inspec 2.1.81 → 2.1.83

data/lib/bundles/inspec-compliance/support.rb

@@ -1,36 +1,36 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-
-module Compliance
-  # is a helper that provides information which version of compliance supports
-  # which feature
-  class Support
-    # for a feature, returns either:
-    #  - a version v0:                      v supports v0       iff v0 <= v
-    #  - an array [v0, v1] of two versions: v supports [v0, v1] iff v0 <= v < v1
-    def self.version_with_support(feature)
-      case feature.to_sym
-      when :oidc # open id connect authentication
-        Gem::Version.new('0.16.19')
-      else
-        Gem::Version.new('0.0.0')
-      end
-    end
-
-    # determines if the given version support a certain feature
-    def self.supported?(feature, version)
-      sup = version_with_support(feature)
-
-      if sup.is_a?(Array)
-        Gem::Version.new(version) >= sup[0] &&
-          Gem::Version.new(version) < sup[1]
-      else
-        Gem::Version.new(version) >= sup
-      end
-    end
-
-    # we do not know the version, therefore we do not know if its possible to use the feature
-    # return if self['version'].nil? || self['version']['version'].nil?
-  end
-end
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+module Compliance
+  # is a helper that provides information which version of compliance supports
+  # which feature
+  class Support
+    # for a feature, returns either:
+    #  - a version v0:                      v supports v0       iff v0 <= v
+    #  - an array [v0, v1] of two versions: v supports [v0, v1] iff v0 <= v < v1
+    def self.version_with_support(feature)
+      case feature.to_sym
+      when :oidc # open id connect authentication
+        Gem::Version.new('0.16.19')
+      else
+        Gem::Version.new('0.0.0')
+      end
+    end
+
+    # determines if the given version support a certain feature
+    def self.supported?(feature, version)
+      sup = version_with_support(feature)
+
+      if sup.is_a?(Array)
+        Gem::Version.new(version) >= sup[0] &&
+          Gem::Version.new(version) < sup[1]
+      else
+        Gem::Version.new(version) >= sup
+      end
+    end
+
+    # we do not know the version, therefore we do not know if its possible to use the feature
+    # return if self['version'].nil? || self['version']['version'].nil?
+  end
+end

data/lib/bundles/inspec-compliance/target.rb

@@ -1,112 +1,112 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-
-require 'uri'
-require 'inspec/fetcher'
-require 'inspec/errors'
-
-# InSpec Target Helper for Chef Compliance
-# reuses UrlHelper, but it knows the target server and the access token already
-# similar to `inspec exec http://localhost:2134/owners/%base%/compliance/%ssh%/tar --user %token%`
-module Compliance
-  class Fetcher < Fetchers::Url
-    name 'compliance'
-    priority 500
-    def self.resolve(target) # rubocop:disable PerceivedComplexity, Metrics/CyclomaticComplexity, Metrics/AbcSize
-      uri = if target.is_a?(String) && URI(target).scheme == 'compliance'
-              URI(target)
-            elsif target.respond_to?(:key?) && target.key?(:compliance)
-              URI("compliance://#{target[:compliance]}")
-            end
-
-      return nil if uri.nil?
-
-      # we have detailed information available in our lockfile, no need to ask the server
-      if target.respond_to?(:key?) && target.key?(:url)
-        profile_fetch_url = target[:url]
-        config = {}
-      else
-        # check if we have a compliance token
-        config = Compliance::Configuration.new
-        if config['token'].nil? && config['refresh_token'].nil?
-          if config['server_type'] == 'automate'
-            server = 'automate'
-            msg = 'inspec compliance login https://your_automate_server --user USER --ent ENT --dctoken DCTOKEN or --token USERTOKEN'
-          elsif config['server_type'] == 'automate2'
-            server = 'automate2'
-            msg = 'inspec compliance login https://your_automate2_server --user USER --token APITOKEN'
-          else
-            server = 'compliance'
-            msg = "inspec compliance login https://your_compliance_server --user admin --insecure --token 'PASTE TOKEN HERE' "
-          end
-          raise Inspec::FetcherFailure, <<~EOF
-
-            Cannot fetch #{uri} because your #{server} token has not been
-            configured.
-
-            Please login using
-
-                #{msg}
-          EOF
-        end
-
-        # verifies that the target e.g base/ssh exists
-        profile = Compliance::API.sanitize_profile_name(uri)
-        if !Compliance::API.exist?(config, profile)
-          raise Inspec::FetcherFailure, "The compliance profile #{profile} was not found on the configured compliance server"
-        end
-        profile_fetch_url = Compliance::API.target_url(config, profile)
-      end
-      # We need to pass the token to the fetcher
-      config['token'] = Compliance::API.get_token(config)
-
-      # Needed for automate2 post request
-      profile_stub = profile || target[:compliance]
-      config['profile'] = Compliance::API.profile_split(profile_stub)
-
-      new(profile_fetch_url, config)
-    rescue URI::Error => _e
-      nil
-    end
-
-    # We want to save compliance: in the lockfile rather than url: to
-    # make sure we go back through the Compliance API handling.
-    def resolved_source
-      @resolved_source ||= {
-        compliance: compliance_profile_name,
-        url: @target,
-        sha256: sha256,
-      }
-    end
-
-    def to_s
-      'Chef Compliance Profile Loader'
-    end
-
-    private
-
-    # determine the owner_id and the profile name from the url
-    def compliance_profile_name
-      m = if Compliance::API.is_automate_server_pre_080?(@config)
-            %r{^#{@config['server']}/(?<owner>[^/]+)/(?<id>[^/]+)/tar$}
-          elsif Compliance::API.is_automate_server_080_and_later?(@config)
-            %r{^#{@config['server']}/profiles/(?<owner>[^/]+)/(?<id>[^/]+)/tar$}
-          else
-            %r{^#{@config['server']}/owners/(?<owner>[^/]+)/compliance/(?<id>[^/]+)/tar$}
-          end.match(@target)
-
-      if Compliance::API.is_automate2_server?(@config)
-        m = {}
-        m[:owner] = @config['profile'][0]
-        m[:id] = @config['profile'][1]
-      end
-
-      raise 'Unable to determine compliance profile name. This can be caused by ' \
-        'an incorrect server in your configuration. Try to login to compliance ' \
-        'via the `inspec compliance login` command.' if m.nil?
-
-      "#{m[:owner]}/#{m[:id]}"
-    end
-  end
-end
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'uri'
+require 'inspec/fetcher'
+require 'inspec/errors'
+
+# InSpec Target Helper for Chef Compliance
+# reuses UrlHelper, but it knows the target server and the access token already
+# similar to `inspec exec http://localhost:2134/owners/%base%/compliance/%ssh%/tar --user %token%`
+module Compliance
+  class Fetcher < Fetchers::Url
+    name 'compliance'
+    priority 500
+    def self.resolve(target) # rubocop:disable PerceivedComplexity, Metrics/CyclomaticComplexity, Metrics/AbcSize
+      uri = if target.is_a?(String) && URI(target).scheme == 'compliance'
+              URI(target)
+            elsif target.respond_to?(:key?) && target.key?(:compliance)
+              URI("compliance://#{target[:compliance]}")
+            end
+
+      return nil if uri.nil?
+
+      # we have detailed information available in our lockfile, no need to ask the server
+      if target.respond_to?(:key?) && target.key?(:url)
+        profile_fetch_url = target[:url]
+        config = {}
+      else
+        # check if we have a compliance token
+        config = Compliance::Configuration.new
+        if config['token'].nil? && config['refresh_token'].nil?
+          if config['server_type'] == 'automate'
+            server = 'automate'
+            msg = 'inspec compliance login https://your_automate_server --user USER --ent ENT --dctoken DCTOKEN or --token USERTOKEN'
+          elsif config['server_type'] == 'automate2'
+            server = 'automate2'
+            msg = 'inspec compliance login https://your_automate2_server --user USER --token APITOKEN'
+          else
+            server = 'compliance'
+            msg = "inspec compliance login https://your_compliance_server --user admin --insecure --token 'PASTE TOKEN HERE' "
+          end
+          raise Inspec::FetcherFailure, <<~EOF
+
+            Cannot fetch #{uri} because your #{server} token has not been
+            configured.
+
+            Please login using
+
+                #{msg}
+          EOF
+        end
+
+        # verifies that the target e.g base/ssh exists
+        profile = Compliance::API.sanitize_profile_name(uri)
+        if !Compliance::API.exist?(config, profile)
+          raise Inspec::FetcherFailure, "The compliance profile #{profile} was not found on the configured compliance server"
+        end
+        profile_fetch_url = Compliance::API.target_url(config, profile)
+      end
+      # We need to pass the token to the fetcher
+      config['token'] = Compliance::API.get_token(config)
+
+      # Needed for automate2 post request
+      profile_stub = profile || target[:compliance]
+      config['profile'] = Compliance::API.profile_split(profile_stub)
+
+      new(profile_fetch_url, config)
+    rescue URI::Error => _e
+      nil
+    end
+
+    # We want to save compliance: in the lockfile rather than url: to
+    # make sure we go back through the Compliance API handling.
+    def resolved_source
+      @resolved_source ||= {
+        compliance: compliance_profile_name,
+        url: @target,
+        sha256: sha256,
+      }
+    end
+
+    def to_s
+      'Chef Compliance Profile Loader'
+    end
+
+    private
+
+    # determine the owner_id and the profile name from the url
+    def compliance_profile_name
+      m = if Compliance::API.is_automate_server_pre_080?(@config)
+            %r{^#{@config['server']}/(?<owner>[^/]+)/(?<id>[^/]+)/tar$}
+          elsif Compliance::API.is_automate_server_080_and_later?(@config)
+            %r{^#{@config['server']}/profiles/(?<owner>[^/]+)/(?<id>[^/]+)/tar$}
+          else
+            %r{^#{@config['server']}/owners/(?<owner>[^/]+)/compliance/(?<id>[^/]+)/tar$}
+          end.match(@target)
+
+      if Compliance::API.is_automate2_server?(@config)
+        m = {}
+        m[:owner] = @config['profile'][0]
+        m[:id] = @config['profile'][1]
+      end
+
+      raise 'Unable to determine compliance profile name. This can be caused by ' \
+        'an incorrect server in your configuration. Try to login to compliance ' \
+        'via the `inspec compliance login` command.' if m.nil?
+
+      "#{m[:owner]}/#{m[:id]}"
+    end
+  end
+end

data/lib/bundles/inspec-compliance/test/integration/default/cli.rb

@@ -1,93 +1,93 @@
-# encoding: utf-8
-
-# options
-inspec_bin = 'BUNDLE_GEMFILE=/inspec/Gemfile bundle exec inspec'
-api_url = 'https://0.0.0.0'
-profile = '/inspec/examples/profile'
-
-user = command('whoami').stdout.strip
-pwd = command('pwd').stdout.strip
-puts "Run test as #{user} in path #{pwd}"
-
-# TODO: determine tokens automatically, define in kitchen yml
-access_token = ENV['COMPLIANCE_ACCESSTOKEN']
-refresh_token = ENV['COMPLIANCE_REFRESHTOKEN']
-
-%w{refresh_token access_token}.each do |type| # rubocop:disable Metrics/BlockLength
-  case type
-  when 'access_token'
-    token_options = "--token '#{access_token}'"
-  when 'refresh_token'
-    token_options = "--refresh_token '#{refresh_token}'"
-  end
-
-  # verifies that the help command works
-  describe command("#{inspec_bin} compliance help") do
-    its('stdout') { should include 'inspec compliance help [COMMAND]' }
-    its('stderr') { should eq '' }
-    its('exit_status') { should eq 0 }
-  end
-
-  # version command fails gracefully when server not configured
-  describe command("#{inspec_bin} compliance version") do
-    its('stdout') { should include 'Server configuration information is missing' }
-    its('stderr') { should eq '' }
-    its('exit_status') { should eq 1 }
-  end
-
-  # submitting a wrong token should have an exit of 0
-  describe command("#{inspec_bin} compliance login #{api_url} --insecure --user 'admin' --token 'wrong-token'") do
-    its('stdout') { should include 'token stored' }
-  end
-
-  # compliance login --help should give an accurate message for login
-  describe command("#{inspec_bin} compliance login --help") do
-    its('stdout') { should include "inspec compliance login SERVER --insecure --user='USER' --token='TOKEN'" }
-    its('exit_status') { should eq 0 }
-  end
-
-  # profiles command fails gracefully when token/server info is incorrect
-  describe command("#{inspec_bin} compliance profiles") do
-    its('stdout') { should include '401 Unauthorized. Please check your token' }
-    its('stderr') { should eq '' }
-    its('exit_status') { should eq 1 }
-  end
-
-  # login via access token token
-  describe command("#{inspec_bin} compliance login #{api_url} --insecure --user 'admin' #{token_options}") do
-    its('stdout') { should include 'token', 'stored' }
-    its('stdout') { should_not include 'Your server supports --user and --password only' }
-    its('stderr') { should eq '' }
-    its('exit_status') { should eq 0 }
-  end
-
-  # see available resources
-  describe command("#{inspec_bin} compliance profiles") do
-    its('stdout') { should include 'base/ssh' }
-    its('stderr') { should eq '' }
-    its('exit_status') { should eq 0 }
-  end
-
-  # upload a compliance profile
-  describe command("#{inspec_bin} compliance upload #{profile} --overwrite") do
-    its('stdout') { should include 'Profile is valid' }
-    its('stdout') { should include 'Successfully uploaded profile' }
-    its('stdout') { should_not include 'error(s)' }
-    its('stderr') { should eq '' }
-    its('exit_status') { should eq 0 }
-  end
-
-  # returns the version of the server
-  describe command("#{inspec_bin} compliance version") do
-    its('stdout') { should include 'Chef Compliance version:' }
-    its('stderr') { should eq '' }
-    its('exit_status') { should eq 0 }
-  end
-
-  # logout
-  describe command("#{inspec_bin} compliance logout") do
-    its('stdout') { should include 'Successfully logged out' }
-    its('stderr') { should eq '' }
-    its('exit_status') { should eq 0 }
-  end
-end
+# encoding: utf-8
+
+# options
+inspec_bin = 'BUNDLE_GEMFILE=/inspec/Gemfile bundle exec inspec'
+api_url = 'https://0.0.0.0'
+profile = '/inspec/examples/profile'
+
+user = command('whoami').stdout.strip
+pwd = command('pwd').stdout.strip
+puts "Run test as #{user} in path #{pwd}"
+
+# TODO: determine tokens automatically, define in kitchen yml
+access_token = ENV['COMPLIANCE_ACCESSTOKEN']
+refresh_token = ENV['COMPLIANCE_REFRESHTOKEN']
+
+%w{refresh_token access_token}.each do |type| # rubocop:disable Metrics/BlockLength
+  case type
+  when 'access_token'
+    token_options = "--token '#{access_token}'"
+  when 'refresh_token'
+    token_options = "--refresh_token '#{refresh_token}'"
+  end
+
+  # verifies that the help command works
+  describe command("#{inspec_bin} compliance help") do
+    its('stdout') { should include 'inspec compliance help [COMMAND]' }
+    its('stderr') { should eq '' }
+    its('exit_status') { should eq 0 }
+  end
+
+  # version command fails gracefully when server not configured
+  describe command("#{inspec_bin} compliance version") do
+    its('stdout') { should include 'Server configuration information is missing' }
+    its('stderr') { should eq '' }
+    its('exit_status') { should eq 1 }
+  end
+
+  # submitting a wrong token should have an exit of 0
+  describe command("#{inspec_bin} compliance login #{api_url} --insecure --user 'admin' --token 'wrong-token'") do
+    its('stdout') { should include 'token stored' }
+  end
+
+  # compliance login --help should give an accurate message for login
+  describe command("#{inspec_bin} compliance login --help") do
+    its('stdout') { should include "inspec compliance login SERVER --insecure --user='USER' --token='TOKEN'" }
+    its('exit_status') { should eq 0 }
+  end
+
+  # profiles command fails gracefully when token/server info is incorrect
+  describe command("#{inspec_bin} compliance profiles") do
+    its('stdout') { should include '401 Unauthorized. Please check your token' }
+    its('stderr') { should eq '' }
+    its('exit_status') { should eq 1 }
+  end
+
+  # login via access token token
+  describe command("#{inspec_bin} compliance login #{api_url} --insecure --user 'admin' #{token_options}") do
+    its('stdout') { should include 'token', 'stored' }
+    its('stdout') { should_not include 'Your server supports --user and --password only' }
+    its('stderr') { should eq '' }
+    its('exit_status') { should eq 0 }
+  end
+
+  # see available resources
+  describe command("#{inspec_bin} compliance profiles") do
+    its('stdout') { should include 'base/ssh' }
+    its('stderr') { should eq '' }
+    its('exit_status') { should eq 0 }
+  end
+
+  # upload a compliance profile
+  describe command("#{inspec_bin} compliance upload #{profile} --overwrite") do
+    its('stdout') { should include 'Profile is valid' }
+    its('stdout') { should include 'Successfully uploaded profile' }
+    its('stdout') { should_not include 'error(s)' }
+    its('stderr') { should eq '' }
+    its('exit_status') { should eq 0 }
+  end
+
+  # returns the version of the server
+  describe command("#{inspec_bin} compliance version") do
+    its('stdout') { should include 'Chef Compliance version:' }
+    its('stderr') { should eq '' }
+    its('exit_status') { should eq 0 }
+  end
+
+  # logout
+  describe command("#{inspec_bin} compliance logout") do
+    its('stdout') { should include 'Successfully logged out' }
+    its('stderr') { should eq '' }
+    its('exit_status') { should eq 0 }
+  end
+end