inspec-core 4.3.2 → 4.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +139 -140
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
data/lib/inspec/plugin/v2.rb
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
require
|
1
|
+
require "inspec/errors"
|
2
2
|
|
3
3
|
module Inspec
|
4
4
|
module Plugin
|
@@ -23,20 +23,20 @@ module Inspec
|
|
23
23
|
end
|
24
24
|
end
|
25
25
|
|
26
|
-
require
|
27
|
-
require
|
28
|
-
require
|
29
|
-
require
|
30
|
-
require
|
26
|
+
require "inspec/globals"
|
27
|
+
require "inspec/plugin/v2/config_file"
|
28
|
+
require "inspec/plugin/v2/registry"
|
29
|
+
require "inspec/plugin/v2/loader"
|
30
|
+
require "inspec/plugin/v2/plugin_base"
|
31
31
|
|
32
32
|
# Load all plugin type base classes
|
33
|
-
Dir.glob(File.join(__dir__,
|
33
|
+
Dir.glob(File.join(__dir__, "v2", "plugin_types", "*.rb")).each { |file| require file }
|
34
34
|
|
35
35
|
module Inspec
|
36
36
|
# Provides the base class that plugin implementors should use.
|
37
37
|
def self.plugin(version, plugin_type = nil)
|
38
38
|
unless version == 2
|
39
|
-
raise
|
39
|
+
raise "Only plugins version 2 is supported!"
|
40
40
|
end
|
41
41
|
|
42
42
|
return Inspec::Plugin::V2::PluginBase if plugin_type.nil?
|
@@ -1,4 +1,4 @@
|
|
1
|
-
require
|
1
|
+
require "json"
|
2
2
|
|
3
3
|
module Inspec::Plugin::V2
|
4
4
|
# Represents the plugin config file on disk.
|
@@ -17,7 +17,7 @@ module Inspec::Plugin::V2
|
|
17
17
|
# Returns the defaut path for a config file.
|
18
18
|
# This respects ENV['INSPEC_CONFIG_DIR'].
|
19
19
|
def self.default_path
|
20
|
-
File.join(Inspec.config_dir,
|
20
|
+
File.join(Inspec.config_dir, "plugins.json")
|
21
21
|
end
|
22
22
|
|
23
23
|
# Implement Enumerable. All Enumerable methds act
|
@@ -40,7 +40,7 @@ module Inspec::Plugin::V2
|
|
40
40
|
# Add an entry with full validation.
|
41
41
|
def add_entry(proposed_entry)
|
42
42
|
unless proposed_entry.keys.all? { |field| field.is_a? Symbol }
|
43
|
-
raise Inspec::Plugin::V2::ConfigError,
|
43
|
+
raise Inspec::Plugin::V2::ConfigError, "All keys to ConfigFile#add_entry must be symbols"
|
44
44
|
end
|
45
45
|
|
46
46
|
validate_entry(proposed_entry)
|
@@ -71,7 +71,7 @@ module Inspec::Plugin::V2
|
|
71
71
|
|
72
72
|
def blank_structure
|
73
73
|
{
|
74
|
-
plugins_config_version:
|
74
|
+
plugins_config_version: "1.0.0",
|
75
75
|
plugins: [],
|
76
76
|
}
|
77
77
|
end
|
@@ -88,7 +88,7 @@ module Inspec::Plugin::V2
|
|
88
88
|
raise Inspec::Plugin::V2::ConfigError, "Missing 'plugins_config_version' entry at #{path} - currently support versions: 1.0.0"
|
89
89
|
end
|
90
90
|
|
91
|
-
unless @data[:plugins_config_version] ==
|
91
|
+
unless @data[:plugins_config_version] == "1.0.0"
|
92
92
|
raise Inspec::Plugin::V2::ConfigError, "Unsupported plugins.json file version #{@data[:plugins_config_version]} at #{path} - currently support versions: 1.0.0"
|
93
93
|
end
|
94
94
|
|
@@ -106,7 +106,7 @@ module Inspec::Plugin::V2
|
|
106
106
|
validate_entry(plugin_entry)
|
107
107
|
rescue Inspec::Plugin::V2::ConfigError => ex
|
108
108
|
# append some context to the message
|
109
|
-
raise Inspec::Plugin::V2::ConfigError,
|
109
|
+
raise Inspec::Plugin::V2::ConfigError, "Malformed plugins.json file - " + ex.message + " at index #{idx}"
|
110
110
|
end
|
111
111
|
|
112
112
|
# Check for duplicates
|
@@ -1,6 +1,6 @@
|
|
1
|
-
require
|
2
|
-
require
|
3
|
-
require
|
1
|
+
require "singleton"
|
2
|
+
require "json"
|
3
|
+
require "inspec/globals"
|
4
4
|
|
5
5
|
module Inspec::Plugin::V2
|
6
6
|
Exclusion = Struct.new(:plugin_name, :rationale)
|
@@ -27,33 +27,33 @@ module Inspec::Plugin::V2
|
|
27
27
|
private
|
28
28
|
|
29
29
|
def read_filter_data
|
30
|
-
path = File.join(Inspec.src_root,
|
30
|
+
path = File.join(Inspec.src_root, "etc", "plugin_filters.json")
|
31
31
|
@filter_data = JSON.parse(File.read(path))
|
32
32
|
|
33
|
-
unless @filter_data[
|
33
|
+
unless @filter_data["file_version"] == "1.0.0"
|
34
34
|
raise Inspec::Plugin::V2::ConfigError, "Unknown plugin fillter file format at #{path}"
|
35
35
|
end
|
36
36
|
|
37
|
-
validate_plugin_filter_file(
|
37
|
+
validate_plugin_filter_file("1.0.0")
|
38
38
|
|
39
|
-
@filter_data[:exclude] = @filter_data[
|
40
|
-
Exclusion.new(entry[
|
39
|
+
@filter_data[:exclude] = @filter_data["exclude"].map do |entry|
|
40
|
+
Exclusion.new(entry["plugin_name"], entry["rationale"])
|
41
41
|
end
|
42
|
-
@filter_data.delete(
|
42
|
+
@filter_data.delete("exclude")
|
43
43
|
end
|
44
44
|
|
45
45
|
def validate_plugin_filter_file(_file_version)
|
46
|
-
unless @filter_data.key?(
|
46
|
+
unless @filter_data.key?("exclude") && @filter_data["exclude"].is_a?(Array)
|
47
47
|
raise Inspec::Plugin::V2::ConfigError, 'Unknown plugin fillter file format: expected "exclude" to be an array'
|
48
48
|
end
|
49
|
-
@filter_data[
|
49
|
+
@filter_data["exclude"].each_with_index do |entry, idx|
|
50
50
|
unless entry.is_a? Hash
|
51
51
|
raise Inspec::Plugin::V2::ConfigError, "Unknown plugin fillter file format: expected entry #{idx} to be a Hash / JS Object"
|
52
52
|
end
|
53
|
-
unless entry.key?(
|
53
|
+
unless entry.key?("plugin_name")
|
54
54
|
raise Inspec::Plugin::V2::ConfigError, "Unknown plugin fillter file format: expected entry #{idx} to have a \"plugin_name\" field"
|
55
55
|
end
|
56
|
-
unless entry.key?(
|
56
|
+
unless entry.key?("rationale")
|
57
57
|
raise Inspec::Plugin::V2::ConfigError, "Unknown plugin fillter file format: expected entry #{idx} to have a \"rationale\" field"
|
58
58
|
end
|
59
59
|
end
|
@@ -1,16 +1,16 @@
|
|
1
1
|
# This file is not required by default.
|
2
2
|
|
3
|
-
require
|
4
|
-
require
|
5
|
-
require
|
3
|
+
require "singleton"
|
4
|
+
require "forwardable"
|
5
|
+
require "fileutils"
|
6
6
|
|
7
7
|
# Gem extensions for doing unusual things - not loaded by Gem default
|
8
|
-
require
|
9
|
-
require
|
10
|
-
require
|
11
|
-
require
|
8
|
+
require "rubygems/package"
|
9
|
+
require "rubygems/name_tuple"
|
10
|
+
require "rubygems/uninstaller"
|
11
|
+
require "rubygems/remote_fetcher"
|
12
12
|
|
13
|
-
require
|
13
|
+
require "inspec/plugin/v2/filter"
|
14
14
|
|
15
15
|
module Inspec::Plugin::V2
|
16
16
|
# Handles all actions modifying the user's plugin set:
|
@@ -23,7 +23,7 @@ module Inspec::Plugin::V2
|
|
23
23
|
include Singleton
|
24
24
|
extend Forwardable
|
25
25
|
|
26
|
-
Gem.configuration[
|
26
|
+
Gem.configuration["verbose"] = false
|
27
27
|
|
28
28
|
attr_reader :conf_file, :loader, :registry
|
29
29
|
def_delegator :loader, :plugin_gem_path, :gem_path
|
@@ -60,6 +60,8 @@ module Inspec::Plugin::V2
|
|
60
60
|
# TODO: - check plugins.json for validity before trying anything that needs to modify it.
|
61
61
|
validate_installation_opts(plugin_name, opts)
|
62
62
|
|
63
|
+
# TODO: change all of these to return installed spec/gem/thingy
|
64
|
+
# TODO: return installed thingy
|
63
65
|
if opts[:path]
|
64
66
|
install_from_path(plugin_name, opts)
|
65
67
|
elsif opts[:gem_file]
|
@@ -128,7 +130,7 @@ module Inspec::Plugin::V2
|
|
128
130
|
if opts[:exact]
|
129
131
|
matched_tuples = fetcher.detect(opts[:scope]) { |tuple| tuple.name == plugin_query }
|
130
132
|
else
|
131
|
-
regex = Regexp.new(
|
133
|
+
regex = Regexp.new("^" + plugin_query + ".*")
|
132
134
|
matched_tuples = fetcher.detect(opts[:scope]) do |tuple|
|
133
135
|
tuple.name =~ regex && !Inspec::Plugin::V2::PluginFilter.exclude?(tuple.name)
|
134
136
|
end
|
@@ -172,15 +174,15 @@ module Inspec::Plugin::V2
|
|
172
174
|
end
|
173
175
|
|
174
176
|
if opts.key?(:gem_file) && opts.key?(:path)
|
175
|
-
raise InstallError,
|
177
|
+
raise InstallError, "May not specify both gem_file and a path (for installing from source)"
|
176
178
|
end
|
177
179
|
|
178
180
|
if opts.key?(:version) && (opts.key?(:gem_file) || opts.key?(:path))
|
179
|
-
raise InstallError,
|
181
|
+
raise InstallError, "May not specify a version when installing from a gem file or source path"
|
180
182
|
end
|
181
183
|
|
182
184
|
if opts.key?(:gem_file)
|
183
|
-
unless opts[:gem_file].end_with?(
|
185
|
+
unless opts[:gem_file].end_with?(".gem")
|
184
186
|
raise InstallError, "When installing from a local gem file, gem file must have '.gem' extension - saw #{opts[:gem_file]}"
|
185
187
|
end
|
186
188
|
unless File.exist?(opts[:gem_file])
|
@@ -248,7 +250,7 @@ module Inspec::Plugin::V2
|
|
248
250
|
|
249
251
|
opts[:scope] ||= :released
|
250
252
|
unless [:prerelease, :released, :latest].include?(opts[:scope])
|
251
|
-
raise SearchError,
|
253
|
+
raise SearchError, "Search scope for listing versons must be :prerelease, :released, or :latest."
|
252
254
|
end
|
253
255
|
end
|
254
256
|
|
@@ -264,26 +266,33 @@ module Inspec::Plugin::V2
|
|
264
266
|
# Make Set that encompasses just the gemfile that was provided
|
265
267
|
plugin_local_source = Gem::Source::SpecificFile.new(opts[:gem_file])
|
266
268
|
|
267
|
-
plugin_dependency = Gem::Dependency.new(requested_plugin_name,
|
268
|
-
|
269
|
-
|
269
|
+
plugin_dependency = Gem::Dependency.new(requested_plugin_name,
|
270
|
+
plugin_local_source.spec.version)
|
271
|
+
|
272
|
+
requested_local_gem_set = Gem::Resolver::InstallerSet.new(:both)
|
273
|
+
requested_local_gem_set.add_local(plugin_dependency.name,
|
274
|
+
plugin_local_source.spec, plugin_local_source)
|
270
275
|
|
271
276
|
install_gem_to_plugins_dir(plugin_dependency, [requested_local_gem_set])
|
272
277
|
end
|
273
278
|
|
274
279
|
def install_from_remote_gems(requested_plugin_name, opts)
|
275
|
-
plugin_dependency = Gem::Dependency.new(requested_plugin_name, opts[:version] ||
|
280
|
+
plugin_dependency = Gem::Dependency.new(requested_plugin_name, opts[:version] || "> 0")
|
276
281
|
# BestSet is rubygems.org API + indexing
|
277
282
|
install_gem_to_plugins_dir(plugin_dependency, [Gem::Resolver::BestSet.new], opts[:update_mode])
|
278
283
|
end
|
279
284
|
|
280
|
-
def install_gem_to_plugins_dir(new_plugin_dependency,
|
285
|
+
def install_gem_to_plugins_dir(new_plugin_dependency, # rubocop: disable Metrics/AbcSize
|
286
|
+
extra_request_sets = [],
|
287
|
+
update_mode = false)
|
288
|
+
|
281
289
|
# Get a list of all the gems available to us.
|
282
290
|
gem_to_force_update = update_mode ? new_plugin_dependency.name : nil
|
283
291
|
set_available_for_resolution = build_gem_request_universe(extra_request_sets, gem_to_force_update)
|
284
292
|
|
285
293
|
# Solve the dependency (that is, find a way to install the new plugin and anything it needs)
|
286
294
|
request_set = Gem::RequestSet.new(new_plugin_dependency)
|
295
|
+
|
287
296
|
begin
|
288
297
|
solution = request_set.resolve(set_available_for_resolution)
|
289
298
|
rescue Gem::UnsatisfiableDependencyError => gem_ex
|
@@ -325,6 +334,7 @@ module Inspec::Plugin::V2
|
|
325
334
|
# not obliged to during packaging.)
|
326
335
|
# So, after each install, run a scan for all gem(specs) we manage, and copy in their gemspec file
|
327
336
|
# into the exploded gem source area if absent.
|
337
|
+
|
328
338
|
loader.list_managed_gems.each do |spec|
|
329
339
|
path_inside_source = File.join(spec.gem_dir, "#{spec.name}.gemspec")
|
330
340
|
unless File.exist?(path_inside_source)
|
@@ -357,7 +367,7 @@ module Inspec::Plugin::V2
|
|
357
367
|
status.installation_type == :gem && status.name != plugin_name_to_be_removed.to_sym
|
358
368
|
end
|
359
369
|
plugin_deps_we_still_must_satisfy = plugin_deps_we_still_must_satisfy.map do |status|
|
360
|
-
constraint = status.version ||
|
370
|
+
constraint = status.version || "> 0"
|
361
371
|
Gem::Dependency.new(status.name.to_s, constraint)
|
362
372
|
end
|
363
373
|
|
@@ -385,7 +395,7 @@ module Inspec::Plugin::V2
|
|
385
395
|
all: true,
|
386
396
|
executables: true,
|
387
397
|
force: true,
|
388
|
-
ignore: true
|
398
|
+
ignore: true
|
389
399
|
).uninstall_gem(cruft_spec)
|
390
400
|
end
|
391
401
|
end
|
@@ -394,12 +404,12 @@ module Inspec::Plugin::V2
|
|
394
404
|
# Utilities
|
395
405
|
#===================================================================#
|
396
406
|
|
397
|
-
# This class
|
407
|
+
# This class allows us to build a Resolver set with the gems that are
|
398
408
|
# already included either with Ruby or with the InSpec install
|
399
409
|
#
|
400
410
|
# This code is heavily based on:
|
401
|
-
# https://github.com/hashicorp/vagrant/blob/
|
402
|
-
# https://github.com/hashicorp/vagrant/blob/
|
411
|
+
# https://github.com/hashicorp/vagrant/blob/32237377/lib/vagrant/bundler.rb#L400
|
412
|
+
# https://github.com/hashicorp/vagrant/blob/32237377/lib/vagrant/bundler.rb#L565
|
403
413
|
class InstalledVendorSet < Gem::Resolver::Set
|
404
414
|
def initialize
|
405
415
|
super
|
@@ -479,6 +489,8 @@ module Inspec::Plugin::V2
|
|
479
489
|
end
|
480
490
|
|
481
491
|
conf_file.save
|
492
|
+
|
493
|
+
conf_file
|
482
494
|
end
|
483
495
|
end
|
484
496
|
end
|
@@ -1,11 +1,11 @@
|
|
1
|
-
require
|
2
|
-
require
|
1
|
+
require "inspec/log"
|
2
|
+
require "inspec/plugin/v2/config_file"
|
3
3
|
|
4
4
|
# Add the current directory of the process to the load path
|
5
|
-
$LOAD_PATH.unshift(
|
5
|
+
$LOAD_PATH.unshift(".") unless $LOAD_PATH.include?(".")
|
6
6
|
# Add the InSpec source root directory to the load path
|
7
|
-
folder = File.expand_path(File.join(
|
8
|
-
$LOAD_PATH.unshift(folder) unless $LOAD_PATH.include?(
|
7
|
+
folder = File.expand_path(File.join("..", "..", "..", ".."), __dir__)
|
8
|
+
$LOAD_PATH.unshift(folder) unless $LOAD_PATH.include?("folder")
|
9
9
|
|
10
10
|
module Inspec::Plugin::V2
|
11
11
|
class Loader
|
@@ -51,7 +51,7 @@ module Inspec::Plugin::V2
|
|
51
51
|
require plugin_details.entry_point
|
52
52
|
else
|
53
53
|
load_path = plugin_details.entry_point
|
54
|
-
load_path +=
|
54
|
+
load_path += ".rb" unless plugin_details.entry_point.end_with?(".rb")
|
55
55
|
load load_path
|
56
56
|
end
|
57
57
|
plugin_details.loaded = true
|
@@ -67,16 +67,16 @@ module Inspec::Plugin::V2
|
|
67
67
|
# This should possibly be in either lib/inspec/cli.rb or Registry
|
68
68
|
def exit_on_load_error
|
69
69
|
if registry.any_load_failures?
|
70
|
-
Inspec::Log.error
|
70
|
+
Inspec::Log.error "Errors were encountered while loading plugins..."
|
71
71
|
registry.plugin_statuses.select(&:load_exception).each do |plugin_status|
|
72
|
-
Inspec::Log.error
|
73
|
-
Inspec::Log.error
|
74
|
-
if ARGV.include?(
|
75
|
-
Inspec::Log.error
|
76
|
-
Inspec::Log.error
|
72
|
+
Inspec::Log.error "Plugin name: " + plugin_status.name.to_s
|
73
|
+
Inspec::Log.error "Error: " + plugin_status.load_exception.message
|
74
|
+
if ARGV.include?("--debug")
|
75
|
+
Inspec::Log.error "Exception: " + plugin_status.load_exception.class.name
|
76
|
+
Inspec::Log.error "Trace: " + plugin_status.load_exception.backtrace.join("\n")
|
77
77
|
end
|
78
78
|
end
|
79
|
-
Inspec::Log.error(
|
79
|
+
Inspec::Log.error("Run again with --debug for a stacktrace.") unless ARGV.include?("--debug")
|
80
80
|
exit 2
|
81
81
|
end
|
82
82
|
end
|
@@ -93,7 +93,7 @@ module Inspec::Plugin::V2
|
|
93
93
|
|
94
94
|
# If the user invoked `inspec help`, `inspec --help`, or only `inspec`
|
95
95
|
# then activate all CLI plugins so they can display their usage message.
|
96
|
-
activate_me ||= [
|
96
|
+
activate_me ||= ["help", "--help", nil].include?(cli_args.first)
|
97
97
|
|
98
98
|
# If there is anything in the CLI args with the same name, activate it.
|
99
99
|
# This is the expected usual activation for individual plugins.
|
@@ -113,16 +113,16 @@ module Inspec::Plugin::V2
|
|
113
113
|
end
|
114
114
|
|
115
115
|
def self.plugin_gem_path
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
File.join(Inspec.config_dir,
|
116
|
+
require "rbconfig"
|
117
|
+
ruby_abi_version = RbConfig::CONFIG["ruby_version"]
|
118
|
+
# TODO: why are we installing under the api directory for plugins?
|
119
|
+
File.join(Inspec.config_dir, "gems", ruby_abi_version)
|
120
120
|
end
|
121
121
|
|
122
122
|
# Lists all gems found in the plugin_gem_path.
|
123
123
|
# @return [Array[Gem::Specification]] Specs of all gems found.
|
124
124
|
def self.list_managed_gems
|
125
|
-
Dir.glob(File.join(plugin_gem_path,
|
125
|
+
Dir.glob(File.join(plugin_gem_path, "specifications", "*.gemspec")).map { |p| Gem::Specification.load(p) }
|
126
126
|
end
|
127
127
|
|
128
128
|
def list_managed_gems
|
@@ -145,7 +145,7 @@ module Inspec::Plugin::V2
|
|
145
145
|
# 'Activating' a gem adds it to the load path, so 'require "gemname"' will work.
|
146
146
|
# Given a gem name, this activates the gem and all of its dependencies, respecting
|
147
147
|
# version pinning needs.
|
148
|
-
def activate_managed_gems_for_plugin(plugin_gem_name, version_constraint =
|
148
|
+
def activate_managed_gems_for_plugin(plugin_gem_name, version_constraint = "> 0")
|
149
149
|
# TODO: enforce first-level version pinning
|
150
150
|
plugin_deps = [Gem::Dependency.new(plugin_gem_name.to_s, version_constraint)]
|
151
151
|
managed_gem_set = Gem::Resolver::VendorSet.new
|
@@ -197,18 +197,18 @@ module Inspec::Plugin::V2
|
|
197
197
|
act.activator_name = :default
|
198
198
|
status.activators = [act]
|
199
199
|
|
200
|
-
v0_subcommand_name = plugin_name.to_s.gsub(
|
200
|
+
v0_subcommand_name = plugin_name.to_s.gsub("inspec-", "")
|
201
201
|
status.plugin_class = Inspec::Plugins::CLI.subcommands[v0_subcommand_name][:klass]
|
202
202
|
end
|
203
203
|
|
204
204
|
def detect_bundled_plugins
|
205
|
-
bundle_dir = File.expand_path(File.join(File.dirname(__FILE__),
|
205
|
+
bundle_dir = File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "..", "bundles"))
|
206
206
|
globs = [
|
207
|
-
File.join(bundle_dir,
|
208
|
-
File.join(bundle_dir,
|
207
|
+
File.join(bundle_dir, "inspec-*.rb"),
|
208
|
+
File.join(bundle_dir, "train-*.rb"),
|
209
209
|
]
|
210
210
|
Dir.glob(globs).each do |loader_file|
|
211
|
-
name = File.basename(loader_file,
|
211
|
+
name = File.basename(loader_file, ".rb").to_sym
|
212
212
|
status = Inspec::Plugin::V2::Status.new
|
213
213
|
status.name = name
|
214
214
|
status.entry_point = loader_file
|
@@ -219,13 +219,13 @@ module Inspec::Plugin::V2
|
|
219
219
|
end
|
220
220
|
|
221
221
|
def detect_core_plugins
|
222
|
-
core_plugins_dir = File.expand_path(File.join(File.dirname(__FILE__),
|
222
|
+
core_plugins_dir = File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "..", "plugins"))
|
223
223
|
# These are expected to be organized as proper separate projects,
|
224
224
|
# with lib/ dirs, etc.
|
225
|
-
Dir.glob(File.join(core_plugins_dir,
|
225
|
+
Dir.glob(File.join(core_plugins_dir, "inspec-*")).each do |plugin_dir|
|
226
226
|
status = Inspec::Plugin::V2::Status.new
|
227
227
|
status.name = File.basename(plugin_dir).to_sym
|
228
|
-
status.entry_point = File.join(plugin_dir,
|
228
|
+
status.entry_point = File.join(plugin_dir, "lib", status.name.to_s + ".rb")
|
229
229
|
status.installation_type = :core
|
230
230
|
status.loaded = false
|
231
231
|
registry[status.name.to_sym] = status
|