inspec-core 4.31.1 → 4.37.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +14 -1
  3. data/inspec-core.gemspec +2 -2
  4. data/lib/inspec/base_cli.rb +5 -3
  5. data/lib/inspec/cli.rb +12 -4
  6. data/lib/inspec/control_eval_context.rb +1 -0
  7. data/lib/inspec/fetcher/local.rb +1 -1
  8. data/lib/inspec/input.rb +39 -4
  9. data/lib/inspec/input_registry.rb +1 -0
  10. data/lib/inspec/objects/input.rb +1 -1
  11. data/lib/inspec/plugin/v2/loader.rb +9 -0
  12. data/lib/inspec/profile_context.rb +1 -1
  13. data/lib/inspec/reporters/cli.rb +63 -0
  14. data/lib/inspec/resources.rb +1 -0
  15. data/lib/inspec/resources/command.rb +3 -9
  16. data/lib/inspec/resources/groups.rb +21 -6
  17. data/lib/inspec/resources/http.rb +1 -1
  18. data/lib/inspec/resources/mssql_session.rb +1 -1
  19. data/lib/inspec/resources/mysql_session.rb +1 -1
  20. data/lib/inspec/resources/pip.rb +1 -1
  21. data/lib/inspec/resources/registry_key.rb +1 -1
  22. data/lib/inspec/resources/selinux.rb +154 -0
  23. data/lib/inspec/resources/users.rb +1 -1
  24. data/lib/inspec/resources/windows_feature.rb +2 -1
  25. data/lib/inspec/resources/windows_firewall_rule.rb +1 -1
  26. data/lib/inspec/rule.rb +9 -1
  27. data/lib/inspec/runner.rb +1 -1
  28. data/lib/inspec/utils/erlang_parser.rb +2 -2
  29. data/lib/inspec/utils/filter.rb +7 -7
  30. data/lib/inspec/utils/nginx_parser.rb +3 -3
  31. data/lib/inspec/version.rb +1 -1
  32. data/lib/plugins/inspec-compliance/README.md +125 -2
  33. data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +5 -0
  34. data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +18 -1
  35. data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +23 -8
  36. data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +24 -25
  37. data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +5 -4
  38. metadata +11 -4
@@ -7,6 +7,11 @@ module InspecPlugins
7
7
  require_relative "inspec-compliance/cli"
8
8
  InspecPlugins::Compliance::CLI
9
9
  end
10
+
11
+ cli_command :automate do
12
+ require_relative "inspec-compliance/cli"
13
+ InspecPlugins::Compliance::CLI
14
+ end
10
15
  end
11
16
 
12
17
  autoload :Configuration, "plugins/inspec-compliance/lib/inspec-compliance/configuration"
@@ -170,6 +170,23 @@ module InspecPlugins
170
170
  [success, msg, access_token]
171
171
  end
172
172
 
173
+ # Use API access token to validate login using version API
174
+ def self.authenticate_login_using_version_api(url, api_token, insecure)
175
+ uri = URI.parse("#{url}/version")
176
+ req = Net::HTTP::Get.new(uri.path)
177
+ req["api-token"] = api_token
178
+ response = InspecPlugins::Compliance::HTTP.send_request(uri, req, insecure)
179
+
180
+ if response.code == "200"
181
+ msg = "Successfully Logged In"
182
+ success = true
183
+ else
184
+ success = false
185
+ msg = "Failed to authenticate to #{url} \n\Response code: #{response.code}\nBody: #{response.body}"
186
+ end
187
+ [success, msg]
188
+ end
189
+
173
190
  # Use username and password to get an API access token
174
191
  def self.get_token_via_password(url, username, password, insecure)
175
192
  uri = URI.parse("#{url}/login")
@@ -357,7 +374,7 @@ module InspecPlugins
357
374
 
358
375
  Inspec::Log.debug(
359
376
  "Received 200 from #{url}#{compliance_endpoint} - " \
360
- "assuming target is a #{COMPLIANCE_PRODUCT_NAME} server"
377
+ "assuming target is a #{AUTOMATE_PRODUCT_NAME} server"
361
378
  )
362
379
  true
363
380
  end
@@ -9,7 +9,7 @@ module InspecPlugins
9
9
  class CannotDetermineServerType < StandardError; end
10
10
 
11
11
  def login(options)
12
- raise ArgumentError, "Please specify a server using `#{EXEC_NAME} compliance login https://SERVER`" unless options["server"]
12
+ raise ArgumentError, "Please specify a server using `#{EXEC_NAME} automate login https://SERVER` or `#{EXEC_NAME} compliance login https://SERVER`" unless options["server"]
13
13
 
14
14
  options["server"] = URI("https://#{options["server"]}").to_s if URI(options["server"]).scheme.nil?
15
15
 
@@ -33,7 +33,8 @@ module InspecPlugins
33
33
 
34
34
  options["url"] = options["server"] + "/api/v0"
35
35
  token = options["dctoken"] || options["token"]
36
- store_access_token(options, token)
36
+ success, msg = API::Login.authenticate_login(options)
37
+ success ? store_access_token(options, token) : msg
37
38
  end
38
39
 
39
40
  def self.store_access_token(options, token)
@@ -52,7 +53,7 @@ module InspecPlugins
52
53
  config["version"] = "0"
53
54
 
54
55
  config.store
55
- config
56
+ API::Login.configuration_stored_message(config)
56
57
  end
57
58
 
58
59
  def self.verify_thor_options(o)
@@ -74,7 +75,8 @@ module InspecPlugins
74
75
 
75
76
  options["url"] = options["server"] + "/compliance"
76
77
  token = options["dctoken"] || options["token"]
77
- store_access_token(options, token)
78
+ success, msg = API::Login.authenticate_login(options)
79
+ success ? store_access_token(options, token) : msg
78
80
  end
79
81
 
80
82
  def self.store_access_token(options, token)
@@ -99,7 +101,7 @@ module InspecPlugins
99
101
  config["version"] = InspecPlugins::Compliance::API.version(config)
100
102
 
101
103
  config.store
102
- config
104
+ API::Login.configuration_stored_message(config)
103
105
  end
104
106
 
105
107
  # Automate login requires `--ent`, `--user`, and either `--token` or `--dctoken`
@@ -126,7 +128,8 @@ module InspecPlugins
126
128
  options["url"] = options["server"] + "/api"
127
129
 
128
130
  if options["user"] && options["token"]
129
- compliance_store_access_token(options, options["token"])
131
+ success, msg = API::Login.authenticate_login(options)
132
+ success ? compliance_store_access_token(options, options["token"]) : msg
130
133
  elsif options["user"] && options["password"]
131
134
  compliance_login_user_pass(options)
132
135
  elsif options["refresh_token"]
@@ -171,7 +174,7 @@ module InspecPlugins
171
174
  config["version"] = InspecPlugins::Compliance::API.version(config)
172
175
 
173
176
  config.store
174
- config
177
+ API::Login.configuration_stored_message(config)
175
178
  end
176
179
 
177
180
  # Compliance login requires `--user` or `--refresh_token`
@@ -179,7 +182,7 @@ module InspecPlugins
179
182
  def self.compliance_verify_thor_options(o)
180
183
  error_msg = []
181
184
 
182
- error_msg.push("Please specify a server using `#{EXEC_NAME} compliance login https://SERVER`") if o["server"].nil?
185
+ error_msg.push("Please specify a server using `#{EXEC_NAME} automate login https://SERVER` or `#{EXEC_NAME} compliance login https://SERVER`") if o["server"].nil?
183
186
 
184
187
  if o["user"].nil? && o["refresh_token"].nil?
185
188
  error_msg.push("Please specify a `--user='USER'` or a `--refresh-token='TOKEN'`")
@@ -192,6 +195,18 @@ module InspecPlugins
192
195
  raise ArgumentError, error_msg.join("\n") unless error_msg.empty?
193
196
  end
194
197
  end
198
+
199
+ def self.authenticate_login(options)
200
+ InspecPlugins::Compliance::API.authenticate_login_using_version_api(
201
+ options["url"],
202
+ options["token"],
203
+ options["insecure"]
204
+ )
205
+ end
206
+
207
+ def self.configuration_stored_message(config)
208
+ "Stored configuration for Chef #{config["server_type"].capitalize}: #{config["server"]}' with user: '#{config["user"]}'"
209
+ end
195
210
  end
196
211
  end
197
212
  end
@@ -6,13 +6,12 @@ module InspecPlugins
6
6
  module Compliance
7
7
  class CLI < Inspec.plugin(2, :cli_command)
8
8
  include Inspec::Dist
9
-
10
- subcommand_desc "compliance SUBCOMMAND", "#{COMPLIANCE_PRODUCT_NAME} commands"
9
+ subcommand_desc "automate SUBCOMMAND or compliance SUBCOMMAND", "#{AUTOMATE_PRODUCT_NAME} commands"
11
10
 
12
11
  # desc "login https://SERVER --insecure --user='USER' --ent='ENTERPRISE' --token='TOKEN'", 'Log in to a Chef Compliance/Chef Automate SERVER'
13
- desc "login", "Log in to a #{COMPLIANCE_PRODUCT_NAME}/#{AUTOMATE_PRODUCT_NAME} SERVER"
12
+ desc "login", "Log in to a #{AUTOMATE_PRODUCT_NAME} SERVER"
14
13
  long_desc <<-LONGDESC
15
- `login` allows you to use InSpec with #{AUTOMATE_PRODUCT_NAME} or a #{COMPLIANCE_PRODUCT_NAME} Server
14
+ `login` allows you to use InSpec with #{AUTOMATE_PRODUCT_NAME} Server
16
15
 
17
16
  You need to a token for communication. More information about token retrieval
18
17
  is available at:
@@ -24,23 +23,22 @@ module InspecPlugins
24
23
  option :user, type: :string, required: false,
25
24
  desc: "Username"
26
25
  option :password, type: :string, required: false,
27
- desc: "Password (#{COMPLIANCE_PRODUCT_NAME} Only)"
26
+ desc: "Password (#{AUTOMATE_PRODUCT_NAME} Only)"
28
27
  option :token, type: :string, required: false,
29
28
  desc: "Access token"
30
29
  option :refresh_token, type: :string, required: false,
31
- desc: "#{COMPLIANCE_PRODUCT_NAME} refresh token (#{COMPLIANCE_PRODUCT_NAME} Only)"
30
+ desc: "#{AUTOMATE_PRODUCT_NAME} refresh token (#{AUTOMATE_PRODUCT_NAME} Only)"
32
31
  option :dctoken, type: :string, required: false,
33
32
  desc: "Data Collector token (#{AUTOMATE_PRODUCT_NAME} Only)"
34
33
  option :ent, type: :string, required: false,
35
34
  desc: "Enterprise for #{AUTOMATE_PRODUCT_NAME} reporting (#{AUTOMATE_PRODUCT_NAME} Only)"
36
35
  def login(server)
37
36
  options["server"] = server
38
- InspecPlugins::Compliance::API.login(options)
39
- config = InspecPlugins::Compliance::Configuration.new
40
- puts "Stored configuration for Chef #{config["server_type"].capitalize}: #{config["server"]}' with user: '#{config["user"]}'"
37
+ login_response = InspecPlugins::Compliance::API.login(options)
38
+ puts login_response
41
39
  end
42
40
 
43
- desc "profiles", "list all available profiles in #{COMPLIANCE_PRODUCT_NAME}"
41
+ desc "profiles", "list all available profiles in #{AUTOMATE_PRODUCT_NAME}"
44
42
  option :owner, type: :string, required: false,
45
43
  desc: "owner whose profiles to list"
46
44
  def profiles
@@ -65,11 +63,11 @@ module InspecPlugins
65
63
  exit 1
66
64
  end
67
65
  rescue InspecPlugins::Compliance::ServerConfigurationMissing
68
- $stderr.puts "\nServer configuration information is missing. Please login using `#{EXEC_NAME} compliance login`"
66
+ $stderr.puts "\nServer configuration information is missing. Please login using `#{EXEC_NAME} #{subcommand_name} login`"
69
67
  exit 1
70
68
  end
71
69
 
72
- desc "exec PROFILE", "executes a #{COMPLIANCE_PRODUCT_NAME} profile"
70
+ desc "exec PROFILE", "executes a #{AUTOMATE_PRODUCT_NAME} profile"
73
71
  exec_options
74
72
  def exec(*tests)
75
73
  compliance_config = InspecPlugins::Compliance::Configuration.new
@@ -91,7 +89,7 @@ module InspecPlugins
91
89
  exit 1
92
90
  end
93
91
 
94
- desc "download PROFILE", "downloads a profile from #{COMPLIANCE_PRODUCT_NAME}"
92
+ desc "download PROFILE", "downloads a profile from #{AUTOMATE_PRODUCT_NAME}"
95
93
  option :name, type: :string,
96
94
  desc: "Name of the archive filename (file type will be added)"
97
95
  def download(profile_name)
@@ -116,12 +114,12 @@ module InspecPlugins
116
114
  file_name = fetcher.fetch(o.name || id)
117
115
  puts "Profile stored to #{file_name}"
118
116
  else
119
- puts "Profile #{profile_name} is not available in #{COMPLIANCE_PRODUCT_NAME}."
117
+ puts "Profile #{profile_name} is not available in #{AUTOMATE_PRODUCT_NAME}."
120
118
  exit 1
121
119
  end
122
120
  end
123
121
 
124
- desc "upload PATH", "uploads a local profile to #{COMPLIANCE_PRODUCT_NAME}"
122
+ desc "upload PATH", "uploads a local profile to #{AUTOMATE_PRODUCT_NAME}"
125
123
  option :overwrite, type: :boolean, default: false,
126
124
  desc: "Overwrite existing profile on Server."
127
125
  option :owner, type: :string, required: false,
@@ -167,7 +165,7 @@ module InspecPlugins
167
165
 
168
166
  # determine user information
169
167
  if (config["token"].nil? && config["refresh_token"].nil?) || config["user"].nil?
170
- error.call("Please login via `#{EXEC_NAME} compliance login`")
168
+ error.call("Please login via `#{EXEC_NAME} #{subcommand_name} login`")
171
169
  end
172
170
 
173
171
  # read profile name from inspec.yml
@@ -202,11 +200,8 @@ module InspecPlugins
202
200
  puts "Start upload to #{config["owner"]}/#{profile_name}"
203
201
  pname = ERB::Util.url_encode(profile_name)
204
202
 
205
- if InspecPlugins::Compliance::API.is_automate_server?(config) || InspecPlugins::Compliance::API.is_automate2_server?(config)
206
- puts "Uploading to #{AUTOMATE_PRODUCT_NAME}"
207
- else
208
- puts "Uploading to #{COMPLIANCE_PRODUCT_NAME}"
209
- end
203
+ puts "Uploading to #{AUTOMATE_PRODUCT_NAME}"
204
+
210
205
  success, msg = InspecPlugins::Compliance::API.upload(config, config["owner"], pname, archive_path)
211
206
 
212
207
  # delete temp file if it was temporary generated
@@ -221,7 +216,7 @@ module InspecPlugins
221
216
  end
222
217
  end
223
218
 
224
- desc "version", "displays the version of the #{COMPLIANCE_PRODUCT_NAME} server"
219
+ desc "version", "displays the version of the #{AUTOMATE_PRODUCT_NAME} server"
225
220
  def version
226
221
  config = InspecPlugins::Compliance::Configuration.new
227
222
  info = InspecPlugins::Compliance::API.version(config)
@@ -233,11 +228,11 @@ module InspecPlugins
233
228
  exit 1
234
229
  end
235
230
  rescue InspecPlugins::Compliance::ServerConfigurationMissing
236
- puts "\nServer configuration information is missing. Please login using `#{EXEC_NAME} compliance login`"
231
+ puts "\nServer configuration information is missing. Please login using `#{EXEC_NAME} #{subcommand_name} login`"
237
232
  exit 1
238
233
  end
239
234
 
240
- desc "logout", "user logout from #{COMPLIANCE_PRODUCT_NAME}"
235
+ desc "logout", "user logout from #{AUTOMATE_PRODUCT_NAME}"
241
236
  def logout
242
237
  config = InspecPlugins::Compliance::Configuration.new
243
238
  unless config.supported?(:oidc) || config["token"].nil? || config["server_type"] == "automate"
@@ -258,9 +253,13 @@ module InspecPlugins
258
253
 
259
254
  def loggedin(config)
260
255
  serverknown = !config["server"].nil?
261
- puts "You need to login first with `#{EXEC_NAME} compliance login`" unless serverknown
256
+ puts "You need to login first with `#{EXEC_NAME} #{subcommand_name} login`" unless serverknown
262
257
  serverknown
263
258
  end
259
+
260
+ def subcommand_name
261
+ @_invocations[Inspec::InspecCLI]&.first || "automate"
262
+ end
264
263
  end
265
264
 
266
265
  # register the subcommand to InSpec CLI registry
@@ -34,13 +34,13 @@ module InspecPlugins
34
34
  if config["token"].nil? && config["refresh_token"].nil?
35
35
  if config["server_type"] == "automate"
36
36
  server = "automate"
37
- msg = "#{EXEC_NAME} compliance login https://your_automate_server --user USER --ent ENT --dctoken DCTOKEN or --token USERTOKEN"
37
+ msg = "#{EXEC_NAME} [automate|compliance] login https://your_automate_server --user USER --ent ENT --dctoken DCTOKEN or --token USERTOKEN"
38
38
  elsif config["server_type"] == "automate2"
39
39
  server = "automate2"
40
- msg = "#{EXEC_NAME} compliance login https://your_automate2_server --user USER --token APITOKEN"
40
+ msg = "#{EXEC_NAME} [automate|compliance] login https://your_automate2_server --user USER --token APITOKEN"
41
41
  else
42
42
  server = "compliance"
43
- msg = "#{EXEC_NAME} compliance login https://your_compliance_server --user admin --insecure --token 'PASTE TOKEN HERE' "
43
+ msg = "#{EXEC_NAME} [automate|compliance] login https://your_compliance_server --user admin --insecure --token 'PASTE TOKEN HERE' "
44
44
  end
45
45
  raise Inspec::FetcherFailure, <<~EOF
46
46
 
@@ -112,7 +112,7 @@ module InspecPlugins
112
112
  end
113
113
 
114
114
  def to_s
115
- "#{COMPLIANCE_PRODUCT_NAME} Profile Loader"
115
+ "#{AUTOMATE_PRODUCT_NAME} Profile Loader"
116
116
  end
117
117
 
118
118
  private
@@ -136,6 +136,7 @@ module InspecPlugins
136
136
  if m.nil?
137
137
  raise "Unable to determine compliance profile name. This can be caused by " \
138
138
  "an incorrect server in your configuration. Try to login to compliance " \
139
+ "via the `#{EXEC_NAME} automate login` command or " \
139
140
  "via the `#{EXEC_NAME} compliance login` command."
140
141
  end
141
142
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.31.1
4
+ version: 4.37.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chef InSpec Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-04-08 00:00:00.000000000 Z
11
+ date: 2021-05-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: chef-telemetry
@@ -17,6 +17,9 @@ dependencies:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
19
  version: '1.0'
20
+ - - ">="
21
+ - !ruby/object:Gem::Version
22
+ version: 1.0.8
20
23
  type: :runtime
21
24
  prerelease: false
22
25
  version_requirements: !ruby/object:Gem::Requirement
@@ -24,6 +27,9 @@ dependencies:
24
27
  - - "~>"
25
28
  - !ruby/object:Gem::Version
26
29
  version: '1.0'
30
+ - - ">="
31
+ - !ruby/object:Gem::Version
32
+ version: 1.0.8
27
33
  - !ruby/object:Gem::Dependency
28
34
  name: license-acceptance
29
35
  requirement: !ruby/object:Gem::Requirement
@@ -223,7 +229,7 @@ dependencies:
223
229
  version: 0.9.0
224
230
  - - "<"
225
231
  - !ruby/object:Gem::Version
226
- version: '1.4'
232
+ version: '1.5'
227
233
  type: :runtime
228
234
  prerelease: false
229
235
  version_requirements: !ruby/object:Gem::Requirement
@@ -233,7 +239,7 @@ dependencies:
233
239
  version: 0.9.0
234
240
  - - "<"
235
241
  - !ruby/object:Gem::Version
236
- version: '1.4'
242
+ version: '1.5'
237
243
  - !ruby/object:Gem::Dependency
238
244
  name: faraday_middleware
239
245
  requirement: !ruby/object:Gem::Requirement
@@ -586,6 +592,7 @@ files:
586
592
  - lib/inspec/resources/script.rb
587
593
  - lib/inspec/resources/security_identifier.rb
588
594
  - lib/inspec/resources/security_policy.rb
595
+ - lib/inspec/resources/selinux.rb
589
596
  - lib/inspec/resources/service.rb
590
597
  - lib/inspec/resources/shadow.rb
591
598
  - lib/inspec/resources/ssh_config.rb