inspec 0.9.11 → 0.10.1

data/lib/bundles/inspec-compliance/configuration.rb

@@ -0,0 +1,52 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+module Compliance
+  # stores configuration on local filesystem
+  class Configuration
+    def initialize
+      @config_path = File.join(Dir.home, '.inspec', 'compliance')
+      # ensure the directory is available
+      unless File.directory?(@config_path)
+        FileUtils.mkdir_p(@config_path)
+      end
+      # set config file path
+      @config_file = File.join(@config_path, '/config.json')
+      @config = {}
+
+      # load the data
+      get
+    end
+
+    # direct access to config
+    def [](key)
+      @config[key]
+    end
+
+    def []=(key, value)
+      @config[key] = value
+    end
+
+    # return the json data
+    def get
+      if File.exist?(@config_file)
+        file = File.read(@config_file)
+        @config = JSON.parse(file)
+      end
+      @config
+    end
+
+    # stores a hash to json
+    def store
+      File.open(@config_file, 'w') do |f|
+        f.write(@config.to_json)
+      end
+    end
+
+    # deletes data
+    def destroy
+      File.delete(@config_file)
+    end
+  end
+end

data/lib/bundles/inspec-compliance/target.rb

@@ -0,0 +1,61 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'uri'
+
+# InSpec Target Helper for Chef Compliance
+# reuses UrlHelper, but it knows the target server and the access token already
+# similar to `inspec exec http://localhost:2134/owners/%base%/compliance/%ssh%/tar --user %token%`
+module Compliance
+  class ChefComplianceHelper < Inspec::Targets::UrlHelper
+    def handles?(target)
+      # check for local scheme compliance://
+      uri = URI(target)
+      return unless URI(uri).scheme == 'compliance'
+
+      # check if we have a compliance token
+      config = Compliance::Configuration.new
+      return if config['token'].nil?
+
+      # get profile name
+      profile = get_profile_name(uri)
+
+      # verifies that the target e.g base/ssh exists
+      Compliance::API.exist?(profile)
+    rescue URI::Error => _e
+      false
+    end
+
+    # generates proper url
+    def resolve(target, opts = {})
+      profile = get_profile_name(URI(target))
+      # generates server url
+      target = build_target_url(profile)
+      config = Compliance::Configuration.new
+      opts['user'] = config['token']
+      puts target
+      super(target, opts)
+    end
+
+    # extracts profile name from url
+    def get_profile_name(uri)
+      uri.host + uri.path
+    end
+
+    def build_target_url(target)
+      owner, profile = target.split('/')
+      config = Compliance::Configuration.new
+      url = "#{config['server']}/owners/%owner_name%/compliance/%profile_name%/tar"
+            .gsub('%owner_name%', owner)
+            .gsub('%profile_name%', profile)
+      url
+    end
+
+    def to_s
+      'Chef Compliance Profile Loader'
+    end
+  end
+
+  Inspec::Targets.add_module('chefcompliance', ChefComplianceHelper.new)
+end

data/lib/bundles/inspec-supermarket.rb

@@ -0,0 +1,14 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+libdir = File.dirname(__FILE__)
+$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
+
+module Supermarket
+  autoload :Configuration, 'inspec-supermarket/configuration'
+  autoload :API, 'inspec-supermarket/api'
+end
+
+require 'inspec-supermarket/cli'
+require 'inspec-supermarket/target'

data/lib/bundles/inspec-supermarket/README.md

@@ -0,0 +1,31 @@
+# InSpec Extension for Chef Supermarket
+
+To use the CLI, this InSpec add-on adds the following commands:
+
+ * `$ inspec supermarket configure` - configures the supermarket server
+ * `$ inspec supermarket search` - searches for a compliance profile on supermarket
+ * `$ inspec supermarket exec nathenharvey/tmp-compliance-profile` - extends execute to load the profile
+
+ Compliance profiles from Supermarket can be executed in two mays:
+
+ - via supermarket exec: `inspec supermarket exec nathenharvey/tmp-compliance-profile`
+ - via supermarket scheme: `inspec exec supermarket://nathenharvey/tmp-compliance-profile`
+
+
+ # fetch all available profiles in local cache
+ # https://supermarket.chef.io/api/v1/tools-search\?q\=compliance_profile
+
+ # get the tool slug url
+ # https://supermarket.chef.io/api/v1/tools/tmp-compliance-profile
+ # https://supermarket.chef.io/api/v1/tools/tmp_compliance_profile
+ # response
+ # {
+ #     "description": "An InSpec compliance profile for use with Chef Compliance Server.\r\n",
+ #     "instructions": "## Installation\r\n\r\nDownload the [latest release](https://github.com/nathenharvey/tmp_compliance_profile/releases) from GitHub and upload the tar.gz to your Chef Compliance Server.\r\n\r\n## Controls Included\r\n\r\n* tmp-1.0 - A /tmp directory must exist\r\n* tmp-1.1 - The /tmp directory must be owned by the root user\r\n\r\n## License & Authors\r\n\r\n*Author:*  Nathen Harvey\r\n\r\n*Copyright:* 2015-2016, Chef Software, Inc.\r\n\r\n    Licensed under the Apache License, Version 2.0 (the \"License\");\r\n    you may not use this file except in compliance with the License.\r\n    You may obtain a copy of the License at\r\n\r\n        http://www.apache.org/licenses/LICENSE-2.0\r\n\r\n    Unless required by applicable law or agreed to in writing, software\r\n    distributed under the License is distributed on an \"AS IS\" BASIS,\r\n    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r\n    See the License for the specific language governing permissions and\r\n    limitations under the License.\r\n",
+ #     "name": "/tmp Compliance Profile",
+ #     "owner": "nathenharvey",
+ #     "slug": "tmp-compliance-profile",
+ #     "source_url": "https://github.com/nathenharvey/tmp_compliance_profile/",
+ #     "type": "compliance_profile",
+ #     "up_for_adoption": false
+ # }

data/lib/bundles/inspec-supermarket/TODO.md

@@ -0,0 +1,5 @@
+# take source_url
+# TODO:
+# - cache supermarket values
+# - configure supermarket url
+# - read github url from tool url

data/lib/bundles/inspec-supermarket/api.rb

@@ -0,0 +1,58 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+module Supermarket
+  class API
+    def self.profiles
+      url = 'https://supermarket.chef.io/api/v1/tools-search'
+      data = get(url, { :q => 'compliance_profile' })
+      if !data.nil?
+        profiles = JSON.parse(data)
+        profiles['items']
+        # val = []
+        # # iterate over profiles
+        # profiles.each_key { |org|
+        #   profiles[org].each_key { |name|
+        #     val.push({ org: org, name: name})
+        #   }
+        # }
+        # val
+      else
+        []
+      end
+    end
+
+    def self.info(slug)
+      url = "https://supermarket.chef.io/api/v1/tools/#{slug}"
+      data = get(url, {})
+      if !data.nil?
+        info = JSON.parse(data)
+      else
+        {}
+      end
+    end
+
+    private
+
+    def self.get(url, params)
+      uri = URI.parse(url)
+      uri.query = URI.encode_www_form(params)
+      req = Net::HTTP::Get.new(uri)
+      send_request(uri, req)
+    end
+
+    def self.send_request(uri, req)
+      # send request
+      res = Net::HTTP.start(uri.host, uri.port, :use_ssl => uri.scheme == 'https') {|http|
+        http.request(req)
+      }
+      if res.is_a?(Net::HTTPSuccess)
+        res.body
+      else
+        puts res.body
+        nil
+      end
+    end
+  end
+end

data/lib/bundles/inspec-supermarket/cache.rb

@@ -0,0 +1,30 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+module Supermarket
+  class Cache
+    def initialize
+      @config_path = File.join(ENV['HOME'], '/.inspec')
+      # ensure the directory is available
+      unless File.directory?(@config_path)
+        FileUtils.mkdir_p(@config_path)
+      end
+      # set cache file path
+      @cache_file = File.join(@config_path, '/supermarket-cache.json')
+    end
+
+    def update_cache(data)
+      File.open(@cache_file,"w") do |f|
+        f.write(data.to_json)
+      end
+    end
+
+    def retrieve_cache
+      if File.exists?(@cache_file)
+        file = File.read(@cache_file)
+        JSON.parse(file)
+      end
+    end
+  end
+end

data/lib/bundles/inspec-supermarket/cli.rb

@@ -0,0 +1,54 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+module Supermarket
+  class SupermarketCLI < Inspec::BaseCLI
+    namespace 'supermarket'
+
+    desc 'configure SERVER', 'Changes the default supermarket https://supermarket.chef.io/api/v1/'
+    def configure(server)
+    end
+
+    desc 'profiles', 'list all available profiles in Chef Supermarket'
+    def profiles
+      # display profiles in format nathenharvey/tmp_compliance_profile
+      supermarket_profiles = Supermarket::API.profiles
+      supermarket_profiles.each { |p|
+        m = %r{^https://supermarket.chef.io/api/v1/tools/(?<slug>[\w-]+)(/)?$}.match(p['tool'])
+        puts "#{p['tool_owner']}/#{m[:slug]}"
+      }
+    end
+
+    desc 'exec PROFILE', 'executes a Supermarket profile'
+    option :id, type: :string,
+      desc: 'Attach a profile ID to all test results'
+    target_options
+    option :format, type: :string
+    def exec(*tests)
+      # iterate over tests and add compliance scheme
+      tests = tests.map { |t| 'supermarket://' + t }
+
+      # execute profile from inspec exec implementation
+      diagnose
+      run_tests(opts, tests)
+    end
+
+    desc 'info profile', 'display profile details'
+    def info(profile)
+      # display profiles in format nathenharvey/tmp-compliance-profile
+      # name:  tmp_compliance_profile
+      # owner: nathenharvey
+      # description: ...
+      info = Supermarket::API.info('tmp-compliance-profile')
+      puts "name:   #{info['slug']}"
+      puts "owner:  #{info['owner']} "
+      puts "url:    #{info['source_url']}"
+      puts "\n"
+      puts "description:\n#{info['description']}"
+    end
+  end
+
+  # register the subcommand to Inspec CLI registry
+  Inspec::Plugins::CLI.register(Supermarket::SupermarketCLI, "supermarket", "supermarket SUBCOMMAND ...", "Supermarket commands", {})
+end

data/lib/bundles/inspec-supermarket/target.rb

@@ -0,0 +1,49 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'uri'
+
+# InSpec Target Helper for Supermarket
+module Supermarket
+  class SupermarketHelper < Inspec::Targets::UrlHelper
+    def handles?(profile)
+      # check for local scheme supermarket://
+      return unless URI(profile).scheme == 'supermarket'
+      # emulate supermarket namespace
+      profile == 'supermarket://nathenharvey/tmp-compliance-profile'
+    rescue URI::Error => e
+      false
+    end
+
+    # generates proper url
+    def resolve(profile, opts = {})
+      profile = get_profile_name(URI(target))
+      target = build_target_url(profile)
+      super(target, opts)
+    end
+
+    # extracts profile name from url
+    def get_profile_name(uri)
+      uri.host + uri.path
+    end
+
+    def build_target_url(target)
+
+      # read details from json
+      # extracts github url
+
+      supermarket, slug = target.split('/')
+      # search profile with slug
+      # get github url
+      # return github url
+      "https://github.com/nathenharvey/tmp_compliance_profile/"
+    end
+
+    def to_s
+      'Chef Compliance Profile Loader'
+    end
+  end
+
+  Inspec::Targets.add_module('supermarket', Supermarket::SupermarketHelper.new)
+end

data/lib/inspec.rb

@@ -12,9 +12,16 @@ $LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
 
 require 'inspec/version'
 require 'inspec/profile'
-require 'inspec/resource'
 require 'inspec/rspec_json_formatter'
 require 'inspec/rule'
+require 'matchers/matchers'
 require 'inspec/runner'
 require 'inspec/shell'
-require 'matchers/matchers'
+
+# all utils that may be required by plugins
+require 'utils/base_cli'
+
+# ensure resource and plugins are loaded after runner, because the runner loads
+# targets
+require 'inspec/resource'
+require 'inspec/plugins'

data/lib/inspec/metadata.rb

@@ -100,19 +100,27 @@ module Inspec
       !found.nil?
     end
 
-    def valid?
-      is_valid = true
+    # return all warn and errors
+    def valid
+      errors = []
+      warnings = []
+
       %w{ name version }.each do |field|
         next unless params[field.to_sym].nil?
-        @logger.error("Missing profile #{field} in #{ref}")
-        is_valid = false
+        errors.push("Missing profile #{field} in #{ref}")
       end
       %w{ title summary maintainer copyright }.each do |field|
         next unless params[field.to_sym].nil?
-        @logger.warn("Missing profile #{field} in #{ref}")
-        is_valid = false
+        warnings.push("Missing profile #{field} in #{ref}")
       end
-      is_valid && @missing_methods.empty?
+
+      [errors, warnings]
+    end
+
+    # returns true or false
+    def valid?
+      errors, _warnings = valid
+      errors.empty? && unsupported.empty?
     end
 
     def method_missing(sth, *args)
@@ -120,6 +128,10 @@ module Inspec
       @missing_methods.push(sth)
     end
 
+    def unsupported
+      @missing_methods
+    end
+
     def self.symbolize_keys(hash)
       hash.each_with_object({}) {|(k, v), h|
         v = symbolize_keys(v) if v.is_a?(Hash)
@@ -146,6 +158,8 @@ module Inspec
     end
 
     def self.from_ref(ref, contents, profile_id, logger = nil)
+      # NOTE there doesn't have to exist an actual file, it may come from an
+      # archive (i.e., contents)
       case File.basename(ref)
       when 'inspec.yml'
         from_yaml(ref, contents, profile_id, logger)

data/lib/inspec/plugins.rb

@@ -2,8 +2,49 @@
 # author: Dominik Richter
 # author: Christoph Hartmann
 
+require 'forwardable'
+
 module Inspec
+  # Resource Plugins
   module Plugins
     autoload :Resource, 'inspec/plugins/resource'
+    autoload :CLI, 'inspec/plugins/cli'
+  end
+
+  class PluginCtl
+    extend Forwardable
+
+    attr_reader :registry
+    def_delegator :registry, :keys, :list
+
+    def initialize(home = nil)
+      @home = home || File.join(Dir.home, '.inspec', 'plugins')
+      @paths = Dir[File.join(@home, '**{,/*/**}', '*.gemspec')]
+               .map { |x| File.dirname(x) }
+               .map { |x| Dir[File.join(x, 'lib', 'inspec-*.rb')] }
+               .flatten
+
+      # load bundled plugins
+      bundled_dir = File.expand_path(File.dirname(__FILE__))
+      @paths += Dir[File.join(bundled_dir, '..', 'bundles', 'inspec-*.rb')].flatten
+
+      # map paths to names
+      @registry = Hash[@paths.map { |x|
+        [File.basename(x, '.rb'), x]
+      }]
+    end
+
+    def load(name)
+      path = @registry[name]
+      if path.nil?
+        fail "Couldn't find plugin #{name}. Searching in #{@home}"
+      end
+      # puts "Loading plugin #{name} from #{path}"
+      require path
+    end
   end
 end
+
+# Load all plugins on startup
+ctl = Inspec::PluginCtl.new
+ctl.list.each { |x| ctl.load(x) }