inspec 0.32.0 → 0.33.0

data/lib/inspec/dependencies/resolver.rb

@@ -23,9 +23,9 @@ module Inspec
   # implementation of the fetcher being used.
   #
   class Resolver
-    def self.resolve(dependencies, vendor_index, working_dir)
+    def self.resolve(dependencies, vendor_index, working_dir, backend)
       reqs = dependencies.map do |dep|
-        req = Inspec::Requirement.from_metadata(dep, vendor_index, cwd: working_dir)
+        req = Inspec::Requirement.from_metadata(dep, vendor_index, cwd: working_dir, backend: backend)
         req || fail("Cannot initialize dependency: #{req}")
       end
       new.resolve(reqs)

data/lib/inspec/dsl.rb

@@ -18,19 +18,6 @@ module Inspec::DSL
   alias require_rules require_controls
   alias include_rules include_controls
 
-  def self.rule_from_check(m, a, b)
-    if a.is_a?(Array) && !a.empty? &&
-       a[0].respond_to?(:resource_skipped) &&
-       !a[0].resource_skipped.nil?
-      ::Inspec::Rule.__send__(m, *a) do
-        it a[0].resource_skipped
-      end
-    else
-      # execute the method
-      ::Inspec::Rule.__send__(m, *a, &b)
-    end
-  end
-
   def self.load_spec_files_for_profile(bind_context, opts, &block)
     dependencies = opts[:dependencies]
     profile_id = opts[:profile_id]
@@ -43,25 +30,21 @@ of #{bind_context.profile_name}.
 
 Dependencies available from this context are:
 
-     #{dependencies.list.keys.join("\n    ")}
+    #{dependencies.list.keys.join("\n    ")}
 EOF
     end
 
-    context = load_profile_context(dep_entry.profile, opts[:backend])
-
+    context = dep_entry.profile.runner_context
     # if we don't want all the rules, then just make 1 pass to get all rule_IDs
     # that we want to keep from the original
     filter_included_controls(context, dep_entry.profile, &block) if !opts[:include_all]
-
     # interpret the block and skip/modify as required
     context.load(block) if block_given?
-
     bind_context.add_subcontext(context)
   end
 
   def self.filter_included_controls(context, profile, &block)
-    mock = Inspec::Backend.create({ backend: 'mock' })
-    include_ctx = Inspec::ProfileContext.for_profile(profile, mock)
+    include_ctx = profile.runner_context
     include_ctx.load(block) if block_given?
     # remove all rules that were not registered
     context.rules.keys.each do |id|
@@ -70,16 +53,4 @@ EOF
       end
     end
   end
-
-  def self.load_profile_context(profile, backend)
-    ctx = Inspec::ProfileContext.for_profile(profile, backend)
-    profile.libraries.each do |path, content|
-      ctx.load(content.to_s, path, 1)
-      ctx.reload_dsl
-    end
-    profile.tests.each do |path, content|
-      ctx.load(content.to_s, path, 1)
-    end
-    ctx
-  end
 end

data/lib/inspec/dsl_shared.rb

@@ -0,0 +1,25 @@
+# encoding: utf-8
+module Inspec
+  #
+  # Contains methods we would like in multiple DSL
+  #
+  module DSL
+    module RequireOverride
+      # Save the toplevel require method to load all ruby dependencies.
+      # It is used whenever the `require 'lib'` is not in libraries.
+      alias __ruby_require require
+
+      def require(path)
+        rbpath = path + '.rb'
+        return __ruby_require(path) if !@require_loader.exists?(rbpath)
+        return false if @require_loader.loaded?(rbpath)
+
+        # This is equivalent to calling `require 'lib'` with lib on disk.
+        # We cannot rely on libraries residing on disk however.
+        # TODO: Sandboxing.
+        content, path, line = @require_loader.load(rbpath)
+        eval(content, TOPLEVEL_BINDING, path, line) # rubocop:disable Lint/Eval
+      end
+    end
+  end
+end

data/lib/inspec/library_eval_context.rb

@@ -0,0 +1,47 @@
+# encoding: utf-8
+# author: Steven Danna
+# author: Victoria Jeffrey
+require 'inspec/plugins/resource'
+require 'inspec/dsl_shared'
+
+module Inspec
+  #
+  # LibaryEvalContext constructs an instance of an anonymous class
+  # that library files will be instance_exec'd against.
+  #
+  # The anonymous class ensures that `Inspec.resource(1)` will return
+  # an anonymouse class that is suitable as the parent class of an
+  # inspec resource. The class returned will have the resource
+  # registry used by all dsl methods bound to the resource registry
+  # passed into the #create constructor.
+  #
+  #
+  class LibraryEvalContext
+    def self.create(registry, require_loader)
+      c = Class.new do
+        extend Inspec::ResourceDSL
+        include Inspec::ResourceBehaviors
+        define_singleton_method :__resource_registry do
+          registry
+        end
+      end
+
+      c2 = Class.new do
+        define_singleton_method :resource do |version|
+          Inspec.validate_resource_dsl_version!(version)
+          c
+        end
+      end
+
+      c3 = Class.new do
+        include Inspec::DSL::RequireOverride
+        def initialize(require_loader) # rubocop:disable Lint/NestedMethodDefinition
+          @require_loader = require_loader
+        end
+      end
+
+      c3.const_set(:Inspec, c2)
+      c3.new(require_loader)
+    end
+  end
+end

data/lib/inspec/plugins/resource.rb

@@ -3,83 +3,83 @@
 # author: Christoph Hartmann
 
 module Inspec
-  module Plugins
-    class Resource
-      def self.name(name = nil)
-        return if name.nil?
-        @name = name
-        Inspec::Plugins::Resource.__register(name, self)
-      end
+  module ResourceBehaviors
+    def to_s
+      @__resource_name__
+    end
 
-      def self.desc(description = nil)
-        return if description.nil?
-        Inspec::Resource.registry[@name].desc(description)
-      end
+    # Overwrite inspect to provide better output to RSpec results.
+    #
+    # @return [String] full name of the resource
+    def inspect
+      to_s
+    end
+  end
 
-      def self.example(example = nil)
-        return if example.nil?
-        Inspec::Resource.registry[@name].example(example)
-      end
+  module ResourceDSL
+    def name(name = nil)
+      return if name.nil?
+      @name = name
+      __register(name, self)
+    end
 
-      def self.__register(name, obj)
-        # rubocop:disable Lint/NestedMethodDefinition, Lint/DuplicateMethods
-        cl = Class.new(obj) do
-          # add some common methods
-          include Inspec::Plugins::ResourceCommon
-          def initialize(backend, name, *args)
-            # attach the backend to this instance
-            @__backend_runner__ = backend
-            @__resource_name__ = name
-            # call the resource initializer
-            super(*args)
-          end
+    def desc(description = nil)
+      return if description.nil?
+      __resource_registry[@name].desc(description)
+    end
 
-          def self.desc(description = nil)
-            return @description if description.nil?
-            @description = description
-          end
+    def example(example = nil)
+      return if example.nil?
+      __resource_registry[@name].example(example)
+    end
 
-          def self.example(example = nil)
-            return @example if example.nil?
-            @example = example
-          end
+    def __resource_registry
+      Inspec::Resource.registry
+    end
 
-          def inspec
-            @__backend_runner__
-          end
+    def __register(name, obj)
+      # rubocop:disable Lint/NestedMethodDefinition
+      cl = Class.new(obj) do
+        def initialize(backend, name, *args)
+          # attach the backend to this instance
+          @__backend_runner__ = backend
+          @__resource_name__ = name
+          # call the resource initializer
+          super(*args)
         end
-        # rubocop:enable Lint/NestedMethodDefinition
 
-        # add the resource to the registry by name with a newly-named registry class
-        klass_name = name.split('_').map(&:capitalize).join
-        Inspec::Resource::Registry.const_set(klass_name, cl)
-        Inspec::Resource.registry[name] = Inspec::Resource::Registry.const_get(klass_name)
-      end
+        def self.desc(description = nil)
+          return @description if description.nil?
+          @description = description
+        end
 
-      # Define methods which are available to all resources
-      # and may be overwritten.
+        def self.example(example = nil)
+          return @example if example.nil?
+          @example = example
+        end
 
-      # Print the name of the resource
-      def to_s
-        @__resource_name__
-      end
+        def resource_skipped
+          @resource_skipped
+        end
 
-      # Overwrite inspect to provide better output to RSpec results.
-      #
-      # @return [String] full name of the resource
-      def inspect
-        to_s
-      end
-    end
+        def skip_resource(message)
+          @resource_skipped = message
+        end
 
-    module ResourceCommon
-      def resource_skipped
-        @resource_skipped
+        def inspec
+          @__backend_runner__
+        end
       end
 
-      def skip_resource(message)
-        @resource_skipped = message
-      end
+      # rubocop:enable Lint/NestedMethodDefinition
+      __resource_registry[name] = cl
+    end
+  end
+
+  module Plugins
+    class Resource
+      extend Inspec::ResourceDSL
+      include Inspec::ResourceBehaviors
     end
   end
 end

data/lib/inspec/profile.rb

@@ -8,6 +8,9 @@ require 'inspec/polyfill'
 require 'inspec/fetcher'
 require 'inspec/source_reader'
 require 'inspec/metadata'
+require 'inspec/backend'
+require 'inspec/rule'
+require 'inspec/profile_context'
 require 'inspec/dependencies/lockfile'
 require 'inspec/dependencies/dependency_set'
 
@@ -15,9 +18,8 @@ module Inspec
   class Profile # rubocop:disable Metrics/ClassLength
     extend Forwardable
 
-    def self.resolve_target(target, opts)
+    def self.resolve_target(target)
       # Fetchers retrieve file contents
-      opts[:target] = target
       fetcher = Inspec::Fetcher.resolve(target)
       if fetcher.nil?
         fail("Could not fetch inspec profile in #{target.inspect}.")
@@ -32,8 +34,8 @@ module Inspec
       reader
     end
 
-    def self.for_target(target, opts)
-      new(resolve_target(target, opts), opts)
+    def self.for_target(target, opts = {})
+      new(resolve_target(target), opts.merge(target: target))
     end
 
     attr_reader :source_reader
@@ -48,9 +50,14 @@ module Inspec
       @target = @options.delete(:target)
       @logger = @options[:logger] || Logger.new(nil)
       @source_reader = source_reader
+      if options[:dependencies]
+        @locked_dependencies = options[:dependencies]
+      end
+      @controls = options[:controls] || []
       @profile_id = @options[:id]
-      @runner_context = nil
+      @backend = @options[:backend] || Inspec::Backend.create(options)
       Metadata.finalize(@source_reader.metadata, @profile_id)
+      @runner_context = @options[:profile_context] || Inspec::ProfileContext.for_profile(self, @backend)
     end
 
     def name
@@ -61,6 +68,46 @@ module Inspec
       @params ||= load_params
     end
 
+    def collect_tests(include_list = @controls)
+      if !@tests_collected
+        locked_dependencies.each(&:collect_tests)
+
+        tests.each do |path, content|
+          next if content.nil? || content.empty?
+          abs_path = source_reader.target.abs_path(path)
+          @runner_context.load_control_file(content, abs_path, nil)
+        end
+        @tests_collected = true
+      end
+      filter_controls(@runner_context.all_rules, include_list)
+    end
+
+    def filter_controls(controls_array, include_list)
+      return controls_array if include_list.nil? || include_list.empty?
+      controls_array.select do |c|
+        id = ::Inspec::Rule.rule_id(c)
+        include_list.include?(id)
+      end
+    end
+
+    def load_libraries
+      locked_dependencies.each do |d|
+        c = d.load_libraries
+        @runner_context.add_resources(c)
+      end
+
+      libs = libraries.map do |path, content|
+        [content, path]
+      end
+
+      @runner_context.load_libraries(libs)
+      @runner_context
+    end
+
+    def to_s
+      "Inspec::Profile<#{name}>"
+    end
+
     def info
       res = params.dup
       # add information about the controls
@@ -249,11 +296,15 @@ module Inspec
     # @return [Inspec::Lockfile]
     #
     def generate_lockfile(vendor_path = nil)
-      res = Inspec::DependencySet.new(cwd, vendor_path)
+      res = Inspec::DependencySet.new(cwd, vendor_path, nil, @backend)
       res.vendor(metadata.dependencies)
       Inspec::Lockfile.from_dependency_set(res)
     end
 
+    def load_dependencies
+      Inspec::DependencySet.from_lockfile(lockfile, cwd, nil, @backend)
+    end
+
     private
 
     # Create an archive name for this profile and an additional options
@@ -282,34 +333,17 @@ module Inspec
       params
     end
 
-    #
-    # Returns a new runner for the current profile.
-    #
-    # @params [Symbol] The type of backend to use when constructing a
-    #                  new runner.
-    # @returns [Inspec::Runner]
-    #
-    def runner_for_profile(backend = :mock)
-      opts = @options.dup
-      opts[:ignore_supports] = true
-      r = Runner.new(id: @profile_id,
-                     backend: backend,
-                     test_collector: opts.delete(:test_collector))
-      r.add_profile(self, opts)
-      r
-    end
-
     def load_checks_params(params)
+      load_libraries
+      tests = collect_tests
       params[:controls] = controls = {}
       params[:groups] = groups = {}
       prefix = @source_reader.target.prefix || ''
-      # Load from the runner_context if it exists
-      runner = @runner_context || runner_for_profile
-      runner.all_rules.each do |rule|
+      tests.each do |rule|
         f = load_rule_filepath(prefix, rule)
         load_rule(rule, f, controls, groups)
       end
-      params[:attributes] = runner.attributes
+      params[:attributes] = @runner_context.attributes
       params
     end
 
@@ -338,9 +372,5 @@ module Inspec
       }
       groups[file][:controls].push(id)
     end
-
-    def load_dependencies
-      Inspec::DependencySet.from_lockfile(lockfile, cwd, nil)
-    end
   end
 end