inspec-core 4.3.2 → 4.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +139 -140
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
@@ -1,8 +1,7 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require
|
4
|
-
require
|
5
|
-
require 'inspec/errors'
|
1
|
+
require "uri"
|
2
|
+
require "inspec/fetcher"
|
3
|
+
require "inspec/errors"
|
4
|
+
require "inspec/dist"
|
6
5
|
|
7
6
|
# InSpec Target Helper for Chef Compliance
|
8
7
|
# reuses UrlHelper, but it knows the target server and the access token already
|
@@ -10,13 +9,15 @@ require 'inspec/errors'
|
|
10
9
|
module InspecPlugins
|
11
10
|
module Compliance
|
12
11
|
class Fetcher < Fetchers::Url
|
13
|
-
|
12
|
+
include Inspec::Dist
|
13
|
+
|
14
|
+
name "compliance"
|
14
15
|
priority 500
|
15
16
|
attr_reader :upstream_sha256
|
16
17
|
|
17
18
|
def initialize(target, opts)
|
18
19
|
super(target, opts)
|
19
|
-
@upstream_sha256 =
|
20
|
+
@upstream_sha256 = ""
|
20
21
|
if target.is_a?(Hash) && target.key?(:url)
|
21
22
|
@target = target[:url]
|
22
23
|
@upstream_sha256 = target[:sha256]
|
@@ -30,16 +31,16 @@ module InspecPlugins
|
|
30
31
|
end
|
31
32
|
|
32
33
|
def self.check_compliance_token(uri, config)
|
33
|
-
if config[
|
34
|
-
if config[
|
35
|
-
server =
|
36
|
-
msg =
|
37
|
-
elsif config[
|
38
|
-
server =
|
39
|
-
msg =
|
34
|
+
if config["token"].nil? && config["refresh_token"].nil?
|
35
|
+
if config["server_type"] == "automate"
|
36
|
+
server = "automate"
|
37
|
+
msg = "#{EXEC_NAME} compliance login https://your_automate_server --user USER --ent ENT --dctoken DCTOKEN or --token USERTOKEN"
|
38
|
+
elsif config["server_type"] == "automate2"
|
39
|
+
server = "automate2"
|
40
|
+
msg = "#{EXEC_NAME} compliance login https://your_automate2_server --user USER --token APITOKEN"
|
40
41
|
else
|
41
|
-
server =
|
42
|
-
msg = "
|
42
|
+
server = "compliance"
|
43
|
+
msg = "#{EXEC_NAME} compliance login https://your_compliance_server --user admin --insecure --token 'PASTE TOKEN HERE' "
|
43
44
|
end
|
44
45
|
raise Inspec::FetcherFailure, <<~EOF
|
45
46
|
|
@@ -54,7 +55,7 @@ module InspecPlugins
|
|
54
55
|
end
|
55
56
|
|
56
57
|
def self.get_target_uri(target)
|
57
|
-
if target.is_a?(String) && URI(target).scheme ==
|
58
|
+
if target.is_a?(String) && URI(target).scheme == "compliance"
|
58
59
|
URI(target)
|
59
60
|
elsif target.respond_to?(:key?) && target.key?(:compliance)
|
60
61
|
URI("compliance://#{target[:compliance]}")
|
@@ -84,16 +85,16 @@ module InspecPlugins
|
|
84
85
|
# If version was specified, it will be the first and only result.
|
85
86
|
# Note we are calling the sha256 as a string, not a symbol since
|
86
87
|
# it was returned as json from the Compliance API.
|
87
|
-
profile_info = profile_result.sort_by { |x| Gem::Version.new(x[
|
88
|
-
profile_checksum = profile_info.key?(
|
88
|
+
profile_info = profile_result.sort_by { |x| Gem::Version.new(x["version"]) }[0]
|
89
|
+
profile_checksum = profile_info.key?("sha256") ? profile_info["sha256"] : ""
|
89
90
|
end
|
90
91
|
end
|
91
92
|
# We need to pass the token to the fetcher
|
92
|
-
config[
|
93
|
+
config["token"] = InspecPlugins::Compliance::API.get_token(config)
|
93
94
|
|
94
95
|
# Needed for automate2 post request
|
95
96
|
profile_stub = profile || target[:compliance]
|
96
|
-
config[
|
97
|
+
config["profile"] = InspecPlugins::Compliance::API.profile_split(profile_stub)
|
97
98
|
|
98
99
|
new({ url: profile_fetch_url, sha256: profile_checksum }, config)
|
99
100
|
rescue URI::Error => _e
|
@@ -111,7 +112,7 @@ module InspecPlugins
|
|
111
112
|
end
|
112
113
|
|
113
114
|
def to_s
|
114
|
-
|
115
|
+
"#{COMPLIANCE_PRODUCT_NAME} Profile Loader"
|
115
116
|
end
|
116
117
|
|
117
118
|
private
|
@@ -128,13 +129,15 @@ module InspecPlugins
|
|
128
129
|
|
129
130
|
if InspecPlugins::Compliance::API.is_automate2_server?(@config)
|
130
131
|
m = {}
|
131
|
-
m[:owner] = @config[
|
132
|
-
m[:id] = @config[
|
132
|
+
m[:owner] = @config["profile"][0]
|
133
|
+
m[:id] = @config["profile"][1]
|
133
134
|
end
|
134
135
|
|
135
|
-
|
136
|
-
|
137
|
-
|
136
|
+
if m.nil?
|
137
|
+
raise "Unable to determine compliance profile name. This can be caused by " \
|
138
|
+
"an incorrect server in your configuration. Try to login to compliance " \
|
139
|
+
"via the `#{EXEC_NAME} compliance login` command."
|
140
|
+
end
|
138
141
|
|
139
142
|
"#{m[:owner]}/#{m[:id]}"
|
140
143
|
end
|
@@ -1,5 +1,5 @@
|
|
1
|
-
source
|
1
|
+
source "https://supermarket.chef.io"
|
2
2
|
|
3
3
|
group :integration do
|
4
|
-
cookbook
|
4
|
+
cookbook "inspec_habitat_fixture", path: "test/cookbooks/inspec_habitat_fixture/"
|
5
5
|
end
|
@@ -1,5 +1,5 @@
|
|
1
|
-
|
2
|
-
|
1
|
+
require_relative "profile"
|
2
|
+
require "inspec/dist"
|
3
3
|
|
4
4
|
module InspecPlugins
|
5
5
|
module Habitat
|
@@ -10,30 +10,32 @@ module InspecPlugins
|
|
10
10
|
"#{basename} habitat profile #{command.usage}"
|
11
11
|
end
|
12
12
|
|
13
|
-
desc
|
13
|
+
desc "create PATH", "Create a Habitat artifact for the profile found at PATH"
|
14
14
|
option :output_dir, type: :string, required: false,
|
15
|
-
desc:
|
16
|
-
def create(path =
|
15
|
+
desc: "Output directory for the Habitat artifact. Default: current directory"
|
16
|
+
def create(path = ".")
|
17
17
|
InspecPlugins::Habitat::Profile.new(path, options).create
|
18
18
|
end
|
19
19
|
|
20
|
-
desc
|
21
|
-
def setup(path =
|
20
|
+
desc "setup PATH", "Configure the profile at PATH for Habitat, including a plan and hooks"
|
21
|
+
def setup(path = ".")
|
22
22
|
InspecPlugins::Habitat::Profile.new(path, options).setup
|
23
23
|
end
|
24
24
|
|
25
|
-
desc
|
26
|
-
def upload(path =
|
25
|
+
desc "upload PATH", "Create then upload a Habitat artifact for the profile found at PATH to the Habitat Builder Depot"
|
26
|
+
def upload(path = ".")
|
27
27
|
InspecPlugins::Habitat::Profile.new(path, options).upload
|
28
28
|
end
|
29
29
|
end
|
30
30
|
|
31
31
|
class CLI < Inspec.plugin(2, :cli_command)
|
32
|
-
|
33
|
-
namespace 'habitat'
|
32
|
+
include Inspec::Dist
|
34
33
|
|
35
|
-
|
36
|
-
|
34
|
+
subcommand_desc "habitat SUBCOMMAND", "Manage Habitat with #{PRODUCT_NAME}"
|
35
|
+
namespace "habitat"
|
36
|
+
|
37
|
+
desc "profile", "Manage #{PRODUCT_NAME} profiles as Habitat artifacts"
|
38
|
+
subcommand "profile", ProfileCLI
|
37
39
|
end
|
38
40
|
end
|
39
41
|
end
|
@@ -1,19 +1,20 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require
|
4
|
-
require
|
5
|
-
require
|
6
|
-
require 'ostruct'
|
1
|
+
require "inspec/profile_vendor"
|
2
|
+
require "mixlib/shellout"
|
3
|
+
require "tomlrb"
|
4
|
+
require "ostruct"
|
5
|
+
require "inspec/dist"
|
7
6
|
|
8
7
|
module InspecPlugins
|
9
8
|
module Habitat
|
10
9
|
class Profile
|
10
|
+
include Inspec::Dist
|
11
|
+
|
11
12
|
attr_reader :logger
|
12
13
|
def initialize(path, options = {})
|
13
14
|
@path = path
|
14
15
|
@options = options
|
15
16
|
@logger = Inspec::Log
|
16
|
-
logger.level(options.fetch(:log_level,
|
17
|
+
logger.level(options.fetch(:log_level, "info").to_sym)
|
17
18
|
end
|
18
19
|
|
19
20
|
def create
|
@@ -28,7 +29,7 @@ module InspecPlugins
|
|
28
29
|
output_dir = @options[:output_dir] || Dir.pwd
|
29
30
|
unless File.directory?(output_dir)
|
30
31
|
exit_with_error("Output directory #{output_dir} is not a directory " \
|
31
|
-
|
32
|
+
"or does not exist.")
|
32
33
|
end
|
33
34
|
|
34
35
|
duplicated_profile = duplicate_profile(@path, working_dir)
|
@@ -44,7 +45,7 @@ module InspecPlugins
|
|
44
45
|
destination
|
45
46
|
rescue => e
|
46
47
|
logger.debug(e.backtrace.join("\n"))
|
47
|
-
exit_with_error(
|
48
|
+
exit_with_error("Unable to create Habitat artifact.")
|
48
49
|
ensure
|
49
50
|
if Dir.exist?(working_dir)
|
50
51
|
logger.debug("Deleting working directory #{working_dir}")
|
@@ -56,34 +57,34 @@ module InspecPlugins
|
|
56
57
|
path = profile.root_path
|
57
58
|
logger.debug("Setting up #{path} for Habitat...")
|
58
59
|
|
59
|
-
plan_file = File.join(path,
|
60
|
+
plan_file = File.join(path, "habitat", "plan.sh")
|
60
61
|
logger.info("Generating Habitat plan at #{plan_file}...")
|
61
62
|
vars = {
|
62
63
|
profile: profile,
|
63
|
-
habitat_origin: read_habitat_config[
|
64
|
+
habitat_origin: read_habitat_config["origin"],
|
64
65
|
}
|
65
|
-
create_file_from_template(plan_file,
|
66
|
+
create_file_from_template(plan_file, "plan.sh.erb", vars)
|
66
67
|
|
67
|
-
run_hook_file = File.join(path,
|
68
|
+
run_hook_file = File.join(path, "habitat", "hooks", "run")
|
68
69
|
logger.info("Generating a Habitat run hook at #{run_hook_file}...")
|
69
|
-
create_file_from_template(run_hook_file,
|
70
|
+
create_file_from_template(run_hook_file, "hooks/run.erb")
|
70
71
|
|
71
|
-
default_toml = File.join(path,
|
72
|
+
default_toml = File.join(path, "habitat", "default.toml")
|
72
73
|
logger.info("Generating a Habitat default.toml at #{default_toml}...")
|
73
|
-
create_file_from_template(default_toml,
|
74
|
+
create_file_from_template(default_toml, "default.toml.erb")
|
74
75
|
|
75
|
-
config = File.join(path,
|
76
|
-
logger.info("Generating #{config} for
|
77
|
-
create_file_from_template(config,
|
76
|
+
config = File.join(path, "habitat", "config", "inspec_exec_config.json")
|
77
|
+
logger.info("Generating #{config} for `#{EXEC_NAME} exec`...")
|
78
|
+
create_file_from_template(config, "config/inspec_exec_config.json.erb")
|
78
79
|
end
|
79
80
|
|
80
81
|
def upload
|
81
82
|
habitat_config = read_habitat_config
|
82
83
|
|
83
|
-
if habitat_config[
|
84
|
+
if habitat_config["auth_token"].nil?
|
84
85
|
exit_with_error(
|
85
|
-
|
86
|
-
|
86
|
+
"Unable to determine Habitat auth token for uploading.",
|
87
|
+
"Run `hab setup` or set the HAB_AUTH_TOKEN environment variable."
|
87
88
|
)
|
88
89
|
end
|
89
90
|
|
@@ -95,7 +96,7 @@ module InspecPlugins
|
|
95
96
|
logger.info("Habitat artifact #{hart} uploaded.")
|
96
97
|
rescue => e
|
97
98
|
logger.debug(e.backtrace.join("\n"))
|
98
|
-
exit_with_error(
|
99
|
+
exit_with_error("Unable to upload Habitat artifact.")
|
99
100
|
end
|
100
101
|
|
101
102
|
private
|
@@ -121,14 +122,14 @@ module InspecPlugins
|
|
121
122
|
def profile_from_path(path)
|
122
123
|
Inspec::Profile.for_target(
|
123
124
|
path,
|
124
|
-
backend: Inspec::Backend.create(Inspec::Config.mock)
|
125
|
+
backend: Inspec::Backend.create(Inspec::Config.mock)
|
125
126
|
)
|
126
127
|
end
|
127
128
|
|
128
129
|
def copy_profile_to_working_dir(profile, working_dir)
|
129
|
-
logger.debug(
|
130
|
+
logger.debug("Copying profile contents to the working directory...")
|
130
131
|
profile.files.each do |profile_file|
|
131
|
-
next if File.extname(profile_file) ==
|
132
|
+
next if File.extname(profile_file) == ".hart"
|
132
133
|
|
133
134
|
src = File.join(profile.root_path, profile_file)
|
134
135
|
dst = File.join(working_dir, profile_file)
|
@@ -143,86 +144,86 @@ module InspecPlugins
|
|
143
144
|
end
|
144
145
|
|
145
146
|
def verify_profile(profile)
|
146
|
-
logger.debug(
|
147
|
+
logger.debug("Checking to see if the profile is valid...")
|
147
148
|
|
148
149
|
unless profile.check[:summary][:valid]
|
149
|
-
exit_with_error(
|
150
|
-
|
150
|
+
exit_with_error("Profile check failed. Please fix the profile " \
|
151
|
+
"before creating a Habitat artifact.")
|
151
152
|
end
|
152
153
|
|
153
|
-
logger.debug(
|
154
|
+
logger.debug("Profile is valid.")
|
154
155
|
end
|
155
156
|
|
156
157
|
def vendor_profile_dependencies!(profile)
|
157
158
|
profile_vendor = Inspec::ProfileVendor.new(profile.root_path)
|
158
159
|
if profile_vendor.lockfile.exist? && profile_vendor.cache_path.exist?
|
159
160
|
logger.debug("Profile's dependencies are already vendored, skipping " \
|
160
|
-
|
161
|
+
"vendor process.")
|
161
162
|
else
|
162
163
|
logger.debug("Vendoring the profile's dependencies...")
|
163
164
|
profile_vendor.vendor!
|
164
165
|
|
165
|
-
logger.debug(
|
166
|
+
logger.debug("Ensuring all vendored content has read permissions...")
|
166
167
|
profile_vendor.make_readable
|
167
168
|
end
|
168
169
|
|
169
170
|
# Return new profile since it has changed
|
170
171
|
Inspec::Profile.for_target(
|
171
172
|
profile.root_path,
|
172
|
-
backend: Inspec::Backend.create(Inspec::Config.mock)
|
173
|
+
backend: Inspec::Backend.create(Inspec::Config.mock)
|
173
174
|
)
|
174
175
|
end
|
175
176
|
|
176
177
|
def verify_habitat_setup(habitat_config)
|
177
|
-
logger.debug(
|
178
|
-
cmd = Mixlib::ShellOut.new(
|
178
|
+
logger.debug("Checking to see if Habitat is installed...")
|
179
|
+
cmd = Mixlib::ShellOut.new("hab --version")
|
179
180
|
cmd.run_command
|
180
181
|
if cmd.error?
|
181
|
-
exit_with_error(
|
182
|
+
exit_with_error("Unable to run Habitat commands.", cmd.stderr)
|
182
183
|
end
|
183
184
|
|
184
|
-
if habitat_config[
|
185
|
+
if habitat_config["origin"].nil?
|
185
186
|
exit_with_error(
|
186
|
-
|
187
|
-
|
187
|
+
"Unable to determine Habitat origin name.",
|
188
|
+
"Run `hab setup` or set the HAB_ORIGIN environment variable."
|
188
189
|
)
|
189
190
|
end
|
190
191
|
end
|
191
192
|
|
192
193
|
def create_file_from_template(file, template, vars = {})
|
193
194
|
FileUtils.mkdir_p(File.dirname(file))
|
194
|
-
template_path = File.join(__dir__,
|
195
|
+
template_path = File.join(__dir__, "../../templates/habitat", template)
|
195
196
|
contents = ERB.new(File.read(template_path))
|
196
197
|
.result(OpenStruct.new(vars).instance_eval { binding })
|
197
198
|
File.write(file, contents)
|
198
199
|
end
|
199
200
|
|
200
201
|
def build_hart(working_dir, habitat_config)
|
201
|
-
logger.debug(
|
202
|
+
logger.debug("Building our Habitat artifact...")
|
202
203
|
|
203
204
|
env = {
|
204
|
-
|
205
|
-
|
206
|
-
|
205
|
+
"TERM" => "vt100",
|
206
|
+
"HAB_ORIGIN" => habitat_config["origin"],
|
207
|
+
"HAB_NONINTERACTIVE" => "true",
|
207
208
|
}
|
208
209
|
|
209
|
-
env[
|
210
|
+
env["RUST_LOG"] = "debug" if logger.level == :debug
|
210
211
|
|
211
212
|
# TODO: Would love to use Mixlib::ShellOut here, but it doesn't
|
212
213
|
# seem to preserve the STDIN tty, and docker gets angry.
|
213
214
|
Dir.chdir(working_dir) do
|
214
|
-
unless system(env,
|
215
|
-
exit_with_error(
|
215
|
+
unless system(env, "hab pkg build .")
|
216
|
+
exit_with_error("Unable to build the Habitat artifact.")
|
216
217
|
end
|
217
218
|
end
|
218
219
|
|
219
|
-
hart_files = Dir.glob(File.join(working_dir,
|
220
|
+
hart_files = Dir.glob(File.join(working_dir, "results", "*.hart"))
|
220
221
|
|
221
222
|
if hart_files.length > 1
|
222
|
-
exit_with_error(
|
223
|
-
|
223
|
+
exit_with_error("More than one Habitat artifact was created which " \
|
224
|
+
"was not expected.")
|
224
225
|
elsif hart_files.empty?
|
225
|
-
exit_with_error(
|
226
|
+
exit_with_error("No Habitat artifact was created.")
|
226
227
|
end
|
227
228
|
|
228
229
|
hart_files.first
|
@@ -234,33 +235,33 @@ module InspecPlugins
|
|
234
235
|
config = habitat_config
|
235
236
|
|
236
237
|
env = {
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
|
238
|
+
"HAB_AUTH_TOKEN" => config["auth_token"],
|
239
|
+
"HAB_NONINTERACTIVE" => "true",
|
240
|
+
"HAB_ORIGIN" => config["origin"],
|
241
|
+
"TERM" => "vt100",
|
241
242
|
}
|
242
243
|
|
243
|
-
env[
|
244
|
+
env["HAB_DEPOT_URL"] = ENV["HAB_DEPOT_URL"] if ENV["HAB_DEPOT_URL"]
|
244
245
|
|
245
246
|
cmd = Mixlib::ShellOut.new("hab pkg upload #{hart_file}", env: env)
|
246
247
|
cmd.run_command
|
247
248
|
if cmd.error?
|
248
249
|
exit_with_error(
|
249
|
-
|
250
|
+
"Unable to upload Habitat artifact to the Depot.",
|
250
251
|
cmd.stdout,
|
251
|
-
cmd.stderr
|
252
|
+
cmd.stderr
|
252
253
|
)
|
253
254
|
end
|
254
255
|
|
255
|
-
logger.debug(
|
256
|
+
logger.debug("Upload complete!")
|
256
257
|
end
|
257
258
|
|
258
259
|
def read_habitat_config
|
259
|
-
cli_toml = File.join(ENV[
|
260
|
-
cli_toml =
|
260
|
+
cli_toml = File.join(ENV["HOME"], ".hab", "etc", "cli.toml")
|
261
|
+
cli_toml = "/hab/etc/cli.toml" unless File.exist?(cli_toml)
|
261
262
|
cli_config = File.exist?(cli_toml) ? Tomlrb.load_file(cli_toml) : {}
|
262
|
-
cli_config[
|
263
|
-
cli_config[
|
263
|
+
cli_config["origin"] ||= ENV["HAB_ORIGIN"]
|
264
|
+
cli_config["auth_token"] ||= ENV["HAB_AUTH_TOKEN"]
|
264
265
|
cli_config
|
265
266
|
end
|
266
267
|
|