inspec-core 4.56.17 → 5.10.5

data/lib/inspec/ui.rb

@@ -30,6 +30,7 @@ module Inspec
     EXIT_USAGE_ERROR = 1
     EXIT_PLUGIN_ERROR = 2
     EXIT_FATAL_DEPRECATION = 3
+    EXIT_GEM_DEPENDENCY_LOAD_ERROR = 4
     EXIT_LICENSE_NOT_ACCEPTED = 172
     EXIT_FAILED_TESTS = 100
     EXIT_SKIPPED_TESTS = 101
@@ -139,6 +140,15 @@ module Inspec
       print_or_return(result, opts[:print])
     end
 
+    def line_with_width(width = 80, opts = { print: true } )
+      if color?
+        result = ANSI_CODES[:bold] + GLYPHS[:heavy_dash] * width + ANSI_CODES[:reset] + "\n"
+      else
+        result = "-" * width + "\n"
+      end
+      print_or_return(result, opts[:print])
+    end
+
     # Makes a bullet point.
     def list_item(str, opts = { print: true })
       bullet = color? ? ANSI_CODES[:bold] + ANSI_CODES[:color][:white] + GLYPHS[:bullet] + ANSI_CODES[:reset] : "*"

data/lib/inspec/utils/deprecated_cloud_resources_list.rb

@@ -0,0 +1,54 @@
+module DeprecatedCloudResourcesList
+  CLOUD_RESOURCES_DEPRECATED = %i{
+    aws_billing_report
+    aws_billing_reports
+    aws_cloudtrail_trail
+    aws_cloudtrail_trails
+    aws_cloudwatch_alarm
+    aws_cloudwatch_log_metric_filter
+    aws_config_delivery_channel
+    aws_config_recorder
+    aws_ec2_instance
+    aws_ebs_volume
+    aws_ebs_volumes
+    aws_flow_log
+    aws_ec2_instances
+    aws_ecs_cluster
+    aws_eks_cluster
+    aws_elb
+    aws_elbs
+    aws_iam_access_key
+    aws_iam_access_keys
+    aws_iam_group
+    aws_iam_groups
+    aws_iam_password_policy
+    aws_iam_policies
+    aws_iam_policy
+    aws_iam_role
+    aws_iam_root_user
+    aws_iam_user
+    aws_iam_users
+    aws_kms_key
+    aws_kms_keys
+    aws_rds_instance
+    aws_route_table
+    aws_route_tables
+    aws_s3_bucket
+    aws_s3_bucket_object
+    aws_s3_buckets
+    aws_security_group
+    aws_security_groups
+    aws_sns_subscription
+    aws_sns_topic
+    aws_sns_topics
+    aws_sqs_queue
+    aws_subnet
+    aws_subnets
+    aws_vpc
+    aws_vpcs
+    azure_generic_resource
+    azure_resource_group
+    azure_virtual_machine
+    azure_virtual_machine_data_disk
+  }.freeze
+end

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "4.56.17".freeze
+  VERSION = "5.10.5".freeze
 end

data/lib/inspec.rb

@@ -28,3 +28,6 @@ require "inspec/base_cli"
 require "inspec/fetcher"
 require "inspec/source_reader"
 require "inspec/resource"
+
+require "inspec/dependency_loader"
+require "inspec/dependency_installer"

data/lib/plugins/inspec-artifact/inspec-artifact.gemspec

@@ -0,0 +1,9 @@
+# .gemspec file is added to add plugin details
+# These specs are used in plugin list and search command
+
+Gem::Specification.new do |spec|
+  spec.name          = "inspec-artifact"
+  spec.summary       = ""
+  spec.description   = "Plugin to generate asymmetrical keys that you can use to encrypt profiles"
+  spec.license       = "Apache-2.0"
+end

data/lib/plugins/inspec-compliance/inspec-compliance.gemspec

@@ -0,0 +1,9 @@
+# .gemspec file is added to add plugin details
+# These specs are used in plugin list and search command
+
+Gem::Specification.new do |spec|
+  spec.name          = "inspec-compliance"
+  spec.summary       = "Plugin to perform operations with Chef Automate"
+  spec.description   = "This extensions will allow you to interact with Chef Automate"
+  spec.license       = "Apache-2.0"
+end

data/lib/plugins/inspec-habitat/inspec-habitat.gemspec

@@ -0,0 +1,9 @@
+# .gemspec file is added to add plugin details
+# These specs are used in plugin list and search command
+
+Gem::Specification.new do |spec|
+  spec.name          = "inspec-habitat"
+  spec.summary       = "Plugin to create/upload habitat package"
+  spec.description   = "This extensions will allow you to create/upload habitat package from an inspec profile."
+  spec.license       = "Apache-2.0"
+end

data/lib/plugins/inspec-init/inspec-init.gemspec

@@ -0,0 +1,9 @@
+# .gemspec file is added to add plugin details
+# These specs are used in plugin list and search command
+
+Gem::Specification.new do |spec|
+  spec.name          = "inspec-init"
+  spec.summary       = "Plugin for scaffolding profile, plugin or a resource"
+  spec.description   = "This extensions helps you to easily create a new profile, plugin or a resource."
+  spec.license       = "Apache-2.0"
+end

data/lib/plugins/inspec-init/lib/inspec-init/cli.rb

@@ -10,6 +10,7 @@ module InspecPlugins
 
       require_relative "cli_profile"
       require_relative "cli_plugin"
+      require_relative "cli_resource"
     end
   end
 end

data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb

@@ -81,6 +81,7 @@ module InspecPlugins
           File.join("lib", "inspec-plugin-template.erb") => File.join("lib", plugin_name + ".rb"),
           File.join("lib", "inspec-plugin-template", "cli_command.erb") => File.join("lib", plugin_name, "cli_command.rb"),
           File.join("lib", "inspec-plugin-template", "reporter.erb") => File.join("lib", plugin_name, "reporter.rb"),
+          File.join("lib", "inspec-plugin-template", "streaming_reporter.erb") => File.join("lib", plugin_name, "streaming_reporter.rb"),
           File.join("lib", "inspec-plugin-template", "plugin.erb") => File.join("lib", plugin_name, "plugin.rb"),
           File.join("lib", "inspec-plugin-template", "version.erb") => File.join("lib", plugin_name, "version.rb"),
           File.join("test", "functional", "inspec_plugin_template_test.erb") => File.join("test", "functional", snake_case + "_test.rb"),
@@ -183,6 +184,9 @@ module InspecPlugins
         elsif activators_by_type.key?(:reporter)
           vars[:reporter_name_dashes] = activators_by_type[:reporter].tr("_", "-")
           vars[:reporter_name_snake] = activators_by_type[:reporter].tr("-", "_")
+        elsif activators_by_type.key?(:streaming_reporter)
+          vars[:streaming_reporter_name_dashes] = activators_by_type[:streaming_reporter].tr("_", "-")
+          vars[:streaming_reporter_name_snake] = activators_by_type[:streaming_reporter].tr("-", "_")
         end
         vars
       end
@@ -267,6 +271,11 @@ module InspecPlugins
             File.join("lib", "inspec-plugin-template", "reporter.erb"),
           ]
         end
+        unless requested_activators.include?(:streaming_reporter)
+          skips += [
+            File.join("lib", "inspec-plugin-template", "streaming_reporter.erb"),
+          ]
+        end
 
         skips.uniq
       end

data/lib/plugins/inspec-init/lib/inspec-init/cli_resource.rb

@@ -0,0 +1,126 @@
+require_relative "renderer"
+
+module InspecPlugins
+  module Init
+    class CLI < Inspec.plugin(2, :cli_command)
+      #-------------------------------------------------------------------#
+      #                 inspec init resource
+      #-------------------------------------------------------------------#
+      desc "resource RESOURCE_NAME [options]", "Generates an InSpec resource, which can extend the scope of InSpec resources support"
+      # General options
+      option :prompt, type: :boolean, default: true, desc: "Interactively prompt for information to put in your generated resource."
+      option :overwrite, type: :boolean, default: false, desc: "Overwrite existing files"
+      option :layout, type: :string, default: "resource-pack", desc: "File layout, either 'resource-pack' or 'core'"
+      option :template, type: :string, default: "basic", desc: "Which type of resource template to use"
+
+      # Templating vars
+      option :supports_platform, type: :string, default: "linux", desc: "the platform supported by this resource"
+      option :description, type: :string, default: "Resource description ...", desc: "the description of this resource"
+      option :class_name, type: :string, default: "MyCustomResource", desc: "Class Name for your resource."
+      option :path, type: :string, default: ".", desc: "Subdirectory under which to create files"
+
+      # Wishlist:
+      #  Make make_rename_map_resource dynamic:
+      #   + Add a --path option which defaults to ., which will create the tree under that path
+      #   + Add a --layout option which changes all the tree to act as placing the files in core inspec (lib/inspec/resources, docs-chef-io/)
+      #   - Add a --template=plural option which changes the templates to use a set of Filtertable based templates
+      #   - Add a --template=inherit option which provides a template for inheriting from the core resources
+      #   - Add a template=aws
+      #  + Generate properties and matchers:
+      #   + generate a has_bells? matcher => it { should have_bells }
+      #   + generate a is_purple? matcher => it { should be_purple }
+      #   + generate a shoe_size => its('shoe_size') { should cmp 10 }
+      #  + Generate unit tests for above properties and matchers
+      #  + Generate docs for properties and matchers
+      #  + Add --overwrite option
+
+      def resource(resource_name)
+        resource_vars_from_opts_resource
+        template_vars = {
+          name: options[:path], # This is used for the path prefix
+          resource_name: resource_name,
+        }
+        template_vars.merge!(options)
+        template_path = File.join("resources", template_vars["template"])
+
+        render_opts = {
+          templates_path: TEMPLATES_PATH,
+          overwrite: options[:overwrite],
+          file_rename_map: make_rename_map_resource(template_vars),
+        }
+        renderer = InspecPlugins::Init::Renderer.new(ui, render_opts)
+        renderer.render_with_values(template_path, "resource", template_vars)
+      end
+
+      private
+
+      def make_rename_map_resource(vars)
+        if vars["layout"] == "resource-pack"
+          {
+            File.join("libraries", "inspec-resource-template.erb") => File.join("libraries", vars[:resource_name] + ".rb"),
+            File.join("docs", "resource-doc.erb") => File.join("docs", vars[:resource_name] + ".md"),
+            File.join("test", "unit", "inspec-resource-test-template.erb") => File.join("test", "unit", vars[:resource_name] + "_test.rb"),
+          }
+        elsif vars["layout"] == "core"
+          {
+            File.join("libraries", "inspec-resource-template.erb") => File.join("lib", "inspec", "resources", vars[:resource_name] + ".rb"),
+            File.join("docs", "resource-doc.erb") => File.join("docs-chef-io", "content", "inspec", "resources", vars[:resource_name] + ".md"),
+            File.join("test", "unit", "inspec-resource-test-template.erb") => File.join("test", "unit", "resources", vars[:resource_name] + "_test.rb"),
+          }
+        else
+          ui.error("Unrecognized value for 'layout' - please enter either 'resource-pack' or 'core'")
+          ui.exit(:usage_error)
+        end
+      end
+
+      def resource_vars_from_opts_resource
+        if options[:prompt] && ui.interactive?
+          options.dup.merge(prompt_for_options_resource)
+        elsif !options[:prompt]
+          # Nothing to do - unless we need to calculate dynamic defaults in the future
+        else
+          ui.error("You requested interactive prompting for the template variables, but this does not seem to be an interactive terminal.")
+          ui.exit(:usage_error)
+        end
+      end
+
+      def prompt_for_options_resource # rubocop: disable Metrics/AbcSize
+        option_defs = self.class.all_commands["resource"].options
+        options_order = {
+          path: {},
+          layout: {
+            mode: :select,
+            choices: [
+              { name: "Resource Pack", value: "resource-pack", default: true },
+              { name: "InSpec Core", value: "core" },
+            ],
+          },
+          template: {
+            mode: :select,
+            choices: [
+              { name: "Basic", value: "basic", default: true },
+              { name: "Plural", value: "plural" },
+            ],
+          },
+          supports_platform: {},
+          description: {},
+          class_name: {},
+        }
+
+        options_order.each do |opt_name, prompt_options|
+          opt_def = option_defs[opt_name]
+
+          case prompt_options[:mode]
+          when :select
+            options[opt_name] = ui.prompt.select("Choose " + opt_def.description + ":", prompt_options[:choices])
+          when :multiline
+            options[opt_name] = ui.prompt.multiline("Enter " + opt_def.description + ". Press Control-D to end.", default: options[opt_name])
+          else
+            # Assume plain ask
+            options[opt_name] = ui.prompt.ask("Enter " + opt_def.description + ":", default: options[opt_name])
+          end
+        end
+      end
+    end
+  end
+end

data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb

@@ -38,8 +38,8 @@ module InspecPlugins
         full_destination_path = Pathname.new(Dir.pwd).join(relative_destination_path)
 
         # check that the directory does not exist
-        if File.exist?(full_destination_path) && !overwrite_mode
-          ui.plain_line "#{ui.emphasis(full_destination_path)} exists already, use --overwrite"
+        if File.exist?(full_destination_path) && !overwrite_mode && template_values[:name] != "."
+          ui.plain_line "#{ui.emphasis(full_destination_path)} exists already, use --overwrite or move to #{ui.emphasis(full_destination_path)} to create the resource"
           ui.exit(:usage_error)
         end
 
@@ -57,18 +57,19 @@ module InspecPlugins
 
           relative_destination_item_path = file_rename_map[relative_destination_item_path] || relative_destination_item_path
           full_destination_item_path = Pathname.new(full_destination_path).join(relative_destination_item_path)
-          if File.directory?(source_file)
-            ui.list_item "Creating directory #{ui.emphasis(relative_destination_item_path)}"
-            FileUtils.mkdir_p(full_destination_item_path)
-          elsif File.file?(source_file)
+          if File.file?(source_file)
+            # Be git-like and only create directories if they contain a file
+            containing_directory = full_destination_item_path.dirname
+            unless File.exist?(containing_directory)
+              ui.list_item "Creating directory #{ui.emphasis(containing_directory)}"
+              FileUtils.mkdir_p(containing_directory)
+            end
             ui.list_item "Creating file #{ui.emphasis(relative_destination_item_path)}"
             # read & render content
             content = render(File.read(source_file), template_values)
             # write file content
 
             File.write(full_destination_item_path, content)
-          else
-            ui.warning "Ignoring #{ui.emphasis(source_file)}, because its not an file or directoy"
           end
         end
 

data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.erb

@@ -66,6 +66,22 @@ module InspecPlugins
         InspecPlugins::<%= module_name %>::Reporter
       end
       <% end %>
+
+      <% if activators[:streaming_reporter] %>
+      # Define a new Streaming Reporter.
+      # The argument here will be used to match against the CLI --reporter option.
+      # `--reporter <%= streaming_reporter_name_snake %>` will load your streaming reporter and perform streaming real-time on each passing, failing or pending test.
+      streaming_reporter :<%= streaming_reporter_name_snake %> do
+        # Calling this activator doesn't mean the reporter is being executed - just
+        # that we should be ready to do so. So, load the file that defines the
+        # functionality.
+        require "<%= plugin_name %>/streaming_reporter"
+
+        # Having loaded our functionality, return a class that will let the
+        # reporting engine tap into it.
+        InspecPlugins::<%= module_name %>::StreamingReporter
+      end
+      <% end %>
     end
   end
 end

data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/streaming_reporter.erb

@@ -0,0 +1,31 @@
+module InspecPlugins::<%= module_name %>
+  # This class will provide the actual Streaming Reporter implementation.
+  # Its superclass is provided by another call to Inspec.plugin,
+  # this time with two args.  The first arg specifies we are requesting
+  # version 2 of the Plugins API.  The second says we are making a
+  # Streaming Reporter plugin component, so please make available any DSL needed
+  # for that.
+
+  class StreamingReporter < Inspec.plugin(2, :streaming_reporter)
+
+    # Registering these methods with RSpec::Core::Formatters class is mandatory
+    RSpec::Core::Formatters.register self, :example_passed, :example_failed, :example_pending
+
+    def initialize(output)
+      @output = output
+    end
+
+    def example_passed(notification) # ExampleNotification
+      # some logic to run on passing test case
+    end
+
+    def example_failed(notification) # FailedExampleNotification
+      # some logic to run on failing test case
+    end
+
+    def example_pending(notification) # ExampleNotification
+      # some logic to run on pending test case
+    end
+
+  end
+end

data/lib/plugins/inspec-init/templates/profiles/aws/inspec.yml

@@ -6,7 +6,7 @@ copyright_email: you@example.com
 license: Apache-2.0
 summary: An InSpec Compliance Profile For AWS
 version: 0.1.0
-inspec_version: '~> 4'
+inspec_version: '~> 5'
 inputs:
 - name: aws_vpc_id
   required: false

data/lib/plugins/inspec-init/templates/resources/basic/docs/resource-doc.erb

@@ -0,0 +1,77 @@
++++
+title = "<%= resource_name %> resource"
+draft = false
+gh_repo = "inspec"
+platform = "<%= supports_platform %>"
+
+[menu]
+  [menu.inspec]
+    title = "<%= resource_name %>"
+    identifier = "inspec/resources/os/<%= resource_name %>.md <%= resource_name %> resource"
+    parent = "inspec/resources/os"
++++
+
+Use the `<%= resource_name %>` Chef InSpec audit resource to test the ...
+
+
+## Availability
+
+### Installation
+
+This resource is distributed along with Chef InSpec itself. You can use it automatically.
+
+## Syntax
+
+A `<%= resource_name %>` Chef InSpec audit resource ...
+
+    describe <%= resource_name %> do
+      its('shoe_size') { should cmp 42 }
+      it { should be_purple }
+      it { should have_bells }
+    end
+where
+
+- `'shoe_size'` is some property of this resource
+- `42` is the value to test for shoe size
+- `be_purple` is a matcher of this resource
+- `have_bells` is a matcher of this resource
+
+## Properties
+
+- Properties of the resources: `shoe_size`
+
+### shoe_size
+
+The shoe_size property tests ....
+
+## Matchers
+
+For a full list of available matchers, please visit our [matchers page](https://docs.chef.io/inspec/matchers/).
+
+The specific matchers of this resource are: `be_purple`, `have_bells`
+
+### be_purple
+
+The `be_purple` matcher tests the ...:
+
+    it { should be_purple }
+
+## Examples
+The following examples show how to use this Chef InSpec audit resource.
+
+### Example 1
+
+`shoe_size` returns ...
+
+    describe <%= resource_name %> do
+      its("shoe_size") { should eq 42 }
+    end
+
+### Example 2
+
+`be_purple` checks for ...
+
+    describe <%= resource_name %> do
+      it { should be_purple }
+    end
+

data/lib/plugins/inspec-init/templates/resources/basic/libraries/inspec-resource-template.erb

@@ -0,0 +1,94 @@
+# Uncomment the below lines to add gems and files required by the resource
+# require ""
+# require_relative ""
+
+# Change module if required
+module Inspec::Resources
+  # Most custom InSpec resource inherit from a dynamic class, InSpec.resource(1).
+  # If you wish to inherit from a core resource, you need to follow special instructions -
+  # see https://www.chef.io/blog/extending-inspec-resources-core-resource-inheritance
+  class <%= class_name %> < Inspec.resource(1)
+    # Every resource requires an internal name.
+    name "<%= resource_name %>"
+
+    # Restrict to only run on the below platforms (if none were given,
+    # all OS's and cloud API's supported)
+    supports platform: "<%= supports_platform %>"
+
+    desc "<%= description %>"
+
+    example <<~EXAMPLE
+      describe "<%= resource_name %>" do
+        its("shoe_size") { should cmp 10 }
+      end
+      describe "<%= resource_name %>" do
+        it { should be_purple }
+      end
+    EXAMPLE
+
+    # Resource initialization. Add any arguments you want to pass to the contructor here.
+    # Anything you pass here will be passed to the "describe" call:
+    # describe <%= resource_name %>(YOUR_PARAMETERS_HERE) do
+    #   its("shoe_size") { should cmp 10 }
+    # end
+    def initialize
+      skip_resource "The `<%= resource_name %>` resource is not yet available on your OS." unless inspec.os.<%= supports_platform %>?
+      # Initialize required path/params/configs
+    end
+
+    # Define a resource ID. This is used in reporting engines to uniquely identify the individual resource.
+    # This might be a file path, or a process ID, or a cloud instance ID. Only meaningful to the implementation.
+    # Must be a string. Defaults to the empty string if not implemented.
+    def resource_id
+      # replace value specific unique to this individual resource instance
+      "something special"
+    end
+
+    # Define how you want your resource to appear in test reports. Commonly, this is just the resource name and the resource ID.
+    def to_s
+      "<%= resource_name %> #{resource_id}"
+    end
+
+    # Define matchers. Matchers are predicates - they return true or false.
+    # Matchers also have their names transformed: the question mark is dropped, and
+    # the "is_" prefix becomes "be_". A similar transformation happens for "has_" (see below)
+    # So this will be called as:
+    #  describe "<%= resource_name %>" do
+    #    it { should be_purple }
+    #  end
+    def is_purple?
+      # positive or negative expectations specific to this resource instance
+      true # Purple is the best color
+    end
+
+    # Define matchers. Matchers are predicates - they return true or false.
+    # Matchers also have their names transformed: the question mark is dropped, and
+    # the "has_" prefix becomes "have_".
+    # So this will be called as:
+    #  describe "<%= resource_name %>" do
+    #    it { should have_bells }
+    #  end
+    def has_bells?
+      # positive or negative expectations specific to this resource instance
+      true # Jingle all the way
+    end
+
+    # Define properties. Properties return values for evaluation against operators.
+    # No name transformation occurs. This is called using the "its" facility.
+    # So this will be called as:
+    #  describe "<%= resource_name %>" do
+    #    its('shoe_size') { should cmp 42 }
+    #  end
+    def shoe_size
+      # Implementation of a property specific to this resource
+      42
+    end
+
+    private
+
+    # Methods to help the resource's public methods
+    def helper_method
+      # Add anything you need here
+    end
+  end
+end

data/lib/plugins/inspec-init/templates/resources/plural/docs/resource-doc.erb

@@ -0,0 +1,62 @@
++++
+title = "<%= resource_name %> resource"
+draft = false
+gh_repo = "inspec"
+platform = "<%= supports_platform %>"
+
+[menu]
+  [menu.inspec]
+    title = "<%= resource_name %>"
+    identifier = "inspec/resources/os/<%= resource_name %>.md <%= resource_name %> resource"
+    parent = "inspec/resources/os"
++++
+
+Use the `<%= resource_name %>` Chef InSpec audit resource to test multiple ...
+
+
+## Availability
+
+### Installation
+
+This resource is distributed along with Chef InSpec itself. You can use it automatically.
+
+## Syntax
+
+A `<%= resource_name %>` Chef InSpec audit resource tests multiple ...
+
+    describe <%= resource_name %>.where { shoe_size > 10 } do
+      its('count') { should cmp 10 }
+    end
+
+where
+
+- `'shoe_size'` is a filter criteria of this resource
+- `10` is the value to test for shoe size
+- `count` is the count of matched records
+
+## Filter Criteria
+
+### shoe_size
+
+The shoe_size filter criteria tests ....
+
+## Properties
+
+### count
+
+Returns the number of records matched by the filter criteria.
+
+    describe <%= resource_name %>.where { shoe_size > 10 } do
+      its('count') { should cmp 10 }
+    end
+
+## Matchers
+
+### exist
+
+The control will pass if the filter returns at least one result. Use
+`should_not` if you expect zero matches.
+
+    describe <%= resource_name %> do
+      it { should exist }
+    end