inspec-core 4.56.20 → 5.7.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c5cd060fe45d6cb0fa653922f1fa8c63e723e8736bfa3c4b821e7a4f1e109fae
-  data.tar.gz: 5c5ceb1b63e19b6311d7ef9a5ce601b98a782397439b3e97dcc4f590c9ca739b
+  metadata.gz: 4c3af1b1fd71ded2286e8aa90c46c74dd20f7fb31c525e56ae03e52952c26b0f
+  data.tar.gz: 507db51585f790cc26af852626b3bb52f8a35f36870ee563902234f1c2664a2a
 SHA512:
-  metadata.gz: 3a028a6ea4d48e8eba83804548abc255ac2fb2ecfd76d450223cc24eab43f84382dec1de8813fd7b9f7284ffd1ef7f8a9948724850469296d086dd9c9bb55173
-  data.tar.gz: 534d17549cbf55ffc635a4a9f0689372093debd6f2bbe020f15d606619b451c5441bd2266a8f092024409d0bbe3715d5b7bb7bebf695bba0f23ae2b4112f8553
+  metadata.gz: 00447ba26c980417a501be959fb8ca85268db4e600417c11a912181da2c75c41169d419f1177fac484a12c1c405cae3aab5912ec9cab24f9a9e4adf355d40faa
+  data.tar.gz: f007b4bc1998187a7313f34f8739145f5e511500e2c9ca280b7163495a6909646be25fed9b4307a27f370e5e36b94b36b558c9e8d5c67079dc6cf24fb93029ea

data/etc/deprecations.json

@@ -17,9 +17,14 @@
       "prefix": "Inputs should be specified by using the 'inputs' key in profile metadata, not 'attributes'."
     },
     "aws_resources_in_resource_pack": {
-      "comment": "See #3822",
-      "action": "warn",
-      "prefix": "AWS resources shipped with core InSpec are being to moved to a resource pack for faster iteration. Please update your profiles to depend on git@github.com:inspec/inspec-aws.git ."
+      "comment": "Deprecated in InSpec 5",
+      "action": "exit",
+      "prefix": "AWS resources in core InSpec are deprecated and have been removed in InSpec 5. They are now part of a resource pack. Please update your profiles to depend on git@github.com:inspec/inspec-aws.git ."
+    },
+    "azure_resources_in_resource_pack": {
+      "comment": "Deprecated in InSpec 5",
+      "action": "exit",
+      "prefix": "Azure resources in core InSpec are deprecated and have been removed in InSpec 5. They are now part of a resource pack. Please update your profiles to depend on git@github.com:inspec/inspec-azure.git ."
     },
     "cli_option_json_config": {
       "action": "ignore",
@@ -55,10 +60,6 @@
       "action": "fail_control",
       "suffix": "This property was removed in InSpec 4.0."
     },
-    "properties_aws_iam_user": {
-      "action": "fail_control",
-      "suffix": "This property was removed in InSpec 4.0."
-    },
     "properties_shadow": {
       "action": "fail_control",
       "suffix": "This property was removed in InSpec 4.0."
@@ -72,10 +73,6 @@
       "action": "exit",
       "suffix": "This resource was removed in InSpec 4.0."
     },
-    "resource_azure_generic_resource": {
-      "action": "warn",
-      "prefix": "The azure_generic_resource is deprecated. Please use a specific resource. See: 'https://github.com/inspec/inspec/issues/3131'"
-    },
     "resource_iis_website": {
       "action": "exit",
       "suffix": "This resource was removed in InSpec 4.0.",
@@ -125,6 +122,10 @@
       "action": "warn",
       "prefix": "The --hook option is being replaced by the --activator option.",
       "suffix": "This options will be removed in InSpec 4.0."
+    },
+    "cli_option_target_id":{
+      "action": "warn",
+      "prefix": "The --target-id option is deprecated in InSpec 5. Its value will be ignored."
     }
   }
 }

data/inspec-core.gemspec

@@ -13,7 +13,7 @@ Gem::Specification.new do |spec|
   spec.license       = "Apache-2.0"
   spec.require_paths = ["lib"]
 
-  spec.required_ruby_version = ">= 2.6"
+  spec.required_ruby_version = ">= 2.7"
 
   # the gemfile and gemspec are necessary for appbundler so don't remove it
   spec.files =

data/lib/inspec/base_cli.rb

@@ -99,8 +99,18 @@ module Inspec
         desc: "Specify a particular shell to use."
       option :ssl, type: :boolean,
         desc: "Use SSL for transport layer encryption (WinRM)."
+      option :ssl_peer_fingerprint, type: :string,
+        desc: "Specify peer fingerprint for SSL authentication, used in lieu of certificates"
       option :self_signed, type: :boolean,
         desc: "Allow remote scans with self-signed certificates (WinRM)."
+      option :ca_trust_file, type: :string,
+        desc: "Specify CA trust file for SSL authentication"
+      option :client_cert, type: :string,
+        desc: "Specify client certificate for SSL authentication"
+      option :client_key, type: :string,
+        desc: "Specify client key required with client cert for SSL authentication"
+      option :client_key_pass, type: :string, lazy_default: -1,
+        desc: "Specify client cert password, if required for SSL authentication"
       option :winrm_transport, type: :string, default: "negotiate",
         desc: "Specify which transport to use, defaults to negotiate (WinRM)."
       option :winrm_disable_sspi, type: :boolean,
@@ -121,7 +131,7 @@ module Inspec
       option :insecure, type: :boolean, default: false,
         desc: "Disable SSL verification on select targets"
       option :target_id, type: :string,
-        desc: "Provide a ID which will be included on reports"
+        desc: "Provide a ID which will be included on reports - deprecated"
       option :winrm_shell_type, type: :string, default: "powershell",
         desc: "Specify a shell type for winrm (eg. 'elevated' or 'powershell')"
       option :docker_url, type: :string,
@@ -135,6 +145,8 @@ module Inspec
         desc: "Folder which contains referenced profiles."
       option :vendor_cache, type: :string,
         desc: "Use the given path for caching dependencies. (default: ~/.inspec/cache)"
+      option :auto_install_gems, type: :boolean, default: false,
+        desc: "Auto installs gem dependencies of the profile or resource pack."
     end
 
     def self.supermarket_options
@@ -152,7 +164,7 @@ module Inspec
         desc: "A list of tags names that are part of controls to filter and run controls, or a list of /regexes/ to match against tags names of controls. Ignore all other tests."
       option :reporter, type: :array,
         banner: "one two:/output/file/path",
-        desc: "Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit, yaml"
+        desc: "Enable one or more output reporters: cli, documentation, html, progress, progress-bar, json, json-min, json-rspec, junit, yaml"
       option :reporter_message_truncation, type: :string,
         desc: "Number of characters to truncate failure messages and code_desc in report data to (default: no truncation)"
       option :reporter_backtrace_inclusion, type: :boolean,

data/lib/inspec/cli.rb

@@ -95,8 +95,6 @@ class Inspec::InspecCLI < Inspec::BaseCLI
   desc "check PATH", "verify all tests at the specified PATH"
   option :format, type: :string,
     desc: "The output format to use doc (default), json. If valid format is not provided then it will use the default."
-  option :with_cookstyle, type: :boolean,
-    desc: "Enable or disable cookstyle checks.", default: false
   profile_options
   def check(path) # rubocop:disable Metrics/AbcSize,Metrics/MethodLength
     o = config
@@ -203,6 +201,12 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     vendor_deps(path, vendor_options)
 
     profile = Inspec::Profile.for_target(path, o)
+    gem_deps = profile.metadata.gem_dependencies + \
+      profile.locked_dependencies.list.map { |_k, v| v.profile.metadata.gem_dependencies }.flatten
+    unless gem_deps.empty?
+      o[:logger].warn "Archiving a profile that contains gem dependencies, but InSpec cannot package gems with the profile! Please archive your ~/.inspec/gems directory separately."
+    end
+
     result = profile.check
 
     if result && !o[:ignore_errors] == false
@@ -298,6 +302,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
   def exec(*targets)
     o = config
     diagnose(o)
+    deprecate_target_id(config)
     configure_logger(o)
 
     runner = Inspec::Runner.new(o)
@@ -316,6 +321,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
   option :format, type: :string
   def detect
     o = config
+    deprecate_target_id(config)
     o[:command] = "platform.params"
 
     configure_logger(o)
@@ -356,6 +362,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     desc: "Specify one or more inputs directly on the command line to the shell, as --input NAME=VALUE. Accepts single-quoted YAML and JSON structures."
   def shell_func
     o = config
+    deprecate_target_id(config)
     diagnose(o)
     o[:debug_shell] = true
 
@@ -443,6 +450,12 @@ class Inspec::InspecCLI < Inspec::BaseCLI
 
   private
 
+  def deprecate_target_id(config)
+    unless config[:target_id].nil?
+      Inspec.deprecate "cli_option_target_id"
+    end
+  end
+
   def run_command(opts)
     runner = Inspec::Runner.new(Inspec::Config.new(opts))
     res = runner.eval_with_virtual_profile(opts[:command])

data/lib/inspec/dependency_installer.rb

@@ -0,0 +1,74 @@
+# This class will install the gem depedencies for profiles etc.
+# The basic things which is required to install dependencies is the gem path where gem needs to be installed
+# and the list of gems needs to be installed.
+require "rubygems/remote_fetcher"
+require "forwardable" unless defined?(Forwardable)
+
+module Inspec
+  class DependencyInstaller
+    extend Forwardable
+
+    attr_reader :gem_path, :requested_gems, :dependency_loader
+
+    def_delegator :dependency_loader, :inspec_gem_path
+
+    def initialize(gem_path = nil, requested_gems = [])
+      @dependency_loader = Inspec::DependencyLoader.new
+      @gem_path = gem_path || inspec_gem_path
+      @requested_gems = requested_gems
+    end
+
+    def install
+      requested_gems.each do |requested_gem|
+        version = requested_gem[:version].nil? ? "> 0" : requested_gem[:version]
+        install_from_remote_gems(requested_gem[:name], { version: version })
+      end
+    end
+
+    private
+
+    def install_from_remote_gems(requested_gem_name, opts)
+      version = opts[:version].split(",")
+      begin
+        gem_dependency = Gem::Dependency.new(requested_gem_name, version || "> 0")
+
+        # BestSet is rubygems.org API + indexing, APISet is for custom sources
+        sources = if opts[:source]
+                    Gem::Resolver::APISet.new(URI.join(opts[:source] + "/api/v1/dependencies"))
+                  else
+                    Gem::Resolver::BestSet.new
+                  end
+
+        install_gem_to_gems_dir(gem_dependency, [sources], opts[:update_mode])
+      rescue Gem::RemoteFetcher::FetchError => gem_ex
+        ex = Inspec::GemDependencyInstallError.new(gem_ex.message)
+        ex.gem_name = requested_gem_name
+        raise ex
+      rescue Gem::Requirement::BadRequirementError => gem_ex
+        ex = Inspec::GemDependencyInstallError.new(gem_ex.message)
+        ex.gem_name = requested_gem_name
+        raise "Unparseable gem dependency '#{version}' for '#{ex.gem_name}'"
+      end
+    end
+
+    def install_gem_to_gems_dir(gem_dependency, extra_request_sets = [], update_mode = false)
+      # Solve the dependency (that is, find a way to install the new gem and anything it needs)
+      request_set = Gem::RequestSet.new(gem_dependency)
+
+      begin
+        solution = request_set.resolve
+      rescue Gem::UnsatisfiableDependencyError => gem_ex
+        ex = Inspec::GemDependencyInstallError.new(gem_ex.message)
+        ex.gem_name = gem_dependency.name
+        raise ex
+      end
+
+      # OK, perform the installation.
+      # Ignore deps here, because any needed deps should already be baked into gem_dependency
+      request_set.install_into(gem_path, true, ignore_dependencies: true, document: [])
+
+      # Locate the GemVersion for the new dependency and return it
+      solution.detect { |g| g.name == gem_dependency.name }.version
+    end
+  end
+end

data/lib/inspec/dependency_loader.rb

@@ -0,0 +1,97 @@
+# This class will load the gem depedencies for profiles etc.
+# The basic things which is required to load gem dependencies is the path from which gems needs to be loaded
+# and the list of gems needs to be loaded.
+
+module Inspec
+  class DependencyLoader
+    attr_accessor :gem_path, :gem_list
+
+    # initializes the dependency_loader
+    def initialize(gem_path = nil, gem_list = [])
+      @gem_path = gem_path || inspec_gem_path
+      @gem_list = gem_list
+    end
+
+    def load
+      Gem.path << gem_path
+      Gem.refresh
+
+      gem_list.each do |gem_data|
+        version = gem_data[:version].nil? ? "> 0" : gem_data[:version]
+        activate_gem_dependency(gem_data[:name], version)
+      end
+    end
+
+    def inspec_gem_path
+      self.class.inspec_gem_path
+    end
+
+    def self.inspec_gem_path
+      require "rbconfig" unless defined?(RbConfig)
+      ruby_abi_version = RbConfig::CONFIG["ruby_version"]
+      # TODO: why are we installing under the api directory for plugins?
+      base_dir = Inspec.config_dir
+      base_dir = File.realpath base_dir if File.exist? base_dir
+      File.join(base_dir, "gems", ruby_abi_version)
+    end
+
+    # Lists all gems found in the inspec_gem_path.
+    # @return [Array[Gem::Specification]] Specs of all gems found.
+    def list_managed_gems
+      Dir.glob(File.join(gem_path, "specifications", "*.gemspec")).map { |p| Gem::Specification.load(p) }
+    end
+
+    def list_installed_gems
+      list_managed_gems
+    end
+
+    def gem_installed?(name)
+      list_installed_gems.any? { |spec| spec.name == name }
+    end
+
+    def gem_version_installed?(name, version)
+      list_installed_gems.any? { |s| s.name == name && Gem::Requirement.new(version.split(",")) =~ s.version }
+    end
+
+    private
+
+    def activate_gem_dependency(name, version_constraint = "> 0")
+      version_constraint = version_constraint.split(",")
+      gem_deps = [Gem::Dependency.new(name.to_s, version_constraint)]
+      managed_gem_set = Gem::Resolver::VendorSet.new
+
+      # Note: There is an issue in resolving gem dependency.
+      # This block resolves that issue partially.
+      # But this will still fail for the gems which don't have the .gemspec file.
+      # TODO: Find the solution to resolve gem dependencies that work for the unpackaged gems which don't have the .gemspec file.
+      list_managed_gems.each do |spec|
+        unless Dir["#{spec.gem_dir}/*.gemspec"].empty?
+          managed_gem_set.add_vendor_gem(spec.name, spec.gem_dir)
+        end
+      end
+
+      # TODO: Next two lines merge our managed gems with the other gems available
+      # in our "local universe" - which may be the system, or it could be in a Bundler microcosm,
+      # or rbenv, etc. Do we want to merge that, though?
+      distrib_gem_set = Gem::Resolver::CurrentSet.new
+      installed_gem_set = Gem::Resolver.compose_sets(managed_gem_set, distrib_gem_set)
+
+      # So, given what we need, and what we have available, what activations are needed?
+      resolver = Gem::Resolver.new(gem_deps, installed_gem_set)
+
+      begin
+        solution = resolver.resolve
+      rescue Gem::UnsatisfiableDependencyError => gem_ex
+        # If you broke your install, or downgraded to a plugin with a bad gemspec, you could get here.
+        ex = Inspec::GemDependencyLoadError.new(gem_ex.message)
+        raise ex
+      end
+      solution.each do |activation_request|
+        next if activation_request.full_spec.activated?
+
+        activation_request.full_spec.activate
+        # TODO: If we are under Bundler, inform it that we loaded a gem
+      end
+    end
+  end
+end

data/lib/inspec/dsl.rb

@@ -1,6 +1,7 @@
 # copyright: 2015, Dominik Richter
 require "inspec/log"
 require "inspec/plugin/v2"
+require "inspec/utils/deprecated_cloud_resources_list"
 
 module Inspec::DSL
   attr_accessor :backend
@@ -38,8 +39,16 @@ module Inspec::DSL
 
     begin
       require "inspec/resources/#{id}"
-    rescue LoadError
-      require "resources/aws/#{id}"
+    rescue LoadError => e
+      include DeprecatedCloudResourcesList
+      cloud_resource = id.start_with?("aws_") ? "aws" : "azure"
+
+      # Deprecated AWS and Azure resources in InSpec 5.
+      if CLOUD_RESOURCES_DEPRECATED.include? id
+        Inspec.deprecate(:"#{cloud_resource}_resources_in_resource_pack", "Resource '#{id}'")
+      else
+        raise LoadError, "#{e.message}"
+      end
     end
 
     klass = Inspec::Resource.registry[id.to_s]

data/lib/inspec/errors.rb

@@ -15,4 +15,11 @@ module Inspec
   class ConfigError::Invalid < ConfigError; end
 
   class UserInteractionRequired < Error; end
+
+  class GemDependencyLoadError < Error; end
+
+  class GemDependencyInstallError < Error
+    attr_accessor :gem_name
+    attr_accessor :version
+  end
 end

data/lib/inspec/formatters/base.rb

@@ -1,5 +1,6 @@
 require "rspec/core"
 require "rspec/core/formatters/base_formatter"
+require "set" unless defined?(Set)
 
 module Inspec::Formatters
   class Base < RSpec::Core::Formatters::BaseFormatter
@@ -14,6 +15,8 @@ module Inspec::Formatters
       @profiles = []
       @profiles_info = nil
       @backend = nil
+      @all_controls_count = nil
+      @control_checks_count_map = {}
     end
 
     # RSpec Override: #dump_summary
@@ -80,6 +83,26 @@ module Inspec::Formatters
       @profiles.push(profile)
     end
 
+    # These control count related methods are called via runner rspec library of inspec
+    # And these are used within streaming plugins to determine end of control
+    ######### Start of control count related methods
+    def set_controls_count(controls_count)
+      @all_controls_count = controls_count
+    end
+
+    def set_control_checks_count_map(mapping)
+      @control_checks_count_map = mapping
+    end
+
+    def get_controls_count
+      @all_controls_count
+    end
+
+    def get_control_checks_count_map
+      @control_checks_count_map
+    end
+    ######### end of control count related methods
+
     # Return all the collected output to the caller
     def results
       run_data

data/lib/inspec/metadata.rb

@@ -41,6 +41,7 @@ module Inspec
       description
       version
       inspec_version
+      entitlement_id
     }.each do |name|
       define_method name.to_sym do |arg|
         params[name.to_sym] = arg
@@ -51,6 +52,10 @@ module Inspec
       params[:depends] || []
     end
 
+    def gem_dependencies
+      params[:gem_dependencies] || []
+    end
+
     def supports(sth, version = nil)
       # Ignore supports with metadata.rb. This file is legacy and the way it
       # it handles `supports` deprecated. A deprecation warning will be printed
@@ -94,6 +99,10 @@ module Inspec
         errors.push("Version needs to be in SemVer format")
       end
 
+      if params[:entitlement_id] && params[:entitlement_id].strip.empty?
+        errors.push("Entitlement ID should not be blank.")
+      end
+
       unless supports_runtime?
         warnings.push("The current inspec version #{Inspec::VERSION} cannot satisfy profile inspec_version constraint #{params[:inspec_version]}")
       end
@@ -109,6 +118,33 @@ module Inspec
         warnings.push("License '#{params[:license]}' needs to be in SPDX format or marked as 'Proprietary'. See https://spdx.org/licenses/.")
       end
 
+      # If gem_dependencies is set, it must be an array of hashes with keys name and optional version
+      unless params[:gem_dependencies].nil?
+        list = params[:gem_dependencies]
+        if list.is_a?(Array) && list.all? { |e| e.is_a? Hash }
+          list.each do |entry|
+            errors.push("gem_dependencies entries must all have a 'name' field") unless entry.key?(:name)
+            if entry[:version]
+              orig = entry[:version]
+              begin
+                # Split on commas as we may have a complex dep
+                orig.split(",").map { |c| Gem::Requirement.parse(c) }
+              rescue Gem::Requirement::BadRequirementError
+                errors.push "Unparseable gem dependency '#{orig}' for #{entry[:name]}"
+              rescue Inspec::GemDependencyInstallError => e
+                errors.push e.message
+              end
+            end
+            extra = (entry.keys - %i{name version})
+            unless extra.empty?
+              warnings.push "Unknown gem_dependencies key(s) #{extra.join(",")} seen for entry '#{entry[:name]}'"
+            end
+          end
+        else
+          errors.push("gem_dependencies must be a List of Hashes")
+        end
+      end
+
       [errors, warnings]
     end
 

data/lib/inspec/plugin/v2/plugin_types/streaming_reporter.rb

@@ -1,10 +1,53 @@
 module Inspec::Plugin::V2::PluginType
-  class StreamingReporter < Inspec::Plugin::V2::PluginBase # TBD Superclass may need to change
+  class StreamingReporter < Inspec::Plugin::V2::PluginBase
     register_plugin_type(:streaming_reporter)
 
     #====================================================================#
     #                StreamingReporter plugin type API
     #====================================================================#
     # Implementation classes must implement these methods.
+
+    def initialize_streaming_reporter
+      @running_controls_list = []
+      @control_checks_count_map = {}
+      @controls_count = nil
+    end
+
+    private
+
+    # method to identify when the control started running
+    # this will be useful in executing operations on control's level start
+    def control_started?(control_id)
+      if @running_controls_list.include? control_id
+        false
+      else
+        @running_controls_list.push(control_id)
+        true
+      end
+    end
+
+    # method to identify when the control ended running
+    # this will be useful in executing operations on control's level end
+    def control_ended?(control_id)
+      set_control_checks_count_map_value
+      unless @control_checks_count_map[control_id].nil?
+        @control_checks_count_map[control_id] -= 1
+        @control_checks_count_map[control_id] == 0
+      else
+        false
+      end
+    end
+
+    # method to identify total no. of controls
+    def controls_count
+      @controls_count ||= RSpec.configuration.formatters.grep(Inspec::Formatters::Base).first.get_controls_count
+    end
+
+    # this method is used in the logic of determining end of control
+    def set_control_checks_count_map_value
+      if @control_checks_count_map.empty?
+        @control_checks_count_map = RSpec.configuration.formatters.grep(Inspec::Formatters::Base).first.get_control_checks_count_map
+      end
+    end
   end
 end

data/lib/inspec/profile.rb

@@ -13,6 +13,8 @@ require "inspec/dependencies/cache"
 require "inspec/dependencies/lockfile"
 require "inspec/dependencies/dependency_set"
 require "inspec/utils/json_profile_summary"
+require "inspec/dependency_loader"
+require "inspec/dependency_installer"
 
 module Inspec
   class Profile
@@ -103,7 +105,6 @@ module Inspec
       @check_mode = options[:check_mode] || false
       @parent_profile = options[:parent_profile]
       @legacy_profile_path = options[:profiles_path] || false
-      @check_cookstyle = options[:with_cookstyle]
       Metadata.finalize(@source_reader.metadata, @profile_id, options)
 
       # if a backend has already been created, clone it so each profile has its own unique backend object
@@ -379,6 +380,66 @@ module Inspec
       @runner_context
     end
 
+    def collect_gem_dependencies(profile_context)
+      gem_dependencies = []
+      all_profiles = []
+      profile_context.dependencies.list.values.each do |requirement|
+        all_profiles << requirement.profile
+      end
+      all_profiles << self
+      all_profiles.each do |profile|
+        gem_dependencies << profile.metadata.gem_dependencies unless profile.metadata.gem_dependencies.empty?
+      end
+      gem_dependencies.flatten.uniq
+    end
+
+    # Loads the required gems specified in the Profile's metadata file from default inspec gems path i.e. ~/.inspec/gems
+    # else installs and loads them.
+    def load_gem_dependencies
+      gem_dependencies = collect_gem_dependencies(load_libraries)
+      gem_dependencies.each do |gem_data|
+        dependency_loader = DependencyLoader.new
+        if dependency_loader.gem_version_installed?(gem_data[:name], gem_data[:version]) ||
+            dependency_loader.gem_installed?(gem_data[:name])
+          load_gem_dependency(gem_data)
+        else
+          if Inspec::Config.cached[:auto_install_gems]
+            install_gem_dependency(gem_data)
+            load_gem_dependency(gem_data)
+          else
+            ui = Inspec::UI.new
+            gem_dependencies.each { |gem_dependency| ui.list_item("#{gem_dependency[:name]} #{gem_dependency[:version]}") }
+            choice = ui.prompt.select("Would you like to install profile gem dependencies listed above?", %w{Yes No})
+            if choice == "Yes"
+              Inspec::Config.cached[:auto_install_gems] = true
+              load_gem_dependencies
+            else
+              ui.error "Unable to resolve above listed profile gem dependencies."
+              Inspec::UI.new.exit(:gem_dependency_load_error)
+            end
+          end
+        end
+      end
+    end
+
+    # Requires gem_data as argument.
+    # gem_dta example: { name: "gem_name", version: "0.0.1"}
+    def load_gem_dependency(gem_data)
+      dependency_loader = DependencyLoader.new(nil, [gem_data])
+      dependency_loader.load
+    rescue Inspec::GemDependencyLoadError => e
+      raise e.message
+    end
+
+    # Requires gem_data as argument.
+    # gem_dta example: { name: "gem_name", version: "0.0.1"}
+    def install_gem_dependency(gem_data)
+      gem_dependency = DependencyInstaller.new(nil, [gem_data])
+      gem_dependency.install
+    rescue Inspec::GemDependencyInstallError => e
+      raise e.message
+    end
+
     def to_s
       "Inspec::Profile<#{name}>"
     end
@@ -594,13 +655,12 @@ module Inspec
       end
 
       # Running cookstyle to check for code offenses
-      if @check_cookstyle
-        cookstyle_linting_check.each do |lint_output|
-          data = lint_output.split(":")
-          msg = "#{data[-2]}:#{data[-1]}"
-          offense.call(data[0], data[1], data[2], nil, msg)
-        end
+      cookstyle_linting_check.each do |lint_output|
+        data = lint_output.split(":")
+        msg = "#{data[-2]}:#{data[-1]}"
+        offense.call(data[0], data[1], data[2], nil, msg)
       end
+
       # profile is valid if we could not find any error & offenses
       result[:summary][:valid] = result[:errors].empty? && result[:offenses].empty?
 
@@ -776,6 +836,7 @@ module Inspec
     end
 
     def load_checks_params(params)
+      load_gem_dependencies
       load_libraries
       tests = collect_tests
       params[:controls] = controls = {}

data/lib/inspec/reporters/automate.rb

@@ -21,7 +21,7 @@ module Inspec::Reporters
       final_report[:type] = "inspec_report"
 
       final_report[:end_time] = Time.now.utc.strftime("%FT%TZ")
-      final_report[:node_uuid] = report[:platform][:target_id] || @config["node_uuid"] || @config["target_id"]
+      final_report[:node_uuid] = @config["node_uuid"] || report[:platform][:target_id]
       raise Inspec::ReporterError, "Cannot find a UUID for your node. Please specify one via json-config." if final_report[:node_uuid].nil?
 
       final_report[:report_uuid] = @config["report_uuid"] || uuid_from_string(final_report[:end_time] + final_report[:node_uuid])