inspec 0.35.0 → 1.0.0.beta2

data/lib/inspec/profile_context.rb

@@ -17,7 +17,8 @@ module Inspec
                                    'attributes' => attributes })
     end
 
-    attr_reader :attributes, :rules, :profile_id, :resource_registry
+    attr_reader :attributes, :profile_id, :resource_registry, :backend
+    attr_accessor :rules
     def initialize(profile_id, backend, conf)
       if backend.nil?
         fail 'ProfileContext is initiated with a backend == nil. ' \
@@ -27,7 +28,8 @@ module Inspec
       @backend = backend
       @conf = conf.dup
       @rules = {}
-      @subcontexts = []
+      @control_subcontexts = []
+      @lib_subcontexts = []
       @require_loader = ::Inspec::RequireLoader.new
       @attributes = []
       # A local resource registry that only contains resources defined
@@ -45,7 +47,7 @@ module Inspec
     end
 
     def to_resources_dsl
-      Inspec::Resource.create_dsl(@backend, @resource_registry)
+      Inspec::Resource.create_dsl(self)
     end
 
     def control_eval_context
@@ -65,20 +67,34 @@ module Inspec
       @conf['profile'].supports_os?
     end
 
-    def all_rules
+    def all_controls
       ret = @rules.values
-      ret += @subcontexts.map(&:all_rules).flatten
+      ret += @control_subcontexts.map(&:all_rules).flatten
       ret
     end
+    alias all_rules all_controls
+
+    def subcontext_by_name(name)
+      found = @lib_subcontexts.find { |c| c.profile_id == name }
+      if !found
+        @lib_subcontexts.each do |c|
+          found = c.subcontext_by_name(name)
+          break if found
+        end
+      end
+
+      found
+    end
 
     def add_resources(context)
       @resource_registry.merge!(context.resource_registry)
       control_eval_context.add_resources(context)
+      @lib_subcontexts << context
       reload_dsl
     end
 
     def add_subcontext(context)
-      @subcontexts << context
+      @control_subcontexts << context
     end
 
     def load_libraries(libs)
@@ -132,7 +148,12 @@ module Inspec
 
     def register_rule(r)
       # get the full ID
-      r.instance_variable_set(:@__file, current_load[:file])
+      file = if @current_load.nil?
+               'unknown'
+             else
+               @current_load[:file] || 'unknown'
+             end
+      r.instance_variable_set(:@__file, file)
       r.instance_variable_set(:@__group_title, current_load[:title])
 
       # add the rule to the registry

data/lib/inspec/resource.rb

@@ -6,6 +6,8 @@
 require 'inspec/plugins'
 
 module Inspec
+  class ProfileNotFound < StandardError; end
+
   class Resource
     def self.default_registry
       @default_registry ||= {}
@@ -25,9 +27,22 @@ module Inspec
     #
     # @param backend [BackendRunner] exposing the target to resources
     # @return [ResourcesDSL]
-    def self.create_dsl(backend, my_registry = registry)
-      # need the local name, to use it in the module creation further down
+    def self.create_dsl(profile_context)
+      backend = profile_context.backend
+      my_registry = profile_context.resource_registry
+
       Module.new do
+        define_method :resource_class do |profile_name, resource_name|
+          inner_context = if profile_name == profile_context.profile_id
+                            profile_context
+                          else
+                            profile_context.subcontext_by_name(profile_name)
+                          end
+
+          fail ProfileNotFound, "Cannot find profile named: #{profile_name}" if inner_context.nil?
+          inner_context.resource_registry[resource_name]
+        end
+
         my_registry.each do |id, r|
           define_method id.to_sym do |*args|
             r.new(backend, id.to_s, *args)

data/lib/inspec/rspec_json_formatter.rb

@@ -36,11 +36,8 @@ class InspecRspecMiniJson < RSpec::Core::Formatters::JsonFormatter
   # Called after stop has been called and the run is complete.
   def dump_summary(summary)
     @output_hash[:version] = Inspec::VERSION
-    @output_hash[:summary] = {
+    @output_hash[:statistics] = {
       duration: summary.duration,
-      example_count: summary.example_count,
-      failure_count: summary.failure_count,
-      skip_count: summary.pending_count,
     }
   end
 
@@ -86,7 +83,7 @@ class InspecRspecMiniJson < RSpec::Core::Formatters::JsonFormatter
   end
 end
 
-class InspecRspecJson < InspecRspecMiniJson
+class InspecRspecJson < InspecRspecMiniJson # rubocop:disable Metrics/ClassLength
   RSpec::Core::Formatters.register self, :start, :stop, :dump_summary
   attr_writer :backend
 
@@ -108,7 +105,7 @@ class InspecRspecJson < InspecRspecMiniJson
   def start(_notification)
     # Note that the default profile may have no name - therefore
     # the hash may have a valid nil => entry.
-    @profiles_info ||= Hash[@profiles.map { |x| profile_info(x) }]
+    @profiles_info = @profiles.map(&:info!).map(&:dup)
   end
 
   def dump_one_example(example, control)
@@ -133,20 +130,59 @@ class InspecRspecJson < InspecRspecMiniJson
     @output_hash[:other_checks] = missing
   end
 
-  def dump_summary(summary)
-    super(summary)
+  def controls_summary
+    failed = 0
+    skipped = 0
+    passed = 0
+    critical = 0
+    major = 0
+    minor = 0
+
+    @control_tests.each do |control|
+      next if control[:id].start_with? '(generated from '
+      next unless control[:results]
+      if control[:results].any? { |r| r[:status] == 'failed' }
+        failed += 1
+        if control[:impact] >= 0.7
+          critical += 1
+        elsif control[:impact] >= 0.4
+          major += 1
+        else
+          minor += 1
+        end
+      elsif control[:results].any? { |r| r[:status] == 'skipped' }
+        skipped += 1
+      else
+        passed += 1
+      end
+    end
+
+    total = failed + passed + skipped
+
+    { 'total' => total,
+      'failed' => {
+        'total' => failed,
+        'critical' => critical,
+        'major' => major,
+        'minor' => minor,
+      },
+      'skipped' => skipped,
+      'passed' => passed }
+  end
+
+  def tests_summary
     total = 0
     failed = 0
     skipped = 0
     passed = 0
 
-    @profiles_info.each do |_name, profile|
-      total += profile[:controls].length
-      profile[:controls].each do |_control_name, control|
-        next unless control[:results]
-        if control[:results].any? { |r| r[:status] == 'failed' }
+    all_tests = @anonymous_tests + @control_tests
+    all_tests.each do |control|
+      next unless control[:results]
+      control[:results].each do |result|
+        if result[:status] == 'failed'
           failed += 1
-        elsif control[:results].any? { |r| r[:status] == 'skipped' }
+        elsif result[:status] == 'skipped'
           skipped += 1
         else
           passed += 1
@@ -154,16 +190,11 @@ class InspecRspecJson < InspecRspecMiniJson
       end
     end
 
-    # TODO: provide this information in the output
+    { 'total' => total, 'failed' => failed, 'skipped' => skipped, 'passed' => passed }
   end
 
   private
 
-  def profile_info(profile)
-    info = profile.info.dup
-    [info[:name], info]
-  end
-
   #
   # TODO(ssd+vj): We should probably solve this by either ensuring the example has
   # the profile_id of the top level profile when it is included as a dependency, or
@@ -171,7 +202,7 @@ class InspecRspecJson < InspecRspecMiniJson
   # this heuristic matching.
   #
   def example2profile(example, profiles)
-    profiles.values.find { |p| profile_contains_example?(p, example) }
+    profiles.find { |p| profile_contains_example?(p, example) }
   end
 
   def profile_contains_example?(profile, example)
@@ -180,7 +211,7 @@ class InspecRspecJson < InspecRspecMiniJson
     # Case 2: The profile contains a control that matches the id of the example
     if profile[:name] == example[:profile_id]
       true
-    elsif profile[:controls] && profile[:controls].key?(example[:id])
+    elsif profile[:controls] && profile[:controls].any? { |x| x[:id] == example[:id] }
       true
     else
       false
@@ -188,8 +219,9 @@ class InspecRspecJson < InspecRspecMiniJson
   end
 
   def example2control(example, profiles)
-    p = example2profile(example, profiles)
-    p[:controls][example[:id]] if p && p[:controls]
+    profile = example2profile(example, profiles)
+    return nil unless profile && profile[:controls]
+    profile[:controls].find { |x| x[:id] == example[:id] }
   end
 
   def format_example(example)
@@ -246,16 +278,17 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
     @current_profile = nil
     @missing_controls = []
     @anonymous_tests = []
+    @control_tests = []
     super(*args)
   end
 
-  def close(_notification)
+  def close(_notification) # rubocop:disable Metrics/AbcSize
     flush_current_control
     output.puts('') unless @current_control.nil?
     print_tests
     output.puts('')
 
-    @profiles_info.each do |_id, profile|
+    @profiles_info.each do |profile|
       next if profile[:already_printed]
       @current_profile = profile
       next unless print_current_profile
@@ -266,13 +299,20 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
       output.puts('')
     end
 
-    res = @output_hash[:summary]
-    passed = res[:example_count] - res[:failure_count] - res[:skip_count]
-    s = format('Summary: %s%d successful%s, %s%d failures%s, %s%d skipped%s',
-               COLORS['passed'], passed, COLORS['reset'],
-               COLORS['failed'], res[:failure_count], COLORS['reset'],
-               COLORS['skipped'], res[:skip_count], COLORS['reset'])
-    output.puts(s)
+    controls_res = controls_summary
+    tests_res = tests_summary
+
+    s = format('Profile Summary: %s%d successful%s, %s%d failures%s, %s%d skipped%s',
+               COLORS['passed'], controls_res['passed'], COLORS['reset'],
+               COLORS['failed'], controls_res['failed']['total'], COLORS['reset'],
+               COLORS['skipped'], controls_res['skipped'], COLORS['reset'])
+    output.puts(s) if controls_res['total'] > 0
+
+    s = format('Test Summary: %s%d successful%s, %s%d failures%s, %s%d skipped%s',
+               COLORS['passed'], tests_res['passed'], COLORS['reset'],
+               COLORS['failed'], tests_res['failed'], COLORS['reset'],
+               COLORS['skipped'], tests_res['skipped'], COLORS['reset'])
+    output.puts(s) if !@anonymous_tests.empty? || @current_control.nil?
   end
 
   private
@@ -371,7 +411,11 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
       test_color = @colors[test_status]
       indicator = @indicators[x[:status]]
       indicator = @indicators['empty'] if indicator.nil?
-      msg = x[:message] || x[:skip_message] || x[:code_desc]
+      if x[:message]
+        msg = x[:code_desc] + "\n" + x[:message]
+      else
+        msg = x[:skip_message] || x[:code_desc]
+      end
       print_line(
         color:      test_color,
         indicator:  @indicators['small'] + indicator,
@@ -414,7 +458,7 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
     return if @current_control.nil?
 
     prev_profile = @current_profile
-    @current_profile = @profiles_info[@current_control[:profile_id]]
+    @current_profile = @profiles_info.find { |i| i[:id] == @current_control[:profile_id] }
     print_current_profile if prev_profile != @current_profile
 
     fails, skips, passes, summary_indicator = current_control_infos
@@ -425,6 +469,7 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
     if control_id.start_with? '(generated from '
       @anonymous_tests.push(@current_control)
     else
+      @control_tests.push(@current_control)
       print_line(
         color:      @colors[summary_indicator] || '',
         indicator:  @indicators[summary_indicator] || @indicators['unknown'],

data/lib/inspec/runner.rb

@@ -11,6 +11,7 @@ require 'inspec/profile_context'
 require 'inspec/profile'
 require 'inspec/metadata'
 require 'inspec/secrets'
+require 'inspec/dependencies/cache'
 # spec requirements
 
 module Inspec
@@ -32,7 +33,6 @@ module Inspec
     extend Forwardable
 
     def_delegator :@test_collector, :report
-    def_delegator :@test_collector, :reset
 
     attr_reader :backend, :rules, :attributes
     def initialize(conf = {})
@@ -42,7 +42,8 @@ module Inspec
       @target_profiles = []
       @controls = @conf[:controls] || []
       @ignore_supports = @conf[:ignore_supports]
-
+      @create_lockfile = @conf[:create_lockfile]
+      @cache = Inspec::Cache.new(@conf[:cache])
       @test_collector = @conf.delete(:test_collector) || begin
         require 'inspec/runner_rspec'
         RunnerRspec.new(@conf)
@@ -64,12 +65,20 @@ module Inspec
       @test_collector.backend = @backend
     end
 
-    def run(with = nil)
-      Inspec::Log.debug "Starting run with targets: #{@target_profiles.map(&:to_s)}"
+    def reset
+      @test_collector.reset
+      @target_profiles.each do |profile|
+        profile.runner_context.rules = {}
+      end
+      @rules = []
+    end
+
+    def load
       all_controls = []
 
       @target_profiles.each do |profile|
         @test_collector.add_profile(profile)
+        write_lockfile(profile) if @create_lockfile
         profile.locked_dependencies
         profile.load_libraries
         @attributes |= profile.runner_context.attributes
@@ -79,7 +88,27 @@ module Inspec
       all_controls.each do |rule|
         register_rule(rule)
       end
+    end
+
+    def run(with = nil)
+      Inspec::Log.debug "Starting run with targets: #{@target_profiles.map(&:to_s)}"
+      load
+      run_tests(with)
+    end
 
+    def write_lockfile(profile)
+      return false if !profile.writable?
+
+      if profile.lockfile_exists?
+        Inspec::Log.debug "Using existing lockfile #{profile.lockfile_path}"
+      else
+        Inspec::Log.debug "Creating lockfile: #{profile.lockfile_path}"
+        lockfile = profile.generate_lockfile
+        File.write(profile.lockfile_path, lockfile.to_yaml)
+      end
+    end
+
+    def run_tests(with = nil)
       @test_collector.run(with)
     end
 
@@ -126,6 +155,7 @@ module Inspec
     #
     def add_target(target, _opts = [])
       profile = Inspec::Profile.for_target(target,
+                                           cache: @cache,
                                            backend: @backend,
                                            controls: @controls,
                                            attributes: @conf[:attributes])
@@ -133,20 +163,6 @@ module Inspec
       @target_profiles << profile if supports_profile?(profile)
     end
 
-    #
-    # This is used by inspec-shell and inspec-detect. This should
-    # probably be cleaned up a bit.
-    #
-    # @params [Hash] Options
-    # @returns [Inspec::ProfileContext]
-    #
-    def create_context(options = {})
-      meta = options[:metadata]
-      profile_id = nil
-      profile_id = meta.params[:name] unless meta.nil?
-      Inspec::ProfileContext.new(profile_id, @backend, @conf.merge(options))
-    end
-
     def supports_profile?(profile)
       return true if @ignore_supports
 
@@ -180,6 +196,14 @@ module Inspec
       new_tests
     end
 
+    def eval_with_virtual_profile(command)
+      require 'fetchers/mock'
+      add_target({ 'inspec.yml' => 'name: inspec-shell' })
+      our_profile = @target_profiles.first
+      ctx = our_profile.runner_context
+      ctx.load(command)
+    end
+
     private
 
     def block_source_info(block)