inspec-core 4.36.4 → 4.37.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +13 -0
- data/inspec-core.gemspec +1 -1
- data/lib/inspec/cli.rb +5 -1
- data/lib/inspec/plugin/v2/loader.rb +9 -0
- data/lib/inspec/profile_context.rb +1 -1
- data/lib/inspec/resources/windows_firewall_rule.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-compliance/README.md +125 -2
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +5 -0
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +2 -2
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +22 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +5 -4
- metadata +8 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 65d5a9d62e8e76b31b944e42f4ae6fc1784e3823fa578ce8ee439a2270a80816
|
4
|
+
data.tar.gz: 1aa950d1012bd41e061cc58e5693003d9197749c3798d3fb7d50b434c33c13de
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 69e11bec35bfef9ccd66679c4c04a65afe7b8e2acb4f20ab1f2643ee594961148b269a21e4e84996053a5d18ae96120063f1cbfe634831488b8b830cb22b9942
|
7
|
+
data.tar.gz: 0476cf2df46ae81d3dd0a797d39190425ef28eeb7d8c36c3157d68d7ae658b1922f02251948fce8e5f2a48305f5c9e6ff520bc39a532e655b7f32284c7c67b46
|
data/Gemfile
CHANGED
@@ -48,3 +48,16 @@ end
|
|
48
48
|
group :deploy do
|
49
49
|
gem "inquirer"
|
50
50
|
end
|
51
|
+
|
52
|
+
# Only include Test Kitchen support if we are on Ruby 2.7 or higher
|
53
|
+
# as chef-zero support requires Ruby 2.6
|
54
|
+
# See https://github.com/inspec/inspec/pull/5341
|
55
|
+
if Gem.ruby_version >= Gem::Version.new("2.7.0")
|
56
|
+
group :kitchen do
|
57
|
+
gem "berkshelf"
|
58
|
+
gem "test-kitchen", ">= 2.8"
|
59
|
+
gem "kitchen-inspec", ">= 2.0"
|
60
|
+
gem "kitchen-dokken", ">= 2.11"
|
61
|
+
gem "git"
|
62
|
+
end
|
63
|
+
end
|
data/inspec-core.gemspec
CHANGED
@@ -23,7 +23,7 @@ Gem::Specification.new do |spec|
|
|
23
23
|
.reject { |f| File.directory?(f) }
|
24
24
|
|
25
25
|
# Implementation dependencies
|
26
|
-
spec.add_dependency "chef-telemetry", "~> 1.0"
|
26
|
+
spec.add_dependency "chef-telemetry", "~> 1.0", ">= 1.0.8" # 1.0.8+ removes the http dep
|
27
27
|
spec.add_dependency "license-acceptance", ">= 0.2.13", "< 3.0"
|
28
28
|
spec.add_dependency "thor", ">= 0.20", "< 2.0"
|
29
29
|
spec.add_dependency "method_source", ">= 0.8", "< 2.0"
|
data/lib/inspec/cli.rb
CHANGED
@@ -218,9 +218,13 @@ class Inspec::InspecCLI < Inspec::BaseCLI
|
|
218
218
|
|
219
219
|
Automate:
|
220
220
|
```
|
221
|
-
#{Inspec::Dist::EXEC_NAME}
|
221
|
+
#{Inspec::Dist::EXEC_NAME} automate login
|
222
222
|
#{Inspec::Dist::EXEC_NAME} exec compliance://username/linux-baseline
|
223
223
|
```
|
224
|
+
`inspec compliance` is a backwards compatible alias for `inspec automate` and works the same way:
|
225
|
+
```
|
226
|
+
#{Inspec::Dist::EXEC_NAME} compliance login
|
227
|
+
```
|
224
228
|
|
225
229
|
Supermarket:
|
226
230
|
```
|
@@ -117,6 +117,15 @@ module Inspec::Plugin::V2
|
|
117
117
|
# `inspec dosomething` => activate the :dosomething hook
|
118
118
|
activate_me ||= cli_args.include?(act.activator_name.to_s)
|
119
119
|
|
120
|
+
# Only one compliance command to be activated at one time.
|
121
|
+
# Since both commands are defined in the same class,
|
122
|
+
# activators were not getting fetched uniquely.
|
123
|
+
if cli_args.include?("automate") && act.activator_name.to_s.eql?("compliance")
|
124
|
+
activate_me = false
|
125
|
+
elsif cli_args.include?("compliance") && act.activator_name.to_s.eql?("automate")
|
126
|
+
activate_me = false
|
127
|
+
end
|
128
|
+
|
120
129
|
# OK, activate.
|
121
130
|
if activate_me
|
122
131
|
act.activate
|
@@ -105,7 +105,7 @@ module Inspec::Resources
|
|
105
105
|
# @see https://github.com/chef/chef/blob/master/lib/chef/resource/windows_firewall_rule.rb
|
106
106
|
def load_firewall_state(rule_name)
|
107
107
|
<<-EOH
|
108
|
-
|
108
|
+
Get-TypeData -TypeName System.Array | Remove-TypeData # workaround for PS bug here: https://bit.ly/2SRMQ8M
|
109
109
|
$rule = Get-NetFirewallRule -Name "#{rule_name}"
|
110
110
|
$addressFilter = $rule | Get-NetFirewallAddressFilter
|
111
111
|
$portFilter = $rule | Get-NetFirewallPortFilter
|
data/lib/inspec/version.rb
CHANGED
@@ -6,24 +6,50 @@ This extensions offers the following features:
|
|
6
6
|
- execute profiles directly from Chef Automate/Chef Compliance locally
|
7
7
|
- upload a local profile to Chef Automate/Chef Compliance
|
8
8
|
|
9
|
+
`inspec compliance` is a backwards compatible alias for `inspec automate` and works the same way.
|
10
|
+
|
9
11
|
To use the CLI, this InSpec add-on adds the following commands:
|
10
12
|
|
13
|
+
* `$ inspec automate login` - authentication of the API token against Chef Automate/Chef Compliance
|
14
|
+
* `$ inspec automate profiles` - list all available Compliance profiles
|
15
|
+
* `$ inspec exec compliance://profile` - runs a Compliance profile
|
16
|
+
* `$ inspec automate upload path/to/local/profile` - uploads a local profile to Chef Automate/Chef Compliance
|
17
|
+
* `$ inspec automate logout` - logout of Chef Automate/Chef Compliance
|
18
|
+
|
19
|
+
Similar to these CLI commands are:
|
20
|
+
|
11
21
|
* `$ inspec compliance login` - authentication of the API token against Chef Automate/Chef Compliance
|
12
22
|
* `$ inspec compliance profiles` - list all available Compliance profiles
|
13
|
-
* `$ inspec exec compliance://profile` - runs a Compliance profile
|
14
23
|
* `$ inspec compliance upload path/to/local/profile` - uploads a local profile to Chef Automate/Chef Compliance
|
15
24
|
* `$ inspec compliance logout` - logout of Chef Automate/Chef Compliance
|
16
25
|
|
17
26
|
Compliance profiles can be executed in two ways:
|
18
27
|
|
19
|
-
- via compliance exec: `inspec compliance exec profile`
|
28
|
+
- via compliance exec: `inspec automate exec profile` or `inspec compliance exec profile`
|
20
29
|
- via compliance scheme: `inspec exec compliance://profile`
|
21
30
|
|
22
31
|
|
32
|
+
|
33
|
+
|
23
34
|
## Usage
|
24
35
|
|
25
36
|
### Command options
|
26
37
|
|
38
|
+
```
|
39
|
+
$ inspec automate
|
40
|
+
Commands:
|
41
|
+
inspec automate download PROFILE # downloads a profile from Chef Compliance
|
42
|
+
inspec automate exec PROFILE # executes a Chef Compliance profile
|
43
|
+
inspec automate help [COMMAND] # Describe subcommands or one specific subcommand
|
44
|
+
inspec automate login SERVER # Log in to a Chef Automate/Chef Compliance SERVER
|
45
|
+
inspec automate logout # user logout from Chef Compliance
|
46
|
+
inspec automate profiles # list all available profiles in Chef Compliance
|
47
|
+
inspec automate upload PATH # uploads a local profile to Chef Compliance
|
48
|
+
inspec automate version # displays the version of the Chef Compliance server
|
49
|
+
```
|
50
|
+
|
51
|
+
or
|
52
|
+
|
27
53
|
```
|
28
54
|
$ inspec compliance
|
29
55
|
Commands:
|
@@ -41,6 +67,12 @@ Commands:
|
|
41
67
|
|
42
68
|
You will need an API token for authentication. You can retrieve one via the admin section of your A2 web gui.
|
43
69
|
|
70
|
+
```
|
71
|
+
$ inspec automate login https://automate2.compliance.test --insecure --user 'admin' --token 'zuop..._KzE'
|
72
|
+
```
|
73
|
+
|
74
|
+
or
|
75
|
+
|
44
76
|
```
|
45
77
|
$ inspec compliance login https://automate2.compliance.test --insecure --user 'admin' --token 'zuop..._KzE'
|
46
78
|
```
|
@@ -63,6 +95,12 @@ Example:
|
|
63
95
|
|
64
96
|
You will need an access token for authentication. You can retrieve one via [UI](https://docs.chef.io/api_delivery.html) or [CLI](https://docs.chef.io/ctl_delivery.html#delivery-token).
|
65
97
|
|
98
|
+
```
|
99
|
+
$ inspec automate login https://automate.compliance.test --insecure --user 'admin' --ent 'brewinc' --token 'zuop..._KzE'
|
100
|
+
```
|
101
|
+
|
102
|
+
or
|
103
|
+
|
66
104
|
```
|
67
105
|
$ inspec compliance login https://automate.compliance.test --insecure --user 'admin' --ent 'brewinc' --token 'zuop..._KzE'
|
68
106
|
```
|
@@ -75,12 +113,42 @@ You will need an access token for authentication. You can retrieve one via:
|
|
75
113
|
|
76
114
|
You can choose the access token (`--token`) or the refresh token (`--refresh_token`)
|
77
115
|
|
116
|
+
```
|
117
|
+
$ inspec automate login https://compliance.test --user admin --insecure --token '...'
|
118
|
+
```
|
119
|
+
|
120
|
+
or
|
121
|
+
|
78
122
|
```
|
79
123
|
$ inspec compliance login https://compliance.test --user admin --insecure --token '...'
|
80
124
|
```
|
81
125
|
|
82
126
|
### List available profiles via Chef Compliance / Automate
|
83
127
|
|
128
|
+
```
|
129
|
+
$ inspec automate profiles
|
130
|
+
Available profiles:
|
131
|
+
-------------------
|
132
|
+
* base/apache
|
133
|
+
* base/linux
|
134
|
+
* base/mysql
|
135
|
+
* base/postgres
|
136
|
+
* base/ssh
|
137
|
+
* base/windows
|
138
|
+
* cis/cis-centos6-level1
|
139
|
+
* cis/cis-centos6-level2
|
140
|
+
* cis/cis-centos7-level1
|
141
|
+
* cis/cis-centos7-level2
|
142
|
+
* cis/cis-rhel7-level1
|
143
|
+
* cis/cis-rhel7-level2
|
144
|
+
* cis/cis-ubuntu12.04lts-level1
|
145
|
+
* cis/cis-ubuntu12.04lts-level2
|
146
|
+
* cis/cis-ubuntu14.04lts-level1
|
147
|
+
* cis/cis-ubuntu14.04lts-level2
|
148
|
+
```
|
149
|
+
|
150
|
+
or
|
151
|
+
|
84
152
|
```
|
85
153
|
$ inspec compliance profiles
|
86
154
|
Available profiles:
|
@@ -105,6 +173,47 @@ Available profiles:
|
|
105
173
|
|
106
174
|
### Upload a profile to Chef Compliance / Automate
|
107
175
|
|
176
|
+
```
|
177
|
+
$ inspec automate version
|
178
|
+
Chef Compliance version: 1.0.11
|
179
|
+
➜ inspec git:(chris-rock/cc-error-not-loggedin) ✗ b inspec automate upload examples/profile
|
180
|
+
I, [2016-05-06T14:27:20.907547 #37592] INFO -- : Checking profile in examples/profile
|
181
|
+
I, [2016-05-06T14:27:20.907668 #37592] INFO -- : Metadata OK.
|
182
|
+
I, [2016-05-06T14:27:20.968584 #37592] INFO -- : Found 4 controls.
|
183
|
+
I, [2016-05-06T14:27:20.968638 #37592] INFO -- : Control definitions OK.
|
184
|
+
Profile is valid
|
185
|
+
Generate temporary profile archive at /var/folders/jy/2bnrfb4s36jbjtzllvhhyqhw0000gn/T/profile20160506-37592-1tf326f.tar.gz
|
186
|
+
I, [2016-05-06T14:27:21.020017 #37592] INFO -- : Generate archive /var/folders/jy/2bnrfb4s36jbjtzllvhhyqhw0000gn/T/profile20160506-37592-1tf326f.tar.gz.
|
187
|
+
I, [2016-05-06T14:27:21.024837 #37592] INFO -- : Finished archive generation.
|
188
|
+
Start upload to admin/profile
|
189
|
+
Uploading to Chef Compliance
|
190
|
+
Successfully uploaded profile
|
191
|
+
|
192
|
+
# display all profiles
|
193
|
+
$ inspec automate profiles
|
194
|
+
Available profiles:
|
195
|
+
-------------------
|
196
|
+
* admin/profile
|
197
|
+
* base/apache
|
198
|
+
* base/linux
|
199
|
+
* base/mysql
|
200
|
+
* base/postgres
|
201
|
+
* base/ssh
|
202
|
+
* base/windows
|
203
|
+
* cis/cis-centos6-level1
|
204
|
+
* cis/cis-centos6-level2
|
205
|
+
* cis/cis-centos7-level1
|
206
|
+
* cis/cis-centos7-level2
|
207
|
+
* cis/cis-rhel7-level1
|
208
|
+
* cis/cis-rhel7-level2
|
209
|
+
* cis/cis-ubuntu12.04lts-level1
|
210
|
+
* cis/cis-ubuntu12.04lts-level2
|
211
|
+
* cis/cis-ubuntu14.04lts-level1
|
212
|
+
* cis/cis-ubuntu14.04lts-level2
|
213
|
+
```
|
214
|
+
|
215
|
+
or
|
216
|
+
|
108
217
|
```
|
109
218
|
$ inspec compliance version
|
110
219
|
Chef Compliance version: 1.0.11
|
@@ -168,17 +277,31 @@ $ inspec exec compliance://admin/apache-baseline#2.0.1
|
|
168
277
|
```
|
169
278
|
|
170
279
|
Download a specific version(2.0.2) of a profile when logged in with Automate:
|
280
|
+
```
|
281
|
+
$ inspec automate download compliance://admin/apache-baseline#2.0.2
|
282
|
+
```
|
283
|
+
|
284
|
+
or
|
285
|
+
|
171
286
|
```
|
172
287
|
$ inspec compliance download compliance://admin/apache-baseline#2.0.2
|
173
288
|
```
|
174
289
|
|
175
290
|
### To Logout from Chef Compliance
|
176
291
|
|
292
|
+
```
|
293
|
+
$ inspec automate logout
|
294
|
+
Successfully logged out
|
295
|
+
```
|
296
|
+
|
297
|
+
or
|
298
|
+
|
177
299
|
```
|
178
300
|
$ inspec compliance logout
|
179
301
|
Successfully logged out
|
180
302
|
```
|
181
303
|
|
304
|
+
|
182
305
|
## Integration Tests
|
183
306
|
|
184
307
|
At this point of time, InSpec is not able to pick up the token directly, therefore the integration test is semi-automatic at this point of time:
|
@@ -7,6 +7,11 @@ module InspecPlugins
|
|
7
7
|
require_relative "inspec-compliance/cli"
|
8
8
|
InspecPlugins::Compliance::CLI
|
9
9
|
end
|
10
|
+
|
11
|
+
cli_command :automate do
|
12
|
+
require_relative "inspec-compliance/cli"
|
13
|
+
InspecPlugins::Compliance::CLI
|
14
|
+
end
|
10
15
|
end
|
11
16
|
|
12
17
|
autoload :Configuration, "plugins/inspec-compliance/lib/inspec-compliance/configuration"
|
@@ -9,7 +9,7 @@ module InspecPlugins
|
|
9
9
|
class CannotDetermineServerType < StandardError; end
|
10
10
|
|
11
11
|
def login(options)
|
12
|
-
raise ArgumentError, "Please specify a server using `#{EXEC_NAME} compliance login https://SERVER`" unless options["server"]
|
12
|
+
raise ArgumentError, "Please specify a server using `#{EXEC_NAME} automate login https://SERVER` or `#{EXEC_NAME} compliance login https://SERVER`" unless options["server"]
|
13
13
|
|
14
14
|
options["server"] = URI("https://#{options["server"]}").to_s if URI(options["server"]).scheme.nil?
|
15
15
|
|
@@ -179,7 +179,7 @@ module InspecPlugins
|
|
179
179
|
def self.compliance_verify_thor_options(o)
|
180
180
|
error_msg = []
|
181
181
|
|
182
|
-
error_msg.push("Please specify a server using `#{EXEC_NAME} compliance login https://SERVER`") if o["server"].nil?
|
182
|
+
error_msg.push("Please specify a server using `#{EXEC_NAME} automate login https://SERVER` or `#{EXEC_NAME} compliance login https://SERVER`") if o["server"].nil?
|
183
183
|
|
184
184
|
if o["user"].nil? && o["refresh_token"].nil?
|
185
185
|
error_msg.push("Please specify a `--user='USER'` or a `--refresh-token='TOKEN'`")
|
@@ -6,13 +6,12 @@ module InspecPlugins
|
|
6
6
|
module Compliance
|
7
7
|
class CLI < Inspec.plugin(2, :cli_command)
|
8
8
|
include Inspec::Dist
|
9
|
-
|
10
|
-
subcommand_desc "compliance SUBCOMMAND", "#{COMPLIANCE_PRODUCT_NAME} commands"
|
9
|
+
subcommand_desc "automate SUBCOMMAND or compliance SUBCOMMAND", "#{AUTOMATE_PRODUCT_NAME} commands"
|
11
10
|
|
12
11
|
# desc "login https://SERVER --insecure --user='USER' --ent='ENTERPRISE' --token='TOKEN'", 'Log in to a Chef Compliance/Chef Automate SERVER'
|
13
|
-
desc "login", "Log in to a #{
|
12
|
+
desc "login", "Log in to a #{AUTOMATE_PRODUCT_NAME} SERVER"
|
14
13
|
long_desc <<-LONGDESC
|
15
|
-
`login` allows you to use InSpec with #{AUTOMATE_PRODUCT_NAME}
|
14
|
+
`login` allows you to use InSpec with #{AUTOMATE_PRODUCT_NAME} Server
|
16
15
|
|
17
16
|
You need to a token for communication. More information about token retrieval
|
18
17
|
is available at:
|
@@ -24,11 +23,11 @@ module InspecPlugins
|
|
24
23
|
option :user, type: :string, required: false,
|
25
24
|
desc: "Username"
|
26
25
|
option :password, type: :string, required: false,
|
27
|
-
desc: "Password (#{
|
26
|
+
desc: "Password (#{AUTOMATE_PRODUCT_NAME} Only)"
|
28
27
|
option :token, type: :string, required: false,
|
29
28
|
desc: "Access token"
|
30
29
|
option :refresh_token, type: :string, required: false,
|
31
|
-
desc: "#{
|
30
|
+
desc: "#{AUTOMATE_PRODUCT_NAME} refresh token (#{AUTOMATE_PRODUCT_NAME} Only)"
|
32
31
|
option :dctoken, type: :string, required: false,
|
33
32
|
desc: "Data Collector token (#{AUTOMATE_PRODUCT_NAME} Only)"
|
34
33
|
option :ent, type: :string, required: false,
|
@@ -40,7 +39,7 @@ module InspecPlugins
|
|
40
39
|
puts "Stored configuration for Chef #{config["server_type"].capitalize}: #{config["server"]}' with user: '#{config["user"]}'"
|
41
40
|
end
|
42
41
|
|
43
|
-
desc "profiles", "list all available profiles in #{
|
42
|
+
desc "profiles", "list all available profiles in #{AUTOMATE_PRODUCT_NAME}"
|
44
43
|
option :owner, type: :string, required: false,
|
45
44
|
desc: "owner whose profiles to list"
|
46
45
|
def profiles
|
@@ -65,11 +64,11 @@ module InspecPlugins
|
|
65
64
|
exit 1
|
66
65
|
end
|
67
66
|
rescue InspecPlugins::Compliance::ServerConfigurationMissing
|
68
|
-
$stderr.puts "\nServer configuration information is missing. Please login using `#{EXEC_NAME}
|
67
|
+
$stderr.puts "\nServer configuration information is missing. Please login using `#{EXEC_NAME} #{subcommand_name} login`"
|
69
68
|
exit 1
|
70
69
|
end
|
71
70
|
|
72
|
-
desc "exec PROFILE", "executes a #{
|
71
|
+
desc "exec PROFILE", "executes a #{AUTOMATE_PRODUCT_NAME} profile"
|
73
72
|
exec_options
|
74
73
|
def exec(*tests)
|
75
74
|
compliance_config = InspecPlugins::Compliance::Configuration.new
|
@@ -91,7 +90,7 @@ module InspecPlugins
|
|
91
90
|
exit 1
|
92
91
|
end
|
93
92
|
|
94
|
-
desc "download PROFILE", "downloads a profile from #{
|
93
|
+
desc "download PROFILE", "downloads a profile from #{AUTOMATE_PRODUCT_NAME}"
|
95
94
|
option :name, type: :string,
|
96
95
|
desc: "Name of the archive filename (file type will be added)"
|
97
96
|
def download(profile_name)
|
@@ -116,12 +115,12 @@ module InspecPlugins
|
|
116
115
|
file_name = fetcher.fetch(o.name || id)
|
117
116
|
puts "Profile stored to #{file_name}"
|
118
117
|
else
|
119
|
-
puts "Profile #{profile_name} is not available in #{
|
118
|
+
puts "Profile #{profile_name} is not available in #{AUTOMATE_PRODUCT_NAME}."
|
120
119
|
exit 1
|
121
120
|
end
|
122
121
|
end
|
123
122
|
|
124
|
-
desc "upload PATH", "uploads a local profile to #{
|
123
|
+
desc "upload PATH", "uploads a local profile to #{AUTOMATE_PRODUCT_NAME}"
|
125
124
|
option :overwrite, type: :boolean, default: false,
|
126
125
|
desc: "Overwrite existing profile on Server."
|
127
126
|
option :owner, type: :string, required: false,
|
@@ -167,7 +166,7 @@ module InspecPlugins
|
|
167
166
|
|
168
167
|
# determine user information
|
169
168
|
if (config["token"].nil? && config["refresh_token"].nil?) || config["user"].nil?
|
170
|
-
error.call("Please login via `#{EXEC_NAME}
|
169
|
+
error.call("Please login via `#{EXEC_NAME} #{subcommand_name} login`")
|
171
170
|
end
|
172
171
|
|
173
172
|
# read profile name from inspec.yml
|
@@ -202,11 +201,8 @@ module InspecPlugins
|
|
202
201
|
puts "Start upload to #{config["owner"]}/#{profile_name}"
|
203
202
|
pname = ERB::Util.url_encode(profile_name)
|
204
203
|
|
205
|
-
|
206
|
-
|
207
|
-
else
|
208
|
-
puts "Uploading to #{COMPLIANCE_PRODUCT_NAME}"
|
209
|
-
end
|
204
|
+
puts "Uploading to #{AUTOMATE_PRODUCT_NAME}"
|
205
|
+
|
210
206
|
success, msg = InspecPlugins::Compliance::API.upload(config, config["owner"], pname, archive_path)
|
211
207
|
|
212
208
|
# delete temp file if it was temporary generated
|
@@ -221,7 +217,7 @@ module InspecPlugins
|
|
221
217
|
end
|
222
218
|
end
|
223
219
|
|
224
|
-
desc "version", "displays the version of the #{
|
220
|
+
desc "version", "displays the version of the #{AUTOMATE_PRODUCT_NAME} server"
|
225
221
|
def version
|
226
222
|
config = InspecPlugins::Compliance::Configuration.new
|
227
223
|
info = InspecPlugins::Compliance::API.version(config)
|
@@ -233,11 +229,11 @@ module InspecPlugins
|
|
233
229
|
exit 1
|
234
230
|
end
|
235
231
|
rescue InspecPlugins::Compliance::ServerConfigurationMissing
|
236
|
-
puts "\nServer configuration information is missing. Please login using `#{EXEC_NAME}
|
232
|
+
puts "\nServer configuration information is missing. Please login using `#{EXEC_NAME} #{subcommand_name} login`"
|
237
233
|
exit 1
|
238
234
|
end
|
239
235
|
|
240
|
-
desc "logout", "user logout from #{
|
236
|
+
desc "logout", "user logout from #{AUTOMATE_PRODUCT_NAME}"
|
241
237
|
def logout
|
242
238
|
config = InspecPlugins::Compliance::Configuration.new
|
243
239
|
unless config.supported?(:oidc) || config["token"].nil? || config["server_type"] == "automate"
|
@@ -258,9 +254,13 @@ module InspecPlugins
|
|
258
254
|
|
259
255
|
def loggedin(config)
|
260
256
|
serverknown = !config["server"].nil?
|
261
|
-
puts "You need to login first with `#{EXEC_NAME}
|
257
|
+
puts "You need to login first with `#{EXEC_NAME} #{subcommand_name} login`" unless serverknown
|
262
258
|
serverknown
|
263
259
|
end
|
260
|
+
|
261
|
+
def subcommand_name
|
262
|
+
@_invocations[Inspec::InspecCLI]&.first || "automate"
|
263
|
+
end
|
264
264
|
end
|
265
265
|
|
266
266
|
# register the subcommand to InSpec CLI registry
|
@@ -34,13 +34,13 @@ module InspecPlugins
|
|
34
34
|
if config["token"].nil? && config["refresh_token"].nil?
|
35
35
|
if config["server_type"] == "automate"
|
36
36
|
server = "automate"
|
37
|
-
msg = "#{EXEC_NAME} compliance login https://your_automate_server --user USER --ent ENT --dctoken DCTOKEN or --token USERTOKEN"
|
37
|
+
msg = "#{EXEC_NAME} [automate|compliance] login https://your_automate_server --user USER --ent ENT --dctoken DCTOKEN or --token USERTOKEN"
|
38
38
|
elsif config["server_type"] == "automate2"
|
39
39
|
server = "automate2"
|
40
|
-
msg = "#{EXEC_NAME} compliance login https://your_automate2_server --user USER --token APITOKEN"
|
40
|
+
msg = "#{EXEC_NAME} [automate|compliance] login https://your_automate2_server --user USER --token APITOKEN"
|
41
41
|
else
|
42
42
|
server = "compliance"
|
43
|
-
msg = "#{EXEC_NAME} compliance login https://your_compliance_server --user admin --insecure --token 'PASTE TOKEN HERE' "
|
43
|
+
msg = "#{EXEC_NAME} [automate|compliance] login https://your_compliance_server --user admin --insecure --token 'PASTE TOKEN HERE' "
|
44
44
|
end
|
45
45
|
raise Inspec::FetcherFailure, <<~EOF
|
46
46
|
|
@@ -112,7 +112,7 @@ module InspecPlugins
|
|
112
112
|
end
|
113
113
|
|
114
114
|
def to_s
|
115
|
-
"#{
|
115
|
+
"#{AUTOMATE_PRODUCT_NAME} Profile Loader"
|
116
116
|
end
|
117
117
|
|
118
118
|
private
|
@@ -136,6 +136,7 @@ module InspecPlugins
|
|
136
136
|
if m.nil?
|
137
137
|
raise "Unable to determine compliance profile name. This can be caused by " \
|
138
138
|
"an incorrect server in your configuration. Try to login to compliance " \
|
139
|
+
"via the `#{EXEC_NAME} automate login` command or " \
|
139
140
|
"via the `#{EXEC_NAME} compliance login` command."
|
140
141
|
end
|
141
142
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inspec-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.37.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Chef InSpec Team
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-05-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: chef-telemetry
|
@@ -17,6 +17,9 @@ dependencies:
|
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
19
|
version: '1.0'
|
20
|
+
- - ">="
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: 1.0.8
|
20
23
|
type: :runtime
|
21
24
|
prerelease: false
|
22
25
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -24,6 +27,9 @@ dependencies:
|
|
24
27
|
- - "~>"
|
25
28
|
- !ruby/object:Gem::Version
|
26
29
|
version: '1.0'
|
30
|
+
- - ">="
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: 1.0.8
|
27
33
|
- !ruby/object:Gem::Dependency
|
28
34
|
name: license-acceptance
|
29
35
|
requirement: !ruby/object:Gem::Requirement
|