inspec 0.29.0 → 0.30.0

data/lib/inspec/dsl.rb

@@ -6,12 +6,12 @@
 
 module Inspec::DSL
   def require_controls(id, &block)
-    opts = { profile_id: id, include_all: false, backend: @backend, conf: @conf }
+    opts = { profile_id: id, include_all: false, backend: @backend, conf: @conf, dependencies: @dependencies }
     ::Inspec::DSL.load_spec_files_for_profile(self, opts, &block)
   end
 
   def include_controls(id, &block)
-    opts = { profile_id: id, include_all: true, backend: @backend, conf: @conf }
+    opts = { profile_id: id, include_all: true, backend: @backend, conf: @conf, dependencies: @dependencies }
     ::Inspec::DSL.load_spec_files_for_profile(self, opts, &block)
   end
 
@@ -33,8 +33,9 @@ module Inspec::DSL
 
   def self.load_spec_files_for_profile(bind_context, opts, &block)
     # get all spec files
-    target = get_reference_profile(opts[:profile_id], opts[:conf])
-    profile = Inspec::Profile.for_target(target, opts)
+    target = opts[:dependencies].list[opts[:profile_id]] ||
+             fail("Can't find profile #{opts[:profile_id].inspect}, please add it as a dependency.")
+    profile = Inspec::Profile.for_target(target.path, opts)
     context = load_profile_context(opts[:profile_id], profile, opts)
 
     # if we don't want all the rules, then just make 1 pass to get all rule_IDs
@@ -62,22 +63,6 @@ module Inspec::DSL
     end
   end
 
-  def self.get_reference_profile(id, opts)
-    profiles_path = opts['profiles_path'] ||
-                    fail('You must supply a --profiles-path to inherit from other profiles.')
-    abs_path = File.expand_path(profiles_path.to_s)
-    unless File.directory? abs_path
-      fail("Cannot find profiles path #{abs_path}")
-    end
-
-    id_path = File.join(abs_path, id)
-    unless File.directory? id_path
-      fail("Cannot find referenced profile #{id} in #{id_path}")
-    end
-
-    id_path
-  end
-
   def self.load_profile_context(id, profile, opts)
     ctx = Inspec::ProfileContext.new(id, opts[:backend], opts[:conf])
     profile.libraries.each do |path, content|

data/lib/inspec/env_printer.rb

@@ -0,0 +1,149 @@
+# encoding: utf-8
+require 'inspec/shell_detector'
+require 'erb'
+require 'shellwords'
+
+module Inspec
+  class EnvPrinter
+    def initialize(command_class, shell = nil)
+      if !shell
+        @detected = true
+        @shell = Inspec::ShellDetector.new.shell
+      else
+        @shell = shell
+      end
+      @command_class = command_class
+    end
+
+    def print_and_exit!
+      exit_no_shell if !have_shell?
+      exit_no_completion if !have_shell_completion?
+
+      print_completion_for_shell
+      print_detection_warning($stdout) if @detected
+      print_usage_guidance
+      exit 0
+    end
+
+    private
+
+    def print_completion_for_shell
+      erb = ERB.new(File.read(completion_template_path), nil, '-')
+      puts erb.result(TemplateContext.new(@command_class).get_bindings)
+    end
+
+    def have_shell?
+      ! (@shell.nil? || @shell.empty?)
+    end
+
+    def have_shell_completion?
+      File.exist?(completion_template_path)
+    end
+
+    def completion_dir
+      File.join(File.dirname(__FILE__), 'completions')
+    end
+
+    def completion_template_path
+      File.join(completion_dir, "#{@shell}.sh.erb")
+    end
+
+    def shells_with_completions
+      Dir.glob("#{completion_dir}/*.sh.erb").map { |f| File.basename(f, '.sh.erb') }
+    end
+
+    def print_usage_guidance
+      puts <<EOF
+# To use this, eval it in your shell
+#
+#    eval "$(inspec env #{@shell})"
+#
+#
+EOF
+    end
+
+    def print_detection_warning(device)
+      device.puts <<EOF
+#
+# The shell #{@shell} was auto-detected. If this is incorrect, please
+# specify a shell explicitly by running:
+#
+#     inspec env SHELLNAME
+#
+# Currently supported shells are: #{shells_with_completions.join(', ')}
+#
+EOF
+    end
+
+    def exit_no_completion
+      $stderr.puts "# No completion script for #{@shell}!"
+      print_detection_warning($stderr) if @detected
+      exit 1
+    end
+
+    def exit_no_shell
+      if @detected
+        $stderr.puts '# Unable to automatically detect shell and no shell was provided.'
+      end
+      $stderr.puts <<EOF
+#
+# Please provide the name of your shell via the command line:
+#
+#    inspec env SHELLNAME
+#
+# Currently supported shells are: #{shells_with_completions.join(', ')}
+EOF
+      exit 1
+    end
+
+    class TemplateContext
+      def initialize(command_class)
+        @command_class = command_class
+      end
+
+      def get_bindings # rubocop:disable Style/AccessorMethodName
+        binding
+      end
+
+      #
+      # The following functions all assume that @command_class
+      # is something that provides a Thor-like API
+      #
+      def top_level_commands
+        commands_for_thor_class(@command_class)
+      end
+
+      def top_level_commands_with_descriptions
+        descript_lines_for_class(@command_class)
+      end
+
+      def subcommands_with_commands
+        ret = {}
+        @command_class.subcommand_classes.each do |k, v|
+          ret[k] = commands_for_thor_class(v)
+        end
+        ret
+      end
+
+      def subcommands_with_commands_and_descriptions
+        ret = {}
+        @command_class.subcommand_classes.each do |k, v|
+          ret[k] = descript_lines_for_class(v)
+        end
+        ret
+      end
+
+      def commands_for_thor_class(thor_class)
+        thor_class.all_commands.values.map { |c| c.usage.split.first }
+      end
+
+      def descript_lines_for_class(thor_class)
+        thor_class.all_commands.values.map { |c| descript_line_for_command(c) }
+      end
+
+      def descript_line_for_command(c)
+        "#{c.usage.split.first}:#{Shellwords.escape(c.description)}"
+      end
+    end
+  end
+end

data/lib/inspec/errors.rb

@@ -0,0 +1,17 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+module Inspec
+  class Error < StandardError; end
+
+  # dependency resolution
+  class CyclicDependencyError < Error; end
+  class VersionConflict < Error
+    attr_reader :conflicts
+    def initialize(conflicts, msg = nil)
+      super(msg)
+      @conflicts = conflicts
+    end
+  end
+end

data/lib/inspec/metadata.rb

@@ -36,6 +36,10 @@ module Inspec
       end
     end
 
+    def dependencies
+      params[:depends] || []
+    end
+
     def supports(sth, version = nil)
       # Ignore supports with metadata.rb. This file is legacy and the way it
       # it handles `supports` deprecated. A deprecation warning will be printed

data/lib/inspec/profile.rb

@@ -8,6 +8,7 @@ require 'inspec/polyfill'
 require 'inspec/fetcher'
 require 'inspec/source_reader'
 require 'inspec/metadata'
+require 'inspec/dependencies'
 
 module Inspec
   class Profile # rubocop:disable Metrics/ClassLength
@@ -206,6 +207,10 @@ module Inspec
       true
     end
 
+    def locked_dependencies
+      @locked_dependencies ||= load_dependencies
+    end
+
     private
 
     # Create an archive name for this profile and an additional options
@@ -290,5 +295,12 @@ module Inspec
       }
       groups[file][:controls].push(id)
     end
+
+    def load_dependencies
+      cwd = File.directory?(@target) ? @target : nil
+      res = Inspec::Dependencies.new(cwd, nil)
+      res.vendor(metadata.dependencies)
+      res
+    end
   end
 end

data/lib/inspec/profile_context.rb

@@ -22,6 +22,8 @@ module Inspec
       @backend = backend
       @conf = conf.dup
       @rules = {}
+      @dependencies = {}
+      @dependencies = conf['profile'].locked_dependencies unless conf['profile'].nil?
       @require_loader = ::Inspec::RequireLoader.new
       @attributes = []
       reload_dsl
@@ -30,7 +32,7 @@ module Inspec
     def reload_dsl
       resources_dsl = Inspec::Resource.create_dsl(@backend)
       ctx = create_context(resources_dsl, rule_context(resources_dsl))
-      @profile_context = ctx.new(@backend, @conf, @require_loader)
+      @profile_context = ctx.new(@backend, @conf, @dependencies, @require_loader)
     end
 
     def load_libraries(libs)
@@ -136,9 +138,10 @@ module Inspec
         include Inspec::DSL
         include resources_dsl
 
-        def initialize(backend, conf, require_loader) # rubocop:disable Lint/NestedMethodDefinition, Lint/DuplicateMethods
+        def initialize(backend, conf, dependencies, require_loader) # rubocop:disable Lint/NestedMethodDefinition, Lint/DuplicateMethods
           @backend = backend
           @conf = conf
+          @dependencies = dependencies
           @require_loader = require_loader
           @skip_profile = false
         end

data/lib/inspec/shell.rb

@@ -32,7 +32,7 @@ module Inspec
 
       # configure pry shell prompt
       Pry.config.prompt_name = 'inspec'
-      Pry.prompt = [proc { "\e[0;32m#{Pry.config.prompt_name}>\e[0m " }]
+      Pry.prompt = [proc { "#{readline_ignore("\e[0;32m")}#{Pry.config.prompt_name}> #{readline_ignore("\e[0m")}" }]
 
       # Add a help menu as the default intro
       Pry.hooks.add_hook(:before_session, :intro) do
@@ -40,8 +40,12 @@ module Inspec
       end
     end
 
+    def readline_ignore(code)
+      "\001#{code}\002"
+    end
+
     def mark(x)
-      "\033[1m#{x}\033[0m"
+      "#{readline_ignore("\033[1m")}#{x}#{readline_ignore("\033[0m")}"
     end
 
     def print_example(example)
@@ -83,6 +87,7 @@ You can use resources in this environment to test the target machine. For exampl
 
 You are currently running on:
 
+    OS platform:  #{mark ctx.os[:name] || 'unknown'}
     OS family:  #{mark ctx.os[:family] || 'unknown'}
     OS release: #{mark ctx.os[:release] || 'unknown'}
 

data/lib/inspec/shell_detector.rb

@@ -0,0 +1,90 @@
+# encoding: utf-8
+require 'etc'
+require 'rbconfig'
+
+module Inspec
+  #
+  # ShellDetector attempts to detect the shell the invoking user is
+  # running by checking:
+  #
+  #  - The command of our parent
+  #  - The SHELL environment variable
+  #  - The shell returned by getpwuid for our process UID
+  #
+  # Since none of these methods is fullproof, the detected shell is
+  # verified against a list of known shells before being returned to
+  # the caller.
+  #
+  class ShellDetector
+    NOT_DETECTED = Object.new.freeze
+    KNOWN_SHELLS = %w{bash zsh ksh csh sh fish}.freeze
+
+    def initialize
+      @shell = NOT_DETECTED
+    end
+
+    def shell
+      @shell = detect if !detected?(@shell)
+      @shell
+    end
+
+    def shell!
+      @shell = detect
+    end
+
+    private
+
+    def detect
+      # Most of our detection code assumes a unix-like environment
+      return nil if RbConfig::CONFIG['host_os'] =~ /mswin|mingw|cygwin/
+
+      shellpath = detect_by_ppid
+
+      if shellpath.nil? || shellpath.empty? || !known_shell?(shellpath)
+        shellpath = detect_by_env
+      end
+
+      if shellpath.nil? || shellpath.empty? || !known_shell?(shellpath)
+        shellpath = detect_by_getpwuid
+      end
+
+      shellname(shellpath) if known_shell?(shellpath)
+    end
+
+    def detected?(arg)
+      arg != NOT_DETECTED
+    end
+
+    def detect_by_ppid
+      ppid = Process.ppid
+      if Dir.exist?('/proc')
+        File.readlink("/proc/#{ppid}/exe")
+      else
+        `ps -cp #{ppid} -o command=`.chomp
+      end
+    end
+
+    def detect_by_env
+      ENV['SHELL']
+    end
+
+    def detect_by_getpwuid
+      Etc.getpwuid(Process.uid).shell
+    end
+
+    #
+    # Strip any leading path elements
+    #
+    def shellname(shellpath)
+      shellpath.split('/').last
+    end
+
+    #
+    # Only return shells that we know about, just to be sure we never
+    # do anything very silly.
+    #
+    def known_shell?(shell)
+      KNOWN_SHELLS.include?(shellname(shell))
+    end
+  end
+end

data/lib/inspec/version.rb

@@ -3,5 +3,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '0.29.0'.freeze
+  VERSION = '0.30.0'.freeze
 end

data/lib/resources/postgres.rb

@@ -12,29 +12,111 @@ module Inspec::Resources
     def initialize
       os = inspec.os
       if os.debian?
-        @service = 'postgresql'
-        @data_dir = '/var/lib/postgresql'
-        @version = inspec.command('ls /etc/postgresql/').stdout.chomp
-        @conf_dir = "/etc/postgresql/#{@version}/main"
+        #
+        # https://wiki.debian.org/PostgreSql
+        #
+        # Debian allows multiple versions of postgresql to be
+        # installed as well as multiple "clusters" to be configured.
+        #
+        version = version_from_dir('/etc/postgresql')
+        cluster = cluster_from_dir("/etc/postgresql/#{version}")
+        @conf_dir = "/etc/postgresql/#{version}/#{cluster}"
+        @data_dir = "/var/lib/postgresql/#{version}/#{cluster}"
       elsif os.redhat?
-        @service = 'postgresql'
-        @version = inspec.command('ls /var/lib/pgsql/').stdout.chomp
-        @data_dir = "/var/lib/pgsql/#{@version}/data"
+        #
+        # /var/lib/pgsql/data is the default data directory on RHEL6
+        # and RHEL7. However, PR #824 explicitly added version-based
+        # directories. Thus, we call #version_from_dir unless it looks
+        # like we are using unversioned directories.
+        #
+        # TODO(ssd): This has the potential to be noisy because of the
+        # warning in version_from_dir. We should determine which case
+        # is more common and only warn in the less common case.
+        #
+        version = if inspec.directory('/var/lib/pgsql/data').exist?
+                    warn 'Found /var/lib/pgsql/data. Assuming postgresql install uses un-versioned directories.'
+                    nil
+                  else
+                    version_from_dir('/var/lib/pgsql/')
+                  end
+
+        @data_dir = File.join('/var/lib/pgsql/', version.to_s, 'data')
       elsif os[:name] == 'arch'
-        @service = 'postgresql'
+        #
+        # https://wiki.archlinux.org/index.php/PostgreSQL
+        #
+        # The archlinux wiki points to /var/lib/postgresql/data as the
+        # main data directory.
+        #
         @data_dir = '/var/lib/postgres/data'
-        @conf_dir = '/var/lib/postgres/data'
       else
-        @service = 'postgresql'
-        @data_dir = '/var/lib/postgresql'
-        @conf_dir = '/var/lib/pgsql/data'
+        #
+        # According to https://www.postgresql.org/docs/9.5/static/creating-cluster.html
+        #
+        # > There is no default, although locations such as
+        # > /usr/local/pgsql/data or /var/lib/pgsql/data are popular.
+        #
+        @data_dir = '/var/lib/pgsql/data'
       end
 
+      @service = 'postgresql'
+      @conf_dir ||= @data_dir
+      verify_dirs
       @conf_path = File.join @conf_dir, 'postgresql.conf'
     end
 
     def to_s
       'PostgreSQL'
     end
+
+    private
+
+    def verify_dirs
+      if !inspec.directory(@conf_dir).exist?
+        warn "Default postgresql configuration directory: #{@conf_dir} does not exist. Postgresql may not be installed or we've misidentified the configuration directory."
+      end
+
+      if !inspec.directory(@data_dir).exist?
+        warn "Default postgresql data directory: #{@data_dir} does not exist. Postgresql may not be installed or we've misidentified the data directory."
+      end
+    end
+
+    def version_from_dir(dir)
+      dirs = inspec.command("ls -d #{dir}/*/").stdout
+      entries = dirs.lines.count
+      case entries
+      when 0
+        warn "Could not determine version of installed postgresql by inspecting #{dir}"
+        nil
+      when 1
+        warn "Using #{dirs}: #{dir_to_version(dirs)}"
+        dir_to_version(dirs)
+      else
+        warn "Multiple versions of postgresql installed or incorrect base dir #{dir}"
+        first = dir_to_version(dirs.lines.first)
+        warn "Using the first version found: #{first}"
+        first
+      end
+    end
+
+    def dir_to_version(dir)
+      dir.chomp.split('/').last
+    end
+
+    def cluster_from_dir(dir)
+      # Main is the default cluster name on debian use it if it
+      # exists.
+      if inspec.directory("#{dir}/main").exist?
+        'main'
+      else
+        dirs = inspec.command("ls -d #{dir}/*/").stdout.lines
+        first = dirs.first.chomp.split('/').last
+        if dirs.count > 1
+          warn "Multiple postgresql clusters configured or incorrect base dir #{dir}"
+          warn "Using the first directory found: #{first}"
+        end
+        first
+      end
+    end
   end
 end