inspec-core 4.33.1 → 4.37.20

data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb

@@ -7,6 +7,11 @@ module InspecPlugins
         require_relative "inspec-compliance/cli"
         InspecPlugins::Compliance::CLI
       end
+
+      cli_command :automate do
+        require_relative "inspec-compliance/cli"
+        InspecPlugins::Compliance::CLI
+      end
     end
 
     autoload :Configuration, "plugins/inspec-compliance/lib/inspec-compliance/configuration"

data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb

@@ -170,6 +170,23 @@ module InspecPlugins
         [success, msg, access_token]
       end
 
+      # Use API access token to validate login using version API
+      def self.authenticate_login_using_version_api(url, api_token, insecure)
+        uri = URI.parse("#{url}/version")
+        req = Net::HTTP::Get.new(uri.path)
+        req["api-token"] = api_token
+        response = InspecPlugins::Compliance::HTTP.send_request(uri, req, insecure)
+
+        if response.code == "200"
+          msg = "Successfully Logged In"
+          success = true
+        else
+          success = false
+          msg = "Failed to authenticate to #{url} \n\Response code: #{response.code}\nBody: #{response.body}"
+        end
+        [success, msg]
+      end
+
       # Use username and password to get an API access token
       def self.get_token_via_password(url, username, password, insecure)
         uri = URI.parse("#{url}/login")
@@ -357,7 +374,7 @@ module InspecPlugins
 
         Inspec::Log.debug(
           "Received 200 from #{url}#{compliance_endpoint} - " \
-          "assuming target is a #{COMPLIANCE_PRODUCT_NAME} server"
+          "assuming target is a #{AUTOMATE_PRODUCT_NAME} server"
         )
         true
       end

data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb

@@ -9,7 +9,7 @@ module InspecPlugins
         class CannotDetermineServerType < StandardError; end
 
         def login(options)
-          raise ArgumentError, "Please specify a server using `#{EXEC_NAME} compliance login https://SERVER`" unless options["server"]
+          raise ArgumentError, "Please specify a server using `#{EXEC_NAME} automate login https://SERVER` or `#{EXEC_NAME} compliance login https://SERVER`" unless options["server"]
 
           options["server"] = URI("https://#{options["server"]}").to_s if URI(options["server"]).scheme.nil?
 
@@ -33,7 +33,8 @@ module InspecPlugins
 
             options["url"] = options["server"] + "/api/v0"
             token = options["dctoken"] || options["token"]
-            store_access_token(options, token)
+            success, msg = API::Login.authenticate_login(options)
+            success ? store_access_token(options, token) : msg
           end
 
           def self.store_access_token(options, token)
@@ -52,7 +53,7 @@ module InspecPlugins
             config["version"] = "0"
 
             config.store
-            config
+            API::Login.configuration_stored_message(config)
           end
 
           def self.verify_thor_options(o)
@@ -74,7 +75,8 @@ module InspecPlugins
 
             options["url"] = options["server"] + "/compliance"
             token = options["dctoken"] || options["token"]
-            store_access_token(options, token)
+            success, msg = API::Login.authenticate_login(options)
+            success ? store_access_token(options, token) : msg
           end
 
           def self.store_access_token(options, token)
@@ -99,7 +101,7 @@ module InspecPlugins
             config["version"] = InspecPlugins::Compliance::API.version(config)
 
             config.store
-            config
+            API::Login.configuration_stored_message(config)
           end
 
           # Automate login requires `--ent`, `--user`, and either `--token` or `--dctoken`
@@ -126,7 +128,8 @@ module InspecPlugins
             options["url"] = options["server"] + "/api"
 
             if options["user"] && options["token"]
-              compliance_store_access_token(options, options["token"])
+              success, msg = API::Login.authenticate_login(options)
+              success ? compliance_store_access_token(options, options["token"]) : msg
             elsif options["user"] && options["password"]
               compliance_login_user_pass(options)
             elsif options["refresh_token"]
@@ -171,7 +174,7 @@ module InspecPlugins
             config["version"] = InspecPlugins::Compliance::API.version(config)
 
             config.store
-            config
+            API::Login.configuration_stored_message(config)
           end
 
           # Compliance login requires `--user` or `--refresh_token`
@@ -179,7 +182,7 @@ module InspecPlugins
           def self.compliance_verify_thor_options(o)
             error_msg = []
 
-            error_msg.push("Please specify a server using `#{EXEC_NAME} compliance login https://SERVER`") if o["server"].nil?
+            error_msg.push("Please specify a server using `#{EXEC_NAME} automate login https://SERVER` or `#{EXEC_NAME} compliance login https://SERVER`") if o["server"].nil?
 
             if o["user"].nil? && o["refresh_token"].nil?
               error_msg.push("Please specify a `--user='USER'` or a `--refresh-token='TOKEN'`")
@@ -192,6 +195,18 @@ module InspecPlugins
             raise ArgumentError, error_msg.join("\n") unless error_msg.empty?
           end
         end
+
+        def self.authenticate_login(options)
+          InspecPlugins::Compliance::API.authenticate_login_using_version_api(
+            options["url"],
+            options["token"],
+            options["insecure"]
+          )
+        end
+
+        def self.configuration_stored_message(config)
+          "Stored configuration for Chef #{config["server_type"].capitalize}: #{config["server"]}' with user: '#{config["user"]}'"
+        end
       end
     end
   end

data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb

@@ -6,41 +6,38 @@ module InspecPlugins
   module Compliance
     class CLI < Inspec.plugin(2, :cli_command)
       include Inspec::Dist
-
-      subcommand_desc "compliance SUBCOMMAND", "#{COMPLIANCE_PRODUCT_NAME} commands"
+      subcommand_desc "automate SUBCOMMAND or compliance SUBCOMMAND", "#{AUTOMATE_PRODUCT_NAME} commands"
 
       # desc "login https://SERVER --insecure --user='USER' --ent='ENTERPRISE' --token='TOKEN'", 'Log in to a Chef Compliance/Chef Automate SERVER'
-      desc "login", "Log in to a #{COMPLIANCE_PRODUCT_NAME}/#{AUTOMATE_PRODUCT_NAME} SERVER"
+      desc "login", "Log in to a #{AUTOMATE_PRODUCT_NAME} SERVER"
       long_desc <<-LONGDESC
-        `login` allows you to use InSpec with #{AUTOMATE_PRODUCT_NAME} or a #{COMPLIANCE_PRODUCT_NAME} Server
+        `login` allows you to use InSpec with #{AUTOMATE_PRODUCT_NAME} Server
 
-        You need to a token for communication. More information about token retrieval
+        You need to have a token for communication. More information about token retrieval
         is available at:
-          https://docs.chef.io/api_automate.html#authentication-methods
-          https://docs.chef.io/api_compliance.html#obtaining-an-api-token
+          https://docs.chef.io/automate/api_tokens
       LONGDESC
       option :insecure, aliases: :k, type: :boolean,
         desc: 'Explicitly allows InSpec to perform "insecure" SSL connections and transfers'
       option :user, type: :string, required: false,
         desc: "Username"
       option :password, type: :string, required: false,
-        desc: "Password (#{COMPLIANCE_PRODUCT_NAME} Only)"
+        desc: "Password (#{AUTOMATE_PRODUCT_NAME} Only)"
       option :token, type: :string, required: false,
         desc: "Access token"
       option :refresh_token, type: :string, required: false,
-        desc: "#{COMPLIANCE_PRODUCT_NAME} refresh token (#{COMPLIANCE_PRODUCT_NAME} Only)"
+        desc: "#{AUTOMATE_PRODUCT_NAME} refresh token (#{AUTOMATE_PRODUCT_NAME} Only)"
       option :dctoken, type: :string, required: false,
         desc: "Data Collector token (#{AUTOMATE_PRODUCT_NAME} Only)"
       option :ent, type: :string, required: false,
         desc: "Enterprise for #{AUTOMATE_PRODUCT_NAME} reporting (#{AUTOMATE_PRODUCT_NAME} Only)"
       def login(server)
         options["server"] = server
-        InspecPlugins::Compliance::API.login(options)
-        config = InspecPlugins::Compliance::Configuration.new
-        puts "Stored configuration for Chef #{config["server_type"].capitalize}: #{config["server"]}' with user: '#{config["user"]}'"
+        login_response = InspecPlugins::Compliance::API.login(options)
+        puts login_response
       end
 
-      desc "profiles", "list all available profiles in #{COMPLIANCE_PRODUCT_NAME}"
+      desc "profiles", "list all available profiles in #{AUTOMATE_PRODUCT_NAME}"
       option :owner, type: :string, required: false,
         desc: "owner whose profiles to list"
       def profiles
@@ -65,11 +62,11 @@ module InspecPlugins
           exit 1
         end
       rescue InspecPlugins::Compliance::ServerConfigurationMissing
-        $stderr.puts "\nServer configuration information is missing. Please login using `#{EXEC_NAME} compliance login`"
+        $stderr.puts "\nServer configuration information is missing. Please login using `#{EXEC_NAME} #{subcommand_name} login`"
         exit 1
       end
 
-      desc "exec PROFILE", "executes a #{COMPLIANCE_PRODUCT_NAME} profile"
+      desc "exec PROFILE", "executes a #{AUTOMATE_PRODUCT_NAME} profile"
       exec_options
       def exec(*tests)
         compliance_config = InspecPlugins::Compliance::Configuration.new
@@ -91,7 +88,7 @@ module InspecPlugins
         exit 1
       end
 
-      desc "download PROFILE", "downloads a profile from #{COMPLIANCE_PRODUCT_NAME}"
+      desc "download PROFILE", "downloads a profile from #{AUTOMATE_PRODUCT_NAME}"
       option :name, type: :string,
         desc: "Name of the archive filename (file type will be added)"
       def download(profile_name)
@@ -116,12 +113,12 @@ module InspecPlugins
           file_name = fetcher.fetch(o.name || id)
           puts "Profile stored to #{file_name}"
         else
-          puts "Profile #{profile_name} is not available in #{COMPLIANCE_PRODUCT_NAME}."
+          puts "Profile #{profile_name} is not available in #{AUTOMATE_PRODUCT_NAME}."
           exit 1
         end
       end
 
-      desc "upload PATH", "uploads a local profile to #{COMPLIANCE_PRODUCT_NAME}"
+      desc "upload PATH", "uploads a local profile to #{AUTOMATE_PRODUCT_NAME}"
       option :overwrite, type: :boolean, default: false,
         desc: "Overwrite existing profile on Server."
       option :owner, type: :string, required: false,
@@ -167,7 +164,7 @@ module InspecPlugins
 
         # determine user information
         if (config["token"].nil? && config["refresh_token"].nil?) || config["user"].nil?
-          error.call("Please login via `#{EXEC_NAME} compliance login`")
+          error.call("Please login via `#{EXEC_NAME} #{subcommand_name} login`")
         end
 
         # read profile name from inspec.yml
@@ -202,11 +199,8 @@ module InspecPlugins
         puts "Start upload to #{config["owner"]}/#{profile_name}"
         pname = ERB::Util.url_encode(profile_name)
 
-        if InspecPlugins::Compliance::API.is_automate_server?(config) || InspecPlugins::Compliance::API.is_automate2_server?(config)
-          puts "Uploading to #{AUTOMATE_PRODUCT_NAME}"
-        else
-          puts "Uploading to #{COMPLIANCE_PRODUCT_NAME}"
-        end
+        puts "Uploading to #{AUTOMATE_PRODUCT_NAME}"
+
         success, msg = InspecPlugins::Compliance::API.upload(config, config["owner"], pname, archive_path)
 
         # delete temp file if it was temporary generated
@@ -221,7 +215,7 @@ module InspecPlugins
         end
       end
 
-      desc "version", "displays the version of the #{COMPLIANCE_PRODUCT_NAME} server"
+      desc "version", "displays the version of the #{AUTOMATE_PRODUCT_NAME} server"
       def version
         config = InspecPlugins::Compliance::Configuration.new
         info = InspecPlugins::Compliance::API.version(config)
@@ -233,11 +227,11 @@ module InspecPlugins
           exit 1
         end
       rescue InspecPlugins::Compliance::ServerConfigurationMissing
-        puts "\nServer configuration information is missing. Please login using `#{EXEC_NAME} compliance login`"
+        puts "\nServer configuration information is missing. Please login using `#{EXEC_NAME} #{subcommand_name} login`"
         exit 1
       end
 
-      desc "logout", "user logout from #{COMPLIANCE_PRODUCT_NAME}"
+      desc "logout", "user logout from #{AUTOMATE_PRODUCT_NAME}"
       def logout
         config = InspecPlugins::Compliance::Configuration.new
         unless config.supported?(:oidc) || config["token"].nil? || config["server_type"] == "automate"
@@ -258,9 +252,13 @@ module InspecPlugins
 
       def loggedin(config)
         serverknown = !config["server"].nil?
-        puts "You need to login first with `#{EXEC_NAME} compliance login`" unless serverknown
+        puts "You need to login first with `#{EXEC_NAME} #{subcommand_name} login`" unless serverknown
         serverknown
       end
+
+      def subcommand_name
+        @_invocations[Inspec::InspecCLI]&.first || "automate"
+      end
     end
 
     # register the subcommand to InSpec CLI registry

data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb

@@ -34,13 +34,13 @@ module InspecPlugins
         if config["token"].nil? && config["refresh_token"].nil?
           if config["server_type"] == "automate"
             server = "automate"
-            msg = "#{EXEC_NAME} compliance login https://your_automate_server --user USER --ent ENT --dctoken DCTOKEN or --token USERTOKEN"
+            msg = "#{EXEC_NAME} [automate|compliance] login https://your_automate_server --user USER --ent ENT --dctoken DCTOKEN or --token USERTOKEN"
           elsif config["server_type"] == "automate2"
             server = "automate2"
-            msg = "#{EXEC_NAME} compliance login https://your_automate2_server --user USER --token APITOKEN"
+            msg = "#{EXEC_NAME} [automate|compliance] login https://your_automate2_server --user USER --token APITOKEN"
           else
             server = "compliance"
-            msg = "#{EXEC_NAME} compliance login https://your_compliance_server --user admin --insecure --token 'PASTE TOKEN HERE' "
+            msg = "#{EXEC_NAME} [automate|compliance] login https://your_compliance_server --user admin --insecure --token 'PASTE TOKEN HERE' "
           end
           raise Inspec::FetcherFailure, <<~EOF
 
@@ -112,7 +112,7 @@ module InspecPlugins
       end
 
       def to_s
-        "#{COMPLIANCE_PRODUCT_NAME} Profile Loader"
+        "#{AUTOMATE_PRODUCT_NAME} Profile Loader"
       end
 
       private
@@ -136,6 +136,7 @@ module InspecPlugins
         if m.nil?
           raise "Unable to determine compliance profile name. This can be caused by " \
             "an incorrect server in your configuration. Try to login to compliance " \
+            "via the `#{EXEC_NAME} automate login` command or " \
             "via the `#{EXEC_NAME} compliance login` command."
         end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 4.33.1
+  version: 4.37.20
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-20 00:00:00.000000000 Z
+date: 2021-05-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-telemetry
@@ -17,6 +17,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.8
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -24,6 +27,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.8
 - !ruby/object:Gem::Dependency
   name: license-acceptance
   requirement: !ruby/object:Gem::Requirement
@@ -223,7 +229,7 @@ dependencies:
         version: 0.9.0
     - - "<"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '1.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -233,7 +239,7 @@ dependencies:
         version: 0.9.0
     - - "<"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '1.5'
 - !ruby/object:Gem::Dependency
   name: faraday_middleware
   requirement: !ruby/object:Gem::Requirement
@@ -586,6 +592,7 @@ files:
 - lib/inspec/resources/script.rb
 - lib/inspec/resources/security_identifier.rb
 - lib/inspec/resources/security_policy.rb
+- lib/inspec/resources/selinux.rb
 - lib/inspec/resources/service.rb
 - lib/inspec/resources/shadow.rb
 - lib/inspec/resources/ssh_config.rb