inspec-core 3.7.11 → 3.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -0
- data/lib/inspec/reporters/automate.rb +0 -4
- data/lib/inspec/reporters/json_automate.rb +7 -1
- data/lib/inspec/version.rb +1 -1
- metadata +2 -39
- data/lib/plugins/inspec-artifact/test/functional/inspec_artifact_test.rb +0 -46
- data/lib/plugins/inspec-compliance/test/functional/inspec_compliance_test.rb +0 -43
- data/lib/plugins/inspec-compliance/test/integration/default/cli.rb +0 -93
- data/lib/plugins/inspec-compliance/test/unit/api/login_test.rb +0 -190
- data/lib/plugins/inspec-compliance/test/unit/api_test.rb +0 -385
- data/lib/plugins/inspec-compliance/test/unit/target_test.rb +0 -155
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/Berksfile +0 -2
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/README.md +0 -3
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/files/hab_setup.exp +0 -28
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/metadata.rb +0 -9
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/recipes/default.rb +0 -61
- data/lib/plugins/inspec-habitat/test/functional/inspec_habitat_test.rb +0 -38
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/README.md +0 -3
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/controls/inspec_habitat.rb +0 -40
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/inspec.yml +0 -10
- data/lib/plugins/inspec-habitat/test/support/example_profile/README.md +0 -3
- data/lib/plugins/inspec-habitat/test/support/example_profile/controls/example.rb +0 -7
- data/lib/plugins/inspec-habitat/test/support/example_profile/inspec.yml +0 -10
- data/lib/plugins/inspec-habitat/test/unit/profile_test.rb +0 -240
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/fixtures/README.md +0 -24
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/functional/README.md +0 -12
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/functional/inspec_plugin_template_test.rb +0 -110
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/helper.rb +0 -26
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/README.md +0 -17
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/cli_args_test.rb +0 -67
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/plugin_def_test.rb +0 -51
- data/lib/plugins/inspec-init/test/functional/inspec_init_plugin_test.rb +0 -173
- data/lib/plugins/inspec-init/test/functional/inspec_init_profile_test.rb +0 -100
- data/lib/plugins/inspec-plugin-manager-cli/test/fixtures/config_dirs/empty/.gitkeep +0 -0
- data/lib/plugins/inspec-plugin-manager-cli/test/fixtures/plugins/inspec-egg-white-omelette/lib/inspec-egg-white-omelette.rb +0 -2
- data/lib/plugins/inspec-plugin-manager-cli/test/fixtures/plugins/inspec-egg-white-omelette/lib/inspec-egg-white-omelette/.gitkeep +0 -0
- data/lib/plugins/inspec-plugin-manager-cli/test/fixtures/plugins/inspec-wrong-structure/.gitkeep +0 -0
- data/lib/plugins/inspec-plugin-manager-cli/test/fixtures/plugins/wrong-name/lib/wrong-name.rb +0 -1
- data/lib/plugins/inspec-plugin-manager-cli/test/fixtures/plugins/wrong-name/lib/wrong-name/.gitkeep +0 -0
- data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +0 -713
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +0 -75
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/plugin_def_test.rb +0 -20
@@ -1,385 +0,0 @@
|
|
1
|
-
require 'minitest/autorun'
|
2
|
-
require 'mocha/setup'
|
3
|
-
require_relative '../../lib/inspec-compliance/api.rb'
|
4
|
-
|
5
|
-
describe InspecPlugins::Compliance::API do
|
6
|
-
let(:profiles_response) do
|
7
|
-
[{ 'name'=>'apache-baseline',
|
8
|
-
'title'=>'DevSec Apache Baseline',
|
9
|
-
'maintainer'=>'DevSec Hardening Framework Team',
|
10
|
-
'copyright'=>'DevSec Hardening Framework Team',
|
11
|
-
'copyright_email'=>'hello@dev-sec.io',
|
12
|
-
'license'=>'Apache 2 license',
|
13
|
-
'summary'=>'Test-suite for best-practice apache hardening',
|
14
|
-
'version'=>'2.0.2',
|
15
|
-
'supports'=>[{ 'os-family'=>'unix' }],
|
16
|
-
'depends'=>nil,
|
17
|
-
'owner_id'=>'admin' },
|
18
|
-
{ 'name'=>'apache-baseline',
|
19
|
-
'title'=>'DevSec Apache Baseline',
|
20
|
-
'maintainer'=>'Hardening Framework Team',
|
21
|
-
'copyright'=>'Hardening Framework Team',
|
22
|
-
'copyright_email'=>'hello@dev-sec.io',
|
23
|
-
'license'=>'Apache 2 license',
|
24
|
-
'summary'=>'Test-suite for best-practice apache hardening',
|
25
|
-
'version'=>'2.0.1',
|
26
|
-
'supports'=>[{ 'os-family'=>'unix' }],
|
27
|
-
'depends'=>nil,
|
28
|
-
'latest_version'=>'2.0.2',
|
29
|
-
'owner_id'=>'admin' },
|
30
|
-
{ 'name'=>'cis-aix-5.3-6.1-level1',
|
31
|
-
'title'=>'CIS AIX 5.3 and AIX 6.1 Benchmark Level 1',
|
32
|
-
'maintainer'=>'Chef Software, Inc.',
|
33
|
-
'copyright'=>'Chef Software, Inc.',
|
34
|
-
'copyright_email'=>'support@chef.io',
|
35
|
-
'license'=>'Proprietary, All rights reserved',
|
36
|
-
'summary'=>'CIS AIX 5.3 and AIX 6.1 Benchmark Level 1 translated from SCAP',
|
37
|
-
'version'=>'1.1.0',
|
38
|
-
'supports'=>nil,
|
39
|
-
'depends'=>nil,
|
40
|
-
'latest_version'=>'1.1.0-3',
|
41
|
-
'owner_id'=>'admin' }]
|
42
|
-
end
|
43
|
-
|
44
|
-
describe '.version' do
|
45
|
-
let(:headers) { 'test-headers' }
|
46
|
-
let(:config) do
|
47
|
-
{
|
48
|
-
'server' => 'myserver',
|
49
|
-
'insecure' => true,
|
50
|
-
}
|
51
|
-
end
|
52
|
-
|
53
|
-
before do
|
54
|
-
InspecPlugins::Compliance::API.expects(:get_headers).returns(headers)
|
55
|
-
end
|
56
|
-
|
57
|
-
describe 'when a 404 is received' do
|
58
|
-
it 'should return an empty hash' do
|
59
|
-
response = mock
|
60
|
-
response.stubs(:code).returns('404')
|
61
|
-
InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
|
62
|
-
InspecPlugins::Compliance::API.version(config).must_equal({})
|
63
|
-
end
|
64
|
-
end
|
65
|
-
|
66
|
-
describe 'when the returned body is nil' do
|
67
|
-
it 'should return an empty hash' do
|
68
|
-
response = mock
|
69
|
-
response.stubs(:code).returns('200')
|
70
|
-
response.stubs(:body).returns(nil)
|
71
|
-
InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
|
72
|
-
InspecPlugins::Compliance::API.version(config).must_equal({})
|
73
|
-
end
|
74
|
-
end
|
75
|
-
|
76
|
-
describe 'when the returned body is an empty string' do
|
77
|
-
it 'should return an empty hash' do
|
78
|
-
response = mock
|
79
|
-
response.stubs(:code).returns('200')
|
80
|
-
response.stubs(:body).returns('')
|
81
|
-
InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
|
82
|
-
InspecPlugins::Compliance::API.version(config).must_equal({})
|
83
|
-
end
|
84
|
-
end
|
85
|
-
|
86
|
-
describe 'when the returned body has no version key' do
|
87
|
-
it 'should return an empty hash' do
|
88
|
-
response = mock
|
89
|
-
response.stubs(:code).returns('200')
|
90
|
-
response.stubs(:body).returns('{"api":"compliance"}')
|
91
|
-
InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
|
92
|
-
InspecPlugins::Compliance::API.version(config).must_equal({})
|
93
|
-
end
|
94
|
-
end
|
95
|
-
|
96
|
-
describe 'when the returned body has an empty version key' do
|
97
|
-
it 'should return an empty hash' do
|
98
|
-
response = mock
|
99
|
-
response.stubs(:code).returns('200')
|
100
|
-
response.stubs(:body).returns('{"api":"compliance","version":""}')
|
101
|
-
InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
|
102
|
-
InspecPlugins::Compliance::API.version(config).must_equal({})
|
103
|
-
end
|
104
|
-
end
|
105
|
-
|
106
|
-
describe 'when the returned body has a proper version' do
|
107
|
-
it 'should return an empty hash' do
|
108
|
-
response = mock
|
109
|
-
response.stubs(:code).returns('200')
|
110
|
-
response.stubs(:body).returns('{"api":"compliance","version":"1.2.3"}')
|
111
|
-
InspecPlugins::Compliance::HTTP.expects(:get).with('myserver/version', 'test-headers', true).returns(response)
|
112
|
-
InspecPlugins::Compliance::API.version(config).must_equal({ 'version' => '1.2.3', 'api' => 'compliance' })
|
113
|
-
end
|
114
|
-
end
|
115
|
-
end
|
116
|
-
|
117
|
-
describe 'automate/compliance is? checks' do
|
118
|
-
describe 'when the config has a compliance server_type' do
|
119
|
-
it 'automate/compliance server is? methods return correctly' do
|
120
|
-
config = InspecPlugins::Compliance::Configuration.new
|
121
|
-
config.clean
|
122
|
-
config['server_type'] = 'compliance'
|
123
|
-
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal true
|
124
|
-
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal false
|
125
|
-
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal false
|
126
|
-
InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
|
127
|
-
InspecPlugins::Compliance::API.is_automate2_server?(config).must_equal false
|
128
|
-
end
|
129
|
-
end
|
130
|
-
|
131
|
-
describe 'when the config has a automate2 server_type' do
|
132
|
-
it 'automate/compliance server is? methods return correctly' do
|
133
|
-
config = InspecPlugins::Compliance::Configuration.new
|
134
|
-
config.clean
|
135
|
-
config['server_type'] = 'automate2'
|
136
|
-
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
137
|
-
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal false
|
138
|
-
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal false
|
139
|
-
InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
|
140
|
-
InspecPlugins::Compliance::API.is_automate2_server?(config).must_equal true
|
141
|
-
end
|
142
|
-
end
|
143
|
-
|
144
|
-
describe 'when the config has an automate server_type and no version key' do
|
145
|
-
it 'automate/compliance server is? methods return correctly' do
|
146
|
-
config = InspecPlugins::Compliance::Configuration.new
|
147
|
-
config.clean
|
148
|
-
config['server_type'] = 'automate'
|
149
|
-
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
150
|
-
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
|
151
|
-
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal true
|
152
|
-
InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
|
153
|
-
InspecPlugins::Compliance::API.is_automate2_server?(config).must_equal false
|
154
|
-
end
|
155
|
-
end
|
156
|
-
|
157
|
-
describe 'when the config has an automate server_type and a version key that is not a hash' do
|
158
|
-
it 'automate/compliance server is? methods return correctly' do
|
159
|
-
config = InspecPlugins::Compliance::Configuration.new
|
160
|
-
config.clean
|
161
|
-
config['server_type'] = 'automate'
|
162
|
-
config['version'] = '1.2.3'
|
163
|
-
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
164
|
-
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
|
165
|
-
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal true
|
166
|
-
InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
|
167
|
-
InspecPlugins::Compliance::API.is_automate2_server?(config).must_equal false
|
168
|
-
end
|
169
|
-
end
|
170
|
-
|
171
|
-
describe 'when the config has an automate server_type and a version hash with no version' do
|
172
|
-
it 'automate/compliance server is? methods return correctly' do
|
173
|
-
config = InspecPlugins::Compliance::Configuration.new
|
174
|
-
config.clean
|
175
|
-
config['server_type'] = 'automate'
|
176
|
-
config['version'] = {}
|
177
|
-
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
178
|
-
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
|
179
|
-
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal true
|
180
|
-
InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal false
|
181
|
-
end
|
182
|
-
end
|
183
|
-
|
184
|
-
describe 'when the config has an automate server_type and a version hash with a version' do
|
185
|
-
it 'automate/compliance server is? methods return correctly' do
|
186
|
-
config = InspecPlugins::Compliance::Configuration.new
|
187
|
-
config.clean
|
188
|
-
config['server_type'] = 'automate'
|
189
|
-
config['version'] = { 'version' => '0.8.1' }
|
190
|
-
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
191
|
-
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
|
192
|
-
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal false
|
193
|
-
InspecPlugins::Compliance::API.is_automate_server_080_and_later?(config).must_equal true
|
194
|
-
end
|
195
|
-
end
|
196
|
-
end
|
197
|
-
|
198
|
-
describe '.server_version_from_config' do
|
199
|
-
it 'returns nil when the config has no version key' do
|
200
|
-
config = {}
|
201
|
-
InspecPlugins::Compliance::API.server_version_from_config(config).must_be_nil
|
202
|
-
end
|
203
|
-
|
204
|
-
it 'returns nil when the version value is not a hash' do
|
205
|
-
config = { 'version' => '123' }
|
206
|
-
InspecPlugins::Compliance::API.server_version_from_config(config).must_be_nil
|
207
|
-
end
|
208
|
-
|
209
|
-
it 'returns nil when the version value is a hash but has no version key inside' do
|
210
|
-
config = { 'version' => {} }
|
211
|
-
InspecPlugins::Compliance::API.server_version_from_config(config).must_be_nil
|
212
|
-
end
|
213
|
-
|
214
|
-
it 'returns the version if the version value is a hash containing a version' do
|
215
|
-
config = { 'version' => { 'version' => '1.2.3' } }
|
216
|
-
InspecPlugins::Compliance::API.server_version_from_config(config).must_equal '1.2.3'
|
217
|
-
end
|
218
|
-
end
|
219
|
-
|
220
|
-
describe 'profile_split' do
|
221
|
-
it 'handles a profile without version' do
|
222
|
-
InspecPlugins::Compliance::API.profile_split('admin/apache-baseline').must_equal ['admin', 'apache-baseline', nil]
|
223
|
-
end
|
224
|
-
|
225
|
-
it 'handles a profile with a version' do
|
226
|
-
InspecPlugins::Compliance::API.profile_split('admin/apache-baseline#2.0.1').must_equal ['admin', 'apache-baseline', '2.0.1']
|
227
|
-
end
|
228
|
-
end
|
229
|
-
|
230
|
-
describe 'target_url' do
|
231
|
-
it 'handles a automate profile with and without version' do
|
232
|
-
config = InspecPlugins::Compliance::Configuration.new
|
233
|
-
config.clean
|
234
|
-
config['server_type'] = 'automate'
|
235
|
-
config['server'] = 'https://myautomate'
|
236
|
-
config['version'] = '1.6.99'
|
237
|
-
InspecPlugins::Compliance::API.target_url(config, 'admin/apache-baseline').must_equal 'https://myautomate/profiles/admin/apache-baseline/tar'
|
238
|
-
InspecPlugins::Compliance::API.target_url(config, 'admin/apache-baseline#2.0.2').must_equal 'https://myautomate/profiles/admin/apache-baseline/version/2.0.2/tar'
|
239
|
-
end
|
240
|
-
|
241
|
-
it 'handles a chef-compliance profile with and without version' do
|
242
|
-
config = InspecPlugins::Compliance::Configuration.new
|
243
|
-
config.clean
|
244
|
-
config['server_type'] = 'compliance'
|
245
|
-
config['server'] = 'https://mychefcompliance'
|
246
|
-
config['version'] = '1.1.2'
|
247
|
-
InspecPlugins::Compliance::API.target_url(config, 'admin/apache-baseline').must_equal 'https://mychefcompliance/owners/admin/compliance/apache-baseline/tar'
|
248
|
-
InspecPlugins::Compliance::API.target_url(config, 'admin/apache-baseline#2.0.2').must_equal 'https://mychefcompliance/owners/admin/compliance/apache-baseline/tar'
|
249
|
-
end
|
250
|
-
end
|
251
|
-
|
252
|
-
describe 'exist?' do
|
253
|
-
it 'works with profiles returned by Automate' do
|
254
|
-
# ruby 2.3.3 has issues running stub_requests properly
|
255
|
-
# skipping for that specific version
|
256
|
-
return if RUBY_VERSION = '2.3.3'
|
257
|
-
|
258
|
-
config = InspecPlugins::Compliance::Configuration.new
|
259
|
-
config.clean
|
260
|
-
config['owner'] = 'admin'
|
261
|
-
config['server_type'] = 'automate'
|
262
|
-
config['server'] = 'https://myautomate'
|
263
|
-
config['version'] = '1.6.99'
|
264
|
-
config['automate'] = { 'ent'=>'automate', 'token_type'=>'dctoken' }
|
265
|
-
config['version'] = { 'api'=> 'compliance', 'version'=>'0.8.24' }
|
266
|
-
|
267
|
-
stub_request(:get, 'https://myautomate/profiles/admin')
|
268
|
-
.with(headers: { 'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'Chef-Delivery-Enterprise'=>'automate', 'User-Agent'=>'Ruby', 'X-Data-Collector-Token'=>'' })
|
269
|
-
.to_return(status: 200, body: profiles_response.to_json, headers: {})
|
270
|
-
|
271
|
-
InspecPlugins::Compliance::API.exist?(config, 'admin/apache-baseline').must_equal true
|
272
|
-
InspecPlugins::Compliance::API.exist?(config, 'admin/apache-baseline#2.0.1').must_equal true
|
273
|
-
InspecPlugins::Compliance::API.exist?(config, 'admin/apache-baseline#2.0.999').must_equal false
|
274
|
-
InspecPlugins::Compliance::API.exist?(config, 'admin/missing-in-action').must_equal false
|
275
|
-
end
|
276
|
-
end
|
277
|
-
|
278
|
-
describe '.determine_server_type' do
|
279
|
-
let(:url) { 'https://someserver.onthe.net/' }
|
280
|
-
|
281
|
-
let(:compliance_endpoint) { '/api/version' }
|
282
|
-
let(:automate_endpoint) { '/compliance/version' }
|
283
|
-
let(:automate2_endpoint) { '/dex/auth' }
|
284
|
-
let(:headers) { nil }
|
285
|
-
let(:insecure) { true }
|
286
|
-
|
287
|
-
let(:good_response) { mock }
|
288
|
-
let(:bad_response) { mock }
|
289
|
-
|
290
|
-
it 'returns `:automate2` when a 400 is received from `https://URL/dex/auth`' do
|
291
|
-
good_response.stubs(:code).returns('400')
|
292
|
-
|
293
|
-
InspecPlugins::Compliance::HTTP.expects(:get)
|
294
|
-
.with(url + automate2_endpoint, headers, insecure)
|
295
|
-
.returns(good_response)
|
296
|
-
|
297
|
-
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:automate2)
|
298
|
-
end
|
299
|
-
|
300
|
-
it 'returns `:automate` when a 401 is received from `https://URL/compliance/version`' do
|
301
|
-
good_response.stubs(:code).returns('401')
|
302
|
-
bad_response.stubs(:code).returns('404')
|
303
|
-
|
304
|
-
InspecPlugins::Compliance::HTTP.expects(:get)
|
305
|
-
.with(url + automate2_endpoint, headers, insecure)
|
306
|
-
.returns(bad_response)
|
307
|
-
InspecPlugins::Compliance::HTTP.expects(:get)
|
308
|
-
.with(url + automate_endpoint, headers, insecure)
|
309
|
-
.returns(good_response)
|
310
|
-
|
311
|
-
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:automate)
|
312
|
-
end
|
313
|
-
|
314
|
-
# Chef Automate currently returns 401 for `/compliance/version` but some
|
315
|
-
# versions of OpsWorks Chef Automate return 200 and a Chef Manage page when
|
316
|
-
# unauthenticated requests are received.
|
317
|
-
it 'returns `:automate` when a 200 is received from `https://URL/compliance/version`' do
|
318
|
-
bad_response.stubs(:code).returns('404')
|
319
|
-
good_response.stubs(:code).returns('200')
|
320
|
-
good_response.stubs(:body).returns('Are You Looking For the Chef Server?')
|
321
|
-
|
322
|
-
InspecPlugins::Compliance::HTTP.expects(:get)
|
323
|
-
.with(url + automate2_endpoint, headers, insecure)
|
324
|
-
.returns(bad_response)
|
325
|
-
InspecPlugins::Compliance::HTTP.expects(:get)
|
326
|
-
.with(url + automate_endpoint, headers, insecure)
|
327
|
-
.returns(good_response)
|
328
|
-
|
329
|
-
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:automate)
|
330
|
-
end
|
331
|
-
|
332
|
-
it 'returns `nil` if a 200 is received from `https://URL/compliance/version` but not redirected to Chef Manage' do
|
333
|
-
bad_response.stubs(:code).returns('200')
|
334
|
-
bad_response.stubs(:body).returns('No Chef Manage here')
|
335
|
-
|
336
|
-
InspecPlugins::Compliance::HTTP.expects(:get)
|
337
|
-
.with(url + automate_endpoint, headers, insecure)
|
338
|
-
.returns(bad_response)
|
339
|
-
InspecPlugins::Compliance::HTTP.expects(:get)
|
340
|
-
.with(url + automate2_endpoint, headers, insecure)
|
341
|
-
.returns(bad_response)
|
342
|
-
|
343
|
-
mock_compliance_response = mock
|
344
|
-
mock_compliance_response.stubs(:code).returns('404')
|
345
|
-
InspecPlugins::Compliance::HTTP.expects(:get)
|
346
|
-
.with(url + compliance_endpoint, headers, insecure)
|
347
|
-
.returns(mock_compliance_response)
|
348
|
-
|
349
|
-
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_be_nil
|
350
|
-
end
|
351
|
-
|
352
|
-
it 'returns `:compliance` when a 200 is received from `https://URL/api/version`' do
|
353
|
-
good_response.stubs(:code).returns('200')
|
354
|
-
bad_response.stubs(:code).returns('404')
|
355
|
-
|
356
|
-
InspecPlugins::Compliance::HTTP.expects(:get)
|
357
|
-
.with(url + automate_endpoint, headers, insecure)
|
358
|
-
.returns(bad_response)
|
359
|
-
InspecPlugins::Compliance::HTTP.expects(:get)
|
360
|
-
.with(url + automate2_endpoint, headers, insecure)
|
361
|
-
.returns(bad_response)
|
362
|
-
InspecPlugins::Compliance::HTTP.expects(:get)
|
363
|
-
.with(url + compliance_endpoint, headers, insecure)
|
364
|
-
.returns(good_response)
|
365
|
-
|
366
|
-
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:compliance)
|
367
|
-
end
|
368
|
-
|
369
|
-
it 'returns `nil` if it cannot determine the server type' do
|
370
|
-
bad_response.stubs(:code).returns('404')
|
371
|
-
|
372
|
-
InspecPlugins::Compliance::HTTP.expects(:get)
|
373
|
-
.with(url + automate2_endpoint, headers, insecure)
|
374
|
-
.returns(bad_response)
|
375
|
-
InspecPlugins::Compliance::HTTP.expects(:get)
|
376
|
-
.with(url + automate_endpoint, headers, insecure)
|
377
|
-
.returns(bad_response)
|
378
|
-
InspecPlugins::Compliance::HTTP.expects(:get)
|
379
|
-
.with(url + compliance_endpoint, headers, insecure)
|
380
|
-
.returns(bad_response)
|
381
|
-
|
382
|
-
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_be_nil
|
383
|
-
end
|
384
|
-
end
|
385
|
-
end
|
@@ -1,155 +0,0 @@
|
|
1
|
-
require 'minitest/autorun'
|
2
|
-
require 'mocha/setup'
|
3
|
-
require_relative '../../lib/inspec-compliance/api.rb'
|
4
|
-
|
5
|
-
describe InspecPlugins::Compliance::Fetcher do
|
6
|
-
let(:config) { { 'server' => 'myserver' } }
|
7
|
-
|
8
|
-
describe 'the check_compliance_token method' do
|
9
|
-
let(:fetcher) { fetcher = InspecPlugins::Compliance::Fetcher.new('a/bad/url', config) }
|
10
|
-
|
11
|
-
it 'returns without error if token is set' do
|
12
|
-
config['token'] = 'my-token'
|
13
|
-
fetcher.class.check_compliance_token('http://test.com', config)
|
14
|
-
end
|
15
|
-
|
16
|
-
it 'returns an error when token is not set' do
|
17
|
-
ex = assert_raises(Inspec::FetcherFailure) { fetcher.class.check_compliance_token('http://test.com', config) }
|
18
|
-
ex.message.must_include "Cannot fetch http://test.com because your compliance token has not been\nconfigured."
|
19
|
-
end
|
20
|
-
end
|
21
|
-
|
22
|
-
describe 'when the server is an automate2 server' do
|
23
|
-
before { InspecPlugins::Compliance::API.expects(:is_automate2_server?).with(config).returns(true) }
|
24
|
-
|
25
|
-
it 'returns the correct owner and profile name' do
|
26
|
-
config['profile'] = ['admin', 'ssh-baseline', nil]
|
27
|
-
fetcher = InspecPlugins::Compliance::Fetcher.new('myserver/profile', config)
|
28
|
-
fetcher.send(:compliance_profile_name).must_equal 'admin/ssh-baseline'
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
describe 'when the server is an automate server pre-0.8.0' do
|
33
|
-
before { InspecPlugins::Compliance::API.expects(:is_automate_server_pre_080?).with(config).returns(true) }
|
34
|
-
|
35
|
-
it 'returns the correct profile name when the url is correct' do
|
36
|
-
fetcher = InspecPlugins::Compliance::Fetcher.new('myserver/myowner/myprofile/tar', config)
|
37
|
-
fetcher.send(:compliance_profile_name).must_equal 'myowner/myprofile'
|
38
|
-
end
|
39
|
-
|
40
|
-
it 'raises an exception if the url is malformed' do
|
41
|
-
fetcher = InspecPlugins::Compliance::Fetcher.new('a/bad/url', config)
|
42
|
-
proc { fetcher.send(:compliance_profile_name) }.must_raise RuntimeError
|
43
|
-
end
|
44
|
-
end
|
45
|
-
|
46
|
-
describe 'when the server is an automate server 0.8.0-or-later' do
|
47
|
-
before do
|
48
|
-
InspecPlugins::Compliance::API.expects(:is_automate_server_pre_080?).with(config).returns(false)
|
49
|
-
InspecPlugins::Compliance::API.expects(:is_automate_server_080_and_later?).with(config).returns(true)
|
50
|
-
end
|
51
|
-
|
52
|
-
it 'returns the correct profile name when the url is correct' do
|
53
|
-
fetcher = InspecPlugins::Compliance::Fetcher.new('myserver/profiles/myowner/myprofile/tar', config)
|
54
|
-
fetcher.send(:compliance_profile_name).must_equal 'myowner/myprofile'
|
55
|
-
end
|
56
|
-
|
57
|
-
it 'raises an exception if the url is malformed' do
|
58
|
-
fetcher = InspecPlugins::Compliance::Fetcher.new('a/bad/url', config)
|
59
|
-
proc { fetcher.send(:compliance_profile_name) }.must_raise RuntimeError
|
60
|
-
end
|
61
|
-
end
|
62
|
-
|
63
|
-
describe 'when the server is not an automate server (likely a compliance server)' do
|
64
|
-
before do
|
65
|
-
InspecPlugins::Compliance::API.expects(:is_automate_server_pre_080?).with(config).returns(false)
|
66
|
-
InspecPlugins::Compliance::API.expects(:is_automate_server_080_and_later?).with(config).returns(false)
|
67
|
-
end
|
68
|
-
|
69
|
-
it 'returns the correct profile name when the url is correct' do
|
70
|
-
fetcher = InspecPlugins::Compliance::Fetcher.new('myserver/owners/myowner/compliance/myprofile/tar', config)
|
71
|
-
fetcher.send(:compliance_profile_name).must_equal 'myowner/myprofile'
|
72
|
-
end
|
73
|
-
|
74
|
-
it 'raises an exception if the url is malformed' do
|
75
|
-
fetcher = InspecPlugins::Compliance::Fetcher.new('a/bad/url', config)
|
76
|
-
proc { fetcher.send(:compliance_profile_name) }.must_raise RuntimeError
|
77
|
-
end
|
78
|
-
end
|
79
|
-
|
80
|
-
describe 'when the server calls an automate profile' do
|
81
|
-
let(:profiles_result) do
|
82
|
-
[{ 'name'=>'ssh-baseline',
|
83
|
-
'title'=>'InSpec Profile',
|
84
|
-
'maintainer'=>'The Authors',
|
85
|
-
'copyright'=>'The Authors',
|
86
|
-
'copyright_email'=>'you@example.com',
|
87
|
-
'license'=>'Apache-2.0',
|
88
|
-
'summary'=>'An InSpec Compliance Profile',
|
89
|
-
'version'=>'0.1.1',
|
90
|
-
'owner'=>'admin',
|
91
|
-
'supports'=>[],
|
92
|
-
'depends'=>[],
|
93
|
-
'sha256'=>'132j1kjdasfasdoaefaewo12312',
|
94
|
-
'groups'=>[],
|
95
|
-
'controls'=>[],
|
96
|
-
'attributes'=>[],
|
97
|
-
'latest_version'=>'' }]
|
98
|
-
end
|
99
|
-
before do
|
100
|
-
InspecPlugins::Compliance::Configuration.expects(:new).returns({ 'token' => '123abc', 'server' => 'https://a2.instance.com' })
|
101
|
-
end
|
102
|
-
|
103
|
-
it 'returns the correct profile name when parsing url' do
|
104
|
-
InspecPlugins::Compliance::API.stubs(:profiles).returns(['success', profiles_result])
|
105
|
-
fetcher = InspecPlugins::Compliance::Fetcher.resolve('compliance://admin/ssh-baseline')
|
106
|
-
assert = ['admin', 'ssh-baseline', nil]
|
107
|
-
fetcher.instance_variable_get(:"@config")['profile'].must_equal assert
|
108
|
-
end
|
109
|
-
|
110
|
-
it 'returns the correct profile name when parsing compliance hash' do
|
111
|
-
InspecPlugins::Compliance::API.stubs(:profiles).returns(['success', profiles_result])
|
112
|
-
hash = {
|
113
|
-
target: 'https://a2.instance.com/api/v0/compliance/tar',
|
114
|
-
compliance: 'admin/ssh-baseline',
|
115
|
-
sha256: '132j1kjdasfasdoaefaewo12312',
|
116
|
-
}
|
117
|
-
fetcher = InspecPlugins::Compliance::Fetcher.resolve(hash)
|
118
|
-
assert = ['admin', 'ssh-baseline', nil]
|
119
|
-
fetcher.instance_variable_get(:"@config")['profile'].must_equal assert
|
120
|
-
end
|
121
|
-
end
|
122
|
-
|
123
|
-
describe 'when the server provides a sha256 in the profiles_result' do
|
124
|
-
let(:profiles_result) do
|
125
|
-
[{ 'name'=>'ssh-baseline',
|
126
|
-
'title'=>'InSpec Profile',
|
127
|
-
'maintainer'=>'The Authors',
|
128
|
-
'copyright'=>'The Authors',
|
129
|
-
'copyright_email'=>'you@example.com',
|
130
|
-
'license'=>'Apache-2.0',
|
131
|
-
'summary'=>'An InSpec Compliance Profile',
|
132
|
-
'version'=>'0.1.1',
|
133
|
-
'owner'=>'admin',
|
134
|
-
'supports'=>[],
|
135
|
-
'depends'=>[],
|
136
|
-
'sha256'=>'132j1kjdasfasdoaefaewo12312',
|
137
|
-
'groups'=>[],
|
138
|
-
'controls'=>[],
|
139
|
-
'attributes'=>[],
|
140
|
-
'latest_version'=>'' }]
|
141
|
-
end
|
142
|
-
|
143
|
-
before do
|
144
|
-
InspecPlugins::Compliance::Configuration.expects(:new).returns({ 'token' => '123abc', 'server' => 'https://a2.instance.com' })
|
145
|
-
end
|
146
|
-
|
147
|
-
it 'contains the upstream_sha256' do
|
148
|
-
InspecPlugins::Compliance::API.stubs(:profiles).returns(['success', profiles_result])
|
149
|
-
prof = profiles_result[0]
|
150
|
-
target = "compliance://#{prof['owner']}/#{prof['name']}"
|
151
|
-
fetcher = InspecPlugins::Compliance::Fetcher.resolve(target)
|
152
|
-
fetcher.upstream_sha256.must_equal prof['sha256']
|
153
|
-
end
|
154
|
-
end
|
155
|
-
end
|