inspec 0.14.8 → 0.15.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 44a85cca34621ed900f32162b2c6533a7315bfe5
-  data.tar.gz: 921d12e76104f1676883b087e5ab9f050de4db8d
+  metadata.gz: 6ca71e169ffd037a7a61f99fc09188424a137168
+  data.tar.gz: 1aa83936f8b464a2044a7fae20cb14ddce1bdb87
 SHA512:
-  metadata.gz: 7d61ff5f5528d764df121aaed034e7bb6c25f46e7c2967bbea21d499e7a22c43f8ce24f7eec0a777a55056170a750ad8d6beb5f5a2680d8072cb8430a80ee684
-  data.tar.gz: e672dfb4be6c4cd21e8d6e0d0ecc084df103ee53a93a0da36b565fb7b785d20f808f36846ea2078134f14844ce539414bff6591a086bfedc693f82a1ba2cefdf
+  metadata.gz: 774c8531d3bfdcab1c0a0587f670c09ab39099e89ff07a79e68c37bb3798e1a1a75e0b613c80a7bc7f8fb492c797ec26b04a12298a0493ddfd0d7784059cfb99
+  data.tar.gz: 4335e3fa250d9b6e3b54e25c82289fb3f232452ced7ad0d1a781349b2ae415d8b9533824c4ffda2f53340a96da0cea3720dd630637b59a6286511021672c3945

data/CHANGELOG.md

@@ -1,7 +1,29 @@
 # Change Log
 
-## [0.14.8](https://github.com/chef/inspec/tree/0.14.8) (2016-03-04)
-[Full Changelog](https://github.com/chef/inspec/compare/v0.14.7...0.14.8)
+## [0.15.0](https://github.com/chef/inspec/tree/0.15.0) (2016-03-09)
+[Full Changelog](https://github.com/chef/inspec/compare/v0.14.8...0.15.0)
+
+**Implemented enhancements:**
+
+- add color output + make it the default [\#523](https://github.com/chef/inspec/pull/523) ([arlimus](https://github.com/arlimus))
+- select controls to execute [\#522](https://github.com/chef/inspec/pull/522) ([arlimus](https://github.com/arlimus))
+
+**Fixed bugs:**
+
+- Rename internal File and OS resource classes [\#527](https://github.com/chef/inspec/pull/527) ([arlimus](https://github.com/arlimus))
+- Placing all resources in the Inspec::Resources namespace [\#526](https://github.com/chef/inspec/pull/526) ([adamleff](https://github.com/adamleff))
+- bugfix: inheritance of local profiles [\#524](https://github.com/chef/inspec/pull/524) ([arlimus](https://github.com/arlimus))
+
+**Closed issues:**
+
+- Colo\[u\]r those dots and Fs! [\#518](https://github.com/chef/inspec/issues/518)
+
+**Merged pull requests:**
+
+- 0.14.9 [\#525](https://github.com/chef/inspec/pull/525) ([arlimus](https://github.com/arlimus))
+
+## [v0.14.8](https://github.com/chef/inspec/tree/v0.14.8) (2016-03-04)
+[Full Changelog](https://github.com/chef/inspec/compare/v0.14.7...v0.14.8)
 
 **Closed issues:**
 
@@ -9,6 +31,7 @@
 
 **Merged pull requests:**
 
+- 0.14.8 [\#520](https://github.com/chef/inspec/pull/520) ([arlimus](https://github.com/arlimus))
 - expose control impacts in json [\#519](https://github.com/chef/inspec/pull/519) ([arlimus](https://github.com/arlimus))
 
 ## [v0.14.7](https://github.com/chef/inspec/tree/v0.14.7) (2016-03-01)

data/bin/inspec

@@ -20,6 +20,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
     desc: 'Attach a profile ID to all test results'
   option :output, aliases: :o, type: :string,
     desc: 'Save the created profile to a path'
+  profile_options
   def json(target)
     diagnose
     o = opts.dup
@@ -42,6 +43,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
 
   desc 'check PATH', 'verify all tests at the specified PATH'
   option :format, type: :string
+  profile_options
   def check(path) # rubocop:disable Metrics/AbcSize
     diagnose
     o = opts.dup
@@ -101,10 +103,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
   end
 
   desc 'exec PATHS', 'run all test files at the specified PATH.'
-  option :id, type: :string,
-    desc: 'Attach a profile ID to all test results'
-  target_options
-  option :format, type: :string
+  exec_options
   def exec(*targets)
     diagnose
     run_tests(targets, opts)

data/examples/inheritance/README.md

@@ -0,0 +1,19 @@
+# Example InSpec Profile
+
+This example shows the use of InSpec [profile](../../docs/profiles.rst) inheritance.
+
+## Verify a profile
+
+InSpec ships with built-in features to verify a profile structure.
+
+```bash
+$ inspec check examples/inheritance --profiles-path examples
+```
+
+## Execute a profile
+
+To run a profile on a local machine use `inspec exec /path/to/profile`.
+
+```bash
+$ inspec exec examples/inheritance --profiles-path examples
+```

data/examples/inheritance/controls/example.rb

@@ -0,0 +1,11 @@
+# encoding: utf-8
+# copyright: 2015, Chef Software, Inc.
+# license: All rights reserved
+
+include_controls 'profile' do
+  skip_control 'tmp-1.0'
+
+  control 'gordon-1.0' do
+    impact 0.0
+  end
+end

data/examples/inheritance/inspec.yml

@@ -0,0 +1,10 @@
+name: inheritance
+title: InSpec example inheritance
+maintainer: Chef Software, Inc.
+copyright: Chef Software, Inc.
+copyright_email: support@chef.io
+license: Apache 2 license
+summary: Demonstrates the use of InSpec profile inheritance
+version: 1.0.0
+supports:
+  - os-family: linux

data/lib/bundles/inspec-compliance/cli.rb

@@ -39,10 +39,7 @@ module Compliance
     end
 
     desc 'exec PROFILE', 'executes a Chef Compliance profile'
-    option :id, type: :string,
-      desc: 'Attach a profile ID to all test results'
-    target_options
-    option :format, type: :string
+    exec_options
     def exec(*tests)
       # iterate over tests and add compliance scheme
       tests = tests.map { |t| 'compliance://' + t }

data/lib/bundles/inspec-supermarket/cli.rb

@@ -18,10 +18,7 @@ module Supermarket
     end
 
     desc 'exec PROFILE', 'execute a Supermarket profile'
-    option :id, type: :string,
-      desc: 'Attach a profile ID to all test results'
-    target_options
-    option :format, type: :string
+    exec_options
     def exec(*tests)
       # iterate over tests and add compliance scheme
       tests = tests.map { |t| 'supermarket://' + t }

data/lib/inspec/dsl.rb

@@ -6,11 +6,13 @@
 
 module Inspec::DSL
   def require_controls(id, &block)
-    ::Inspec::DSL.load_spec_files_for_profile self, id, false, &block
+    opts = { profile_id: id, include_all: false, backend: @backend, conf: @conf }
+    ::Inspec::DSL.load_spec_files_for_profile(self, opts, &block)
   end
 
   def include_controls(id, &block)
-    ::Inspec::DSL.load_spec_files_for_profile self, id, true, &block
+    opts = { profile_id: id, include_all: true, backend: @backend, conf: @conf }
+    ::Inspec::DSL.load_spec_files_for_profile(self, opts, &block)
   end
 
   alias require_rules require_controls
@@ -60,72 +62,63 @@ module Inspec::DSL
     }
   end
 
-  def self.load_spec_file_for_profile(profile_id, file, rule_registry, only_ifs)
-    raw = File.read(file)
-    # TODO: error-handling
+  def self.load_spec_files_for_profile(bind_context, opts, &block)
+    # get all spec files
+    target = get_reference_profile(opts[:profile_id], opts[:conf])
+    profile = Inspec::Profile.for_target(target, opts)
+    context = load_profile_context(opts[:profile_id], profile, opts)
 
-    ctx = Inspec::ProfileContext.new(profile_id, rule_registry, only_ifs)
-    ctx.instance_eval(raw, file, 1)
-  end
+    # if we don't want all the rules, then just make 1 pass to get all rule_IDs
+    # that we want to keep from the original
+    filter_included_controls(context, opts, &block) if !opts[:include_all]
 
-  def self.load_spec_files_for_profile(bind_context, profile_id, include_all, &block)
-    # get all spec files
-    files = get_spec_files_for_profile profile_id
-    # load all rules from spec files
-    rule_registry = {}
-    # TODO: handling of only_ifs
-    only_ifs = []
-    files.each do |file|
-      load_spec_file_for_profile(profile_id, file, rule_registry, only_ifs)
-    end
+    # interpret the block and skip/modify as required
+    context.load(block) if block_given?
 
-    # interpret the block and create a set of rules from it
-    block_registry = {}
-    if block_given?
-      ctx = Inspec::ProfileContext.new(profile_id, block_registry, only_ifs)
-      ctx.instance_eval(&block)
+    # finally register all combined rules
+    context.rules.values.each do |control|
+      bind_context.register_control(control)
     end
+  end
 
-    # if all rules are not included, select only the ones
-    # that were defined in the block
-    unless include_all
-      remove = rule_registry.keys - block_registry.keys
-      remove.each { |key| rule_registry.delete(key) }
+  def self.filter_included_controls(context, opts, &block)
+    mock = Inspec::Backend.create({ backend: 'mock' })
+    include_ctx = Inspec::ProfileContext.new(opts[:profile_id], mock, opts[:conf])
+    include_ctx.load(block) if block_given?
+    # remove all rules that were not registered
+    context.rules.keys.each do |id|
+      unless include_ctx.rules[id]
+        context.rules[id] = nil
+      end
     end
+  end
 
-    # merge the rules in the block_registry (adjustments) with
-    # the rules in the rule_registry (included)
-    block_registry.each do |id, r|
-      org = rule_registry[id]
-      if org.nil?
-        # TODO: print error because we write alter a rule that doesn't exist
-      elsif r.nil?
-        rule_registry.delete(id)
-      else
-        merge_rules(org, r)
-      end
+  def self.get_reference_profile(id, opts)
+    profiles_path = opts['profiles_path'] ||
+                    fail('You must supply a --profiles-path to inherit from other profiles.')
+    abs_path = File.expand_path(profiles_path.to_s)
+    unless File.directory? abs_path
+      fail("Cannot find profiles path #{abs_path}")
     end
 
-    # finally register all combined rules
-    rule_registry.each do |_id, rule|
-      bind_context.__register_rule rule
+    id_path = File.join(abs_path, id)
+    unless File.directory? id_path
+      fail("Cannot find referenced profile #{id} in #{id_path}")
     end
+
+    id_path
   end
 
-  def self.get_spec_files_for_profile(id)
-    base_path = '/etc/inspec/tests'
-    path = File.join(base_path, id)
-    # find all files to be included
-    files = []
-    if File.directory? path
-      # include all library paths, if they exist
-      libdir = File.join(path, 'lib')
-      if File.directory? libdir and !$LOAD_PATH.include?(libdir)
-        $LOAD_PATH.unshift(libdir)
-      end
-      files = Dir[File.join(path, 'spec', '*_spec.rb')]
+  def self.load_profile_context(id, profile, opts)
+    ctx = Inspec::ProfileContext.new(id, opts[:backend], opts[:conf])
+    profile.libraries.each do |path, content|
+      ctx.load(content.to_s, path, 1)
+      ctx.reload_dsl
+    end
+    profile.tests.each do |path, content|
+      ctx.load(content.to_s, path, 1)
     end
-    files
+    ctx
   end
 end
 

data/lib/inspec/profile.rb

@@ -13,7 +13,7 @@ module Inspec
     extend Forwardable
     attr_reader :path
 
-    def self.for_target(target, opts)
+    def self.resolve_target(target, opts)
       # Fetchers retrieve file contents
       opts[:target] = target
       fetcher = Inspec::Fetcher.resolve(target)
@@ -27,7 +27,11 @@ module Inspec
         fail("Don't understand inspec profile in #{target.inspect}, it "\
              "doesn't look like a supported profile structure.")
       end
-      new(reader, opts)
+      reader
+    end
+
+    def self.for_target(target, opts)
+      new(resolve_target(target, opts), opts)
     end
 
     attr_reader :source_reader

data/lib/inspec/profile_context.rb

@@ -7,18 +7,18 @@ require 'inspec/dsl'
 require 'securerandom'
 
 module Inspec
-  class ProfileContext
-    attr_reader :rules, :only_ifs
-    def initialize(profile_id, backend, profile_registry = {}, only_ifs = [])
+  class ProfileContext # rubocop:disable Metrics/ClassLength
+    attr_reader :rules
+    def initialize(profile_id, backend, conf)
       if backend.nil?
         fail 'ProfileContext is initiated with a backend == nil. ' \
              'This is a backend error which must be fixed upstream.'
       end
 
       @profile_id = profile_id
-      @rules = profile_registry
-      @only_ifs = only_ifs
       @backend = backend
+      @conf = conf.dup
+      @rules = {}
 
       reload_dsl
     end
@@ -26,12 +26,16 @@ module Inspec
     def reload_dsl
       resources_dsl = Inspec::Resource.create_dsl(@backend)
       ctx = create_context(resources_dsl, rule_context(resources_dsl))
-      @profile_context = ctx.new
+      @profile_context = ctx.new(@backend, @conf)
     end
 
     def load(content, source = nil, line = nil)
       @current_load = { file: source }
-      @profile_context.instance_eval(content, source || 'unknown', line || 1)
+      if content.is_a? Proc
+        @profile_context.instance_eval(&content)
+      else
+        @profile_context.instance_eval(content, source || 'unknown', line || 1)
+      end
     end
 
     def unregister_rule(id)
@@ -93,6 +97,11 @@ module Inspec
         include Inspec::DSL
         include resources_dsl
 
+        def initialize(backend, conf) # rubocop:disable Lint/NestedMethodDefinition, Lint/DuplicateMethods
+          @backend = backend
+          @conf = conf
+        end
+
         define_method :title do |arg|
           profile_context_owner.set_header(:title, arg)
         end
@@ -116,6 +125,10 @@ module Inspec
 
         alias_method :rule, :control
 
+        define_method :register_control do |control|
+          profile_context_owner.register_rule(control) unless control.nil?
+        end
+
         define_method :describe do |*args, &block|
           loc = block_location(block, caller[0])
           id = "(generated from #{loc} #{SecureRandom.hex})"
@@ -133,7 +146,7 @@ module Inspec
           nil
         end
 
-        def skip_control(id)
+        define_method :skip_control do |id|
           profile_context_owner.unregister_rule(id)
         end
 

data/lib/inspec/runner.rb

@@ -46,6 +46,12 @@ module Inspec
       @backend = Inspec::Backend.create(@conf)
     end
 
+    def add_target(target, options = {})
+      profile = Inspec::Profile.for_target(target, options)
+      fail "Could not resolve #{target} to valid input." if profile.nil?
+      add_profile(profile, options)
+    end
+
     def add_profile(profile, options = {})
       return unless options[:ignore_supports] ||
                     profile.metadata.supports_transport?(@backend)
@@ -57,26 +63,20 @@ module Inspec
       profile.tests.each do |ref, content|
         r = profile.source_reader.target.abs_path(ref)
         test = { ref: r, content: content }
-        add_content(test, libs)
+        add_content(test, libs, options)
       end
     end
 
-    def add_target(target, options = {})
-      profile = Inspec::Profile.for_target(target, options)
-      fail "Could not resolve #{target} to valid input." if profile.nil?
-      add_profile(profile)
-    end
-
-    def create_context
-      Inspec::ProfileContext.new(@profile_id, @backend)
+    def create_context(options = {})
+      Inspec::ProfileContext.new(@profile_id, @backend, @conf.merge(options))
     end
 
-    def add_content(test, libs)
+    def add_content(test, libs, options = {})
       content = test[:content]
       return if content.nil? || content.empty?
 
       # load all libraries
-      ctx = create_context
+      ctx = create_context(options)
       libs.each do |lib|
         ctx.load(lib[:content].to_s, lib[:ref], lib[:line] || 1)
         ctx.reload_dsl
@@ -86,7 +86,7 @@ module Inspec
       ctx.load(content, test[:ref], test[:line] || 1)
 
       # process the resulting rules
-      ctx.rules.each do |rule_id, rule|
+      filter_controls(ctx.rules, options[:controls]).each do |rule_id, rule|
         register_rule(rule_id, rule)
       end
     end
@@ -96,6 +96,11 @@ module Inspec
 
     private
 
+    def filter_controls(controls_map, include_list)
+      return controls_map if include_list.nil? || include_list.empty?
+      controls_map.select { |k, _| include_list.include?(k) }
+    end
+
     def block_source_info(block)
       return {} if block.nil? || !block.respond_to?(:source_location)
       opts = {}