inspec-core 4.3.2 → 4.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +139 -140
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
@@ -1,12 +1,12 @@
|
|
1
|
-
|
1
|
+
require "inspec/resources/json"
|
2
2
|
|
3
3
|
# Parses a csv document
|
4
4
|
# This implementation was inspired by a blog post
|
5
5
|
# @see http://technicalpickles.com/posts/parsing-csv-with-ruby
|
6
6
|
module Inspec::Resources
|
7
7
|
class CsvConfig < JsonConfig
|
8
|
-
name
|
9
|
-
desc
|
8
|
+
name "csv"
|
9
|
+
desc "Use the csv InSpec audit resource to test configuration data in a CSV file."
|
10
10
|
example <<~EXAMPLE
|
11
11
|
describe csv('example.csv') do
|
12
12
|
its('name') { should eq(['John', 'Alice']) }
|
@@ -20,7 +20,7 @@ module Inspec::Resources
|
|
20
20
|
# { 'name' => 'row2', 'col1' => 'value3', 'col2' => 'value4' }
|
21
21
|
# ]
|
22
22
|
def parse(content)
|
23
|
-
require
|
23
|
+
require "csv"
|
24
24
|
|
25
25
|
# convert empty field to nil
|
26
26
|
CSV::Converters[:blank_to_nil] = lambda do |field|
|
@@ -50,7 +50,7 @@ module Inspec::Resources
|
|
50
50
|
# used by JsonConfig to build up a full to_s method
|
51
51
|
# based on whether a file path, content, or command was supplied.
|
52
52
|
def resource_base_name
|
53
|
-
|
53
|
+
"CSV"
|
54
54
|
end
|
55
55
|
end
|
56
56
|
end
|
@@ -1,11 +1,9 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require 'openssl'
|
4
|
-
require 'utils/file_reader'
|
1
|
+
require "openssl"
|
2
|
+
require "inspec/utils/file_reader"
|
5
3
|
|
6
4
|
class DhParams < Inspec.resource(1)
|
7
|
-
name
|
8
|
-
supports platform:
|
5
|
+
name "dh_params"
|
6
|
+
supports platform: "unix"
|
9
7
|
desc '
|
10
8
|
Use the `dh_params` InSpec audit resource to test Diffie-Hellman (DH)
|
11
9
|
parameters.
|
@@ -44,7 +42,7 @@ class DhParams < Inspec.resource(1)
|
|
44
42
|
# its('modulus') { should eq '00:91:a0:15:89:e5:bc:38:93:12:02:fc:...' }
|
45
43
|
def modulus
|
46
44
|
return if @dh_params.nil?
|
47
|
-
|
45
|
+
"00:" + @dh_params.p.to_s(16).downcase.scan(/.{2}/).join(":")
|
48
46
|
end
|
49
47
|
|
50
48
|
# its('pem') { should eq '-----BEGIN DH PARAMETERS...' }
|
@@ -1,13 +1,11 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require 'resources/file'
|
1
|
+
require "inspec/resources/file"
|
4
2
|
|
5
3
|
module Inspec::Resources
|
6
4
|
class Directory < FileResource
|
7
|
-
name
|
8
|
-
supports platform:
|
9
|
-
supports platform:
|
10
|
-
desc
|
5
|
+
name "directory"
|
6
|
+
supports platform: "unix"
|
7
|
+
supports platform: "windows"
|
8
|
+
desc "Use the directory InSpec audit resource to test if the file type is a directory. This is equivalent to using the file InSpec audit resource and the be_directory matcher, but provides a simpler and more direct way to test directories. All of the matchers available to file may be used with directory."
|
11
9
|
example <<~EXAMPLE
|
12
10
|
describe directory('path') do
|
13
11
|
it { should be_directory }
|
@@ -1,31 +1,31 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
#
|
3
2
|
# Copyright 2017, Christoph Hartmann
|
4
3
|
#
|
5
4
|
|
6
|
-
require
|
7
|
-
require
|
5
|
+
require "inspec/resources/command"
|
6
|
+
require "inspec/utils/filter"
|
7
|
+
require "hashie/mash"
|
8
8
|
|
9
9
|
module Inspec::Resources
|
10
10
|
class DockerContainerFilter
|
11
11
|
# use filtertable for containers
|
12
12
|
filter = FilterTable.create
|
13
13
|
filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
|
14
|
-
filter.register_column(:commands, field:
|
15
|
-
.register_column(:ids, field:
|
16
|
-
.register_column(:images, field:
|
17
|
-
.register_column(:labels, field:
|
18
|
-
.register_column(:local_volumes, field:
|
19
|
-
.register_column(:mounts, field:
|
20
|
-
.register_column(:names, field:
|
21
|
-
.register_column(:networks, field:
|
22
|
-
.register_column(:ports, field:
|
23
|
-
.register_column(:running_for, field:
|
24
|
-
.register_column(:sizes, field:
|
25
|
-
.register_column(:status, field:
|
26
|
-
.register_custom_matcher(:running?)
|
27
|
-
x.where { status.downcase.start_with?(
|
28
|
-
|
14
|
+
filter.register_column(:commands, field: "command")
|
15
|
+
.register_column(:ids, field: "id")
|
16
|
+
.register_column(:images, field: "image")
|
17
|
+
.register_column(:labels, field: "labels", style: :simple)
|
18
|
+
.register_column(:local_volumes, field: "localvolumes")
|
19
|
+
.register_column(:mounts, field: "mounts")
|
20
|
+
.register_column(:names, field: "names")
|
21
|
+
.register_column(:networks, field: "networks")
|
22
|
+
.register_column(:ports, field: "ports")
|
23
|
+
.register_column(:running_for, field: "runningfor")
|
24
|
+
.register_column(:sizes, field: "size")
|
25
|
+
.register_column(:status, field: "status")
|
26
|
+
.register_custom_matcher(:running?) do |x|
|
27
|
+
x.where { status.downcase.start_with?("up") }
|
28
|
+
end
|
29
29
|
filter.install_filter_methods_on_resource(self, :containers)
|
30
30
|
|
31
31
|
attr_reader :containers
|
@@ -37,13 +37,13 @@ module Inspec::Resources
|
|
37
37
|
class DockerImageFilter
|
38
38
|
filter = FilterTable.create
|
39
39
|
filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
|
40
|
-
filter.register_column(:ids, field:
|
41
|
-
.register_column(:repositories, field:
|
42
|
-
.register_column(:tags, field:
|
43
|
-
.register_column(:sizes, field:
|
44
|
-
.register_column(:digests, field:
|
45
|
-
.register_column(:created, field:
|
46
|
-
.register_column(:created_since, field:
|
40
|
+
filter.register_column(:ids, field: "id")
|
41
|
+
.register_column(:repositories, field: "repository")
|
42
|
+
.register_column(:tags, field: "tag")
|
43
|
+
.register_column(:sizes, field: "size")
|
44
|
+
.register_column(:digests, field: "digest")
|
45
|
+
.register_column(:created, field: "createdat")
|
46
|
+
.register_column(:created_since, field: "createdsize")
|
47
47
|
filter.install_filter_methods_on_resource(self, :images)
|
48
48
|
|
49
49
|
attr_reader :images
|
@@ -54,10 +54,10 @@ module Inspec::Resources
|
|
54
54
|
|
55
55
|
class DockerPluginFilter
|
56
56
|
filter = FilterTable.create
|
57
|
-
filter.add(:ids, field:
|
58
|
-
.add(:names, field:
|
59
|
-
.add(:versions, field:
|
60
|
-
.add(:enabled, field:
|
57
|
+
filter.add(:ids, field: "id")
|
58
|
+
.add(:names, field: "name")
|
59
|
+
.add(:versions, field: "version")
|
60
|
+
.add(:enabled, field: "enabled")
|
61
61
|
filter.connect(self, :plugins)
|
62
62
|
|
63
63
|
attr_reader :plugins
|
@@ -69,12 +69,12 @@ module Inspec::Resources
|
|
69
69
|
class DockerServiceFilter
|
70
70
|
filter = FilterTable.create
|
71
71
|
filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
|
72
|
-
filter.register_column(:ids, field:
|
73
|
-
.register_column(:names, field:
|
74
|
-
.register_column(:modes, field:
|
75
|
-
.register_column(:replicas, field:
|
76
|
-
.register_column(:images, field:
|
77
|
-
.register_column(:ports, field:
|
72
|
+
filter.register_column(:ids, field: "id")
|
73
|
+
.register_column(:names, field: "name")
|
74
|
+
.register_column(:modes, field: "mode")
|
75
|
+
.register_column(:replicas, field: "replicas")
|
76
|
+
.register_column(:images, field: "image")
|
77
|
+
.register_column(:ports, field: "ports")
|
78
78
|
filter.install_filter_methods_on_resource(self, :services)
|
79
79
|
|
80
80
|
attr_reader :services
|
@@ -88,8 +88,8 @@ module Inspec::Resources
|
|
88
88
|
# - docker_container
|
89
89
|
# - docker_image
|
90
90
|
class Docker < Inspec.resource(1)
|
91
|
-
name
|
92
|
-
supports platform:
|
91
|
+
name "docker"
|
92
|
+
supports platform: "unix"
|
93
93
|
desc "
|
94
94
|
A resource to retrieve information about docker
|
95
95
|
"
|
@@ -148,22 +148,22 @@ module Inspec::Resources
|
|
148
148
|
def version
|
149
149
|
return @version if defined?(@version)
|
150
150
|
data = {}
|
151
|
-
cmd = inspec.command(
|
151
|
+
cmd = inspec.command("docker version --format '{{ json . }}'")
|
152
152
|
data = JSON.parse(cmd.stdout) if cmd.exit_status == 0
|
153
153
|
@version = Hashie::Mash.new(data)
|
154
154
|
rescue JSON::ParserError => _e
|
155
|
-
|
155
|
+
Hashie::Mash.new({})
|
156
156
|
end
|
157
157
|
|
158
158
|
def info
|
159
159
|
return @info if defined?(@info)
|
160
160
|
data = {}
|
161
161
|
# docke info format is only supported for Docker 17.03+
|
162
|
-
cmd = inspec.command(
|
162
|
+
cmd = inspec.command("docker info --format '{{ json . }}'")
|
163
163
|
data = JSON.parse(cmd.stdout) if cmd.exit_status == 0
|
164
164
|
@info = Hashie::Mash.new(data)
|
165
165
|
rescue JSON::ParserError => _e
|
166
|
-
|
166
|
+
Hashie::Mash.new({})
|
167
167
|
end
|
168
168
|
|
169
169
|
# returns information about docker objects
|
@@ -173,11 +173,11 @@ module Inspec::Resources
|
|
173
173
|
data = data[0] if data.is_a?(Array)
|
174
174
|
@inspect = Hashie::Mash.new(data)
|
175
175
|
rescue JSON::ParserError => _e
|
176
|
-
|
176
|
+
Hashie::Mash.new({})
|
177
177
|
end
|
178
178
|
|
179
179
|
def to_s
|
180
|
-
|
180
|
+
"Docker Host"
|
181
181
|
end
|
182
182
|
|
183
183
|
private
|
@@ -188,11 +188,11 @@ module Inspec::Resources
|
|
188
188
|
raw = inspec.command("docker #{subcommand} --format '{#{format.join(', ')}}'").stdout
|
189
189
|
output = []
|
190
190
|
# since docker is not outputting valid json, we need to parse each row
|
191
|
-
raw.each_line
|
191
|
+
raw.each_line do |entry|
|
192
192
|
# convert all keys to lower_case to work well with ruby and filter table
|
193
|
-
row = JSON.parse(entry).map
|
193
|
+
row = JSON.parse(entry).map do |key, value|
|
194
194
|
[key.downcase, value]
|
195
|
-
|
195
|
+
end.to_h
|
196
196
|
|
197
197
|
# ensure all keys are there
|
198
198
|
row = ensure_keys(row, labels)
|
@@ -201,16 +201,16 @@ module Inspec::Resources
|
|
201
201
|
# Depending on how it was linked, the actual container name may come before
|
202
202
|
# or after the link information, so we'll just look for the first name that
|
203
203
|
# does not include a slash since that is not a valid character in a container name
|
204
|
-
if row[
|
205
|
-
row[
|
204
|
+
if row["names"]
|
205
|
+
row["names"] = row["names"].split(",").find { |c| !c.include?("/") }
|
206
206
|
end
|
207
207
|
|
208
208
|
# Split labels on ',' or set to empty array
|
209
209
|
# Allows for `docker.containers.where { labels.include?('app=redis') }`
|
210
|
-
row[
|
210
|
+
row["labels"] = row.key?("labels") ? row["labels"].split(",") : []
|
211
211
|
|
212
212
|
output.push(row)
|
213
|
-
|
213
|
+
end
|
214
214
|
|
215
215
|
output
|
216
216
|
rescue JSON::ParserError => _e
|
@@ -225,21 +225,21 @@ module Inspec::Resources
|
|
225
225
|
labels = %w{Command CreatedAt ID Image Labels Mounts Names Ports RunningFor Size Status}
|
226
226
|
|
227
227
|
# Networks LocalVolumes work with 1.13+ only
|
228
|
-
if !version.empty? && Gem::Version.new(version[
|
229
|
-
labels.push(
|
230
|
-
labels.push(
|
228
|
+
if !version.empty? && Gem::Version.new(version["Client"]["Version"]) >= Gem::Version.new("1.13")
|
229
|
+
labels.push("Networks")
|
230
|
+
labels.push("LocalVolumes")
|
231
231
|
end
|
232
|
-
parse_json_command(labels,
|
232
|
+
parse_json_command(labels, "ps -a --no-trunc")
|
233
233
|
end
|
234
234
|
|
235
235
|
def parse_services
|
236
|
-
parse_json_command(%w{ID Name Mode Replicas Image Ports},
|
236
|
+
parse_json_command(%w{ID Name Mode Replicas Image Ports}, "service ls")
|
237
237
|
end
|
238
238
|
|
239
239
|
def ensure_keys(entry, labels)
|
240
|
-
labels.each
|
240
|
+
labels.each do |key|
|
241
241
|
entry[key.downcase] = nil if !entry.key?(key.downcase)
|
242
|
-
|
242
|
+
end
|
243
243
|
entry
|
244
244
|
end
|
245
245
|
|
@@ -247,24 +247,24 @@ module Inspec::Resources
|
|
247
247
|
# docker does not support the `json .` function here, therefore we need to emulate that behavior.
|
248
248
|
raw_images = inspec.command('docker images -a --no-trunc --format \'{ "id": {{json .ID}}, "repository": {{json .Repository}}, "tag": {{json .Tag}}, "size": {{json .Size}}, "digest": {{json .Digest}}, "createdat": {{json .CreatedAt}}, "createdsize": {{json .CreatedSince}} }\'').stdout
|
249
249
|
c_images = []
|
250
|
-
raw_images.each_line
|
250
|
+
raw_images.each_line do |entry|
|
251
251
|
c_images.push(JSON.parse(entry))
|
252
|
-
|
252
|
+
end
|
253
253
|
c_images
|
254
254
|
rescue JSON::ParserError => _e
|
255
|
-
warn
|
255
|
+
warn "Could not parse `docker images` output"
|
256
256
|
[]
|
257
257
|
end
|
258
258
|
|
259
259
|
def parse_plugins
|
260
260
|
plugins = inspec.command('docker plugin ls --format \'{"id": {{json .ID}}, "name": "{{ with split .Name ":"}}{{index . 0}}{{end}}", "version": "{{ with split .Name ":"}}{{index . 1}}{{end}}", "enabled": {{json .Enabled}} }\'').stdout
|
261
261
|
c_plugins = []
|
262
|
-
plugins.each_line
|
262
|
+
plugins.each_line do |entry|
|
263
263
|
c_plugins.push(JSON.parse(entry))
|
264
|
-
|
264
|
+
end
|
265
265
|
c_plugins
|
266
266
|
rescue JSON::ParserError => _e
|
267
|
-
warn
|
267
|
+
warn "Could not parse `docker plugin ls` output"
|
268
268
|
[]
|
269
269
|
end
|
270
270
|
end
|
@@ -1,16 +1,16 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
#
|
3
2
|
# Copyright 2017, Christoph Hartmann
|
4
3
|
|
5
|
-
|
4
|
+
require "inspec/resources/docker"
|
5
|
+
require_relative "docker_object"
|
6
6
|
|
7
7
|
module Inspec::Resources
|
8
8
|
class DockerContainer < Inspec.resource(1)
|
9
9
|
include Inspec::Resources::DockerObject
|
10
10
|
|
11
|
-
name
|
12
|
-
supports platform:
|
13
|
-
desc
|
11
|
+
name "docker_container"
|
12
|
+
supports platform: "unix"
|
13
|
+
desc ""
|
14
14
|
example <<~EXAMPLE
|
15
15
|
describe docker_container('an-echo-server') do
|
16
16
|
it { should exist }
|
@@ -40,7 +40,7 @@ module Inspec::Resources
|
|
40
40
|
end
|
41
41
|
|
42
42
|
def running?
|
43
|
-
status.downcase.start_with?(
|
43
|
+
status.downcase.start_with?("up") if object_info.entries.length == 1
|
44
44
|
end
|
45
45
|
|
46
46
|
def status
|
@@ -1,16 +1,16 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
#
|
3
2
|
# Copyright 2017, Christoph Hartmann
|
4
3
|
|
5
|
-
|
4
|
+
require "inspec/resources/docker"
|
5
|
+
require_relative "docker_object"
|
6
6
|
|
7
7
|
module Inspec::Resources
|
8
8
|
class DockerImage < Inspec.resource(1)
|
9
9
|
include Inspec::Resources::DockerObject
|
10
10
|
|
11
|
-
name
|
12
|
-
supports platform:
|
13
|
-
desc
|
11
|
+
name "docker_image"
|
12
|
+
supports platform: "unix"
|
13
|
+
desc ""
|
14
14
|
example <<~EXAMPLE
|
15
15
|
describe docker_image('alpine:latest') do
|
16
16
|
it { should exist }
|
@@ -59,11 +59,11 @@ module Inspec::Resources
|
|
59
59
|
opts.merge!(parse_components_from_image(opts[:image]))
|
60
60
|
|
61
61
|
# assume a "latest" tag if we don't have one
|
62
|
-
opts[:tag] ||=
|
62
|
+
opts[:tag] ||= "latest"
|
63
63
|
|
64
64
|
# if the ID isn't nil and doesn't contain a hash indicator (indicated by the presence
|
65
65
|
# of a colon, which separates the indicator from the actual hash), we assume it's sha256.
|
66
|
-
opts[:id] =
|
66
|
+
opts[:id] = "sha256:" + opts[:id] unless opts[:id].nil? || opts[:id].include?(":")
|
67
67
|
|
68
68
|
# Assemble/reassemble the image from the repo and tag
|
69
69
|
opts[:image] = "#{opts[:repo]}:#{opts[:tag]}" unless opts[:repo].nil?
|
@@ -75,9 +75,9 @@ module Inspec::Resources
|
|
75
75
|
def object_info
|
76
76
|
return @info if defined?(@info)
|
77
77
|
opts = @opts
|
78
|
-
@info = inspec.docker.images.where
|
78
|
+
@info = inspec.docker.images.where do
|
79
79
|
(repository == opts[:repo] && tag == opts[:tag]) || (!id.nil? && !opts[:id].nil? && (id == opts[:id] || id.start_with?(opts[:id])))
|
80
|
-
|
80
|
+
end
|
81
81
|
end
|
82
82
|
end
|
83
83
|
end
|
@@ -1,11 +1,6 @@
|
|
1
|
-
# encoding: utf-8
|
2
1
|
#
|
3
2
|
# Copyright 2017, Christoph Hartmann
|
4
3
|
#
|
5
|
-
# author: Christoph Hartmann
|
6
|
-
# author: Patrick Muench
|
7
|
-
# author: Dominik Richter
|
8
|
-
# author: Matt Kulka
|
9
4
|
|
10
5
|
module Inspec::Resources::DockerObject
|
11
6
|
def exist?
|
@@ -23,30 +18,30 @@ module Inspec::Resources::DockerObject
|
|
23
18
|
# option parameters, such as repo and tag. Return empty data back to the caller.
|
24
19
|
return {} if image_string.nil?
|
25
20
|
|
26
|
-
first_colon = image_string.index(
|
27
|
-
first_slash = image_string.index(
|
21
|
+
first_colon = image_string.index(":") || -1
|
22
|
+
first_slash = image_string.index("/") || -1
|
28
23
|
|
29
|
-
if image_string.count(
|
24
|
+
if image_string.count(":") == 2
|
30
25
|
# If there are two colons in the image string, it contains a repo-with-port and a tag.
|
31
26
|
# example: localhost:5000/chef/inspec:1.46.3
|
32
|
-
partitioned_string = image_string.rpartition(
|
27
|
+
partitioned_string = image_string.rpartition(":")
|
33
28
|
repo = partitioned_string.first
|
34
29
|
tag = partitioned_string.last
|
35
|
-
image_name = repo.split(
|
36
|
-
elsif image_string.count(
|
30
|
+
image_name = repo.split("/")[1..-1].join
|
31
|
+
elsif image_string.count(":") == 1 && first_colon < first_slash
|
37
32
|
# If there's one colon in the image string, and it comes before a forward-slash,
|
38
33
|
# it contains a repo-with-port but no tag.
|
39
34
|
# example: localhost:5000/ubuntu
|
40
35
|
repo = image_string
|
41
36
|
tag = nil
|
42
|
-
image_name = repo.split(
|
37
|
+
image_name = repo.split("/")[1..-1].join
|
43
38
|
else
|
44
39
|
# If there's one colon in the image string and it doesn't preceed a slash, or if
|
45
40
|
# there is no colon at all, then it separates the repo from the tag, if there is a tag.
|
46
41
|
# example: chef/inspec:1.46.3
|
47
42
|
# example: chef/inspec
|
48
43
|
# example: ubuntu:14.04
|
49
|
-
repo, tag = image_string.split(
|
44
|
+
repo, tag = image_string.split(":")
|
50
45
|
image_name = repo
|
51
46
|
end
|
52
47
|
|