inspec 2.1.0 → 2.1.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +101 -101
- data/CHANGELOG.md +3024 -3004
- data/Gemfile +55 -55
- data/LICENSE +14 -14
- data/MAINTAINERS.md +33 -33
- data/MAINTAINERS.toml +52 -52
- data/README.md +447 -446
- data/Rakefile +322 -322
- data/bin/inspec +12 -12
- data/docs/.gitignore +2 -2
- data/docs/README.md +40 -40
- data/docs/dsl_inspec.md +258 -258
- data/docs/dsl_resource.md +100 -93
- data/docs/glossary.md +99 -99
- data/docs/habitat.md +191 -191
- data/docs/inspec_and_friends.md +114 -114
- data/docs/matchers.md +169 -169
- data/docs/migration.md +293 -293
- data/docs/platforms.md +118 -118
- data/docs/plugin_kitchen_inspec.md +50 -50
- data/docs/profiles.md +376 -376
- data/docs/reporters.md +105 -105
- data/docs/resources/aide_conf.md.erb +75 -75
- data/docs/resources/apache.md.erb +67 -67
- data/docs/resources/apache_conf.md.erb +68 -68
- data/docs/resources/apt.md.erb +71 -71
- data/docs/resources/audit_policy.md.erb +47 -47
- data/docs/resources/auditd.md.erb +79 -79
- data/docs/resources/auditd_conf.md.erb +68 -68
- data/docs/resources/aws_cloudtrail_trail.md.erb +140 -140
- data/docs/resources/aws_cloudtrail_trails.md.erb +81 -81
- data/docs/resources/aws_cloudwatch_alarm.md.erb +86 -86
- data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +151 -151
- data/docs/resources/aws_config_recorder.md.erb +71 -71
- data/docs/resources/aws_ec2_instance.md.erb +106 -106
- data/docs/resources/aws_iam_access_key.md.erb +123 -123
- data/docs/resources/aws_iam_access_keys.md.erb +198 -198
- data/docs/resources/aws_iam_group.md.erb +46 -46
- data/docs/resources/aws_iam_groups.md.erb +43 -43
- data/docs/resources/aws_iam_password_policy.md.erb +76 -76
- data/docs/resources/aws_iam_policies.md.erb +82 -82
- data/docs/resources/aws_iam_policy.md.erb +144 -144
- data/docs/resources/aws_iam_role.md.erb +63 -63
- data/docs/resources/aws_iam_root_user.md.erb +58 -58
- data/docs/resources/aws_iam_user.md.erb +64 -64
- data/docs/resources/aws_iam_users.md.erb +89 -89
- data/docs/resources/aws_kms_keys.md.erb +84 -84
- data/docs/resources/aws_route_table.md.erb +47 -47
- data/docs/resources/aws_s3_bucket.md.erb +134 -134
- data/docs/resources/aws_s3_bucket_object.md.erb +83 -0
- data/docs/resources/aws_security_group.md.erb +151 -151
- data/docs/resources/aws_security_groups.md.erb +91 -91
- data/docs/resources/aws_sns_subscription.md.erb +125 -0
- data/docs/resources/aws_sns_topic.md.erb +63 -63
- data/docs/resources/aws_sns_topics.md.erb +52 -0
- data/docs/resources/aws_subnet.md.erb +134 -134
- data/docs/resources/aws_subnets.md.erb +126 -126
- data/docs/resources/aws_vpc.md.erb +120 -120
- data/docs/resources/aws_vpcs.md.erb +48 -48
- data/docs/resources/azure_generic_resource.md.erb +171 -171
- data/docs/resources/azure_resource_group.md.erb +284 -284
- data/docs/resources/azure_virtual_machine.md.erb +347 -347
- data/docs/resources/azure_virtual_machine_data_disk.md.erb +224 -224
- data/docs/resources/bash.md.erb +75 -75
- data/docs/resources/bond.md.erb +90 -90
- data/docs/resources/bridge.md.erb +57 -57
- data/docs/resources/bsd_service.md.erb +67 -67
- data/docs/resources/command.md.erb +138 -138
- data/docs/resources/cpan.md.erb +79 -79
- data/docs/resources/cran.md.erb +64 -64
- data/docs/resources/crontab.md.erb +89 -89
- data/docs/resources/csv.md.erb +54 -54
- data/docs/resources/dh_params.md.erb +205 -205
- data/docs/resources/directory.md.erb +30 -30
- data/docs/resources/docker.md.erb +219 -219
- data/docs/resources/docker_container.md.erb +103 -103
- data/docs/resources/docker_image.md.erb +94 -94
- data/docs/resources/docker_service.md.erb +114 -114
- data/docs/resources/elasticsearch.md.erb +242 -242
- data/docs/resources/etc_fstab.md.erb +125 -125
- data/docs/resources/etc_group.md.erb +75 -75
- data/docs/resources/etc_hosts.md.erb +78 -78
- data/docs/resources/etc_hosts_allow.md.erb +74 -74
- data/docs/resources/etc_hosts_deny.md.erb +74 -74
- data/docs/resources/file.md.erb +526 -526
- data/docs/resources/filesystem.md.erb +41 -41
- data/docs/resources/firewalld.md.erb +107 -107
- data/docs/resources/gem.md.erb +79 -79
- data/docs/resources/group.md.erb +61 -61
- data/docs/resources/grub_conf.md.erb +101 -101
- data/docs/resources/host.md.erb +86 -86
- data/docs/resources/http.md.erb +196 -196
- data/docs/resources/iis_app.md.erb +122 -122
- data/docs/resources/iis_site.md.erb +135 -135
- data/docs/resources/inetd_conf.md.erb +94 -94
- data/docs/resources/ini.md.erb +76 -76
- data/docs/resources/interface.md.erb +58 -58
- data/docs/resources/iptables.md.erb +64 -64
- data/docs/resources/json.md.erb +63 -63
- data/docs/resources/kernel_module.md.erb +120 -120
- data/docs/resources/kernel_parameter.md.erb +53 -53
- data/docs/resources/key_rsa.md.erb +85 -85
- data/docs/resources/launchd_service.md.erb +57 -57
- data/docs/resources/limits_conf.md.erb +75 -75
- data/docs/resources/{login_def.md.erb → login_defs.md.erb} +71 -71
- data/docs/resources/mount.md.erb +69 -69
- data/docs/resources/mssql_session.md.erb +60 -60
- data/docs/resources/mysql_conf.md.erb +99 -99
- data/docs/resources/mysql_session.md.erb +74 -74
- data/docs/resources/nginx.md.erb +79 -79
- data/docs/resources/nginx_conf.md.erb +138 -128
- data/docs/resources/npm.md.erb +60 -60
- data/docs/resources/ntp_conf.md.erb +60 -60
- data/docs/resources/oneget.md.erb +53 -53
- data/docs/resources/oracledb_session.md.erb +52 -52
- data/docs/resources/os.md.erb +141 -141
- data/docs/resources/os_env.md.erb +78 -78
- data/docs/resources/package.md.erb +120 -120
- data/docs/resources/packages.md.erb +67 -67
- data/docs/resources/parse_config.md.erb +103 -103
- data/docs/resources/parse_config_file.md.erb +138 -138
- data/docs/resources/passwd.md.erb +141 -141
- data/docs/resources/pip.md.erb +67 -67
- data/docs/resources/port.md.erb +137 -137
- data/docs/resources/postgres_conf.md.erb +79 -79
- data/docs/resources/postgres_hba_conf.md.erb +93 -93
- data/docs/resources/postgres_ident_conf.md.erb +76 -76
- data/docs/resources/postgres_session.md.erb +69 -69
- data/docs/resources/powershell.md.erb +102 -102
- data/docs/resources/processes.md.erb +109 -109
- data/docs/resources/rabbitmq_config.md.erb +41 -41
- data/docs/resources/registry_key.md.erb +158 -158
- data/docs/resources/runit_service.md.erb +57 -57
- data/docs/resources/security_policy.md.erb +47 -47
- data/docs/resources/service.md.erb +121 -121
- data/docs/resources/shadow.md.erb +146 -146
- data/docs/resources/ssh_config.md.erb +73 -80
- data/docs/resources/sshd_config.md.erb +83 -83
- data/docs/resources/ssl.md.erb +119 -119
- data/docs/resources/sys_info.md.erb +42 -42
- data/docs/resources/systemd_service.md.erb +57 -57
- data/docs/resources/sysv_service.md.erb +57 -57
- data/docs/resources/upstart_service.md.erb +57 -57
- data/docs/resources/user.md.erb +140 -140
- data/docs/resources/users.md.erb +127 -127
- data/docs/resources/vbscript.md.erb +55 -55
- data/docs/resources/virtualization.md.erb +57 -57
- data/docs/resources/windows_feature.md.erb +47 -47
- data/docs/resources/windows_hotfix.md.erb +53 -53
- data/docs/resources/windows_task.md.erb +95 -95
- data/docs/resources/wmi.md.erb +81 -81
- data/docs/resources/x509_certificate.md.erb +151 -151
- data/docs/resources/xinetd_conf.md.erb +156 -156
- data/docs/resources/xml.md.erb +85 -85
- data/docs/resources/yaml.md.erb +69 -69
- data/docs/resources/yum.md.erb +98 -98
- data/docs/resources/zfs_dataset.md.erb +53 -53
- data/docs/resources/zfs_pool.md.erb +47 -47
- data/docs/ruby_usage.md +203 -203
- data/docs/shared/matcher_be.md.erb +1 -1
- data/docs/shared/matcher_cmp.md.erb +43 -43
- data/docs/shared/matcher_eq.md.erb +3 -3
- data/docs/shared/matcher_include.md.erb +1 -1
- data/docs/shared/matcher_match.md.erb +1 -1
- data/docs/shell.md +217 -217
- data/examples/README.md +8 -8
- data/examples/inheritance/README.md +65 -65
- data/examples/inheritance/controls/example.rb +14 -14
- data/examples/inheritance/inspec.yml +15 -15
- data/examples/kitchen-ansible/.kitchen.yml +25 -25
- data/examples/kitchen-ansible/Gemfile +19 -19
- data/examples/kitchen-ansible/README.md +53 -53
- data/examples/kitchen-ansible/files/nginx.repo +6 -6
- data/examples/kitchen-ansible/tasks/main.yml +16 -16
- data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
- data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-chef/.kitchen.yml +20 -20
- data/examples/kitchen-chef/Berksfile +3 -3
- data/examples/kitchen-chef/Gemfile +19 -19
- data/examples/kitchen-chef/README.md +27 -27
- data/examples/kitchen-chef/metadata.rb +7 -7
- data/examples/kitchen-chef/recipes/default.rb +6 -6
- data/examples/kitchen-chef/recipes/nginx.rb +30 -30
- data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-puppet/.kitchen.yml +22 -22
- data/examples/kitchen-puppet/Gemfile +20 -20
- data/examples/kitchen-puppet/Puppetfile +25 -25
- data/examples/kitchen-puppet/README.md +53 -53
- data/examples/kitchen-puppet/manifests/site.pp +33 -33
- data/examples/kitchen-puppet/metadata.json +11 -11
- data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
- data/examples/meta-profile/README.md +37 -37
- data/examples/meta-profile/controls/example.rb +13 -13
- data/examples/meta-profile/inspec.yml +13 -13
- data/examples/profile-attribute.yml +2 -2
- data/examples/profile-attribute/README.md +14 -14
- data/examples/profile-attribute/controls/example.rb +11 -11
- data/examples/profile-attribute/inspec.yml +8 -8
- data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -8
- data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -8
- data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -8
- data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -8
- data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -8
- data/examples/profile-aws/inspec.yml +11 -11
- data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -24
- data/examples/profile-azure/controls/azure_vm_example.rb +29 -29
- data/examples/profile-azure/inspec.yml +11 -11
- data/examples/profile-sensitive/README.md +29 -29
- data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
- data/examples/profile-sensitive/controls/sensitive.rb +9 -9
- data/examples/profile-sensitive/inspec.yml +8 -8
- data/examples/profile/README.md +48 -48
- data/examples/profile/controls/example.rb +23 -23
- data/examples/profile/controls/gordon.rb +36 -36
- data/examples/profile/controls/meta.rb +34 -34
- data/examples/profile/inspec.yml +10 -10
- data/examples/profile/libraries/gordon_config.rb +53 -53
- data/inspec.gemspec +47 -47
- data/lib/bundles/README.md +3 -3
- data/lib/bundles/inspec-artifact.rb +7 -7
- data/lib/bundles/inspec-artifact/README.md +1 -1
- data/lib/bundles/inspec-artifact/cli.rb +277 -277
- data/lib/bundles/inspec-compliance.rb +16 -16
- data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
- data/lib/bundles/inspec-compliance/README.md +185 -185
- data/lib/bundles/inspec-compliance/api.rb +316 -316
- data/lib/bundles/inspec-compliance/api/login.rb +152 -152
- data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
- data/lib/bundles/inspec-compliance/cli.rb +254 -254
- data/lib/bundles/inspec-compliance/configuration.rb +103 -103
- data/lib/bundles/inspec-compliance/http.rb +86 -86
- data/lib/bundles/inspec-compliance/support.rb +36 -36
- data/lib/bundles/inspec-compliance/target.rb +98 -98
- data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
- data/lib/bundles/inspec-habitat.rb +12 -12
- data/lib/bundles/inspec-habitat/cli.rb +36 -36
- data/lib/bundles/inspec-habitat/log.rb +10 -10
- data/lib/bundles/inspec-habitat/profile.rb +390 -390
- data/lib/bundles/inspec-init.rb +8 -8
- data/lib/bundles/inspec-init/README.md +31 -31
- data/lib/bundles/inspec-init/cli.rb +97 -97
- data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
- data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
- data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
- data/lib/bundles/inspec-supermarket.rb +13 -13
- data/lib/bundles/inspec-supermarket/README.md +45 -45
- data/lib/bundles/inspec-supermarket/api.rb +84 -84
- data/lib/bundles/inspec-supermarket/cli.rb +73 -73
- data/lib/bundles/inspec-supermarket/target.rb +34 -34
- data/lib/fetchers/git.rb +163 -163
- data/lib/fetchers/local.rb +74 -74
- data/lib/fetchers/mock.rb +35 -35
- data/lib/fetchers/url.rb +204 -204
- data/lib/inspec.rb +24 -24
- data/lib/inspec/archive/tar.rb +29 -29
- data/lib/inspec/archive/zip.rb +19 -19
- data/lib/inspec/backend.rb +93 -93
- data/lib/inspec/base_cli.rb +357 -355
- data/lib/inspec/cached_fetcher.rb +66 -66
- data/lib/inspec/cli.rb +292 -292
- data/lib/inspec/completions/bash.sh.erb +45 -45
- data/lib/inspec/completions/fish.sh.erb +34 -34
- data/lib/inspec/completions/zsh.sh.erb +61 -61
- data/lib/inspec/control_eval_context.rb +179 -179
- data/lib/inspec/dependencies/cache.rb +72 -72
- data/lib/inspec/dependencies/dependency_set.rb +92 -92
- data/lib/inspec/dependencies/lockfile.rb +115 -115
- data/lib/inspec/dependencies/requirement.rb +123 -123
- data/lib/inspec/dependencies/resolver.rb +86 -86
- data/lib/inspec/describe.rb +27 -27
- data/lib/inspec/dsl.rb +66 -66
- data/lib/inspec/dsl_shared.rb +33 -33
- data/lib/inspec/env_printer.rb +157 -157
- data/lib/inspec/errors.rb +13 -13
- data/lib/inspec/exceptions.rb +12 -12
- data/lib/inspec/expect.rb +45 -45
- data/lib/inspec/fetcher.rb +45 -45
- data/lib/inspec/file_provider.rb +275 -275
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +250 -250
- data/lib/inspec/formatters/json_rspec.rb +20 -20
- data/lib/inspec/formatters/show_progress.rb +12 -12
- data/lib/inspec/library_eval_context.rb +58 -58
- data/lib/inspec/log.rb +11 -11
- data/lib/inspec/metadata.rb +247 -247
- data/lib/inspec/method_source.rb +24 -24
- data/lib/inspec/objects.rb +14 -14
- data/lib/inspec/objects/attribute.rb +65 -65
- data/lib/inspec/objects/control.rb +61 -61
- data/lib/inspec/objects/describe.rb +92 -92
- data/lib/inspec/objects/each_loop.rb +36 -36
- data/lib/inspec/objects/list.rb +15 -15
- data/lib/inspec/objects/or_test.rb +40 -40
- data/lib/inspec/objects/ruby_helper.rb +15 -15
- data/lib/inspec/objects/tag.rb +27 -27
- data/lib/inspec/objects/test.rb +87 -87
- data/lib/inspec/objects/value.rb +27 -27
- data/lib/inspec/plugins.rb +60 -60
- data/lib/inspec/plugins/cli.rb +24 -24
- data/lib/inspec/plugins/fetcher.rb +86 -86
- data/lib/inspec/plugins/resource.rb +135 -135
- data/lib/inspec/plugins/secret.rb +15 -15
- data/lib/inspec/plugins/source_reader.rb +40 -40
- data/lib/inspec/polyfill.rb +12 -12
- data/lib/inspec/profile.rb +510 -510
- data/lib/inspec/profile_context.rb +207 -207
- data/lib/inspec/profile_vendor.rb +66 -66
- data/lib/inspec/reporters.rb +54 -54
- data/lib/inspec/reporters/base.rb +24 -24
- data/lib/inspec/reporters/cli.rb +356 -356
- data/lib/inspec/reporters/json.rb +116 -116
- data/lib/inspec/reporters/json_min.rb +48 -48
- data/lib/inspec/reporters/junit.rb +77 -77
- data/lib/inspec/require_loader.rb +33 -33
- data/lib/inspec/resource.rb +186 -186
- data/lib/inspec/rule.rb +266 -266
- data/lib/inspec/runner.rb +345 -345
- data/lib/inspec/runner_mock.rb +41 -41
- data/lib/inspec/runner_rspec.rb +175 -175
- data/lib/inspec/runtime_profile.rb +26 -26
- data/lib/inspec/schema.rb +213 -213
- data/lib/inspec/secrets.rb +19 -19
- data/lib/inspec/secrets/yaml.rb +30 -30
- data/lib/inspec/shell.rb +220 -220
- data/lib/inspec/shell_detector.rb +90 -90
- data/lib/inspec/source_reader.rb +29 -29
- data/lib/inspec/version.rb +8 -8
- data/lib/matchers/matchers.rb +339 -339
- data/lib/resource_support/aws.rb +44 -41
- data/lib/resource_support/aws/aws_backend_base.rb +12 -12
- data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -12
- data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -21
- data/lib/resource_support/aws/aws_resource_mixin.rb +66 -66
- data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -24
- data/lib/resources/aide_conf.rb +151 -159
- data/lib/resources/apache.rb +48 -48
- data/lib/resources/apache_conf.rb +149 -156
- data/lib/resources/apt.rb +149 -149
- data/lib/resources/audit_policy.rb +63 -63
- data/lib/resources/auditd.rb +231 -231
- data/lib/resources/auditd_conf.rb +46 -55
- data/lib/resources/aws/aws_cloudtrail_trail.rb +77 -77
- data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -47
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -62
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -100
- data/lib/resources/aws/aws_config_recorder.rb +98 -98
- data/lib/resources/aws/aws_ec2_instance.rb +157 -157
- data/lib/resources/aws/aws_iam_access_key.rb +106 -106
- data/lib/resources/aws/aws_iam_access_keys.rb +149 -149
- data/lib/resources/aws/aws_iam_group.rb +56 -56
- data/lib/resources/aws/aws_iam_groups.rb +52 -52
- data/lib/resources/aws/aws_iam_password_policy.rb +116 -116
- data/lib/resources/aws/aws_iam_policies.rb +53 -53
- data/lib/resources/aws/aws_iam_policy.rb +125 -125
- data/lib/resources/aws/aws_iam_role.rb +51 -51
- data/lib/resources/aws/aws_iam_root_user.rb +60 -60
- data/lib/resources/aws/aws_iam_user.rb +111 -111
- data/lib/resources/aws/aws_iam_users.rb +108 -108
- data/lib/resources/aws/aws_kms_keys.rb +53 -53
- data/lib/resources/aws/aws_route_table.rb +61 -61
- data/lib/resources/aws/aws_s3_bucket.rb +115 -115
- data/lib/resources/aws/aws_s3_bucket_object.rb +82 -0
- data/lib/resources/aws/aws_security_group.rb +93 -93
- data/lib/resources/aws/aws_security_groups.rb +68 -68
- data/lib/resources/aws/aws_sns_subscription.rb +78 -0
- data/lib/resources/aws/aws_sns_topic.rb +53 -53
- data/lib/resources/aws/aws_sns_topics.rb +56 -0
- data/lib/resources/aws/aws_subnet.rb +88 -88
- data/lib/resources/aws/aws_subnets.rb +53 -53
- data/lib/resources/aws/aws_vpc.rb +69 -69
- data/lib/resources/aws/aws_vpcs.rb +45 -45
- data/lib/resources/azure/azure_backend.rb +377 -377
- data/lib/resources/azure/azure_generic_resource.rb +59 -59
- data/lib/resources/azure/azure_resource_group.rb +152 -152
- data/lib/resources/azure/azure_virtual_machine.rb +264 -264
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +136 -136
- data/lib/resources/bash.rb +35 -35
- data/lib/resources/bond.rb +69 -68
- data/lib/resources/bridge.rb +122 -122
- data/lib/resources/command.rb +73 -73
- data/lib/resources/cpan.rb +58 -58
- data/lib/resources/cran.rb +64 -64
- data/lib/resources/crontab.rb +169 -169
- data/lib/resources/csv.rb +56 -60
- data/lib/resources/dh_params.rb +77 -82
- data/lib/resources/directory.rb +25 -25
- data/lib/resources/docker.rb +236 -236
- data/lib/resources/docker_container.rb +89 -89
- data/lib/resources/docker_image.rb +83 -83
- data/lib/resources/docker_object.rb +57 -57
- data/lib/resources/docker_service.rb +90 -90
- data/lib/resources/elasticsearch.rb +169 -169
- data/lib/resources/etc_fstab.rb +94 -101
- data/lib/resources/etc_group.rb +152 -152
- data/lib/resources/etc_hosts.rb +66 -82
- data/lib/resources/etc_hosts_allow_deny.rb +112 -122
- data/lib/resources/file.rb +298 -298
- data/lib/resources/filesystem.rb +31 -31
- data/lib/resources/firewalld.rb +143 -143
- data/lib/resources/gem.rb +70 -70
- data/lib/resources/groups.rb +215 -215
- data/lib/resources/grub_conf.rb +227 -237
- data/lib/resources/host.rb +306 -306
- data/lib/resources/http.rb +251 -251
- data/lib/resources/iis_app.rb +101 -101
- data/lib/resources/iis_site.rb +148 -148
- data/lib/resources/inetd_conf.rb +54 -62
- data/lib/resources/ini.rb +29 -29
- data/lib/resources/interface.rb +129 -129
- data/lib/resources/iptables.rb +80 -80
- data/lib/resources/json.rb +107 -117
- data/lib/resources/kernel_module.rb +107 -107
- data/lib/resources/kernel_parameter.rb +58 -58
- data/lib/resources/key_rsa.rb +61 -67
- data/lib/resources/limits_conf.rb +46 -55
- data/lib/resources/login_def.rb +57 -66
- data/lib/resources/mount.rb +88 -88
- data/lib/resources/mssql_session.rb +101 -101
- data/lib/resources/mysql.rb +81 -81
- data/lib/resources/mysql_conf.rb +127 -134
- data/lib/resources/mysql_session.rb +85 -85
- data/lib/resources/nginx.rb +96 -96
- data/lib/resources/nginx_conf.rb +226 -227
- data/lib/resources/npm.rb +48 -48
- data/lib/resources/ntp_conf.rb +51 -58
- data/lib/resources/oneget.rb +71 -71
- data/lib/resources/oracledb_session.rb +139 -139
- data/lib/resources/os.rb +36 -36
- data/lib/resources/os_env.rb +76 -76
- data/lib/resources/package.rb +370 -370
- data/lib/resources/packages.rb +111 -111
- data/lib/resources/parse_config.rb +112 -116
- data/lib/resources/passwd.rb +76 -74
- data/lib/resources/pip.rb +89 -89
- data/lib/resources/platform.rb +109 -109
- data/lib/resources/port.rb +771 -771
- data/lib/resources/postgres.rb +130 -130
- data/lib/resources/postgres_conf.rb +114 -121
- data/lib/resources/postgres_hba_conf.rb +90 -99
- data/lib/resources/postgres_ident_conf.rb +79 -76
- data/lib/resources/postgres_session.rb +71 -71
- data/lib/resources/powershell.rb +53 -53
- data/lib/resources/processes.rb +204 -204
- data/lib/resources/rabbitmq_conf.rb +51 -52
- data/lib/resources/registry_key.rb +296 -296
- data/lib/resources/security_policy.rb +180 -180
- data/lib/resources/service.rb +790 -789
- data/lib/resources/shadow.rb +149 -146
- data/lib/resources/ssh_conf.rb +97 -102
- data/lib/resources/ssl.rb +99 -99
- data/lib/resources/sys_info.rb +28 -28
- data/lib/resources/toml.rb +32 -32
- data/lib/resources/users.rb +654 -654
- data/lib/resources/vbscript.rb +68 -68
- data/lib/resources/virtualization.rb +247 -247
- data/lib/resources/windows_feature.rb +84 -84
- data/lib/resources/windows_hotfix.rb +35 -35
- data/lib/resources/windows_task.rb +102 -102
- data/lib/resources/wmi.rb +110 -110
- data/lib/resources/x509_certificate.rb +137 -143
- data/lib/resources/xinetd.rb +106 -111
- data/lib/resources/xml.rb +46 -46
- data/lib/resources/yaml.rb +43 -47
- data/lib/resources/yum.rb +180 -180
- data/lib/resources/zfs_dataset.rb +60 -60
- data/lib/resources/zfs_pool.rb +49 -49
- data/lib/source_readers/flat.rb +39 -39
- data/lib/source_readers/inspec.rb +75 -75
- data/lib/utils/command_wrapper.rb +27 -27
- data/lib/utils/convert.rb +12 -12
- data/lib/utils/database_helpers.rb +77 -77
- data/lib/utils/erlang_parser.rb +192 -192
- data/lib/utils/file_reader.rb +25 -0
- data/lib/utils/filter.rb +272 -272
- data/lib/utils/filter_array.rb +27 -27
- data/lib/utils/find_files.rb +44 -44
- data/lib/utils/hash.rb +41 -41
- data/lib/utils/json_log.rb +18 -18
- data/lib/utils/latest_version.rb +22 -22
- data/lib/utils/modulator.rb +12 -12
- data/lib/utils/nginx_parser.rb +85 -85
- data/lib/utils/object_traversal.rb +49 -49
- data/lib/utils/parser.rb +274 -274
- data/lib/utils/plugin_registry.rb +93 -93
- data/lib/utils/simpleconfig.rb +120 -120
- data/lib/utils/spdx.rb +13 -13
- data/lib/utils/spdx.txt +343 -343
- metadata +12 -5
|
@@ -1,84 +1,84 @@
|
|
|
1
|
-
# encoding: utf-8
|
|
2
|
-
# frozen_string_literal: true
|
|
3
|
-
# author: Christoph Hartmann
|
|
4
|
-
# author: Dominik Richter
|
|
5
|
-
|
|
6
|
-
require 'net/http'
|
|
7
|
-
require 'addressable/uri'
|
|
8
|
-
|
|
9
|
-
module Supermarket
|
|
10
|
-
class API
|
|
11
|
-
SUPERMARKET_URL = 'https://supermarket.chef.io'
|
|
12
|
-
|
|
13
|
-
# displays a list of profiles
|
|
14
|
-
def self.profiles(supermarket_url = SUPERMARKET_URL)
|
|
15
|
-
url = "#{supermarket_url}/api/v1/tools-search"
|
|
16
|
-
_success, data = get(url, { type: 'compliance_profile', items: 100 })
|
|
17
|
-
if !data.nil?
|
|
18
|
-
profiles = JSON.parse(data)
|
|
19
|
-
profiles['items'].map { |x|
|
|
20
|
-
m = %r{^#{supermarket_url}/api/v1/tools/(?<slug>[\w-]+)(/)?$}.match(x['tool'])
|
|
21
|
-
x['slug'] = m[:slug]
|
|
22
|
-
x
|
|
23
|
-
}
|
|
24
|
-
else
|
|
25
|
-
[]
|
|
26
|
-
end
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
def self.profile_name(profile)
|
|
30
|
-
# We use Addressable::URI here because URI has a bug in Ruby 2.1.x where it doesn't allow underscore in host
|
|
31
|
-
uri = Addressable::URI.parse profile
|
|
32
|
-
[uri.host, uri.path[1..-1]]
|
|
33
|
-
rescue
|
|
34
|
-
nil
|
|
35
|
-
end
|
|
36
|
-
|
|
37
|
-
# displays profile infos
|
|
38
|
-
def self.info(profile, supermarket_url = SUPERMARKET_URL)
|
|
39
|
-
_tool_owner, tool_name = profile_name("supermarket://#{profile}")
|
|
40
|
-
return if tool_name.nil? || tool_name.empty?
|
|
41
|
-
url = "#{supermarket_url}/api/v1/tools/#{tool_name}"
|
|
42
|
-
_success, data = get(url, {})
|
|
43
|
-
JSON.parse(data) if !data.nil?
|
|
44
|
-
rescue JSON::ParserError
|
|
45
|
-
nil
|
|
46
|
-
end
|
|
47
|
-
|
|
48
|
-
# compares a profile with the supermarket tool info
|
|
49
|
-
def self.same?(profile, supermarket_tool, supermarket_url = SUPERMARKET_URL)
|
|
50
|
-
tool_owner, tool_name = profile_name(profile)
|
|
51
|
-
tool = "#{supermarket_url}/api/v1/tools/#{tool_name}"
|
|
52
|
-
supermarket_tool['tool_owner'] == tool_owner && supermarket_tool['tool'] == tool
|
|
53
|
-
end
|
|
54
|
-
|
|
55
|
-
def self.find(profile, supermarket_url = SUPERMARKET_URL)
|
|
56
|
-
profiles = Supermarket::API.profiles(supermarket_url)
|
|
57
|
-
return if profiles.empty?
|
|
58
|
-
|
|
59
|
-
index = profiles.index { |t| same?(profile, t, supermarket_url) }
|
|
60
|
-
# return profile or nil
|
|
61
|
-
profiles[index] if !index.nil? && index >= 0
|
|
62
|
-
end
|
|
63
|
-
|
|
64
|
-
# verifies that a profile exists
|
|
65
|
-
def self.exist?(profile, supermarket_url = SUPERMARKET_URL)
|
|
66
|
-
!find(profile, supermarket_url).nil?
|
|
67
|
-
end
|
|
68
|
-
|
|
69
|
-
def self.get(url, params)
|
|
70
|
-
uri = URI.parse(url)
|
|
71
|
-
uri.query = URI.encode_www_form(params)
|
|
72
|
-
req = Net::HTTP::Get.new(uri)
|
|
73
|
-
send_request(uri, req)
|
|
74
|
-
end
|
|
75
|
-
|
|
76
|
-
def self.send_request(uri, req)
|
|
77
|
-
# send request
|
|
78
|
-
res = Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == 'https') do |http|
|
|
79
|
-
http.request(req)
|
|
80
|
-
end
|
|
81
|
-
[res.is_a?(Net::HTTPSuccess), res.body]
|
|
82
|
-
end
|
|
83
|
-
end
|
|
84
|
-
end
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
# author: Christoph Hartmann
|
|
4
|
+
# author: Dominik Richter
|
|
5
|
+
|
|
6
|
+
require 'net/http'
|
|
7
|
+
require 'addressable/uri'
|
|
8
|
+
|
|
9
|
+
module Supermarket
|
|
10
|
+
class API
|
|
11
|
+
SUPERMARKET_URL = 'https://supermarket.chef.io'
|
|
12
|
+
|
|
13
|
+
# displays a list of profiles
|
|
14
|
+
def self.profiles(supermarket_url = SUPERMARKET_URL)
|
|
15
|
+
url = "#{supermarket_url}/api/v1/tools-search"
|
|
16
|
+
_success, data = get(url, { type: 'compliance_profile', items: 100 })
|
|
17
|
+
if !data.nil?
|
|
18
|
+
profiles = JSON.parse(data)
|
|
19
|
+
profiles['items'].map { |x|
|
|
20
|
+
m = %r{^#{supermarket_url}/api/v1/tools/(?<slug>[\w-]+)(/)?$}.match(x['tool'])
|
|
21
|
+
x['slug'] = m[:slug]
|
|
22
|
+
x
|
|
23
|
+
}
|
|
24
|
+
else
|
|
25
|
+
[]
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def self.profile_name(profile)
|
|
30
|
+
# We use Addressable::URI here because URI has a bug in Ruby 2.1.x where it doesn't allow underscore in host
|
|
31
|
+
uri = Addressable::URI.parse profile
|
|
32
|
+
[uri.host, uri.path[1..-1]]
|
|
33
|
+
rescue
|
|
34
|
+
nil
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
# displays profile infos
|
|
38
|
+
def self.info(profile, supermarket_url = SUPERMARKET_URL)
|
|
39
|
+
_tool_owner, tool_name = profile_name("supermarket://#{profile}")
|
|
40
|
+
return if tool_name.nil? || tool_name.empty?
|
|
41
|
+
url = "#{supermarket_url}/api/v1/tools/#{tool_name}"
|
|
42
|
+
_success, data = get(url, {})
|
|
43
|
+
JSON.parse(data) if !data.nil?
|
|
44
|
+
rescue JSON::ParserError
|
|
45
|
+
nil
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
# compares a profile with the supermarket tool info
|
|
49
|
+
def self.same?(profile, supermarket_tool, supermarket_url = SUPERMARKET_URL)
|
|
50
|
+
tool_owner, tool_name = profile_name(profile)
|
|
51
|
+
tool = "#{supermarket_url}/api/v1/tools/#{tool_name}"
|
|
52
|
+
supermarket_tool['tool_owner'] == tool_owner && supermarket_tool['tool'] == tool
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def self.find(profile, supermarket_url = SUPERMARKET_URL)
|
|
56
|
+
profiles = Supermarket::API.profiles(supermarket_url)
|
|
57
|
+
return if profiles.empty?
|
|
58
|
+
|
|
59
|
+
index = profiles.index { |t| same?(profile, t, supermarket_url) }
|
|
60
|
+
# return profile or nil
|
|
61
|
+
profiles[index] if !index.nil? && index >= 0
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
# verifies that a profile exists
|
|
65
|
+
def self.exist?(profile, supermarket_url = SUPERMARKET_URL)
|
|
66
|
+
!find(profile, supermarket_url).nil?
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
def self.get(url, params)
|
|
70
|
+
uri = URI.parse(url)
|
|
71
|
+
uri.query = URI.encode_www_form(params)
|
|
72
|
+
req = Net::HTTP::Get.new(uri)
|
|
73
|
+
send_request(uri, req)
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def self.send_request(uri, req)
|
|
77
|
+
# send request
|
|
78
|
+
res = Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == 'https') do |http|
|
|
79
|
+
http.request(req)
|
|
80
|
+
end
|
|
81
|
+
[res.is_a?(Net::HTTPSuccess), res.body]
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
end
|
|
@@ -1,73 +1,73 @@
|
|
|
1
|
-
# encoding: utf-8
|
|
2
|
-
# author: Christoph Hartmann
|
|
3
|
-
# author: Dominik Richter
|
|
4
|
-
|
|
5
|
-
module Supermarket
|
|
6
|
-
class SupermarketCLI < Inspec::BaseCLI
|
|
7
|
-
namespace 'supermarket'
|
|
8
|
-
|
|
9
|
-
# TODO: find another solution, once https://github.com/erikhuda/thor/issues/261 is fixed
|
|
10
|
-
def self.banner(command, _namespace = nil, _subcommand = false)
|
|
11
|
-
"#{basename} #{subcommand_prefix} #{command.usage}"
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
def self.subcommand_prefix
|
|
15
|
-
namespace
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
desc 'profiles', 'list all available profiles in Chef Supermarket'
|
|
19
|
-
def profiles
|
|
20
|
-
# display profiles in format user/profile
|
|
21
|
-
supermarket_profiles = Supermarket::API.profiles
|
|
22
|
-
|
|
23
|
-
headline('Available profiles:')
|
|
24
|
-
supermarket_profiles.each { |p|
|
|
25
|
-
li("#{p['tool_name']} #{mark_text(p['tool_owner'] + '/' + p['slug'])}")
|
|
26
|
-
}
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
desc 'exec PROFILE', 'execute a Supermarket profile'
|
|
30
|
-
exec_options
|
|
31
|
-
def exec(*tests)
|
|
32
|
-
o = opts(:exec).dup
|
|
33
|
-
diagnose(o)
|
|
34
|
-
configure_logger(o)
|
|
35
|
-
|
|
36
|
-
# iterate over tests and add compliance scheme
|
|
37
|
-
tests = tests.map { |t| 'supermarket://' + t }
|
|
38
|
-
|
|
39
|
-
runner = Inspec::Runner.new(o)
|
|
40
|
-
tests.each { |target| runner.add_target(target) }
|
|
41
|
-
|
|
42
|
-
exit runner.run
|
|
43
|
-
rescue ArgumentError, RuntimeError, Train::UserError => e
|
|
44
|
-
$stderr.puts e.message
|
|
45
|
-
exit 1
|
|
46
|
-
end
|
|
47
|
-
|
|
48
|
-
desc 'info PROFILE', 'display Supermarket profile details'
|
|
49
|
-
def info(profile)
|
|
50
|
-
# check that the profile is available
|
|
51
|
-
supermarket_profiles = Supermarket::API.profiles
|
|
52
|
-
found = supermarket_profiles.select { |p|
|
|
53
|
-
profile == "#{p['tool_owner']}/#{p['slug']}"
|
|
54
|
-
}
|
|
55
|
-
|
|
56
|
-
if found.empty?
|
|
57
|
-
puts "#{mark_text(profile)} is not available on Supermarket"
|
|
58
|
-
return
|
|
59
|
-
end
|
|
60
|
-
|
|
61
|
-
# load details for the specific profile
|
|
62
|
-
info = Supermarket::API.info(profile)
|
|
63
|
-
puts "#{mark_text('name: ')} #{info['slug']}"
|
|
64
|
-
puts "#{mark_text('owner:')} #{info['owner']}"
|
|
65
|
-
puts "#{mark_text('url: ')} #{info['source_url']}"
|
|
66
|
-
puts
|
|
67
|
-
puts "#{mark_text('description: ')} #{info['description']}"
|
|
68
|
-
end
|
|
69
|
-
end
|
|
70
|
-
|
|
71
|
-
# register the subcommand to Inspec CLI registry
|
|
72
|
-
Inspec::Plugins::CLI.add_subcommand(SupermarketCLI, 'supermarket', 'supermarket SUBCOMMAND ...', 'Supermarket commands', {})
|
|
73
|
-
end
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
# author: Christoph Hartmann
|
|
3
|
+
# author: Dominik Richter
|
|
4
|
+
|
|
5
|
+
module Supermarket
|
|
6
|
+
class SupermarketCLI < Inspec::BaseCLI
|
|
7
|
+
namespace 'supermarket'
|
|
8
|
+
|
|
9
|
+
# TODO: find another solution, once https://github.com/erikhuda/thor/issues/261 is fixed
|
|
10
|
+
def self.banner(command, _namespace = nil, _subcommand = false)
|
|
11
|
+
"#{basename} #{subcommand_prefix} #{command.usage}"
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def self.subcommand_prefix
|
|
15
|
+
namespace
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
desc 'profiles', 'list all available profiles in Chef Supermarket'
|
|
19
|
+
def profiles
|
|
20
|
+
# display profiles in format user/profile
|
|
21
|
+
supermarket_profiles = Supermarket::API.profiles
|
|
22
|
+
|
|
23
|
+
headline('Available profiles:')
|
|
24
|
+
supermarket_profiles.each { |p|
|
|
25
|
+
li("#{p['tool_name']} #{mark_text(p['tool_owner'] + '/' + p['slug'])}")
|
|
26
|
+
}
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
desc 'exec PROFILE', 'execute a Supermarket profile'
|
|
30
|
+
exec_options
|
|
31
|
+
def exec(*tests)
|
|
32
|
+
o = opts(:exec).dup
|
|
33
|
+
diagnose(o)
|
|
34
|
+
configure_logger(o)
|
|
35
|
+
|
|
36
|
+
# iterate over tests and add compliance scheme
|
|
37
|
+
tests = tests.map { |t| 'supermarket://' + t }
|
|
38
|
+
|
|
39
|
+
runner = Inspec::Runner.new(o)
|
|
40
|
+
tests.each { |target| runner.add_target(target) }
|
|
41
|
+
|
|
42
|
+
exit runner.run
|
|
43
|
+
rescue ArgumentError, RuntimeError, Train::UserError => e
|
|
44
|
+
$stderr.puts e.message
|
|
45
|
+
exit 1
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
desc 'info PROFILE', 'display Supermarket profile details'
|
|
49
|
+
def info(profile)
|
|
50
|
+
# check that the profile is available
|
|
51
|
+
supermarket_profiles = Supermarket::API.profiles
|
|
52
|
+
found = supermarket_profiles.select { |p|
|
|
53
|
+
profile == "#{p['tool_owner']}/#{p['slug']}"
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
if found.empty?
|
|
57
|
+
puts "#{mark_text(profile)} is not available on Supermarket"
|
|
58
|
+
return
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
# load details for the specific profile
|
|
62
|
+
info = Supermarket::API.info(profile)
|
|
63
|
+
puts "#{mark_text('name: ')} #{info['slug']}"
|
|
64
|
+
puts "#{mark_text('owner:')} #{info['owner']}"
|
|
65
|
+
puts "#{mark_text('url: ')} #{info['source_url']}"
|
|
66
|
+
puts
|
|
67
|
+
puts "#{mark_text('description: ')} #{info['description']}"
|
|
68
|
+
end
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
# register the subcommand to Inspec CLI registry
|
|
72
|
+
Inspec::Plugins::CLI.add_subcommand(SupermarketCLI, 'supermarket', 'supermarket SUBCOMMAND ...', 'Supermarket commands', {})
|
|
73
|
+
end
|
|
@@ -1,34 +1,34 @@
|
|
|
1
|
-
# encoding: utf-8
|
|
2
|
-
# author: Christoph Hartmann
|
|
3
|
-
# author: Dominik Richter
|
|
4
|
-
|
|
5
|
-
require 'uri'
|
|
6
|
-
require 'inspec/fetcher'
|
|
7
|
-
require 'fetchers/url'
|
|
8
|
-
|
|
9
|
-
# InSpec Target Helper for Supermarket
|
|
10
|
-
module Supermarket
|
|
11
|
-
class Fetcher < Inspec.fetcher(1)
|
|
12
|
-
name 'supermarket'
|
|
13
|
-
priority 500
|
|
14
|
-
|
|
15
|
-
def self.resolve(target, opts = {})
|
|
16
|
-
supermarket_uri, supermarket_server = if target.is_a?(String) && URI(target).scheme == 'supermarket'
|
|
17
|
-
[target, Supermarket::API::SUPERMARKET_URL]
|
|
18
|
-
elsif target.respond_to?(:key?) && target.key?(:supermarket)
|
|
19
|
-
supermarket_server = target[:supermarket_url] || Supermarket::API::SUPERMARKET_URL
|
|
20
|
-
["supermarket://#{target[:supermarket]}", supermarket_server]
|
|
21
|
-
end
|
|
22
|
-
return nil unless supermarket_uri
|
|
23
|
-
return nil unless Supermarket::API.exist?(supermarket_uri, supermarket_server)
|
|
24
|
-
tool_info = Supermarket::API.find(supermarket_uri, supermarket_server)
|
|
25
|
-
resolve_next(tool_info['tool_source_url'], opts)
|
|
26
|
-
rescue URI::Error
|
|
27
|
-
nil
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
def to_s
|
|
31
|
-
'Chef Compliance Profile Loader'
|
|
32
|
-
end
|
|
33
|
-
end
|
|
34
|
-
end
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
# author: Christoph Hartmann
|
|
3
|
+
# author: Dominik Richter
|
|
4
|
+
|
|
5
|
+
require 'uri'
|
|
6
|
+
require 'inspec/fetcher'
|
|
7
|
+
require 'fetchers/url'
|
|
8
|
+
|
|
9
|
+
# InSpec Target Helper for Supermarket
|
|
10
|
+
module Supermarket
|
|
11
|
+
class Fetcher < Inspec.fetcher(1)
|
|
12
|
+
name 'supermarket'
|
|
13
|
+
priority 500
|
|
14
|
+
|
|
15
|
+
def self.resolve(target, opts = {})
|
|
16
|
+
supermarket_uri, supermarket_server = if target.is_a?(String) && URI(target).scheme == 'supermarket'
|
|
17
|
+
[target, Supermarket::API::SUPERMARKET_URL]
|
|
18
|
+
elsif target.respond_to?(:key?) && target.key?(:supermarket)
|
|
19
|
+
supermarket_server = target[:supermarket_url] || Supermarket::API::SUPERMARKET_URL
|
|
20
|
+
["supermarket://#{target[:supermarket]}", supermarket_server]
|
|
21
|
+
end
|
|
22
|
+
return nil unless supermarket_uri
|
|
23
|
+
return nil unless Supermarket::API.exist?(supermarket_uri, supermarket_server)
|
|
24
|
+
tool_info = Supermarket::API.find(supermarket_uri, supermarket_server)
|
|
25
|
+
resolve_next(tool_info['tool_source_url'], opts)
|
|
26
|
+
rescue URI::Error
|
|
27
|
+
nil
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def to_s
|
|
31
|
+
'Chef Compliance Profile Loader'
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
data/lib/fetchers/git.rb
CHANGED
|
@@ -1,163 +1,163 @@
|
|
|
1
|
-
# encoding: utf-8
|
|
2
|
-
require 'tmpdir'
|
|
3
|
-
require 'fileutils'
|
|
4
|
-
require 'mixlib/shellout'
|
|
5
|
-
require 'inspec/log'
|
|
6
|
-
|
|
7
|
-
module Fetchers
|
|
8
|
-
#
|
|
9
|
-
# The git fetcher uses the git binary to fetch remote git sources.
|
|
10
|
-
# Git-based sources should be specified with the `git:` key in the
|
|
11
|
-
# source hash. Additionally, we accept `:branch`, `:ref`, and `:tag`
|
|
12
|
-
# keys to allow users to pin to a particular revision.
|
|
13
|
-
#
|
|
14
|
-
# Parts of this class are derived from:
|
|
15
|
-
#
|
|
16
|
-
# https://github.com/chef/omnibus/blob/master/lib/omnibus/fetchers/git_fetcher.rb
|
|
17
|
-
#
|
|
18
|
-
# which is Copyright 2012-2014 Chef Software, Inc. and offered under
|
|
19
|
-
# the same Apache 2 software license as inspec.
|
|
20
|
-
#
|
|
21
|
-
# Many thanks to the omnibus authors!
|
|
22
|
-
#
|
|
23
|
-
# Note that we haven't replicated all of omnibus' features here. If
|
|
24
|
-
# you got to this file during debugging, you may want to look at the
|
|
25
|
-
# omnibus source for hints.
|
|
26
|
-
#
|
|
27
|
-
class Git < Inspec.fetcher(1)
|
|
28
|
-
name 'git'
|
|
29
|
-
priority 200
|
|
30
|
-
|
|
31
|
-
def self.resolve(target, opts = {})
|
|
32
|
-
new(target[:git], opts.merge(target)) if target.respond_to?(:has_key?) && target.key?(:git)
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
def initialize(remote_url, opts = {})
|
|
36
|
-
@branch = opts[:branch]
|
|
37
|
-
@tag = opts[:tag]
|
|
38
|
-
@ref = opts[:ref]
|
|
39
|
-
@remote_url = remote_url
|
|
40
|
-
@repo_directory = nil
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
def fetch(dir)
|
|
44
|
-
@repo_directory = dir
|
|
45
|
-
FileUtils.mkdir_p(dir) unless Dir.exist?(dir)
|
|
46
|
-
|
|
47
|
-
if cloned?
|
|
48
|
-
checkout
|
|
49
|
-
else
|
|
50
|
-
Dir.mktmpdir do |tmpdir|
|
|
51
|
-
checkout(tmpdir)
|
|
52
|
-
Inspec::Log.debug("Checkout of #{resolved_ref} successful. Moving checkout to #{dir}")
|
|
53
|
-
FileUtils.cp_r(tmpdir, @repo_directory)
|
|
54
|
-
end
|
|
55
|
-
end
|
|
56
|
-
@repo_directory
|
|
57
|
-
end
|
|
58
|
-
|
|
59
|
-
def cache_key
|
|
60
|
-
resolved_ref
|
|
61
|
-
end
|
|
62
|
-
|
|
63
|
-
def archive_path
|
|
64
|
-
@repo_directory
|
|
65
|
-
end
|
|
66
|
-
|
|
67
|
-
def resolved_source
|
|
68
|
-
{ git: @remote_url, ref: resolved_ref }
|
|
69
|
-
end
|
|
70
|
-
|
|
71
|
-
private
|
|
72
|
-
|
|
73
|
-
def resolved_ref
|
|
74
|
-
@resolved_ref ||= if @ref
|
|
75
|
-
@ref
|
|
76
|
-
elsif @branch
|
|
77
|
-
resolve_ref(@branch)
|
|
78
|
-
elsif @tag
|
|
79
|
-
resolve_ref(@tag)
|
|
80
|
-
else
|
|
81
|
-
resolve_ref('master')
|
|
82
|
-
end
|
|
83
|
-
end
|
|
84
|
-
|
|
85
|
-
def resolve_ref(ref_name)
|
|
86
|
-
cmd = shellout("git ls-remote \"#{@remote_url}\" \"#{ref_name}*\"")
|
|
87
|
-
ref = parse_ls_remote(cmd.stdout, ref_name)
|
|
88
|
-
if !ref
|
|
89
|
-
raise "Unable to resolve #{ref_name} to a specific git commit for #{@remote_url}"
|
|
90
|
-
end
|
|
91
|
-
ref
|
|
92
|
-
end
|
|
93
|
-
|
|
94
|
-
#
|
|
95
|
-
# The following comment is a minor modification of the comment in
|
|
96
|
-
# the omnibus source for a similar function:
|
|
97
|
-
#
|
|
98
|
-
# Dereference annotated tags.
|
|
99
|
-
#
|
|
100
|
-
# The +remote_list+ parameter is assumed to look like this:
|
|
101
|
-
#
|
|
102
|
-
# a2ed66c01f42514bcab77fd628149eccb4ecee28 refs/tags/rel-0.11.0
|
|
103
|
-
# f915286abdbc1907878376cce9222ac0b08b12b8 refs/tags/rel-0.11.0^{}
|
|
104
|
-
#
|
|
105
|
-
# The SHA with ^{} is the commit pointed to by an annotated
|
|
106
|
-
# tag. If ref isn't an annotated tag, there will not be a line
|
|
107
|
-
# with trailing ^{}.
|
|
108
|
-
#
|
|
109
|
-
# @param [String] output
|
|
110
|
-
# output from `git ls-remote origin` command
|
|
111
|
-
# @param [String] ref_name
|
|
112
|
-
# the target git ref_name
|
|
113
|
-
#
|
|
114
|
-
# @return [String]
|
|
115
|
-
#
|
|
116
|
-
def parse_ls_remote(output, ref_name)
|
|
117
|
-
pairs = output.lines.map { |l| l.chomp.split("\t") }
|
|
118
|
-
tagged_commit = pairs.find { |m| m[1].end_with?("#{ref_name}^{}") }
|
|
119
|
-
if tagged_commit
|
|
120
|
-
tagged_commit.first
|
|
121
|
-
else
|
|
122
|
-
pairs.find { |m| m[1].end_with?(ref_name.to_s) }&.first
|
|
123
|
-
end
|
|
124
|
-
end
|
|
125
|
-
|
|
126
|
-
def cloned?
|
|
127
|
-
File.directory?(File.join(@repo_directory, '.git'))
|
|
128
|
-
end
|
|
129
|
-
|
|
130
|
-
def clone(dir = @repo_directory)
|
|
131
|
-
git_cmd("clone #{@remote_url} ./", dir) unless cloned?
|
|
132
|
-
@repo_directory
|
|
133
|
-
end
|
|
134
|
-
|
|
135
|
-
def checkout(dir = @repo_directory)
|
|
136
|
-
clone(dir)
|
|
137
|
-
git_cmd("checkout #{resolved_ref}", dir)
|
|
138
|
-
@repo_directory
|
|
139
|
-
end
|
|
140
|
-
|
|
141
|
-
def git_cmd(cmd, dir = @repo_directory)
|
|
142
|
-
cmd = shellout("git #{cmd}", cwd: dir)
|
|
143
|
-
cmd.error!
|
|
144
|
-
cmd.status
|
|
145
|
-
rescue Errno::ENOENT
|
|
146
|
-
raise 'To use git sources, you must have git installed.'
|
|
147
|
-
end
|
|
148
|
-
|
|
149
|
-
def shellout(cmd, opts = {})
|
|
150
|
-
Inspec::Log.debug("Running external command: #{cmd} (#{opts})")
|
|
151
|
-
cmd = Mixlib::ShellOut.new(cmd, opts)
|
|
152
|
-
cmd.run_command
|
|
153
|
-
Inspec::Log.debug("External command: completed with exit status: #{cmd.exitstatus}")
|
|
154
|
-
Inspec::Log.debug('External command: STDOUT BEGIN')
|
|
155
|
-
Inspec::Log.debug(cmd.stdout)
|
|
156
|
-
Inspec::Log.debug('External command: STDOUT END')
|
|
157
|
-
Inspec::Log.debug('External command: STDERR BEGIN')
|
|
158
|
-
Inspec::Log.debug(cmd.stderr)
|
|
159
|
-
Inspec::Log.debug('External command: STDERR END')
|
|
160
|
-
cmd
|
|
161
|
-
end
|
|
162
|
-
end
|
|
163
|
-
end
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
require 'tmpdir'
|
|
3
|
+
require 'fileutils'
|
|
4
|
+
require 'mixlib/shellout'
|
|
5
|
+
require 'inspec/log'
|
|
6
|
+
|
|
7
|
+
module Fetchers
|
|
8
|
+
#
|
|
9
|
+
# The git fetcher uses the git binary to fetch remote git sources.
|
|
10
|
+
# Git-based sources should be specified with the `git:` key in the
|
|
11
|
+
# source hash. Additionally, we accept `:branch`, `:ref`, and `:tag`
|
|
12
|
+
# keys to allow users to pin to a particular revision.
|
|
13
|
+
#
|
|
14
|
+
# Parts of this class are derived from:
|
|
15
|
+
#
|
|
16
|
+
# https://github.com/chef/omnibus/blob/master/lib/omnibus/fetchers/git_fetcher.rb
|
|
17
|
+
#
|
|
18
|
+
# which is Copyright 2012-2014 Chef Software, Inc. and offered under
|
|
19
|
+
# the same Apache 2 software license as inspec.
|
|
20
|
+
#
|
|
21
|
+
# Many thanks to the omnibus authors!
|
|
22
|
+
#
|
|
23
|
+
# Note that we haven't replicated all of omnibus' features here. If
|
|
24
|
+
# you got to this file during debugging, you may want to look at the
|
|
25
|
+
# omnibus source for hints.
|
|
26
|
+
#
|
|
27
|
+
class Git < Inspec.fetcher(1)
|
|
28
|
+
name 'git'
|
|
29
|
+
priority 200
|
|
30
|
+
|
|
31
|
+
def self.resolve(target, opts = {})
|
|
32
|
+
new(target[:git], opts.merge(target)) if target.respond_to?(:has_key?) && target.key?(:git)
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def initialize(remote_url, opts = {})
|
|
36
|
+
@branch = opts[:branch]
|
|
37
|
+
@tag = opts[:tag]
|
|
38
|
+
@ref = opts[:ref]
|
|
39
|
+
@remote_url = remote_url
|
|
40
|
+
@repo_directory = nil
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def fetch(dir)
|
|
44
|
+
@repo_directory = dir
|
|
45
|
+
FileUtils.mkdir_p(dir) unless Dir.exist?(dir)
|
|
46
|
+
|
|
47
|
+
if cloned?
|
|
48
|
+
checkout
|
|
49
|
+
else
|
|
50
|
+
Dir.mktmpdir do |tmpdir|
|
|
51
|
+
checkout(tmpdir)
|
|
52
|
+
Inspec::Log.debug("Checkout of #{resolved_ref} successful. Moving checkout to #{dir}")
|
|
53
|
+
FileUtils.cp_r(tmpdir, @repo_directory)
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
@repo_directory
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
def cache_key
|
|
60
|
+
resolved_ref
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
def archive_path
|
|
64
|
+
@repo_directory
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
def resolved_source
|
|
68
|
+
{ git: @remote_url, ref: resolved_ref }
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
private
|
|
72
|
+
|
|
73
|
+
def resolved_ref
|
|
74
|
+
@resolved_ref ||= if @ref
|
|
75
|
+
@ref
|
|
76
|
+
elsif @branch
|
|
77
|
+
resolve_ref(@branch)
|
|
78
|
+
elsif @tag
|
|
79
|
+
resolve_ref(@tag)
|
|
80
|
+
else
|
|
81
|
+
resolve_ref('master')
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
def resolve_ref(ref_name)
|
|
86
|
+
cmd = shellout("git ls-remote \"#{@remote_url}\" \"#{ref_name}*\"")
|
|
87
|
+
ref = parse_ls_remote(cmd.stdout, ref_name)
|
|
88
|
+
if !ref
|
|
89
|
+
raise "Unable to resolve #{ref_name} to a specific git commit for #{@remote_url}"
|
|
90
|
+
end
|
|
91
|
+
ref
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
#
|
|
95
|
+
# The following comment is a minor modification of the comment in
|
|
96
|
+
# the omnibus source for a similar function:
|
|
97
|
+
#
|
|
98
|
+
# Dereference annotated tags.
|
|
99
|
+
#
|
|
100
|
+
# The +remote_list+ parameter is assumed to look like this:
|
|
101
|
+
#
|
|
102
|
+
# a2ed66c01f42514bcab77fd628149eccb4ecee28 refs/tags/rel-0.11.0
|
|
103
|
+
# f915286abdbc1907878376cce9222ac0b08b12b8 refs/tags/rel-0.11.0^{}
|
|
104
|
+
#
|
|
105
|
+
# The SHA with ^{} is the commit pointed to by an annotated
|
|
106
|
+
# tag. If ref isn't an annotated tag, there will not be a line
|
|
107
|
+
# with trailing ^{}.
|
|
108
|
+
#
|
|
109
|
+
# @param [String] output
|
|
110
|
+
# output from `git ls-remote origin` command
|
|
111
|
+
# @param [String] ref_name
|
|
112
|
+
# the target git ref_name
|
|
113
|
+
#
|
|
114
|
+
# @return [String]
|
|
115
|
+
#
|
|
116
|
+
def parse_ls_remote(output, ref_name)
|
|
117
|
+
pairs = output.lines.map { |l| l.chomp.split("\t") }
|
|
118
|
+
tagged_commit = pairs.find { |m| m[1].end_with?("#{ref_name}^{}") }
|
|
119
|
+
if tagged_commit
|
|
120
|
+
tagged_commit.first
|
|
121
|
+
else
|
|
122
|
+
pairs.find { |m| m[1].end_with?(ref_name.to_s) }&.first
|
|
123
|
+
end
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
def cloned?
|
|
127
|
+
File.directory?(File.join(@repo_directory, '.git'))
|
|
128
|
+
end
|
|
129
|
+
|
|
130
|
+
def clone(dir = @repo_directory)
|
|
131
|
+
git_cmd("clone #{@remote_url} ./", dir) unless cloned?
|
|
132
|
+
@repo_directory
|
|
133
|
+
end
|
|
134
|
+
|
|
135
|
+
def checkout(dir = @repo_directory)
|
|
136
|
+
clone(dir)
|
|
137
|
+
git_cmd("checkout #{resolved_ref}", dir)
|
|
138
|
+
@repo_directory
|
|
139
|
+
end
|
|
140
|
+
|
|
141
|
+
def git_cmd(cmd, dir = @repo_directory)
|
|
142
|
+
cmd = shellout("git #{cmd}", cwd: dir)
|
|
143
|
+
cmd.error!
|
|
144
|
+
cmd.status
|
|
145
|
+
rescue Errno::ENOENT
|
|
146
|
+
raise 'To use git sources, you must have git installed.'
|
|
147
|
+
end
|
|
148
|
+
|
|
149
|
+
def shellout(cmd, opts = {})
|
|
150
|
+
Inspec::Log.debug("Running external command: #{cmd} (#{opts})")
|
|
151
|
+
cmd = Mixlib::ShellOut.new(cmd, opts)
|
|
152
|
+
cmd.run_command
|
|
153
|
+
Inspec::Log.debug("External command: completed with exit status: #{cmd.exitstatus}")
|
|
154
|
+
Inspec::Log.debug('External command: STDOUT BEGIN')
|
|
155
|
+
Inspec::Log.debug(cmd.stdout)
|
|
156
|
+
Inspec::Log.debug('External command: STDOUT END')
|
|
157
|
+
Inspec::Log.debug('External command: STDERR BEGIN')
|
|
158
|
+
Inspec::Log.debug(cmd.stderr)
|
|
159
|
+
Inspec::Log.debug('External command: STDERR END')
|
|
160
|
+
cmd
|
|
161
|
+
end
|
|
162
|
+
end
|
|
163
|
+
end
|