inspec-core 5.22.65 → 6.6.0

data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb

@@ -27,33 +27,35 @@ module InspecPlugins
       option :copyright, type: :string, default: nil, desc: "A copyright statement, to be added to LICENSE"
 
       def plugin(plugin_name)
-        plugin_type = determine_plugin_type(plugin_name)
-        snake_case = plugin_name.tr("-", "_")
+        Inspec.with_feature("inspec-cli-init-plugin") {
+          plugin_type = determine_plugin_type(plugin_name)
+          snake_case = plugin_name.tr("-", "_")
 
-        # Handle deprecation of option --hook
-        unless options[:hook].nil?
-          Inspec.deprecate "cli_option_hook"
-          options[:activator] = options.delete(:hook)
-        end
+          # Handle deprecation of option --hook
+          unless options[:hook].nil?
+            Inspec.deprecate "cli_option_hook"
+            options[:activator] = options.delete(:hook)
+          end
 
-        template_vars = {
-          name: plugin_name,
-          plugin_name: plugin_name,
-          snake_case: snake_case,
-        }.merge(plugin_vars_from_opts)
+          template_vars = {
+            name: plugin_name,
+            plugin_name: plugin_name,
+            snake_case: snake_case,
+          }.merge(plugin_vars_from_opts)
 
-        template_path = File.join("plugins", plugin_type + "-plugin-template")
+          template_path = File.join("plugins", plugin_type + "-plugin-template")
 
-        render_opts = {
-          templates_path: TEMPLATES_PATH,
-          overwrite: options[:overwrite],
-          file_rename_map: make_rename_map(plugin_type, plugin_name, snake_case),
-          skip_files: make_skip_list(template_vars["activators"].keys),
-        }
+          render_opts = {
+            templates_path: TEMPLATES_PATH,
+            overwrite: options[:overwrite],
+            file_rename_map: make_rename_map(plugin_type, plugin_name, snake_case),
+            skip_files: make_skip_list(template_vars["activators"].keys),
+          }
 
-        renderer = InspecPlugins::Init::Renderer.new(ui, render_opts)
+          renderer = InspecPlugins::Init::Renderer.new(ui, render_opts)
 
-        renderer.render_with_values(template_path, plugin_type + " plugin", template_vars)
+          renderer.render_with_values(template_path, plugin_type + " plugin", template_vars)
+        }
       end
 
       private

data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb

@@ -25,22 +25,24 @@ module InspecPlugins
       option :overwrite, type: :boolean, default: false,
              desc: "Overwrites existing directory"
       def profile(new_profile_name)
-        unless valid_profile_platforms.include?(options[:platform])
-          ui.error "Unable to generate profile: No template available for platform '#{options[:platform]}' (expected one of: #{valid_profile_platforms.join(", ")})"
-          ui.exit(:usage_error)
-        end
-        template_path = File.join("profiles", options[:platform])
+        Inspec.with_feature("inspec-cli-init-profile") {
+          unless valid_profile_platforms.include?(options[:platform])
+            ui.error "Unable to generate profile: No template available for platform '#{options[:platform]}' (expected one of: #{valid_profile_platforms.join(", ")})"
+            ui.exit(:usage_error)
+          end
+          template_path = File.join("profiles", options[:platform])
 
-        render_opts = {
-          templates_path: TEMPLATES_PATH,
-          overwrite: options[:overwrite],
-        }
-        renderer = InspecPlugins::Init::Renderer.new(ui, render_opts)
+          render_opts = {
+            templates_path: TEMPLATES_PATH,
+            overwrite: options[:overwrite],
+          }
+          renderer = InspecPlugins::Init::Renderer.new(ui, render_opts)
 
-        vars = {
-          name: new_profile_name,
+          vars = {
+            name: new_profile_name,
+          }
+          renderer.render_with_values(template_path, "profile", vars)
         }
-        renderer.render_with_values(template_path, "profile", vars)
       end
     end
   end

data/lib/plugins/inspec-init/lib/inspec-init/cli_resource.rb

@@ -35,21 +35,23 @@ module InspecPlugins
       #  + Add --overwrite option
 
       def resource(resource_name)
-        resource_vars_from_opts_resource
-        template_vars = {
-          name: options[:path], # This is used for the path prefix
-          resource_name: resource_name,
-        }
-        template_vars.merge!(options)
-        template_path = File.join("resources", template_vars["template"])
+        Inspec.with_feature("inspec-cli-init-resource") {
+          resource_vars_from_opts_resource
+          template_vars = {
+            name: options[:path], # This is used for the path prefix
+            resource_name: resource_name,
+          }
+          template_vars.merge!(options)
+          template_path = File.join("resources", template_vars["template"])
 
-        render_opts = {
-          templates_path: TEMPLATES_PATH,
-          overwrite: options[:overwrite],
-          file_rename_map: make_rename_map_resource(template_vars),
+          render_opts = {
+            templates_path: TEMPLATES_PATH,
+            overwrite: options[:overwrite],
+            file_rename_map: make_rename_map_resource(template_vars),
+          }
+          renderer = InspecPlugins::Init::Renderer.new(ui, render_opts)
+          renderer.render_with_values(template_path, "resource", template_vars)
         }
-        renderer = InspecPlugins::Init::Renderer.new(ui, render_opts)
-        renderer.render_with_values(template_path, "resource", template_vars)
       end
 
       private

data/lib/plugins/inspec-license/README.md

@@ -0,0 +1,16 @@
+# License Plugin
+
+## license list
+
+Implements the `inspec license list` CLI command.
+
+## license add
+
+Implements the `inspec license add` CLI command.
+
+### What This Plugin Does
+
+This plugin consists of the following subcommands:
+
+1. `add`: helps to add a new license
+2. `list`: helps to list all the licenses for the current user

data/lib/plugins/inspec-license/inspec-license.gemspec

@@ -0,0 +1,6 @@
+Gem::Specification.new do |spec|
+  spec.name          = "inspec-license"
+  spec.summary       = "Plugin to list user licenses."
+  spec.description   = ""
+  spec.license       = "Apache-2.0"
+end

data/lib/plugins/inspec-license/lib/inspec-license/cli.rb

@@ -0,0 +1,26 @@
+require "chef-licensing"
+module InspecPlugins::License
+  class CLI < Inspec.plugin(2, :cli_command)
+    include Inspec::Dist
+
+    subcommand_desc "license SUBCOMMAND [options]", "Manage #{PRODUCT_NAME} license"
+    desc "list", "List licenses (not applicable to local licensing service)"
+    def list
+      ChefLicensing.list_license_keys_info
+    rescue ChefLicensing::Error => e
+      Inspec::Log.error e.message
+      Inspec::UI.new.exit(Inspec::UI::EXIT_LICENSE_NOT_SET)
+    end
+
+    desc "add", "Add a new license (not applicable to local licensing service)"
+    def add
+      ChefLicensing.add_license
+    rescue ChefLicensing::LicenseKeyFetcher::LicenseKeyAddNotAllowed => e
+      Inspec::Log.error e.message
+      Inspec::UI.new.exit(Inspec::UI::EXIT_LICENSE_NOT_SET)
+    rescue ChefLicensing::Error => e
+      Inspec::Log.error e.message
+      Inspec::UI.new.exit(Inspec::UI::EXIT_LICENSE_NOT_SET)
+    end
+  end
+end

data/lib/plugins/inspec-license/lib/inspec-license.rb

@@ -0,0 +1,14 @@
+module InspecPlugins
+  module License
+    class Plugin < ::Inspec.plugin(2)
+      plugin_name :"inspec-license"
+
+      if Inspec::Dist::EXEC_NAME == "inspec"
+        cli_command :license do
+          require_relative "inspec-license/cli"
+          InspecPlugins::License::CLI
+        end
+      end
+    end
+  end
+end

data/lib/plugins/inspec-parallel/README.md

@@ -0,0 +1,27 @@
+# Parallel Plugin
+
+Plugin to handle parallel InSpec scan operations over multiple targets.
+
+## parallel cli_command
+
+Implements the `inspec parallel exec` CLI command.
+
+## child-status Plugin
+
+This reporter is an InSpec Streaming Reporter. It is used internally by inspec parallel to provide status updates on child processes.
+
+### What This Plugin Does
+
+For each control executed, after it is complete, the plugin emits a line to STDOUT like:
+```
+12/P/24/Control Title Here
+```
+When the run is complete, the single line 'EOF_MARKER' is emitted.
+
+Where:
+
+ - 12 is the number of the control (12th seen out of all controls in all profiles)
+ - P indicates that it Passed (Also F = Failed, S = Skipped, E = Errored)
+ - 24 is the total number of controls in the run
+ - "Control Title Here" is the title (or if title is missing, id) of the last executed control
+

data/lib/plugins/inspec-parallel/inspec-parallel.gemspec

@@ -0,0 +1,6 @@
+Gem::Specification.new do |spec|
+  spec.name          = "inspec-parallel"
+  spec.summary       = "Plugin to handle parallel InSpec scan operations over multiple targets"
+  spec.description   = ""
+  spec.license       = "Apache-2.0"
+end

data/lib/plugins/inspec-parallel/lib/inspec-parallel/child_status_reporter.rb

@@ -0,0 +1,61 @@
+module InspecPlugins::Parallelism
+  class StreamingReporter < Inspec.plugin(2, :streaming_reporter)
+    # Registering these methods with RSpec::Core::Formatters class is mandatory
+    RSpec::Core::Formatters.register self, :example_passed, :example_failed, :example_pending, :close
+
+    def initialize(output)
+      @status_mapping = {}
+      @control_counter = 0
+      initialize_streaming_reporter
+    end
+
+    def example_passed(notification)
+      set_example(notification, "passed")
+    end
+
+    def example_failed(notification)
+      set_example(notification, "failed")
+    end
+
+    def example_pending(notification)
+      set_example(notification, "skipped")
+    end
+
+    def close(notification)
+      # HACK: if we've reached the end of the execution, send a special marker, to ease EOF detection on Windows
+      puts "EOF_MARKER"
+    end
+
+    private
+
+    def set_example(notification, status)
+      control_id = notification.example.metadata[:id]
+      title = notification.example.metadata[:title]
+      set_status_mapping(control_id, status)
+      output_status(control_id, title) if control_ended?(notification, control_id)
+    end
+
+    def output_status(control_id, title)
+      @control_counter += 1
+      stat = @status_mapping[control_id]
+      stat = if stat.include?("failed")
+               "F"
+             else
+               if stat.include?("skipped")
+                 "S"
+               else
+                 stat.include?("passed") ? "P" : "E"
+               end
+             end
+      display_name = title.gsub(/\n*\s+/, " ").to_s.force_encoding(Encoding::UTF_8) if title
+      display_name = control_id.to_s.lstrip.force_encoding(Encoding::UTF_8) unless title
+
+      puts "#{@control_counter}/#{stat}/#{controls_count}/#{display_name}"
+    end
+
+    def set_status_mapping(control_id, status)
+      @status_mapping[control_id] ||= []
+      @status_mapping[control_id].push(status)
+    end
+  end
+end

data/lib/plugins/inspec-parallel/lib/inspec-parallel/cli.rb

@@ -0,0 +1,39 @@
+require_relative "command"
+require "inspec/dist"
+require "inspec/base_cli"
+require "inspec/feature"
+
+module InspecPlugins::Parallelism
+  class CLI < Inspec.plugin(2, :cli_command)
+    include Inspec::Dist
+
+    subcommand_desc "parallel SUBCOMMAND [options]", "Runs #{PRODUCT_NAME} operations parallely"
+
+    desc "exec", "Executes profile parallely"
+    option :option_file, aliases: :o, type: :string, required: true,
+      desc: "File that contains list of option strings"
+    option :dry_run, type: :boolean,
+      desc: "Print commands that will run"
+    option :verbose, type: :boolean,
+      desc: "Prints all thor options on dry run"
+    option :jobs, aliases: :j, type: :numeric,
+      desc: "Number of jobs to run parallely"
+    option :ui, type: :string, default: "status",
+      desc: "Which UI to use: status, text, silent"
+    option :bg, type: :boolean,
+      desc: "Runs parallel processes in background"
+    option :log_path, type: :string,
+      desc: "Path to the runner and error logs"
+    exec_options
+    def exec(default_profile = nil)
+      Inspec.with_feature("inspec-cli-parallel-exec") {
+        parallel_cmd = InspecPlugins::Parallelism::Command.new(options, default_profile)
+        if options[:dry_run]
+          parallel_cmd.dry_run
+        else
+          parallel_cmd.run
+        end
+      }
+    end
+  end
+end

data/lib/plugins/inspec-parallel/lib/inspec-parallel/command.rb

@@ -0,0 +1,219 @@
+require_relative "runner"
+require_relative "validator"
+require "erb" unless defined?(Erb)
+
+module InspecPlugins
+  module Parallelism
+
+    class OptionFileNotReadable < RuntimeError
+    end
+
+    class Command
+      attr_accessor :cli_options_to_parallel_cmd, :default_profile, :sub_cmd, :invocations, :run_in_background
+
+      def initialize(cli_options_to_parallel_cmd, default_profile, sub_cmd = "exec")
+        @default_profile = default_profile
+        @cli_options_to_parallel_cmd = cli_options_to_parallel_cmd
+        @sub_cmd = sub_cmd
+        @logger  = Inspec::Log
+        @invocations = read_options_file
+        @run_in_background = cli_options_to_parallel_cmd["bg"]
+      end
+
+      def run
+        validate_thor_options
+        validate_invocations!
+        runner = Runner.new(invocations, cli_options_to_parallel_cmd, sub_cmd)
+        catch_ctl_c_and_exit(runner) unless run_in_background
+        runner.run
+      end
+
+      def dry_run
+        validate_invocations!
+        dry_run_commands
+      end
+
+      private
+
+      def catch_ctl_c_and_exit(runner)
+        puts "Press CTL+C to stop\n"
+        trap("SIGINT") do
+          puts "\n"
+          puts "Shutting down jobs..."
+          if Inspec.locally_windows?
+            runner.kill_child_processes
+            sleep 1
+            puts "Renaming error log files..."
+            runner.rename_error_log_files
+          end
+          exit Inspec::UI::EXIT_TERMINATED_BY_CTL_C
+        end
+      end
+
+      def validate_thor_options
+        # only log path validation needed for now
+        validate_log_path
+      end
+
+      def validate_log_path
+        error, message = Validator.new(invocations, cli_options_to_parallel_cmd, sub_cmd).validate_log_path
+        if error
+          @logger.error message
+          Inspec::UI.new.exit(:usage_error)
+        end
+      end
+
+      def validate_invocations!
+        # Validation logic stays in Validator class...
+        Validator.new(invocations, cli_options_to_parallel_cmd, sub_cmd).validate
+        # UI logic stays in Command class.
+        valid = true
+        invocations.each do |invocation_data|
+          invocation_data[:validation_errors].each do |error_message|
+            valid = false
+            @logger.error "Line #{invocation_data[:line_no]}: " + error_message
+          end
+        end
+        unless valid
+          @logger.error "Please fix the options to proceed further."
+          Inspec::UI.new.exit(:usage_error)
+        end
+      end
+
+      def dry_run_commands
+        invocations.each do |invocation_data|
+          puts "inspec #{sub_cmd} #{invocation_data[:value]}"
+        end
+      end
+
+      ## Utility functions
+
+      def read_options_file
+        opts = []
+        begin
+          content = content_from_file(cli_options_to_parallel_cmd[:option_file])
+        rescue OptionFileNotReadable => e
+          @logger.error "Cannot read options file: #{e.message}"
+          Inspec::UI.new.exit(:usage_error)
+        end
+        content.each.with_index(1) do |str, index|
+          data_hash = { line_no: index }
+          str = ERB.new(str).result_with_hash(pid: "CHILD_PID").strip
+          str_has_comment = str.start_with?("#")
+          next if str.empty? || str_has_comment
+
+          default_options = fetch_default_options(str.split(" ")).lstrip
+          if str.start_with?("-")
+            data_hash[:value] = "#{default_profile} #{str} #{default_options}"
+          else
+            data_hash[:value] = "#{str} #{default_options}"
+          end
+          opts << data_hash
+        end
+        opts
+      end
+
+      def content_from_file(option_file)
+        if File.exist?(option_file)
+          unless [".sh", ".csh", ".ps1"].include? File.extname(option_file)
+            File.readlines(option_file)
+          else
+            if Inspec.locally_windows? && (File.extname(option_file) == ".ps1")
+              begin
+                output = `powershell -File "#{option_file}"`
+                output.split("\n")
+              rescue StandardError => e
+                raise OptionFileNotReadable.new("Error reading powershell file #{option_file}: #{e.message}")
+              end
+            elsif [".sh", ".csh"].include? File.extname(option_file)
+              begin
+                output = `bash "#{option_file}"`
+                output.split("\n")
+              rescue StandardError => e
+                raise OptionFileNotReadable.new("Error reading shell file #{option_file}: #{e.message}")
+              end
+            else
+              raise OptionFileNotReadable.new("Powershell not supported in your system.")
+            end
+          end
+        else
+          raise OptionFileNotReadable.new("Option file not found.")
+        end
+      end
+
+      # this must return empty string or default option string which are not part of option file
+      def fetch_default_options(option_line)
+        option_line = option_line.select { |word| word.start_with?("-") }
+
+        # remove prefixes from the options to compare with default options
+        option_line.map! do |option_key|
+          option_key.gsub(options_prefix(option_key), "").gsub("-", "_")
+        end
+
+        default_opts = ""
+        # iterate through the parallel cli default options and append the option and value which are not present in option file
+        parallel_cmd_default_cli_options.each do |cmd|
+          if cmd.is_a? String
+            append_default_value(default_opts, cmd) unless option_line.include?(cmd)
+          elsif cmd.is_a? Array
+            if !option_line.include?(cmd[0]) && !option_line.include?(cmd[1])
+              append_default_value(default_opts, cmd[0])
+            end
+          end
+        end
+        default_opts
+      end
+
+      # returns array of default options of the subcommand
+      def parallel_cmd_default_cli_options
+        sub_cmd_opts = Inspec::InspecCLI.commands[sub_cmd].options
+        parallel_cmd_default_opts = cli_options_to_parallel_cmd.keys & sub_cmd_opts.keys.map(&:to_s)
+        options_to_append = parallel_cmd_default_opts
+
+        if cli_options_to_parallel_cmd["dry_run"] && !cli_options_to_parallel_cmd["verbose"]
+          # to not show thor default options of inspec commands in dry run
+          sub_cmd_opts_with_defaults = fetch_sub_cmd_default_options(sub_cmd_opts)
+          options_to_append -= sub_cmd_opts_with_defaults
+        end
+
+        default_opts_to_append = []
+
+        # append the options and its aliases if available.
+        options_to_append.each do |option_name|
+          opt_alias = sub_cmd_opts[option_name.to_sym].aliases
+          if opt_alias.empty?
+            default_opts_to_append << option_name
+          else
+            default_opts_to_append << [option_name, opt_alias[0].to_s]
+          end
+        end
+        default_opts_to_append
+      end
+
+      def append_default_value(default_opts, command_name)
+        default_value = cli_options_to_parallel_cmd[command_name.to_sym]
+        default_value = default_value.join(" ") if default_value.is_a? Array
+        default_opts << " --#{command_name.gsub("_", "-")} #{default_value}"
+      end
+
+      def options_prefix(option_name)
+        if option_name.start_with?("--")
+          option_name.start_with?("--no-") ? "--no-" : "--"
+        else
+          "-"
+        end
+      end
+
+      def fetch_sub_cmd_default_options(sub_cmd_opts)
+        default_options_to_remove = []
+        sub_cmd_opts_with_defaults = sub_cmd_opts.select { |_, c| !c.default.nil? }.keys.map(&:to_s)
+        sub_cmd_opts_with_defaults.each do |default_opt_name|
+          if sub_cmd_opts[default_opt_name.to_sym].default == cli_options_to_parallel_cmd[default_opt_name]
+            default_options_to_remove << default_opt_name
+          end
+        end
+        default_options_to_remove
+      end
+    end
+  end
+end