inspec-core 6.8.11 → 7.0.38.beta

data/lib/inspec/resources/mongodb_session.rb

@@ -1,98 +0,0 @@
-require "mongo"
-
-module Inspec::Resources
-  class Lines
-    attr_reader :params
-
-    def initialize(raw, desc, exit_status = nil)
-      @params = raw
-      @desc = desc
-      @exit_status = exit_status
-    end
-
-    def to_s
-      @desc
-    end
-  end
-
-  class MongodbSession < Inspec.resource(1)
-    name "mongodb_session"
-    supports platform: "unix"
-    supports platform: "windows"
-
-    desc "Use the mongodb_session InSpec audit resource to run MongoDB command against a MongoDB Database."
-    example <<~EXAMPLE
-      # default values:
-      # host: "127.0.0.1"
-      # port: "27017"
-      # auth_source - default to database name
-      # auth_mech - :scram
-
-      describe mongodb_session(user: "foo", password: "bar", database: "test").query(usersInfo: "ian").params["users"].first["roles"].first do
-        its(["role"]) { should eq "readWrite" }
-      end
-    EXAMPLE
-    attr_reader :user, :host, :port, :database, :params
-
-    def initialize(opts = {})
-      @user = opts[:user] || nil
-      @password = opts[:password] || nil
-      @host = opts[:host] || "127.0.0.1"
-      @port = opts[:port] || "27017"
-      @database = opts[:database] || nil
-      @auth_mech = opts[:auth_mech] || :scram
-      @auth_source = opts[:auth_source] || @database
-      @ssl = opts[:ssl] || false
-      @ssl_cert = opts[:ssl_cert] || nil
-      @ssl_key = opts[:ssl_key] || nil
-      @ssl_ca_cert = opts[:ssl_ca_cert] || nil
-      @auth_mech_properties = opts[:auth_mech_properties] || {}
-      @client = nil
-
-      fail_resource "Can't run MongoDB checks without authentication." unless user && @password
-      fail_resource "You must provide a database name for the session." unless database
-
-      create_session
-    end
-
-    def query(command)
-      raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?
-
-      Lines.new(@client.command(command).documents.first, "MongoDB query: #{command}")
-    rescue => e
-      raise Inspec::Exceptions::ResourceFailed, "Can't run MongoDB command Error: #{e.message}"
-    end
-
-    def resource_id
-      "mongodb_session:User:#{@user}:Host:#{@host}:Database:#{@database}"
-    end
-
-    private
-
-    def create_session
-      raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?
-
-      options = { user: "#{user}",
-        password: "#{@password}",
-        database: "#{database}",
-        auth_source: "#{@auth_source}",
-        auth_mech: @auth_mech,
-        }
-      options[:auth_mech_properties] = @auth_mech_properties unless @auth_mech_properties.empty?
-      options[:ssl] = @ssl
-      opitons[:ssl_key] = @ssl_key unless @ssl_key.nil?
-      options[:ssl_cert] = @ssl_cert unless @ssl_cert.nil?
-      options[:ssl_ca_cert] = @ssl_ca_cert unless @ssl_ca_cert.nil?
-
-      # Setting the logger level to INFO as mongo gem version 2.13.2 is using DEBUG as the log level Ref: https://github.com/mongodb/mongo-ruby-driver/blob/v2.13.2/lib/mongo/logger.rb#L79
-      # Latest version of the mongo gem don't have this issue as it set to INFO level Ref: https://github.com/mongodb/mongo-ruby-driver/blob/master/lib/mongo/logger.rb#L82
-      # We pinned the version to 2.13.2 as the latest version of the mongo gem has broken symlink https://jira.mongodb.org/browse/RUBY-2546 which causes omnibus build failure.
-      # Once we get the latest version working we can remove logger level set here.
-      Mongo::Logger.logger.level = Logger::INFO
-      @client = Mongo::Client.new([ "#{host}:#{port}" ], options)
-
-    rescue => e
-      raise Inspec::Exceptions::ResourceFailed, "Can't run MongoDB command. Error: #{e.message}"
-    end
-  end
-end

data/lib/inspec/resources/podman.rb

@@ -1,353 +0,0 @@
-require "inspec/resources/command"
-require "inspec/utils/filter"
-require "hashie/mash"
-
-module Inspec::Resources
-  class Podman < Inspec.resource(1)
-    # Resource requires an internal name.
-    name "podman"
-
-    # Restrict to only run on the below platforms (if none were given,
-    # all OS's and cloud API's supported)
-    supports platform: "unix"
-
-    desc "A resource to retrieve information about podman"
-
-    example <<~EXAMPLE
-      describe podman.containers do
-        its('images') { should include "docker.io/library/ubuntu:latest" }
-      end
-
-      describe podman.images do
-        its('names') { should_not include "docker.io/library/ubuntu:latest" }
-      end
-
-      describe podman.pods do
-        its("ids") { should include "95cadbb84df71e6374fceb3fd89ee3b8f2c7e1a831062cd9cea7d0e3e4b1dbcc" }
-      end
-
-      describe podman.info.host do
-        its("os") { should eq "linux"}
-      end
-
-      describe podman.version do
-        its("Client.Version") { should eq "4.1.0"}
-      end
-
-      podman.containers.ids.each do |id|
-        # call podman inspect for a specific container id
-        describe podman.object(id) do
-          its("State.OciVersion") { should eq "1.0.2-dev" }
-          its("State.Running") { should eq true}
-        end
-      end
-    EXAMPLE
-
-    def containers
-      PodmanContainerFilter.new(parse_containers)
-    end
-
-    def images
-      PodmanImageFilter.new(parse_images)
-    end
-
-    def networks
-      PodmanNetworkFilter.new(parse_networks)
-    end
-
-    def pods
-      PodmanPodFilter.new(parse_pods)
-    end
-
-    def volumes
-      PodmanVolumeFilter.new(parse_volumes)
-    end
-
-    def version
-      return @version if defined?(@version)
-
-      sub_cmd = "version --format json"
-      output = run_command(sub_cmd)
-      @version = Hashie::Mash.new(JSON.parse(output))
-    rescue JSON::ParserError => _e
-      Hashie::Mash.new({})
-    end
-
-    def info
-      return @info if defined?(@info)
-
-      sub_cmd = "info --format json"
-      output = run_command(sub_cmd)
-      @info = Hashie::Mash.new(JSON.parse(output))
-    rescue JSON::ParserError => _e
-      Hashie::Mash.new({})
-    end
-
-    # returns information about podman objects
-    def object(id)
-      return @inspect if defined?(@inspect)
-
-      output = run_command("inspect #{id} --format json")
-      data = JSON.parse(output)
-      data = data[0] if data.is_a?(Array)
-      @inspect = Hashie::Mash.new(data)
-    rescue JSON::ParserError => _e
-      Hashie::Mash.new({})
-    end
-
-    def to_s
-      "Podman"
-    end
-
-    private
-
-    # Calls the run_command method to get all podman containers and parse the command output.
-    # Returns the parsed command output.
-    def parse_containers
-      labels = %w{ID Image ImageID Command CreatedAt RunningFor Status Pod Ports Size Names Networks Labels Mounts}
-      parse_json_command(labels, "ps -a --no-trunc --size")
-    end
-
-    # Calls the run_command method to get all podman images and parse the command output.
-    # Returns the parsed command output.
-    def parse_images
-      labels = %w{ID Repository Tag Size Digest CreatedAt CreatedSince History}
-      parse_json_command(labels, "images -a --no-trunc")
-    end
-
-    # Calls the run_command method to get all podman network list and parse the command output.
-    # Returns the parsed command output.
-    def parse_networks
-      labels = %w{ID Name Driver Labels Options IPAMOptions Created Internal IPv6Enabled DNSEnabled NetworkInterface Subnets}
-      parse_json_command(labels, "network ls --no-trunc")
-    end
-
-    # Calls the run_command method to get all podman pod list and parse the command output.
-    # Returns the parsed command output.
-    def parse_pods
-      sub_cmd = "pod ps --no-trunc --format json"
-      output = run_command(sub_cmd)
-      parse(output)
-    end
-
-    # Calls the run_command method to get all podman volume list and parse the command output.
-    # Returns the parsed command output.
-    def parse_volumes
-      sub_cmd = "volume ls --format json"
-      output = run_command(sub_cmd)
-      parse(output)
-    end
-
-    # Runs the given podman command on the host machine on which podman is installed
-    # Returns the command output or raises the command execution error.
-    def run_command(subcommand)
-      result = inspec.command("podman #{subcommand}")
-      if result.stderr.empty?
-        result.stdout
-      else
-        raise "Error while running command \'podman #{subcommand}\' : #{result.stderr}"
-      end
-    end
-
-    def parse_json_command(labels, subcommand)
-      # build command
-      format = labels.map { |label| "\"#{label}\": {{json .#{label}}}" }
-      raw = inspec.command("podman #{subcommand} --format '{#{format.join(", ")}}'").stdout
-      output = []
-
-      raw.each_line do |entry|
-        # convert all keys to lower_case to work well with ruby and filter table
-        row = JSON.parse(entry).map do |key, value|
-          [key.downcase, value]
-        end.to_h
-
-        # ensure all keys are there
-        row = ensure_keys(row, labels)
-        output.push(row)
-      end
-
-      output
-    rescue JSON::ParserError => _e
-      warn "Could not parse `podman #{subcommand}` output"
-      []
-    end
-
-    def ensure_keys(entry, labels)
-      labels.each do |key|
-        entry[key.downcase] = nil unless entry.key?(key.downcase)
-      end
-      entry
-    end
-
-    # Method to parse JDON content.
-    # Returns: Parsed data.
-    def parse(content)
-      require "json" unless defined?(JSON)
-      output = JSON.parse(content)
-      parsed_output = []
-      output.each do |entry|
-        entry = entry.map do |k, v|
-          [k.downcase, v]
-        end.to_h
-        parsed_output << entry
-      end
-      parsed_output
-    rescue => e
-      raise Inspec::Exceptions::ResourceFailed, "Unable to parse command JSON output: #{e.message}"
-    end
-  end
-
-  # class for podman.containers plural resource
-  class PodmanContainerFilter
-    filter = FilterTable.create
-    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
-    filter.register_column(:commands,   field: "command")
-      .register_column(:ids,            field: "id")
-      .register_column(:created_at,     field: "createdat")
-      .register_column(:images,         field: "image")
-      .register_column(:names,          field: "names")
-      .register_column(:status,         field: "status")
-      .register_column(:image_ids,      field: "image_id")
-      .register_column(:labels,         field: "labels", style: :simple)
-      .register_column(:mounts,         field: "mounts")
-      .register_column(:networks,       field: "networks")
-      .register_column(:pods,           field: "pod")
-      .register_column(:ports,          field: "ports")
-      .register_column(:sizes,          field: "size")
-      .register_column(:running_for,    field: "running_for")
-      .register_custom_matcher(:running?) do |x|
-        x.where { status.downcase.start_with?("up") }
-      end
-    filter.install_filter_methods_on_resource(self, :containers)
-
-    attr_reader :containers
-    def initialize(containers)
-      @containers = containers
-    end
-
-    def to_s
-      "Podman Containers"
-    end
-
-    def resource_id
-      "Podman Containers"
-    end
-  end
-
-  # class for podman.images plural resource
-  class PodmanImageFilter
-    filter = FilterTable.create
-    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
-    filter.register_column(:ids,       field: "id")
-      .register_column(:repositories,  field: "repository")
-      .register_column(:tags,          field: "tag")
-      .register_column(:sizes,         field: "size")
-      .register_column(:digests,       field: "digest")
-      .register_column(:created_at,    field: "createdat")
-      .register_column(:created_since, field: "createdsince")
-      .register_column(:history,       field: "history")
-    filter.install_filter_methods_on_resource(self, :images)
-
-    attr_reader :images
-    def initialize(images)
-      @images = images
-    end
-
-    def to_s
-      "Podman Images"
-    end
-
-    def resource_id
-      "Podman Images"
-    end
-  end
-
-  class PodmanNetworkFilter
-    filter = FilterTable.create
-    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
-      .register_column(:ids,                  field: "id")
-      .register_column(:names,                field: "name")
-      .register_column(:drivers,              field: "driver")
-      .register_column(:network_interfaces,   field: "networkinterface")
-      .register_column(:created,              field: "created")
-      .register_column(:subnets,              field: "subnets")
-      .register_column(:ipv6_enabled,         field: "ipv6enabled")
-      .register_column(:internal,             field: "internal")
-      .register_column(:dns_enabled,          field: "dnsenabled")
-      .register_column(:ipam_options,         field: "ipamoptions")
-      .register_column(:options,              field: "options")
-      .register_column(:labels,               field: "labels")
-    filter.install_filter_methods_on_resource(self, :networks)
-
-    attr_reader :networks
-    def initialize(networks)
-      @networks = networks
-    end
-
-    def to_s
-      "Podman Networks"
-    end
-
-    def resource_id
-      "Podman Networks"
-    end
-  end
-
-  class PodmanPodFilter
-    filter = FilterTable.create
-    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
-      .register_column(:ids,                  field: "id")
-      .register_column(:cgroups,              field: "cgroup")
-      .register_column(:containers,           field: "containers")
-      .register_column(:created,              field: "created")
-      .register_column(:infraids,             field: "infraid")
-      .register_column(:names,                field: "name")
-      .register_column(:namespaces,           field: "namespace")
-      .register_column(:networks,             field: "networks")
-      .register_column(:status,               field: "status")
-      .register_column(:labels,               field: "labels")
-    filter.install_filter_methods_on_resource(self, :pods)
-
-    attr_reader :pods
-    def initialize(pods)
-      @pods = pods
-    end
-
-    def to_s
-      "Podman Pods"
-    end
-
-    def resource_id
-      "Podman Pods"
-    end
-  end
-
-  class PodmanVolumeFilter
-    filter = FilterTable.create
-    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
-      .register_column(:names,              field: "name")
-      .register_column(:drivers,            field: "driver")
-      .register_column(:mountpoints,        field: "mountpoint")
-      .register_column(:createdat,          field: "createdat")
-      .register_column(:labels,             field: "labels")
-      .register_column(:scopes,             field: "scope")
-      .register_column(:options,            field: "options")
-      .register_column(:mountcount,         field: "mountcount")
-      .register_column(:needscopyup,        field: "needscopyup")
-      .register_column(:needschown,         field: "needschown")
-    filter.install_filter_methods_on_resource(self, :volumes)
-
-    attr_reader :volumes
-    def initialize(volumes)
-      @volumes = volumes
-    end
-
-    def to_s
-      "Podman Volumes"
-    end
-
-    def resource_id
-      "Podman Volumes"
-    end
-  end
-end

data/lib/inspec/resources/podman_container.rb

@@ -1,84 +0,0 @@
-require "inspec/resources/podman"
-require_relative "docker_object"
-
-# Change module if required
-module Inspec::Resources
-  class PodmanContainer < Inspec.resource(1)
-    include Inspec::Resources::DockerObject
-    name "podman_container"
-    supports platform: "unix"
-
-    desc "Inspec core resource to retrieve information about podman container"
-
-    example <<~EXAMPLE
-        describe podman_container("sweet_mendeleev") do
-          it { should exist }
-          it { should be_running }
-          its("id") { should eq "591270d8d80d26671fd6ed622f367fbe19004d16e3b519c292313feb5f22e7f7" }
-          its("image") { should eq "docker.io/library/nginx:latest" }
-          its("labels") { should include "maintainer"=>"NGINX Docker Maintainers <docker-maint@nginx.com>" }
-          its("ports") { should eq nil }
-        end
-
-        describe podman_container(id: "591270d8d80d2667") do
-          it { should exist }
-          it { should be_running }
-        end
-    EXAMPLE
-
-    def initialize(opts = {})
-      skip_resource "The `podman_container` resource is not yet available on your OS." unless inspec.os.unix?
-
-      # if a string is provided, we expect it is the name
-      if opts.is_a?(String)
-        @opts = { name: opts }
-      else
-        @opts = opts
-      end
-    end
-
-    def running?
-      status.downcase.start_with?("up") if object_info.entries.length == 1
-    end
-
-    def status
-      object_info.status[0] if object_info.entries.length == 1
-    end
-
-    def labels
-      object_info.labels
-    end
-
-    def ports
-      object_info.ports[0] if object_info.entries.length == 1
-    end
-
-    def command
-      return unless object_info.entries.length == 1
-
-      object_info.commands[0]
-    end
-
-    def image
-      object_info.images[0] if object_info.entries.length == 1
-    end
-
-    def resource_id
-      object_info.ids[0] || @opts[:id] || @opts[:name] || ""
-    end
-
-    def to_s
-      name = @opts[:name] || @opts[:id]
-      "Podman Container #{name}"
-    end
-
-    private
-
-    def object_info
-      return @info if defined?(@info)
-
-      opts = @opts
-      @info = inspec.podman.containers.where { names == opts[:name] || (!id.nil? && !opts[:id].nil? && (id == opts[:id] || id.start_with?(opts[:id]))) }
-    end
-  end
-end

data/lib/inspec/resources/podman_image.rb

@@ -1,108 +0,0 @@
-require "inspec/resources/command"
-require_relative "docker_object"
-require "inspec/utils/podman"
-
-module Inspec::Resources
-  class PodmanImage < Inspec.resource(1)
-    include Inspec::Resources::DockerObject
-    include Inspec::Utils::Podman
-
-    name "podman_image"
-    supports platform: "unix"
-
-    desc "InSpec core resource to retrieve information about podman image"
-
-    example <<~EXAMPLE
-      describe podman_image("docker.io/library/busybox") do
-        it { should exist }
-        its("repo_tags") { should include "docker.io/library/busybox:latest" }
-        its("size") { should eq 1636053 }
-        its("resource_id") { should eq "docker.io/library/busybox:latest" }
-      end
-
-      describe podman_image("docker.io/library/busybox:latest") do
-        it { should exist }
-      end
-
-      describe podman_image(repo: "docker.io/library/busybox", tag: "latest") do
-        it { should exist }
-      end
-
-      describe podman_image(id: "3c19bafed223") do
-        it { should exist }
-      end
-    EXAMPLE
-
-    attr_reader :opts, :image_info
-
-    def initialize(opts)
-      skip_resource "The `podman_image` resource is not yet available on your OS." unless inspec.os.unix?
-      opts = { image: opts } if opts.is_a?(String)
-      @opts = sanitize_options(opts)
-      raise Inspec::Exceptions::ResourceFailed, "Podman is not running. Please make sure it is installed and running." unless podman_running?
-
-      @image_info = get_image_info
-    end
-
-    LABELS = {
-      "id" => "ID",
-      "repo_tags" => "RepoTags",
-      "size" => "Size",
-      "digest" => "Digest",
-      "created_at" => "Created",
-      "version" => "Version",
-      "names_history" => "NamesHistory",
-      "repo_digests" => "RepoDigests",
-      "architecture" => "Architecture",
-      "os" => "Os",
-      "virtual_size" => "VirtualSize",
-    }.freeze
-
-    ## This creates all the required properties methods dynamically.
-    LABELS.each do |k, v|
-      define_method(k) do
-        image_info[k.to_s]
-      end
-    end
-
-    def exist?
-      ! image_info.empty?
-    end
-
-    def resource_id
-      opts[:id] || opts[:image] || ""
-    end
-
-    def to_s
-      "podman_image #{resource_id}"
-    end
-
-    private
-
-    def sanitize_options(opts)
-      opts.merge!(parse_components_from_image(opts[:image]))
-
-      # assume a "latest" tag if we don't have one
-      opts[:tag] ||= "latest"
-
-      # Assemble/reassemble the image from the repo and tag
-      opts[:image] = "#{opts[:repo]}:#{opts[:tag]}" unless opts[:repo].nil?
-
-      opts
-    end
-
-    def get_image_info
-      current_image = opts[:id] || opts[:image] || opts[:repo] + ":" + opts[:tag]
-      json_key_label = generate_go_template(LABELS)
-      podman_inspect_cmd = inspec.command("podman image inspect #{current_image} --format '{#{json_key_label}}'")
-
-      if podman_inspect_cmd.exit_status == 0
-        parse_command_output(podman_inspect_cmd.stdout)
-      elsif podman_inspect_cmd.stderr =~ /failed to find image/
-        {}
-      else
-        raise Inspec::Exceptions::ResourceFailed, "Unable to retrieve podman image information for #{current_image}.\nError message: #{podman_inspect_cmd.stderr}"
-      end
-    end
-  end
-end