inspec-core 7.0.95 → 7.0.107

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2e160d7044fa022329cb438d770054bb63107b59f219030464c709f6b1dcda93
-  data.tar.gz: 1dc6673dc552f75cb9b8671b0a466feb2c818f069112fac69aa63b1de568ef54
+  metadata.gz: 45c2a8606fc27e3246476e86b6d87ab22b5e9b0ea8f85d8381e71a5b74d1b0d0
+  data.tar.gz: af209e2f16b169913314c0aee8bd2c4ed0a05d92a187ad421ef81c6a22d3cc26
 SHA512:
-  metadata.gz: a389860f421bec680c4db4462fc4cf5765073661cc1154f5fe57e823f7b4f33b10d1ecd22fb286d3a50cd467170645d460ba80b96515331bd2aec9eaa80d8579
-  data.tar.gz: 6133800736ed63493d37bca5b3727740b1a1ab7eadb9919ffc8b728f021604a9dd7bf1d1b388169566bc4e484b3fb2fc26845e05769f1dc2afa26f530fddf7a0
+  metadata.gz: 5e15e616ac53c257b7f3b23744745798cb22fbaa91ff6668140bf40ecfee92da7931e31949429fe337984c8716538ff84c8ca03acbcf9303fc93d45b20a3f4df
+  data.tar.gz: 63064836ca735a8ab3dfe01ccfb4c2cdc791dbf9474e2eff83df893ad04ef79979f5850bc7536967b5b2d871d31ad4cbc0ef61aa1ca92dbcde30eeef72a00fd2

data/Gemfile

@@ -43,6 +43,9 @@ group :test do
   gem "m"
   gem "minitest-sprint", "~> 1.0"
   gem "minitest"
+  # Ruby 3.4+ extracts minitest-mock to a separate gem (bundled gem)
+  # Adding unconditionally as it's compatible with all Ruby versions
+  gem "minitest-mock"
   gem "mocha"
   gem "nokogiri"
   gem "pry-byebug"

data/inspec-core.gemspec

@@ -68,7 +68,7 @@ Source code obtained from the Chef GitHub repository is made available under Apa
   # which was causing a LoadError ('cannot load such file -- ast') for users/applications using 'inspec-core'.
   spec.add_dependency "cookstyle"
 
-  spec.add_dependency "train-core", "~> 3.13", ">= 3.13.4"
+  spec.add_dependency "train-core", "~> 3.16", ">= 3.16.1"
   # Minimum major version 1 is required for Chef licensing telemetry
   spec.add_dependency "chef-licensing", ">= 1.2.0"
 end

data/lib/inspec/resources/oracledb_session.rb

@@ -13,14 +13,29 @@ module Inspec::Resources
     supports platform: "windows"
     desc "Use the oracledb_session InSpec resource to test commands against an Oracle database"
     example <<~EXAMPLE
+      # Using password
       sql = oracledb_session(user: 'my_user', pass: 'password')
       describe sql.query(\"SELECT UPPER(VALUE) AS VALUE FROM V$PARAMETER WHERE UPPER(NAME)='AUDIT_SYS_OPERATIONS'\").row(0).column('value') do
         its('value') { should eq 'TRUE' }
       end
+
+      # CHEF-28019: Using TNS alias (recommended for TCPS/SSL connections)
+      sql = oracledb_session(
+        user: 'my_user',
+        password: 'password',
+        tns_alias: 'MYDB_TCPS',
+        env: {
+          'TNS_ADMIN' => '/path/to/tnsnames',
+          'LD_LIBRARY_PATH' => '/opt/oracle/instantclient'
+        }
+      )
+      describe sql.query('SELECT * FROM dual').row(0).column('dummy') do
+        its('value') { should eq 'X' }
+      end
     EXAMPLE
 
     attr_reader :bin, :db_role, :host, :password, :port, :service,
-                :su_user, :user
+                :su_user, :user, :tns_alias, :env_vars
 
     def initialize(opts = {})
       @user = opts[:user]
@@ -37,6 +52,11 @@ module Inspec::Resources
       @db_role = opts[:as_db_role]
       @sqlcl_bin = opts[:sqlcl_bin] || nil
       @sqlplus_bin = opts[:sqlplus_bin] || "sqlplus"
+
+      # CHEF-28019: Support for TNS alias and environment variables
+      @tns_alias = opts[:tns_alias]
+      @env_vars = opts[:env] || {}
+
       skip_resource "Option 'as_os_user' not available in Windows" if inspec.os.windows? && su_user
       fail_resource "Can't run Oracle checks without authentication" unless su_user || (user || password)
     end
@@ -77,8 +97,10 @@ module Inspec::Resources
     end
 
     def resource_id
-      if @user
-        "#{@host}-#{@port}-#{@user}"
+      if @tns_alias && !@tns_alias.empty?
+        "#{@tns_alias}-#{@user}" # e.g., "XEPDB1_TCPS-USER"
+      elsif @user
+        "#{@host}-#{@port}-#{@user}" # e.g., "localhost-1521-USER"
       elsif @su_user
         "#{@host}-#{@port}-#{@su_user}"
       else
@@ -88,10 +110,9 @@ module Inspec::Resources
 
     private
 
-    # 3 commands
-    # regular user password
-    # using a db_role
-    # su, using a db_role
+    # CHEF-28019: Build command with support for TNS alias and environment variables
+    # Existing behavior: regular user/password, using db_role, or su with db_role
+    # Added New behavior: TNS alias connections with optional env vars
     def command_builder(format_options, query)
       if @db_role.nil? || @su_user.nil?
         verified_query = verify_query(query)
@@ -116,7 +137,11 @@ module Inspec::Resources
         sql_postfix = %{ <<'EOC'\n#{format_options}\n#{verified_query}\nEXIT\n'EOC'} if shell_is_csh
       end
 
-      if @db_role.nil?
+      # CHEF-28019: New path for TNS alias connections
+      if @tns_alias && !@tns_alias.to_s.empty?
+        build_tns_command(format_options, verified_query, oracle_echo_str)
+      # Original paths preserved
+      elsif @db_role.nil?
         %{#{oracle_echo_str}#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service}#{sql_postfix}}
       elsif @su_user.nil?
         %{#{oracle_echo_str}#{sql_prefix}#{bin} #{user}/#{password}@#{host}:#{port}/#{@service} as #{@db_role}#{sql_postfix}}
@@ -153,5 +178,35 @@ module Inspec::Resources
         Hashie::Mash.new([revised_row].to_h)
       end
     end
+
+    # CHEF-28019: Build TNS alias command with environment variables
+    def build_tns_command(format_options, verified_query, oracle_echo_str)
+      env_prefix = build_env_prefix
+      connect_string = build_connect_string
+      heredoc_content = "connect #{connect_string}\n#{format_options}\n#{verified_query}\nEXIT"
+
+      if @su_user
+        cmd = %{su - #{@su_user} -c "#{oracle_echo_str} #{env_prefix} #{@bin} -s /nolog <<'INSPECSQL'\n#{heredoc_content}\nINSPECSQL"}
+      else
+        cmd = %{#{oracle_echo_str}#{bin} -s /nolog <<'INSPECSQL'\n#{heredoc_content}\nINSPECSQL}
+        cmd = "#{env_prefix} #{cmd}" unless env_prefix.empty?
+      end
+
+      cmd
+    end
+
+    # CHEF-28019: Build Oracle connect string for TNS alias
+    def build_connect_string
+      connect_str = "#{@user}/#{@password}@#{@tns_alias}"
+      connect_str += " as #{@db_role}" if @db_role && !@su_user
+      connect_str
+    end
+
+    # CHEF-28019: Build environment variable prefix
+    def build_env_prefix
+      return "" if @env_vars.nil? || @env_vars.empty?
+
+      @env_vars.map { |k, v| "#{k}='#{v}'" }.join(" ")
+    end
   end
 end

data/lib/inspec/utils/install_context.rb

@@ -19,8 +19,6 @@ module Inspec
       "unknown"
     end
 
-    private
-
     def chef_workstation_install?
       !!(src_root.start_with?("/opt/chef-workstation") || src_root.start_with?("C:/opscode/chef-workstation"))
     end

data/lib/inspec/utils/telemetry/base.rb

@@ -48,7 +48,7 @@ module Inspec
         payload = create_wrapper
 
         train_platform = opts[:runner].backend.backend.platform
-        payload[:platform] = train_platform.name
+        payload[:platform] = safe_platform_field(train_platform, :name)
 
         payload[:jobs] = [{
                             type: JOB_TYPE,
@@ -56,10 +56,10 @@ module Inspec
                             # Target platform info
                             environment: {
                               host: obscure(URI(opts[:runner].backend.backend.uri).host) || "unknown",
-                              os: train_platform.name,
-                              version: train_platform.release,
-                              architecture: train_platform.arch || "",
-                              id: train_platform.uuid,
+                              os: safe_platform_field(train_platform, :name) || "unknown",
+                              version: safe_platform_field(train_platform, :release) || "unknown",
+                              architecture: safe_platform_field(train_platform, :arch) || "unknown",
+                              id: safe_platform_field(train_platform, :uuid),
                             },
 
                             runtime: Inspec::VERSION,
@@ -125,6 +125,14 @@ module Inspec
         Digest::SHA2.new(256).hexdigest(cleartext)
       end
 
+      # Safely access platform fields that may not exist
+      def safe_platform_field(platform, field)
+        return nil if platform.nil?
+        return nil unless platform.respond_to?(field)
+
+        platform.send(field)
+      end
+
       def note_per_run_features(opts)
         note_all_invoked_features
         note_gem_dependency_usage(opts)

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "7.0.95".freeze
+  VERSION = "7.0.107".freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 7.0.95
+  version: 7.0.107
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2025-10-16 00:00:00.000000000 Z
+date: 2026-02-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-telemetry
@@ -438,20 +438,20 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.13'
+        version: '3.16'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.13.4
+        version: 3.16.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.13'
+        version: '3.16'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.13.4
+        version: 3.16.1
 - !ruby/object:Gem::Dependency
   name: chef-licensing
   requirement: !ruby/object:Gem::Requirement