inspec-core 3.0.12 → 3.0.25

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4d7f25755317e631219a5c447f33cba097794330620601d137f8a9445c859f2c
-  data.tar.gz: 864647b41c81eaa85b3d397c7b8532a8d0f801ae4ede1ad2a2e225abbbeb982d
+  metadata.gz: 50eee6fe644f3592cc9916bfa3049c40c9e76c7add7c0e553cbc9d6e9b555138
+  data.tar.gz: 9eea909629ba57730bd6d197f7c65696daf48773509fd0075702ea5150fca131
 SHA512:
-  metadata.gz: 8b29bf9987dbd165250adc459e96ef0a8c2808d86e462245bdddefe1ccc7868f0d639bbd2bc48c5d5385fd65ed6dc8bb174b2b9a3639582ca2c5ee7da0f6cc4b
-  data.tar.gz: f1d5622d8032fe9eb14fecbec00f9903a1e2423f68e2ac0f3b3b604373f0515e6bb597c8faa9b81eda8283de918c13287b55738620811d753d79ab40e9cf6ca5
+  metadata.gz: 1692336cb1121e9bcdf91ad5205f4d2a6489a6be80b9ff6bfcb264a06b1ab9643a73de93886f7e31995647193d6a02f1c4f3b686c027bd1df50acc6f697829a3
+  data.tar.gz: 581bbe107b9260e83caa5b2469c6c15b792a2afd185780b6d383c7c6bf4e3c9d0d600b8a75064032bc9b1142b4f6bd64309fb34df525c4f8b63d02577e28bf87

data/CHANGELOG.md

@@ -1,26 +1,43 @@
 # Change Log
 <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
-<!-- latest_release 3.0.12 -->
-## [v3.0.12](https://github.com/inspec/inspec/tree/v3.0.12) (2018-10-24)
+<!-- latest_release 3.0.25 -->
+## [v3.0.25](https://github.com/inspec/inspec/tree/v3.0.25) (2018-11-01)
 
-#### Bug Fixes
-- Update to safe navigation exit code search [#3541](https://github.com/inspec/inspec/pull/3541) ([jquick](https://github.com/jquick))
+#### Merged Pull Requests
+- bump expeditor version [#3569](https://github.com/inspec/inspec/pull/3569) ([jquick](https://github.com/jquick))
 <!-- latest_release -->
 
-<!-- release_rollup since=3.0.9 -->
-### Changes since 3.0.9 release
+<!-- release_rollup since=3.0.12 -->
+### Changes since 3.0.12 release
 
 #### Bug Fixes
-- Update to safe navigation exit code search [#3541](https://github.com/inspec/inspec/pull/3541) ([jquick](https://github.com/jquick)) <!-- 3.0.12 -->
+- Change usage of `Dir.home` to `Inspec.config_dir` [#3567](https://github.com/inspec/inspec/pull/3567) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 3.0.19 -->
+
+#### Enhancements
+- Allow help args after Thor commands [#3553](https://github.com/inspec/inspec/pull/3553) ([jquick](https://github.com/jquick)) <!-- 3.0.17 -->
+- ✓ adds additional checks for vendored profiles [#3362](https://github.com/inspec/inspec/pull/3362) ([chris-rock](https://github.com/chris-rock)) <!-- 3.0.14 -->
 
 #### Merged Pull Requests
-- Add inspec/train vault to plugin exclusion [#3532](https://github.com/inspec/inspec/pull/3532) ([jquick](https://github.com/jquick)) <!-- 3.0.11 -->
+- bump expeditor version [#3569](https://github.com/inspec/inspec/pull/3569) ([jquick](https://github.com/jquick)) <!-- 3.0.25 -->
+- Pin to train 1.5.6 [#3568](https://github.com/inspec/inspec/pull/3568) ([jquick](https://github.com/jquick)) <!-- 3.0.18 -->
+- Allow end of options during Thor array parsing [#3547](https://github.com/inspec/inspec/pull/3547) ([jquick](https://github.com/jquick)) <!-- 3.0.16 -->
+- Modernize omnibus config and reduce omnibus package size [#3543](https://github.com/inspec/inspec/pull/3543) ([tas50](https://github.com/tas50)) <!-- 3.0.15 -->
+- Adding inspec init profile for GCP. [#3484](https://github.com/inspec/inspec/pull/3484) ([skpaterson](https://github.com/skpaterson)) <!-- 3.0.13 -->
+<!-- release_rollup -->
+
+<!-- latest_stable_release -->
+## [v3.0.12](https://github.com/inspec/inspec/tree/v3.0.12) (2018-10-24)
 
 #### New Resources
-- New resource to work with Windows security identifiers (SIDs) [#3405](https://github.com/inspec/inspec/pull/3405) ([james-stocks](https://github.com/james-stocks)) <!-- 3.0.10 -->
-<!-- release_rollup -->
+- New resource to work with Windows security identifiers (SIDs) [#3405](https://github.com/inspec/inspec/pull/3405) ([james-stocks](https://github.com/james-stocks))
+
+#### Bug Fixes
+- Update to safe navigation exit code search [#3541](https://github.com/inspec/inspec/pull/3541) ([jquick](https://github.com/jquick))
 
+#### Merged Pull Requests
+- Add inspec/train vault to plugin exclusion [#3532](https://github.com/inspec/inspec/pull/3532) ([jquick](https://github.com/jquick))
 <!-- latest_stable_release -->
+
 ## [v3.0.9](https://github.com/inspec/inspec/tree/v3.0.9) (2018-10-18)
 
 #### Enhancements
@@ -37,7 +54,6 @@
 - Add debug and sort options for plugins [#3530](https://github.com/inspec/inspec/pull/3530) ([jquick](https://github.com/jquick))
 - Pin inspec to the new train [#3531](https://github.com/inspec/inspec/pull/3531) ([jquick](https://github.com/jquick))
 - Add missing tests for groups resource, document members property, and assorted fixes. [#3467](https://github.com/inspec/inspec/pull/3467) ([miah](https://github.com/miah))
-<!-- latest_stable_release -->
 
 ## [v3.0.0](https://github.com/inspec/inspec/tree/v3.0.0) (2018-10-15)
 

data/README.md

@@ -452,4 +452,4 @@ Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
-limitations under the License.
+limitations under the License. 

data/inspec-core.gemspec

@@ -22,7 +22,7 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = '>= 2.3'
 
-  spec.add_dependency 'train-core', '~> 1.5', '>= 1.5.4'
+  spec.add_dependency 'train-core', '~> 1.5', '>= 1.5.6'
   spec.add_dependency 'thor', '~> 0.20'
   spec.add_dependency 'json', '>= 1.8', '< 3.0'
   spec.add_dependency 'method_source', '~> 0.8'

data/lib/inspec/base_cli.rb

@@ -6,6 +6,20 @@ require 'thor'
 require 'inspec/log'
 require 'inspec/profile_vendor'
 
+# Allow end of options during array type parsing
+# https://github.com/erikhuda/thor/issues/631
+class Thor::Arguments
+  def parse_array(_name)
+    return shift if peek.is_a?(Array)
+    array = []
+    while current_is_value?
+      break unless @parsing_options
+      array << shift
+    end
+    array
+  end
+end
+
 module Inspec
   class BaseCLI < Thor
     class << self

data/lib/inspec/cli.rb

@@ -293,6 +293,17 @@ class Inspec::InspecCLI < Inspec::BaseCLI
 end
 
 begin
+  # Handle help commands
+  # This allows you to use any of the normal help commands after the normal args.
+  help_commands = ['-h', '--help', 'help']
+  (help_commands & ARGV).each do |cmd|
+    # move the help argument to one place behind the end for Thor to digest
+    if ARGV.size > 1
+      match = ARGV.delete(cmd)
+      ARGV.insert(-2, match)
+    end
+  end
+
   # Load v2 plugins
   v2_loader = Inspec::Plugin::V2::Loader.new
   v2_loader.load_all

data/lib/inspec/plugin/v1/plugins.rb

@@ -34,7 +34,7 @@ module Inspec
       @paths += Dir[lib_home+'/inspec-*-*/lib/inspec-*rb']
 
       # traverse out of inspec-vX.Y.Z/lib/inspec/plugins.rb
-      @home = home || File.join(Dir.home, '.inspec', 'plugins')
+      @home = home || File.join(Inspec.config_dir, 'plugins')
       @paths += Dir[File.join(@home, '**{,/*/**}', '*.gemspec')]
                 .map { |x| File.dirname(x) }
                 .map { |x| Dir[File.join(x, 'lib', 'inspec-*.rb')] }

data/lib/inspec/profile.rb

@@ -101,6 +101,7 @@ module Inspec
       @libraries_loaded = false
       @check_mode = options[:check_mode] || false
       @parent_profile = options[:parent_profile]
+      @legacy_profile_path = options[:profiles_path] || false
       Metadata.finalize(@source_reader.metadata, @profile_id, options)
 
       # if a backend has already been created, clone it so each profile has its own unique backend object
@@ -373,6 +374,32 @@ module Inspec
       m_unsupported.each { |u| warn.call(meta_path, 0, 0, nil, "doesn't support: #{u}") }
       @logger.info 'Metadata OK.' if m_errors.empty? && m_unsupported.empty?
 
+      # only run the vendor check if the legacy profile-path is not used as argument
+      if @legacy_profile_path == false
+        # verify that a lockfile is present if we have dependencies
+        if !metadata.dependencies.empty?
+          error.call(meta_path, 0, 0, nil, 'Your profile needs to be vendored with `inspec vendor`.') if !lockfile_exists?
+        end
+
+        if lockfile_exists?
+          # verify if metadata and lockfile are out of sync
+          if lockfile.deps.size != metadata.dependencies.size
+            error.call(meta_path, 0, 0, nil, 'inspec.yml and inspec.lock are out-of-sync. Please re-vendor with `inspec vendor`.')
+          end
+
+          # verify if metadata and lockfile have the same dependency names
+          metadata.dependencies.each { |dep|
+            # Skip if the dependency does not specify a name
+            next if dep[:name].nil?
+
+            # TODO: should we also verify that the soure is the same?
+            if !lockfile.deps.map { |x| x[:name] }.include? dep[:name]
+              error.call(meta_path, 0, 0, nil, "Cannot find #{dep[:name]} in lockfile. Please re-vendor with `inspec vendor`.")
+            end
+          }
+        end
+      end
+
       # extract profile name
       result[:summary][:profile] = metadata.params[:name]
 

data/lib/inspec/version.rb

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '3.0.12'
+  VERSION = '3.0.25'
 end

data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb

@@ -5,7 +5,7 @@ module InspecPlugins
     # stores configuration on local filesystem
     class Configuration
       def initialize
-        @config_path = File.join(Dir.home, '.inspec', 'compliance')
+        @config_path = File.join(Inspec.config_dir, 'compliance')
         # ensure the directory is available
         unless File.directory?(@config_path)
           FileUtils.mkdir_p(@config_path)

data/lib/plugins/inspec-init/lib/inspec-init/cli.rb

@@ -6,22 +6,36 @@ require_relative 'renderer'
 module InspecPlugins
   module Init
     class CLI < Inspec.plugin(2, :cli_command)
-      subcommand_desc 'init SUBCOMMAND', 'Initialize InSpec objects'
+      subcommand_desc 'init SUBCOMMAND', 'Generate InSpec code'
 
-      # Look in the 'template' directory, and register a subcommand
-      # for each template directory found there.
-      template_dir = File.join(File.dirname(__FILE__), 'templates')
-      Dir.glob(File.join(template_dir, '*')) do |template|
-        template_name = Pathname.new(template).relative_path_from(Pathname.new(template_dir)).to_s
+      #-------------------------------------------------------------------#
+      #                     inspec init profile
+      #-------------------------------------------------------------------#
+      def self.valid_profile_platforms
+        # Look in the 'template/profiles' directory and detect which platforms are available.
+        profile_templates_dir = File.join(File.dirname(__FILE__), 'templates', 'profiles')
+        Dir.glob(File.join(profile_templates_dir, '*')).select { |p| File.directory?(p) }.map { |d| File.basename(d) }
+      end
+
+      no_commands do
+        def valid_profile_platforms
+          self.class.valid_profile_platforms
+        end
+      end
 
-        # register command for the template
-        desc "#{template_name} NAME", "Create a new #{template_name}"
-        option :overwrite, type: :boolean, default: false,
-          desc: 'Overwrites existing directory'
-        define_method template_name.to_sym do |name_for_new_structure|
-          renderer = InspecPlugins::Init::Renderer.new(self, options)
-          renderer.render_with_values(template_name, name: name_for_new_structure)
+      desc 'profile [OPTIONS] NAME', 'Generate a new profile'
+      option :platform, default: 'os', type: :string, aliases: [:p],
+             desc: "Which platform to generate a platform for: choose from #{valid_profile_platforms.join(', ')}"
+      option :overwrite, type: :boolean, default: false,
+             desc: 'Overwrites existing directory'
+      def profile(new_profile_name)
+        unless valid_profile_platforms.include?(options[:platform])
+          puts "Unable to generate profile: No template available for platform '#{options[:platform]}' (expected one of: #{valid_profile_platforms.join(', ')})"
+          exit 1
         end
+        template_path = File.join('profiles', options[:platform])
+        renderer = InspecPlugins::Init::Renderer.new(self, options)
+        renderer.render_with_values(template_path, name: new_profile_name)
       end
     end
   end

data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb

@@ -16,9 +16,9 @@ module InspecPlugins
       end
 
       # rubocop: disable Metrics/AbcSize
-      def render_with_values(template_type, template_values = {})
+      def render_with_values(template_subdir_path, template_values = {})
         # look for template directory
-        base_dir = File.join(File.dirname(__FILE__), 'templates', template_type)
+        base_dir = File.join(File.dirname(__FILE__), 'templates', template_subdir_path)
         # prepare glob for all subdirectories and files
         template_glob = File.join(base_dir, '**', '{*,.*}')
         # Use the name attribute to define the path to the profile.
@@ -28,7 +28,10 @@ module InspecPlugins
         template_values[:name] = template_values[:name].split(%r{\\|\/}).last
         # Generate the full full_destination_root_path path on disk
         full_destination_root_path = Pathname.new(Dir.pwd).join(profile_path)
-        ui.plain_text "Create new #{template_type} at #{ui.mark_text(full_destination_root_path)}"
+
+        # This is a bit gross
+        generator_type = template_subdir_path.split(%r{[\/]}).first.sub(/s$/, '')
+        ui.plain_text "Create new #{generator_type} at #{ui.mark_text(full_destination_root_path)}"
 
         # check that the directory does not exist
         if File.exist?(full_destination_root_path) && !overwrite_mode

data/lib/plugins/inspec-init/lib/inspec-init/templates/{profile → profiles/os}/inspec.yml

@@ -6,3 +6,5 @@ copyright_email: you@example.com
 license: Apache-2.0
 summary: An InSpec Compliance Profile
 version: 0.1.0
+supports:
+  platform: os

data/lib/plugins/inspec-init/test/functional/inspec_init_test.rb

@@ -1,5 +1,6 @@
 # encoding: utf-8
 
+require 'yaml'
 require_relative '../../../shared/core_plugin_test_helper.rb'
 
 class InitCli < MiniTest::Test
@@ -17,6 +18,28 @@ class InitCli < MiniTest::Test
     end
   end
 
+  def test_generating_inspec_profile_with_explicit_platform
+    Dir.mktmpdir do |dir|
+      profile = File.join(dir, 'test-profile')
+      out = run_inspec_process("init profile --platform os test-profile", prefix: "cd #{dir} &&")
+      assert_equal 0, out.exit_status
+      assert_includes out.stdout, 'Create new profile at'
+      assert_includes out.stdout, profile
+      assert_includes Dir.entries(profile).join, 'inspec.yml'
+      assert_includes Dir.entries(profile).join, 'README.md'
+    end
+  end
+
+  def test_generating_inspec_profile_with_bad_platform
+    Dir.mktmpdir do |dir|
+      profile = File.join(dir, 'test-profile')
+      out = run_inspec_process("init profile --platform nonesuch test-profile", prefix: "cd #{dir} &&")
+      assert_equal 1, out.exit_status
+      assert_includes out.stdout, 'Unable to generate profile'
+      assert_includes out.stdout, "No template available for platform 'nonesuch'"
+    end
+  end
+
   def test_profile_with_slash_name
     Dir.mktmpdir do |dir|
       profile = dir + '/test/deeper/profile'
@@ -27,4 +50,16 @@ class InitCli < MiniTest::Test
       assert_equal 'profile', profile['name']
     end
   end
+
+  def test_generating_inspec_profile_gcp
+    Dir.mktmpdir do |dir|
+      profile = File.join(dir, 'test-gcp-profile')
+      out = run_inspec_process("init profile --platform gcp test-gcp-profile", prefix: "cd #{dir} &&")
+      assert_equal 0, out.exit_status
+      assert_includes out.stdout, 'Create new profile at'
+      assert_includes out.stdout, profile
+      assert_includes Dir.entries(profile).join, 'inspec.yml'
+      assert_includes Dir.entries(profile).join, 'README.md'
+    end
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 3.0.12
+  version: 3.0.25
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-10-24 00:00:00.000000000 Z
+date: 2018-11-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train-core
@@ -19,7 +19,7 @@ dependencies:
         version: '1.5'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.5.4
+        version: 1.5.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '1.5'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.5.4
+        version: 1.5.6
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -442,10 +442,10 @@ files:
 - lib/plugins/inspec-init/lib/inspec-init.rb
 - lib/plugins/inspec-init/lib/inspec-init/cli.rb
 - lib/plugins/inspec-init/lib/inspec-init/renderer.rb
-- lib/plugins/inspec-init/lib/inspec-init/templates/profile/README.md
-- lib/plugins/inspec-init/lib/inspec-init/templates/profile/controls/example.rb
-- lib/plugins/inspec-init/lib/inspec-init/templates/profile/inspec.yml
-- lib/plugins/inspec-init/lib/inspec-init/templates/profile/libraries/.gitkeep
+- lib/plugins/inspec-init/lib/inspec-init/templates/profiles/os/README.md
+- lib/plugins/inspec-init/lib/inspec-init/templates/profiles/os/controls/example.rb
+- lib/plugins/inspec-init/lib/inspec-init/templates/profiles/os/inspec.yml
+- lib/plugins/inspec-init/lib/inspec-init/templates/profiles/os/libraries/.gitkeep
 - lib/plugins/inspec-init/test/functional/inspec_init_test.rb
 - lib/plugins/inspec-plugin-manager-cli/README.md
 - lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb