RubyGems - inspec-core - Versions diffs - 3.7.11 → 3.9.0 - Mend

inspec-core 3.7.11 → 3.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

data/lib/plugins/inspec-compliance/test/unit/api_test.rb DELETED

@@ -1,385 +0,0 @@
-require 'minitest/autorun'
-require 'mocha/setup'
-require_relative '../../lib/inspec-compliance/api.rb'
-describe InspecPlugins::Compliance::API do
-  let(:profiles_response) do
-    [{ 'name'=>'apache-baseline',
-      'title'=>'DevSec Apache Baseline',
-      'maintainer'=>'DevSec Hardening Framework Team',
-      'copyright'=>'DevSec Hardening Framework Team',
-      'copyright_email'=>'hello@dev-sec.io',
-      'license'=>'Apache 2 license',
-      'summary'=>'Test-suite for best-practice apache hardening',
-      'version'=>'2.0.2',
-      'supports'=>[{ 'os-family'=>'unix' }],
-      'depends'=>nil,
-      'owner_id'=>'admin' },
-     { 'name'=>'apache-baseline',
-      'title'=>'DevSec Apache Baseline',
-      'maintainer'=>'Hardening Framework Team',
-      'copyright'=>'Hardening Framework Team',
-      'copyright_email'=>'hello@dev-sec.io',
-      'license'=>'Apache 2 license',
-      'summary'=>'Test-suite for best-practice apache hardening',
-      'version'=>'2.0.1',
-      'supports'=>[{ 'os-family'=>'unix' }],
-      'depends'=>nil,
-      'latest_version'=>'2.0.2',
-      'owner_id'=>'admin' },
-     { 'name'=>'cis-aix-5.3-6.1-level1',
-      'title'=>'CIS AIX 5.3 and AIX 6.1 Benchmark Level 1',
-      'maintainer'=>'Chef Software, Inc.',
-      'copyright'=>'Chef Software, Inc.',
-      'copyright_email'=>'support@chef.io',
-      'license'=>'Proprietary, All rights reserved',
-      'summary'=>'CIS AIX 5.3 and AIX 6.1 Benchmark Level 1 translated from SCAP',
-      'version'=>'1.1.0',
-      'supports'=>nil,
-      'depends'=>nil,
-      'latest_version'=>'1.1.0-3',
-      'owner_id'=>'admin' }]
-  end
-  describe '.version' do
-    let(:headers) { 'test-headers' }
-    let(:config) do
-      {
-        'server' => 'myserver',
-        'insecure' => true,
-      }
-    end
-    before do
-      InspecPlugins::Compliance::API.expects(:get_headers).returns(headers)
-    end
-    describe 'when a 404 is received' do
-      it 'should return an empty hash' do
-        response = mock
-        response.stubs(:code).returns('404')
-        InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
-        InspecPlugins::Compliance::API.version(config).must_equal({})
-      end
-    end
-    describe 'when the returned body is nil' do
-      it 'should return an empty hash' do
-        response = mock
-        response.stubs(:code).returns('200')
-        response.stubs(:body).returns(nil)
-        InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
-        InspecPlugins::Compliance::API.version(config).must_equal({})
-      end
-    end
-    describe 'when the returned body is an empty string' do
-      it 'should return an empty hash' do
-        response = mock
-        response.stubs(:code).returns('200')
-        response.stubs(:body).returns('')
-        InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
-        InspecPlugins::Compliance::API.version(config).must_equal({})
-      end
-    end
-    describe 'when the returned body has no version key' do
-      it 'should return an empty hash' do
-        response = mock
-        response.stubs(:code).returns('200')
-        response.stubs(:body).returns('{"api":"compliance"}')
-        InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
-        InspecPlugins::Compliance::API.version(config).must_equal({})
-      end
-    end
-    describe 'when the returned body has an empty version key' do
-      it 'should return an empty hash' do
-        response = mock
-        response.stubs(:code).returns('200')
-        response.stubs(:body).returns('{"api":"compliance","version":""}')
-        InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
-        InspecPlugins::Compliance::API.version(config).must_equal({})
-      end
-    end
-    describe 'when the returned body has a proper version' do
-      it 'should return an empty hash' do
-        response = mock
-        response.stubs(:code).returns('200')
-        response.stubs(:body).returns('{"api":"compliance","version":"1.2.3"}')
-        InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
-        InspecPlugins::Compliance::API.version(config).must_equal({ 'version' => '1.2.3', 'api' => 'compliance' })
-      end
-    end
-  end
-  describe 'automate/compliance is? checks' do
-    describe 'when the config has a compliance server_type' do
-      it 'automate/compliance server is? methods return correctly' do
-        config = InspecPlugins::Compliance::Configuration.new
-        config.clean
-        config['server_type'] = 'compliance'
-        InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal true
-        InspecPlugins::Compliance::API.is_automate_server?(config).must_equal false
-        InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal false
-        InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
-        InspecPlugins::Compliance::API.is_automate2_server?(config).must_equal false
-      end
-    end
-    describe 'when the config has a automate2 server_type' do
-      it 'automate/compliance server is? methods return correctly' do
-        config = InspecPlugins::Compliance::Configuration.new
-        config.clean
-        config['server_type'] = 'automate2'
-        InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
-        InspecPlugins::Compliance::API.is_automate_server?(config).must_equal false
-        InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal false
-        InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
-        InspecPlugins::Compliance::API.is_automate2_server?(config).must_equal true
-      end
-    end
-    describe 'when the config has an automate server_type and no version key' do
-      it 'automate/compliance server is? methods return correctly' do
-        config = InspecPlugins::Compliance::Configuration.new
-        config.clean
-        config['server_type'] = 'automate'
-        InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
-        InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
-        InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal true
-        InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
-        InspecPlugins::Compliance::API.is_automate2_server?(config).must_equal false
-      end
-    end
-    describe 'when the config has an automate server_type and a version key that is not a hash' do
-      it 'automate/compliance server is? methods return correctly' do
-        config = InspecPlugins::Compliance::Configuration.new
-        config.clean
-        config['server_type'] = 'automate'
-        config['version'] = '1.2.3'
-        InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
-        InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
-        InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal true
-        InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
-        InspecPlugins::Compliance::API.is_automate2_server?(config).must_equal false
-      end
-    end
-    describe 'when the config has an automate server_type and a version hash with no version' do
-      it 'automate/compliance server is? methods return correctly' do
-        config = InspecPlugins::Compliance::Configuration.new
-        config.clean
-        config['server_type'] = 'automate'
-        config['version'] = {}
-        InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
-        InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
-        InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal true
-        InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
-      end
-    end
-    describe 'when the config has an automate server_type and a version hash with a version' do
-      it 'automate/compliance server is? methods return correctly' do
-        config = InspecPlugins::Compliance::Configuration.new
-        config.clean
-        config['server_type'] = 'automate'
-        config['version'] = { 'version' => '0.8.1' }
-        InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
-        InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
-        InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal false
-        InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal true
-      end
-    end
-  end
-  describe '.server_version_from_config' do
-    it 'returns nil when the config has no version key' do
-      config = {}
-      InspecPlugins::Compliance::API.server_version_from_config(config).must_be_nil
-    end
-    it 'returns nil when the version value is not a hash' do
-      config = { 'version' => '123' }
-      InspecPlugins::Compliance::API.server_version_from_config(config).must_be_nil
-    end
-    it 'returns nil when the version value is a hash but has no version key inside' do
-      config = { 'version' => {} }
-      InspecPlugins::Compliance::API.server_version_from_config(config).must_be_nil
-    end
-    it 'returns the version if the version value is a hash containing a version' do
-      config = { 'version' => { 'version' => '1.2.3' } }
-      InspecPlugins::Compliance::API.server_version_from_config(config).must_equal '1.2.3'
-    end
-  end
-  describe 'profile_split' do
-    it 'handles a profile without version' do
-      InspecPlugins::Compliance::API.profile_split('admin/apache-baseline').must_equal ['admin', 'apache-baseline', nil]
-    end
-    it 'handles a profile with a version' do
-      InspecPlugins::Compliance::API.profile_split('admin/apache-baseline#2.0.1').must_equal ['admin', 'apache-baseline', '2.0.1']
-    end
-  end
-  describe 'target_url' do
-    it 'handles a automate profile with and without version' do
-      config = InspecPlugins::Compliance::Configuration.new
-      config.clean
-      config['server_type'] = 'automate'
-      config['server'] = 'https://myautomate'
-      config['version'] = '1.6.99'
-      InspecPlugins::Compliance::API.target_url(config, 'admin/apache-baseline').must_equal       'https://myautomate/profiles/admin/apache-baseline/tar'
-      InspecPlugins::Compliance::API.target_url(config, 'admin/apache-baseline#2.0.2').must_equal 'https://myautomate/profiles/admin/apache-baseline/version/2.0.2/tar'
-    end
-    it 'handles a chef-compliance profile with and without version' do
-      config = InspecPlugins::Compliance::Configuration.new
-      config.clean
-      config['server_type'] = 'compliance'
-      config['server'] = 'https://mychefcompliance'
-      config['version'] = '1.1.2'
-      InspecPlugins::Compliance::API.target_url(config, 'admin/apache-baseline').must_equal       'https://mychefcompliance/owners/admin/compliance/apache-baseline/tar'
-      InspecPlugins::Compliance::API.target_url(config, 'admin/apache-baseline#2.0.2').must_equal 'https://mychefcompliance/owners/admin/compliance/apache-baseline/tar'
-    end
-  end
-  describe 'exist?' do
-    it 'works with profiles returned by Automate' do
-      # ruby 2.3.3 has issues running stub_requests properly
-      # skipping for that specific version
-      return if RUBY_VERSION = '2.3.3'
-      config = InspecPlugins::Compliance::Configuration.new
-      config.clean
-      config['owner'] = 'admin'
-      config['server_type'] = 'automate'
-      config['server'] = 'https://myautomate'
-      config['version'] = '1.6.99'
-      config['automate'] = { 'ent'=>'automate', 'token_type'=>'dctoken' }
-      config['version'] = { 'api'=> 'compliance', 'version'=>'0.8.24' }
-      stub_request(:get, 'https://myautomate/profiles/admin')
-        .with(headers: { 'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'Chef-Delivery-Enterprise'=>'automate', 'User-Agent'=>'Ruby', 'X-Data-Collector-Token'=>'' })
-        .to_return(status: 200, body: profiles_response.to_json, headers: {})
-      InspecPlugins::Compliance::API.exist?(config, 'admin/apache-baseline').must_equal true
-      InspecPlugins::Compliance::API.exist?(config, 'admin/apache-baseline#2.0.1').must_equal true
-      InspecPlugins::Compliance::API.exist?(config, 'admin/apache-baseline#2.0.999').must_equal false
-      InspecPlugins::Compliance::API.exist?(config, 'admin/missing-in-action').must_equal false
-    end
-  end
-  describe '.determine_server_type' do
-    let(:url) { 'https://someserver.onthe.net/' }
-    let(:compliance_endpoint) { '/api/version' }
-    let(:automate_endpoint) { '/compliance/version' }
-    let(:automate2_endpoint) { '/dex/auth' }
-    let(:headers) { nil }
-    let(:insecure) { true }
-    let(:good_response) { mock }
-    let(:bad_response) { mock }
-    it 'returns `:automate2` when a 400 is received from `https://URL/dex/auth`' do
-      good_response.stubs(:code).returns('400')
-      InspecPlugins::Compliance::HTTP.expects(:get)
-                      .with(url + automate2_endpoint, headers, insecure)
-                      .returns(good_response)
-      InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:automate2)
-    end
-    it 'returns `:automate` when a 401 is received from `https://URL/compliance/version`' do
-      good_response.stubs(:code).returns('401')
-      bad_response.stubs(:code).returns('404')
-      InspecPlugins::Compliance::HTTP.expects(:get)
-                      .with(url + automate2_endpoint, headers, insecure)
-                      .returns(bad_response)
-      InspecPlugins::Compliance::HTTP.expects(:get)
-                      .with(url + automate_endpoint, headers, insecure)
-                      .returns(good_response)
-      InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:automate)
-    end
-    # Chef Automate currently returns 401 for `/compliance/version` but some
-    # versions of OpsWorks Chef Automate return 200 and a Chef Manage page when
-    # unauthenticated requests are received.
-    it 'returns `:automate` when a 200 is received from `https://URL/compliance/version`' do
-      bad_response.stubs(:code).returns('404')
-      good_response.stubs(:code).returns('200')
-      good_response.stubs(:body).returns('Are You Looking For the Chef Server?')
-      InspecPlugins::Compliance::HTTP.expects(:get)
-                      .with(url + automate2_endpoint, headers, insecure)
-                      .returns(bad_response)
-      InspecPlugins::Compliance::HTTP.expects(:get)
-                      .with(url + automate_endpoint, headers, insecure)
-                      .returns(good_response)
-      InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:automate)
-    end
-    it 'returns `nil` if a 200 is received from `https://URL/compliance/version` but not redirected to Chef Manage' do
-      bad_response.stubs(:code).returns('200')
-      bad_response.stubs(:body).returns('No Chef Manage here')
-      InspecPlugins::Compliance::HTTP.expects(:get)
-                      .with(url + automate_endpoint, headers, insecure)
-                      .returns(bad_response)
-      InspecPlugins::Compliance::HTTP.expects(:get)
-                      .with(url + automate2_endpoint, headers, insecure)
-                      .returns(bad_response)
-      mock_compliance_response = mock
-      mock_compliance_response.stubs(:code).returns('404')
-      InspecPlugins::Compliance::HTTP.expects(:get)
-                      .with(url + compliance_endpoint, headers, insecure)
-                      .returns(mock_compliance_response)
-      InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_be_nil
-    end
-    it 'returns `:compliance` when a 200 is received from `https://URL/api/version`' do
-      good_response.stubs(:code).returns('200')
-      bad_response.stubs(:code).returns('404')
-      InspecPlugins::Compliance::HTTP.expects(:get)
-                      .with(url + automate_endpoint, headers, insecure)
-                      .returns(bad_response)
-      InspecPlugins::Compliance::HTTP.expects(:get)
-                      .with(url + automate2_endpoint, headers, insecure)
-                      .returns(bad_response)
-      InspecPlugins::Compliance::HTTP.expects(:get)
-                      .with(url + compliance_endpoint, headers, insecure)
-                      .returns(good_response)
-      InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:compliance)
-    end
-    it 'returns `nil` if it cannot determine the server type' do
-      bad_response.stubs(:code).returns('404')
-      InspecPlugins::Compliance::HTTP.expects(:get)
-                      .with(url + automate2_endpoint, headers, insecure)
-                      .returns(bad_response)
-      InspecPlugins::Compliance::HTTP.expects(:get)
-                      .with(url + automate_endpoint, headers, insecure)
-                      .returns(bad_response)
-      InspecPlugins::Compliance::HTTP.expects(:get)
-                      .with(url + compliance_endpoint, headers, insecure)
-                      .returns(bad_response)
-      InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_be_nil
-    end
-  end
-end

data/lib/plugins/inspec-compliance/test/unit/target_test.rb DELETED

@@ -1,155 +0,0 @@
-require 'minitest/autorun'
-require 'mocha/setup'
-require_relative '../../lib/inspec-compliance/api.rb'
-describe InspecPlugins::Compliance::Fetcher do
-  let(:config) { { 'server' => 'myserver' } }
-  describe 'the check_compliance_token method' do
-    let(:fetcher) { fetcher = InspecPlugins::Compliance::Fetcher.new('a/bad/url', config) }
-    it 'returns without error if token is set' do
-      config['token'] = 'my-token'
-      fetcher.class.check_compliance_token('http://test.com', config)
-    end
-    it 'returns an error when token is not set' do
-      ex = assert_raises(Inspec::FetcherFailure) { fetcher.class.check_compliance_token('http://test.com', config) }
-      ex.message.must_include "Cannot fetch http://test.com because your compliance token has not been\nconfigured."
-    end
-  end
-  describe 'when the server is an automate2 server' do
-    before { InspecPlugins::Compliance::API.expects(:is_automate2_server?).with(config).returns(true) }
-    it 'returns the correct owner and profile name' do
-      config['profile'] = ['admin', 'ssh-baseline', nil]
-      fetcher = InspecPlugins::Compliance::Fetcher.new('myserver/profile', config)
-      fetcher.send(:compliance_profile_name).must_equal 'admin/ssh-baseline'
-    end
-  end
-  describe 'when the server is an automate server pre-0.8.0' do
-    before { InspecPlugins::Compliance::API.expects(:is_automate_server_pre_080?).with(config).returns(true) }
-    it 'returns the correct profile name when the url is correct' do
-      fetcher = InspecPlugins::Compliance::Fetcher.new('myserver/myowner/myprofile/tar', config)
-      fetcher.send(:compliance_profile_name).must_equal 'myowner/myprofile'
-    end
-    it 'raises an exception if the url is malformed' do
-      fetcher = InspecPlugins::Compliance::Fetcher.new('a/bad/url', config)
-      proc { fetcher.send(:compliance_profile_name) }.must_raise RuntimeError
-    end
-  end
-  describe 'when the server is an automate server 0.8.0-or-later' do
-    before do
-      InspecPlugins::Compliance::API.expects(:is_automate_server_pre_080?).with(config).returns(false)
-      InspecPlugins::Compliance::API.expects(:is_automate_server_080_and_later?).with(config).returns(true)
-    end
-    it 'returns the correct profile name when the url is correct' do
-      fetcher = InspecPlugins::Compliance::Fetcher.new('myserver/profiles/myowner/myprofile/tar', config)
-      fetcher.send(:compliance_profile_name).must_equal 'myowner/myprofile'
-    end
-    it 'raises an exception if the url is malformed' do
-      fetcher = InspecPlugins::Compliance::Fetcher.new('a/bad/url', config)
-      proc { fetcher.send(:compliance_profile_name) }.must_raise RuntimeError
-    end
-  end
-  describe 'when the server is not an automate server (likely a compliance server)' do
-    before do
-      InspecPlugins::Compliance::API.expects(:is_automate_server_pre_080?).with(config).returns(false)
-      InspecPlugins::Compliance::API.expects(:is_automate_server_080_and_later?).with(config).returns(false)
-    end
-    it 'returns the correct profile name when the url is correct' do
-      fetcher = InspecPlugins::Compliance::Fetcher.new('myserver/owners/myowner/compliance/myprofile/tar', config)
-      fetcher.send(:compliance_profile_name).must_equal 'myowner/myprofile'
-    end
-    it 'raises an exception if the url is malformed' do
-      fetcher = InspecPlugins::Compliance::Fetcher.new('a/bad/url', config)
-      proc { fetcher.send(:compliance_profile_name) }.must_raise RuntimeError
-    end
-  end
-  describe 'when the server calls an automate profile' do
-    let(:profiles_result) do
-      [{ 'name'=>'ssh-baseline',
-          'title'=>'InSpec Profile',
-          'maintainer'=>'The Authors',
-          'copyright'=>'The Authors',
-          'copyright_email'=>'you@example.com',
-          'license'=>'Apache-2.0',
-          'summary'=>'An InSpec Compliance Profile',
-          'version'=>'0.1.1',
-          'owner'=>'admin',
-          'supports'=>[],
-          'depends'=>[],
-          'sha256'=>'132j1kjdasfasdoaefaewo12312',
-          'groups'=>[],
-          'controls'=>[],
-          'attributes'=>[],
-          'latest_version'=>'' }]
-    end
-    before do
-      InspecPlugins::Compliance::Configuration.expects(:new).returns({ 'token' => '123abc', 'server' => 'https://a2.instance.com' })
-    end
-    it 'returns the correct profile name when parsing url' do
-      InspecPlugins::Compliance::API.stubs(:profiles).returns(['success', profiles_result])
-      fetcher = InspecPlugins::Compliance::Fetcher.resolve('compliance://admin/ssh-baseline')
-      assert = ['admin', 'ssh-baseline', nil]
-      fetcher.instance_variable_get(:"@config")['profile'].must_equal assert
-    end
-    it 'returns the correct profile name when parsing compliance hash' do
-      InspecPlugins::Compliance::API.stubs(:profiles).returns(['success', profiles_result])
-      hash = {
-        target: 'https://a2.instance.com/api/v0/compliance/tar',
-        compliance: 'admin/ssh-baseline',
-        sha256: '132j1kjdasfasdoaefaewo12312',
-      }
-      fetcher = InspecPlugins::Compliance::Fetcher.resolve(hash)
-      assert = ['admin', 'ssh-baseline', nil]
-      fetcher.instance_variable_get(:"@config")['profile'].must_equal assert
-    end
-  end
-  describe 'when the server provides a sha256 in the profiles_result' do
-    let(:profiles_result) do
-      [{ 'name'=>'ssh-baseline',
-          'title'=>'InSpec Profile',
-          'maintainer'=>'The Authors',
-          'copyright'=>'The Authors',
-          'copyright_email'=>'you@example.com',
-          'license'=>'Apache-2.0',
-          'summary'=>'An InSpec Compliance Profile',
-          'version'=>'0.1.1',
-          'owner'=>'admin',
-          'supports'=>[],
-          'depends'=>[],
-          'sha256'=>'132j1kjdasfasdoaefaewo12312',
-          'groups'=>[],
-          'controls'=>[],
-          'attributes'=>[],
-          'latest_version'=>'' }]
-    end
-    before do
-      InspecPlugins::Compliance::Configuration.expects(:new).returns({ 'token' => '123abc', 'server' => 'https://a2.instance.com' })
-    end
-    it 'contains the upstream_sha256' do
-      InspecPlugins::Compliance::API.stubs(:profiles).returns(['success', profiles_result])
-      prof = profiles_result[0]
-      target = "compliance://#{prof['owner']}/#{prof['name']}"
-      fetcher = InspecPlugins::Compliance::Fetcher.resolve(target)
-      fetcher.upstream_sha256.must_equal prof['sha256']
-    end
-  end
-end