RubyGems - inspec - Versions diffs - 2.1.0 → 2.1.10 - Mend

inspec 2.1.0 → 2.1.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (489) hide show

checksums.yaml +4 -4
data/.rubocop.yml +101 -101
data/CHANGELOG.md +3024 -3004
data/Gemfile +55 -55
data/LICENSE +14 -14
data/MAINTAINERS.md +33 -33
data/MAINTAINERS.toml +52 -52
data/README.md +447 -446
data/Rakefile +322 -322
data/bin/inspec +12 -12
data/docs/.gitignore +2 -2
data/docs/README.md +40 -40
data/docs/dsl_inspec.md +258 -258
data/docs/dsl_resource.md +100 -93
data/docs/glossary.md +99 -99
data/docs/habitat.md +191 -191
data/docs/inspec_and_friends.md +114 -114
data/docs/matchers.md +169 -169
data/docs/migration.md +293 -293
data/docs/platforms.md +118 -118
data/docs/plugin_kitchen_inspec.md +50 -50
data/docs/profiles.md +376 -376
data/docs/reporters.md +105 -105
data/docs/resources/aide_conf.md.erb +75 -75
data/docs/resources/apache.md.erb +67 -67
data/docs/resources/apache_conf.md.erb +68 -68
data/docs/resources/apt.md.erb +71 -71
data/docs/resources/audit_policy.md.erb +47 -47
data/docs/resources/auditd.md.erb +79 -79
data/docs/resources/auditd_conf.md.erb +68 -68
data/docs/resources/aws_cloudtrail_trail.md.erb +140 -140
data/docs/resources/aws_cloudtrail_trails.md.erb +81 -81
data/docs/resources/aws_cloudwatch_alarm.md.erb +86 -86
data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +151 -151
data/docs/resources/aws_config_recorder.md.erb +71 -71
data/docs/resources/aws_ec2_instance.md.erb +106 -106
data/docs/resources/aws_iam_access_key.md.erb +123 -123
data/docs/resources/aws_iam_access_keys.md.erb +198 -198
data/docs/resources/aws_iam_group.md.erb +46 -46
data/docs/resources/aws_iam_groups.md.erb +43 -43
data/docs/resources/aws_iam_password_policy.md.erb +76 -76
data/docs/resources/aws_iam_policies.md.erb +82 -82
data/docs/resources/aws_iam_policy.md.erb +144 -144
data/docs/resources/aws_iam_role.md.erb +63 -63
data/docs/resources/aws_iam_root_user.md.erb +58 -58
data/docs/resources/aws_iam_user.md.erb +64 -64
data/docs/resources/aws_iam_users.md.erb +89 -89
data/docs/resources/aws_kms_keys.md.erb +84 -84
data/docs/resources/aws_route_table.md.erb +47 -47
data/docs/resources/aws_s3_bucket.md.erb +134 -134
data/docs/resources/aws_s3_bucket_object.md.erb +83 -0
data/docs/resources/aws_security_group.md.erb +151 -151
data/docs/resources/aws_security_groups.md.erb +91 -91
data/docs/resources/aws_sns_subscription.md.erb +125 -0
data/docs/resources/aws_sns_topic.md.erb +63 -63
data/docs/resources/aws_sns_topics.md.erb +52 -0
data/docs/resources/aws_subnet.md.erb +134 -134
data/docs/resources/aws_subnets.md.erb +126 -126
data/docs/resources/aws_vpc.md.erb +120 -120
data/docs/resources/aws_vpcs.md.erb +48 -48
data/docs/resources/azure_generic_resource.md.erb +171 -171
data/docs/resources/azure_resource_group.md.erb +284 -284
data/docs/resources/azure_virtual_machine.md.erb +347 -347
data/docs/resources/azure_virtual_machine_data_disk.md.erb +224 -224
data/docs/resources/bash.md.erb +75 -75
data/docs/resources/bond.md.erb +90 -90
data/docs/resources/bridge.md.erb +57 -57
data/docs/resources/bsd_service.md.erb +67 -67
data/docs/resources/command.md.erb +138 -138
data/docs/resources/cpan.md.erb +79 -79
data/docs/resources/cran.md.erb +64 -64
data/docs/resources/crontab.md.erb +89 -89
data/docs/resources/csv.md.erb +54 -54
data/docs/resources/dh_params.md.erb +205 -205
data/docs/resources/directory.md.erb +30 -30
data/docs/resources/docker.md.erb +219 -219
data/docs/resources/docker_container.md.erb +103 -103
data/docs/resources/docker_image.md.erb +94 -94
data/docs/resources/docker_service.md.erb +114 -114
data/docs/resources/elasticsearch.md.erb +242 -242
data/docs/resources/etc_fstab.md.erb +125 -125
data/docs/resources/etc_group.md.erb +75 -75
data/docs/resources/etc_hosts.md.erb +78 -78
data/docs/resources/etc_hosts_allow.md.erb +74 -74
data/docs/resources/etc_hosts_deny.md.erb +74 -74
data/docs/resources/file.md.erb +526 -526
data/docs/resources/filesystem.md.erb +41 -41
data/docs/resources/firewalld.md.erb +107 -107
data/docs/resources/gem.md.erb +79 -79
data/docs/resources/group.md.erb +61 -61
data/docs/resources/grub_conf.md.erb +101 -101
data/docs/resources/host.md.erb +86 -86
data/docs/resources/http.md.erb +196 -196
data/docs/resources/iis_app.md.erb +122 -122
data/docs/resources/iis_site.md.erb +135 -135
data/docs/resources/inetd_conf.md.erb +94 -94
data/docs/resources/ini.md.erb +76 -76
data/docs/resources/interface.md.erb +58 -58
data/docs/resources/iptables.md.erb +64 -64
data/docs/resources/json.md.erb +63 -63
data/docs/resources/kernel_module.md.erb +120 -120
data/docs/resources/kernel_parameter.md.erb +53 -53
data/docs/resources/key_rsa.md.erb +85 -85
data/docs/resources/launchd_service.md.erb +57 -57
data/docs/resources/limits_conf.md.erb +75 -75
data/docs/resources/{login_def.md.erb → login_defs.md.erb} +71 -71
data/docs/resources/mount.md.erb +69 -69
data/docs/resources/mssql_session.md.erb +60 -60
data/docs/resources/mysql_conf.md.erb +99 -99
data/docs/resources/mysql_session.md.erb +74 -74
data/docs/resources/nginx.md.erb +79 -79
data/docs/resources/nginx_conf.md.erb +138 -128
data/docs/resources/npm.md.erb +60 -60
data/docs/resources/ntp_conf.md.erb +60 -60
data/docs/resources/oneget.md.erb +53 -53
data/docs/resources/oracledb_session.md.erb +52 -52
data/docs/resources/os.md.erb +141 -141
data/docs/resources/os_env.md.erb +78 -78
data/docs/resources/package.md.erb +120 -120
data/docs/resources/packages.md.erb +67 -67
data/docs/resources/parse_config.md.erb +103 -103
data/docs/resources/parse_config_file.md.erb +138 -138
data/docs/resources/passwd.md.erb +141 -141
data/docs/resources/pip.md.erb +67 -67
data/docs/resources/port.md.erb +137 -137
data/docs/resources/postgres_conf.md.erb +79 -79
data/docs/resources/postgres_hba_conf.md.erb +93 -93
data/docs/resources/postgres_ident_conf.md.erb +76 -76
data/docs/resources/postgres_session.md.erb +69 -69
data/docs/resources/powershell.md.erb +102 -102
data/docs/resources/processes.md.erb +109 -109
data/docs/resources/rabbitmq_config.md.erb +41 -41
data/docs/resources/registry_key.md.erb +158 -158
data/docs/resources/runit_service.md.erb +57 -57
data/docs/resources/security_policy.md.erb +47 -47
data/docs/resources/service.md.erb +121 -121
data/docs/resources/shadow.md.erb +146 -146
data/docs/resources/ssh_config.md.erb +73 -80
data/docs/resources/sshd_config.md.erb +83 -83
data/docs/resources/ssl.md.erb +119 -119
data/docs/resources/sys_info.md.erb +42 -42
data/docs/resources/systemd_service.md.erb +57 -57
data/docs/resources/sysv_service.md.erb +57 -57
data/docs/resources/upstart_service.md.erb +57 -57
data/docs/resources/user.md.erb +140 -140
data/docs/resources/users.md.erb +127 -127
data/docs/resources/vbscript.md.erb +55 -55
data/docs/resources/virtualization.md.erb +57 -57
data/docs/resources/windows_feature.md.erb +47 -47
data/docs/resources/windows_hotfix.md.erb +53 -53
data/docs/resources/windows_task.md.erb +95 -95
data/docs/resources/wmi.md.erb +81 -81
data/docs/resources/x509_certificate.md.erb +151 -151
data/docs/resources/xinetd_conf.md.erb +156 -156
data/docs/resources/xml.md.erb +85 -85
data/docs/resources/yaml.md.erb +69 -69
data/docs/resources/yum.md.erb +98 -98
data/docs/resources/zfs_dataset.md.erb +53 -53
data/docs/resources/zfs_pool.md.erb +47 -47
data/docs/ruby_usage.md +203 -203
data/docs/shared/matcher_be.md.erb +1 -1
data/docs/shared/matcher_cmp.md.erb +43 -43
data/docs/shared/matcher_eq.md.erb +3 -3
data/docs/shared/matcher_include.md.erb +1 -1
data/docs/shared/matcher_match.md.erb +1 -1
data/docs/shell.md +217 -217
data/examples/README.md +8 -8
data/examples/inheritance/README.md +65 -65
data/examples/inheritance/controls/example.rb +14 -14
data/examples/inheritance/inspec.yml +15 -15
data/examples/kitchen-ansible/.kitchen.yml +25 -25
data/examples/kitchen-ansible/Gemfile +19 -19
data/examples/kitchen-ansible/README.md +53 -53
data/examples/kitchen-ansible/files/nginx.repo +6 -6
data/examples/kitchen-ansible/tasks/main.yml +16 -16
data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
data/examples/kitchen-chef/.kitchen.yml +20 -20
data/examples/kitchen-chef/Berksfile +3 -3
data/examples/kitchen-chef/Gemfile +19 -19
data/examples/kitchen-chef/README.md +27 -27
data/examples/kitchen-chef/metadata.rb +7 -7
data/examples/kitchen-chef/recipes/default.rb +6 -6
data/examples/kitchen-chef/recipes/nginx.rb +30 -30
data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
data/examples/kitchen-puppet/.kitchen.yml +22 -22
data/examples/kitchen-puppet/Gemfile +20 -20
data/examples/kitchen-puppet/Puppetfile +25 -25
data/examples/kitchen-puppet/README.md +53 -53
data/examples/kitchen-puppet/manifests/site.pp +33 -33
data/examples/kitchen-puppet/metadata.json +11 -11
data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
data/examples/meta-profile/README.md +37 -37
data/examples/meta-profile/controls/example.rb +13 -13
data/examples/meta-profile/inspec.yml +13 -13
data/examples/profile-attribute.yml +2 -2
data/examples/profile-attribute/README.md +14 -14
data/examples/profile-attribute/controls/example.rb +11 -11
data/examples/profile-attribute/inspec.yml +8 -8
data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -8
data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -8
data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -8
data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -8
data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -8
data/examples/profile-aws/inspec.yml +11 -11
data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -24
data/examples/profile-azure/controls/azure_vm_example.rb +29 -29
data/examples/profile-azure/inspec.yml +11 -11
data/examples/profile-sensitive/README.md +29 -29
data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
data/examples/profile-sensitive/controls/sensitive.rb +9 -9
data/examples/profile-sensitive/inspec.yml +8 -8
data/examples/profile/README.md +48 -48
data/examples/profile/controls/example.rb +23 -23
data/examples/profile/controls/gordon.rb +36 -36
data/examples/profile/controls/meta.rb +34 -34
data/examples/profile/inspec.yml +10 -10
data/examples/profile/libraries/gordon_config.rb +53 -53
data/inspec.gemspec +47 -47
data/lib/bundles/README.md +3 -3
data/lib/bundles/inspec-artifact.rb +7 -7
data/lib/bundles/inspec-artifact/README.md +1 -1
data/lib/bundles/inspec-artifact/cli.rb +277 -277
data/lib/bundles/inspec-compliance.rb +16 -16
data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
data/lib/bundles/inspec-compliance/README.md +185 -185
data/lib/bundles/inspec-compliance/api.rb +316 -316
data/lib/bundles/inspec-compliance/api/login.rb +152 -152
data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
data/lib/bundles/inspec-compliance/cli.rb +254 -254
data/lib/bundles/inspec-compliance/configuration.rb +103 -103
data/lib/bundles/inspec-compliance/http.rb +86 -86
data/lib/bundles/inspec-compliance/support.rb +36 -36
data/lib/bundles/inspec-compliance/target.rb +98 -98
data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
data/lib/bundles/inspec-habitat.rb +12 -12
data/lib/bundles/inspec-habitat/cli.rb +36 -36
data/lib/bundles/inspec-habitat/log.rb +10 -10
data/lib/bundles/inspec-habitat/profile.rb +390 -390
data/lib/bundles/inspec-init.rb +8 -8
data/lib/bundles/inspec-init/README.md +31 -31
data/lib/bundles/inspec-init/cli.rb +97 -97
data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
data/lib/bundles/inspec-supermarket.rb +13 -13
data/lib/bundles/inspec-supermarket/README.md +45 -45
data/lib/bundles/inspec-supermarket/api.rb +84 -84
data/lib/bundles/inspec-supermarket/cli.rb +73 -73
data/lib/bundles/inspec-supermarket/target.rb +34 -34
data/lib/fetchers/git.rb +163 -163
data/lib/fetchers/local.rb +74 -74
data/lib/fetchers/mock.rb +35 -35
data/lib/fetchers/url.rb +204 -204
data/lib/inspec.rb +24 -24
data/lib/inspec/archive/tar.rb +29 -29
data/lib/inspec/archive/zip.rb +19 -19
data/lib/inspec/backend.rb +93 -93
data/lib/inspec/base_cli.rb +357 -355
data/lib/inspec/cached_fetcher.rb +66 -66
data/lib/inspec/cli.rb +292 -292
data/lib/inspec/completions/bash.sh.erb +45 -45
data/lib/inspec/completions/fish.sh.erb +34 -34
data/lib/inspec/completions/zsh.sh.erb +61 -61
data/lib/inspec/control_eval_context.rb +179 -179
data/lib/inspec/dependencies/cache.rb +72 -72
data/lib/inspec/dependencies/dependency_set.rb +92 -92
data/lib/inspec/dependencies/lockfile.rb +115 -115
data/lib/inspec/dependencies/requirement.rb +123 -123
data/lib/inspec/dependencies/resolver.rb +86 -86
data/lib/inspec/describe.rb +27 -27
data/lib/inspec/dsl.rb +66 -66
data/lib/inspec/dsl_shared.rb +33 -33
data/lib/inspec/env_printer.rb +157 -157
data/lib/inspec/errors.rb +13 -13
data/lib/inspec/exceptions.rb +12 -12
data/lib/inspec/expect.rb +45 -45
data/lib/inspec/fetcher.rb +45 -45
data/lib/inspec/file_provider.rb +275 -275
data/lib/inspec/formatters.rb +3 -3
data/lib/inspec/formatters/base.rb +250 -250
data/lib/inspec/formatters/json_rspec.rb +20 -20
data/lib/inspec/formatters/show_progress.rb +12 -12
data/lib/inspec/library_eval_context.rb +58 -58
data/lib/inspec/log.rb +11 -11
data/lib/inspec/metadata.rb +247 -247
data/lib/inspec/method_source.rb +24 -24
data/lib/inspec/objects.rb +14 -14
data/lib/inspec/objects/attribute.rb +65 -65
data/lib/inspec/objects/control.rb +61 -61
data/lib/inspec/objects/describe.rb +92 -92
data/lib/inspec/objects/each_loop.rb +36 -36
data/lib/inspec/objects/list.rb +15 -15
data/lib/inspec/objects/or_test.rb +40 -40
data/lib/inspec/objects/ruby_helper.rb +15 -15
data/lib/inspec/objects/tag.rb +27 -27
data/lib/inspec/objects/test.rb +87 -87
data/lib/inspec/objects/value.rb +27 -27
data/lib/inspec/plugins.rb +60 -60
data/lib/inspec/plugins/cli.rb +24 -24
data/lib/inspec/plugins/fetcher.rb +86 -86
data/lib/inspec/plugins/resource.rb +135 -135
data/lib/inspec/plugins/secret.rb +15 -15
data/lib/inspec/plugins/source_reader.rb +40 -40
data/lib/inspec/polyfill.rb +12 -12
data/lib/inspec/profile.rb +510 -510
data/lib/inspec/profile_context.rb +207 -207
data/lib/inspec/profile_vendor.rb +66 -66
data/lib/inspec/reporters.rb +54 -54
data/lib/inspec/reporters/base.rb +24 -24
data/lib/inspec/reporters/cli.rb +356 -356
data/lib/inspec/reporters/json.rb +116 -116
data/lib/inspec/reporters/json_min.rb +48 -48
data/lib/inspec/reporters/junit.rb +77 -77
data/lib/inspec/require_loader.rb +33 -33
data/lib/inspec/resource.rb +186 -186
data/lib/inspec/rule.rb +266 -266
data/lib/inspec/runner.rb +345 -345
data/lib/inspec/runner_mock.rb +41 -41
data/lib/inspec/runner_rspec.rb +175 -175
data/lib/inspec/runtime_profile.rb +26 -26
data/lib/inspec/schema.rb +213 -213
data/lib/inspec/secrets.rb +19 -19
data/lib/inspec/secrets/yaml.rb +30 -30
data/lib/inspec/shell.rb +220 -220
data/lib/inspec/shell_detector.rb +90 -90
data/lib/inspec/source_reader.rb +29 -29
data/lib/inspec/version.rb +8 -8
data/lib/matchers/matchers.rb +339 -339
data/lib/resource_support/aws.rb +44 -41
data/lib/resource_support/aws/aws_backend_base.rb +12 -12
data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -12
data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -21
data/lib/resource_support/aws/aws_resource_mixin.rb +66 -66
data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -24
data/lib/resources/aide_conf.rb +151 -159
data/lib/resources/apache.rb +48 -48
data/lib/resources/apache_conf.rb +149 -156
data/lib/resources/apt.rb +149 -149
data/lib/resources/audit_policy.rb +63 -63
data/lib/resources/auditd.rb +231 -231
data/lib/resources/auditd_conf.rb +46 -55
data/lib/resources/aws/aws_cloudtrail_trail.rb +77 -77
data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -47
data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -62
data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -100
data/lib/resources/aws/aws_config_recorder.rb +98 -98
data/lib/resources/aws/aws_ec2_instance.rb +157 -157
data/lib/resources/aws/aws_iam_access_key.rb +106 -106
data/lib/resources/aws/aws_iam_access_keys.rb +149 -149
data/lib/resources/aws/aws_iam_group.rb +56 -56
data/lib/resources/aws/aws_iam_groups.rb +52 -52
data/lib/resources/aws/aws_iam_password_policy.rb +116 -116
data/lib/resources/aws/aws_iam_policies.rb +53 -53
data/lib/resources/aws/aws_iam_policy.rb +125 -125
data/lib/resources/aws/aws_iam_role.rb +51 -51
data/lib/resources/aws/aws_iam_root_user.rb +60 -60
data/lib/resources/aws/aws_iam_user.rb +111 -111
data/lib/resources/aws/aws_iam_users.rb +108 -108
data/lib/resources/aws/aws_kms_keys.rb +53 -53
data/lib/resources/aws/aws_route_table.rb +61 -61
data/lib/resources/aws/aws_s3_bucket.rb +115 -115
data/lib/resources/aws/aws_s3_bucket_object.rb +82 -0
data/lib/resources/aws/aws_security_group.rb +93 -93
data/lib/resources/aws/aws_security_groups.rb +68 -68
data/lib/resources/aws/aws_sns_subscription.rb +78 -0
data/lib/resources/aws/aws_sns_topic.rb +53 -53
data/lib/resources/aws/aws_sns_topics.rb +56 -0
data/lib/resources/aws/aws_subnet.rb +88 -88
data/lib/resources/aws/aws_subnets.rb +53 -53
data/lib/resources/aws/aws_vpc.rb +69 -69
data/lib/resources/aws/aws_vpcs.rb +45 -45
data/lib/resources/azure/azure_backend.rb +377 -377
data/lib/resources/azure/azure_generic_resource.rb +59 -59
data/lib/resources/azure/azure_resource_group.rb +152 -152
data/lib/resources/azure/azure_virtual_machine.rb +264 -264
data/lib/resources/azure/azure_virtual_machine_data_disk.rb +136 -136
data/lib/resources/bash.rb +35 -35
data/lib/resources/bond.rb +69 -68
data/lib/resources/bridge.rb +122 -122
data/lib/resources/command.rb +73 -73
data/lib/resources/cpan.rb +58 -58
data/lib/resources/cran.rb +64 -64
data/lib/resources/crontab.rb +169 -169
data/lib/resources/csv.rb +56 -60
data/lib/resources/dh_params.rb +77 -82
data/lib/resources/directory.rb +25 -25
data/lib/resources/docker.rb +236 -236
data/lib/resources/docker_container.rb +89 -89
data/lib/resources/docker_image.rb +83 -83
data/lib/resources/docker_object.rb +57 -57
data/lib/resources/docker_service.rb +90 -90
data/lib/resources/elasticsearch.rb +169 -169
data/lib/resources/etc_fstab.rb +94 -101
data/lib/resources/etc_group.rb +152 -152
data/lib/resources/etc_hosts.rb +66 -82
data/lib/resources/etc_hosts_allow_deny.rb +112 -122
data/lib/resources/file.rb +298 -298
data/lib/resources/filesystem.rb +31 -31
data/lib/resources/firewalld.rb +143 -143
data/lib/resources/gem.rb +70 -70
data/lib/resources/groups.rb +215 -215
data/lib/resources/grub_conf.rb +227 -237
data/lib/resources/host.rb +306 -306
data/lib/resources/http.rb +251 -251
data/lib/resources/iis_app.rb +101 -101
data/lib/resources/iis_site.rb +148 -148
data/lib/resources/inetd_conf.rb +54 -62
data/lib/resources/ini.rb +29 -29
data/lib/resources/interface.rb +129 -129
data/lib/resources/iptables.rb +80 -80
data/lib/resources/json.rb +107 -117
data/lib/resources/kernel_module.rb +107 -107
data/lib/resources/kernel_parameter.rb +58 -58
data/lib/resources/key_rsa.rb +61 -67
data/lib/resources/limits_conf.rb +46 -55
data/lib/resources/login_def.rb +57 -66
data/lib/resources/mount.rb +88 -88
data/lib/resources/mssql_session.rb +101 -101
data/lib/resources/mysql.rb +81 -81
data/lib/resources/mysql_conf.rb +127 -134
data/lib/resources/mysql_session.rb +85 -85
data/lib/resources/nginx.rb +96 -96
data/lib/resources/nginx_conf.rb +226 -227
data/lib/resources/npm.rb +48 -48
data/lib/resources/ntp_conf.rb +51 -58
data/lib/resources/oneget.rb +71 -71
data/lib/resources/oracledb_session.rb +139 -139
data/lib/resources/os.rb +36 -36
data/lib/resources/os_env.rb +76 -76
data/lib/resources/package.rb +370 -370
data/lib/resources/packages.rb +111 -111
data/lib/resources/parse_config.rb +112 -116
data/lib/resources/passwd.rb +76 -74
data/lib/resources/pip.rb +89 -89
data/lib/resources/platform.rb +109 -109
data/lib/resources/port.rb +771 -771
data/lib/resources/postgres.rb +130 -130
data/lib/resources/postgres_conf.rb +114 -121
data/lib/resources/postgres_hba_conf.rb +90 -99
data/lib/resources/postgres_ident_conf.rb +79 -76
data/lib/resources/postgres_session.rb +71 -71
data/lib/resources/powershell.rb +53 -53
data/lib/resources/processes.rb +204 -204
data/lib/resources/rabbitmq_conf.rb +51 -52
data/lib/resources/registry_key.rb +296 -296
data/lib/resources/security_policy.rb +180 -180
data/lib/resources/service.rb +790 -789
data/lib/resources/shadow.rb +149 -146
data/lib/resources/ssh_conf.rb +97 -102
data/lib/resources/ssl.rb +99 -99
data/lib/resources/sys_info.rb +28 -28
data/lib/resources/toml.rb +32 -32
data/lib/resources/users.rb +654 -654
data/lib/resources/vbscript.rb +68 -68
data/lib/resources/virtualization.rb +247 -247
data/lib/resources/windows_feature.rb +84 -84
data/lib/resources/windows_hotfix.rb +35 -35
data/lib/resources/windows_task.rb +102 -102
data/lib/resources/wmi.rb +110 -110
data/lib/resources/x509_certificate.rb +137 -143
data/lib/resources/xinetd.rb +106 -111
data/lib/resources/xml.rb +46 -46
data/lib/resources/yaml.rb +43 -47
data/lib/resources/yum.rb +180 -180
data/lib/resources/zfs_dataset.rb +60 -60
data/lib/resources/zfs_pool.rb +49 -49
data/lib/source_readers/flat.rb +39 -39
data/lib/source_readers/inspec.rb +75 -75
data/lib/utils/command_wrapper.rb +27 -27
data/lib/utils/convert.rb +12 -12
data/lib/utils/database_helpers.rb +77 -77
data/lib/utils/erlang_parser.rb +192 -192
data/lib/utils/file_reader.rb +25 -0
data/lib/utils/filter.rb +272 -272
data/lib/utils/filter_array.rb +27 -27
data/lib/utils/find_files.rb +44 -44
data/lib/utils/hash.rb +41 -41
data/lib/utils/json_log.rb +18 -18
data/lib/utils/latest_version.rb +22 -22
data/lib/utils/modulator.rb +12 -12
data/lib/utils/nginx_parser.rb +85 -85
data/lib/utils/object_traversal.rb +49 -49
data/lib/utils/parser.rb +274 -274
data/lib/utils/plugin_registry.rb +93 -93
data/lib/utils/simpleconfig.rb +120 -120
data/lib/utils/spdx.rb +13 -13
data/lib/utils/spdx.txt +343 -343
metadata +12 -5

data/lib/bundles/inspec-compliance.rb CHANGED Viewed

@@ -1,16 +1,16 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-libdir = File.dirname(__FILE__)
-$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
-module Compliance
-  autoload :Configuration, 'inspec-compliance/configuration'
-  autoload :HTTP, 'inspec-compliance/http'
-  autoload :Support, 'inspec-compliance/support'
-  autoload :API, 'inspec-compliance/api'
-end
-require 'inspec-compliance/cli'
-require 'inspec-compliance/target'
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+libdir = File.dirname(__FILE__)
+$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
+module Compliance
+  autoload :Configuration, 'inspec-compliance/configuration'
+  autoload :HTTP, 'inspec-compliance/http'
+  autoload :Support, 'inspec-compliance/support'
+  autoload :API, 'inspec-compliance/api'
+end
+require 'inspec-compliance/cli'
+require 'inspec-compliance/target'

data/lib/bundles/inspec-compliance/.kitchen.yml CHANGED Viewed

@@ -1,20 +1,20 @@
----
-driver:
-  name: vagrant
-  synced_folders:
-    - ['../../../', '/inspec']
-  network:
-    - ['private_network', {ip: '192.168.251.2'}]
-provisioner:
-  name: shell
-verifier:
-  name: inspec
-platforms:
-  - name: ubuntu-14.04
-suites:
-  - name: default
-    run_list:
-    attributes:
+---
+driver:
+  name: vagrant
+  synced_folders:
+    - ['../../../', '/inspec']
+  network:
+    - ['private_network', {ip: '192.168.251.2'}]
+provisioner:
+  name: shell
+verifier:
+  name: inspec
+platforms:
+  - name: ubuntu-14.04
+suites:
+  - name: default
+    run_list:
+    attributes:

data/lib/bundles/inspec-compliance/README.md CHANGED Viewed

@@ -1,185 +1,185 @@
-# InSpec Extension for Chef Compliance
-This extensions offers the following features:
- - list available profiles in Chef Automate/Chef Compliance
- - execute profiles directly from Chef Automate/Chef Compliance locally
- - upload a local profile to Chef Automate/Chef Compliance
-To use the CLI, this InSpec add-on adds the following commands:
- * `$ inspec compliance login` - authentication of the API token against Chef Automate/Chef Compliance
- * `$ inspec compliance profiles` - list all available Compliance profiles
- * `$ inspec exec compliance://profile` - runs a Compliance profile
- * `$ inspec compliance upload path/to/local/profile` - uploads a local profile to Chef Automate/Chef Compliance
- * `$ inspec compliance logout` - logout of Chef Automate/Chef Compliance
-Compliance profiles can be executed in two mays:
-- via compliance exec: `inspec compliance exec profile`
-- via compliance scheme: `inspec exec compliance://profile`
-## Usage
-### Command options
-```
-$ inspec compliance
-Commands:
-  inspec compliance download PROFILE  # downloads a profile from Chef Compliance
-  inspec compliance exec PROFILE      # executes a Chef Compliance profile
-  inspec compliance help [COMMAND]    # Describe subcommands or one specific subcommand
-  inspec compliance login SERVER      # Log in to a Chef Automate/Chef Compliance SERVER
-  inspec compliance logout            # user logout from Chef Compliance
-  inspec compliance profiles          # list all available profiles in Chef Compliance
-  inspec compliance upload PATH       # uploads a local profile to Chef Compliance
-  inspec compliance version           # displays the version of the Chef Compliance server
-```
-### Login with Chef Automate
-You will need an access token for authentication. You can retrieve one via [UI](https://docs.chef.io/api_delivery.html) or [CLI](https://docs.chef.io/ctl_delivery.html#delivery-token).
-```
-$ inspec compliance login https://automate.compliance.test --insecure --user 'admin' --ent 'brewinc' --token 'zuop..._KzE'
-```
-### Login with Chef Compliance
-You will need an access token for authentication. You can retrieve one via:
-![Chef Compliance Token](images/cc-token.png)
-You can choose the access token (`--token`) or the refresh token (`--refresh_token`)
-```
-$ inspec compliance login https://compliance.test --user admin --insecure --token '...'
-```
-### List available profiles via Chef Compliance / Automate
-```
-$ inspec compliance profiles
-Available profiles:
--------------------
- * base/apache
- * base/linux
- * base/mysql
- * base/postgres
- * base/ssh
- * base/windows
- * cis/cis-centos6-level1
- * cis/cis-centos6-level2
- * cis/cis-centos7-level1
- * cis/cis-centos7-level2
- * cis/cis-rhel7-level1
- * cis/cis-rhel7-level2
- * cis/cis-ubuntu12.04lts-level1
- * cis/cis-ubuntu12.04lts-level2
- * cis/cis-ubuntu14.04lts-level1
- * cis/cis-ubuntu14.04lts-level2
-```
-### Upload a profile to Chef Compliance / Automate
-```
-$ inspec compliance version
-Chef Compliance version: 1.0.11
-➜  inspec git:(chris-rock/cc-error-not-loggedin) ✗ b inspec compliance upload examples/profile
-I, [2016-05-06T14:27:20.907547 #37592]  INFO -- : Checking profile in examples/profile
-I, [2016-05-06T14:27:20.907668 #37592]  INFO -- : Metadata OK.
-I, [2016-05-06T14:27:20.968584 #37592]  INFO -- : Found 4 controls.
-I, [2016-05-06T14:27:20.968638 #37592]  INFO -- : Control definitions OK.
-Profile is valid
-Generate temporary profile archive at /var/folders/jy/2bnrfb4s36jbjtzllvhhyqhw0000gn/T/profile20160506-37592-1tf326f.tar.gz
-I, [2016-05-06T14:27:21.020017 #37592]  INFO -- : Generate archive /var/folders/jy/2bnrfb4s36jbjtzllvhhyqhw0000gn/T/profile20160506-37592-1tf326f.tar.gz.
-I, [2016-05-06T14:27:21.024837 #37592]  INFO -- : Finished archive generation.
-Start upload to admin/profile
-Uploading to Chef Compliance
-Successfully uploaded profile
-# display all profiles
-$ inspec compliance profiles
-Available profiles:
--------------------
- * admin/profile
- * base/apache
- * base/linux
- * base/mysql
- * base/postgres
- * base/ssh
- * base/windows
- * cis/cis-centos6-level1
- * cis/cis-centos6-level2
- * cis/cis-centos7-level1
- * cis/cis-centos7-level2
- * cis/cis-rhel7-level1
- * cis/cis-rhel7-level2
- * cis/cis-ubuntu12.04lts-level1
- * cis/cis-ubuntu12.04lts-level2
- * cis/cis-ubuntu14.04lts-level1
- * cis/cis-ubuntu14.04lts-level2
-```
-### Run a profile from Chef Compliance / Chef Automate on Workstation
-```
-$ inspec exec compliance://admin/profile
-.*...
-Pending: (Failures listed here are expected and do not affect your suite's status)
-  1) gordon_config Can't find file "/tmp/gordon/config.yaml"
-     # Not yet implemented
-     # ./lib/inspec/runner.rb:157
-Finished in 0.02862 seconds (files took 0.62628 seconds to load)
-5 examples, 0 failures, 1 pending
-```
-Exec a specific version(2.0.1) of a profile when logged in with Automate:
-```
-$ inspec exec compliance://admin/apache-baseline#2.0.1
-```
-Download a specific version(2.0.2) of a profile when logged in with Automate:
-```
-$ inspec compliance download compliance://admin/apache-baseline#2.0.2
-```
-### To Logout from Chef Compliance
-```
-$ inspec compliance logout
-Successfully logged out
-```
-## Integration Tests
-At this point of time, InSpec is not able to pick up the token directly, therefore the integration test is semi-automatic at this point of time:
- * run `kitchen converge`
- * open https://192.168.251.2 and log in with user `admin` and password `admin`
- * click on user->about and obtain the access token and the refresh token
- * run `kitchen verify` with the required env variables:
-```
-# both token need to be set, since the test suite runs for each token type
-export COMPLIANCE_ACCESSTOKEN='mycompliancetoken'
-export COMPLIANCE_REFRESHTOKEN='myrefreshtoken'
-kitchen verify
------> Starting Kitchen (v1.7.3)
------> Verifying <default-ubuntu-1404>...
-       Search `/Users/chartmann/Development/compliance/inspec/lib/bundles/inspec-compliance/test/integration/default` for tests
-..................................
-Finished in 6.35 seconds (files took 0.40949 seconds to load)
-34 examples, 0 failures
-       Finished verifying <default-ubuntu-1404> (0m6.62s).
------> Kitchen is finished. (0m7.02s)
-zlib(finalizer): the stream was freed prematurely.
-```
+# InSpec Extension for Chef Compliance
+This extensions offers the following features:
+ - list available profiles in Chef Automate/Chef Compliance
+ - execute profiles directly from Chef Automate/Chef Compliance locally
+ - upload a local profile to Chef Automate/Chef Compliance
+To use the CLI, this InSpec add-on adds the following commands:
+ * `$ inspec compliance login` - authentication of the API token against Chef Automate/Chef Compliance
+ * `$ inspec compliance profiles` - list all available Compliance profiles
+ * `$ inspec exec compliance://profile` - runs a Compliance profile
+ * `$ inspec compliance upload path/to/local/profile` - uploads a local profile to Chef Automate/Chef Compliance
+ * `$ inspec compliance logout` - logout of Chef Automate/Chef Compliance
+Compliance profiles can be executed in two ways:
+- via compliance exec: `inspec compliance exec profile`
+- via compliance scheme: `inspec exec compliance://profile`
+## Usage
+### Command options
+```
+$ inspec compliance
+Commands:
+  inspec compliance download PROFILE  # downloads a profile from Chef Compliance
+  inspec compliance exec PROFILE      # executes a Chef Compliance profile
+  inspec compliance help [COMMAND]    # Describe subcommands or one specific subcommand
+  inspec compliance login SERVER      # Log in to a Chef Automate/Chef Compliance SERVER
+  inspec compliance logout            # user logout from Chef Compliance
+  inspec compliance profiles          # list all available profiles in Chef Compliance
+  inspec compliance upload PATH       # uploads a local profile to Chef Compliance
+  inspec compliance version           # displays the version of the Chef Compliance server
+```
+### Login with Chef Automate
+You will need an access token for authentication. You can retrieve one via [UI](https://docs.chef.io/api_delivery.html) or [CLI](https://docs.chef.io/ctl_delivery.html#delivery-token).
+```
+$ inspec compliance login https://automate.compliance.test --insecure --user 'admin' --ent 'brewinc' --token 'zuop..._KzE'
+```
+### Login with Chef Compliance
+You will need an access token for authentication. You can retrieve one via:
+![Chef Compliance Token](images/cc-token.png)
+You can choose the access token (`--token`) or the refresh token (`--refresh_token`)
+```
+$ inspec compliance login https://compliance.test --user admin --insecure --token '...'
+```
+### List available profiles via Chef Compliance / Automate
+```
+$ inspec compliance profiles
+Available profiles:
+-------------------
+ * base/apache
+ * base/linux
+ * base/mysql
+ * base/postgres
+ * base/ssh
+ * base/windows
+ * cis/cis-centos6-level1
+ * cis/cis-centos6-level2
+ * cis/cis-centos7-level1
+ * cis/cis-centos7-level2
+ * cis/cis-rhel7-level1
+ * cis/cis-rhel7-level2
+ * cis/cis-ubuntu12.04lts-level1
+ * cis/cis-ubuntu12.04lts-level2
+ * cis/cis-ubuntu14.04lts-level1
+ * cis/cis-ubuntu14.04lts-level2
+```
+### Upload a profile to Chef Compliance / Automate
+```
+$ inspec compliance version
+Chef Compliance version: 1.0.11
+➜  inspec git:(chris-rock/cc-error-not-loggedin) ✗ b inspec compliance upload examples/profile
+I, [2016-05-06T14:27:20.907547 #37592]  INFO -- : Checking profile in examples/profile
+I, [2016-05-06T14:27:20.907668 #37592]  INFO -- : Metadata OK.
+I, [2016-05-06T14:27:20.968584 #37592]  INFO -- : Found 4 controls.
+I, [2016-05-06T14:27:20.968638 #37592]  INFO -- : Control definitions OK.
+Profile is valid
+Generate temporary profile archive at /var/folders/jy/2bnrfb4s36jbjtzllvhhyqhw0000gn/T/profile20160506-37592-1tf326f.tar.gz
+I, [2016-05-06T14:27:21.020017 #37592]  INFO -- : Generate archive /var/folders/jy/2bnrfb4s36jbjtzllvhhyqhw0000gn/T/profile20160506-37592-1tf326f.tar.gz.
+I, [2016-05-06T14:27:21.024837 #37592]  INFO -- : Finished archive generation.
+Start upload to admin/profile
+Uploading to Chef Compliance
+Successfully uploaded profile
+# display all profiles
+$ inspec compliance profiles
+Available profiles:
+-------------------
+ * admin/profile
+ * base/apache
+ * base/linux
+ * base/mysql
+ * base/postgres
+ * base/ssh
+ * base/windows
+ * cis/cis-centos6-level1
+ * cis/cis-centos6-level2
+ * cis/cis-centos7-level1
+ * cis/cis-centos7-level2
+ * cis/cis-rhel7-level1
+ * cis/cis-rhel7-level2
+ * cis/cis-ubuntu12.04lts-level1
+ * cis/cis-ubuntu12.04lts-level2
+ * cis/cis-ubuntu14.04lts-level1
+ * cis/cis-ubuntu14.04lts-level2
+```
+### Run a profile from Chef Compliance / Chef Automate on Workstation
+```
+$ inspec exec compliance://admin/profile
+.*...
+Pending: (Failures listed here are expected and do not affect your suite's status)
+  1) gordon_config Can't find file "/tmp/gordon/config.yaml"
+     # Not yet implemented
+     # ./lib/inspec/runner.rb:157
+Finished in 0.02862 seconds (files took 0.62628 seconds to load)
+5 examples, 0 failures, 1 pending
+```
+Exec a specific version(2.0.1) of a profile when logged in with Automate:
+```
+$ inspec exec compliance://admin/apache-baseline#2.0.1
+```
+Download a specific version(2.0.2) of a profile when logged in with Automate:
+```
+$ inspec compliance download compliance://admin/apache-baseline#2.0.2
+```
+### To Logout from Chef Compliance
+```
+$ inspec compliance logout
+Successfully logged out
+```
+## Integration Tests
+At this point of time, InSpec is not able to pick up the token directly, therefore the integration test is semi-automatic at this point of time:
+ * run `kitchen converge`
+ * open https://192.168.251.2 and log in with user `admin` and password `admin`
+ * click on user->about and obtain the access token and the refresh token
+ * run `kitchen verify` with the required env variables:
+```
+# both token need to be set, since the test suite runs for each token type
+export COMPLIANCE_ACCESSTOKEN='mycompliancetoken'
+export COMPLIANCE_REFRESHTOKEN='myrefreshtoken'
+kitchen verify
+-----> Starting Kitchen (v1.7.3)
+-----> Verifying <default-ubuntu-1404>...
+       Search `/Users/chartmann/Development/compliance/inspec/lib/bundles/inspec-compliance/test/integration/default` for tests
+..................................
+Finished in 6.35 seconds (files took 0.40949 seconds to load)
+34 examples, 0 failures
+       Finished verifying <default-ubuntu-1404> (0m6.62s).
+-----> Kitchen is finished. (0m7.02s)
+zlib(finalizer): the stream was freed prematurely.
+```

data/lib/bundles/inspec-compliance/api.rb CHANGED Viewed

@@ -1,316 +1,316 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-require 'net/http'
-require 'uri'
-require_relative 'api/login'
-module Compliance
-  class ServerConfigurationMissing < StandardError; end
-  # API Implementation does not hold any state by itself,
-  # everything will be stored in local Configuration store
-  class API
-    extend Compliance::API::Login
-    # return all compliance profiles available for the user
-    # the user is either specified in the options hash or by default
-    # the username of the account is used that is logged in
-    def self.profiles(config)
-      owner = config['owner'] || config['user']
-      # Chef Compliance
-      if is_compliance_server?(config)
-        url = "#{config['server']}/user/compliance"
-      # Chef Automate
-      elsif is_automate_server?(config)
-        url = "#{config['server']}/profiles/#{owner}"
-      else
-        raise ServerConfigurationMissing
-      end
-      headers = get_headers(config)
-      response = Compliance::HTTP.get(url, headers, config['insecure'])
-      data = response.body
-      response_code = response.code
-      case response_code
-      when '200'
-        msg = 'success'
-        profiles = JSON.parse(data)
-        # iterate over profiles
-        if is_compliance_server?(config)
-          mapped_profiles = []
-          profiles.values.each { |org|
-            mapped_profiles += org.values
-          }
-        # Chef Automate pre 0.8.0
-        elsif is_automate_server_pre_080?(config)
-          mapped_profiles = profiles.values.flatten
-        else
-          mapped_profiles = profiles.map { |e|
-            e['owner_id'] = owner
-            e
-          }
-        end
-        return msg, mapped_profiles
-      when '401'
-        msg = '401 Unauthorized. Please check your token.'
-        return msg, []
-      else
-        msg = "An unexpected error occurred (HTTP #{response_code}): #{response.message}"
-        return msg, []
-      end
-    end
-    # return the server api version
-    # NB this method does not use Compliance::Configuration to allow for using
-    # it before we know the version (e.g. oidc or not)
-    def self.version(config)
-      url = config['server']
-      insecure = config['insecure']
-      raise ServerConfigurationMissing if url.nil?
-      headers = get_headers(config)
-      response = Compliance::HTTP.get(url+'/version', headers, insecure)
-      return {} if response.code == '404'
-      data = response.body
-      return {} if data.nil? || data.empty?
-      parsed = JSON.parse(data)
-      return {} unless parsed.key?('version') && !parsed['version'].empty?
-      parsed
-    end
-    # verifies that a profile
-    def self.exist?(config, profile)
-      owner, id, ver = profile_split(profile)
-      # ensure that we do not manipulate the configuration object
-      user_config = config.dup
-      user_config['owner'] = owner
-      _msg, profiles = Compliance::API.profiles(user_config)
-      if !profiles.empty?
-        profiles.any? do |p|
-          p['owner_id'] == owner &&
-            p['name'] == id &&
-            (ver.nil? || p['version'] == ver)
-        end
-      else
-        false
-      end
-    end
-    def self.upload(config, owner, profile_name, archive_path)
-      # Chef Compliance
-      if is_compliance_server?(config)
-        url = "#{config['server']}/owners/#{owner}/compliance/#{profile_name}/tar"
-      # Chef Automate pre 0.8.0
-      elsif is_automate_server_pre_080?(config)
-        url = "#{config['server']}/#{owner}"
-      # Chef Automate
-      else
-        url = "#{config['server']}/profiles/#{owner}"
-      end
-      headers = get_headers(config)
-      res = Compliance::HTTP.post_file(url, headers, archive_path, config['insecure'])
-      [res.is_a?(Net::HTTPSuccess), res.body]
-    end
-    # Use username and refresh_token to get an API access token
-    def self.get_token_via_refresh_token(url, refresh_token, insecure)
-      uri = URI.parse("#{url}/login")
-      req = Net::HTTP::Post.new(uri.path)
-      req.body = { token: refresh_token }.to_json
-      access_token = nil
-      response = Compliance::HTTP.send_request(uri, req, insecure)
-      data = response.body
-      if response.code == '200'
-        begin
-          tokendata = JSON.parse(data)
-          access_token = tokendata['access_token']
-          msg = 'Successfully fetched API access token'
-          success = true
-        rescue JSON::ParserError => e
-          success = false
-          msg = e.message
-        end
-      else
-        success = false
-        msg = "Failed to authenticate to #{url} \n\
-  Response code: #{response.code}\n  Body: #{response.body}"
-      end
-      [success, msg, access_token]
-    end
-    # Use username and password to get an API access token
-    def self.get_token_via_password(url, username, password, insecure)
-      uri = URI.parse("#{url}/login")
-      req = Net::HTTP::Post.new(uri.path)
-      req.body = { userid: username, password: password }.to_json
-      access_token = nil
-      response = Compliance::HTTP.send_request(uri, req, insecure)
-      data = response.body
-      if response.code == '200'
-        access_token = data
-        msg = 'Successfully fetched an API access token valid for 12 hours'
-        success = true
-      else
-        success = false
-        msg = "Failed to authenticate to #{url} \n\
-  Response code: #{response.code}\n  Body: #{response.body}"
-      end
-      [success, msg, access_token]
-    end
-    def self.get_headers(config)
-      token = get_token(config)
-      if is_automate_server?(config)
-        headers = { 'chef-delivery-enterprise' => config['automate']['ent'] }
-        if config['automate']['token_type'] == 'dctoken'
-          headers['x-data-collector-token'] = token
-        else
-          headers['chef-delivery-user'] = config['user']
-          headers['chef-delivery-token'] = token
-        end
-      else
-        headers = { 'Authorization' => "Bearer #{token}" }
-      end
-      headers
-    end
-    def self.get_token(config)
-      return config['token'] unless config['refresh_token']
-      _success, _msg, token = get_token_via_refresh_token(config['server'], config['refresh_token'], config['insecure'])
-      token
-    end
-    def self.target_url(config, profile)
-      owner, id, ver = profile_split(profile)
-      return "#{config['server']}/owners/#{owner}/compliance/#{id}/tar" unless is_automate_server?(config)
-      if ver.nil?
-        "#{config['server']}/profiles/#{owner}/#{id}/tar"
-      else
-        "#{config['server']}/profiles/#{owner}/#{id}/version/#{ver}/tar"
-      end
-    end
-    def self.profile_split(profile)
-      owner, id = profile.split('/')
-      id, version = id.split('#')
-      [owner, id, version]
-    end
-    # returns a parsed url for `admin/profile` or `compliance://admin/profile`
-    def self.sanitize_profile_name(profile)
-      if URI(profile).scheme == 'compliance'
-        uri = URI(profile)
-      else
-        uri = URI("compliance://#{profile}")
-      end
-      uri.to_s.sub(%r{^compliance:\/\/}, '')
-    end
-    def self.is_compliance_server?(config)
-      config['server_type'] == 'compliance'
-    end
-    def self.is_automate_server_pre_080?(config)
-      # Automate versions before 0.8.x do not have a valid version in the config
-      return false unless config['server_type'] == 'automate'
-      server_version_from_config(config).nil?
-    end
-    def self.is_automate_server_080_and_later?(config)
-      # Automate versions 0.8.x and later will have a "version" key in the config
-      # that is properly parsed out via server_version_from_config below
-      return false unless config['server_type'] == 'automate'
-      !server_version_from_config(config).nil?
-    end
-    def self.is_automate_server?(config)
-      config['server_type'] == 'automate'
-    end
-    def self.server_version_from_config(config)
-      # Automate versions 0.8.x and later will have a "version" key in the config
-      # that looks like: "version":{"api":"compliance","version":"0.8.24"}
-      return nil unless config.key?('version')
-      return nil unless config['version'].is_a?(Hash)
-      config['version']['version']
-    end
-    def self.determine_server_type(url, insecure)
-      if target_is_automate_server?(url, insecure)
-        :automate
-      elsif target_is_compliance_server?(url, insecure)
-        :compliance
-      else
-        Inspec::Log.debug('Could not determine server type using known endpoints')
-        nil
-      end
-    end
-    def self.target_is_automate_server?(url, insecure)
-      automate_endpoint = '/compliance/version'
-      response = Compliance::HTTP.get(url + automate_endpoint, nil, insecure)
-      case response.code
-      when '401'
-        Inspec::Log.debug(
-          "Received 401 from #{url}#{automate_endpoint} - " \
-          'assuming target is a Chef Automate instance',
-        )
-        true
-      when '200'
-        # Chef Automate currently returns 401 for `/compliance/version` but some
-        # versions of OpsWorks Chef Automate return 200 and a Chef Manage page
-        # when unauthenticated requests are received.
-        if response.body.include?('Are You Looking For the Chef Server?')
-          Inspec::Log.debug(
-            "Received 200 from #{url}#{automate_endpoint} - " \
-            'assuming target is an OpsWorks Chef Automate instance',
-          )
-          true
-        else
-          Inspec::Log.debug(
-            "Received 200 from #{url}#{automate_endpoint} " \
-            'but did not receive the Chef Manage page - ' \
-            'assuming target is not a Chef Automate instance',
-          )
-          false
-        end
-      else
-        Inspec::Log.debug(
-          "Received unexpected status code #{response.code} " \
-          "from #{url}#{automate_endpoint} - " \
-          'assuming target is not a Chef Automate instance',
-        )
-        false
-      end
-    end
-    def self.target_is_compliance_server?(url, insecure)
-      # All versions of Chef Compliance return 200 for `/api/version`
-      compliance_endpoint = '/api/version'
-      response = Compliance::HTTP.get(url + compliance_endpoint, nil, insecure)
-      return false unless response.code == '200'
-      Inspec::Log.debug(
-        "Received 200 from #{url}#{compliance_endpoint} - " \
-        'assuming target is a Compliance server',
-      )
-      true
-    end
-  end
-end
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+require 'net/http'
+require 'uri'
+require_relative 'api/login'
+module Compliance
+  class ServerConfigurationMissing < StandardError; end
+  # API Implementation does not hold any state by itself,
+  # everything will be stored in local Configuration store
+  class API
+    extend Compliance::API::Login
+    # return all compliance profiles available for the user
+    # the user is either specified in the options hash or by default
+    # the username of the account is used that is logged in
+    def self.profiles(config)
+      owner = config['owner'] || config['user']
+      # Chef Compliance
+      if is_compliance_server?(config)
+        url = "#{config['server']}/user/compliance"
+      # Chef Automate
+      elsif is_automate_server?(config)
+        url = "#{config['server']}/profiles/#{owner}"
+      else
+        raise ServerConfigurationMissing
+      end
+      headers = get_headers(config)
+      response = Compliance::HTTP.get(url, headers, config['insecure'])
+      data = response.body
+      response_code = response.code
+      case response_code
+      when '200'
+        msg = 'success'
+        profiles = JSON.parse(data)
+        # iterate over profiles
+        if is_compliance_server?(config)
+          mapped_profiles = []
+          profiles.values.each { |org|
+            mapped_profiles += org.values
+          }
+        # Chef Automate pre 0.8.0
+        elsif is_automate_server_pre_080?(config)
+          mapped_profiles = profiles.values.flatten
+        else
+          mapped_profiles = profiles.map { |e|
+            e['owner_id'] = owner
+            e
+          }
+        end
+        return msg, mapped_profiles
+      when '401'
+        msg = '401 Unauthorized. Please check your token.'
+        return msg, []
+      else
+        msg = "An unexpected error occurred (HTTP #{response_code}): #{response.message}"
+        return msg, []
+      end
+    end
+    # return the server api version
+    # NB this method does not use Compliance::Configuration to allow for using
+    # it before we know the version (e.g. oidc or not)
+    def self.version(config)
+      url = config['server']
+      insecure = config['insecure']
+      raise ServerConfigurationMissing if url.nil?
+      headers = get_headers(config)
+      response = Compliance::HTTP.get(url+'/version', headers, insecure)
+      return {} if response.code == '404'
+      data = response.body
+      return {} if data.nil? || data.empty?
+      parsed = JSON.parse(data)
+      return {} unless parsed.key?('version') && !parsed['version'].empty?
+      parsed
+    end
+    # verifies that a profile
+    def self.exist?(config, profile)
+      owner, id, ver = profile_split(profile)
+      # ensure that we do not manipulate the configuration object
+      user_config = config.dup
+      user_config['owner'] = owner
+      _msg, profiles = Compliance::API.profiles(user_config)
+      if !profiles.empty?
+        profiles.any? do |p|
+          p['owner_id'] == owner &&
+            p['name'] == id &&
+            (ver.nil? || p['version'] == ver)
+        end
+      else
+        false
+      end
+    end
+    def self.upload(config, owner, profile_name, archive_path)
+      # Chef Compliance
+      if is_compliance_server?(config)
+        url = "#{config['server']}/owners/#{owner}/compliance/#{profile_name}/tar"
+      # Chef Automate pre 0.8.0
+      elsif is_automate_server_pre_080?(config)
+        url = "#{config['server']}/#{owner}"
+      # Chef Automate
+      else
+        url = "#{config['server']}/profiles/#{owner}"
+      end
+      headers = get_headers(config)
+      res = Compliance::HTTP.post_file(url, headers, archive_path, config['insecure'])
+      [res.is_a?(Net::HTTPSuccess), res.body]
+    end
+    # Use username and refresh_token to get an API access token
+    def self.get_token_via_refresh_token(url, refresh_token, insecure)
+      uri = URI.parse("#{url}/login")
+      req = Net::HTTP::Post.new(uri.path)
+      req.body = { token: refresh_token }.to_json
+      access_token = nil
+      response = Compliance::HTTP.send_request(uri, req, insecure)
+      data = response.body
+      if response.code == '200'
+        begin
+          tokendata = JSON.parse(data)
+          access_token = tokendata['access_token']
+          msg = 'Successfully fetched API access token'
+          success = true
+        rescue JSON::ParserError => e
+          success = false
+          msg = e.message
+        end
+      else
+        success = false
+        msg = "Failed to authenticate to #{url} \n\
+  Response code: #{response.code}\n  Body: #{response.body}"
+      end
+      [success, msg, access_token]
+    end
+    # Use username and password to get an API access token
+    def self.get_token_via_password(url, username, password, insecure)
+      uri = URI.parse("#{url}/login")
+      req = Net::HTTP::Post.new(uri.path)
+      req.body = { userid: username, password: password }.to_json
+      access_token = nil
+      response = Compliance::HTTP.send_request(uri, req, insecure)
+      data = response.body
+      if response.code == '200'
+        access_token = data
+        msg = 'Successfully fetched an API access token valid for 12 hours'
+        success = true
+      else
+        success = false
+        msg = "Failed to authenticate to #{url} \n\
+  Response code: #{response.code}\n  Body: #{response.body}"
+      end
+      [success, msg, access_token]
+    end
+    def self.get_headers(config)
+      token = get_token(config)
+      if is_automate_server?(config)
+        headers = { 'chef-delivery-enterprise' => config['automate']['ent'] }
+        if config['automate']['token_type'] == 'dctoken'
+          headers['x-data-collector-token'] = token
+        else
+          headers['chef-delivery-user'] = config['user']
+          headers['chef-delivery-token'] = token
+        end
+      else
+        headers = { 'Authorization' => "Bearer #{token}" }
+      end
+      headers
+    end
+    def self.get_token(config)
+      return config['token'] unless config['refresh_token']
+      _success, _msg, token = get_token_via_refresh_token(config['server'], config['refresh_token'], config['insecure'])
+      token
+    end
+    def self.target_url(config, profile)
+      owner, id, ver = profile_split(profile)
+      return "#{config['server']}/owners/#{owner}/compliance/#{id}/tar" unless is_automate_server?(config)
+      if ver.nil?
+        "#{config['server']}/profiles/#{owner}/#{id}/tar"
+      else
+        "#{config['server']}/profiles/#{owner}/#{id}/version/#{ver}/tar"
+      end
+    end
+    def self.profile_split(profile)
+      owner, id = profile.split('/')
+      id, version = id.split('#')
+      [owner, id, version]
+    end
+    # returns a parsed url for `admin/profile` or `compliance://admin/profile`
+    def self.sanitize_profile_name(profile)
+      if URI(profile).scheme == 'compliance'
+        uri = URI(profile)
+      else
+        uri = URI("compliance://#{profile}")
+      end
+      uri.to_s.sub(%r{^compliance:\/\/}, '')
+    end
+    def self.is_compliance_server?(config)
+      config['server_type'] == 'compliance'
+    end
+    def self.is_automate_server_pre_080?(config)
+      # Automate versions before 0.8.x do not have a valid version in the config
+      return false unless config['server_type'] == 'automate'
+      server_version_from_config(config).nil?
+    end
+    def self.is_automate_server_080_and_later?(config)
+      # Automate versions 0.8.x and later will have a "version" key in the config
+      # that is properly parsed out via server_version_from_config below
+      return false unless config['server_type'] == 'automate'
+      !server_version_from_config(config).nil?
+    end
+    def self.is_automate_server?(config)
+      config['server_type'] == 'automate'
+    end
+    def self.server_version_from_config(config)
+      # Automate versions 0.8.x and later will have a "version" key in the config
+      # that looks like: "version":{"api":"compliance","version":"0.8.24"}
+      return nil unless config.key?('version')
+      return nil unless config['version'].is_a?(Hash)
+      config['version']['version']
+    end
+    def self.determine_server_type(url, insecure)
+      if target_is_automate_server?(url, insecure)
+        :automate
+      elsif target_is_compliance_server?(url, insecure)
+        :compliance
+      else
+        Inspec::Log.debug('Could not determine server type using known endpoints')
+        nil
+      end
+    end
+    def self.target_is_automate_server?(url, insecure)
+      automate_endpoint = '/compliance/version'
+      response = Compliance::HTTP.get(url + automate_endpoint, nil, insecure)
+      case response.code
+      when '401'
+        Inspec::Log.debug(
+          "Received 401 from #{url}#{automate_endpoint} - " \
+          'assuming target is a Chef Automate instance',
+        )
+        true
+      when '200'
+        # Chef Automate currently returns 401 for `/compliance/version` but some
+        # versions of OpsWorks Chef Automate return 200 and a Chef Manage page
+        # when unauthenticated requests are received.
+        if response.body.include?('Are You Looking For the Chef Server?')
+          Inspec::Log.debug(
+            "Received 200 from #{url}#{automate_endpoint} - " \
+            'assuming target is an OpsWorks Chef Automate instance',
+          )
+          true
+        else
+          Inspec::Log.debug(
+            "Received 200 from #{url}#{automate_endpoint} " \
+            'but did not receive the Chef Manage page - ' \
+            'assuming target is not a Chef Automate instance',
+          )
+          false
+        end
+      else
+        Inspec::Log.debug(
+          "Received unexpected status code #{response.code} " \
+          "from #{url}#{automate_endpoint} - " \
+          'assuming target is not a Chef Automate instance',
+        )
+        false
+      end
+    end
+    def self.target_is_compliance_server?(url, insecure)
+      # All versions of Chef Compliance return 200 for `/api/version`
+      compliance_endpoint = '/api/version'
+      response = Compliance::HTTP.get(url + compliance_endpoint, nil, insecure)
+      return false unless response.code == '200'
+      Inspec::Log.debug(
+        "Received 200 from #{url}#{compliance_endpoint} - " \
+        'assuming target is a Compliance server',
+      )
+      true
+    end
+  end
+end