inspec-core 5.22.40 → 6.6.0

data/lib/plugins/inspec-parallel/lib/inspec-parallel/super_reporter/status.rb

@@ -0,0 +1,124 @@
+require "highline"
+
+module InspecPlugins::Parallelism
+  class SuperReporter
+    class Status < InspecPlugins::Parallelism::SuperReporter::Base
+
+      attr_reader :status_by_pid, :slots
+
+      def initialize(job_count, invocations)
+        @status_by_pid = {}
+        @slots = Array.new(job_count)
+        paint_header(job_count, invocations)
+        paint
+      end
+
+      # --------
+      # SuperReporter API
+      # --------
+      def child_spawned(pid, invocation)
+        new_child("spawned", pid, invocation)
+      end
+
+      def child_forked(pid, invocation)
+        new_child("forked", pid, invocation)
+      end
+
+      def child_exited(pid)
+        slots[status_by_pid[pid][:slot]] = "exited"
+
+        status_by_pid[pid][:pct] = 100.0
+        status_by_pid[pid][:slot] = nil
+        status_by_pid[pid][:exit] = $?
+
+        # TODO: consider holding slot in 100 status for UI grace
+
+        paint
+      end
+
+      def child_status_update_line(pid, update_line)
+        control_serial, status, control_count, title = update_line.split("/")
+        percent = 100.0 * control_serial.to_i / control_count.to_i.to_f
+
+        status_by_pid[pid][:pct] = percent
+        status_by_pid[pid][:last_control] = title
+        status_by_pid[pid][:last_status] = status
+
+        paint
+      end
+
+      # --------
+      # Utilities
+      # --------
+      private
+
+      def new_child(how, pid, invocation)
+        # Update status by PID with new info
+        status_by_pid[pid] = {
+          pct: 0.0,
+          inv: invocation,
+          how: how,
+        }
+
+        # Assign first empty slot
+        slots.each_index do |idx|
+          next unless slots[idx].nil? || slots[idx] == "exited"
+
+          slots[idx] = pid
+          status_by_pid[pid][:slot] = idx
+          break
+        end
+
+        # TODO: consider printing log message
+        paint
+      end
+
+      def terminal_width
+        return @terminal_width if @terminal_width
+
+        @highline ||= HighLine.new
+        width = @highline.output_cols.to_i
+        width = 80 if width < 1
+        @terminal_width = width
+      end
+
+      def paint
+        # Determine the width of a slot
+        slot_width = terminal_width / slots.length
+        line = ""
+        # Loop over slots
+        slots.each_index do |idx|
+          if slots[idx].nil?
+            # line += "idle".center(slot_width)
+            # Need to improve UI
+          elsif slots[idx] == "exited"
+            line += "Done".center(slot_width)
+          else
+            pid = slots[idx]
+            with_pid = format("%s: %0.1f%%", pid, status_by_pid[pid][:pct])
+            if with_pid.length <= slot_width - 2
+              line += with_pid.center(slot_width)
+            else
+              line += format("%0.1f%%", status_by_pid[pid][:pct]).center(slot_width)
+            end
+          end
+        end
+
+        print "\r" + (" " * terminal_width) + "\r"
+        print line
+      end
+
+      def paint_header(jobs, invocations)
+        puts "InSpec Parallel".center(terminal_width)
+        puts "Running #{invocations.length} invocations in #{jobs} slots".center(terminal_width)
+        puts "-" * terminal_width
+        slot_width = terminal_width / slots.length
+        slots.each_index do |idx|
+          print "Slot #{idx + 1}".center(slot_width)
+        end
+        puts
+        puts "-" * terminal_width
+      end
+    end
+  end
+end

data/lib/plugins/inspec-parallel/lib/inspec-parallel/super_reporter/text.rb

@@ -0,0 +1,23 @@
+module InspecPlugins::Parallelism
+  class SuperReporter
+    class Text < InspecPlugins::Parallelism::SuperReporter::Base
+      def child_spawned(pid, _inv)
+        puts "[#{Time.now.iso8601}] Spawned child PID #{pid}"
+      end
+
+      def child_forked(pid, _inv)
+        puts "[#{Time.now.iso8601}] Forked child PID #{pid}"
+      end
+
+      def child_exited(pid)
+        puts "[#{Time.now.iso8601}] Exited child PID #{pid} status #{$?}"
+      end
+
+      def child_status_update_line(pid, update_line)
+        control_serial, _status, control_count, _title = update_line.split("/")
+        percent = 100.0 * control_serial.to_i / control_count.to_i.to_f
+        puts "[#{Time.now.iso8601}] #{pid} " + format("%.1f%%", percent)
+      end
+    end
+  end
+end

data/lib/plugins/inspec-parallel/lib/inspec-parallel/validator.rb

@@ -0,0 +1,170 @@
+require "inspec/cli"
+module InspecPlugins
+  module Parallelism
+    class Validator
+
+      # TODO: make this list dynamic so plugins can self-declare
+      PARALLEL_SAFE_REPORTERS = [
+        "automate",      # Performs HTTP transactions, silent on STDOUT
+        "child-status",  # Writes dedicated protocol to STDOUT, expected by parent
+      ].freeze
+
+      attr_accessor :invocations, :sub_cmd, :thor_options_for_sub_cmd, :aliases_mapping, :cli_options, :config_content, :stdin_config
+
+      def initialize(invocations, cli_options, sub_cmd = "exec")
+        @invocations = invocations
+        @sub_cmd = sub_cmd
+        @thor_options_for_sub_cmd = Inspec::InspecCLI.commands[sub_cmd].options
+        @aliases_mapping = create_aliases_mapping
+        @cli_options = cli_options
+        @config_content = nil
+        @stdin_config = nil
+      end
+
+      def validate
+        invocations.each do |invocation_data|
+          invocation_data[:validation_errors] = []
+
+          convert_cli_to_thor_options(invocation_data)
+          check_for_spurious_options(invocation_data)
+          check_for_required_fields(invocation_data)
+          check_for_reporter_options(invocation_data)
+
+        end
+      end
+
+      def validate_log_path
+        return [] unless cli_options["log_path"]
+
+        if File.directory?(cli_options["log_path"])
+          []
+        else
+          [true, "Log path #{cli_options["log_path"]} is not accessible"]
+        end
+      end
+
+      private
+
+      def create_aliases_mapping
+        alias_mapping = {}
+        thor_options_for_sub_cmd.each do |_, sub_cmd_option|
+          aliases = sub_cmd_option.aliases
+          unless aliases.empty?
+            alias_mapping[aliases[0]] = sub_cmd_option.name
+          end
+        end
+        alias_mapping
+      end
+
+      def check_for_spurious_options(invocation_data)
+        # LIMITATION: Assume the first arg is the profile name, and there is exactly one of them.
+        invalid_options = invocation_data[:thor_args][1..-1]
+        invocation_data[:validation_errors].push "No such option: #{invalid_options}" unless invalid_options.empty?
+      end
+
+      def check_for_required_fields(invocation_data)
+        required_fields = thor_options_for_sub_cmd.collect { |_, thor_option| thor_option.name if thor_option.required }.compact
+        option_keys = invocation_data[:thor_opts].keys
+        invocation_data[:thor_opts].keys.map { |key| option_keys.push(aliases_mapping[key.to_sym]) if aliases_mapping[key.to_sym] }
+        if !required_fields.empty? && (option_keys & required_fields).empty?
+          invocation_data[:validation_errors].push "No value provided for required options: #{required_fields}"
+        end
+      end
+
+      def check_for_reporter_options(invocation_data)
+        # if no reporter option, that's an error
+        unless invocation_data[:thor_opts].include?("reporter")
+          # Check for config reporter validation only if --reporter option is missing from options file
+          return if check_reporter_options_in_config(invocation_data)
+
+          invocation_data[:validation_errors] << "A --reporter option must be specified for each invocation in the options file"
+          return
+        end
+
+        have_child_status_reporter = false
+
+        # Reporter option is formatted as an array
+        invocation_data[:thor_opts]["reporter"].each do |reporter_spec|
+          reporter_name, file_output = reporter_spec.split(":")
+
+          have_child_status_reporter = true if reporter_name == "child-status"
+
+          # if there is a reporter option, each entry must either write to a file or
+          # else be the special child-status reporter or the automate reporter
+          next if PARALLEL_SAFE_REPORTERS.include?(reporter_name)
+
+          unless file_output
+            invocation_data[:validation_errors] << "The #{reporter_name} reporter requires being directed to a file, like #{reporter_name}:filename.out"
+          end
+        end
+
+        # if there is no child-status reporter, add one to the raw value and the parsed array
+        unless have_child_status_reporter
+          # Eww
+          invocation_data[:thor_opts]["reporter"] << "child-status"
+          invocation_data[:value].gsub!("--reporter ", "--reporter child-status ")
+        end
+      end
+
+      def check_reporter_options_in_config(invocation_data)
+        config_opts = invocation_data[:thor_opts]["config"] || invocation_data[:thor_opts]["json_config"]
+        cfg_io = check_for_piped_config_from_stdin(config_opts)
+
+        if cfg_io == STDIN
+          # Scenario of using config from STDIN
+          @config_content ||= cfg_io.read
+        else
+          if config_opts.nil?
+            # Scenario of using default config.json file when path not provided
+            default_path = File.join(Inspec.config_dir, "config.json")
+            config_opts = default_path
+            return unless File.exist?(config_opts)
+          elsif !File.exist?(config_opts)
+            invocation_data[:validation_errors] << "Could not read configuration file at #{config_opts}"
+            return
+          end
+          @config_content = File.open(config_opts).read
+        end
+
+        reporter_config = JSON.parse(config_content)["reporter"] unless config_content.nil? || config_content.empty?
+        unless reporter_config
+          invocation_data[:validation_errors] << "Config should have reporter option specified for each invocation which is not using --reporter option in options file"
+        end
+        @config_content
+      end
+
+      def check_for_piped_config_from_stdin(config_opts)
+        return nil unless config_opts
+        return nil unless config_opts == "-"
+
+        @stdin_config ||= STDIN
+      end
+
+      ## Utility functions
+
+      # Parse the invocation string using Thor into Thor options
+      # This approach was reverse engineered from studying
+      # https://github.com/rails/thor/blob/ab3b5be455791f4efb79f0efb4f88cc6b59c8ccf/lib/thor/base.rb#L53
+
+      def convert_cli_to_thor_options(invocation_data)
+        invocation_words = invocation_data[:value].split(" ")
+
+        # LIMITATION: this approach is limited to having exactly one profile in the invocation
+        args = [invocation_words.shift] # That is, the profile path
+
+        # Here we're piggybacking on on a hook used by the start() method, and provides the
+        # specifics for the subcommand
+        config = { command_options: thor_options_for_sub_cmd }
+
+        # This performs the parse
+        thor = Inspec::InspecCLI.new(args, invocation_words, config)
+
+        # A hash (with indifferent access) of option names to option config data
+        invocation_data[:thor_opts] = thor.options
+
+        # A list of everything else it could not parse, including the profile
+        invocation_data[:thor_args] = thor.args
+      end
+    end
+  end
+end

data/lib/plugins/inspec-parallel/lib/inspec-parallel.rb

@@ -0,0 +1,18 @@
+module InspecPlugins
+  module Parallelism
+    class Plugin < ::Inspec.plugin(2)
+      plugin_name :"inspec-parallel"
+
+      cli_command :parallel do
+        require_relative "inspec-parallel/cli"
+        InspecPlugins::Parallelism::CLI
+      end
+
+      streaming_reporter :"child-status" do
+        require_relative "inspec-parallel/child_status_reporter"
+        InspecPlugins::Parallelism::StreamingReporter
+      end
+
+    end
+  end
+end

data/lib/plugins/inspec-sign/lib/inspec-sign/base.rb

@@ -92,12 +92,16 @@ module InspecPlugins
         Inspec::UI.new.exit(:usage_error)
       end
 
-      def self.profile_verify(signed_profile_path)
+      def self.profile_verify(signed_profile_path, silent = false)
         file_to_verify = signed_profile_path
-        puts "Verifying #{file_to_verify}"
+        puts "Verifying #{file_to_verify}" unless silent
 
         iaf_file = Inspec::IafFile.new(file_to_verify)
         if iaf_file.valid?
+          # Signed profile verification is called from runner and not from CLI
+          # Do not exit and do not print logs
+          return if silent
+
           puts "Detected format version '#{iaf_file.version}'"
           puts "Attempting to verify using key '#{iaf_file.key_name}'"
           puts "Profile is valid."

data/lib/plugins/inspec-sign/lib/inspec-sign/cli.rb

@@ -1,5 +1,6 @@
 require_relative "base"
 require "inspec/dist"
+require "inspec/feature"
 
 #
 # Notes:
@@ -85,8 +86,10 @@ module InspecPlugins
       option :keydir, type: :string, default: "./",
         desc: "Directory to search for keys"
       def generate_keys
-        puts "Generating keys"
-        InspecPlugins::Sign::Base.keygen(options)
+        Inspec.with_feature("inspec-cli-sign-generate-keys") {
+          puts "Generating keys"
+          InspecPlugins::Sign::Base.keygen(options)
+        }
       end
 
       desc "profile PATH", "sign the profile in PATH and generate .iaf artifact."
@@ -95,12 +98,16 @@ module InspecPlugins
       option :profile_content_id, type: :string,
         desc: "UUID of the profile. This will write the profile_content_id in the metadata file if it does not already exist in the metadata file."
       def profile(profile_path)
-        InspecPlugins::Sign::Base.profile_sign(profile_path, options)
+        Inspec.with_feature("inspec-cli-sign-profile") {
+          InspecPlugins::Sign::Base.profile_sign(profile_path, options)
+        }
       end
 
       desc "verify PATH", "Verify a signed profile .iaf artifact at given path."
       def verify(signed_profile_path)
-        InspecPlugins::Sign::Base.profile_verify(signed_profile_path)
+        Inspec.with_feature("inspec-cli-sign-verify") {
+          InspecPlugins::Sign::Base.profile_verify(signed_profile_path)
+        }
       end
     end
   end

data/lib/plugins/inspec-streaming-reporter-progress-bar/lib/inspec-streaming-reporter-progress-bar/streaming_reporter.rb

@@ -91,23 +91,20 @@ module InspecPlugins::StreamingReporterProgressBar
 
       set_status_mapping(control_id, status)
       collect_notifications(notification, control_id, status)
-      control_ended = control_ended?(control_id)
-      if control_ended
-        control_outcome = add_enhanced_outcomes(control_id) if enhanced_outcomes
-        show_progress(control_id, title, full_description, control_outcome)
-      end
+      show_progress(control_id, title, full_description) if control_ended?(notification, control_id)
     end
 
-    def show_progress(control_id, title, full_description, control_outcome)
+    def show_progress(control_id, title, full_description)
       @bar ||= ProgressBar.new(controls_count, :bar, :counter, :percentage)
       sleep 0.1
       @bar.increment!
-      @bar.puts format_it(control_id, title, full_description, control_outcome)
+      @bar.puts format_it(control_id, title, full_description)
     rescue StandardError => e
       raise "Exception in Progress Bar streaming reporter: #{e}"
     end
 
-    def format_it(control_id, title, full_description, control_outcome)
+    def format_it(control_id, title, full_description)
+      control_outcome = control_outcome(control_id)
       if control_outcome
         control_status = control_outcome
       else
@@ -121,11 +118,7 @@ module InspecPlugins::StreamingReporterProgressBar
                          end
       end
       indicator = INDICATORS[control_status]
-      message_to_format = ""
-      message_to_format += "#{indicator}  "
-      message_to_format += "#{control_id.to_s.strip.dup.force_encoding(Encoding::UTF_8)}  "
-      message_to_format += "#{title.gsub(/\n*\s+/, " ").to_s.force_encoding(Encoding::UTF_8)}  " if title
-      message_to_format += "#{full_description.gsub(/\n*\s+/, " ").to_s.force_encoding(Encoding::UTF_8)}  " unless title
+      message_to_format = format_message(indicator, control_id, title, full_description)
       format_with_color(control_status, message_to_format)
     rescue Exception => e
       raise "Exception in show_progress: #{e}"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 5.22.40
+  version: 6.6.0
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-01-19 00:00:00.000000000 Z
+date: 2023-11-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-telemetry
@@ -325,7 +325,7 @@ dependencies:
         version: '1.5'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -335,7 +335,7 @@ dependencies:
         version: '1.5'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: semverse
   requirement: !ruby/object:Gem::Requirement
@@ -368,30 +368,50 @@ dependencies:
   name: train-core
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.10'
+        version: 3.11.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.11.0
+- !ruby/object:Gem::Dependency
+  name: chef-licensing
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.7.5
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.10'
-description: InSpec provides a framework for creating end-to-end infrastructure tests.
-  You can use it for integration or even compliance testing. Create fully portable
-  test profiles and use them in your workflow to ensure stability and security. Integrate
-  InSpec in your change lifecycle for local testing, CI/CD, and deployment verification.
+        version: 0.7.5
+description: |+
+  InSpec provides a framework for creating end-to-end infrastructure tests. You can use it for integration or even compliance testing. Create fully portable test profiles and use them in your workflow to ensure stability and security. Integrate InSpec in your change lifecycle for local testing, CI/CD, and deployment verification.
   This has local support only. See the `inspec` gem for full support.
+
+  Packaged distributions of Progress® Chef® products obtained from RubyGems are made available pursuant to the Progress Chef EULA at https://www.chef.io/end-user-license-agreement, unless there is an executed agreement in effect between you and Progress that covers the Progress Chef products ("Master Agreement"), in which case the Master Agreement shall govern.
+
+  Source code obtained from the Chef GitHub repository is made available under Apache-2.0, a copy of which is included.
+
 email:
 - inspec@chef.io
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- Chef-EULA
 - Gemfile
 - LICENSE
 - etc/deprecations.json
+- etc/features.sig
+- etc/features.yaml
 - etc/keys/progress-2022-05-04.pem.pub
 - etc/plugin_filters.json
 - inspec-core.gemspec
@@ -434,6 +454,9 @@ files:
 - lib/inspec/errors.rb
 - lib/inspec/exceptions.rb
 - lib/inspec/expect.rb
+- lib/inspec/feature.rb
+- lib/inspec/feature/config.rb
+- lib/inspec/feature/runner.rb
 - lib/inspec/fetcher.rb
 - lib/inspec/fetcher/git.rb
 - lib/inspec/fetcher/local.rb
@@ -710,6 +733,7 @@ files:
 - lib/inspec/utils/install_context.rb
 - lib/inspec/utils/json_log.rb
 - lib/inspec/utils/json_profile_summary.rb
+- lib/inspec/utils/licensing_config.rb
 - lib/inspec/utils/modulator.rb
 - lib/inspec/utils/nginx_parser.rb
 - lib/inspec/utils/object_traversal.rb
@@ -794,6 +818,22 @@ files:
 - lib/plugins/inspec-init/templates/resources/basic/libraries/inspec-resource-template.erb
 - lib/plugins/inspec-init/templates/resources/plural/docs/resource-doc.erb
 - lib/plugins/inspec-init/templates/resources/plural/libraries/inspec-resource-template.erb
+- lib/plugins/inspec-license/README.md
+- lib/plugins/inspec-license/inspec-license.gemspec
+- lib/plugins/inspec-license/lib/inspec-license.rb
+- lib/plugins/inspec-license/lib/inspec-license/cli.rb
+- lib/plugins/inspec-parallel/README.md
+- lib/plugins/inspec-parallel/inspec-parallel.gemspec
+- lib/plugins/inspec-parallel/lib/inspec-parallel.rb
+- lib/plugins/inspec-parallel/lib/inspec-parallel/child_status_reporter.rb
+- lib/plugins/inspec-parallel/lib/inspec-parallel/cli.rb
+- lib/plugins/inspec-parallel/lib/inspec-parallel/command.rb
+- lib/plugins/inspec-parallel/lib/inspec-parallel/runner.rb
+- lib/plugins/inspec-parallel/lib/inspec-parallel/super_reporter/base.rb
+- lib/plugins/inspec-parallel/lib/inspec-parallel/super_reporter/silent.rb
+- lib/plugins/inspec-parallel/lib/inspec-parallel/super_reporter/status.rb
+- lib/plugins/inspec-parallel/lib/inspec-parallel/super_reporter/text.rb
+- lib/plugins/inspec-parallel/lib/inspec-parallel/validator.rb
 - lib/plugins/inspec-plugin-manager-cli/README.md
 - lib/plugins/inspec-plugin-manager-cli/inspec-plugin-manager-cli.gemspec
 - lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb
@@ -837,7 +877,7 @@ files:
 - lib/source_readers/inspec.rb
 homepage: https://github.com/inspec/inspec
 licenses:
-- Apache-2.0
+- LicenseRef-Chef-EULA
 metadata: {}
 post_install_message: 
 rdoc_options: []