controls; and when pointed at the twelve-controls profile, it should find 12.
+
+## Using test fixtures provided with the `inspec` source code
+
+InSpec itself ships with many test fixtures - not just profiles, but attribute files, configuration directories, and more.  Examine them at [the fixtures directory](https://github.com/inspec/inspec/tree/master/test/unit/mock)
+
+To use them, see the helper.rb file included in the example at test/helper.rb .