inspec-core 6.8.24 → 7.0.38.beta

data/lib/inspec/resources/docker_image.rb

@@ -1,141 +0,0 @@
-#
-# Copyright 2017, Christoph Hartmann
-
-require "inspec/resources/docker"
-require_relative "docker_object"
-
-module Inspec::Resources
-  class DockerImage < Inspec.resource(1)
-    include Inspec::Resources::DockerObject
-
-    name "docker_image"
-    supports platform: "unix"
-    desc ""
-    example <<~EXAMPLE
-      describe docker_image('alpine:latest') do
-        it { should exist }
-        its('id') { should_not eq '' }
-        its('image') { should eq 'alpine:latest' }
-        its('repo') { should eq 'alpine' }
-        its('tag') { should eq 'latest' }
-      end
-
-      describe docker_image('alpine:latest') do
-        it { should exist }
-      end
-
-      describe docker_image(id: '4a415e366388') do
-        it { should exist }
-      end
-    EXAMPLE
-
-    def initialize(opts = {})
-      # do sanitizion of input values
-      o = opts.dup
-      o = { image: opts } if opts.is_a?(String)
-      @opts = sanitize_options(o)
-    end
-
-    def image
-      "#{repo}:#{tag}" if object_info.entries.size == 1
-    end
-
-    def repo
-      object_info.repositories[0] if object_info.entries.size == 1
-    end
-
-    def tag
-      object_info.tags[0] if object_info.entries.size == 1
-    end
-
-    # method_missing handles when hash_keys are invoked to check information obtained on docker inspect [image_name]
-    def method_missing(*hash_keys)
-      # User can test the low-level inspect information in three ways:
-      # Way 1: Serverspec style: its(['Config.Cmd']) { should include some_value }
-      #        here, the value for hash_keys recieved is [:[], "Config.Cmd"]
-      # Way 2: InSpec style: its(['Config','Cmd']) { should include some_value }
-      #        here, the value for hash_keys recieved is [:[], "Config", "Cmd"]
-      # Way 3: Mix of both: its(['GraphDriver.Data','MergedDir']) { should include some_value }
-      #        here, the value for hash_keys recieved is [:[], "GraphDriver.Data", "MergedDir"]
-
-      # hash_keys are passed to this method to evaluate the value
-      image_hash_inspection(hash_keys)
-    end
-
-    # inspection property allows to test any of the hash key-value pairs as part of the image_inspect_info
-    def inspection
-      image_inspect_info
-    end
-
-    def to_s
-      img = @opts[:image] || @opts[:id]
-      "Docker Image #{img}"
-    end
-
-    def resource_id
-      object_info.ids[0] || @opts[:id] || @opts[:image] || ""
-    end
-
-    private
-
-    def sanitize_options(opts)
-      opts.merge!(parse_components_from_image(opts[:image]))
-
-      # assume a "latest" tag if we don't have one
-      opts[:tag] ||= "latest"
-
-      # if the ID isn't nil and doesn't contain a hash indicator (indicated by the presence
-      # of a colon, which separates the indicator from the actual hash), we assume it's sha256.
-      opts[:id] = "sha256:" + opts[:id] unless opts[:id].nil? || opts[:id].include?(":")
-
-      # Assemble/reassemble the image from the repo and tag
-      opts[:image] = "#{opts[:repo]}:#{opts[:tag]}" unless opts[:repo].nil?
-
-      # return the santized opts back to the caller
-      opts
-    end
-
-    def object_info
-      return @info if defined?(@info)
-
-      opts = @opts
-      @info = inspec.docker.images.where do
-        (repository == opts[:repo] && tag == opts[:tag]) || (!id.nil? && !opts[:id].nil? && (id == opts[:id] || id.start_with?(opts[:id])))
-      end
-    end
-
-    # image_inspect_info returns the complete inspect hash_values of the image
-    def image_inspect_info
-      return @inspect_info if defined?(@inspect_info)
-
-      @inspect_info = inspec.docker.object(@opts[:image] || (!@opts[:id].nil? && @opts[:id]))
-    end
-
-    # image_hash_inspection formats the input hash_keys and checks if any value exists for such keys in @inspect_info(image_inspect_info)
-    def image_hash_inspection(hash_keys)
-      # The hash_keys recieved are in three formats as mentioned in method_missing
-      # The hash_keys recieved must be in array format [] and the zeroth index must be :[]
-      # Check for the conditions and remove the zeroth element from the hash_keys
-
-      hash_keys.shift if hash_keys.is_a?(Array) && hash_keys[0] == :[]
-
-      # When received hash_keys in Serverspec style or mix of both
-      # The hash_keys are to be splitted at '.' (dot) and flatten it so that it doesn't become array of arrays
-      # After splitting and flattening is done, hash_keys is now an array with individual keys
-      hash_keys = hash_keys.map { |key| key.split(".") }.flatten
-
-      # image_inspect_info returns the complete inspect hash_values of the image
-      # dig() finds the nested value specified by the sequence of the key object by calling dig at each step.
-      # hash_keys is the key object. If one of the key is bad, value will be nil.
-      hash_value = image_inspect_info.dig(*hash_keys)
-
-      # If one of the key is bad, hash_value will be nil, so raise exception which throws it in rescue block
-      # else return hash_value
-      raise Inspec::Exceptions::ResourceFailed if hash_value.nil?
-
-      hash_value
-    rescue
-      raise Inspec::Exceptions::ResourceFailed, "#{hash_keys.join(".")} is not a valid key for your image or has nil value."
-    end
-  end
-end

data/lib/inspec/resources/docker_object.rb

@@ -1,52 +0,0 @@
-#
-# Copyright 2017, Christoph Hartmann
-#
-
-module Inspec::Resources::DockerObject
-  def exist?
-    object_info.exists?
-  end
-
-  def id
-    object_info.ids[0] if object_info.entries.size == 1
-  end
-
-  private
-
-  def parse_components_from_image(image_string)
-    # if the user did not supply an image string, they likely supplied individual
-    # option parameters, such as repo and tag. Return empty data back to the caller.
-    return {} if image_string.nil?
-
-    first_colon = image_string.index(":") || -1
-    first_slash = image_string.index("/") || -1
-
-    if image_string.count(":") == 2
-      # If there are two colons in the image string, it contains a repo-with-port and a tag.
-      # example: localhost:5000/chef/inspec:1.46.3
-      partitioned_string = image_string.rpartition(":")
-      repo = partitioned_string.first
-      tag = partitioned_string.last
-      image_name = repo.split("/")[1..-1].join
-    elsif image_string.count(":") == 1 && first_colon < first_slash
-      # If there's one colon in the image string, and it comes before a forward-slash,
-      # it contains a repo-with-port but no tag.
-      # example: localhost:5000/ubuntu
-      repo = image_string
-      tag = nil
-      image_name = repo.split("/")[1..-1].join
-    else
-      # If there's one colon in the image string and it doesn't preceed a slash, or if
-      # there is no colon at all, then it separates the repo from the tag, if there is a tag.
-      # example: chef/inspec:1.46.3
-      # example: chef/inspec
-      # example: ubuntu:14.04
-      repo, tag = image_string.split(":")
-      image_name = repo
-    end
-
-    # return the repo, image_name and tag parsed from the string, which can be merged into
-    # the rest of the user-supplied options
-    { repo: repo, image_name: image_name, tag: tag }
-  end
-end

data/lib/inspec/resources/docker_plugin.rb

@@ -1,68 +0,0 @@
-require "inspec/resources/docker"
-
-module Inspec::Resources
-  class DockerPlugin < Inspec.resource(1)
-    name "docker_plugin"
-    supports platform: "unix"
-    desc "Retrieves info about docker plugins"
-    example <<~EXAMPLE
-      describe docker_plugin('rexray/ebs') do
-        it { should exist }
-        its('id') { should_not eq '0ac30b93ad40' }
-        its('version') { should eq '0.11.1' }
-        it { should be_enabled }
-      end
-
-      describe docker_plugin('alpine:latest') do
-        it { should exist }
-      end
-
-      describe docker_plugin(id: '4a415e366388') do
-        it { should exist }
-      end
-    EXAMPLE
-
-    def initialize(opts = {})
-      # do sanitizion of input values
-      o = opts.dup
-      o = { name: opts } if opts.is_a?(String)
-      @opts = o
-    end
-
-    def exist?
-      object_info.entries.size == 1
-    end
-
-    def enabled?
-      object_info.enabled[0]
-    end
-
-    def id
-      object_info.ids[0] if object_info.entries.size == 1
-    end
-
-    def version
-      object_info.versions[0] if object_info.entries.size == 1
-    end
-
-    def to_s
-      plugin = @opts[:name] || @opts[:id]
-      "Docker plugin #{plugin}"
-    end
-
-    def resource_id
-      id || @opts[:id] || @opts[:name] || ""
-    end
-
-    private
-
-    def object_info
-      return @info if defined?(@info)
-
-      opts = @opts
-      @info = inspec.docker.plugins.where do
-        (name == opts[:name]) || (!id.nil? && !opts[:id].nil? && (id == opts[:id]))
-      end
-    end
-  end
-end

data/lib/inspec/resources/docker_service.rb

@@ -1,95 +0,0 @@
-#
-# Copyright 2017, Christoph Hartmann
-
-require "inspec/resources/docker"
-require_relative "docker_object"
-
-module Inspec::Resources
-  class DockerService < Inspec.resource(1)
-    include Inspec::Resources::DockerObject
-
-    name "docker_service"
-    supports platform: "unix"
-    desc "Swarm-mode service"
-    example <<~EXAMPLE
-      describe docker_service('service1') do
-        it { should exist }
-        its('id') { should_not eq '' }
-        its('image') { should eq 'alpine:latest' }
-        its('repo') { should eq 'alpine' }
-        its('tag') { should eq 'latest' }
-      end
-
-      describe docker_service(id: '4a415e366388') do
-        it { should exist }
-      end
-
-      describe docker_service(image: 'alpine:latest') do
-        it { should exist }
-      end
-    EXAMPLE
-
-    def initialize(opts = {})
-      # do sanitizion of input values
-      o = opts.dup
-      o = { name: opts } if opts.is_a?(String)
-      @opts = sanitize_options(o)
-    end
-
-    def name
-      object_info.names[0] if object_info.entries.size == 1
-    end
-
-    def image
-      object_info.images[0] if object_info.entries.size == 1
-    end
-
-    def image_name
-      parse_components_from_image(image)[:image_name] if object_info.entries.size == 1
-    end
-
-    def repo
-      parse_components_from_image(image)[:repo] if object_info.entries.size == 1
-    end
-
-    def tag
-      parse_components_from_image(image)[:tag] if object_info.entries.size == 1
-    end
-
-    def mode
-      object_info.modes[0] if object_info.entries.size == 1
-    end
-
-    def replicas
-      object_info.replicas[0] if object_info.entries.size == 1
-    end
-
-    def ports
-      object_info.ports[0] if object_info.entries.size == 1
-    end
-
-    def to_s
-      service = @opts[:name] || @opts[:id]
-      "Docker Service #{service}"
-    end
-
-    def resource_id
-      object_info.ids[0] || @opts[:id] || @opts[:name] || ""
-    end
-
-    private
-
-    def sanitize_options(opts)
-      opts.merge(parse_components_from_image(opts[:image]))
-    end
-
-    def object_info
-      return @info if defined?(@info)
-
-      opts = @opts
-      @info = inspec.docker.services.where do
-        name == opts[:name] || image == opts[:image] || (!id.nil? && !opts[:id].nil? && (id == opts[:id] || id.start_with?(opts[:id])))
-      end
-    end
-  end
-end

data/lib/inspec/resources/elasticsearch.rb

@@ -1,165 +0,0 @@
-require "inspec/utils/filter"
-require "hashie/mash"
-require "inspec/resources/package"
-
-module Inspec::Resources
-  class Elasticsearch < Inspec.resource(1)
-    name "elasticsearch"
-    supports platform: "unix"
-    desc "Use the Elasticsearch InSpec audit resource to test the status of nodes in
-      an Elasticsearch cluster."
-
-    example <<~EXAMPLE
-      describe elasticsearch('http://eshost.mycompany.biz:9200/', username: 'elastic', password: 'changeme', ssl_verify: false) do
-        its('node_count') { should >= 3 }
-      end
-
-      describe elasticsearch do
-        its('node_name') { should include 'node1' }
-        its('os') { should_not include 'MacOS' }
-        its('version') { should cmp > 1.2.0 }
-      end
-    EXAMPLE
-
-    filter = FilterTable.create
-    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
-    filter.register_column(:cluster_name,          field: "cluster_name")
-      .register_column(:node_name,             field: "name")
-      .register_column(:transport_address,     field: "transport_address")
-      .register_column(:host,                  field: "host")
-      .register_column(:ip,                    field: "ip")
-      .register_column(:version,               field: "version")
-      .register_column(:build_hash,            field: "build_hash")
-      .register_column(:total_indexing_buffer, field: "total_indexing_buffer")
-      .register_column(:roles,                 field: "roles")
-      .register_column(:settings,              field: "settings")
-      .register_column(:os,                    field: "os")
-      .register_column(:process,               field: "process")
-      .register_column(:jvm,                   field: "jvm")
-      .register_column(:transport,             field: "transport")
-      .register_column(:http,                  field: "http")
-      .register_column(:plugins,               field: "plugins")
-      .register_column(:plugin_list,           field: "plugin_list")
-      .register_column(:modules,               field: "modules")
-      .register_column(:module_list,           field: "module_list")
-      .register_column(:node_id,               field: "node_id")
-      .register_column(:ingest,                field: "ingest")
-      .register_custom_property(:node_count) do |t, _|
-        t.entries.length
-      end
-
-    filter.install_filter_methods_on_resource(self, :nodes)
-
-    attr_reader :nodes, :url
-
-    def initialize(opts = {})
-      return skip_resource "Package `curl` not avaiable on the host" unless inspec.command("curl").exist?
-
-      @url = opts.fetch(:url, "http://localhost:9200")
-
-      username   = opts.fetch(:username, nil)
-      password   = opts.fetch(:password, nil)
-      ssl_verify = opts.fetch(:ssl_verify, true)
-
-      cmd = inspec.command(curl_command_string(username, password, ssl_verify))
-
-      # after implementation of PR #2235, this begin..rescue won't be necessary.
-      # The checks in verify_curl_success! can raise their own skip message exception.
-      begin
-        verify_curl_success!(cmd)
-      rescue => e
-        return skip_resource e.message
-      end
-
-      begin
-        content = JSON.parse(cmd.stdout)
-        # after implementation of PR #2235, this can be broken out of the begin..rescue
-        # clause. The checks in verify_json_payload! can raise their own skip message exception.
-        verify_json_payload!(content)
-      rescue JSON::ParserError => e
-        return skip_resource "Couldn't parse the Elasticsearch response: #{e.message}"
-      rescue => e
-        return skip_resource e.message
-      end
-
-      @nodes = parse_cluster(content)
-    end
-
-    def to_s
-      "Elasticsearch Cluster #{url}"
-    end
-
-    private
-
-    def parse_cluster(content)
-      return [] unless content["nodes"]
-
-      nodes = []
-
-      content["nodes"].each do |node_id, node_data|
-        node_data = fix_mash_key_collision(node_data)
-
-        node = Hashie::Mash.new(node_data)
-        node.node_id = node_id
-        node.plugin_list = node.plugins.map(&:name)
-        node.module_list = node.modules.map(&:name)
-        node.cluster_name = node.settings.cluster.name
-        nodes << node
-      end
-
-      nodes
-    end
-
-    #
-    # Hashie::Mash will throw warnings if the Mash contains a key that is the same as a built-in
-    # method on a Hashie::Mash instance. This is a crude way of avoiding those warnings without
-    # hard-coding a bunch of key renames.
-    #
-    # Any key that is in conflict will be renamed "es_ORIGINALKEY"
-    #
-    def fix_mash_key_collision(data)
-      test_mash = Hashie::Mash.new
-
-      new_data = {}
-      data.each do |key, value|
-        new_key = test_mash.respond_to?(key.to_sym) ? "es_#{key}" : key
-        new_value = value.is_a?(Hash) ? fix_mash_key_collision(value) : value
-
-        new_data[new_key] = new_value
-      end
-
-      new_data
-    end
-
-    def curl_command_string(username, password, ssl_verify)
-      cmd_string = ["curl"]
-      cmd_string << "-k" unless ssl_verify
-      cmd_string << "-H 'Content-Type: application/json'"
-      cmd_string << " -u #{username}:#{password}" unless username.nil? || password.nil?
-      cmd_string << URI.join(url, "_nodes")
-
-      cmd_string.join(" ")
-    end
-
-    def verify_curl_success!(cmd)
-      # the following lines captures known possible curl command errors and provides compact skip resource messeges
-      if cmd.stderr =~ /Failed to connect/
-        raise "Connection refused - please check the URL #{url} for accuracy"
-      end
-
-      if cmd.stderr =~ /Peer's Certificate issuer is not recognized/
-        raise "Connection refused - peer certificate issuer is not recognized"
-      end
-
-      raise "Error fetching Elastcsearch data from curl #{url}: #{cmd.stderr}" unless cmd.exit_status == 0
-    end
-
-    def verify_json_payload!(content)
-      unless content["error"].nil?
-        raise "#{content["error"]["type"]}: #{content["error"]["reason"]}"
-      end
-
-      raise "No successful nodes available in cluster" if content["_nodes"]["successful"] == 0
-    end
-  end
-end

data/lib/inspec/resources/ibmdb2_conf.rb

@@ -1,65 +0,0 @@
-module Inspec::Resources
-  class Ibmdb2Conf < Inspec.resource(1)
-    name "ibmdb2_conf"
-
-    supports platform: "unix"
-    supports platform: "windows"
-
-    desc "Use the ibmdb2_conf InSpec audit resource to test the configuration values of IBM Db2 database."
-    example <<~EXAMPLE
-      describe ibmdb2_conf(db2_executable_file_path: "path_to_db2_binary", db_instance: "db2inst1") do
-        its("output") { should_not be_empty }
-        its("output") { should include("Audit buffer size (4KB) (AUDIT_BUF_SZ) = 0")}
-      end
-    EXAMPLE
-
-    attr_reader :output
-
-    def initialize(opts = {})
-      if inspec.os.platform?("unix")
-        @db2_executable_file_path = opts[:db2_executable_file_path]
-        @db_instance = opts[:db_instance]
-        raise Inspec::Exceptions::ResourceFailed, "Can't connect to IBM DB2 without db2_executable_file_path, db_instance options provided." if @db2_executable_file_path.nil? || @db_instance.nil?
-      end
-      @output = run_command
-    end
-
-    def resource_id
-      if inspec.os.platform?("windows")
-        "ibmdb2_conf"
-      else
-        "ibmdb2_conf:DatabaseInstance:#{@db_instance}"
-      end
-    end
-
-    def to_s
-      "IBM Db2 Conf"
-    end
-
-    private
-
-    def run_command
-      # attach to the db2 instance and get the configuration
-      if inspec.os.platform?("unix")
-        cmd = inspec.command("#{@db2_executable_file_path} attach to #{@db_instance}\; #{@db2_executable_file_path} get database manager configuration")
-        out = cmd.stdout + "\n" + cmd.stderr
-
-        # check if following specific error is there. Sourcing the db2profile to resolve the error.
-        if cmd.exit_status != 0 && out =~ /SQL10007N Message "-1390" could not be retrieved.  Reason code: "3"/
-          cmd = inspec.command(". ~/sqllib/db2profile\; #{@db2_executable_file_path} attach to #{@db_instance}\; #{@db2_executable_file_path} get database manager configuration")
-          out = cmd.stdout + "\n" + cmd.stderr
-        end
-      elsif inspec.os.platform?("windows")
-        # set-item command set the powershell to run the db2 commands.
-        cmd = inspec.command("set-item -path env:DB2CLP -value \"**$$**\"\; db2 get database manager configuration")
-        out = cmd.stdout + "\n" + cmd.stderr
-      end
-
-      if cmd.exit_status != 0 || out =~ /Can't connect to IBM Db2 server/ || out.downcase =~ /^error:.*/
-        raise Inspec::Exceptions::ResourceFailed, "IBM Db2 query with error: #{out}"
-      else
-        cmd.stdout.gsub(/\n|\r/, ",").split(",").reject { |n| n.nil? || n.empty? }.map { |n| n.strip.gsub!(/\s+/, " ") }
-      end
-    end
-  end
-end

data/lib/inspec/resources/ibmdb2_session.rb

@@ -1,78 +0,0 @@
-module Inspec::Resources
-  class Lines
-    attr_reader :output, :exit_status
-
-    def initialize(raw, desc, exit_status)
-      @output = raw
-      @desc = desc
-      @exit_status = exit_status
-    end
-
-    def to_s
-      @desc
-    end
-  end
-
-  class Ibmdb2Session < Inspec.resource(1)
-    name "ibmdb2_session"
-
-    supports platform: "unix"
-    supports platform: "windows"
-
-    desc "Use the ibmdb2_session InSpec audit resource to test SQL commands run against a IBM Db2 database."
-    example <<~EXAMPLE
-      describe ibmdb2_session(db2_executable_file_path: "path_to_db2_binary", db_instance: "db2inst1", db_name: "sample").query('list database directory') do
-        its('output') { should_not match(/sample/) }
-      end
-    EXAMPLE
-
-    def initialize(opts = {})
-      @db_name = opts[:db_name]
-      if inspec.os.platform?("unix")
-        @db2_executable_file_path = opts[:db2_executable_file_path]
-        @db_instance = opts[:db_instance]
-        raise Inspec::Exceptions::ResourceFailed, "Can't run IBM DB2 queries without db2_executable_file_path, db_instance, db_name options provided." if @db2_executable_file_path.nil? || @db_instance.nil? || @db_name.nil?
-      elsif inspec.os.platform?("windows")
-        raise Inspec::Exceptions::ResourceFailed, "Can't run IBM DB2 queries without db_name option provided." if @db_name.nil?
-      end
-    end
-
-    def query(q)
-      raise Inspec::Exceptions::ResourceFailed, "#{resource_exception_message}" if resource_failed?
-
-      if inspec.os.platform?("unix")
-        # connect to the db and query on the database
-        cmd = inspec.command("#{@db2_executable_file_path} attach to #{@db_instance}\; #{@db2_executable_file_path} connect to #{@db_name}\; #{@db2_executable_file_path} #{q}\;")
-        out = cmd.stdout + "\n" + cmd.stderr
-
-        # check if following specific error is there. Sourcing the db2profile to resolve the error.
-        if cmd.exit_status != 0 && out =~ /SQL10007N Message "-1390" could not be retrieved.  Reason code: "3"/
-          cmd = inspec.command(". ~/sqllib/db2profile\; #{@db2_executable_file_path} attach to #{@db_instance}\; #{@db2_executable_file_path} connect to #{@db_name}\; #{@db2_executable_file_path} \"#{q}\"\;")
-          out = cmd.stdout + "\n" + cmd.stderr
-        end
-      elsif inspec.os.platform?("windows")
-        # set-item command set the powershell to run the db2 commands.
-        cmd = inspec.command("set-item -path env:DB2CLP -value \"**$$**\"\; db2 connect to #{@db_name}\; db2 \"#{q}\"\;")
-        out = cmd.stdout + "\n" + cmd.stderr
-      end
-
-      if cmd.exit_status != 0 || out =~ /Can't connect to IBM Db2 / || out.downcase =~ /^error:.*/
-        raise Inspec::Exceptions::ResourceFailed, "IBM Db2 connection error: #{out}"
-      else
-        Lines.new(cmd.stdout.strip, "IBM Db2 Query: #{q}", cmd.exit_status)
-      end
-    end
-
-    def resource_id
-      if inspec.os.platform?("windows")
-        "ibmdb2_session:DatabaseName#{@db_name}"
-      else
-        "ibmdb2_session:DatabaseInstance:#{@db_instance}:DatabaseName#{@db_name}"
-      end
-    end
-
-    def to_s
-      "IBM Db2 Session"
-    end
-  end
-end