inspec-core 4.12.0 → 4.16.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 873c4c83c46030d3a3adb7093f085650f8400c6bbfc7c87984ebc77305aa660b
-  data.tar.gz: '091ccf8b261dfeafac84a771ec549e46f015dcc9e5da9836982788df40c456c1'
+  metadata.gz: 3ff3612b0be834f75c0bd4e457652ee6736aaff5787519e28c8733c114ecc330
+  data.tar.gz: 58b2c9c7ddcf0bd09ce2e4d9cdf34e67ca0786cb3b97453253e375ec3fe6c29d
 SHA512:
-  metadata.gz: ed9c35b0c96d17f96eea08658b251812ac3f03c4912a1663b9d5de600a5d6637460bf223ca90e9ca84625298b5dce64f999ac8d019c2b615b621247c48e1693a
-  data.tar.gz: fca132a2f7221c41c78bf7379ccf74e4c07cc412d36da10817d99adc15a9c2e5a049f6311a8c6bf323a8c7deffed18462d8fb660b0c9669d5182b477cf3ca585
+  metadata.gz: d23d441a6db5edc44f754717a6e86b581065b8739d8ee68c657055f2ab053fcbecaed2b800938840a5d7fd8fb9879c27076862e9875258ae9c091778f5b8d99a
+  data.tar.gz: 3edba9eccd97749bb2661f1ab9dde985fbba0f3524e349383967d8e6517df36adad8969be7a7129e05bd96cdd35a49516c9b754fdc92ac3840630f135b1f05fb

data/etc/plugin_filters.json

@@ -25,10 +25,6 @@
       "plugin_name": "inspec-release",
       "rationale": "This gem is currently only a placeholder, waiting to be built."
     },
-    {
-      "plugin_name": "inspec-vault",
-      "rationale": "This gem is currently only a placeholder, waiting to be built."
-    },
     {
       "plugin_name": "train-vault",
       "rationale": "This gem is currently only a placeholder, waiting to be built."

data/lib/fetchers/git.rb

@@ -52,6 +52,7 @@ module Fetchers
       # processing, but then again, if you passed a relative path
       # to an on-disk repo, you probably expect it to exist.
       return url_or_file_path unless File.exist?(url_or_file_path)
+
       # It's important to expand this path, because it may be specified
       # locally in the metadata files, and when we clone, we will be
       # in a temp dir.
@@ -97,6 +98,7 @@ module Fetchers
 
     def cache_key
       return resolved_ref unless @relative_path
+
       OpenSSL::Digest::SHA256.hexdigest(resolved_ref + @relative_path)
     end
 

data/lib/inspec/base_cli.rb

@@ -133,6 +133,8 @@ module Inspec
       option :reporter, type: :array,
         banner: "one two:/output/file/path",
         desc: "Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit, yaml"
+      option :input, type: :array, banner: "name1=value1 name2=value2",
+        desc: "Specify one or more inputs directly on the command line, as --input NAME=VALUE"
       option :input_file, type: :array,
         desc: "Load one or more input files, a YAML file with values for the profile to use"
       option :attrs, type: :array,

data/lib/inspec/cli.rb

@@ -124,8 +124,8 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     else
       %w{location profile controls timestamp valid}.each do |item|
         prepared_string = format("%-12s %s",
-                                 "#{item.to_s.capitalize} :",
-                                 result[:summary][item.to_sym])
+          "#{item.to_s.capitalize} :",
+          result[:summary][item.to_sym])
         ui.plain_line(prepared_string)
       end
       puts

data/lib/inspec/config.rb

@@ -7,9 +7,12 @@ require "forwardable"
 require "thor"
 require "base64"
 require "inspec/base_cli"
+require "inspec/plugin/v2/filter"
 
 module Inspec
   class Config
+    include Inspec::Plugin::V2::FilterPredicates
+
     # These are options that apply to any transport
     GENERIC_CREDENTIALS = %w{
       backend
@@ -23,6 +26,11 @@ module Inspec
       shell_command
     }.freeze
 
+    KNOWN_VERSIONS = [
+      "1.1",
+      "1.2",
+    ].freeze
+
     extend Forwardable
 
     # Many parts of InSpec expect to treat the Config as a Hash
@@ -48,6 +56,7 @@ module Inspec
     def initialize(cli_opts = {}, cfg_io = nil, command_name = nil)
       @command_name = command_name || (ARGV.empty? ? nil : ARGV[0].to_sym)
       @defaults = Defaults.for_command(@command_name)
+      @plugin_cfg = {}
 
       @cli_opts = cli_opts.dup
       cfg_io = resolve_cfg_io(@cli_opts, cfg_io)
@@ -119,6 +128,13 @@ module Inspec
       end
     end
 
+    #-----------------------------------------------------------------------#
+    #                      Fetching Plugin Data
+    #-----------------------------------------------------------------------#
+    def fetch_plugin_config(plugin_name)
+      Thor::CoreExt::HashWithIndifferentAccess.new(@plugin_cfg[plugin_name] || {})
+    end
+
     private
 
     def _utc_merge_transport_options(credentials, transport_name)
@@ -285,16 +301,24 @@ module Inspec
       # Assume legacy format, which is unconstrained
       return unless version
 
-      unless version == "1.1"
-        raise Inspec::ConfigError::Invalid, "Unsupported config file version '#{version}' - currently supported versions: 1.1"
+      unless KNOWN_VERSIONS.include?(version)
+        raise Inspec::ConfigError::Invalid, "Unsupported config file version '#{version}' - currently supported versions: #{KNOWN_VERSIONS.join(",")}"
       end
 
+      # Use Gem::Version for comparision operators
+      cfg_version = Gem::Version.new(version)
+      version_1_2 = Gem::Version.new("1.2")
+
+      # TODO: proper schema version loading and validation
       valid_fields = %w{version cli_options credentials compliance reporter}.sort
+      valid_fields << "plugins" if cfg_version >= version_1_2
       @cfg_file_contents.keys.each do |seen_field|
         unless valid_fields.include?(seen_field)
           raise Inspec::ConfigError::Invalid, "Unrecognized top-level configuration field #{seen_field}.  Recognized fields: #{valid_fields.join(", ")}"
         end
       end
+
+      validate_plugins! if cfg_version >= version_1_2
     end
 
     def validate_reporters!(reporters)
@@ -334,6 +358,29 @@ module Inspec
       raise ArgumentError, "The option --reporter can only have a single report outputting to stdout." if stdout_reporters > 1
     end
 
+    def validate_plugins!
+      return unless @cfg_file_contents.key? "plugins"
+
+      data = @cfg_file_contents["plugins"]
+      unless data.is_a?(Hash)
+        raise Inspec::ConfigError::Invalid, "The 'plugin' field in your config file must be a hash (key-value list), not an array."
+      end
+
+      data.each do |plugin_name, plugin_settings|
+        # Enforce that every key is a valid inspec or train plugin name
+        unless valid_plugin_name?(plugin_name)
+          raise Inspec::ConfigError::Invalid, "Plugin settings should ne named after the the InSpec or Train plugin. Valid names must begin with inspec- or train-, not '#{plugin_name}' "
+        end
+
+        # Enforce that every entry is hash-valued
+        unless plugin_settings.is_a?(Hash)
+          raise Inspec::ConfigError::Invalid, "The plugin settings for '#{plugin_name}' in your config file should be a Hash (key-value list)."
+        end
+      end
+
+      @plugin_cfg = data
+    end
+
     #-----------------------------------------------------------------------#
     #                         Merging Options
     #-----------------------------------------------------------------------#

data/lib/inspec/input_registry.rb

@@ -64,6 +64,9 @@ module Inspec
     #-------------------------------------------------------------#
 
     def find_or_register_input(input_name, profile_name, options = {})
+      input_name = input_name.to_s
+      profile_name = profile_name.to_s
+
       if profile_alias?(profile_name) && !profile_aliases[profile_name].nil?
         alias_name = profile_name
         profile_name = profile_aliases[profile_name]
@@ -132,10 +135,37 @@ module Inspec
       bind_inputs_from_metadata(profile_name, sources[:profile_metadata])
       bind_inputs_from_input_files(profile_name, sources[:cli_input_files])
       bind_inputs_from_runner_api(profile_name, sources[:runner_api])
+      bind_inputs_from_cli_args(profile_name, sources[:cli_input_arg])
     end
 
     private
 
+    def bind_inputs_from_cli_args(profile_name, input_list)
+      # TODO: move this into a core plugin
+
+      return if input_list.nil?
+      return if input_list.empty?
+
+      # These arrive as an array of "name=value" strings
+      # If the user used a comma, we'll see unfortunately see it as "name=value," pairs
+      input_list.each do |pair|
+        unless pair.include?("=")
+          if pair.end_with?(".yaml")
+            raise ArgumentError, "ERROR: --input is used for individual input values, as --input name=value. Use --input-file to load a YAML file."
+          else
+            raise ArgumentError, "ERROR: An '=' is required when using --input. Usage: --input input_name1=input_value1 input2=value2"
+          end
+        end
+        input_name, input_value = pair.split("=")
+        evt = Inspec::Input::Event.new(
+          value: input_value.chomp(","), # Trim trailing comma if any
+          provider: :cli,
+          priority: 50
+        )
+        find_or_register_input(input_name, profile_name, event: evt)
+      end
+    end
+
     def bind_inputs_from_runner_api(profile_name, input_hash)
       # TODO: move this into a core plugin
 

data/lib/inspec/metadata.rb

@@ -88,6 +88,10 @@ module Inspec
         errors.push("Version needs to be in SemVer format")
       end
 
+      unless supports_runtime?
+        warnings.push("The current inspec version #{Inspec::VERSION} cannot satisfy profile inspec_version constraint #{params[:inspec_version]}")
+      end
+
       %w{title summary maintainer copyright license}.each do |field|
         next unless params[field.to_sym].nil?
 

data/lib/inspec/plugin/v1/plugin_types/resource.rb

@@ -81,17 +81,13 @@ module Inspec
           @resource_skipped = false
           @resource_failed = false
           @supports = Inspec::Resource.supports[name]
+          @resource_exception_message = nil
 
           # attach the backend to this instance
           @__backend_runner__ = backend
           @__resource_name__ = name
 
-          # check resource supports
-          supported = true
-          supported = check_supports unless @supports.nil?
-          test_backend = defined?(Train::Transports::Mock::Connection) && backend.backend.class == Train::Transports::Mock::Connection
-          # do not return if we are supported, or for tests
-          return unless supported || test_backend
+          check_supports unless @supports.nil? # this has side effects
 
           # call the resource initializer
           begin
@@ -100,12 +96,10 @@ module Inspec
             skip_resource(e.message)
           rescue Inspec::Exceptions::ResourceFailed => e
             fail_resource(e.message)
+          rescue NotImplementedError => e
+            fail_resource(e.message) unless @resource_failed
           rescue NoMethodError => e
-            # The new platform resources have methods generated on the fly
-            # for inspec check to work we need to skip these train errors
-            raise unless test_backend && e.receiver.class == Train::Transports::Mock::Connection
-
-            skip_resource(e.message)
+            skip_resource(e.message) unless @resource_failed
           end
         end
 

data/lib/inspec/plugin/v2/filter.rb

@@ -2,6 +2,8 @@ require "singleton"
 require "json"
 require "inspec/globals"
 
+module Inspec::Plugin; end
+
 module Inspec::Plugin::V2
   Exclusion = Struct.new(:plugin_name, :rationale)
 
@@ -60,4 +62,35 @@ module Inspec::Plugin::V2
       end
     end
   end
+
+  # To be a valid plugin name, the plugin must beign with either
+  # inspec- or train-, AND ALSO not be on the exclusion list.
+  # We maintain this exclusion list to avoid confusing users.
+  # For example, we want to have a real gem named inspec-test-fixture,
+  # but we don't want the users to see that.
+  module FilterPredicates
+    def train_plugin_name?(name)
+      valid_plugin_name?(name, :train)
+    end
+
+    def inspec_plugin_name?(name)
+      valid_plugin_name?(name, :inspec)
+    end
+
+    def valid_plugin_name?(name, kind = :either)
+      # Must have a permitted prefix.
+      return false unless case kind
+      when :inspec
+        name.to_s.start_with?("inspec-")
+      when :train
+        name.to_s.start_with?("train-")
+      when :either
+        name.to_s.match(/^(inspec|train)-/)
+      else false
+      end # rubocop: disable Layout/EndAlignment
+
+      # And must not be on the exclusion list.
+      ! Inspec::Plugin::V2::PluginFilter.exclude?(name)
+    end
+  end
 end

data/lib/inspec/plugin/v2/installer.rb

@@ -60,14 +60,15 @@ module Inspec::Plugin::V2
       # TODO: - check plugins.json for validity before trying anything that needs to modify it.
       validate_installation_opts(plugin_name, opts)
 
-      # TODO: change all of these to return installed spec/gem/thingy
       # TODO: return installed thingy
       if opts[:path]
         install_from_path(plugin_name, opts)
       elsif opts[:gem_file]
-        install_from_gem_file(plugin_name, opts)
+        gem_version = install_from_gem_file(plugin_name, opts)
+        opts[:version] = gem_version.to_s
       else
-        install_from_remote_gems(plugin_name, opts)
+        gem_version = install_from_remote_gems(plugin_name, opts)
+        opts[:version] = gem_version.to_s
       end
 
       update_plugin_config_file(plugin_name, opts.merge({ action: :install }))
@@ -88,9 +89,9 @@ module Inspec::Plugin::V2
 
       # TODO: Handle installing from a local file
       # TODO: Perform dependency checks to make sure the new solution is valid
-      install_from_remote_gems(plugin_name, opts)
+      gem_version = install_from_remote_gems(plugin_name, opts)
 
-      update_plugin_config_file(plugin_name, opts.merge({ action: :update }))
+      update_plugin_config_file(plugin_name, opts.merge({ action: :update, version: gem_version.to_s }))
     end
 
     # Uninstalls (removes) a plugin. Refers to plugin.json to determine if it
@@ -335,13 +336,15 @@ module Inspec::Plugin::V2
       # not obliged to during packaging.)
       # So, after each install, run a scan for all gem(specs) we manage, and copy in their gemspec file
       # into the exploded gem source area if absent.
-
       loader.list_managed_gems.each do |spec|
         path_inside_source = File.join(spec.gem_dir, "#{spec.name}.gemspec")
         unless File.exist?(path_inside_source)
           File.write(path_inside_source, spec.to_ruby)
         end
       end
+
+      # Locate the GemVersion for the new dependency and return it
+      solution.detect { |g| g.name == new_plugin_dependency.name }.version
     end
 
     #===================================================================#
@@ -365,7 +368,7 @@ module Inspec::Plugin::V2
       # excluding any that are path-or-core-based, excluding the gem to be removed
       plugin_deps_we_still_must_satisfy = registry.plugin_statuses
       plugin_deps_we_still_must_satisfy = plugin_deps_we_still_must_satisfy.select do |status|
-        status.installation_type == :gem && status.name != plugin_name_to_be_removed.to_sym
+        status.installation_type == :user_gem && status.name != plugin_name_to_be_removed.to_sym
       end
       plugin_deps_we_still_must_satisfy = plugin_deps_we_still_must_satisfy.map do |status|
         constraint = status.version || "> 0"

data/lib/inspec/plugin/v2/loader.rb

@@ -1,5 +1,6 @@
 require "inspec/log"
 require "inspec/plugin/v2/config_file"
+require "inspec/plugin/v2/filter"
 
 # Add the current directory of the process to the load path
 $LOAD_PATH.unshift(".") unless $LOAD_PATH.include?(".")
@@ -11,9 +12,16 @@ module Inspec::Plugin::V2
   class Loader
     attr_reader :conf_file, :registry, :options
 
+    # For {inspec|train}_plugin_name?
+    include Inspec::Plugin::V2::FilterPredicates
+    extend Inspec::Plugin::V2::FilterPredicates
+
     def initialize(options = {})
       @options = options
       @registry = Inspec::Plugin::V2::Registry.instance
+
+      # User plugins are those installed by the user via `inspec plugin install`
+      # and are installed under ~/.inspec/gems
       unless options[:omit_user_plugins]
         @conf_file = Inspec::Plugin::V2::ConfigFile.new
         read_conf_file_into_registry
@@ -27,9 +35,8 @@ module Inspec::Plugin::V2
       # and may be safely loaded
       detect_core_plugins unless options[:omit_core_plugins]
 
-      # Train plugins aren't InSpec plugins (they don't use our API)
-      # but InSpec CLI manages them.  So, we have to wrap them a bit.
-      accommodate_train_plugins
+      # Identify plugins that inspec is co-installed with
+      detect_system_plugins unless options[:omit_sys_plugins]
     end
 
     def load_all
@@ -46,7 +53,7 @@ module Inspec::Plugin::V2
         begin
           # We could use require, but under testing, we need to repeatedly reload the same
           # plugin.  However, gems only work with require (rubygems dooes not overload `load`)
-          if plugin_details.installation_type == :gem
+          if plugin_details.installation_type == :user_gem
             activate_managed_gems_for_plugin(plugin_name)
             require plugin_details.entry_point
           else
@@ -130,10 +137,11 @@ module Inspec::Plugin::V2
     end
 
     # Lists all plugin gems found in the plugin_gem_path.
-    # This is simply all gems that begin with train- or inspec-.
+    # This is simply all gems that begin with train- or inspec-
+    # and are not on the exclusion list.
     # @return [Array[Gem::Specification]] Specs of all gems found.
     def self.list_installed_plugin_gems
-      list_managed_gems.select { |spec| spec.name.match(/^(inspec|train)-/) }
+      list_managed_gems.select { |spec| valid_plugin_name?(spec.name) }
     end
 
     def list_installed_plugin_gems
@@ -234,34 +242,70 @@ module Inspec::Plugin::V2
       end
     end
 
-    def accommodate_train_plugins
-      registry.plugin_names.map(&:to_s).grep(/^train-/).each do |train_plugin_name|
-        status = registry[train_plugin_name.to_sym]
-        status.api_generation = :'train-1'
-
-        if status.installation_type == :gem
-          # Activate the gem. This allows train to 'require' the gem later.
-          activate_managed_gems_for_plugin(train_plugin_name)
-        end
-      end
-    end
-
     def read_conf_file_into_registry
       conf_file.each do |plugin_entry|
         status = Inspec::Plugin::V2::Status.new
         status.name = plugin_entry[:name]
         status.loaded = false
-        status.installation_type = (plugin_entry[:installation_type] || :gem)
+        status.installation_type = (plugin_entry[:installation_type] || :user_gem)
         case status.installation_type
-        when :gem
+        when :user_gem
           status.entry_point = status.name.to_s
           status.version = plugin_entry[:version]
         when :path
           status.entry_point = plugin_entry[:installation_path]
         end
 
+        # Train plugins are not true InSpec plugins; we need to decorate them a
+        # bit more to integrate them.
+        fixup_train_plugin_status(status) if train_plugin_name?(plugin_entry[:name])
+
         registry[status.name] = status
       end
     end
+
+    def fixup_train_plugin_status(status)
+      status.api_generation = :'train-1'
+      if status.installation_type == :user_gem
+        # Activate the gem. This allows train to 'require' the gem later.
+        activate_managed_gems_for_plugin(status.entry_point)
+      end
+    end
+
+    def detect_system_plugins
+      # Find the gemspec for inspec
+      inspec_gemspec = Gem::Specification.find_by_name("inspec", "=#{Inspec::VERSION}")
+
+      # Make a RequestSet that represents the dependencies of inspec
+      inspec_deps_request_set = Gem::RequestSet.new(*inspec_gemspec.dependencies)
+      inspec_deps_request_set.remote = false
+
+      # Resolve the request against the installed gem universe
+      gem_resolver = Gem::Resolver::CurrentSet.new
+      runtime_solution = inspec_deps_request_set.resolve(gem_resolver)
+
+      inspec_gemspec.dependencies.each do |inspec_dep|
+        next unless inspec_plugin_name?(inspec_dep.name) || train_plugin_name?(inspec_dep.name)
+
+        plugin_spec = runtime_solution.detect { |s| s.name == inspec_dep.name }.spec
+
+        status = Inspec::Plugin::V2::Status.new
+        status.name = inspec_dep.name
+        status.entry_point = inspec_dep.name # gem-based, just 'require' the name
+        status.version = plugin_spec.version.to_s
+        status.loaded = false
+        status.installation_type = :system_gem
+
+        if train_plugin_name?(status[:name])
+          # Train plugins are not true InSpec plugins; we need to decorate them a
+          # bit more to integrate them.
+          fixup_train_plugin_status(status)
+        else
+          status.api_generation = 2
+        end
+
+        registry[status.name.to_sym] = status
+      end
+    end
   end
 end

data/lib/inspec/profile.rb

@@ -116,9 +116,19 @@ module Inspec
       # we can create any inputs that were provided by various mechanisms.
       options[:runner_conf] ||= Inspec::Config.cached
 
+      # Catch legacy CLI input option usage
       if options[:runner_conf].key?(:attrs)
         Inspec.deprecate(:rename_attributes_to_inputs, "Use --input-file on the command line instead of --attrs.")
         options[:runner_conf][:input_file] = options[:runner_conf].delete(:attrs)
+      elsif options[:runner_conf].key?(:input_files)
+        # The kitchen-inspec docs say to use plural. Our CLI and internal expectations are singular.
+        options[:runner_conf][:input_file] = options[:runner_conf].delete(:input_files)
+      end
+
+      # Catch legacy kitchen-inspec input usage
+      if options[:runner_conf].key?(:attributes)
+        Inspec.deprecate(:rename_attributes_to_inputs, "Use :inputs in your kitchen.yml verifier config instead of :attributes.")
+        options[:runner_conf][:inputs] = options[:runner_conf].delete(:attributes)
       end
 
       Inspec::InputRegistry.bind_profile_inputs(
@@ -127,8 +137,8 @@ module Inspec
         # Remaining args are possible sources of inputs
         cli_input_files: options[:runner_conf][:input_file], # From CLI --input-file
         profile_metadata: metadata,
-        # TODO: deprecation checks here
-        runner_api: options[:runner_conf][:attributes] # This is the route the audit_cookbook and kitchen-inspec take
+        runner_api: options[:runner_conf][:inputs], # This is the route the audit_cookbook and kitchen-inspec take
+        cli_input_arg: options[:runner_conf][:input] # The --input name=value CLI option
       )
 
       @runner_context =

data/lib/inspec/resources.rb

@@ -84,6 +84,7 @@ require "inspec/resources/passwd"
 require "inspec/resources/pip"
 require "inspec/resources/platform"
 require "inspec/resources/port"
+require "inspec/resources/postfix_conf"
 require "inspec/resources/postgres"
 require "inspec/resources/postgres_conf"
 require "inspec/resources/postgres_hba_conf"

data/lib/inspec/resources/postfix_conf.rb

@@ -0,0 +1,31 @@
+require "inspec/resources/ini"
+require "inspec/utils/simpleconfig"
+
+module Inspec::Resources
+  class PostfixConf < IniConfig
+    name "postfix_conf"
+    supports platform: "linux"
+    desc "Use the postfix_conf Inspec audit resource to test the configuration of the Postfix Mail Transfer Agent"
+
+    # Allow user to specify a custom configuration path, use default Postfix configuration path if no custom path is provided
+    def initialize(*opts)
+      @params = {}
+      if opts.length == 1
+        @raw_content = load_raw_content(opts)
+      else
+        @raw_content = load_raw_content("/etc/postfix/main.cf")
+      end
+      @params = parse(@raw_content)
+    end
+
+    def parse(content)
+      SimpleConfig.new(content).params
+    end
+
+    private
+
+    def resource_base_name
+      "POSTFIX_CONF"
+    end
+  end
+end

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "4.12.0".freeze
+  VERSION = "4.16.0".freeze
 end

data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb

@@ -6,6 +6,14 @@ require "inspec/dist"
 module InspecPlugins
   module PluginManager
     class CliCommand < Inspec.plugin(2, :cli_command)
+      INSTALL_TYPE_LABELS = {
+        bundle: "core", # Calling this core, too - not much of a distinction
+        core: "core",
+        path: "path",
+        user_gem: "gem (user)",
+        system_gem: "gem (system)",
+      }.freeze
+
       include Inspec::Dist
 
       subcommand_desc "plugin SUBCOMMAND", "Manage #{PRODUCT_NAME} and Train plugins"
@@ -15,22 +23,36 @@ module InspecPlugins
       #==================================================================#
 
       desc "list [options]", "Lists user-installed #{PRODUCT_NAME} plugins."
-      option :all, desc: "Include plugins shipped with #{PRODUCT_NAME} as well.", type: :boolean, aliases: [:a]
+      option :all, desc: "List all types of plugins (default)", type: :boolean, default: true, aliases: [:a]
+      option :user, desc: "List user plugins, from ~/.inspec/gems", banner: "", type: :boolean, default: false, aliases: [:u]
+      option :system, desc: "List system plugins, those InSpec depends on", banner: "", type: :boolean, default: false, aliases: [:s]
+      option :core, desc: "List core plugins, those InSpec ships with", banner: "", type: :boolean, default: false, aliases: [:c]
+
       def list
         plugin_statuses = Inspec::Plugin::V2::Registry.instance.plugin_statuses
-        plugin_statuses.reject! { |s| %i{core bundle}.include?(s.installation_type) } unless options[:all]
+        options[:all] = false if options[:core] || options[:user] || options[:system]
+        plugin_statuses.select! do |status|
+          type = status.installation_type
+          options[:all] ||
+            (options[:core] && %i{core bundle}.include?(type)) ||
+            (options[:user] && %i{user_gem path}.include?(type)) ||
+            (options[:system] && :system_gem == type)
+        end
 
-        puts
-        ui.bold(format(" %-30s%-10s%-8s%-6s", "Plugin Name", "Version", "Via", "ApiVer"))
-        ui.line
-        plugin_statuses.sort_by(&:name).each do |status|
-          ui.plain(format(" %-30s%-10s%-8s%-6s", status.name,
-                          make_pretty_version(status),
-                          status.installation_type,
-                          status.api_generation.to_s))
+        unless plugin_statuses.empty?
+          ui.table do |t|
+            t.header = ["Plugin Name", "Version", "Via", "ApiVer"]
+            plugin_statuses.sort_by { |s| s.name.to_s }.each do |status|
+              t << [
+                status.name,
+                make_pretty_version(status),
+                make_pretty_install_type(status),
+                status.api_generation,
+              ]
+            end
+          end
         end
-        ui.line
-        ui.plain(" #{plugin_statuses.count} plugin(s) total")
+        ui.plain_line(" #{plugin_statuses.count} plugin(s) total")
         puts
       end
 
@@ -60,15 +82,15 @@ module InspecPlugins
         end
 
         puts
-        ui.bold(format(" %-30s%-50s", "Plugin Name", "Versions Available"))
+        ui.bold(format(" %-30s%-50s\n", "Plugin Name", "Versions Available"))
         ui.line
         search_results.keys.sort.each do |plugin_name|
           versions = options[:all] ? search_results[plugin_name] : [search_results[plugin_name].first]
           versions = "(" + versions.join(", ") + ")"
-          ui.plain(format(" %-30s%-50s", plugin_name, versions))
+          ui.plain_line(format(" %-30s%-50s", plugin_name, versions))
         end
         ui.line
-        ui.plain(" #{search_results.count} plugin(s) found")
+        ui.plain_line(" #{search_results.count} plugin(s) found")
         puts
 
         ui.exit Inspec::UI::EXIT_PLUGIN_ERROR if search_results.empty?
@@ -118,14 +140,14 @@ module InspecPlugins
         begin
           installer.update(plugin_name)
         rescue Inspec::Plugin::V2::UpdateError => ex
-          ui.plain("#{ui.red('Update error:')} #{ex.message} - update failed")
+          ui.plain_line("#{ui.red("Update error:", print: false)} #{ex.message} - update failed")
           ui.exit Inspec::UI::EXIT_USAGE_ERROR
         end
         post_update_versions = installer.list_installed_plugin_gems.select { |spec| spec.name == plugin_name }.map { |spec| spec.version.to_s }
         new_version = (post_update_versions - pre_update_versions).first
 
         ui.bold(plugin_name + " plugin, version #{old_version} -> " \
-                "#{new_version}, updated from rubygems.org")
+                "#{new_version}, updated from rubygems.org\n")
       end
 
       #--------------------------
@@ -144,7 +166,7 @@ module InspecPlugins
       def uninstall(plugin_name)
         status = Inspec::Plugin::V2::Registry.instance[plugin_name.to_sym]
         unless status
-          ui.plain("#{ui.red('No such plugin installed:')} #{plugin_name} is not " \
+          ui.plain_line("#{ui.red("No such plugin installed:", print: false)} #{plugin_name} is not " \
                  "installed - uninstall failed")
           ui.exit Inspec::UI::EXIT_USAGE_ERROR
         end
@@ -157,11 +179,12 @@ module InspecPlugins
 
         if status.installation_type == :path
           ui.bold(plugin_name + " path-based plugin install has been " \
-                  "uninstalled")
+                  "uninstalled\n")
         else
           ui.bold(plugin_name + " plugin, version #{old_version}, has " \
-                  "been uninstalled")
+                  "been uninstalled\n")
         end
+
         ui.exit Inspec::UI::EXIT_NORMAL
       end
 
@@ -174,7 +197,7 @@ module InspecPlugins
 
       def install_from_gemfile(gem_file)
         unless File.exist? gem_file
-          ui.red("No such plugin gem file #{gem_file} - installation failed.")
+          ui.red("No such plugin gem file #{gem_file} - installation failed.\n")
           ui.exit Inspec::UI::EXIT_USAGE_ERROR
         end
 
@@ -186,13 +209,13 @@ module InspecPlugins
         installer.install(plugin_name, gem_file: gem_file)
 
         ui.bold("#{plugin_name} plugin, version #{version}, installed from " \
-                "local .gem file")
+                "local .gem file\n")
         ui.exit Inspec::UI::EXIT_NORMAL
       end
 
       def install_from_path(path)
         unless File.exist? path
-          ui.red("No such source code path #{path} - installation failed.")
+          ui.red("No such source code path #{path} - installation failed.\n")
           ui.exit Inspec::UI::EXIT_USAGE_ERROR
         end
 
@@ -209,7 +232,7 @@ module InspecPlugins
         if registry.known_plugin?(plugin_name.to_sym)
           ui.red("Plugin already installed - #{plugin_name} - Use '#{EXEC_NAME} " \
                  "plugin list' to see previously installed plugin - " \
-                 "installation failed.")
+                 "installation failed.\n")
           ui.exit Inspec::UI::EXIT_PLUGIN_ERROR
         end
 
@@ -223,7 +246,7 @@ module InspecPlugins
         installer.install(plugin_name, path: entry_point)
 
         ui.bold("#{plugin_name} plugin installed via source path reference, " \
-                "resolved to entry point #{entry_point}")
+                "resolved to entry point #{entry_point}\n")
         ui.exit Inspec::UI::EXIT_NORMAL
       end
 
@@ -288,7 +311,7 @@ module InspecPlugins
         # Give up.
         ui.red("Unrecognizable plugin structure - #{parts[2]} - When " \
                "installing from a path, please provide the path of the " \
-               "entry point file - installation failed.")
+               "entry point file - installation failed.\n")
         ui.exit Inspec::UI::EXIT_USAGE_ERROR
       end
 
@@ -299,8 +322,8 @@ module InspecPlugins
         rescue LoadError => ex
           ui.red("Plugin contains errors - #{plugin_name} - Encountered " \
                  "errors while trying to test load the plugin entry point, " \
-                 "resolved to #{entry_point} - installation failed")
-          ui.plain ex.message
+                 "resolved to #{entry_point} - installation failed\n")
+          ui.plain_line ex.message
           ui.exit Inspec::UI::EXIT_USAGE_ERROR
         end
 
@@ -313,7 +336,7 @@ module InspecPlugins
             ui.red("Does not appear to be a plugin - #{plugin_name} - After " \
                    "probe-loading the supposed plugin, it did not register " \
                    "itself to Train. Ensure something inherits from " \
-                   "'Train.plugin(1)' - installation failed.")
+                   "'Train.plugin(1)' - installation failed.\n")
             ui.exit Inspec::UI::EXIT_USAGE_ERROR
           end
         else
@@ -321,7 +344,7 @@ module InspecPlugins
             ui.red("Does not appear to be a plugin - #{plugin_name} - After " \
                    "probe-loading the supposed plugin, it did not register " \
                    "itself to InSpec. Ensure something inherits from " \
-                   "'Inspec.plugin(2)' - installation failed.")
+                   "'Inspec.plugin(2)' - installation failed.\n")
             ui.exit Inspec::UI::EXIT_USAGE_ERROR
           end
         end
@@ -343,7 +366,7 @@ module InspecPlugins
         new_version = (post_installed_versions - pre_installed_versions).first
 
         ui.bold("#{plugin_name} plugin, version #{new_version}, installed " \
-                "from rubygems.org")
+                "from rubygems.org\n")
         ui.exit Inspec::UI::EXIT_NORMAL
       end
 
@@ -367,16 +390,16 @@ module InspecPlugins
         what_we_would_install_is_already_installed = pre_installed_versions.include?(requested_version)
         if what_we_would_install_is_already_installed && they_explicitly_asked_for_a_version
           ui.red("Plugin already installed at requested version - plugin " \
-                 "#{plugin_name} #{requested_version} - refusing to install.")
+                 "#{plugin_name} #{requested_version} - refusing to install.\n")
         elsif what_we_would_install_is_already_installed && !they_explicitly_asked_for_a_version
           ui.red("Plugin already installed at latest version - plugin " \
-                 "#{plugin_name} #{requested_version} - refusing to install.")
+                 "#{plugin_name} #{requested_version} - refusing to install.\n")
         else
           # There are existing versions installed, but none of them are what was requested
           ui.red("Update required - plugin #{plugin_name}, requested " \
                  "#{requested_version}, have " \
-                 "#{pre_installed_versions.join(', ')}; use `inspec " \
-                 "plugin update` - refusing to install.")
+                 "#{pre_installed_versions.join(", ")}; use `inspec " \
+                 "plugin update` - refusing to install.\n")
         end
 
         ui.exit Inspec::UI::EXIT_PLUGIN_ERROR
@@ -387,11 +410,11 @@ module InspecPlugins
         installer.install(plugin_name, version: options[:version])
       rescue Inspec::Plugin::V2::PluginExcludedError => ex
         ui.red("Plugin on Exclusion List - #{plugin_name} is listed as an " \
-               "incompatible gem - refusing to install.")
-        ui.plain("Rationale: #{ex.details.rationale}")
-        ui.plain("Exclusion list location: " +
+               "incompatible gem - refusing to install.\n")
+        ui.plain_line("Rationale: #{ex.details.rationale}")
+        ui.plain_line("Exclusion list location: " +
                  File.join(Inspec.src_root, "etc", "plugin_filters.json"))
-        ui.plain("If you disagree with this determination, please accept " \
+        ui.plain_line("If you disagree with this determination, please accept " \
                  "our apologies for the misunderstanding, and open an issue " \
                  "at https://github.com/inspec/inspec/issues/new")
         ui.exit Inspec::UI::EXIT_PLUGIN_ERROR
@@ -401,13 +424,13 @@ module InspecPlugins
         results = installer.search(plugin_name, exact: true)
         if results.empty?
           ui.red("No such plugin gem #{plugin_name} could be found on " \
-                 "rubygems.org - installation failed.")
+                 "rubygems.org - installation failed.\n")
         elsif options[:version] && !results[plugin_name].include?(options[:version])
           ui.red("No such version - #{plugin_name} exists, but no such " \
                  "version #{options[:version]} found on rubygems.org - " \
-                 "installation failed.")
+                 "installation failed.\n")
         else
-          ui.red("Unknown error occured - installation failed.")
+          ui.red("Unknown error occured - installation failed.\n")
         end
         ui.exit Inspec::UI::EXIT_USAGE_ERROR
       end
@@ -420,10 +443,10 @@ module InspecPlugins
           # Check for path install
           status = Inspec::Plugin::V2::Registry.instance[plugin_name.to_sym]
           if !status
-            ui.plain("#{ui.red('No such plugin installed:')} #{plugin_name} - update failed")
+            ui.plain_line("#{ui.red("No such plugin installed:", print: false)} #{plugin_name} - update failed")
             ui.exit Inspec::UI::EXIT_USAGE_ERROR
           elsif status.installation_type == :path
-            ui.plain("#{ui.red('Cannot update path-based install:')} " \
+            ui.plain_line("#{ui.red("Cannot update path-based install:", print: false)} " \
                    "#{plugin_name} is installed via path reference; " \
                    "use `inspec plugin uninstall` to remove - refusing to" \
                    "update")
@@ -436,7 +459,7 @@ module InspecPlugins
         latest_version = latest_version[plugin_name]&.last
 
         if pre_update_versions.include?(latest_version)
-          ui.plain("#{ui.red('Already installed at latest version:')} " \
+          ui.plain_line("#{ui.red("Already installed at latest version:", print: false)} " \
                    "#{plugin_name} is at #{latest_version}, which the " \
                    "latest - refusing to update")
           ui.exit Inspec::UI::EXIT_PLUGIN_ERROR
@@ -458,7 +481,7 @@ module InspecPlugins
         unless plugin_name =~ /^(inspec|train)-/
           ui.red("Invalid plugin name - #{plugin_name} - All inspec " \
                  "plugins must begin with either 'inspec-' or 'train-' " \
-                 "- #{action} failed.")
+                 "- #{action} failed.\n")
           ui.exit Inspec::UI::EXIT_USAGE_ERROR
         end
       end
@@ -467,17 +490,29 @@ module InspecPlugins
         case status.installation_type
         when :core, :bundle
           Inspec::VERSION
-        when :gem
-          # TODO: this is naive, and assumes the latest version is the one that will be used. Logged on #3317
-          # In fact, the logic to determine "what version would be used" belongs in the Loader.
-          Inspec::Plugin::V2::Loader.list_installed_plugin_gems
-            .select { |spec| spec.name == status.name.to_s }
-            .sort_by(&:version)
-            .last.version
+        when :user_gem, :system_gem
+          if status.version.nil?
+            "(unknown)"
+          elsif status.version =~ /^\d+\.\d+\.\d+$/
+            status.version
+          else
+            # Assume it is a version constraint string and try to resolve
+            # TODO: this is naive, and assumes the latest version is the one that will be used. Logged on #3317
+            # In fact, the logic to determine "what version would be used" belongs in the Loader.
+            plugin_name = status.name.to_s
+            Inspec::Plugin::V2::Loader.list_installed_plugin_gems
+              .select { |spec| spec.name == plugin_name }
+              .sort_by(&:version)
+              .last.version
+          end
         when :path
           "src"
         end
       end
+
+      def make_pretty_install_type(status)
+        INSTALL_TYPE_LABELS[status.installation_type]
+      end
     end
   end
 end

data/lib/source_readers/inspec.rb

@@ -40,25 +40,27 @@ module SourceReaders
       raise "Unable to parse #{metadata_source}: #{e.class} -- #{e.message}"
     end
 
+    def find_all(regexp)
+      @target.files.grep(regexp)
+    end
+
+    def load_all(regexp)
+      find_all(regexp)
+        .map { |path| file = @target.read(path); [path, file] if file }
+        .compact
+        .to_h
+    end
+
     def load_tests
-      tests = @target.files.find_all do |path|
-        path.start_with?("controls") && path.end_with?(".rb")
-      end
-      Hash[tests.map { |x| [x, @target.read(x)] }.delete_if { |_file, contents| contents.nil? }]
+      load_all(%r{^controls/.*\.rb$})
     end
 
     def load_libs
-      tests = @target.files.find_all do |path|
-        path.start_with?("libraries") && path.end_with?(".rb")
-      end
-      Hash[tests.map { |x| [x, @target.read(x)] }.delete_if { |_file, contents| contents.nil? }]
+      load_all(%r{^libraries/.*\.rb$})
     end
 
     def load_data_files
-      files = @target.files.find_all do |path|
-        path.start_with?("files" + File::SEPARATOR)
-      end
-      Hash[files.map { |x| [x, @target.read(x)] }.delete_if { |_file, contents| contents.nil? }]
+      load_all(%r{^files/})
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 4.12.0
+  version: 4.16.0
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-08-15 00:00:00.000000000 Z
+date: 2019-08-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train-core
@@ -536,6 +536,7 @@ files:
 - lib/inspec/resources/pip.rb
 - lib/inspec/resources/platform.rb
 - lib/inspec/resources/port.rb
+- lib/inspec/resources/postfix_conf.rb
 - lib/inspec/resources/postgres.rb
 - lib/inspec/resources/postgres_conf.rb
 - lib/inspec/resources/postgres_hba_conf.rb