inspec-core 3.0.12 → 3.0.25
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +27 -11
- data/README.md +1 -1
- data/inspec-core.gemspec +1 -1
- data/lib/inspec/base_cli.rb +14 -0
- data/lib/inspec/cli.rb +11 -0
- data/lib/inspec/plugin/v1/plugins.rb +1 -1
- data/lib/inspec/profile.rb +27 -0
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +27 -13
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +6 -3
- data/lib/plugins/inspec-init/lib/inspec-init/templates/{profile → profiles/os}/README.md +0 -0
- data/lib/plugins/inspec-init/lib/inspec-init/templates/{profile → profiles/os}/controls/example.rb +0 -0
- data/lib/plugins/inspec-init/lib/inspec-init/templates/{profile → profiles/os}/inspec.yml +2 -0
- data/lib/plugins/inspec-init/lib/inspec-init/templates/{profile → profiles/os}/libraries/.gitkeep +0 -0
- data/lib/plugins/inspec-init/test/functional/inspec_init_test.rb +35 -0
- metadata +8 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 50eee6fe644f3592cc9916bfa3049c40c9e76c7add7c0e553cbc9d6e9b555138
|
4
|
+
data.tar.gz: 9eea909629ba57730bd6d197f7c65696daf48773509fd0075702ea5150fca131
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1692336cb1121e9bcdf91ad5205f4d2a6489a6be80b9ff6bfcb264a06b1ab9643a73de93886f7e31995647193d6a02f1c4f3b686c027bd1df50acc6f697829a3
|
7
|
+
data.tar.gz: 581bbe107b9260e83caa5b2469c6c15b792a2afd185780b6d383c7c6bf4e3c9d0d600b8a75064032bc9b1142b4f6bd64309fb34df525c4f8b63d02577e28bf87
|
data/CHANGELOG.md
CHANGED
@@ -1,26 +1,43 @@
|
|
1
1
|
# Change Log
|
2
2
|
<!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
|
3
|
-
<!-- latest_release 3.0.
|
4
|
-
## [v3.0.
|
3
|
+
<!-- latest_release 3.0.25 -->
|
4
|
+
## [v3.0.25](https://github.com/inspec/inspec/tree/v3.0.25) (2018-11-01)
|
5
5
|
|
6
|
-
####
|
7
|
-
-
|
6
|
+
#### Merged Pull Requests
|
7
|
+
- bump expeditor version [#3569](https://github.com/inspec/inspec/pull/3569) ([jquick](https://github.com/jquick))
|
8
8
|
<!-- latest_release -->
|
9
9
|
|
10
|
-
<!-- release_rollup since=3.0.
|
11
|
-
### Changes since 3.0.
|
10
|
+
<!-- release_rollup since=3.0.12 -->
|
11
|
+
### Changes since 3.0.12 release
|
12
12
|
|
13
13
|
#### Bug Fixes
|
14
|
-
-
|
14
|
+
- Change usage of `Dir.home` to `Inspec.config_dir` [#3567](https://github.com/inspec/inspec/pull/3567) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 3.0.19 -->
|
15
|
+
|
16
|
+
#### Enhancements
|
17
|
+
- Allow help args after Thor commands [#3553](https://github.com/inspec/inspec/pull/3553) ([jquick](https://github.com/jquick)) <!-- 3.0.17 -->
|
18
|
+
- ✓ adds additional checks for vendored profiles [#3362](https://github.com/inspec/inspec/pull/3362) ([chris-rock](https://github.com/chris-rock)) <!-- 3.0.14 -->
|
15
19
|
|
16
20
|
#### Merged Pull Requests
|
17
|
-
-
|
21
|
+
- bump expeditor version [#3569](https://github.com/inspec/inspec/pull/3569) ([jquick](https://github.com/jquick)) <!-- 3.0.25 -->
|
22
|
+
- Pin to train 1.5.6 [#3568](https://github.com/inspec/inspec/pull/3568) ([jquick](https://github.com/jquick)) <!-- 3.0.18 -->
|
23
|
+
- Allow end of options during Thor array parsing [#3547](https://github.com/inspec/inspec/pull/3547) ([jquick](https://github.com/jquick)) <!-- 3.0.16 -->
|
24
|
+
- Modernize omnibus config and reduce omnibus package size [#3543](https://github.com/inspec/inspec/pull/3543) ([tas50](https://github.com/tas50)) <!-- 3.0.15 -->
|
25
|
+
- Adding inspec init profile for GCP. [#3484](https://github.com/inspec/inspec/pull/3484) ([skpaterson](https://github.com/skpaterson)) <!-- 3.0.13 -->
|
26
|
+
<!-- release_rollup -->
|
27
|
+
|
28
|
+
<!-- latest_stable_release -->
|
29
|
+
## [v3.0.12](https://github.com/inspec/inspec/tree/v3.0.12) (2018-10-24)
|
18
30
|
|
19
31
|
#### New Resources
|
20
|
-
- New resource to work with Windows security identifiers (SIDs) [#3405](https://github.com/inspec/inspec/pull/3405) ([james-stocks](https://github.com/james-stocks))
|
21
|
-
|
32
|
+
- New resource to work with Windows security identifiers (SIDs) [#3405](https://github.com/inspec/inspec/pull/3405) ([james-stocks](https://github.com/james-stocks))
|
33
|
+
|
34
|
+
#### Bug Fixes
|
35
|
+
- Update to safe navigation exit code search [#3541](https://github.com/inspec/inspec/pull/3541) ([jquick](https://github.com/jquick))
|
22
36
|
|
37
|
+
#### Merged Pull Requests
|
38
|
+
- Add inspec/train vault to plugin exclusion [#3532](https://github.com/inspec/inspec/pull/3532) ([jquick](https://github.com/jquick))
|
23
39
|
<!-- latest_stable_release -->
|
40
|
+
|
24
41
|
## [v3.0.9](https://github.com/inspec/inspec/tree/v3.0.9) (2018-10-18)
|
25
42
|
|
26
43
|
#### Enhancements
|
@@ -37,7 +54,6 @@
|
|
37
54
|
- Add debug and sort options for plugins [#3530](https://github.com/inspec/inspec/pull/3530) ([jquick](https://github.com/jquick))
|
38
55
|
- Pin inspec to the new train [#3531](https://github.com/inspec/inspec/pull/3531) ([jquick](https://github.com/jquick))
|
39
56
|
- Add missing tests for groups resource, document members property, and assorted fixes. [#3467](https://github.com/inspec/inspec/pull/3467) ([miah](https://github.com/miah))
|
40
|
-
<!-- latest_stable_release -->
|
41
57
|
|
42
58
|
## [v3.0.0](https://github.com/inspec/inspec/tree/v3.0.0) (2018-10-15)
|
43
59
|
|
data/README.md
CHANGED
@@ -452,4 +452,4 @@ Unless required by applicable law or agreed to in writing, software
|
|
452
452
|
distributed under the License is distributed on an "AS IS" BASIS,
|
453
453
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
454
454
|
See the License for the specific language governing permissions and
|
455
|
-
limitations under the License.
|
455
|
+
limitations under the License.
|
data/inspec-core.gemspec
CHANGED
@@ -22,7 +22,7 @@ Gem::Specification.new do |spec|
|
|
22
22
|
|
23
23
|
spec.required_ruby_version = '>= 2.3'
|
24
24
|
|
25
|
-
spec.add_dependency 'train-core', '~> 1.5', '>= 1.5.
|
25
|
+
spec.add_dependency 'train-core', '~> 1.5', '>= 1.5.6'
|
26
26
|
spec.add_dependency 'thor', '~> 0.20'
|
27
27
|
spec.add_dependency 'json', '>= 1.8', '< 3.0'
|
28
28
|
spec.add_dependency 'method_source', '~> 0.8'
|
data/lib/inspec/base_cli.rb
CHANGED
@@ -6,6 +6,20 @@ require 'thor'
|
|
6
6
|
require 'inspec/log'
|
7
7
|
require 'inspec/profile_vendor'
|
8
8
|
|
9
|
+
# Allow end of options during array type parsing
|
10
|
+
# https://github.com/erikhuda/thor/issues/631
|
11
|
+
class Thor::Arguments
|
12
|
+
def parse_array(_name)
|
13
|
+
return shift if peek.is_a?(Array)
|
14
|
+
array = []
|
15
|
+
while current_is_value?
|
16
|
+
break unless @parsing_options
|
17
|
+
array << shift
|
18
|
+
end
|
19
|
+
array
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
9
23
|
module Inspec
|
10
24
|
class BaseCLI < Thor
|
11
25
|
class << self
|
data/lib/inspec/cli.rb
CHANGED
@@ -293,6 +293,17 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
293
293
|
end
|
294
294
|
|
295
295
|
begin
|
296
|
+
# Handle help commands
|
297
|
+
# This allows you to use any of the normal help commands after the normal args.
|
298
|
+
help_commands = ['-h', '--help', 'help']
|
299
|
+
(help_commands & ARGV).each do |cmd|
|
300
|
+
# move the help argument to one place behind the end for Thor to digest
|
301
|
+
if ARGV.size > 1
|
302
|
+
match = ARGV.delete(cmd)
|
303
|
+
ARGV.insert(-2, match)
|
304
|
+
end
|
305
|
+
end
|
306
|
+
|
296
307
|
# Load v2 plugins
|
297
308
|
v2_loader = Inspec::Plugin::V2::Loader.new
|
298
309
|
v2_loader.load_all
|
@@ -34,7 +34,7 @@ module Inspec
|
|
34
34
|
@paths += Dir[lib_home+'/inspec-*-*/lib/inspec-*rb']
|
35
35
|
|
36
36
|
# traverse out of inspec-vX.Y.Z/lib/inspec/plugins.rb
|
37
|
-
@home = home || File.join(
|
37
|
+
@home = home || File.join(Inspec.config_dir, 'plugins')
|
38
38
|
@paths += Dir[File.join(@home, '**{,/*/**}', '*.gemspec')]
|
39
39
|
.map { |x| File.dirname(x) }
|
40
40
|
.map { |x| Dir[File.join(x, 'lib', 'inspec-*.rb')] }
|
data/lib/inspec/profile.rb
CHANGED
@@ -101,6 +101,7 @@ module Inspec
|
|
101
101
|
@libraries_loaded = false
|
102
102
|
@check_mode = options[:check_mode] || false
|
103
103
|
@parent_profile = options[:parent_profile]
|
104
|
+
@legacy_profile_path = options[:profiles_path] || false
|
104
105
|
Metadata.finalize(@source_reader.metadata, @profile_id, options)
|
105
106
|
|
106
107
|
# if a backend has already been created, clone it so each profile has its own unique backend object
|
@@ -373,6 +374,32 @@ module Inspec
|
|
373
374
|
m_unsupported.each { |u| warn.call(meta_path, 0, 0, nil, "doesn't support: #{u}") }
|
374
375
|
@logger.info 'Metadata OK.' if m_errors.empty? && m_unsupported.empty?
|
375
376
|
|
377
|
+
# only run the vendor check if the legacy profile-path is not used as argument
|
378
|
+
if @legacy_profile_path == false
|
379
|
+
# verify that a lockfile is present if we have dependencies
|
380
|
+
if !metadata.dependencies.empty?
|
381
|
+
error.call(meta_path, 0, 0, nil, 'Your profile needs to be vendored with `inspec vendor`.') if !lockfile_exists?
|
382
|
+
end
|
383
|
+
|
384
|
+
if lockfile_exists?
|
385
|
+
# verify if metadata and lockfile are out of sync
|
386
|
+
if lockfile.deps.size != metadata.dependencies.size
|
387
|
+
error.call(meta_path, 0, 0, nil, 'inspec.yml and inspec.lock are out-of-sync. Please re-vendor with `inspec vendor`.')
|
388
|
+
end
|
389
|
+
|
390
|
+
# verify if metadata and lockfile have the same dependency names
|
391
|
+
metadata.dependencies.each { |dep|
|
392
|
+
# Skip if the dependency does not specify a name
|
393
|
+
next if dep[:name].nil?
|
394
|
+
|
395
|
+
# TODO: should we also verify that the soure is the same?
|
396
|
+
if !lockfile.deps.map { |x| x[:name] }.include? dep[:name]
|
397
|
+
error.call(meta_path, 0, 0, nil, "Cannot find #{dep[:name]} in lockfile. Please re-vendor with `inspec vendor`.")
|
398
|
+
end
|
399
|
+
}
|
400
|
+
end
|
401
|
+
end
|
402
|
+
|
376
403
|
# extract profile name
|
377
404
|
result[:summary][:profile] = metadata.params[:name]
|
378
405
|
|
data/lib/inspec/version.rb
CHANGED
@@ -5,7 +5,7 @@ module InspecPlugins
|
|
5
5
|
# stores configuration on local filesystem
|
6
6
|
class Configuration
|
7
7
|
def initialize
|
8
|
-
@config_path = File.join(
|
8
|
+
@config_path = File.join(Inspec.config_dir, 'compliance')
|
9
9
|
# ensure the directory is available
|
10
10
|
unless File.directory?(@config_path)
|
11
11
|
FileUtils.mkdir_p(@config_path)
|
@@ -6,22 +6,36 @@ require_relative 'renderer'
|
|
6
6
|
module InspecPlugins
|
7
7
|
module Init
|
8
8
|
class CLI < Inspec.plugin(2, :cli_command)
|
9
|
-
subcommand_desc 'init SUBCOMMAND', '
|
9
|
+
subcommand_desc 'init SUBCOMMAND', 'Generate InSpec code'
|
10
10
|
|
11
|
-
|
12
|
-
#
|
13
|
-
|
14
|
-
|
15
|
-
|
11
|
+
#-------------------------------------------------------------------#
|
12
|
+
# inspec init profile
|
13
|
+
#-------------------------------------------------------------------#
|
14
|
+
def self.valid_profile_platforms
|
15
|
+
# Look in the 'template/profiles' directory and detect which platforms are available.
|
16
|
+
profile_templates_dir = File.join(File.dirname(__FILE__), 'templates', 'profiles')
|
17
|
+
Dir.glob(File.join(profile_templates_dir, '*')).select { |p| File.directory?(p) }.map { |d| File.basename(d) }
|
18
|
+
end
|
19
|
+
|
20
|
+
no_commands do
|
21
|
+
def valid_profile_platforms
|
22
|
+
self.class.valid_profile_platforms
|
23
|
+
end
|
24
|
+
end
|
16
25
|
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
26
|
+
desc 'profile [OPTIONS] NAME', 'Generate a new profile'
|
27
|
+
option :platform, default: 'os', type: :string, aliases: [:p],
|
28
|
+
desc: "Which platform to generate a platform for: choose from #{valid_profile_platforms.join(', ')}"
|
29
|
+
option :overwrite, type: :boolean, default: false,
|
30
|
+
desc: 'Overwrites existing directory'
|
31
|
+
def profile(new_profile_name)
|
32
|
+
unless valid_profile_platforms.include?(options[:platform])
|
33
|
+
puts "Unable to generate profile: No template available for platform '#{options[:platform]}' (expected one of: #{valid_profile_platforms.join(', ')})"
|
34
|
+
exit 1
|
24
35
|
end
|
36
|
+
template_path = File.join('profiles', options[:platform])
|
37
|
+
renderer = InspecPlugins::Init::Renderer.new(self, options)
|
38
|
+
renderer.render_with_values(template_path, name: new_profile_name)
|
25
39
|
end
|
26
40
|
end
|
27
41
|
end
|
@@ -16,9 +16,9 @@ module InspecPlugins
|
|
16
16
|
end
|
17
17
|
|
18
18
|
# rubocop: disable Metrics/AbcSize
|
19
|
-
def render_with_values(
|
19
|
+
def render_with_values(template_subdir_path, template_values = {})
|
20
20
|
# look for template directory
|
21
|
-
base_dir = File.join(File.dirname(__FILE__), 'templates',
|
21
|
+
base_dir = File.join(File.dirname(__FILE__), 'templates', template_subdir_path)
|
22
22
|
# prepare glob for all subdirectories and files
|
23
23
|
template_glob = File.join(base_dir, '**', '{*,.*}')
|
24
24
|
# Use the name attribute to define the path to the profile.
|
@@ -28,7 +28,10 @@ module InspecPlugins
|
|
28
28
|
template_values[:name] = template_values[:name].split(%r{\\|\/}).last
|
29
29
|
# Generate the full full_destination_root_path path on disk
|
30
30
|
full_destination_root_path = Pathname.new(Dir.pwd).join(profile_path)
|
31
|
-
|
31
|
+
|
32
|
+
# This is a bit gross
|
33
|
+
generator_type = template_subdir_path.split(%r{[\/]}).first.sub(/s$/, '')
|
34
|
+
ui.plain_text "Create new #{generator_type} at #{ui.mark_text(full_destination_root_path)}"
|
32
35
|
|
33
36
|
# check that the directory does not exist
|
34
37
|
if File.exist?(full_destination_root_path) && !overwrite_mode
|
File without changes
|
data/lib/plugins/inspec-init/lib/inspec-init/templates/{profile → profiles/os}/controls/example.rb
RENAMED
File without changes
|
data/lib/plugins/inspec-init/lib/inspec-init/templates/{profile → profiles/os}/libraries/.gitkeep
RENAMED
File without changes
|
@@ -1,5 +1,6 @@
|
|
1
1
|
# encoding: utf-8
|
2
2
|
|
3
|
+
require 'yaml'
|
3
4
|
require_relative '../../../shared/core_plugin_test_helper.rb'
|
4
5
|
|
5
6
|
class InitCli < MiniTest::Test
|
@@ -17,6 +18,28 @@ class InitCli < MiniTest::Test
|
|
17
18
|
end
|
18
19
|
end
|
19
20
|
|
21
|
+
def test_generating_inspec_profile_with_explicit_platform
|
22
|
+
Dir.mktmpdir do |dir|
|
23
|
+
profile = File.join(dir, 'test-profile')
|
24
|
+
out = run_inspec_process("init profile --platform os test-profile", prefix: "cd #{dir} &&")
|
25
|
+
assert_equal 0, out.exit_status
|
26
|
+
assert_includes out.stdout, 'Create new profile at'
|
27
|
+
assert_includes out.stdout, profile
|
28
|
+
assert_includes Dir.entries(profile).join, 'inspec.yml'
|
29
|
+
assert_includes Dir.entries(profile).join, 'README.md'
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
def test_generating_inspec_profile_with_bad_platform
|
34
|
+
Dir.mktmpdir do |dir|
|
35
|
+
profile = File.join(dir, 'test-profile')
|
36
|
+
out = run_inspec_process("init profile --platform nonesuch test-profile", prefix: "cd #{dir} &&")
|
37
|
+
assert_equal 1, out.exit_status
|
38
|
+
assert_includes out.stdout, 'Unable to generate profile'
|
39
|
+
assert_includes out.stdout, "No template available for platform 'nonesuch'"
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
20
43
|
def test_profile_with_slash_name
|
21
44
|
Dir.mktmpdir do |dir|
|
22
45
|
profile = dir + '/test/deeper/profile'
|
@@ -27,4 +50,16 @@ class InitCli < MiniTest::Test
|
|
27
50
|
assert_equal 'profile', profile['name']
|
28
51
|
end
|
29
52
|
end
|
53
|
+
|
54
|
+
def test_generating_inspec_profile_gcp
|
55
|
+
Dir.mktmpdir do |dir|
|
56
|
+
profile = File.join(dir, 'test-gcp-profile')
|
57
|
+
out = run_inspec_process("init profile --platform gcp test-gcp-profile", prefix: "cd #{dir} &&")
|
58
|
+
assert_equal 0, out.exit_status
|
59
|
+
assert_includes out.stdout, 'Create new profile at'
|
60
|
+
assert_includes out.stdout, profile
|
61
|
+
assert_includes Dir.entries(profile).join, 'inspec.yml'
|
62
|
+
assert_includes Dir.entries(profile).join, 'README.md'
|
63
|
+
end
|
64
|
+
end
|
30
65
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inspec-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.0.
|
4
|
+
version: 3.0.25
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dominik Richter
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-11-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: train-core
|
@@ -19,7 +19,7 @@ dependencies:
|
|
19
19
|
version: '1.5'
|
20
20
|
- - ">="
|
21
21
|
- !ruby/object:Gem::Version
|
22
|
-
version: 1.5.
|
22
|
+
version: 1.5.6
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -29,7 +29,7 @@ dependencies:
|
|
29
29
|
version: '1.5'
|
30
30
|
- - ">="
|
31
31
|
- !ruby/object:Gem::Version
|
32
|
-
version: 1.5.
|
32
|
+
version: 1.5.6
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
34
|
name: thor
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|
@@ -442,10 +442,10 @@ files:
|
|
442
442
|
- lib/plugins/inspec-init/lib/inspec-init.rb
|
443
443
|
- lib/plugins/inspec-init/lib/inspec-init/cli.rb
|
444
444
|
- lib/plugins/inspec-init/lib/inspec-init/renderer.rb
|
445
|
-
- lib/plugins/inspec-init/lib/inspec-init/templates/
|
446
|
-
- lib/plugins/inspec-init/lib/inspec-init/templates/
|
447
|
-
- lib/plugins/inspec-init/lib/inspec-init/templates/
|
448
|
-
- lib/plugins/inspec-init/lib/inspec-init/templates/
|
445
|
+
- lib/plugins/inspec-init/lib/inspec-init/templates/profiles/os/README.md
|
446
|
+
- lib/plugins/inspec-init/lib/inspec-init/templates/profiles/os/controls/example.rb
|
447
|
+
- lib/plugins/inspec-init/lib/inspec-init/templates/profiles/os/inspec.yml
|
448
|
+
- lib/plugins/inspec-init/lib/inspec-init/templates/profiles/os/libraries/.gitkeep
|
449
449
|
- lib/plugins/inspec-init/test/functional/inspec_init_test.rb
|
450
450
|
- lib/plugins/inspec-plugin-manager-cli/README.md
|
451
451
|
- lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb
|