inspec 2.1.81 → 2.1.83
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.rubocop.yml +101 -101
- data/CHANGELOG.md +3183 -3177
- data/Gemfile +56 -56
- data/LICENSE +14 -14
- data/MAINTAINERS.md +33 -33
- data/MAINTAINERS.toml +52 -52
- data/README.md +453 -453
- data/Rakefile +349 -349
- data/bin/inspec +12 -12
- data/docs/.gitignore +2 -2
- data/docs/README.md +41 -40
- data/docs/dev/control-eval.md +61 -61
- data/docs/dsl_inspec.md +258 -258
- data/docs/dsl_resource.md +100 -100
- data/docs/glossary.md +99 -99
- data/docs/habitat.md +191 -191
- data/docs/inspec_and_friends.md +114 -114
- data/docs/matchers.md +169 -169
- data/docs/migration.md +293 -293
- data/docs/platforms.md +118 -118
- data/docs/plugin_kitchen_inspec.md +50 -50
- data/docs/profiles.md +378 -378
- data/docs/reporters.md +105 -105
- data/docs/resources/aide_conf.md.erb +75 -75
- data/docs/resources/apache.md.erb +67 -67
- data/docs/resources/apache_conf.md.erb +68 -68
- data/docs/resources/apt.md.erb +71 -71
- data/docs/resources/audit_policy.md.erb +47 -47
- data/docs/resources/auditd.md.erb +79 -79
- data/docs/resources/auditd_conf.md.erb +68 -68
- data/docs/resources/aws_cloudtrail_trail.md.erb +155 -155
- data/docs/resources/aws_cloudtrail_trails.md.erb +86 -86
- data/docs/resources/aws_cloudwatch_alarm.md.erb +91 -91
- data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +154 -154
- data/docs/resources/aws_config_delivery_channel.md.erb +101 -101
- data/docs/resources/aws_config_recorder.md.erb +86 -86
- data/docs/resources/aws_ec2_instance.md.erb +112 -112
- data/docs/resources/aws_ec2_instances.md.erb +79 -79
- data/docs/resources/aws_iam_access_key.md.erb +129 -129
- data/docs/resources/aws_iam_access_keys.md.erb +204 -204
- data/docs/resources/aws_iam_group.md.erb +64 -64
- data/docs/resources/aws_iam_groups.md.erb +49 -49
- data/docs/resources/aws_iam_password_policy.md.erb +82 -82
- data/docs/resources/aws_iam_policies.md.erb +87 -87
- data/docs/resources/aws_iam_policy.md.erb +245 -245
- data/docs/resources/aws_iam_role.md.erb +69 -69
- data/docs/resources/aws_iam_root_user.md.erb +76 -76
- data/docs/resources/aws_iam_user.md.erb +120 -120
- data/docs/resources/aws_iam_users.md.erb +279 -279
- data/docs/resources/aws_kms_key.md.erb +177 -177
- data/docs/resources/aws_kms_keys.md.erb +89 -89
- data/docs/resources/aws_rds_instance.md.erb +66 -66
- data/docs/resources/aws_route_table.md.erb +53 -53
- data/docs/resources/aws_route_tables.md.erb +55 -55
- data/docs/resources/aws_s3_bucket.md.erb +146 -146
- data/docs/resources/aws_s3_bucket_object.md.erb +89 -89
- data/docs/resources/aws_s3_buckets.md.erb +59 -59
- data/docs/resources/aws_security_group.md.erb +296 -296
- data/docs/resources/aws_security_groups.md.erb +97 -97
- data/docs/resources/aws_sns_subscription.md.erb +130 -130
- data/docs/resources/aws_sns_topic.md.erb +69 -69
- data/docs/resources/aws_sns_topics.md.erb +58 -58
- data/docs/resources/aws_subnet.md.erb +140 -140
- data/docs/resources/aws_subnets.md.erb +132 -132
- data/docs/resources/aws_vpc.md.erb +125 -125
- data/docs/resources/aws_vpcs.md.erb +125 -125
- data/docs/resources/azure_generic_resource.md.erb +171 -171
- data/docs/resources/azure_resource_group.md.erb +284 -284
- data/docs/resources/azure_virtual_machine.md.erb +347 -347
- data/docs/resources/azure_virtual_machine_data_disk.md.erb +224 -224
- data/docs/resources/bash.md.erb +75 -75
- data/docs/resources/bond.md.erb +90 -90
- data/docs/resources/bridge.md.erb +57 -57
- data/docs/resources/bsd_service.md.erb +67 -67
- data/docs/resources/chocolatey_package.md.erb +58 -58
- data/docs/resources/command.md.erb +138 -138
- data/docs/resources/cpan.md.erb +79 -79
- data/docs/resources/cran.md.erb +64 -64
- data/docs/resources/crontab.md.erb +89 -89
- data/docs/resources/csv.md.erb +54 -54
- data/docs/resources/dh_params.md.erb +205 -205
- data/docs/resources/directory.md.erb +30 -30
- data/docs/resources/docker.md.erb +219 -219
- data/docs/resources/docker_container.md.erb +103 -103
- data/docs/resources/docker_image.md.erb +94 -94
- data/docs/resources/docker_service.md.erb +114 -114
- data/docs/resources/elasticsearch.md.erb +242 -242
- data/docs/resources/etc_fstab.md.erb +125 -125
- data/docs/resources/etc_group.md.erb +75 -75
- data/docs/resources/etc_hosts.md.erb +78 -78
- data/docs/resources/etc_hosts_allow.md.erb +74 -74
- data/docs/resources/etc_hosts_deny.md.erb +74 -74
- data/docs/resources/file.md.erb +526 -526
- data/docs/resources/filesystem.md.erb +41 -41
- data/docs/resources/firewalld.md.erb +107 -107
- data/docs/resources/gem.md.erb +79 -79
- data/docs/resources/group.md.erb +61 -61
- data/docs/resources/grub_conf.md.erb +101 -101
- data/docs/resources/host.md.erb +86 -86
- data/docs/resources/http.md.erb +197 -197
- data/docs/resources/iis_app.md.erb +122 -122
- data/docs/resources/iis_site.md.erb +135 -135
- data/docs/resources/inetd_conf.md.erb +94 -94
- data/docs/resources/ini.md.erb +76 -76
- data/docs/resources/interface.md.erb +58 -58
- data/docs/resources/iptables.md.erb +64 -64
- data/docs/resources/json.md.erb +63 -63
- data/docs/resources/kernel_module.md.erb +120 -120
- data/docs/resources/kernel_parameter.md.erb +53 -53
- data/docs/resources/key_rsa.md.erb +85 -85
- data/docs/resources/launchd_service.md.erb +57 -57
- data/docs/resources/limits_conf.md.erb +75 -75
- data/docs/resources/login_defs.md.erb +71 -71
- data/docs/resources/mount.md.erb +69 -69
- data/docs/resources/mssql_session.md.erb +60 -60
- data/docs/resources/mysql_conf.md.erb +99 -99
- data/docs/resources/mysql_session.md.erb +74 -74
- data/docs/resources/nginx.md.erb +79 -79
- data/docs/resources/nginx_conf.md.erb +138 -138
- data/docs/resources/npm.md.erb +60 -60
- data/docs/resources/ntp_conf.md.erb +60 -60
- data/docs/resources/oneget.md.erb +53 -53
- data/docs/resources/oracledb_session.md.erb +52 -52
- data/docs/resources/os.md.erb +141 -141
- data/docs/resources/os_env.md.erb +91 -91
- data/docs/resources/package.md.erb +120 -120
- data/docs/resources/packages.md.erb +67 -67
- data/docs/resources/parse_config.md.erb +103 -103
- data/docs/resources/parse_config_file.md.erb +138 -138
- data/docs/resources/passwd.md.erb +141 -141
- data/docs/resources/pip.md.erb +67 -67
- data/docs/resources/port.md.erb +137 -137
- data/docs/resources/postgres_conf.md.erb +79 -79
- data/docs/resources/postgres_hba_conf.md.erb +93 -93
- data/docs/resources/postgres_ident_conf.md.erb +76 -76
- data/docs/resources/postgres_session.md.erb +69 -69
- data/docs/resources/powershell.md.erb +102 -102
- data/docs/resources/processes.md.erb +109 -109
- data/docs/resources/rabbitmq_config.md.erb +41 -41
- data/docs/resources/registry_key.md.erb +158 -158
- data/docs/resources/runit_service.md.erb +57 -57
- data/docs/resources/security_policy.md.erb +47 -47
- data/docs/resources/service.md.erb +121 -121
- data/docs/resources/shadow.md.erb +146 -146
- data/docs/resources/ssh_config.md.erb +73 -73
- data/docs/resources/sshd_config.md.erb +83 -83
- data/docs/resources/ssl.md.erb +119 -119
- data/docs/resources/sys_info.md.erb +42 -42
- data/docs/resources/systemd_service.md.erb +57 -57
- data/docs/resources/sysv_service.md.erb +57 -57
- data/docs/resources/upstart_service.md.erb +57 -57
- data/docs/resources/user.md.erb +140 -140
- data/docs/resources/users.md.erb +127 -127
- data/docs/resources/vbscript.md.erb +55 -55
- data/docs/resources/virtualization.md.erb +57 -57
- data/docs/resources/windows_feature.md.erb +47 -47
- data/docs/resources/windows_hotfix.md.erb +53 -53
- data/docs/resources/windows_task.md.erb +95 -95
- data/docs/resources/wmi.md.erb +81 -81
- data/docs/resources/x509_certificate.md.erb +151 -151
- data/docs/resources/xinetd_conf.md.erb +156 -156
- data/docs/resources/xml.md.erb +85 -85
- data/docs/resources/yaml.md.erb +69 -69
- data/docs/resources/yum.md.erb +98 -98
- data/docs/resources/zfs_dataset.md.erb +53 -53
- data/docs/resources/zfs_pool.md.erb +47 -47
- data/docs/ruby_usage.md +203 -203
- data/docs/shared/matcher_be.md.erb +1 -1
- data/docs/shared/matcher_cmp.md.erb +43 -43
- data/docs/shared/matcher_eq.md.erb +3 -3
- data/docs/shared/matcher_include.md.erb +1 -1
- data/docs/shared/matcher_match.md.erb +1 -1
- data/docs/shell.md +217 -217
- data/examples/README.md +8 -8
- data/examples/inheritance/README.md +65 -65
- data/examples/inheritance/controls/example.rb +14 -14
- data/examples/inheritance/inspec.yml +15 -15
- data/examples/kitchen-ansible/.kitchen.yml +25 -25
- data/examples/kitchen-ansible/Gemfile +19 -19
- data/examples/kitchen-ansible/README.md +53 -53
- data/examples/kitchen-ansible/files/nginx.repo +6 -6
- data/examples/kitchen-ansible/tasks/main.yml +16 -16
- data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
- data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-chef/.kitchen.yml +20 -20
- data/examples/kitchen-chef/Berksfile +3 -3
- data/examples/kitchen-chef/Gemfile +19 -19
- data/examples/kitchen-chef/README.md +27 -27
- data/examples/kitchen-chef/metadata.rb +7 -7
- data/examples/kitchen-chef/recipes/default.rb +6 -6
- data/examples/kitchen-chef/recipes/nginx.rb +30 -30
- data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-puppet/.kitchen.yml +23 -23
- data/examples/kitchen-puppet/Gemfile +20 -20
- data/examples/kitchen-puppet/Puppetfile +25 -25
- data/examples/kitchen-puppet/README.md +53 -53
- data/examples/kitchen-puppet/manifests/site.pp +33 -33
- data/examples/kitchen-puppet/metadata.json +11 -11
- data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
- data/examples/meta-profile/README.md +37 -37
- data/examples/meta-profile/controls/example.rb +13 -13
- data/examples/meta-profile/inspec.yml +13 -13
- data/examples/profile-attribute.yml +2 -2
- data/examples/profile-attribute/README.md +14 -14
- data/examples/profile-attribute/controls/example.rb +11 -11
- data/examples/profile-attribute/inspec.yml +8 -8
- data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -8
- data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -8
- data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -8
- data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -8
- data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -8
- data/examples/profile-aws/inspec.yml +11 -11
- data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -24
- data/examples/profile-azure/controls/azure_vm_example.rb +29 -29
- data/examples/profile-azure/inspec.yml +11 -11
- data/examples/profile-sensitive/README.md +29 -29
- data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
- data/examples/profile-sensitive/controls/sensitive.rb +9 -9
- data/examples/profile-sensitive/inspec.yml +8 -8
- data/examples/profile/README.md +48 -48
- data/examples/profile/controls/example.rb +23 -23
- data/examples/profile/controls/gordon.rb +36 -36
- data/examples/profile/controls/meta.rb +34 -34
- data/examples/profile/inspec.yml +10 -10
- data/examples/profile/libraries/gordon_config.rb +59 -59
- data/inspec.gemspec +49 -49
- data/lib/bundles/README.md +3 -3
- data/lib/bundles/inspec-artifact.rb +7 -7
- data/lib/bundles/inspec-artifact/README.md +1 -1
- data/lib/bundles/inspec-artifact/cli.rb +277 -277
- data/lib/bundles/inspec-compliance.rb +16 -16
- data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
- data/lib/bundles/inspec-compliance/README.md +193 -193
- data/lib/bundles/inspec-compliance/api.rb +360 -360
- data/lib/bundles/inspec-compliance/api/login.rb +193 -193
- data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
- data/lib/bundles/inspec-compliance/cli.rb +260 -260
- data/lib/bundles/inspec-compliance/configuration.rb +103 -103
- data/lib/bundles/inspec-compliance/http.rb +125 -125
- data/lib/bundles/inspec-compliance/support.rb +36 -36
- data/lib/bundles/inspec-compliance/target.rb +112 -112
- data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
- data/lib/bundles/inspec-habitat.rb +12 -12
- data/lib/bundles/inspec-habitat/cli.rb +36 -36
- data/lib/bundles/inspec-habitat/log.rb +10 -10
- data/lib/bundles/inspec-habitat/profile.rb +391 -391
- data/lib/bundles/inspec-init.rb +8 -8
- data/lib/bundles/inspec-init/README.md +31 -31
- data/lib/bundles/inspec-init/cli.rb +97 -97
- data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
- data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
- data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
- data/lib/bundles/inspec-supermarket.rb +13 -13
- data/lib/bundles/inspec-supermarket/README.md +45 -45
- data/lib/bundles/inspec-supermarket/api.rb +84 -84
- data/lib/bundles/inspec-supermarket/cli.rb +73 -73
- data/lib/bundles/inspec-supermarket/target.rb +34 -34
- data/lib/fetchers/git.rb +163 -163
- data/lib/fetchers/local.rb +74 -74
- data/lib/fetchers/mock.rb +35 -35
- data/lib/fetchers/url.rb +247 -247
- data/lib/inspec.rb +24 -24
- data/lib/inspec/archive/tar.rb +29 -29
- data/lib/inspec/archive/zip.rb +19 -19
- data/lib/inspec/backend.rb +93 -93
- data/lib/inspec/base_cli.rb +368 -368
- data/lib/inspec/cached_fetcher.rb +66 -66
- data/lib/inspec/cli.rb +292 -292
- data/lib/inspec/completions/bash.sh.erb +45 -45
- data/lib/inspec/completions/fish.sh.erb +34 -34
- data/lib/inspec/completions/zsh.sh.erb +61 -61
- data/lib/inspec/control_eval_context.rb +179 -179
- data/lib/inspec/dependencies/cache.rb +72 -72
- data/lib/inspec/dependencies/dependency_set.rb +92 -92
- data/lib/inspec/dependencies/lockfile.rb +115 -115
- data/lib/inspec/dependencies/requirement.rb +123 -123
- data/lib/inspec/dependencies/resolver.rb +86 -86
- data/lib/inspec/describe.rb +27 -27
- data/lib/inspec/dsl.rb +66 -66
- data/lib/inspec/dsl_shared.rb +33 -33
- data/lib/inspec/env_printer.rb +157 -157
- data/lib/inspec/errors.rb +14 -14
- data/lib/inspec/exceptions.rb +12 -12
- data/lib/inspec/expect.rb +45 -45
- data/lib/inspec/fetcher.rb +45 -45
- data/lib/inspec/file_provider.rb +275 -275
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +259 -259
- data/lib/inspec/formatters/json_rspec.rb +20 -20
- data/lib/inspec/formatters/show_progress.rb +12 -12
- data/lib/inspec/library_eval_context.rb +58 -58
- data/lib/inspec/log.rb +11 -11
- data/lib/inspec/metadata.rb +247 -247
- data/lib/inspec/method_source.rb +24 -24
- data/lib/inspec/objects.rb +14 -14
- data/lib/inspec/objects/attribute.rb +75 -75
- data/lib/inspec/objects/control.rb +61 -61
- data/lib/inspec/objects/describe.rb +92 -92
- data/lib/inspec/objects/each_loop.rb +36 -36
- data/lib/inspec/objects/list.rb +15 -15
- data/lib/inspec/objects/or_test.rb +40 -40
- data/lib/inspec/objects/ruby_helper.rb +15 -15
- data/lib/inspec/objects/tag.rb +27 -27
- data/lib/inspec/objects/test.rb +87 -87
- data/lib/inspec/objects/value.rb +27 -27
- data/lib/inspec/plugins.rb +60 -60
- data/lib/inspec/plugins/cli.rb +24 -24
- data/lib/inspec/plugins/fetcher.rb +86 -86
- data/lib/inspec/plugins/resource.rb +135 -135
- data/lib/inspec/plugins/secret.rb +15 -15
- data/lib/inspec/plugins/source_reader.rb +40 -40
- data/lib/inspec/polyfill.rb +12 -12
- data/lib/inspec/profile.rb +513 -513
- data/lib/inspec/profile_context.rb +208 -208
- data/lib/inspec/profile_vendor.rb +66 -66
- data/lib/inspec/reporters.rb +60 -60
- data/lib/inspec/reporters/automate.rb +76 -76
- data/lib/inspec/reporters/base.rb +25 -25
- data/lib/inspec/reporters/cli.rb +356 -356
- data/lib/inspec/reporters/json.rb +117 -117
- data/lib/inspec/reporters/json_min.rb +48 -48
- data/lib/inspec/reporters/junit.rb +78 -78
- data/lib/inspec/require_loader.rb +33 -33
- data/lib/inspec/resource.rb +190 -190
- data/lib/inspec/rule.rb +280 -280
- data/lib/inspec/runner.rb +345 -345
- data/lib/inspec/runner_mock.rb +41 -41
- data/lib/inspec/runner_rspec.rb +175 -175
- data/lib/inspec/runtime_profile.rb +26 -26
- data/lib/inspec/schema.rb +213 -213
- data/lib/inspec/secrets.rb +19 -19
- data/lib/inspec/secrets/yaml.rb +30 -30
- data/lib/inspec/shell.rb +220 -220
- data/lib/inspec/shell_detector.rb +90 -90
- data/lib/inspec/source_reader.rb +29 -29
- data/lib/inspec/version.rb +8 -8
- data/lib/matchers/matchers.rb +339 -339
- data/lib/resource_support/aws.rb +50 -50
- data/lib/resource_support/aws/aws_backend_base.rb +12 -12
- data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -12
- data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -21
- data/lib/resource_support/aws/aws_resource_mixin.rb +66 -66
- data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -24
- data/lib/resources/aide_conf.rb +151 -151
- data/lib/resources/apache.rb +48 -48
- data/lib/resources/apache_conf.rb +149 -149
- data/lib/resources/apt.rb +149 -149
- data/lib/resources/audit_policy.rb +63 -63
- data/lib/resources/auditd.rb +231 -231
- data/lib/resources/auditd_conf.rb +46 -46
- data/lib/resources/aws/aws_cloudtrail_trail.rb +93 -93
- data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -47
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -62
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -100
- data/lib/resources/aws/aws_config_delivery_channel.rb +70 -70
- data/lib/resources/aws/aws_config_recorder.rb +93 -93
- data/lib/resources/aws/aws_ec2_instance.rb +157 -157
- data/lib/resources/aws/aws_ec2_instances.rb +64 -64
- data/lib/resources/aws/aws_iam_access_key.rb +106 -106
- data/lib/resources/aws/aws_iam_access_keys.rb +149 -149
- data/lib/resources/aws/aws_iam_group.rb +58 -58
- data/lib/resources/aws/aws_iam_groups.rb +52 -52
- data/lib/resources/aws/aws_iam_password_policy.rb +116 -116
- data/lib/resources/aws/aws_iam_policies.rb +53 -53
- data/lib/resources/aws/aws_iam_policy.rb +291 -291
- data/lib/resources/aws/aws_iam_role.rb +55 -55
- data/lib/resources/aws/aws_iam_root_user.rb +78 -78
- data/lib/resources/aws/aws_iam_user.rb +142 -142
- data/lib/resources/aws/aws_iam_users.rb +146 -146
- data/lib/resources/aws/aws_kms_key.rb +96 -96
- data/lib/resources/aws/aws_kms_keys.rb +53 -53
- data/lib/resources/aws/aws_rds_instance.rb +71 -71
- data/lib/resources/aws/aws_route_table.rb +63 -63
- data/lib/resources/aws/aws_route_tables.rb +60 -60
- data/lib/resources/aws/aws_s3_bucket.rb +137 -137
- data/lib/resources/aws/aws_s3_bucket_object.rb +82 -82
- data/lib/resources/aws/aws_s3_buckets.rb +51 -51
- data/lib/resources/aws/aws_security_group.rb +249 -249
- data/lib/resources/aws/aws_security_groups.rb +68 -68
- data/lib/resources/aws/aws_sns_subscription.rb +78 -78
- data/lib/resources/aws/aws_sns_topic.rb +53 -53
- data/lib/resources/aws/aws_sns_topics.rb +56 -56
- data/lib/resources/aws/aws_subnet.rb +88 -88
- data/lib/resources/aws/aws_subnets.rb +53 -53
- data/lib/resources/aws/aws_vpc.rb +73 -73
- data/lib/resources/aws/aws_vpcs.rb +52 -52
- data/lib/resources/azure/azure_backend.rb +377 -377
- data/lib/resources/azure/azure_generic_resource.rb +59 -59
- data/lib/resources/azure/azure_resource_group.rb +152 -152
- data/lib/resources/azure/azure_virtual_machine.rb +264 -264
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +134 -134
- data/lib/resources/bash.rb +35 -35
- data/lib/resources/bond.rb +69 -69
- data/lib/resources/bridge.rb +122 -122
- data/lib/resources/chocolatey_package.rb +78 -78
- data/lib/resources/command.rb +73 -73
- data/lib/resources/cpan.rb +58 -58
- data/lib/resources/cran.rb +64 -64
- data/lib/resources/crontab.rb +169 -169
- data/lib/resources/csv.rb +56 -56
- data/lib/resources/dh_params.rb +77 -77
- data/lib/resources/directory.rb +25 -25
- data/lib/resources/docker.rb +236 -236
- data/lib/resources/docker_container.rb +89 -89
- data/lib/resources/docker_image.rb +83 -83
- data/lib/resources/docker_object.rb +57 -57
- data/lib/resources/docker_service.rb +90 -90
- data/lib/resources/elasticsearch.rb +169 -169
- data/lib/resources/etc_fstab.rb +94 -94
- data/lib/resources/etc_group.rb +154 -154
- data/lib/resources/etc_hosts.rb +66 -66
- data/lib/resources/etc_hosts_allow_deny.rb +112 -112
- data/lib/resources/file.rb +298 -298
- data/lib/resources/filesystem.rb +31 -31
- data/lib/resources/firewalld.rb +143 -143
- data/lib/resources/gem.rb +70 -70
- data/lib/resources/groups.rb +215 -215
- data/lib/resources/grub_conf.rb +227 -227
- data/lib/resources/host.rb +306 -306
- data/lib/resources/http.rb +253 -253
- data/lib/resources/iis_app.rb +101 -101
- data/lib/resources/iis_site.rb +148 -148
- data/lib/resources/inetd_conf.rb +54 -54
- data/lib/resources/ini.rb +29 -29
- data/lib/resources/interface.rb +129 -129
- data/lib/resources/iptables.rb +80 -80
- data/lib/resources/json.rb +111 -111
- data/lib/resources/kernel_module.rb +107 -107
- data/lib/resources/kernel_parameter.rb +58 -58
- data/lib/resources/key_rsa.rb +63 -63
- data/lib/resources/limits_conf.rb +46 -46
- data/lib/resources/login_def.rb +57 -57
- data/lib/resources/mount.rb +88 -88
- data/lib/resources/mssql_session.rb +101 -101
- data/lib/resources/mysql.rb +82 -82
- data/lib/resources/mysql_conf.rb +127 -127
- data/lib/resources/mysql_session.rb +85 -85
- data/lib/resources/nginx.rb +96 -96
- data/lib/resources/nginx_conf.rb +226 -226
- data/lib/resources/npm.rb +48 -48
- data/lib/resources/ntp_conf.rb +51 -51
- data/lib/resources/oneget.rb +71 -71
- data/lib/resources/oracledb_session.rb +139 -139
- data/lib/resources/os.rb +36 -36
- data/lib/resources/os_env.rb +86 -86
- data/lib/resources/package.rb +370 -370
- data/lib/resources/packages.rb +111 -111
- data/lib/resources/parse_config.rb +112 -112
- data/lib/resources/passwd.rb +76 -76
- data/lib/resources/pip.rb +130 -130
- data/lib/resources/platform.rb +109 -109
- data/lib/resources/port.rb +771 -771
- data/lib/resources/postgres.rb +131 -131
- data/lib/resources/postgres_conf.rb +114 -114
- data/lib/resources/postgres_hba_conf.rb +90 -90
- data/lib/resources/postgres_ident_conf.rb +79 -79
- data/lib/resources/postgres_session.rb +71 -71
- data/lib/resources/powershell.rb +67 -67
- data/lib/resources/processes.rb +204 -204
- data/lib/resources/rabbitmq_conf.rb +51 -51
- data/lib/resources/registry_key.rb +297 -297
- data/lib/resources/security_policy.rb +180 -180
- data/lib/resources/service.rb +794 -794
- data/lib/resources/shadow.rb +159 -159
- data/lib/resources/ssh_conf.rb +97 -97
- data/lib/resources/ssl.rb +99 -99
- data/lib/resources/sys_info.rb +28 -28
- data/lib/resources/toml.rb +32 -32
- data/lib/resources/users.rb +654 -654
- data/lib/resources/vbscript.rb +68 -68
- data/lib/resources/virtualization.rb +247 -247
- data/lib/resources/windows_feature.rb +84 -84
- data/lib/resources/windows_hotfix.rb +35 -35
- data/lib/resources/windows_task.rb +102 -102
- data/lib/resources/wmi.rb +110 -110
- data/lib/resources/x509_certificate.rb +137 -137
- data/lib/resources/xinetd.rb +106 -106
- data/lib/resources/xml.rb +46 -46
- data/lib/resources/yaml.rb +43 -43
- data/lib/resources/yum.rb +180 -180
- data/lib/resources/zfs_dataset.rb +60 -60
- data/lib/resources/zfs_pool.rb +49 -49
- data/lib/source_readers/flat.rb +39 -39
- data/lib/source_readers/inspec.rb +75 -75
- data/lib/utils/command_wrapper.rb +27 -27
- data/lib/utils/convert.rb +12 -12
- data/lib/utils/database_helpers.rb +77 -77
- data/lib/utils/enumerable_delegation.rb +9 -9
- data/lib/utils/erlang_parser.rb +192 -192
- data/lib/utils/file_reader.rb +25 -25
- data/lib/utils/filter.rb +273 -273
- data/lib/utils/filter_array.rb +27 -27
- data/lib/utils/find_files.rb +47 -47
- data/lib/utils/hash.rb +41 -41
- data/lib/utils/json_log.rb +18 -18
- data/lib/utils/latest_version.rb +22 -22
- data/lib/utils/modulator.rb +12 -12
- data/lib/utils/nginx_parser.rb +105 -105
- data/lib/utils/object_traversal.rb +49 -49
- data/lib/utils/parser.rb +274 -274
- data/lib/utils/pkey_reader.rb +15 -15
- data/lib/utils/plugin_registry.rb +93 -93
- data/lib/utils/simpleconfig.rb +120 -120
- data/lib/utils/spdx.rb +13 -13
- data/lib/utils/spdx.txt +343 -343
- metadata +3 -3
|
@@ -1,260 +1,260 @@
|
|
|
1
|
-
# encoding: utf-8
|
|
2
|
-
# author: Christoph Hartmann
|
|
3
|
-
# author: Dominik Richter
|
|
4
|
-
|
|
5
|
-
require 'thor'
|
|
6
|
-
require 'erb'
|
|
7
|
-
|
|
8
|
-
module Compliance
|
|
9
|
-
class ComplianceCLI < Inspec::BaseCLI
|
|
10
|
-
namespace 'compliance'
|
|
11
|
-
|
|
12
|
-
# TODO: find another solution, once https://github.com/erikhuda/thor/issues/261 is fixed
|
|
13
|
-
def self.banner(command, _namespace = nil, _subcommand = false)
|
|
14
|
-
"#{basename} #{subcommand_prefix} #{command.usage}"
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
def self.subcommand_prefix
|
|
18
|
-
namespace
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
desc "login https://SERVER --insecure --user='USER' --ent='ENTERPRISE' --token='TOKEN'", 'Log in to a Chef Compliance/Chef Automate SERVER'
|
|
22
|
-
long_desc <<-LONGDESC
|
|
23
|
-
`login` allows you to use InSpec with Chef Automate or a Chef Compliance Server
|
|
24
|
-
|
|
25
|
-
You need to a token for communication. More information about token retrieval
|
|
26
|
-
is available at:
|
|
27
|
-
https://docs.chef.io/api_automate.html#authentication-methods
|
|
28
|
-
https://docs.chef.io/api_compliance.html#obtaining-an-api-token
|
|
29
|
-
LONGDESC
|
|
30
|
-
option :insecure, aliases: :k, type: :boolean,
|
|
31
|
-
desc: 'Explicitly allows InSpec to perform "insecure" SSL connections and transfers'
|
|
32
|
-
option :user, type: :string, required: false,
|
|
33
|
-
desc: 'Username'
|
|
34
|
-
option :password, type: :string, required: false,
|
|
35
|
-
desc: 'Password (Chef Compliance Only)'
|
|
36
|
-
option :token, type: :string, required: false,
|
|
37
|
-
desc: 'Access token'
|
|
38
|
-
option :refresh_token, type: :string, required: false,
|
|
39
|
-
desc: 'Chef Compliance refresh token (Chef Compliance Only)'
|
|
40
|
-
option :dctoken, type: :string, required: false,
|
|
41
|
-
desc: 'Data Collector token (Chef Automate Only)'
|
|
42
|
-
option :ent, type: :string, required: false,
|
|
43
|
-
desc: 'Enterprise for Chef Automate reporting (Chef Automate Only)'
|
|
44
|
-
def login(server)
|
|
45
|
-
options['server'] = server
|
|
46
|
-
Compliance::API.login(options)
|
|
47
|
-
config = Compliance::Configuration.new
|
|
48
|
-
puts "Stored configuration for Chef #{config['server_type'].capitalize}: #{config['server']}' with user: '#{config['user']}'"
|
|
49
|
-
end
|
|
50
|
-
|
|
51
|
-
desc 'profiles', 'list all available profiles in Chef Compliance'
|
|
52
|
-
option :owner, type: :string, required: false,
|
|
53
|
-
desc: 'owner whose profiles to list'
|
|
54
|
-
def profiles
|
|
55
|
-
config = Compliance::Configuration.new
|
|
56
|
-
return if !loggedin(config)
|
|
57
|
-
|
|
58
|
-
# set owner to config
|
|
59
|
-
config['owner'] = options['owner'] || config['user']
|
|
60
|
-
|
|
61
|
-
msg, profiles = Compliance::API.profiles(config)
|
|
62
|
-
profiles.sort_by! { |hsh| hsh['title'] }
|
|
63
|
-
if !profiles.empty?
|
|
64
|
-
# iterate over profiles
|
|
65
|
-
headline('Available profiles:')
|
|
66
|
-
profiles.each { |profile|
|
|
67
|
-
owner = profile['owner_id'] || profile['owner']
|
|
68
|
-
li("#{profile['title']} v#{profile['version']} (#{mark_text(owner + '/' + profile['name'])})")
|
|
69
|
-
}
|
|
70
|
-
else
|
|
71
|
-
puts msg, 'Could not find any profiles'
|
|
72
|
-
exit 1
|
|
73
|
-
end
|
|
74
|
-
rescue Compliance::ServerConfigurationMissing
|
|
75
|
-
STDERR.puts "\nServer configuration information is missing. Please login using `inspec compliance login`"
|
|
76
|
-
exit 1
|
|
77
|
-
end
|
|
78
|
-
|
|
79
|
-
desc 'exec PROFILE', 'executes a Chef Compliance profile'
|
|
80
|
-
exec_options
|
|
81
|
-
def exec(*tests)
|
|
82
|
-
config = Compliance::Configuration.new
|
|
83
|
-
return if !loggedin(config)
|
|
84
|
-
o = opts(:exec).dup
|
|
85
|
-
diagnose(o)
|
|
86
|
-
configure_logger(o)
|
|
87
|
-
|
|
88
|
-
# iterate over tests and add compliance scheme
|
|
89
|
-
tests = tests.map { |t| 'compliance://' + Compliance::API.sanitize_profile_name(t) }
|
|
90
|
-
|
|
91
|
-
runner = Inspec::Runner.new(o)
|
|
92
|
-
tests.each { |target| runner.add_target(target) }
|
|
93
|
-
|
|
94
|
-
exit runner.run
|
|
95
|
-
rescue ArgumentError, RuntimeError, Train::UserError => e
|
|
96
|
-
$stderr.puts e.message
|
|
97
|
-
exit 1
|
|
98
|
-
end
|
|
99
|
-
|
|
100
|
-
desc 'download PROFILE', 'downloads a profile from Chef Compliance'
|
|
101
|
-
option :name, type: :string,
|
|
102
|
-
desc: 'Name of the archive filename (file type will be added)'
|
|
103
|
-
def download(profile_name)
|
|
104
|
-
o = options.dup
|
|
105
|
-
configure_logger(o)
|
|
106
|
-
|
|
107
|
-
config = Compliance::Configuration.new
|
|
108
|
-
return if !loggedin(config)
|
|
109
|
-
|
|
110
|
-
profile_name = Compliance::API.sanitize_profile_name(profile_name)
|
|
111
|
-
if Compliance::API.exist?(config, profile_name)
|
|
112
|
-
puts "Downloading `#{profile_name}`"
|
|
113
|
-
|
|
114
|
-
fetcher = Compliance::Fetcher.resolve(
|
|
115
|
-
{
|
|
116
|
-
compliance: profile_name,
|
|
117
|
-
},
|
|
118
|
-
)
|
|
119
|
-
|
|
120
|
-
# we provide a name, the fetcher adds the extension
|
|
121
|
-
_owner, id = profile_name.split('/')
|
|
122
|
-
file_name = fetcher.fetch(o.name || id)
|
|
123
|
-
puts "Profile stored to #{file_name}"
|
|
124
|
-
else
|
|
125
|
-
puts "Profile #{profile_name} is not available in Chef Compliance."
|
|
126
|
-
exit 1
|
|
127
|
-
end
|
|
128
|
-
end
|
|
129
|
-
|
|
130
|
-
desc 'upload PATH', 'uploads a local profile to Chef Compliance'
|
|
131
|
-
option :overwrite, type: :boolean, default: false,
|
|
132
|
-
desc: 'Overwrite existing profile on Server.'
|
|
133
|
-
option :owner, type: :string, required: false,
|
|
134
|
-
desc: 'Owner that should own the profile'
|
|
135
|
-
def upload(path) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, PerceivedComplexity, Metrics/CyclomaticComplexity
|
|
136
|
-
config = Compliance::Configuration.new
|
|
137
|
-
return if !loggedin(config)
|
|
138
|
-
|
|
139
|
-
# set owner to config
|
|
140
|
-
config['owner'] = options['owner'] || config['user']
|
|
141
|
-
|
|
142
|
-
unless File.exist?(path)
|
|
143
|
-
puts "Directory #{path} does not exist."
|
|
144
|
-
exit 1
|
|
145
|
-
end
|
|
146
|
-
|
|
147
|
-
vendor_deps(path, options) if File.directory?(path)
|
|
148
|
-
|
|
149
|
-
o = options.dup
|
|
150
|
-
configure_logger(o)
|
|
151
|
-
# check the profile, we only allow to upload valid profiles
|
|
152
|
-
profile = Inspec::Profile.for_target(path, o)
|
|
153
|
-
|
|
154
|
-
# start verification process
|
|
155
|
-
error_count = 0
|
|
156
|
-
error = lambda { |msg|
|
|
157
|
-
error_count += 1
|
|
158
|
-
puts msg
|
|
159
|
-
}
|
|
160
|
-
|
|
161
|
-
result = profile.check
|
|
162
|
-
unless result[:summary][:valid]
|
|
163
|
-
error.call('Profile check failed. Please fix the profile before upload.')
|
|
164
|
-
else
|
|
165
|
-
puts('Profile is valid')
|
|
166
|
-
end
|
|
167
|
-
|
|
168
|
-
# determine user information
|
|
169
|
-
if (config['token'].nil? && config['refresh_token'].nil?) || config['user'].nil?
|
|
170
|
-
error.call('Please login via `inspec compliance login`')
|
|
171
|
-
end
|
|
172
|
-
|
|
173
|
-
# read profile name from inspec.yml
|
|
174
|
-
profile_name = profile.params[:name]
|
|
175
|
-
|
|
176
|
-
# check that the profile is not uploaded already,
|
|
177
|
-
# confirm upload to the user (overwrite with --force)
|
|
178
|
-
if Compliance::API.exist?(config, "#{config['owner']}/#{profile_name}") && !options['overwrite']
|
|
179
|
-
error.call('Profile exists on the server, use --overwrite')
|
|
180
|
-
end
|
|
181
|
-
|
|
182
|
-
# abort if we found an error
|
|
183
|
-
if error_count > 0
|
|
184
|
-
puts "Found #{error_count} error(s)"
|
|
185
|
-
exit 1
|
|
186
|
-
end
|
|
187
|
-
|
|
188
|
-
# if it is a directory, tar it to tmp directory
|
|
189
|
-
if File.directory?(path)
|
|
190
|
-
archive_path = Dir::Tmpname.create([profile_name, '.tar.gz']) {}
|
|
191
|
-
puts "Generate temporary profile archive at #{archive_path}"
|
|
192
|
-
profile.archive({ output: archive_path, ignore_errors: false, overwrite: true })
|
|
193
|
-
else
|
|
194
|
-
archive_path = path
|
|
195
|
-
end
|
|
196
|
-
|
|
197
|
-
puts "Start upload to #{config['owner']}/#{profile_name}"
|
|
198
|
-
pname = ERB::Util.url_encode(profile_name)
|
|
199
|
-
|
|
200
|
-
if Compliance::API.is_automate_server?(config) || Compliance::API.is_automate2_server?(config)
|
|
201
|
-
puts 'Uploading to Chef Automate'
|
|
202
|
-
else
|
|
203
|
-
puts 'Uploading to Chef Compliance'
|
|
204
|
-
end
|
|
205
|
-
success, msg = Compliance::API.upload(config, config['owner'], pname, archive_path)
|
|
206
|
-
|
|
207
|
-
if success
|
|
208
|
-
puts 'Successfully uploaded profile'
|
|
209
|
-
else
|
|
210
|
-
puts 'Error during profile upload:'
|
|
211
|
-
puts msg
|
|
212
|
-
exit 1
|
|
213
|
-
end
|
|
214
|
-
end
|
|
215
|
-
|
|
216
|
-
desc 'version', 'displays the version of the Chef Compliance server'
|
|
217
|
-
def version
|
|
218
|
-
config = Compliance::Configuration.new
|
|
219
|
-
info = Compliance::API.version(config)
|
|
220
|
-
if !info.nil? && info['version']
|
|
221
|
-
puts "Name: #{info['api']}"
|
|
222
|
-
puts "Version: #{info['version']}"
|
|
223
|
-
else
|
|
224
|
-
puts 'Could not determine server version.'
|
|
225
|
-
exit 1
|
|
226
|
-
end
|
|
227
|
-
rescue Compliance::ServerConfigurationMissing
|
|
228
|
-
puts "\nServer configuration information is missing. Please login using `inspec compliance login`"
|
|
229
|
-
exit 1
|
|
230
|
-
end
|
|
231
|
-
|
|
232
|
-
desc 'logout', 'user logout from Chef Compliance'
|
|
233
|
-
def logout
|
|
234
|
-
config = Compliance::Configuration.new
|
|
235
|
-
unless config.supported?(:oidc) || config['token'].nil? || config['server_type'] == 'automate'
|
|
236
|
-
config = Compliance::Configuration.new
|
|
237
|
-
url = "#{config['server']}/logout"
|
|
238
|
-
Compliance::HTTP.post(url, config['token'], config['insecure'], !config.supported?(:oidc))
|
|
239
|
-
end
|
|
240
|
-
success = config.destroy
|
|
241
|
-
|
|
242
|
-
if success
|
|
243
|
-
puts 'Successfully logged out'
|
|
244
|
-
else
|
|
245
|
-
puts 'Could not log out'
|
|
246
|
-
end
|
|
247
|
-
end
|
|
248
|
-
|
|
249
|
-
private
|
|
250
|
-
|
|
251
|
-
def loggedin(config)
|
|
252
|
-
serverknown = !config['server'].nil?
|
|
253
|
-
puts 'You need to login first with `inspec compliance login`' if !serverknown
|
|
254
|
-
serverknown
|
|
255
|
-
end
|
|
256
|
-
end
|
|
257
|
-
|
|
258
|
-
# register the subcommand to Inspec CLI registry
|
|
259
|
-
Inspec::Plugins::CLI.add_subcommand(ComplianceCLI, 'compliance', 'compliance SUBCOMMAND ...', 'Chef Compliance commands', {})
|
|
260
|
-
end
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
# author: Christoph Hartmann
|
|
3
|
+
# author: Dominik Richter
|
|
4
|
+
|
|
5
|
+
require 'thor'
|
|
6
|
+
require 'erb'
|
|
7
|
+
|
|
8
|
+
module Compliance
|
|
9
|
+
class ComplianceCLI < Inspec::BaseCLI
|
|
10
|
+
namespace 'compliance'
|
|
11
|
+
|
|
12
|
+
# TODO: find another solution, once https://github.com/erikhuda/thor/issues/261 is fixed
|
|
13
|
+
def self.banner(command, _namespace = nil, _subcommand = false)
|
|
14
|
+
"#{basename} #{subcommand_prefix} #{command.usage}"
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def self.subcommand_prefix
|
|
18
|
+
namespace
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
desc "login https://SERVER --insecure --user='USER' --ent='ENTERPRISE' --token='TOKEN'", 'Log in to a Chef Compliance/Chef Automate SERVER'
|
|
22
|
+
long_desc <<-LONGDESC
|
|
23
|
+
`login` allows you to use InSpec with Chef Automate or a Chef Compliance Server
|
|
24
|
+
|
|
25
|
+
You need to a token for communication. More information about token retrieval
|
|
26
|
+
is available at:
|
|
27
|
+
https://docs.chef.io/api_automate.html#authentication-methods
|
|
28
|
+
https://docs.chef.io/api_compliance.html#obtaining-an-api-token
|
|
29
|
+
LONGDESC
|
|
30
|
+
option :insecure, aliases: :k, type: :boolean,
|
|
31
|
+
desc: 'Explicitly allows InSpec to perform "insecure" SSL connections and transfers'
|
|
32
|
+
option :user, type: :string, required: false,
|
|
33
|
+
desc: 'Username'
|
|
34
|
+
option :password, type: :string, required: false,
|
|
35
|
+
desc: 'Password (Chef Compliance Only)'
|
|
36
|
+
option :token, type: :string, required: false,
|
|
37
|
+
desc: 'Access token'
|
|
38
|
+
option :refresh_token, type: :string, required: false,
|
|
39
|
+
desc: 'Chef Compliance refresh token (Chef Compliance Only)'
|
|
40
|
+
option :dctoken, type: :string, required: false,
|
|
41
|
+
desc: 'Data Collector token (Chef Automate Only)'
|
|
42
|
+
option :ent, type: :string, required: false,
|
|
43
|
+
desc: 'Enterprise for Chef Automate reporting (Chef Automate Only)'
|
|
44
|
+
def login(server)
|
|
45
|
+
options['server'] = server
|
|
46
|
+
Compliance::API.login(options)
|
|
47
|
+
config = Compliance::Configuration.new
|
|
48
|
+
puts "Stored configuration for Chef #{config['server_type'].capitalize}: #{config['server']}' with user: '#{config['user']}'"
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
desc 'profiles', 'list all available profiles in Chef Compliance'
|
|
52
|
+
option :owner, type: :string, required: false,
|
|
53
|
+
desc: 'owner whose profiles to list'
|
|
54
|
+
def profiles
|
|
55
|
+
config = Compliance::Configuration.new
|
|
56
|
+
return if !loggedin(config)
|
|
57
|
+
|
|
58
|
+
# set owner to config
|
|
59
|
+
config['owner'] = options['owner'] || config['user']
|
|
60
|
+
|
|
61
|
+
msg, profiles = Compliance::API.profiles(config)
|
|
62
|
+
profiles.sort_by! { |hsh| hsh['title'] }
|
|
63
|
+
if !profiles.empty?
|
|
64
|
+
# iterate over profiles
|
|
65
|
+
headline('Available profiles:')
|
|
66
|
+
profiles.each { |profile|
|
|
67
|
+
owner = profile['owner_id'] || profile['owner']
|
|
68
|
+
li("#{profile['title']} v#{profile['version']} (#{mark_text(owner + '/' + profile['name'])})")
|
|
69
|
+
}
|
|
70
|
+
else
|
|
71
|
+
puts msg, 'Could not find any profiles'
|
|
72
|
+
exit 1
|
|
73
|
+
end
|
|
74
|
+
rescue Compliance::ServerConfigurationMissing
|
|
75
|
+
STDERR.puts "\nServer configuration information is missing. Please login using `inspec compliance login`"
|
|
76
|
+
exit 1
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
desc 'exec PROFILE', 'executes a Chef Compliance profile'
|
|
80
|
+
exec_options
|
|
81
|
+
def exec(*tests)
|
|
82
|
+
config = Compliance::Configuration.new
|
|
83
|
+
return if !loggedin(config)
|
|
84
|
+
o = opts(:exec).dup
|
|
85
|
+
diagnose(o)
|
|
86
|
+
configure_logger(o)
|
|
87
|
+
|
|
88
|
+
# iterate over tests and add compliance scheme
|
|
89
|
+
tests = tests.map { |t| 'compliance://' + Compliance::API.sanitize_profile_name(t) }
|
|
90
|
+
|
|
91
|
+
runner = Inspec::Runner.new(o)
|
|
92
|
+
tests.each { |target| runner.add_target(target) }
|
|
93
|
+
|
|
94
|
+
exit runner.run
|
|
95
|
+
rescue ArgumentError, RuntimeError, Train::UserError => e
|
|
96
|
+
$stderr.puts e.message
|
|
97
|
+
exit 1
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
desc 'download PROFILE', 'downloads a profile from Chef Compliance'
|
|
101
|
+
option :name, type: :string,
|
|
102
|
+
desc: 'Name of the archive filename (file type will be added)'
|
|
103
|
+
def download(profile_name)
|
|
104
|
+
o = options.dup
|
|
105
|
+
configure_logger(o)
|
|
106
|
+
|
|
107
|
+
config = Compliance::Configuration.new
|
|
108
|
+
return if !loggedin(config)
|
|
109
|
+
|
|
110
|
+
profile_name = Compliance::API.sanitize_profile_name(profile_name)
|
|
111
|
+
if Compliance::API.exist?(config, profile_name)
|
|
112
|
+
puts "Downloading `#{profile_name}`"
|
|
113
|
+
|
|
114
|
+
fetcher = Compliance::Fetcher.resolve(
|
|
115
|
+
{
|
|
116
|
+
compliance: profile_name,
|
|
117
|
+
},
|
|
118
|
+
)
|
|
119
|
+
|
|
120
|
+
# we provide a name, the fetcher adds the extension
|
|
121
|
+
_owner, id = profile_name.split('/')
|
|
122
|
+
file_name = fetcher.fetch(o.name || id)
|
|
123
|
+
puts "Profile stored to #{file_name}"
|
|
124
|
+
else
|
|
125
|
+
puts "Profile #{profile_name} is not available in Chef Compliance."
|
|
126
|
+
exit 1
|
|
127
|
+
end
|
|
128
|
+
end
|
|
129
|
+
|
|
130
|
+
desc 'upload PATH', 'uploads a local profile to Chef Compliance'
|
|
131
|
+
option :overwrite, type: :boolean, default: false,
|
|
132
|
+
desc: 'Overwrite existing profile on Server.'
|
|
133
|
+
option :owner, type: :string, required: false,
|
|
134
|
+
desc: 'Owner that should own the profile'
|
|
135
|
+
def upload(path) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, PerceivedComplexity, Metrics/CyclomaticComplexity
|
|
136
|
+
config = Compliance::Configuration.new
|
|
137
|
+
return if !loggedin(config)
|
|
138
|
+
|
|
139
|
+
# set owner to config
|
|
140
|
+
config['owner'] = options['owner'] || config['user']
|
|
141
|
+
|
|
142
|
+
unless File.exist?(path)
|
|
143
|
+
puts "Directory #{path} does not exist."
|
|
144
|
+
exit 1
|
|
145
|
+
end
|
|
146
|
+
|
|
147
|
+
vendor_deps(path, options) if File.directory?(path)
|
|
148
|
+
|
|
149
|
+
o = options.dup
|
|
150
|
+
configure_logger(o)
|
|
151
|
+
# check the profile, we only allow to upload valid profiles
|
|
152
|
+
profile = Inspec::Profile.for_target(path, o)
|
|
153
|
+
|
|
154
|
+
# start verification process
|
|
155
|
+
error_count = 0
|
|
156
|
+
error = lambda { |msg|
|
|
157
|
+
error_count += 1
|
|
158
|
+
puts msg
|
|
159
|
+
}
|
|
160
|
+
|
|
161
|
+
result = profile.check
|
|
162
|
+
unless result[:summary][:valid]
|
|
163
|
+
error.call('Profile check failed. Please fix the profile before upload.')
|
|
164
|
+
else
|
|
165
|
+
puts('Profile is valid')
|
|
166
|
+
end
|
|
167
|
+
|
|
168
|
+
# determine user information
|
|
169
|
+
if (config['token'].nil? && config['refresh_token'].nil?) || config['user'].nil?
|
|
170
|
+
error.call('Please login via `inspec compliance login`')
|
|
171
|
+
end
|
|
172
|
+
|
|
173
|
+
# read profile name from inspec.yml
|
|
174
|
+
profile_name = profile.params[:name]
|
|
175
|
+
|
|
176
|
+
# check that the profile is not uploaded already,
|
|
177
|
+
# confirm upload to the user (overwrite with --force)
|
|
178
|
+
if Compliance::API.exist?(config, "#{config['owner']}/#{profile_name}") && !options['overwrite']
|
|
179
|
+
error.call('Profile exists on the server, use --overwrite')
|
|
180
|
+
end
|
|
181
|
+
|
|
182
|
+
# abort if we found an error
|
|
183
|
+
if error_count > 0
|
|
184
|
+
puts "Found #{error_count} error(s)"
|
|
185
|
+
exit 1
|
|
186
|
+
end
|
|
187
|
+
|
|
188
|
+
# if it is a directory, tar it to tmp directory
|
|
189
|
+
if File.directory?(path)
|
|
190
|
+
archive_path = Dir::Tmpname.create([profile_name, '.tar.gz']) {}
|
|
191
|
+
puts "Generate temporary profile archive at #{archive_path}"
|
|
192
|
+
profile.archive({ output: archive_path, ignore_errors: false, overwrite: true })
|
|
193
|
+
else
|
|
194
|
+
archive_path = path
|
|
195
|
+
end
|
|
196
|
+
|
|
197
|
+
puts "Start upload to #{config['owner']}/#{profile_name}"
|
|
198
|
+
pname = ERB::Util.url_encode(profile_name)
|
|
199
|
+
|
|
200
|
+
if Compliance::API.is_automate_server?(config) || Compliance::API.is_automate2_server?(config)
|
|
201
|
+
puts 'Uploading to Chef Automate'
|
|
202
|
+
else
|
|
203
|
+
puts 'Uploading to Chef Compliance'
|
|
204
|
+
end
|
|
205
|
+
success, msg = Compliance::API.upload(config, config['owner'], pname, archive_path)
|
|
206
|
+
|
|
207
|
+
if success
|
|
208
|
+
puts 'Successfully uploaded profile'
|
|
209
|
+
else
|
|
210
|
+
puts 'Error during profile upload:'
|
|
211
|
+
puts msg
|
|
212
|
+
exit 1
|
|
213
|
+
end
|
|
214
|
+
end
|
|
215
|
+
|
|
216
|
+
desc 'version', 'displays the version of the Chef Compliance server'
|
|
217
|
+
def version
|
|
218
|
+
config = Compliance::Configuration.new
|
|
219
|
+
info = Compliance::API.version(config)
|
|
220
|
+
if !info.nil? && info['version']
|
|
221
|
+
puts "Name: #{info['api']}"
|
|
222
|
+
puts "Version: #{info['version']}"
|
|
223
|
+
else
|
|
224
|
+
puts 'Could not determine server version.'
|
|
225
|
+
exit 1
|
|
226
|
+
end
|
|
227
|
+
rescue Compliance::ServerConfigurationMissing
|
|
228
|
+
puts "\nServer configuration information is missing. Please login using `inspec compliance login`"
|
|
229
|
+
exit 1
|
|
230
|
+
end
|
|
231
|
+
|
|
232
|
+
desc 'logout', 'user logout from Chef Compliance'
|
|
233
|
+
def logout
|
|
234
|
+
config = Compliance::Configuration.new
|
|
235
|
+
unless config.supported?(:oidc) || config['token'].nil? || config['server_type'] == 'automate'
|
|
236
|
+
config = Compliance::Configuration.new
|
|
237
|
+
url = "#{config['server']}/logout"
|
|
238
|
+
Compliance::HTTP.post(url, config['token'], config['insecure'], !config.supported?(:oidc))
|
|
239
|
+
end
|
|
240
|
+
success = config.destroy
|
|
241
|
+
|
|
242
|
+
if success
|
|
243
|
+
puts 'Successfully logged out'
|
|
244
|
+
else
|
|
245
|
+
puts 'Could not log out'
|
|
246
|
+
end
|
|
247
|
+
end
|
|
248
|
+
|
|
249
|
+
private
|
|
250
|
+
|
|
251
|
+
def loggedin(config)
|
|
252
|
+
serverknown = !config['server'].nil?
|
|
253
|
+
puts 'You need to login first with `inspec compliance login`' if !serverknown
|
|
254
|
+
serverknown
|
|
255
|
+
end
|
|
256
|
+
end
|
|
257
|
+
|
|
258
|
+
# register the subcommand to Inspec CLI registry
|
|
259
|
+
Inspec::Plugins::CLI.add_subcommand(ComplianceCLI, 'compliance', 'compliance SUBCOMMAND ...', 'Chef Compliance commands', {})
|
|
260
|
+
end
|