inspec-core 5.23.6 → 5.24.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +8 -13
- data/inspec-core.gemspec +3 -3
- data/lib/inspec/archive/tar.rb +1 -0
- data/lib/inspec/file_provider.rb +1 -0
- data/lib/inspec/resources/oracledb_session.rb +63 -8
- data/lib/inspec/version.rb +1 -1
- metadata +10 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 786e3d95992223676c73b03e4fabae1aa5d1700b274c8870fb557e0ed54c8308
|
|
4
|
+
data.tar.gz: 6b8adfc8bd4e8a133b4b63e79a2cfc4bf94f32535a31849d6a56bee08dba8d47
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e93a90a68347246a6e39c9eabaed0bcdc4a473c9f9a9dd65906d48ff228bb9099abaf6693a5727df1aa59fb0be9f9c8a4c8f602c9282d15c958ab452042514b2
|
|
7
|
+
data.tar.gz: d86cd0720240d5d3844e294dd90465e0480b72dd9019cdd52af908728ecb395d7f1162029ea510b2083d6dba190e7222ee2feccec5f3fbf1aa837e33f82f6e9c
|
data/Gemfile
CHANGED
|
@@ -27,6 +27,8 @@ group :omnibus do
|
|
|
27
27
|
gem "appbundler"
|
|
28
28
|
gem "ed25519" # ed25519 ssh key support done here as its a native gem we can't put in the gemspec
|
|
29
29
|
gem "bcrypt_pbkdf" # ed25519 ssh key support done here as its a native gem we can't put in the gemspec
|
|
30
|
+
# pinning at < 0.6, 0.6 requires ruby 3.2+, InSpec5 does not support Ruby 3.2
|
|
31
|
+
gem "net-imap", ">= 0.2.5", "< 0.6"
|
|
30
32
|
end
|
|
31
33
|
|
|
32
34
|
group :test do
|
|
@@ -34,13 +36,12 @@ group :test do
|
|
|
34
36
|
gem "concurrent-ruby"
|
|
35
37
|
gem "json_schemer"
|
|
36
38
|
gem "m"
|
|
37
|
-
|
|
39
|
+
# 1.4.0+ requires min ruby 3.2, InSpec5 does not support Ruby 3.2
|
|
40
|
+
gem "minitest-sprint", "~> 1.3.0" , "< 1.4.0"
|
|
38
41
|
gem "minitest", "5.15.0"
|
|
39
42
|
gem "mocha"
|
|
40
|
-
# Pinning this version as it breaking for ruby 3.1.0
|
|
41
43
|
gem "nokogiri", "< 1.17.2"
|
|
42
|
-
|
|
43
|
-
gem "pry-byebug", "< 3.12.0"
|
|
44
|
+
gem "pry-byebug"
|
|
44
45
|
gem "pry"
|
|
45
46
|
gem "rake"
|
|
46
47
|
gem "simplecov"
|
|
@@ -49,7 +50,7 @@ group :test do
|
|
|
49
50
|
gem "signet", "< 0.22.0" # 0.20.0+ requires min ruby 3.1
|
|
50
51
|
# Pinning to 1.15 as multi_json 1.16 require ruby 3.2 version
|
|
51
52
|
# Ref: https://buildkite.com/chef-oss/inspec-inspec-inspec-5-verify/builds/647#019808ca-087b-43bc-b1f9-40a36f59c5f4
|
|
52
|
-
gem "multi_json", "~> 1.
|
|
53
|
+
gem "multi_json", "~> 1.18.0"
|
|
53
54
|
end
|
|
54
55
|
|
|
55
56
|
group :deploy do
|
|
@@ -64,11 +65,5 @@ end
|
|
|
64
65
|
# Remove this pin when upgrading to Ruby 3.2 or higher.
|
|
65
66
|
gem "zeitwerk", "~> 2.6.0", "< 2.7"
|
|
66
67
|
|
|
67
|
-
# Pinning
|
|
68
|
-
gem "
|
|
69
|
-
gem "dry-core", "> 1.0.0", "< 1.1.0" if RUBY_VERSION < "3.1.0"
|
|
70
|
-
gem "dry-inflector", "<= 1.1.0" if RUBY_VERSION < "3.1.0"
|
|
71
|
-
|
|
72
|
-
# Pinning securerandom to < 0.4.0 as it is breaking the build because 0.4.0 is incompatible with the current version, ruby 3.0.x on CI
|
|
73
|
-
# Remove this pin when upgrading to Ruby 3.1 or higher on CI.
|
|
74
|
-
gem "securerandom", "< 0.4.0" if RUBY_VERSION < "3.1.0"
|
|
68
|
+
# Pinning connection_pool to < 3.0.0 as 3.0.0+ requires Ruby >= 3.2.0
|
|
69
|
+
gem "connection_pool", ">= 2.5", "< 3.0"
|
data/inspec-core.gemspec
CHANGED
|
@@ -43,7 +43,8 @@ Gem::Specification.new do |spec|
|
|
|
43
43
|
spec.add_dependency "tty-table", "~> 0.10"
|
|
44
44
|
spec.add_dependency "tty-prompt", "~> 0.17"
|
|
45
45
|
spec.add_dependency "tomlrb", ">= 1.2", "< 2.1"
|
|
46
|
-
|
|
46
|
+
# Pinning to < 2.8.8 because public_suffix 7.0 requires Ruby 3.2 or higher, InSpec5 does not support Ruby 3.2
|
|
47
|
+
spec.add_dependency "addressable", "< 2.8.8"
|
|
47
48
|
spec.add_dependency "parslet", ">= 1.5", "< 3.0" # Pinned < 2.0, see #5389
|
|
48
49
|
spec.add_dependency "semverse", "~> 3.0"
|
|
49
50
|
spec.add_dependency "multipart-post", "~> 2.0"
|
|
@@ -53,6 +54,5 @@ Gem::Specification.new do |spec|
|
|
|
53
54
|
# However, it has been moved to 'inspec-core.gemspec' due to a dependency on the 'ast' gem,
|
|
54
55
|
# which was causing a LoadError ('cannot load such file -- ast') for users/applications using 'inspec-core'.
|
|
55
56
|
spec.add_dependency "cookstyle"
|
|
56
|
-
|
|
57
|
-
spec.add_dependency "train-core", "~> 3.13", ">= 3.13.4"
|
|
57
|
+
spec.add_dependency "train-core", "~> 3.16", ">= 3.16.1"
|
|
58
58
|
end
|
data/lib/inspec/archive/tar.rb
CHANGED
data/lib/inspec/file_provider.rb
CHANGED
|
@@ -13,14 +13,29 @@ module Inspec::Resources
|
|
|
13
13
|
supports platform: "windows"
|
|
14
14
|
desc "Use the oracledb_session InSpec resource to test commands against an Oracle database"
|
|
15
15
|
example <<~EXAMPLE
|
|
16
|
+
# Using password
|
|
16
17
|
sql = oracledb_session(user: 'my_user', pass: 'password')
|
|
17
18
|
describe sql.query(\"SELECT UPPER(VALUE) AS VALUE FROM V$PARAMETER WHERE UPPER(NAME)='AUDIT_SYS_OPERATIONS'\").row(0).column('value') do
|
|
18
19
|
its('value') { should eq 'TRUE' }
|
|
19
20
|
end
|
|
21
|
+
|
|
22
|
+
# CHEF-28019: Using TNS alias (recommended for TCPS/SSL connections)
|
|
23
|
+
sql = oracledb_session(
|
|
24
|
+
user: 'my_user',
|
|
25
|
+
password: 'password',
|
|
26
|
+
tns_alias: 'MYDB_TCPS',
|
|
27
|
+
env: {
|
|
28
|
+
'TNS_ADMIN' => '/path/to/tnsnames',
|
|
29
|
+
'LD_LIBRARY_PATH' => '/opt/oracle/instantclient'
|
|
30
|
+
}
|
|
31
|
+
)
|
|
32
|
+
describe sql.query('SELECT * FROM dual').row(0).column('dummy') do
|
|
33
|
+
its('value') { should eq 'X' }
|
|
34
|
+
end
|
|
20
35
|
EXAMPLE
|
|
21
36
|
|
|
22
37
|
attr_reader :bin, :db_role, :host, :password, :port, :service,
|
|
23
|
-
:su_user, :user
|
|
38
|
+
:su_user, :user, :tns_alias, :env_vars
|
|
24
39
|
|
|
25
40
|
def initialize(opts = {})
|
|
26
41
|
@user = opts[:user]
|
|
@@ -37,6 +52,11 @@ module Inspec::Resources
|
|
|
37
52
|
@db_role = opts[:as_db_role]
|
|
38
53
|
@sqlcl_bin = opts[:sqlcl_bin] || nil
|
|
39
54
|
@sqlplus_bin = opts[:sqlplus_bin] || "sqlplus"
|
|
55
|
+
|
|
56
|
+
# CHEF-28019: Support for TNS alias and environment variables
|
|
57
|
+
@tns_alias = opts[:tns_alias]
|
|
58
|
+
@env_vars = opts[:env] || {}
|
|
59
|
+
|
|
40
60
|
skip_resource "Option 'as_os_user' not available in Windows" if inspec.os.windows? && su_user
|
|
41
61
|
fail_resource "Can't run Oracle checks without authentication" unless su_user || (user || password)
|
|
42
62
|
end
|
|
@@ -77,8 +97,10 @@ module Inspec::Resources
|
|
|
77
97
|
end
|
|
78
98
|
|
|
79
99
|
def resource_id
|
|
80
|
-
if @
|
|
81
|
-
"#{@
|
|
100
|
+
if @tns_alias && !@tns_alias.empty?
|
|
101
|
+
"#{@tns_alias}-#{@user}" # e.g., "XEPDB1_TCPS-USER"
|
|
102
|
+
elsif @user
|
|
103
|
+
"#{@host}-#{@port}-#{@user}" # e.g., "localhost-1521-USER"
|
|
82
104
|
elsif @su_user
|
|
83
105
|
"#{@host}-#{@port}-#{@su_user}"
|
|
84
106
|
else
|
|
@@ -88,10 +110,9 @@ module Inspec::Resources
|
|
|
88
110
|
|
|
89
111
|
private
|
|
90
112
|
|
|
91
|
-
#
|
|
92
|
-
# regular user
|
|
93
|
-
#
|
|
94
|
-
# su, using a db_role
|
|
113
|
+
# CHEF-28019: Build command with support for TNS alias and environment variables
|
|
114
|
+
# Existing behavior: regular user/password, using db_role, or su with db_role
|
|
115
|
+
# Added New behavior: TNS alias connections with optional env vars
|
|
95
116
|
def command_builder(format_options, query)
|
|
96
117
|
if @db_role.nil? || @su_user.nil?
|
|
97
118
|
verified_query = verify_query(query)
|
|
@@ -116,7 +137,11 @@ module Inspec::Resources
|
|
|
116
137
|
sql_postfix = %{ <<'EOC'\n#{format_options}\n#{verified_query}\nEXIT\n'EOC'} if shell_is_csh
|
|
117
138
|
end
|
|
118
139
|
|
|
119
|
-
|
|
140
|
+
# CHEF-28019: New path for TNS alias connections
|
|
141
|
+
if @tns_alias && !@tns_alias.to_s.empty?
|
|
142
|
+
build_tns_command(format_options, verified_query, oracle_echo_str)
|
|
143
|
+
# Original paths preserved
|
|
144
|
+
elsif @db_role.nil?
|
|
120
145
|
%{#{oracle_echo_str}#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service}#{sql_postfix}}
|
|
121
146
|
elsif @su_user.nil?
|
|
122
147
|
%{#{oracle_echo_str}#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service} as #{@db_role}#{sql_postfix}}
|
|
@@ -153,5 +178,35 @@ module Inspec::Resources
|
|
|
153
178
|
Hashie::Mash.new([revised_row].to_h)
|
|
154
179
|
end
|
|
155
180
|
end
|
|
181
|
+
|
|
182
|
+
# CHEF-28019: Build TNS alias command with environment variables
|
|
183
|
+
def build_tns_command(format_options, verified_query, oracle_echo_str)
|
|
184
|
+
env_prefix = build_env_prefix
|
|
185
|
+
connect_string = build_connect_string
|
|
186
|
+
heredoc_content = "connect #{connect_string}\n#{format_options}\n#{verified_query}\nEXIT"
|
|
187
|
+
|
|
188
|
+
if @su_user
|
|
189
|
+
cmd = %{su - #{@su_user} -c "#{oracle_echo_str} #{env_prefix} #{@bin} -s /nolog <<'INSPECSQL'\n#{heredoc_content}\nINSPECSQL"}
|
|
190
|
+
else
|
|
191
|
+
cmd = %{#{oracle_echo_str}#{bin} -s /nolog <<'INSPECSQL'\n#{heredoc_content}\nINSPECSQL}
|
|
192
|
+
cmd = "#{env_prefix} #{cmd}" unless env_prefix.empty?
|
|
193
|
+
end
|
|
194
|
+
|
|
195
|
+
cmd
|
|
196
|
+
end
|
|
197
|
+
|
|
198
|
+
# CHEF-28019: Build Oracle connect string for TNS alias
|
|
199
|
+
def build_connect_string
|
|
200
|
+
connect_str = "#{@user}/#{@password}@#{@tns_alias}"
|
|
201
|
+
connect_str += " as #{@db_role}" if @db_role && !@su_user
|
|
202
|
+
connect_str
|
|
203
|
+
end
|
|
204
|
+
|
|
205
|
+
# CHEF-28019: Build environment variable prefix
|
|
206
|
+
def build_env_prefix
|
|
207
|
+
return "" if @env_vars.nil? || @env_vars.empty?
|
|
208
|
+
|
|
209
|
+
@env_vars.map { |k, v| "#{k}='#{v}'" }.join(" ")
|
|
210
|
+
end
|
|
156
211
|
end
|
|
157
212
|
end
|
data/lib/inspec/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: inspec-core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.
|
|
4
|
+
version: 5.24.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chef InSpec Team
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2026-01-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: chef-telemetry
|
|
@@ -318,16 +318,16 @@ dependencies:
|
|
|
318
318
|
name: addressable
|
|
319
319
|
requirement: !ruby/object:Gem::Requirement
|
|
320
320
|
requirements:
|
|
321
|
-
- - "
|
|
321
|
+
- - "<"
|
|
322
322
|
- !ruby/object:Gem::Version
|
|
323
|
-
version:
|
|
323
|
+
version: 2.8.8
|
|
324
324
|
type: :runtime
|
|
325
325
|
prerelease: false
|
|
326
326
|
version_requirements: !ruby/object:Gem::Requirement
|
|
327
327
|
requirements:
|
|
328
|
-
- - "
|
|
328
|
+
- - "<"
|
|
329
329
|
- !ruby/object:Gem::Version
|
|
330
|
-
version:
|
|
330
|
+
version: 2.8.8
|
|
331
331
|
- !ruby/object:Gem::Dependency
|
|
332
332
|
name: parslet
|
|
333
333
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -396,20 +396,20 @@ dependencies:
|
|
|
396
396
|
requirements:
|
|
397
397
|
- - "~>"
|
|
398
398
|
- !ruby/object:Gem::Version
|
|
399
|
-
version: '3.
|
|
399
|
+
version: '3.16'
|
|
400
400
|
- - ">="
|
|
401
401
|
- !ruby/object:Gem::Version
|
|
402
|
-
version: 3.
|
|
402
|
+
version: 3.16.1
|
|
403
403
|
type: :runtime
|
|
404
404
|
prerelease: false
|
|
405
405
|
version_requirements: !ruby/object:Gem::Requirement
|
|
406
406
|
requirements:
|
|
407
407
|
- - "~>"
|
|
408
408
|
- !ruby/object:Gem::Version
|
|
409
|
-
version: '3.
|
|
409
|
+
version: '3.16'
|
|
410
410
|
- - ">="
|
|
411
411
|
- !ruby/object:Gem::Version
|
|
412
|
-
version: 3.
|
|
412
|
+
version: 3.16.1
|
|
413
413
|
description: InSpec provides a framework for creating end-to-end infrastructure tests.
|
|
414
414
|
You can use it for integration or even compliance testing. Create fully portable
|
|
415
415
|
test profiles and use them in your workflow to ensure stability and security. Integrate
|