inspec-core 5.24.7 → 6.6.0

data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb

@@ -1,6 +1,7 @@
 require "inspec/dist"
 
 require_relative "api"
+require "inspec/feature"
 
 module InspecPlugins
   module Compliance
@@ -32,90 +33,102 @@ module InspecPlugins
       option :ent, type: :string, required: false,
         desc: "Enterprise for #{AUTOMATE_PRODUCT_NAME} reporting (#{AUTOMATE_PRODUCT_NAME} Only)"
       def login(server)
-        options["server"] = server
-        login_response = InspecPlugins::Compliance::API.login(options)
-        puts login_response
+        Inspec.with_feature("inspec-cli-compliance-login") {
+          options["server"] = server
+          login_response = InspecPlugins::Compliance::API.login(options)
+          puts login_response
+        }
       end
 
       desc "profiles", "list all available profiles in #{AUTOMATE_PRODUCT_NAME}"
       option :owner, type: :string, required: false,
         desc: "owner whose profiles to list"
       def profiles
-        config = InspecPlugins::Compliance::Configuration.new
-        return unless loggedin(config)
-
-        # set owner to config
-        config["owner"] = options["owner"] || config["user"]
-
-        msg, profiles = InspecPlugins::Compliance::API.profiles(config)
-        profiles.sort_by! { |hsh| hsh["title"] }
-        if !profiles.empty?
-          # iterate over profiles
-          headline("Available profiles:")
-          profiles.each do |profile|
-            owner = profile["owner_id"] || profile["owner"]
-            li("#{profile["title"]} v#{profile["version"]} (#{mark_text(owner + "/" + profile["name"])})")
+        Inspec.with_feature("inspec-cli-compliance-profiles") {
+          begin
+            config = InspecPlugins::Compliance::Configuration.new
+            return unless loggedin(config)
+
+            # set owner to config
+            config["owner"] = options["owner"] || config["user"]
+
+            msg, profiles = InspecPlugins::Compliance::API.profiles(config)
+            profiles.sort_by! { |hsh| hsh["title"] }
+            if !profiles.empty?
+              # iterate over profiles
+              headline("Available profiles:")
+              profiles.each do |profile|
+                owner = profile["owner_id"] || profile["owner"]
+                li("#{profile["title"]} v#{profile["version"]} (#{mark_text(owner + "/" + profile["name"])})")
+              end
+            else
+              puts msg if msg != "success"
+              puts "Could not find any profiles"
+              exit 1
+            end
+          rescue InspecPlugins::Compliance::ServerConfigurationMissing
+            $stderr.puts "\nServer configuration information is missing. Please login using `#{EXEC_NAME} #{subcommand_name} login`"
+            exit 1
           end
-        else
-          puts msg if msg != "success"
-          puts "Could not find any profiles"
-          exit 1
-        end
-      rescue InspecPlugins::Compliance::ServerConfigurationMissing
-        $stderr.puts "\nServer configuration information is missing. Please login using `#{EXEC_NAME} #{subcommand_name} login`"
-        exit 1
+        }
       end
 
       desc "exec PROFILE", "executes a #{AUTOMATE_PRODUCT_NAME} profile"
       exec_options
       def exec(*tests)
-        compliance_config = InspecPlugins::Compliance::Configuration.new
-        return unless loggedin(compliance_config)
+        Inspec.with_feature("inspec-cli-compliance-exec") {
+          begin
+            compliance_config = InspecPlugins::Compliance::Configuration.new
+            return unless loggedin(compliance_config)
 
-        o = config # o is an Inspec::Config object, provided by a helper method from Inspec::BaseCLI
-        diagnose(o)
-        configure_logger(o)
+            o = config # o is an Inspec::Config object, provided by a helper method from Inspec::BaseCLI
+            diagnose(o)
+            configure_logger(o)
 
-        # iterate over tests and add compliance scheme
-        tests = tests.map { |t| "compliance://" + InspecPlugins::Compliance::API.sanitize_profile_name(t) }
+            # iterate over tests and add compliance scheme
+            tests = tests.map { |t| "compliance://" + InspecPlugins::Compliance::API.sanitize_profile_name(t) }
 
-        runner = Inspec::Runner.new(o)
-        tests.each { |target| runner.add_target(target) }
+            runner = Inspec::Runner.new(o)
+            tests.each { |target| runner.add_target(target) }
 
-        exit runner.run
-      rescue ArgumentError, RuntimeError, Train::UserError => e
-        $stderr.puts e.message
-        exit 1
+            exit runner.run
+          rescue ArgumentError, RuntimeError, Train::UserError => e
+            $stderr.puts e.message
+            exit 1
+          end
+        }
       end
 
       desc "download PROFILE", "downloads a profile from #{AUTOMATE_PRODUCT_NAME}"
       option :name, type: :string,
         desc: "Name of the archive filename (file type will be added)"
       def download(profile_name)
-        o = options.dup
-        configure_logger(o)
-
-        config = InspecPlugins::Compliance::Configuration.new
-        return unless loggedin(config)
-
-        profile_name = InspecPlugins::Compliance::API.sanitize_profile_name(profile_name)
-        if InspecPlugins::Compliance::API.exist?(config, profile_name)
-          puts "Downloading `#{profile_name}`"
-
-          fetcher = InspecPlugins::Compliance::Fetcher.resolve(
-            {
-              compliance: profile_name,
-            }
-          )
-
-          # we provide a name, the fetcher adds the extension
-          _owner, id = profile_name.split("/")
-          file_name = fetcher.fetch(o.name || id)
-          puts "Profile stored to #{file_name}"
-        else
-          puts "Profile #{profile_name} is not available in #{AUTOMATE_PRODUCT_NAME}."
-          exit 1
-        end
+        Inspec.with_feature("inspec-cli-compliance-download") {
+          o = options.dup
+          configure_logger(o)
+
+          config = InspecPlugins::Compliance::Configuration.new
+          return unless loggedin(config)
+
+          profile_name = InspecPlugins::Compliance::API.sanitize_profile_name(profile_name)
+          if InspecPlugins::Compliance::API.exist?(config, profile_name)
+            puts "Downloading `#{profile_name}`"
+
+            fetcher = InspecPlugins::Compliance::Fetcher.resolve(
+              {
+                compliance: profile_name,
+              }
+            )
+
+            # we provide a name, the fetcher adds the extension
+            _owner, id = profile_name.split("/")
+            file_name = fetcher.fetch(o.name || id)
+            puts "Profile stored to #{file_name}"
+          else
+            puts "Profile #{profile_name} is not available in #{AUTOMATE_PRODUCT_NAME}."
+            exit 1
+          end
+        }
       end
 
       desc "upload PATH", "uploads a local profile to #{AUTOMATE_PRODUCT_NAME}"
@@ -123,132 +136,138 @@ module InspecPlugins
         desc: "Overwrite existing profile on Server."
       option :owner, type: :string, required: false,
         desc: "Owner that should own the profile"
-      option :legacy, type: :boolean, default: false,
-        desc: "Enable legacy functionality, activating both legacy export and legacy check."
       def upload(path) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity
-        config = InspecPlugins::Compliance::Configuration.new
-        return unless loggedin(config)
+        Inspec.with_feature("inspec-cli-compliance-upload") {
+          config = InspecPlugins::Compliance::Configuration.new
+          return unless loggedin(config)
 
-        # set owner to config
-        config["owner"] = options["owner"] || config["user"]
+          # set owner to config
+          config["owner"] = options["owner"] || config["user"]
 
-        unless File.exist?(path)
-          puts "Directory #{path} does not exist."
-          exit 1
-        end
+          unless File.exist?(path)
+            puts "Directory #{path} does not exist."
+            exit 1
+          end
 
-        vendor_deps(path, options) if File.directory?(path)
+          vendor_deps(path, options) if File.directory?(path)
 
-        o = options.dup
-        configure_logger(o)
+          o = options.dup
+          configure_logger(o)
 
-        # only run against the mock backend, otherwise we run against the local system
-        o[:backend] = Inspec::Backend.create(Inspec::Config.mock)
-        o[:check_mode] = true
-        o[:vendor_cache] = Inspec::Cache.new(o[:vendor_cache])
+          # only run against the mock backend, otherwise we run against the local system
+          o[:backend] = Inspec::Backend.create(Inspec::Config.mock)
+          o[:check_mode] = true
+          o[:vendor_cache] = Inspec::Cache.new(o[:vendor_cache])
 
-        # check the profile, we only allow to upload valid profiles
-        profile = Inspec::Profile.for_target(path, o)
+          # check the profile, we only allow to upload valid profiles
+          profile = Inspec::Profile.for_target(path, o)
 
-        # start verification process
-        error_count = 0
-        error = lambda { |msg|
-          error_count += 1
-          puts msg
-        }
+          # start verification process
+          error_count = 0
+          error = lambda { |msg|
+            error_count += 1
+            puts msg
+          }
 
-        result = options["legacy"] ? profile.legacy_check : profile.check
-        unless result[:summary][:valid]
-          error.call("Profile check failed. Please fix the profile before upload.")
-        else
-          puts("Profile is valid")
-        end
-
-        # determine user information
-        if (config["token"].nil? && config["refresh_token"].nil?) || config["user"].nil?
-          error.call("Please login via `#{EXEC_NAME} #{subcommand_name} login`")
-        end
-
-        # read profile name from inspec.yml
-        profile_name = profile.name
-
-        # read profile version from inspec.yml
-        profile_version = profile.version
-
-        # check that the profile is not uploaded already,
-        # confirm upload to the user (overwrite with --force)
-        if InspecPlugins::Compliance::API.exist?(config, "#{config["owner"]}/#{profile_name}##{profile_version}") && !options["overwrite"]
-          error.call("Profile exists on the server, use --overwrite")
-        end
-
-        # abort if we found an error
-        if error_count > 0
-          puts "Found #{error_count} error(s)"
-          exit 1
-        end
-
-        # if it is a directory, tar it to tmp directory
-        generated = false
-        if File.directory?(path)
-          generated = true
-          archive_path = Dir::Tmpname.create([profile_name, ".tar.gz"]) {}
-          puts "Generate temporary profile archive at #{archive_path}"
-          profile.archive({ output: archive_path, ignore_errors: false, overwrite: true, legacy_export: options["legacy"] })
-        else
-          archive_path = path
-        end
-
-        puts "Start upload to #{config["owner"]}/#{profile_name}"
-        pname = ERB::Util.url_encode(profile_name)
-
-        puts "Uploading to #{AUTOMATE_PRODUCT_NAME}"
-
-        success, msg = InspecPlugins::Compliance::API.upload(config, config["owner"], pname, archive_path)
-
-        # delete temp file if it was temporary generated
-        File.delete(archive_path) if generated && File.exist?(archive_path)
-
-        if success
-          puts "Successfully uploaded profile"
-        else
-          puts "Error during profile upload:"
-          puts msg
-          exit 1
-        end
+          result = profile.check
+          unless result[:summary][:valid]
+            error.call("Profile check failed. Please fix the profile before upload.")
+          else
+            puts("Profile is valid")
+          end
+
+          # determine user information
+          if (config["token"].nil? && config["refresh_token"].nil?) || config["user"].nil?
+            error.call("Please login via `#{EXEC_NAME} #{subcommand_name} login`")
+          end
+
+          # read profile name from inspec.yml
+          profile_name = profile.name
+
+          # read profile version from inspec.yml
+          profile_version = profile.version
+
+          # check that the profile is not uploaded already,
+          # confirm upload to the user (overwrite with --force)
+          if InspecPlugins::Compliance::API.exist?(config, "#{config["owner"]}/#{profile_name}##{profile_version}") && !options["overwrite"]
+            error.call("Profile exists on the server, use --overwrite")
+          end
+
+          # abort if we found an error
+          if error_count > 0
+            puts "Found #{error_count} error(s)"
+            exit 1
+          end
+
+          # if it is a directory, tar it to tmp directory
+          generated = false
+          if File.directory?(path)
+            generated = true
+            archive_path = Dir::Tmpname.create([profile_name, ".tar.gz"]) {}
+            puts "Generate temporary profile archive at #{archive_path}"
+            profile.archive({ output: archive_path, ignore_errors: false, overwrite: true })
+          else
+            archive_path = path
+          end
+
+          puts "Start upload to #{config["owner"]}/#{profile_name}"
+          pname = ERB::Util.url_encode(profile_name)
+
+          puts "Uploading to #{AUTOMATE_PRODUCT_NAME}"
+
+          success, msg = InspecPlugins::Compliance::API.upload(config, config["owner"], pname, archive_path)
+
+          # delete temp file if it was temporary generated
+          File.delete(archive_path) if generated && File.exist?(archive_path)
+
+          if success
+            puts "Successfully uploaded profile"
+          else
+            puts "Error during profile upload:"
+            puts msg
+            exit 1
+          end
+        }
       end
 
       desc "version", "displays the version of the #{AUTOMATE_PRODUCT_NAME} server"
       def version
-        config = InspecPlugins::Compliance::Configuration.new
-        info = InspecPlugins::Compliance::API.version(config)
-        if !info.nil? && info["build_timestamp"]
-          # key info["api"] is not longer available in latest version api response
-          puts "Name: automate"
-          puts "Version: #{info["build_timestamp"]}"
-        else
-          puts "Could not determine server version."
-          exit 1
-        end
-      rescue InspecPlugins::Compliance::ServerConfigurationMissing
-        puts "\nServer configuration information is missing. Please login using `#{EXEC_NAME} #{subcommand_name} login`"
-        exit 1
+        Inspec.with_feature("inspec-cli-compliance-version") {
+          begin
+            config = InspecPlugins::Compliance::Configuration.new
+            info = InspecPlugins::Compliance::API.version(config)
+            if !info.nil? && info["build_timestamp"]
+              # key info["api"] is not longer available in latest version api response
+              puts "Name: automate"
+              puts "Version: #{info["build_timestamp"]}"
+            else
+              puts "Could not determine server version."
+              exit 1
+            end
+          rescue InspecPlugins::Compliance::ServerConfigurationMissing
+            puts "\nServer configuration information is missing. Please login using `#{EXEC_NAME} #{subcommand_name} login`"
+            exit 1
+          end
+        }
       end
 
       desc "logout", "user logout from #{AUTOMATE_PRODUCT_NAME}"
       def logout
-        config = InspecPlugins::Compliance::Configuration.new
-        unless config.supported?(:oidc) || config["token"].nil? || config["server_type"] == "automate"
+        Inspec.with_feature("inspec-cli-compliance-logout") {
           config = InspecPlugins::Compliance::Configuration.new
-          url = "#{config["server"]}/logout"
-          InspecPlugins::Compliance::HTTP.post(url, config["token"], config["insecure"], !config.supported?(:oidc))
-        end
-        success = config.destroy
-
-        if success
-          puts "Successfully logged out"
-        else
-          puts "Could not log out"
-        end
+          unless config.supported?(:oidc) || config["token"].nil? || config["server_type"] == "automate"
+            config = InspecPlugins::Compliance::Configuration.new
+            url = "#{config["server"]}/logout"
+            InspecPlugins::Compliance::HTTP.post(url, config["token"], config["insecure"], !config.supported?(:oidc))
+          end
+          success = config.destroy
+
+          if success
+            puts "Successfully logged out"
+          else
+            puts "Could not log out"
+          end
+        }
       end
 
       private

data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb

@@ -1,5 +1,6 @@
 require_relative "profile"
 require "inspec/dist"
+require "inspec/feature"
 
 module InspecPlugins
   module Habitat
@@ -14,17 +15,23 @@ module InspecPlugins
       option :output_dir, type: :string, required: false,
         desc: "Output directory for the Habitat artifact. Default: current directory"
       def create(path = ".")
-        InspecPlugins::Habitat::Profile.new(path, options).create
+        Inspec.with_feature("inspec-cli-habitat-profile-create") {
+          InspecPlugins::Habitat::Profile.new(path, options).create
+        }
       end
 
       desc "setup PATH", "Configure the profile at PATH for Habitat, including a plan and hooks"
       def setup(path = ".")
-        InspecPlugins::Habitat::Profile.new(path, options).setup
+        Inspec.with_feature("inspec-cli-habitat-profile-setup") {
+          InspecPlugins::Habitat::Profile.new(path, options).setup
+        }
       end
 
       desc "upload PATH", "Create then upload a Habitat artifact for the profile found at PATH to the Habitat Builder Depot"
       def upload(path = ".")
-        InspecPlugins::Habitat::Profile.new(path, options).upload
+        Inspec.with_feature("inspec-cli-habitat-profile-upload") {
+          InspecPlugins::Habitat::Profile.new(path, options).upload
+        }
       end
     end
 

data/lib/plugins/inspec-init/lib/inspec-init/cli.rb

@@ -1,5 +1,6 @@
 require "pathname" unless defined?(Pathname)
 require_relative "renderer"
+require "inspec/feature"
 
 module InspecPlugins
   module Init

data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb

@@ -27,33 +27,35 @@ module InspecPlugins
       option :copyright, type: :string, default: nil, desc: "A copyright statement, to be added to LICENSE"
 
       def plugin(plugin_name)
-        plugin_type = determine_plugin_type(plugin_name)
-        snake_case = plugin_name.tr("-", "_")
+        Inspec.with_feature("inspec-cli-init-plugin") {
+          plugin_type = determine_plugin_type(plugin_name)
+          snake_case = plugin_name.tr("-", "_")
 
-        # Handle deprecation of option --hook
-        unless options[:hook].nil?
-          Inspec.deprecate "cli_option_hook"
-          options[:activator] = options.delete(:hook)
-        end
+          # Handle deprecation of option --hook
+          unless options[:hook].nil?
+            Inspec.deprecate "cli_option_hook"
+            options[:activator] = options.delete(:hook)
+          end
 
-        template_vars = {
-          name: plugin_name,
-          plugin_name: plugin_name,
-          snake_case: snake_case,
-        }.merge(plugin_vars_from_opts)
+          template_vars = {
+            name: plugin_name,
+            plugin_name: plugin_name,
+            snake_case: snake_case,
+          }.merge(plugin_vars_from_opts)
 
-        template_path = File.join("plugins", plugin_type + "-plugin-template")
+          template_path = File.join("plugins", plugin_type + "-plugin-template")
 
-        render_opts = {
-          templates_path: TEMPLATES_PATH,
-          overwrite: options[:overwrite],
-          file_rename_map: make_rename_map(plugin_type, plugin_name, snake_case),
-          skip_files: make_skip_list(template_vars["activators"].keys),
-        }
+          render_opts = {
+            templates_path: TEMPLATES_PATH,
+            overwrite: options[:overwrite],
+            file_rename_map: make_rename_map(plugin_type, plugin_name, snake_case),
+            skip_files: make_skip_list(template_vars["activators"].keys),
+          }
 
-        renderer = InspecPlugins::Init::Renderer.new(ui, render_opts)
+          renderer = InspecPlugins::Init::Renderer.new(ui, render_opts)
 
-        renderer.render_with_values(template_path, plugin_type + " plugin", template_vars)
+          renderer.render_with_values(template_path, plugin_type + " plugin", template_vars)
+        }
       end
 
       private

data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb

@@ -25,22 +25,24 @@ module InspecPlugins
       option :overwrite, type: :boolean, default: false,
              desc: "Overwrites existing directory"
       def profile(new_profile_name)
-        unless valid_profile_platforms.include?(options[:platform])
-          ui.error "Unable to generate profile: No template available for platform '#{options[:platform]}' (expected one of: #{valid_profile_platforms.join(", ")})"
-          ui.exit(:usage_error)
-        end
-        template_path = File.join("profiles", options[:platform])
+        Inspec.with_feature("inspec-cli-init-profile") {
+          unless valid_profile_platforms.include?(options[:platform])
+            ui.error "Unable to generate profile: No template available for platform '#{options[:platform]}' (expected one of: #{valid_profile_platforms.join(", ")})"
+            ui.exit(:usage_error)
+          end
+          template_path = File.join("profiles", options[:platform])
 
-        render_opts = {
-          templates_path: TEMPLATES_PATH,
-          overwrite: options[:overwrite],
-        }
-        renderer = InspecPlugins::Init::Renderer.new(ui, render_opts)
+          render_opts = {
+            templates_path: TEMPLATES_PATH,
+            overwrite: options[:overwrite],
+          }
+          renderer = InspecPlugins::Init::Renderer.new(ui, render_opts)
 
-        vars = {
-          name: new_profile_name,
+          vars = {
+            name: new_profile_name,
+          }
+          renderer.render_with_values(template_path, "profile", vars)
         }
-        renderer.render_with_values(template_path, "profile", vars)
       end
     end
   end

data/lib/plugins/inspec-init/lib/inspec-init/cli_resource.rb

@@ -35,21 +35,23 @@ module InspecPlugins
       #  + Add --overwrite option
 
       def resource(resource_name)
-        resource_vars_from_opts_resource
-        template_vars = {
-          name: options[:path], # This is used for the path prefix
-          resource_name: resource_name,
-        }
-        template_vars.merge!(options)
-        template_path = File.join("resources", template_vars["template"])
+        Inspec.with_feature("inspec-cli-init-resource") {
+          resource_vars_from_opts_resource
+          template_vars = {
+            name: options[:path], # This is used for the path prefix
+            resource_name: resource_name,
+          }
+          template_vars.merge!(options)
+          template_path = File.join("resources", template_vars["template"])
 
-        render_opts = {
-          templates_path: TEMPLATES_PATH,
-          overwrite: options[:overwrite],
-          file_rename_map: make_rename_map_resource(template_vars),
+          render_opts = {
+            templates_path: TEMPLATES_PATH,
+            overwrite: options[:overwrite],
+            file_rename_map: make_rename_map_resource(template_vars),
+          }
+          renderer = InspecPlugins::Init::Renderer.new(ui, render_opts)
+          renderer.render_with_values(template_path, "resource", template_vars)
         }
-        renderer = InspecPlugins::Init::Renderer.new(ui, render_opts)
-        renderer.render_with_values(template_path, "resource", template_vars)
       end
 
       private

data/lib/plugins/inspec-license/README.md

@@ -0,0 +1,16 @@
+# License Plugin
+
+## license list
+
+Implements the `inspec license list` CLI command.
+
+## license add
+
+Implements the `inspec license add` CLI command.
+
+### What This Plugin Does
+
+This plugin consists of the following subcommands:
+
+1. `add`: helps to add a new license
+2. `list`: helps to list all the licenses for the current user

data/lib/plugins/inspec-license/inspec-license.gemspec

@@ -0,0 +1,6 @@
+Gem::Specification.new do |spec|
+  spec.name          = "inspec-license"
+  spec.summary       = "Plugin to list user licenses."
+  spec.description   = ""
+  spec.license       = "Apache-2.0"
+end

data/lib/plugins/inspec-license/lib/inspec-license/cli.rb

@@ -0,0 +1,26 @@
+require "chef-licensing"
+module InspecPlugins::License
+  class CLI < Inspec.plugin(2, :cli_command)
+    include Inspec::Dist
+
+    subcommand_desc "license SUBCOMMAND [options]", "Manage #{PRODUCT_NAME} license"
+    desc "list", "List licenses (not applicable to local licensing service)"
+    def list
+      ChefLicensing.list_license_keys_info
+    rescue ChefLicensing::Error => e
+      Inspec::Log.error e.message
+      Inspec::UI.new.exit(Inspec::UI::EXIT_LICENSE_NOT_SET)
+    end
+
+    desc "add", "Add a new license (not applicable to local licensing service)"
+    def add
+      ChefLicensing.add_license
+    rescue ChefLicensing::LicenseKeyFetcher::LicenseKeyAddNotAllowed => e
+      Inspec::Log.error e.message
+      Inspec::UI.new.exit(Inspec::UI::EXIT_LICENSE_NOT_SET)
+    rescue ChefLicensing::Error => e
+      Inspec::Log.error e.message
+      Inspec::UI.new.exit(Inspec::UI::EXIT_LICENSE_NOT_SET)
+    end
+  end
+end