inspec-core 2.3.10 → 2.3.23
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +34 -13
- data/etc/plugin_filters.json +25 -0
- data/inspec-core.gemspec +1 -1
- data/lib/bundles/inspec-compliance/api.rb +3 -0
- data/lib/bundles/inspec-compliance/configuration.rb +3 -0
- data/lib/bundles/inspec-compliance/http.rb +3 -0
- data/lib/bundles/inspec-compliance/support.rb +3 -0
- data/lib/bundles/inspec-compliance/target.rb +3 -0
- data/lib/inspec/objects/attribute.rb +3 -0
- data/lib/inspec/plugin/v2.rb +3 -0
- data/lib/inspec/plugin/v2/filter.rb +62 -0
- data/lib/inspec/plugin/v2/installer.rb +21 -1
- data/lib/inspec/plugin/v2/loader.rb +4 -0
- data/lib/inspec/profile.rb +3 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +25 -3
- data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +65 -11
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +5 -1
- data/lib/resources/package.rb +1 -1
- metadata +4 -197
- data/docs/.gitignore +0 -2
- data/docs/README.md +0 -41
- data/docs/dev/control-eval.md +0 -62
- data/docs/dev/filtertable-internals.md +0 -353
- data/docs/dev/filtertable-usage.md +0 -533
- data/docs/dev/integration-testing.md +0 -31
- data/docs/dev/plugins.md +0 -323
- data/docs/dsl_inspec.md +0 -354
- data/docs/dsl_resource.md +0 -100
- data/docs/glossary.md +0 -381
- data/docs/habitat.md +0 -193
- data/docs/inspec_and_friends.md +0 -114
- data/docs/matchers.md +0 -161
- data/docs/migration.md +0 -293
- data/docs/platforms.md +0 -119
- data/docs/plugin_kitchen_inspec.md +0 -60
- data/docs/plugins.md +0 -57
- data/docs/profiles.md +0 -576
- data/docs/reporters.md +0 -170
- data/docs/resources/aide_conf.md.erb +0 -86
- data/docs/resources/apache.md.erb +0 -77
- data/docs/resources/apache_conf.md.erb +0 -78
- data/docs/resources/apt.md.erb +0 -81
- data/docs/resources/audit_policy.md.erb +0 -57
- data/docs/resources/auditd.md.erb +0 -89
- data/docs/resources/auditd_conf.md.erb +0 -78
- data/docs/resources/bash.md.erb +0 -85
- data/docs/resources/bond.md.erb +0 -100
- data/docs/resources/bridge.md.erb +0 -67
- data/docs/resources/bsd_service.md.erb +0 -77
- data/docs/resources/chocolatey_package.md.erb +0 -68
- data/docs/resources/command.md.erb +0 -176
- data/docs/resources/cpan.md.erb +0 -89
- data/docs/resources/cran.md.erb +0 -74
- data/docs/resources/crontab.md.erb +0 -103
- data/docs/resources/csv.md.erb +0 -64
- data/docs/resources/dh_params.md.erb +0 -221
- data/docs/resources/directory.md.erb +0 -40
- data/docs/resources/docker.md.erb +0 -240
- data/docs/resources/docker_container.md.erb +0 -113
- data/docs/resources/docker_image.md.erb +0 -104
- data/docs/resources/docker_plugin.md.erb +0 -80
- data/docs/resources/docker_service.md.erb +0 -124
- data/docs/resources/elasticsearch.md.erb +0 -252
- data/docs/resources/etc_fstab.md.erb +0 -135
- data/docs/resources/etc_group.md.erb +0 -85
- data/docs/resources/etc_hosts.md.erb +0 -88
- data/docs/resources/etc_hosts_allow.md.erb +0 -84
- data/docs/resources/etc_hosts_deny.md.erb +0 -84
- data/docs/resources/file.md.erb +0 -543
- data/docs/resources/filesystem.md.erb +0 -51
- data/docs/resources/firewalld.md.erb +0 -117
- data/docs/resources/gem.md.erb +0 -108
- data/docs/resources/group.md.erb +0 -71
- data/docs/resources/grub_conf.md.erb +0 -111
- data/docs/resources/host.md.erb +0 -96
- data/docs/resources/http.md.erb +0 -207
- data/docs/resources/iis_app.md.erb +0 -132
- data/docs/resources/iis_site.md.erb +0 -145
- data/docs/resources/inetd_conf.md.erb +0 -104
- data/docs/resources/ini.md.erb +0 -86
- data/docs/resources/interface.md.erb +0 -68
- data/docs/resources/iptables.md.erb +0 -74
- data/docs/resources/json.md.erb +0 -73
- data/docs/resources/kernel_module.md.erb +0 -130
- data/docs/resources/kernel_parameter.md.erb +0 -63
- data/docs/resources/key_rsa.md.erb +0 -95
- data/docs/resources/launchd_service.md.erb +0 -67
- data/docs/resources/limits_conf.md.erb +0 -85
- data/docs/resources/login_defs.md.erb +0 -81
- data/docs/resources/mount.md.erb +0 -79
- data/docs/resources/mssql_session.md.erb +0 -78
- data/docs/resources/mysql_conf.md.erb +0 -109
- data/docs/resources/mysql_session.md.erb +0 -84
- data/docs/resources/nginx.md.erb +0 -89
- data/docs/resources/nginx_conf.md.erb +0 -148
- data/docs/resources/npm.md.erb +0 -78
- data/docs/resources/ntp_conf.md.erb +0 -70
- data/docs/resources/oneget.md.erb +0 -63
- data/docs/resources/oracledb_session.md.erb +0 -103
- data/docs/resources/os.md.erb +0 -153
- data/docs/resources/os_env.md.erb +0 -101
- data/docs/resources/package.md.erb +0 -130
- data/docs/resources/packages.md.erb +0 -77
- data/docs/resources/parse_config.md.erb +0 -113
- data/docs/resources/parse_config_file.md.erb +0 -148
- data/docs/resources/passwd.md.erb +0 -151
- data/docs/resources/pip.md.erb +0 -77
- data/docs/resources/port.md.erb +0 -147
- data/docs/resources/postgres_conf.md.erb +0 -89
- data/docs/resources/postgres_hba_conf.md.erb +0 -103
- data/docs/resources/postgres_ident_conf.md.erb +0 -86
- data/docs/resources/postgres_session.md.erb +0 -79
- data/docs/resources/powershell.md.erb +0 -112
- data/docs/resources/processes.md.erb +0 -119
- data/docs/resources/rabbitmq_config.md.erb +0 -51
- data/docs/resources/registry_key.md.erb +0 -197
- data/docs/resources/runit_service.md.erb +0 -67
- data/docs/resources/security_policy.md.erb +0 -57
- data/docs/resources/service.md.erb +0 -131
- data/docs/resources/shadow.md.erb +0 -267
- data/docs/resources/ssh_config.md.erb +0 -83
- data/docs/resources/sshd_config.md.erb +0 -93
- data/docs/resources/ssl.md.erb +0 -129
- data/docs/resources/sys_info.md.erb +0 -52
- data/docs/resources/systemd_service.md.erb +0 -67
- data/docs/resources/sysv_service.md.erb +0 -67
- data/docs/resources/upstart_service.md.erb +0 -67
- data/docs/resources/user.md.erb +0 -150
- data/docs/resources/users.md.erb +0 -137
- data/docs/resources/vbscript.md.erb +0 -65
- data/docs/resources/virtualization.md.erb +0 -67
- data/docs/resources/windows_feature.md.erb +0 -69
- data/docs/resources/windows_hotfix.md.erb +0 -63
- data/docs/resources/windows_task.md.erb +0 -95
- data/docs/resources/wmi.md.erb +0 -91
- data/docs/resources/x509_certificate.md.erb +0 -161
- data/docs/resources/xinetd_conf.md.erb +0 -166
- data/docs/resources/xml.md.erb +0 -95
- data/docs/resources/yaml.md.erb +0 -79
- data/docs/resources/yum.md.erb +0 -108
- data/docs/resources/zfs_dataset.md.erb +0 -63
- data/docs/resources/zfs_pool.md.erb +0 -57
- data/docs/shared/matcher_be.md.erb +0 -1
- data/docs/shared/matcher_cmp.md.erb +0 -43
- data/docs/shared/matcher_eq.md.erb +0 -3
- data/docs/shared/matcher_include.md.erb +0 -1
- data/docs/shared/matcher_match.md.erb +0 -1
- data/docs/shell.md +0 -217
- data/docs/style.md +0 -178
- data/examples/README.md +0 -8
- data/examples/custom-resource/README.md +0 -3
- data/examples/custom-resource/controls/example.rb +0 -7
- data/examples/custom-resource/inspec.yml +0 -8
- data/examples/custom-resource/libraries/batsignal.rb +0 -20
- data/examples/custom-resource/libraries/gordon.rb +0 -21
- data/examples/inheritance/README.md +0 -65
- data/examples/inheritance/controls/example.rb +0 -14
- data/examples/inheritance/inspec.yml +0 -16
- data/examples/kitchen-ansible/.kitchen.yml +0 -25
- data/examples/kitchen-ansible/Gemfile +0 -19
- data/examples/kitchen-ansible/README.md +0 -53
- data/examples/kitchen-ansible/files/nginx.repo +0 -6
- data/examples/kitchen-ansible/tasks/main.yml +0 -16
- data/examples/kitchen-ansible/test/integration/default/default.yml +0 -5
- data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -28
- data/examples/kitchen-chef/.kitchen.yml +0 -20
- data/examples/kitchen-chef/Berksfile +0 -3
- data/examples/kitchen-chef/Gemfile +0 -19
- data/examples/kitchen-chef/README.md +0 -27
- data/examples/kitchen-chef/metadata.rb +0 -7
- data/examples/kitchen-chef/recipes/default.rb +0 -6
- data/examples/kitchen-chef/recipes/nginx.rb +0 -30
- data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -28
- data/examples/kitchen-puppet/.kitchen.yml +0 -23
- data/examples/kitchen-puppet/Gemfile +0 -20
- data/examples/kitchen-puppet/Puppetfile +0 -25
- data/examples/kitchen-puppet/README.md +0 -53
- data/examples/kitchen-puppet/manifests/site.pp +0 -33
- data/examples/kitchen-puppet/metadata.json +0 -11
- data/examples/kitchen-puppet/modules/.gitkeep +0 -0
- data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -28
- data/examples/meta-profile/README.md +0 -37
- data/examples/meta-profile/controls/example.rb +0 -13
- data/examples/meta-profile/inspec.yml +0 -13
- data/examples/plugins/inspec-resource-lister/Gemfile +0 -12
- data/examples/plugins/inspec-resource-lister/LICENSE +0 -13
- data/examples/plugins/inspec-resource-lister/README.md +0 -62
- data/examples/plugins/inspec-resource-lister/Rakefile +0 -40
- data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +0 -45
- data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +0 -16
- data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +0 -70
- data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +0 -55
- data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +0 -10
- data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +0 -24
- data/examples/plugins/inspec-resource-lister/test/functional/README.md +0 -18
- data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +0 -110
- data/examples/plugins/inspec-resource-lister/test/helper.rb +0 -26
- data/examples/plugins/inspec-resource-lister/test/unit/README.md +0 -17
- data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +0 -64
- data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +0 -51
- data/examples/profile-attribute.yml +0 -2
- data/examples/profile-attribute/README.md +0 -14
- data/examples/profile-attribute/controls/example.rb +0 -11
- data/examples/profile-attribute/inspec.yml +0 -8
- data/examples/profile-sensitive/README.md +0 -29
- data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -9
- data/examples/profile-sensitive/controls/sensitive.rb +0 -9
- data/examples/profile-sensitive/inspec.yml +0 -8
- data/examples/profile/README.md +0 -48
- data/examples/profile/controls/example.rb +0 -24
- data/examples/profile/controls/gordon.rb +0 -36
- data/examples/profile/controls/meta.rb +0 -36
- data/examples/profile/inspec.yml +0 -11
- data/examples/profile/libraries/gordon_config.rb +0 -59
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 17c51957624df054318ca580aa5c5b8819779b6a8e908a8733d3ebaa8de324d4
|
4
|
+
data.tar.gz: 35923b58619c9ea189a3f41a10726c701bf149e3bbc85fe149c610625832725d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 39ba1aafa5dbf29b15577093145d5fc3a1385aefa588369d8e08c28af1750c8a5182cf86e093e705b177b28ee8d97dcc9905563f8c1ee5f3ecc128be8a26b6ce
|
7
|
+
data.tar.gz: 1b0f13cf9321e3ab9fcd692b41268422f2a9fd954510a853e2b27468453c67cae78ac4885e37f8d0819aac970b1d10560c2ca17d4d3950cd47d2c30e3aa7a71f
|
data/CHANGELOG.md
CHANGED
@@ -1,33 +1,54 @@
|
|
1
1
|
# Change Log
|
2
2
|
<!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
|
3
|
-
<!-- latest_release 2.3.
|
4
|
-
## [v2.3.
|
3
|
+
<!-- latest_release 2.3.23 -->
|
4
|
+
## [v2.3.23](https://github.com/inspec/inspec/tree/v2.3.23) (2018-10-12)
|
5
5
|
|
6
|
-
####
|
7
|
-
-
|
6
|
+
#### Merged Pull Requests
|
7
|
+
- Fix plugin issues on omni builds [#3499](https://github.com/inspec/inspec/pull/3499) ([jquick](https://github.com/jquick))
|
8
8
|
<!-- latest_release -->
|
9
9
|
|
10
|
-
<!-- release_rollup since=2.3.
|
11
|
-
### Changes since 2.3.
|
10
|
+
<!-- release_rollup since=2.3.10 -->
|
11
|
+
### Changes since 2.3.10 release
|
12
|
+
|
13
|
+
#### Enhancements
|
14
|
+
- Plugins: Filter Plugins During Search and Install [#3458](https://github.com/inspec/inspec/pull/3458) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 2.3.20 -->
|
12
15
|
|
13
16
|
#### Bug Fixes
|
14
|
-
-
|
17
|
+
- Backport compliance namespace and add testing for A2 audit report. [#3493](https://github.com/inspec/inspec/pull/3493) ([jquick](https://github.com/jquick)) <!-- 2.3.21 -->
|
18
|
+
- Fix error on empty attributes yaml [#3485](https://github.com/inspec/inspec/pull/3485) ([jquick](https://github.com/jquick)) <!-- 2.3.19 -->
|
19
|
+
- small fix - update to AlpinePkg Class [#3483](https://github.com/inspec/inspec/pull/3483) ([aaronlippold](https://github.com/aaronlippold)) <!-- 2.3.16 -->
|
15
20
|
|
16
21
|
#### Merged Pull Requests
|
17
|
-
- Fix
|
22
|
+
- Fix plugin issues on omni builds [#3499](https://github.com/inspec/inspec/pull/3499) ([jquick](https://github.com/jquick)) <!-- 2.3.23 -->
|
23
|
+
- Set a static node GUID for travis runs [#3497](https://github.com/inspec/inspec/pull/3497) ([jquick](https://github.com/jquick)) <!-- 2.3.22 -->
|
24
|
+
- docs: Add version to multiple descriptions doc [#3477](https://github.com/inspec/inspec/pull/3477) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.3.18 -->
|
25
|
+
- Skip running appveyor on docs and examples [#3474](https://github.com/inspec/inspec/pull/3474) ([btm](https://github.com/btm)) <!-- 2.3.17 -->
|
26
|
+
- Remove 'demo' from website. [#3475](https://github.com/inspec/inspec/pull/3475) ([miah](https://github.com/miah)) <!-- 2.3.15 -->
|
27
|
+
- Enable compression for deb/rpm packages [#3472](https://github.com/inspec/inspec/pull/3472) ([tas50](https://github.com/tas50)) <!-- 2.3.14 -->
|
28
|
+
- Fix Packages Resource Docs [#3469](https://github.com/inspec/inspec/pull/3469) ([pwelch](https://github.com/pwelch)) <!-- 2.3.13 -->
|
29
|
+
- Exclude docs and examples from the gem [#3471](https://github.com/inspec/inspec/pull/3471) ([tas50](https://github.com/tas50)) <!-- 2.3.12 -->
|
30
|
+
- Fix archive with required attributes [#3468](https://github.com/inspec/inspec/pull/3468) ([jquick](https://github.com/jquick)) <!-- 2.3.11 -->
|
31
|
+
<!-- release_rollup -->
|
32
|
+
|
33
|
+
<!-- latest_stable_release -->
|
34
|
+
## [v2.3.10](https://github.com/inspec/inspec/tree/v2.3.10) (2018-10-04)
|
18
35
|
|
19
36
|
#### Enhancements
|
20
|
-
-
|
21
|
-
- Support finding larger processes on Busybox [#3446](https://github.com/inspec/inspec/pull/3446) ([RoboticCheese](https://github.com/RoboticCheese))
|
22
|
-
-
|
23
|
-
|
37
|
+
- Modify `cmp` matcher output to use `.inspect` [#3450](https://github.com/inspec/inspec/pull/3450) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
38
|
+
- Support finding larger processes on Busybox [#3446](https://github.com/inspec/inspec/pull/3446) ([RoboticCheese](https://github.com/RoboticCheese))
|
39
|
+
- Move compliance to v2 plugin [#3423](https://github.com/inspec/inspec/pull/3423) ([jquick](https://github.com/jquick))
|
40
|
+
|
41
|
+
#### Bug Fixes
|
42
|
+
- Fix distinct_exit cli desc to reflect reality [#3463](https://github.com/inspec/inspec/pull/3463) ([teknofire](https://github.com/teknofire))
|
24
43
|
|
44
|
+
#### Merged Pull Requests
|
45
|
+
- Fix `attribute` with empty hash regression [#3454](https://github.com/inspec/inspec/pull/3454) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
|
25
46
|
<!-- latest_stable_release -->
|
47
|
+
|
26
48
|
## [v2.3.5](https://github.com/inspec/inspec/tree/v2.3.5) (2018-10-01)
|
27
49
|
|
28
50
|
#### Bug Fixes
|
29
51
|
- Update plugin gem install code [#3453](https://github.com/inspec/inspec/pull/3453) ([jquick](https://github.com/jquick))
|
30
|
-
<!-- latest_stable_release -->
|
31
52
|
|
32
53
|
## [v2.3.4](https://github.com/inspec/inspec/tree/v2.3.4) (2018-09-28)
|
33
54
|
|
@@ -0,0 +1,25 @@
|
|
1
|
+
{
|
2
|
+
"file_version": "1.0.0",
|
3
|
+
"exclude": [
|
4
|
+
{
|
5
|
+
"plugin_name": "inspec-core",
|
6
|
+
"rationale": "This gem is a stripped-down alternate packaging of InSpec. It is not a plugin."
|
7
|
+
},
|
8
|
+
{
|
9
|
+
"plugin_name": "inspec-multi-server",
|
10
|
+
"rationale": "This gem is a script that attempts to drive a parallel execution of InSpec by wrapping and forking. It is not a plugin."
|
11
|
+
},
|
12
|
+
{
|
13
|
+
"plugin_name": "train-tax-calculator",
|
14
|
+
"rationale": "This gem is a tax calculation tool for the Philippines. It has nothing to do the Chef Train remote execution framework, or the InSpec project."
|
15
|
+
},
|
16
|
+
{
|
17
|
+
"plugin_name": "inspec-plugin-example",
|
18
|
+
"rationale": "This gem is an early self-taught example of a v1 plugin. Please use inspec-resource-lister as an example for PluginV2 development."
|
19
|
+
},
|
20
|
+
{
|
21
|
+
"plugin_name": "train-core",
|
22
|
+
"rationale": "This gem is a stripped-down alternate packaging of Train. It is not a plugin."
|
23
|
+
}
|
24
|
+
]
|
25
|
+
}
|
data/inspec-core.gemspec
CHANGED
@@ -14,7 +14,7 @@ Gem::Specification.new do |spec|
|
|
14
14
|
|
15
15
|
spec.files = %w{README.md MAINTAINERS.toml MAINTAINERS.md LICENSE
|
16
16
|
inspec-core.gemspec Gemfile CHANGELOG.md} +
|
17
|
-
Dir.glob('{bin,
|
17
|
+
Dir.glob('{bin,lib,etc}/**/*', File::FNM_DOTMATCH)
|
18
18
|
.reject { |f| File.directory?(f) || f =~ /aws|azure|gcp/ }
|
19
19
|
|
20
20
|
spec.executables = %w{inspec}
|
@@ -89,6 +89,9 @@ module Inspec
|
|
89
89
|
private
|
90
90
|
|
91
91
|
def validate_required(value)
|
92
|
+
# skip if we are not doing an exec call (archive/vendor/check)
|
93
|
+
return unless Inspec::BaseCLI.inspec_cli_command == :exec
|
94
|
+
|
92
95
|
# value will be set already if a secrets file was passed in
|
93
96
|
if (!@opts.key?(:default) && value.nil?) || (@opts[:default].nil? && value.nil?)
|
94
97
|
error = Inspec::Attribute::RequiredError.new
|
data/lib/inspec/plugin/v2.rb
CHANGED
@@ -11,6 +11,9 @@ module Inspec
|
|
11
11
|
attr_accessor :version
|
12
12
|
end
|
13
13
|
class InstallError < Inspec::Plugin::V2::GemActionError; end
|
14
|
+
class PluginExcludedError < Inspec::Plugin::V2::InstallError
|
15
|
+
attr_accessor :details
|
16
|
+
end
|
14
17
|
class UpdateError < Inspec::Plugin::V2::GemActionError
|
15
18
|
attr_accessor :from_version, :to_version
|
16
19
|
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
require 'singleton'
|
2
|
+
require 'json'
|
3
|
+
require 'inspec/globals'
|
4
|
+
|
5
|
+
module Inspec::Plugin::V2
|
6
|
+
Exclusion = Struct.new(:plugin_name, :rationale)
|
7
|
+
|
8
|
+
class PluginFilter
|
9
|
+
include Singleton
|
10
|
+
def initialize
|
11
|
+
read_filter_data
|
12
|
+
end
|
13
|
+
|
14
|
+
def self.exclude?(plugin_name)
|
15
|
+
instance.exclude?(plugin_name)
|
16
|
+
end
|
17
|
+
|
18
|
+
def exclude?(plugin_name)
|
19
|
+
# Currently, logic is very simple: is there an exact match?
|
20
|
+
# In the future, we might add regexes on names, or exclude version ranges
|
21
|
+
return false unless @filter_data[:exclude].detect { |e| e.plugin_name == plugin_name }
|
22
|
+
|
23
|
+
# OK, return entire data structure.
|
24
|
+
@filter_data[:exclude].detect { |e| e.plugin_name == plugin_name }
|
25
|
+
end
|
26
|
+
|
27
|
+
private
|
28
|
+
|
29
|
+
def read_filter_data
|
30
|
+
path = File.join(Inspec.src_root, 'etc', 'plugin_filters.json')
|
31
|
+
@filter_data = JSON.parse(File.read(path))
|
32
|
+
|
33
|
+
unless @filter_data['file_version'] == '1.0.0'
|
34
|
+
raise Inspec::Plugin::V2::ConfigError, "Unknown plugin fillter file format at #{path}"
|
35
|
+
end
|
36
|
+
|
37
|
+
validate_plugin_filter_file('1.0.0')
|
38
|
+
|
39
|
+
@filter_data[:exclude] = @filter_data['exclude'].map do |entry|
|
40
|
+
Exclusion.new(entry['plugin_name'], entry['rationale'])
|
41
|
+
end
|
42
|
+
@filter_data.delete('exclude')
|
43
|
+
end
|
44
|
+
|
45
|
+
def validate_plugin_filter_file(_file_version)
|
46
|
+
unless @filter_data.key?('exclude') && @filter_data['exclude'].is_a?(Array)
|
47
|
+
raise Inspec::Plugin::V2::ConfigError, 'Unknown plugin fillter file format: expected "exclude" to be an array'
|
48
|
+
end
|
49
|
+
@filter_data['exclude'].each_with_index do |entry, idx|
|
50
|
+
unless entry.is_a? Hash
|
51
|
+
raise Inspec::Plugin::V2::ConfigError, "Unknown plugin fillter file format: expected entry #{idx} to be a Hash / JS Object"
|
52
|
+
end
|
53
|
+
unless entry.key?('plugin_name')
|
54
|
+
raise Inspec::Plugin::V2::ConfigError, "Unknown plugin fillter file format: expected entry #{idx} to have a \"plugin_name\" field"
|
55
|
+
end
|
56
|
+
unless entry.key?('rationale')
|
57
|
+
raise Inspec::Plugin::V2::ConfigError, "Unknown plugin fillter file format: expected entry #{idx} to have a \"rationale\" field"
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
@@ -9,6 +9,8 @@ require 'rubygems/package'
|
|
9
9
|
require 'rubygems/name_tuple'
|
10
10
|
require 'rubygems/uninstaller'
|
11
11
|
|
12
|
+
require 'inspec/plugin/v2/filter'
|
13
|
+
|
12
14
|
module Inspec::Plugin::V2
|
13
15
|
# Handles all actions modifying the user's plugin set:
|
14
16
|
# * Modifying the plugins.json file
|
@@ -127,7 +129,7 @@ module Inspec::Plugin::V2
|
|
127
129
|
else
|
128
130
|
regex = Regexp.new('^' + plugin_query + '.*')
|
129
131
|
matched_tuples = fetcher.detect(opts[:scope]) do |tuple|
|
130
|
-
tuple.name
|
132
|
+
tuple.name =~ regex && !Inspec::Plugin::V2::PluginFilter.exclude?(tuple.name)
|
131
133
|
end
|
132
134
|
end
|
133
135
|
|
@@ -193,6 +195,13 @@ module Inspec::Plugin::V2
|
|
193
195
|
raise InstallError, "#{plugin_name} is already installed. Use 'inspec plugin update' to change version."
|
194
196
|
end
|
195
197
|
end
|
198
|
+
|
199
|
+
reason = Inspec::Plugin::V2::PluginFilter.exclude?(plugin_name)
|
200
|
+
if reason
|
201
|
+
ex = PluginExcludedError.new("Refusing to install #{plugin_name}. It is on the Plugin Exclusion List. Rationale: #{reason.rationale}")
|
202
|
+
ex.details = reason
|
203
|
+
raise ex
|
204
|
+
end
|
196
205
|
end
|
197
206
|
# rubocop: enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize
|
198
207
|
|
@@ -386,10 +395,21 @@ module Inspec::Plugin::V2
|
|
386
395
|
class InstalledVendorSet < Gem::Resolver::VendorSet
|
387
396
|
def initialize
|
388
397
|
super
|
398
|
+
|
389
399
|
Gem::Specification.find_all do |spec|
|
390
400
|
@specs[spec.name] = spec
|
391
401
|
@directories[spec] = spec.gem_dir
|
392
402
|
end
|
403
|
+
|
404
|
+
if !defined?(::Bundler)
|
405
|
+
directories = Gem::Specification.dirs.find_all do |path|
|
406
|
+
!path.start_with?(Gem.user_dir)
|
407
|
+
end
|
408
|
+
Gem::Specification.each_spec(directories) do |spec|
|
409
|
+
@specs[spec.name] = spec
|
410
|
+
@directories[spec] = spec.gem_dir
|
411
|
+
end
|
412
|
+
end
|
393
413
|
end
|
394
414
|
end
|
395
415
|
|
@@ -31,6 +31,10 @@ module Inspec::Plugin::V2
|
|
31
31
|
end
|
32
32
|
|
33
33
|
def load_all
|
34
|
+
# This fixes the gem paths on some bundles
|
35
|
+
Gem.path << plugin_gem_path
|
36
|
+
Gem.refresh
|
37
|
+
|
34
38
|
# Be careful not to actually iterate directly over the registry here;
|
35
39
|
# we want to allow "sidecar loading", in which case a plugin may add an entry to the registry.
|
36
40
|
registry.plugin_names.dup.each do |plugin_name|
|
data/lib/inspec/profile.rb
CHANGED
@@ -126,12 +126,14 @@ module Inspec
|
|
126
126
|
end
|
127
127
|
|
128
128
|
def register_metadata_attributes
|
129
|
-
if metadata.params.key?(:attributes)
|
129
|
+
if metadata.params.key?(:attributes) && metadata.params[:attributes].is_a?(Array)
|
130
130
|
metadata.params[:attributes].each do |attribute|
|
131
131
|
attr_dup = attribute.dup
|
132
132
|
name = attr_dup.delete(:name)
|
133
133
|
@runner_context.register_attribute(name, attr_dup)
|
134
134
|
end
|
135
|
+
elsif metadata.params.key?(:attributes)
|
136
|
+
Inspec::Log.warn 'Attributes must be defined as an Array. Skipping current definition.'
|
135
137
|
end
|
136
138
|
end
|
137
139
|
|
data/lib/inspec/version.rb
CHANGED
@@ -1,5 +1,6 @@
|
|
1
1
|
require 'term/ansicolor'
|
2
2
|
require 'pathname'
|
3
|
+
require 'inspec/plugin/v2'
|
3
4
|
require 'inspec/plugin/v2/installer'
|
4
5
|
|
5
6
|
module InspecPlugins
|
@@ -35,16 +36,30 @@ module InspecPlugins
|
|
35
36
|
# inspec plugin search
|
36
37
|
#==================================================================#
|
37
38
|
|
38
|
-
desc 'search [options] PATTERN', 'Searches rubygems.org for
|
39
|
+
desc 'search [options] PATTERN', 'Searches rubygems.org for plugins.'
|
40
|
+
long_desc <<~EOLD
|
41
|
+
Searches rubygems.org for InSpec plugins. Exits 0 on a search hit, 1 on user error,
|
42
|
+
2 on a search miss. PATTERN is a simple string; a wildcard will be added as
|
43
|
+
a suffix, unless -e is used.
|
44
|
+
EOLD
|
39
45
|
option :all, desc: 'List all available versions, not just the latest one.', type: :boolean, aliases: [:a]
|
40
46
|
option :exact, desc: 'Assume PATTERN is exact; do not add a wildcard to the end', type: :boolean, aliases: [:e]
|
47
|
+
option :'include-test-fixture', type: :boolean, desc: 'Internal use', hide: true
|
41
48
|
# Justification for disabling ABC: currently at 33.51/33
|
42
49
|
def search(search_term) # rubocop: disable Metrics/AbcSize
|
43
50
|
search_results = installer.search(search_term, exact: options[:exact])
|
51
|
+
# The search results have already been filtered by the reject list. But the
|
52
|
+
# RejectList doesn't filter {inspec, train}-test-fixture because we need those
|
53
|
+
# for testing. We want to hide those from users, so unless we know we're in
|
54
|
+
# test mode, remove them.
|
55
|
+
unless options[:'include-test-fixture']
|
56
|
+
search_results.delete('inspec-test-fixture')
|
57
|
+
search_results.delete('train-test-fixture')
|
58
|
+
end
|
44
59
|
|
45
60
|
# TODO: ui object support
|
46
61
|
puts
|
47
|
-
puts(bold { format(' %-30s%-50s
|
62
|
+
puts(bold { format(' %-30s%-50s', 'Plugin Name', 'Versions Available') })
|
48
63
|
puts '-' * 55
|
49
64
|
search_results.keys.sort.each do |plugin_name|
|
50
65
|
versions = options[:all] ? search_results[plugin_name] : [search_results[plugin_name].first]
|
@@ -342,8 +357,15 @@ module InspecPlugins
|
|
342
357
|
exit 2
|
343
358
|
end
|
344
359
|
|
345
|
-
|
360
|
+
# Rationale for RuboCop variance: This is a one-line method with heavy UX-focused error handling.
|
361
|
+
def install_attempt_install(plugin_name) # rubocop: disable Metrics/AbcSize
|
346
362
|
installer.install(plugin_name, version: options[:version])
|
363
|
+
rescue Inspec::Plugin::V2::PluginExcludedError => ex
|
364
|
+
puts(red { 'Plugin on Exclusion List' } + " - #{plugin_name} is listed as an incompatible gem - refusing to install.")
|
365
|
+
puts "Rationale: #{ex.details.rationale}"
|
366
|
+
puts 'Exclusion list location: ' + File.join(Inspec.src_root, 'etc', 'plugin_filters.json')
|
367
|
+
puts 'If you disagree with this determination, please accept our apologies for the misunderstanding, and open an issue at https://github.com/inspec/inspec/issues/new'
|
368
|
+
exit 2
|
347
369
|
rescue Inspec::Plugin::V2::InstallError
|
348
370
|
results = installer.search(plugin_name, exact: true)
|
349
371
|
if results.empty?
|
@@ -143,8 +143,14 @@ class PluginManagerCliSearch < MiniTest::Test
|
|
143
143
|
include CorePluginFunctionalHelper
|
144
144
|
include PluginManagerHelpers
|
145
145
|
|
146
|
+
# TODO: Thor can't hide options, but we wish it could.
|
147
|
+
# def test_search_include_fixture_hidden_option
|
148
|
+
# result = run_inspec_process_with_this_plugin('plugin help search')
|
149
|
+
# refute_includes result.stdout, '--include-test-fixture'
|
150
|
+
# end
|
151
|
+
|
146
152
|
def test_search_for_a_real_gem_with_full_name_no_options
|
147
|
-
result = run_inspec_process('plugin search inspec-test-fixture')
|
153
|
+
result = run_inspec_process('plugin search --include-test-fixture inspec-test-fixture')
|
148
154
|
assert_equal 0, result.exit_status, 'Search should exit 0 on a hit'
|
149
155
|
assert_includes result.stdout, 'inspec-test-fixture', 'Search result should contain the gem name'
|
150
156
|
assert_includes result.stdout, '1 plugin(s) found', 'Search result should find 1 plugin'
|
@@ -153,7 +159,7 @@ class PluginManagerCliSearch < MiniTest::Test
|
|
153
159
|
end
|
154
160
|
|
155
161
|
def test_search_for_a_real_gem_with_stub_name_no_options
|
156
|
-
result = run_inspec_process('plugin search inspec-test-')
|
162
|
+
result = run_inspec_process('plugin search --include-test-fixture inspec-test-')
|
157
163
|
assert_equal 0, result.exit_status, 'Search should exit 0 on a hit'
|
158
164
|
assert_includes result.stdout, 'inspec-test-fixture', 'Search result should contain the gem name'
|
159
165
|
assert_includes result.stdout, '1 plugin(s) found', 'Search result should find 1 plugin'
|
@@ -163,26 +169,26 @@ class PluginManagerCliSearch < MiniTest::Test
|
|
163
169
|
end
|
164
170
|
|
165
171
|
def test_search_for_a_real_gem_with_full_name_and_exact_option
|
166
|
-
result = run_inspec_process('plugin search --exact inspec-test-fixture')
|
172
|
+
result = run_inspec_process('plugin search --exact --include-test-fixture inspec-test-fixture')
|
167
173
|
assert_equal 0, result.exit_status, 'Search should exit 0 on a hit'
|
168
174
|
assert_includes result.stdout, 'inspec-test-fixture', 'Search result should contain the gem name'
|
169
175
|
assert_includes result.stdout, '1 plugin(s) found', 'Search result should find 1 plugin'
|
170
176
|
|
171
|
-
result = run_inspec_process('plugin search -e inspec-test-fixture')
|
177
|
+
result = run_inspec_process('plugin search -e --include-test-fixture inspec-test-fixture')
|
172
178
|
assert_equal 0, result.exit_status, 'Search should exit 0 on a hit'
|
173
179
|
end
|
174
180
|
|
175
181
|
def test_search_for_a_real_gem_with_stub_name_and_exact_option
|
176
|
-
result = run_inspec_process('plugin search --exact inspec-test-')
|
182
|
+
result = run_inspec_process('plugin search --exact --include-test-fixture inspec-test-')
|
177
183
|
assert_equal 2, result.exit_status, 'Search should exit 2 on a miss'
|
178
184
|
assert_includes result.stdout, '0 plugin(s) found', 'Search result should find 0 plugins'
|
179
185
|
|
180
|
-
result = run_inspec_process('plugin search -e inspec-test-')
|
186
|
+
result = run_inspec_process('plugin search -e --include-test-fixture inspec-test-')
|
181
187
|
assert_equal 2, result.exit_status, 'Search should exit 2 on a miss'
|
182
188
|
end
|
183
189
|
|
184
190
|
def test_search_for_a_real_gem_with_full_name_and_all_option
|
185
|
-
result = run_inspec_process('plugin search --all inspec-test-fixture')
|
191
|
+
result = run_inspec_process('plugin search --all --include-test-fixture inspec-test-fixture')
|
186
192
|
assert_equal 0, result.exit_status, 'Search should exit 0 on a hit'
|
187
193
|
assert_includes result.stdout, 'inspec-test-fixture', 'Search result should contain the gem name'
|
188
194
|
assert_includes result.stdout, '1 plugin(s) found', 'Search result should find 1 plugin'
|
@@ -190,24 +196,24 @@ class PluginManagerCliSearch < MiniTest::Test
|
|
190
196
|
line = result.stdout.split("\n").grep(/inspec-test-fixture/).first
|
191
197
|
assert_match(/\s*inspec-test-fixture\s+\((\d+\.\d+\.\d+(,\s)?){2,}\)/,line,'Plugin line should include name and at least two versions')
|
192
198
|
|
193
|
-
result = run_inspec_process('plugin search -a inspec-test-fixture')
|
199
|
+
result = run_inspec_process('plugin search -a --include-test-fixture inspec-test-fixture')
|
194
200
|
assert_equal 0, result.exit_status, 'Search should exit 0 on a hit'
|
195
201
|
end
|
196
202
|
|
197
203
|
def test_search_for_a_gem_with_missing_prefix
|
198
|
-
result = run_inspec_process('plugin search test-fixture')
|
204
|
+
result = run_inspec_process('plugin search --include-test-fixture test-fixture')
|
199
205
|
assert_equal 1, result.exit_status, 'Search should exit 1 on user error'
|
200
206
|
assert_includes result.stdout, "All inspec plugins must begin with either 'inspec-' or 'train-'"
|
201
207
|
end
|
202
208
|
|
203
209
|
def test_search_for_a_gem_that_does_not_exist
|
204
|
-
result = run_inspec_process('plugin search inspec-test-fixture-nonesuch')
|
210
|
+
result = run_inspec_process('plugin search --include-test-fixture inspec-test-fixture-nonesuch')
|
205
211
|
assert_equal 2, result.exit_status, 'Search should exit 2 on a miss'
|
206
212
|
assert_includes result.stdout, '0 plugin(s) found', 'Search result should find 0 plugins'
|
207
213
|
end
|
208
214
|
|
209
215
|
def test_search_for_a_real_gem_with_full_name_no_options_and_train_name
|
210
|
-
result = run_inspec_process('plugin search train-test-fixture')
|
216
|
+
result = run_inspec_process('plugin search --include-test-fixture train-test-fixture')
|
211
217
|
assert_equal 0, result.exit_status, 'Search should exit 0 on a hit'
|
212
218
|
assert_includes result.stdout, 'train-test-fixture', 'Search result should contain the gem name'
|
213
219
|
assert_includes result.stdout, '1 plugin(s) found', 'Search result should find 1 plugin'
|
@@ -215,6 +221,28 @@ class PluginManagerCliSearch < MiniTest::Test
|
|
215
221
|
assert_match(/\s*train-test-fixture\s+\((\d+\.\d+\.\d+){1}\)/,line,'Plugin line should include name and exactly one version')
|
216
222
|
end
|
217
223
|
|
224
|
+
def test_search_omit_excluded_inspec_plugins
|
225
|
+
result = run_inspec_process('plugin search --include-test-fixture inspec-')
|
226
|
+
assert_equal 0, result.exit_status, 'Search should exit 0'
|
227
|
+
assert_includes result.stdout, 'inspec-test-fixture', 'Search result should contain the test gem'
|
228
|
+
[
|
229
|
+
'inspec-core',
|
230
|
+
'inspec-multi-server',
|
231
|
+
].each do |plugin_name|
|
232
|
+
refute_includes result.stdout, plugin_name, 'Search result should not contain excluded gems'
|
233
|
+
end
|
234
|
+
end
|
235
|
+
def test_search_for_a_real_gem_with_full_name_no_options_filter_fixtures
|
236
|
+
result = run_inspec_process('plugin search inspec-test-fixture')
|
237
|
+
refute_includes result.stdout, 'inspec-test-fixture', 'Search result should not contain the fixture gem name'
|
238
|
+
end
|
239
|
+
|
240
|
+
def test_search_for_a_real_gem_with_full_name_no_options_filter_fixtures_train
|
241
|
+
result = run_inspec_process('plugin search train-test-fixture')
|
242
|
+
refute_includes result.stdout, 'train-test-fixture', 'Search result should not contain the fixture gem name'
|
243
|
+
end
|
244
|
+
|
245
|
+
|
218
246
|
end
|
219
247
|
|
220
248
|
#-----------------------------------------------------------------------------------------#
|
@@ -513,6 +541,32 @@ class PluginManagerCliInstall < MiniTest::Test
|
|
513
541
|
refute_nil itf_line, 'train-test-fixture should now appear in the output of inspec list'
|
514
542
|
assert_match(/\s*train-test-fixture\s+0.1.0\s+gem\s+/, itf_line, 'list output should show that it is a gem installation with version')
|
515
543
|
end
|
544
|
+
|
545
|
+
def test_refuse_install_when_plugin_on_exclusion_list
|
546
|
+
|
547
|
+
# Here, 'inspec-core', 'inspec-multi-server', and 'train-tax-collector'
|
548
|
+
# are the names of real rubygems. They are not InSpec/Train plugins, though,
|
549
|
+
# and installing them would be a jam-up.
|
550
|
+
# This is configured in 'etc/plugin-filter.json'.
|
551
|
+
[
|
552
|
+
'inspec-core',
|
553
|
+
'inspec-multi-server',
|
554
|
+
'train-tax-calculator',
|
555
|
+
].each do |plugin_name|
|
556
|
+
install_result = run_inspec_process_with_this_plugin("plugin install #{plugin_name}")
|
557
|
+
assert_empty install_result.stderr
|
558
|
+
assert_equal 2, install_result.exit_status, 'Exit status should be 2'
|
559
|
+
|
560
|
+
refusal_message = install_result.stdout
|
561
|
+
refute_nil refusal_message, 'Should find a failure message at the end'
|
562
|
+
assert_includes refusal_message, plugin_name
|
563
|
+
assert_includes refusal_message, 'Plugin on Exclusion List'
|
564
|
+
assert_includes refusal_message, 'refusing to install'
|
565
|
+
assert_includes refusal_message, 'Rationale:'
|
566
|
+
assert_includes refusal_message, 'etc/plugin_filters.json'
|
567
|
+
assert_includes refusal_message, 'github.com/inspec/inspec/issues/new'
|
568
|
+
end
|
569
|
+
end
|
516
570
|
end
|
517
571
|
|
518
572
|
|