inspec-core 6.8.24 → 7.0.95

data/lib/inspec/resources/podman_pod.rb

@@ -1,101 +0,0 @@
-require "inspec/resources/command"
-require "inspec/utils/podman"
-
-module Inspec::Resources
-  class PodmanPod < Inspec.resource(1)
-    include Inspec::Utils::Podman
-
-    name "podman_pod"
-    supports platform: "unix"
-
-    desc "InSpec core resource to retrieve information about podman pod"
-
-    example <<~EXAMPLE
-      describe podman_pod("nginx-frontend") do
-        it { should exist }
-        its("id") { should eq "fcfe4d471cfface0d1b39bce23af7d31ab8736cd68c0360ade0b4afe364f79d4" }
-        its("name") { should eq "nginx-frontend" }
-        its("created_at") { should eq "2022-07-14T15:47:47.978078124+05:30" }
-        its("create_command") { should include "new:nginx-frontend" }
-        its("state") { should eq "Running" }
-        its("hostname") { should eq "" }
-        its("create_cgroup") { should eq true }
-        its("cgroup_parent") { should eq "user.slice" }
-        its("cgroup_path") { should eq "user.slice/user-libpod_pod_fcfe4d471cfface0d1b39bce23af7d31ab8736cd68c0360ade0b4afe364f79d4.slice" }
-        its("create_infra") { should eq true }
-        its("infra_container_id") { should eq "727538044b32a165934729dc2d47d9d5e981b6496aebfad7de470f7e76ea4251" }
-        its("infra_config") { should include "DNSOption" }
-        its("shared_namespaces") { should include "ipc" }
-        its("num_containers") { should eq 2 }
-        its("containers") { should_not be nil }
-      end
-
-      describe podman_pod("non-existing-pod") do
-        it { should_not exist }
-      end
-    EXAMPLE
-
-    attr_reader :pod_info, :pod_id
-
-    def initialize(pod_id)
-      skip_resource "The `podman_pod` resource is not yet available on your OS." unless inspec.os.unix?
-      raise Inspec::Exceptions::ResourceFailed, "Podman is not running. Please make sure it is installed and running." unless podman_running?
-
-      @pod_id = pod_id
-      @pod_info = get_pod_info
-    end
-
-    LABELS = {
-      "id" => "ID",
-      "name" => "Name",
-      "created_at" => "Created",
-      "create_command" => "CreateCommand",
-      "state" => "State",
-      "hostname" => "Hostname",
-      "create_cgroup" => "CreateCgroup",
-      "cgroup_parent" => "CgroupParent",
-      "cgroup_path" => "CgroupPath",
-      "create_infra" => "CreateInfra",
-      "infra_container_id" => "InfraContainerID",
-      "infra_config" => "InfraConfig",
-      "shared_namespaces" => "SharedNamespaces",
-      "num_containers" => "NumContainers",
-      "containers" => "Containers",
-    }.freeze
-
-    # This creates all the required properties methods dynamically.
-    LABELS.each do |k, _|
-      define_method(k) do
-        pod_info[k.to_s]
-      end
-    end
-
-    def exist?
-      !pod_info.empty?
-    end
-
-    def resource_id
-      pod_id
-    end
-
-    def to_s
-      "Podman Pod #{resource_id}"
-    end
-
-    private
-
-    def get_pod_info
-      json_key_label = generate_go_template(LABELS)
-
-      inspect_pod_cmd = inspec.command("podman pod inspect #{pod_id} --format '{#{json_key_label}}'")
-
-      if inspect_pod_cmd.exit_status == 0
-        parse_command_output(inspect_pod_cmd.stdout)
-      elsif inspect_pod_cmd.stderr =~ /no pod with name or ID/
-        {}
-      else
-        raise Inspec::Exceptions::ResourceFailed, "Unable to retrieve podman pod information for #{pod_id}.\nError message: #{inspect_pod_cmd.stderr}"
-      end
-    end
-  end
-end

data/lib/inspec/resources/podman_volume.rb

@@ -1,87 +0,0 @@
-require "inspec/resources/command"
-require "inspec/utils/podman"
-
-module Inspec::Resources
-  class PodmanVolume < Inspec.resource(1)
-    include Inspec::Utils::Podman
-
-    name "podman_volume"
-    supports platform: "unix"
-
-    desc "InSpec core resource to retrieve information about podman volume"
-
-    example <<~EXAMPLE
-      describe podman_volume("my_volume") do
-        it { should exist }
-        its("name") { should eq "my_volume" }
-        its("driver") { should eq "local" }
-        its("mountpoint") { should eq "/var/home/core/.local/share/containers/storage/volumes/my_volume/_data" }
-        its("created_at") { should eq "2022-07-14T13:21:19.965421792+05:30" }
-        its("labels") { should eq({}) }
-        its("scope") { should eq "local" }
-        its("options") { should eq({}) }
-        its("mount_count") { should eq 0 }
-        its("needs_copy_up") { should eq true }
-        its("needs_chown") { should eq true }
-      end
-    EXAMPLE
-
-    attr_reader :volume_info, :volume_name
-
-    def initialize(volume_name)
-      skip_resource "The `podman_volume` resource is not yet available on your OS." unless inspec.os.unix?
-      raise Inspec::Exceptions::ResourceFailed, "Podman is not running. Please make sure it is installed and running." unless podman_running?
-
-      @volume_name = volume_name
-      @volume_info = get_volume_info
-    end
-
-    LABELS = {
-      "name" => "Name",
-      "driver" => "Driver",
-      "mountpoint" => "Mountpoint",
-      "created_at" => "CreatedAt",
-      "labels" => "Labels",
-      "scope" => "Scope",
-      "options" => "Options",
-      "mount_count" => "MountCount",
-      "needs_copy_up" => "NeedsCopyUp",
-      "needs_chown" => "NeedsChown",
-    }.freeze
-
-    # This creates all the required properties methods dynamically.
-    LABELS.each do |k, _|
-      define_method(k) do
-        volume_info[k.to_s]
-      end
-    end
-
-    def exist?
-      !volume_info.empty?
-    end
-
-    def resource_id
-      volume_name
-    end
-
-    def to_s
-      "podman_volume #{resource_id}"
-    end
-
-    private
-
-    def get_volume_info
-      json_key_label = generate_go_template(LABELS)
-
-      inspect_volume_cmd = inspec.command("podman volume inspect #{volume_name} --format '{#{json_key_label}}'")
-
-      if inspect_volume_cmd.exit_status == 0
-        parse_command_output(inspect_volume_cmd.stdout)
-      elsif inspect_volume_cmd.stderr =~ /inspecting object: no such/
-        {}
-      else
-        raise Inspec::Exceptions::ResourceFailed, "Unable to retrieve podman volume information for #{volume_name}.\nError message: #{inspect_volume_cmd.stderr}"
-      end
-    end
-  end
-end

data/lib/inspec/resources/rabbitmq_conf.rb

@@ -1,2 +0,0 @@
-# This is just here to make the dynamic loader happy.
-require "inspec/resources/rabbitmq_config"

data/lib/inspec/resources/rabbitmq_config.rb

@@ -1,56 +0,0 @@
-require "inspec/utils/erlang_parser"
-require "inspec/utils/file_reader"
-
-module Inspec::Resources
-  class RabbitmqConfig < Inspec.resource(1)
-    name "rabbitmq_conf" # TODO: this is an alias. do we want this?
-    name "rabbitmq_config"
-    supports platform: "unix"
-    desc "Use the rabbitmq_config InSpec resource to test configuration data "\
-         "for the RabbitMQ service located in /etc/rabbitmq/rabbitmq.config on "\
-         "Linux and UNIX platforms."
-    example <<~EXAMPLE
-      describe rabbitmq_config.params('rabbit', 'ssl_listeners') do
-        it { should cmp 5671 }
-      end
-    EXAMPLE
-
-    include FileReader
-
-    def initialize(conf_path = nil)
-      @conf_path = conf_path || "/etc/rabbitmq/rabbitmq.config"
-      @content = read_file_content(@conf_path, allow_empty: true)
-    end
-
-    def params(*opts)
-      opts.inject(read_params) do |res, nxt|
-        res.respond_to?(:key) ? res[nxt] : nil
-      end
-    end
-
-    def to_s
-      "rabbitmq_config #{@conf_path}"
-    end
-
-    def resource_id
-      @conf_path
-    end
-
-    private
-
-    def read_content
-      return @content if defined?(@content)
-
-      @content = read_file_content(@conf_path, allow_empty: true)
-    end
-
-    def read_params
-      return @params if defined?(@params)
-      return @params = {} if read_content.nil?
-
-      @params = ErlangConfigFile.parse(read_content)
-    rescue Parslet::ParseFailed
-      raise "Cannot parse RabbitMQ config: \"#{read_content}\""
-    end
-  end
-end

data/lib/inspec/resources/sybase_conf.rb

@@ -1,41 +0,0 @@
-require "inspec/resources/sybase_session"
-
-module Inspec::Resources
-  class SybaseConf < Inspec.resource(1)
-    name "sybase_conf"
-    supports platform: "unix"
-    # supports platform: "windows" # TODO
-    desc "Use the sybase_conf InSpec resource to test Sybase config settings"
-    example <<~EXAMPLE
-      describe sybase_conf("max memory", password: 'password', server: 'SYBASE') do
-        its("run_value") { should cmp 180224 }
-      end
-    EXAMPLE
-
-    attr_reader :conf_param, :sql_query
-    def initialize(conf_param_name, opts = {})
-      @conf_param = conf_param_name
-      opts[:username] ||= "sa"
-      opts[:database] ||= "master"
-      sql_session = inspec.sybase_session(opts)
-      @sql_query = sql_session.query("sp_configure \"#{conf_param}\"")
-    end
-
-    def run_value
-      sql_query.row(0).column("Run Value").value
-    end
-
-    def config_value
-      sql_query.row(0).column("Config Value").value
-    end
-
-    def resource_id
-      conf_param || "Sybase config settings"
-    end
-
-    def to_s
-      "Sybase Conf #{conf_param}"
-    end
-
-  end
-end

data/lib/inspec/resources/sybase_session.rb

@@ -1,124 +0,0 @@
-require "inspec/resources/command"
-require "inspec/utils/database_helpers"
-require "hashie/mash"
-require "csv" unless defined?(CSV)
-require "tempfile" unless defined?(Tempfile)
-
-module Inspec::Resources
-  # STABILITY: Experimental
-  # This resource needs further testing and refinement
-  #
-  class SybaseSession < Inspec.resource(1)
-    name "sybase_session"
-    supports platform: "unix"
-    # supports platform: "windows" # TODO
-    desc "Use the sybase_session InSpec resource to test commands against an Sybase database"
-    example <<~EXAMPLE
-      sql = sybase_session(username: 'my_user', password: 'password', server: 'SYBASE', database: 'pubs2')
-      describe sql.query(\"SELECT * FROM authors\").row(0).column('au_lname') do
-        its('value') { should eq 'Smith' }
-      end
-    EXAMPLE
-
-    # TODO: allow to set -I interfaces file
-    # TODO: allow to customize -s column separator
-    attr_reader :bin, :col_sep, :database, :password, :server, :sybase_home, :username
-
-    def initialize(opts = {})
-      @username = opts[:username]
-      @password = opts[:password]
-      @database = opts[:database]
-      @server = opts[:server]
-      @sybase_home = opts[:sybase_home] || "/opt/sap"
-      @bin = opts[:bin] || "isql"
-      @col_sep = "|"
-
-      fail_resource "Can't run Sybase checks without authentication" unless username && password
-      fail_resource "You must provide a server name for the session" unless server
-      fail_resource "You must provide a database name for the session" unless database
-      fail_resource "Cannot find #{bin} CLI tool" unless inspec.command(bin).exist?
-    end
-
-    def query(sql)
-      # We must write the SQl to a temp file on the remote target
-      # try to get a temp path
-      sql_file_path = upload_sql_file(sql)
-
-      # TODO: Find if there is better way to get the current shell
-      current_shell = inspec.command("echo $SHELL")
-
-      res = current_shell.exit_status
-
-      # isql reuires that we have a matching locale set, but does not support C.UTF-8. en_US.UTF-8 is the least evil.
-      if res == 0 && ( current_shell.stdout&.include?("/csh") || current_shell.stdout&.include?("/tcsh") )
-        command = "source #{sybase_home}/SYBASE.csh; setenv LANG en_US.UTF-8; #{bin} -s\"#{col_sep}\" -w80000 -S #{server} -U #{username} -D #{database} -P \"#{password}\" < #{sql_file_path}"
-      else
-        command = "LANG=en_US.UTF-8 SYBASE=#{sybase_home} #{bin} -s\"#{col_sep}\" -w80000 -S #{server} -U #{username} -D #{database} -P \"#{password}\" < #{sql_file_path}"
-      end
-
-      isql_cmd = inspec.command(command)
-      # Check for isql errors
-      res = isql_cmd.exit_status
-      raise Inspec::Exceptions::ResourceFailed.new("isql exited with code #{res} and stderr '#{isql_cmd.stderr}', stdout '#{isql_cmd.stdout}'") unless res == 0
-      # isql is ill-behaved, and returns 0 on error
-      raise Inspec::Exceptions::ResourceFailed.new("isql exited with error '#{isql_cmd.stderr}', stdout '#{isql_cmd.stdout}'") unless isql_cmd.stderr == ""
-      # check stdout for error messages when stderr is empty "Msg 102, Level 15, State 181:\nServer 'SYBASE', Line 1:\nIncorrect syntax near '.'.\n"
-      raise Inspec::Exceptions::ResourceFailed.new("isql exited with error #{isql_cmd.stdout}") if isql_cmd.stdout.match?(/Msg\s\d+,\sLevel\s\d+,\sState\s\d+/)
-
-      # Clean up temporary file
-      rm_cmd = inspec.command("rm #{sql_file_path}")
-      res = rm_cmd.exit_status # TODO: handle
-      raise Inspec::Exceptions::ResourceFailed.new("Unable to delete temproary SQL input file at #{sql_file_path}: #{rm_cmd.stderr}") unless res == 0
-
-      DatabaseHelper::SQLQueryResult.new(isql_cmd, parse_csv_result(isql_cmd.stdout))
-    end
-
-    def resource_id
-      @database || "Sybase Session"
-    end
-
-    def to_s
-      "Sybase Session"
-    end
-
-    private
-
-    def parse_csv_result(stdout)
-      output = stdout.gsub(/\r/, "").strip
-      lines = output.lines
-      # Remove second row (all dashes) and last 2 rows (blank and summary lines)
-      trimmed_output = ([lines[0]] << lines.slice(2..-3)).join("")
-      header_converter = Proc.new do |header|
-        # This is here to suppress a warning from Hashie::Mash when it encounters a
-        # header column that ends up with the name "default", which happens when using the
-        # sybase_conf resource. It does mean that aly query whose output field includes the name
-        # Default (exactly) will get renamed to default_value, but that seems unlikely.
-        if header.match?(/^Default\s+$/)
-          "default_value"
-        else
-          header.downcase.strip
-        end
-      end
-      field_converter = ->(field) { field&.strip }
-      CSV.parse(trimmed_output, headers: true, header_converters: header_converter, converters: field_converter, col_sep: col_sep).map { |row| Hashie::Mash.new(row.to_h) }
-    end
-
-    def upload_sql_file(sql)
-      remote_temp_dir = "/tmp"
-      remote_file_path = nil
-      local_temp_file = Tempfile.new(["sybase", ".sql"])
-      begin
-        local_temp_file.write("#{sql}\n")
-        local_temp_file.write("go\n")
-        local_temp_file.flush
-        filename = File.basename(local_temp_file.path)
-        remote_file_path = "#{remote_temp_dir}/#{filename}"
-        inspec.backend.upload([local_temp_file.path], remote_temp_dir)
-      ensure
-        local_temp_file.close
-        local_temp_file.unlink
-      end
-      remote_file_path
-    end
-  end
-end

data/lib/inspec/utils/podman.rb

@@ -1,24 +0,0 @@
-require "inspec/resources/command"
-
-module Inspec
-  module Utils
-    module Podman
-      def podman_running?
-        inspec.command("podman version").exit_status == 0
-      end
-
-      # Generates the template in this format using labels hash: "\"id\": {{json .ID}}, \"name\": {{json .Name}}",
-      def generate_go_template(labels)
-        (labels.map { |k, v| "\"#{k}\": {{json .#{v}}}" }).join(", ")
-      end
-
-      def parse_command_output(output)
-        require "json" unless defined?(JSON)
-        JSON.parse(output)
-      rescue JSON::ParserError => _e
-        warn "Could not parse the command output"
-        {}
-      end
-    end
-  end
-end