inspec-core 4.3.2 → 4.6.3

data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb

@@ -1,16 +1,18 @@
-# encoding: utf-8
+require "inspec/dist"
 
-require_relative 'api'
+require_relative "api"
 
 module InspecPlugins
   module Compliance
     class CLI < Inspec.plugin(2, :cli_command)
-      subcommand_desc 'compliance SUBCOMMAND', 'Chef Compliance commands'
+      include Inspec::Dist
+
+      subcommand_desc "compliance SUBCOMMAND", "#{COMPLIANCE_PRODUCT_NAME} commands"
 
       # desc "login https://SERVER --insecure --user='USER' --ent='ENTERPRISE' --token='TOKEN'", 'Log in to a Chef Compliance/Chef Automate SERVER'
-      desc 'login', 'Log in to a Chef Compliance/Chef Automate SERVER'
+      desc "login", "Log in to a #{COMPLIANCE_PRODUCT_NAME}/#{AUTOMATE_PRODUCT_NAME} SERVER"
       long_desc <<-LONGDESC
-        `login` allows you to use InSpec with Chef Automate or a Chef Compliance Server
+        `login` allows you to use InSpec with #{AUTOMATE_PRODUCT_NAME} or a #{COMPLIANCE_PRODUCT_NAME} Server
 
         You need to a token for communication. More information about token retrieval
         is available at:
@@ -20,54 +22,54 @@ module InspecPlugins
       option :insecure, aliases: :k, type: :boolean,
         desc: 'Explicitly allows InSpec to perform "insecure" SSL connections and transfers'
       option :user, type: :string, required: false,
-        desc: 'Username'
+        desc: "Username"
       option :password, type: :string, required: false,
-        desc: 'Password (Chef Compliance Only)'
+        desc: "Password (#{COMPLIANCE_PRODUCT_NAME} Only)"
       option :token, type: :string, required: false,
-        desc: 'Access token'
+        desc: "Access token"
       option :refresh_token, type: :string, required: false,
-        desc: 'Chef Compliance refresh token (Chef Compliance Only)'
+        desc: "#{COMPLIANCE_PRODUCT_NAME} refresh token (#{COMPLIANCE_PRODUCT_NAME} Only)"
       option :dctoken, type: :string, required: false,
-        desc: 'Data Collector token (Chef Automate Only)'
+        desc: "Data Collector token (#{AUTOMATE_PRODUCT_NAME} Only)"
       option :ent, type: :string, required: false,
-        desc: 'Enterprise for Chef Automate reporting (Chef Automate Only)'
+        desc: "Enterprise for #{AUTOMATE_PRODUCT_NAME} reporting (#{AUTOMATE_PRODUCT_NAME} Only)"
       def login(server)
-        options['server'] = server
+        options["server"] = server
         InspecPlugins::Compliance::API.login(options)
         config = InspecPlugins::Compliance::Configuration.new
         puts "Stored configuration for Chef #{config['server_type'].capitalize}: #{config['server']}' with user: '#{config['user']}'"
       end
 
-      desc 'profiles', 'list all available profiles in Chef Compliance'
+      desc "profiles", "list all available profiles in #{COMPLIANCE_PRODUCT_NAME}"
       option :owner, type: :string, required: false,
-        desc: 'owner whose profiles to list'
+        desc: "owner whose profiles to list"
       def profiles
         config = InspecPlugins::Compliance::Configuration.new
         return if !loggedin(config)
 
         # set owner to config
-        config['owner'] = options['owner'] || config['user']
+        config["owner"] = options["owner"] || config["user"]
 
         msg, profiles = InspecPlugins::Compliance::API.profiles(config)
-        profiles.sort_by! { |hsh| hsh['title'] }
+        profiles.sort_by! { |hsh| hsh["title"] }
         if !profiles.empty?
           # iterate over profiles
-          headline('Available profiles:')
-          profiles.each { |profile|
-            owner = profile['owner_id'] || profile['owner']
+          headline("Available profiles:")
+          profiles.each do |profile|
+            owner = profile["owner_id"] || profile["owner"]
             li("#{profile['title']} v#{profile['version']} (#{mark_text(owner + '/' + profile['name'])})")
-          }
+          end
         else
-          puts msg if msg != 'success'
-          puts 'Could not find any profiles'
+          puts msg if msg != "success"
+          puts "Could not find any profiles"
           exit 1
         end
       rescue InspecPlugins::Compliance::ServerConfigurationMissing
-        STDERR.puts "\nServer configuration information is missing. Please login using `inspec compliance login`"
+        $stderr.puts "\nServer configuration information is missing. Please login using `#{EXEC_NAME} compliance login`"
         exit 1
       end
 
-      desc 'exec PROFILE', 'executes a Chef Compliance profile'
+      desc "exec PROFILE", "executes a #{COMPLIANCE_PRODUCT_NAME} profile"
       exec_options
       def exec(*tests)
         config = InspecPlugins::Compliance::Configuration.new
@@ -77,7 +79,7 @@ module InspecPlugins
         configure_logger(o)
 
         # iterate over tests and add compliance scheme
-        tests = tests.map { |t| 'compliance://' + InspecPlugins::Compliance::API.sanitize_profile_name(t) }
+        tests = tests.map { |t| "compliance://" + InspecPlugins::Compliance::API.sanitize_profile_name(t) }
 
         runner = Inspec::Runner.new(o)
         tests.each { |target| runner.add_target(target) }
@@ -88,9 +90,9 @@ module InspecPlugins
         exit 1
       end
 
-      desc 'download PROFILE', 'downloads a profile from Chef Compliance'
+      desc "download PROFILE", "downloads a profile from #{COMPLIANCE_PRODUCT_NAME}"
       option :name, type: :string,
-        desc: 'Name of the archive filename (file type will be added)'
+        desc: "Name of the archive filename (file type will be added)"
       def download(profile_name)
         o = options.dup
         configure_logger(o)
@@ -105,30 +107,30 @@ module InspecPlugins
           fetcher = InspecPlugins::Compliance::Fetcher.resolve(
             {
               compliance: profile_name,
-            },
+            }
           )
 
           # we provide a name, the fetcher adds the extension
-          _owner, id = profile_name.split('/')
+          _owner, id = profile_name.split("/")
           file_name = fetcher.fetch(o.name || id)
           puts "Profile stored to #{file_name}"
         else
-          puts "Profile #{profile_name} is not available in Chef Compliance."
+          puts "Profile #{profile_name} is not available in #{COMPLIANCE_PRODUCT_NAME}."
           exit 1
         end
       end
 
-      desc 'upload PATH', 'uploads a local profile to Chef Compliance'
+      desc "upload PATH", "uploads a local profile to #{COMPLIANCE_PRODUCT_NAME}"
       option :overwrite, type: :boolean, default: false,
-        desc: 'Overwrite existing profile on Server.'
+        desc: "Overwrite existing profile on Server."
       option :owner, type: :string, required: false,
-        desc: 'Owner that should own the profile'
+        desc: "Owner that should own the profile"
       def upload(path) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, PerceivedComplexity, Metrics/CyclomaticComplexity
         config = InspecPlugins::Compliance::Configuration.new
         return if !loggedin(config)
 
         # set owner to config
-        config['owner'] = options['owner'] || config['user']
+        config["owner"] = options["owner"] || config["user"]
 
         unless File.exist?(path)
           puts "Directory #{path} does not exist."
@@ -157,14 +159,14 @@ module InspecPlugins
 
         result = profile.check
         unless result[:summary][:valid]
-          error.call('Profile check failed. Please fix the profile before upload.')
+          error.call("Profile check failed. Please fix the profile before upload.")
         else
-          puts('Profile is valid')
+          puts("Profile is valid")
         end
 
         # determine user information
-        if (config['token'].nil? && config['refresh_token'].nil?) || config['user'].nil?
-          error.call('Please login via `inspec compliance login`')
+        if (config["token"].nil? && config["refresh_token"].nil?) || config["user"].nil?
+          error.call("Please login via `#{EXEC_NAME} compliance login`")
         end
 
         # read profile name from inspec.yml
@@ -175,8 +177,8 @@ module InspecPlugins
 
         # check that the profile is not uploaded already,
         # confirm upload to the user (overwrite with --force)
-        if InspecPlugins::Compliance::API.exist?(config, "#{config['owner']}/#{profile_name}##{profile_version}") && !options['overwrite']
-          error.call('Profile exists on the server, use --overwrite')
+        if InspecPlugins::Compliance::API.exist?(config, "#{config['owner']}/#{profile_name}##{profile_version}") && !options["overwrite"]
+          error.call("Profile exists on the server, use --overwrite")
         end
 
         # abort if we found an error
@@ -189,7 +191,7 @@ module InspecPlugins
         generated = false
         if File.directory?(path)
           generated = true
-          archive_path = Dir::Tmpname.create([profile_name, '.tar.gz']) {}
+          archive_path = Dir::Tmpname.create([profile_name, ".tar.gz"]) {}
           puts "Generate temporary profile archive at #{archive_path}"
           profile.archive({ output: archive_path, ignore_errors: false, overwrite: true })
         else
@@ -200,62 +202,62 @@ module InspecPlugins
         pname = ERB::Util.url_encode(profile_name)
 
         if InspecPlugins::Compliance::API.is_automate_server?(config) || InspecPlugins::Compliance::API.is_automate2_server?(config)
-          puts 'Uploading to Chef Automate'
+          puts "Uploading to #{AUTOMATE_PRODUCT_NAME}"
         else
-          puts 'Uploading to Chef Compliance'
+          puts "Uploading to #{COMPLIANCE_PRODUCT_NAME}"
         end
-        success, msg = InspecPlugins::Compliance::API.upload(config, config['owner'], pname, archive_path)
+        success, msg = InspecPlugins::Compliance::API.upload(config, config["owner"], pname, archive_path)
 
         # delete temp file if it was temporary generated
         File.delete(archive_path) if generated && File.exist?(archive_path)
 
         if success
-          puts 'Successfully uploaded profile'
+          puts "Successfully uploaded profile"
         else
-          puts 'Error during profile upload:'
+          puts "Error during profile upload:"
           puts msg
           exit 1
         end
       end
 
-      desc 'version', 'displays the version of the Chef Compliance server'
+      desc "version", "displays the version of the #{COMPLIANCE_PRODUCT_NAME} server"
       def version
         config = InspecPlugins::Compliance::Configuration.new
         info = InspecPlugins::Compliance::API.version(config)
-        if !info.nil? && info['version']
+        if !info.nil? && info["version"]
           puts "Name:    #{info['api']}"
           puts "Version: #{info['version']}"
         else
-          puts 'Could not determine server version.'
+          puts "Could not determine server version."
           exit 1
         end
       rescue InspecPlugins::Compliance::ServerConfigurationMissing
-        puts "\nServer configuration information is missing. Please login using `inspec compliance login`"
+        puts "\nServer configuration information is missing. Please login using `#{EXEC_NAME} compliance login`"
         exit 1
       end
 
-      desc 'logout', 'user logout from Chef Compliance'
+      desc "logout", "user logout from #{COMPLIANCE_PRODUCT_NAME}"
       def logout
         config = InspecPlugins::Compliance::Configuration.new
-        unless config.supported?(:oidc) || config['token'].nil? || config['server_type'] == 'automate'
+        unless config.supported?(:oidc) || config["token"].nil? || config["server_type"] == "automate"
           config = InspecPlugins::Compliance::Configuration.new
           url = "#{config['server']}/logout"
-          InspecPlugins::Compliance::HTTP.post(url, config['token'], config['insecure'], !config.supported?(:oidc))
+          InspecPlugins::Compliance::HTTP.post(url, config["token"], config["insecure"], !config.supported?(:oidc))
         end
         success = config.destroy
 
         if success
-          puts 'Successfully logged out'
+          puts "Successfully logged out"
         else
-          puts 'Could not log out'
+          puts "Could not log out"
         end
       end
 
       private
 
       def loggedin(config)
-        serverknown = !config['server'].nil?
-        puts 'You need to login first with `inspec compliance login`' if !serverknown
+        serverknown = !config["server"].nil?
+        puts "You need to login first with `#{EXEC_NAME} compliance login`" if !serverknown
         serverknown
       end
     end

data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb

@@ -1,17 +1,17 @@
-# encoding: utf-8
+require "inspec/globals"
 
 module InspecPlugins
   module Compliance
     # stores configuration on local filesystem
     class Configuration
       def initialize
-        @config_path = File.join(Inspec.config_dir, 'compliance')
+        @config_path = File.join(Inspec.config_dir, "compliance")
         # ensure the directory is available
         unless File.directory?(@config_path)
           FileUtils.mkdir_p(@config_path)
         end
         # set config file path
-        @config_file = File.join(@config_path, '/config.json')
+        @config_file = File.join(@config_path, "/config.json")
         @config = {}
 
         # load the data
@@ -46,7 +46,7 @@ module InspecPlugins
 
       # stores a hash to json
       def store
-        File.open(@config_file, 'w') do |f|
+        File.open(@config_file, "w") do |f|
           f.chmod(0600)
           f.write(@config.to_json)
         end
@@ -66,13 +66,13 @@ module InspecPlugins
         sup = version_with_support(feature)
 
         # we do not know the version, therefore we do not know if its possible to use the feature
-        return if self['version'].nil? || self['version']['version'].nil?
+        return if self["version"].nil? || self["version"]["version"].nil?
 
         if sup.is_a?(Array)
-          Gem::Version.new(self['version']['version']) >= sup[0] &&
-            Gem::Version.new(self['version']['version']) < sup[1]
+          Gem::Version.new(self["version"]["version"]) >= sup[0] &&
+            Gem::Version.new(self["version"]["version"]) < sup[1]
         else
-          Gem::Version.new(self['version']['version']) >= sup
+          Gem::Version.new(self["version"]["version"]) >= sup
         end
       end
 
@@ -81,7 +81,7 @@ module InspecPlugins
         return if supported?(feature)
 
         puts "This feature (#{feature}) is not available for legacy installations."
-        puts 'Please upgrade to a recent version of Chef Compliance.'
+        puts "Please upgrade to a recent version of Chef Compliance."
         exit 1
       end
 
@@ -93,9 +93,9 @@ module InspecPlugins
       def version_with_support(feature)
         case feature.to_sym
         when :oidc
-          Gem::Version.new('0.16.19')
+          Gem::Version.new("0.16.19")
         else
-          Gem::Version.new('0.0.0')
+          Gem::Version.new("0.0.0")
         end
       end
     end

data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb

@@ -1,8 +1,6 @@
-# encoding: utf-8
-
-require 'net/http'
-require 'net/http/post/multipart'
-require 'uri'
+require "net/http"
+require "net/http/post/multipart"
+require "uri"
 
 module InspecPlugins
   module Compliance
@@ -24,11 +22,11 @@ module InspecPlugins
         uri = _parse_url(url)
         req = Net::HTTP::Post.new(uri.path)
         if basic_auth
-          req.basic_auth token, ''
+          req.basic_auth token, ""
         else
-          req['Authorization'] = "Bearer #{token}"
+          req["Authorization"] = "Bearer #{token}"
         end
-        req.form_data={}
+        req.form_data = {}
 
         send_request(uri, req, insecure)
       end
@@ -50,7 +48,7 @@ module InspecPlugins
         http = Net::HTTP.new(uri.host, uri.port)
 
         # set connection flags
-        http.use_ssl = (uri.scheme == 'https')
+        http.use_ssl = (uri.scheme == "https")
         http.verify_mode = OpenSSL::SSL::VERIFY_NONE if insecure
 
         req = Net::HTTP::Post.new(uri.path)
@@ -58,13 +56,13 @@ module InspecPlugins
           req.add_field(key, value)
         end
 
-        req.body_stream=File.open(file_path, 'rb')
-        req.add_field('Content-Length', File.size(file_path))
-        req.add_field('Content-Type', 'application/x-gzip')
+        req.body_stream = File.open(file_path, "rb")
+        req.add_field("Content-Length", File.size(file_path))
+        req.add_field("Content-Type", "application/x-gzip")
 
-        boundary = 'INSPEC-PROFILE-UPLOAD'
-        req.add_field('session', boundary)
-        res=http.request(req)
+        boundary = "INSPEC-PROFILE-UPLOAD"
+        req.add_field("session", boundary)
+        res = http.request(req)
         res
       end
 
@@ -74,11 +72,11 @@ module InspecPlugins
         http = Net::HTTP.new(uri.host, uri.port)
 
         # set connection flags
-        http.use_ssl = (uri.scheme == 'https')
+        http.use_ssl = (uri.scheme == "https")
         http.verify_mode = OpenSSL::SSL::VERIFY_NONE if insecure
 
         File.open(file_path) do |tar|
-          req = Net::HTTP::Post::Multipart.new(uri, 'file' => UploadIO.new(tar, 'application/x-gzip', File.basename(file_path)))
+          req = Net::HTTP::Post::Multipart.new(uri, "file" => UploadIO.new(tar, "application/x-gzip", File.basename(file_path)))
           headers.each do |key, value|
             req.add_field(key, value)
           end
@@ -90,20 +88,20 @@ module InspecPlugins
       # sends a http requests
       def self.send_request(uri, req, insecure)
         opts = {
-          use_ssl: uri.scheme == 'https',
+          use_ssl: uri.scheme == "https",
         }
         opts[:verify_mode] = OpenSSL::SSL::VERIFY_NONE if insecure
 
         raise "Unable to parse URI: #{uri}" if uri.nil? || uri.host.nil?
-        res = Net::HTTP.start(uri.host, uri.port, opts) { |http|
+        res = Net::HTTP.start(uri.host, uri.port, opts) do |http|
           http.request(req)
-        }
+        end
         res
       rescue OpenSSL::SSL::SSLError => e
-        raise e unless e.message.include? 'certificate verify failed'
+        raise e unless e.message.include? "certificate verify failed"
 
         puts "Error: Failed to connect to #{uri}."
-        puts 'If the server uses a self-signed certificate, please re-run the login command with the --insecure option.'
+        puts "If the server uses a self-signed certificate, please re-run the login command with the --insecure option."
         exit 1
       end
 

data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb

@@ -1,5 +1,3 @@
-# encoding: utf-8
-
 module InspecPlugins
   module Compliance
     # is a helper that provides information which version of compliance supports
@@ -11,9 +9,9 @@ module InspecPlugins
       def self.version_with_support(feature)
         case feature.to_sym
         when :oidc # open id connect authentication
-          Gem::Version.new('0.16.19')
+          Gem::Version.new("0.16.19")
         else
-          Gem::Version.new('0.0.0')
+          Gem::Version.new("0.0.0")
         end
       end