inspec 2.2.61 → 2.2.64

data/lib/bundles/inspec-artifact/cli.rb

@@ -6,6 +6,7 @@ require 'pathname'
 require 'set'
 require 'tempfile'
 require 'yaml'
+require 'inspec/base_cli'
 
 # Notes:
 #

data/lib/bundles/inspec-compliance/cli.rb

@@ -4,6 +4,7 @@
 
 require 'thor'
 require 'erb'
+require 'inspec/base_cli'
 
 module Compliance
   class ComplianceCLI < Inspec::BaseCLI

data/lib/bundles/inspec-habitat/cli.rb

@@ -2,6 +2,7 @@
 # author: Adam Leff
 
 require 'thor'
+require 'inspec/base_cli'
 
 module Habitat
   class HabitatProfileCLI < Thor

data/lib/bundles/inspec-init/cli.rb

@@ -2,6 +2,7 @@
 
 require 'pathname'
 require_relative 'renderer'
+require 'inspec/base_cli'
 
 module Init
   class CLI < Inspec::BaseCLI

data/lib/bundles/inspec-supermarket/cli.rb

@@ -1,6 +1,7 @@
 # encoding: utf-8
 # author: Christoph Hartmann
 # author: Dominik Richter
+require 'inspec/base_cli'
 
 module Supermarket
   class SupermarketCLI < Inspec::BaseCLI

data/lib/inspec.rb

@@ -16,9 +16,11 @@ require 'inspec/shell'
 require 'inspec/formatters'
 require 'inspec/reporters'
 
-# all utils that may be required by plugins
+require 'inspec/plugin/v2'
+require 'inspec/plugin/v1'
+
+# all utils that may be required by legacy plugins
 require 'inspec/base_cli'
 require 'inspec/fetcher'
 require 'inspec/source_reader'
 require 'inspec/resource'
-require 'inspec/plugins'

data/lib/inspec/base_cli.rb

@@ -168,6 +168,7 @@ module Inspec
         'documentation',
         'html',
         'json',
+        'json-automate',
         'json-min',
         'json-rspec',
         'junit',

data/lib/inspec/cli.rb

@@ -10,7 +10,8 @@ require 'pp'
 require 'utils/json_log'
 require 'utils/latest_version'
 require 'inspec/base_cli'
-require 'inspec/plugins'
+require 'inspec/plugin/v1'
+require 'inspec/plugin/v2'
 require 'inspec/runner_mock'
 require 'inspec/env_printer'
 require 'inspec/schema'
@@ -20,7 +21,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
                desc: 'Set the log level: info (default), debug, warn, error'
 
   class_option :log_location, type: :string,
-               desc: 'Location to send diagnostic log messages to. (default: STDOUT or STDERR)'
+               desc: 'Location to send diagnostic log messages to. (default: STDOUT or Inspec::Log.error)'
 
   class_option :diagnose, type: :boolean,
     desc: 'Show diagnostics (versions, configurations)'
@@ -282,17 +283,35 @@ class Inspec::InspecCLI < Inspec::BaseCLI
   end
 end
 
-# Load all plugins on startup
-ctl = Inspec::PluginCtl.new
-ctl.list.each { |x| ctl.load(x) }
-
-# load CLI plugins before the Inspec CLI has been started
-Inspec::Plugins::CLI.subcommands.each { |_subcommand, params|
-  Inspec::InspecCLI.register(
-    params[:klass],
-    params[:subcommand_name],
-    params[:usage],
-    params[:description],
-    params[:options],
-  )
-}
+begin
+  # Load v2 plugins
+  v2_loader = Inspec::Plugin::V2::Loader.new
+  v2_loader.load_all
+  v2_loader.exit_on_load_error
+  v2_loader.activate_mentioned_cli_plugins
+
+  # Load v1 plugins on startup
+  ctl = Inspec::PluginCtl.new
+  ctl.list.each { |x| ctl.load(x) }
+
+  # load v1 CLI plugins before the Inspec CLI has been started
+  Inspec::Plugins::CLI.subcommands.each { |_subcommand, params|
+    Inspec::InspecCLI.register(
+      params[:klass],
+      params[:subcommand_name],
+      params[:usage],
+      params[:description],
+      params[:options],
+    )
+  }
+rescue Inspec::Plugin::V2::Exception => v2ex
+  Inspec::Log.error v2ex.message
+
+  if ARGV.include?('--debug')
+    Inspec::Log.error v2ex.class.name
+    Inspec::Log.error v2ex.backtrace.join("\n")
+  else
+    Inspec::Log.error 'Run again with --debug for a stacktrace.'
+  end
+  exit 2
+end

data/lib/inspec/control_eval_context.rb

@@ -52,6 +52,7 @@ module Inspec
           @conf = conf
           @dependencies = dependencies
           @require_loader = require_loader
+          @skip_file_message = nil
           @skip_file = false
           @skip_only_if_eval = skip_only_if_eval
         end
@@ -118,18 +119,18 @@ module Inspec
 
         define_method :register_control do |control, &block|
           if @skip_file
-            ::Inspec::Rule.set_skip_rule(control, true)
+            ::Inspec::Rule.set_skip_rule(control, true, @skip_file_message)
           end
 
           unless profile_context_owner.profile_supports_platform?
             platform = inspec.platform
             msg = "Profile #{profile_context_owner.profile_id} is not supported on platform #{platform.name}/#{platform.release}."
-            ::Inspec::Rule.set_skip_rule(control, msg)
+            ::Inspec::Rule.set_skip_rule(control, true, msg)
           end
 
           unless profile_context_owner.profile_supports_inspec_version?
             msg = "Profile #{profile_context_owner.profile_id} is not supported on InSpec version (#{Inspec::VERSION})."
-            ::Inspec::Rule.set_skip_rule(control, msg)
+            ::Inspec::Rule.set_skip_rule(control, true, msg)
           end
 
           profile_context_owner.register_rule(control, &block) unless control.nil?
@@ -144,19 +145,19 @@ module Inspec
           profile_context_owner.unregister_rule(id)
         end
 
-        define_method :only_if do |&block|
+        define_method :only_if do |message = nil, &block|
           return unless block
           return if @skip_file == true
           return if @skip_only_if_eval == true
 
           return if block.yield == true
-
           # Apply `set_skip_rule` for other rules in the same file
           profile_context_owner.rules.values.each do |r|
             sources_match = r.source_file == block.source_location[0]
-            Inspec::Rule.set_skip_rule(r, true) if sources_match
+            Inspec::Rule.set_skip_rule(r, true, message) if sources_match
           end
 
+          @skip_file_message = message
           @skip_file = true
         end
 

data/lib/inspec/dependencies/requirement.rb

@@ -1,6 +1,5 @@
 # encoding: utf-8
 require 'inspec/cached_fetcher'
-require 'inspec/dependencies/dependency_set'
 require 'semverse'
 
 module Inspec

data/lib/inspec/fetcher.rb

@@ -2,8 +2,7 @@
 # author: Dominik Richter
 # author: Christoph Hartmann
 
-require 'inspec/plugins'
-require 'utils/plugin_registry'
+require 'inspec/plugin/v1'
 
 module Inspec
   class FetcherRegistry < PluginRegistry

data/lib/inspec/library_eval_context.rb

@@ -1,7 +1,7 @@
 # encoding: utf-8
 # author: Steven Danna
 # author: Victoria Jeffrey
-require 'inspec/plugins/resource'
+require 'inspec/plugin/v1/plugin_types/resource'
 require 'inspec/dsl_shared'
 
 module Inspec

data/lib/inspec/plugin/v1.rb

@@ -0,0 +1,2 @@
+require 'inspec/plugin/v1/plugins'
+require 'inspec/plugin/v1/registry'

data/lib/inspec/{plugins → plugin/v1/plugin_types}/cli.rb

@@ -2,6 +2,8 @@
 # author: Christoph Hartmann
 # author: Dominik Richter
 
+require 'inspec/plugin/v1/registry'
+
 module Inspec
   module Plugins
     # stores all CLI plugin, we expect those to the `Thor` subclasses

data/lib/inspec/{plugins → plugin/v1/plugin_types}/fetcher.rb

@@ -1,8 +1,8 @@
 # encoding: utf-8
 # author: Dominik Richter
 # author: Christoph Hartmann
-require 'utils/plugin_registry'
 require 'inspec/file_provider'
+require 'inspec/plugin/v1/registry'
 
 module Inspec
   module Plugins

data/lib/inspec/{plugins → plugin/v1/plugin_types}/secret.rb

@@ -2,7 +2,7 @@
 # author: Dominik Richter
 # author: Christoph Hartmann
 
-require 'utils/plugin_registry'
+require 'inspec/plugin/v1/registry'
 
 module Inspec
   module Plugins

data/lib/inspec/{plugins → plugin/v1/plugin_types}/source_reader.rb

@@ -2,7 +2,7 @@
 # author: Dominik Richter
 # author: Christoph Hartmann
 
-require 'utils/plugin_registry'
+require 'inspec/plugin/v1/registry'
 
 module Inspec
   module Plugins

data/lib/inspec/{plugins.rb → plugin/v1/plugins.rb}

@@ -6,12 +6,14 @@ require 'forwardable'
 
 module Inspec
   # Resource Plugins
+  # NOTE: the autoloading here is rendered moot by the fact that
+  # all core plugins are `require`'d by the base inspec.rb
   module Plugins
-    autoload :Resource, 'inspec/plugins/resource'
-    autoload :CLI, 'inspec/plugins/cli'
-    autoload :Fetcher, 'inspec/plugins/fetcher'
-    autoload :SourceReader, 'inspec/plugins/source_reader'
-    autoload :Secret, 'inspec/plugins/secret'
+    autoload :Resource, 'inspec/plugin/v1/plugin_types/resource'
+    autoload :CLI, 'inspec/plugin/v1/plugin_types/cli'
+    autoload :Fetcher, 'inspec/plugin/v1/plugin_types/fetcher'
+    autoload :SourceReader, 'inspec/plugin/v1/plugin_types/source_reader'
+    autoload :Secret, 'inspec/plugin/v1/plugin_types/secret'
   end
 
   # PLEASE NOTE: The Plugin system is an internal mechanism for connecting

data/lib/inspec/plugin/v2.rb

@@ -0,0 +1,30 @@
+require 'inspec/errors'
+
+module Inspec
+  module Plugin
+    module V2
+      class Exception < Inspec::Error; end
+      class ConfigError < Inspec::Plugin::V2::Exception; end
+      class LoadError < Inspec::Plugin::V2::Exception; end
+    end
+  end
+end
+
+require_relative 'v2/registry'
+require_relative 'v2/loader'
+require_relative 'v2/plugin_base'
+
+# Load all plugin type base classes
+Dir.glob(File.join(__dir__, 'v2', 'plugin_types', '*.rb')).each { |file| require file }
+
+module Inspec
+  # Provides the base class that plugin implementors should use.
+  def self.plugin(version, plugin_type = nil)
+    unless version == 2
+      raise 'Only plugins version 2 is supported!'
+    end
+
+    return Inspec::Plugin::V2::PluginBase if plugin_type.nil?
+    Inspec::Plugin::V2::PluginBase.base_class_for_type(plugin_type)
+  end
+end

data/lib/inspec/plugin/v2/activator.rb

@@ -0,0 +1,16 @@
+module Inspec::Plugin::V2
+  Activator = Struct.new(
+    :plugin_name,
+    :plugin_type,
+    :activator_name,
+    :activated,
+    :exception,
+    :activation_proc,
+    :implementation_class,
+  ) do
+    def initialize(*)
+      super
+      self[:activated] = false
+    end
+  end
+end

data/lib/inspec/plugin/v2/loader.rb

@@ -0,0 +1,204 @@
+require 'json'
+require 'inspec/log'
+
+# Add the current directory of the process to the load path
+$LOAD_PATH.unshift('.') unless $LOAD_PATH.include?('.')
+# Add the InSpec source root directory to the load path
+folder = File.expand_path(File.join('..', '..', '..', '..'), __dir__)
+$LOAD_PATH.unshift(folder) unless $LOAD_PATH.include?('folder')
+
+module Inspec::Plugin::V2
+  class Loader
+    attr_reader :registry, :options
+
+    def initialize(options = {})
+      @options = options
+      @registry = Inspec::Plugin::V2::Registry.instance
+      determine_plugin_conf_file
+      read_conf_file
+      unpack_conf_file
+      detect_bundled_plugins unless options[:omit_bundles]
+    end
+
+    def load_all
+      registry.each do |plugin_name, plugin_details|
+        # We want to capture literally any possible exception here, since we are storing them.
+        # rubocop: disable Lint/RescueException
+        begin
+          # We could use require, but under testing, we need to repeatedly reload the same
+          # plugin.
+          if plugin_details.entry_point.include?('test/unit/mock/plugins')
+            load plugin_details.entry_point + '.rb'
+          else
+            require plugin_details.entry_point
+          end
+          plugin_details.loaded = true
+          annotate_status_after_loading(plugin_name)
+        rescue ::Exception => ex
+          plugin_details.load_exception = ex
+          Inspec::Log.error "Could not load plugin #{plugin_name}"
+        end
+        # rubocop: enable Lint/RescueException
+      end
+    end
+
+    # This should possibly be in either lib/inspec/cli.rb or Registry
+    def exit_on_load_error
+      if registry.any_load_failures?
+        Inspec::Log.error 'Errors were encountered while loading plugins...'
+        registry.plugin_statuses.select(&:load_exception).each do |plugin_status|
+          Inspec::Log.error 'Plugin name: ' + plugin_status.name.to_s
+          Inspec::Log.error 'Error: ' + plugin_status.load_exception.message
+          if ARGV.include?('--debug')
+            Inspec::Log.error 'Exception: ' + plugin_status.load_exception.class.name
+            Inspec::Log.error 'Trace: ' + plugin_status.load_exception.backtrace.join("\n")
+          end
+        end
+        Inspec::Log.error('Run again with --debug for a stacktrace.') unless ARGV.include?('--debug')
+        exit 2
+      end
+    end
+
+    def activate(plugin_type, hook_name)
+      activator = registry.find_activators(plugin_type: plugin_type, activation_name: hook_name).first
+      # We want to capture literally any possible exception here, since we are storing them.
+      # rubocop: disable Lint/RescueException
+      begin
+        impl_class = activator.activation_proc.call
+        activator.activated = true
+        activator.implementation_class = impl_class
+      rescue Exception => ex
+        activator.exception = ex
+        Inspec::Log.error "Could not activate #{activator.plugin_type} hook named '#{activator.activator_name}' for plugin #{plugin_name}"
+      end
+      # rubocop: enable Lint/RescueException
+    end
+
+    def activate_mentioned_cli_plugins(cli_args = ARGV)
+      # Get a list of CLI plugin activation hooks
+      registry.find_activators(plugin_type: :cli_command).each do |act|
+        next if act.activated
+        # If there is anything in the CLI args with the same name, activate it
+        # If the word 'help' appears in the first position, load all CLI plugins
+        if cli_args.include?(act.activator_name.to_s) || cli_args[0] == 'help'
+          activate(:cli_command, act.activator_name)
+          act.implementation_class.register_with_thor
+        end
+      end
+    end
+
+    private
+
+    def annotate_status_after_loading(plugin_name)
+      status = registry[plugin_name]
+      return if status.api_generation == 2 # Gen2 have self-annotating superclasses
+      case status.installation_type
+      when :bundle
+        annotate_bundle_plugin_status_after_load(plugin_name)
+      else
+        # TODO: are there any other cases? can this whole thing be eliminated?
+        raise "I only know how to annotate :bundle plugins when trying to load plugin #{plugin_name}" unless status.installation_type == :bundle
+      end
+    end
+
+    def annotate_bundle_plugin_status_after_load(plugin_name)
+      # HACK: we're relying on the fact that all bundles are gen0 and cli type
+      status = registry[plugin_name]
+      status.api_generation = 0
+      act = Activator.new
+      act.activated = true
+      act.plugin_type = :cli_command
+      act.plugin_name = plugin_name
+      act.activator_name = :default
+      status.activators = [act]
+
+      v0_subcommand_name = plugin_name.to_s.gsub('inspec-', '')
+      status.plugin_class = Inspec::Plugins::CLI.subcommands[v0_subcommand_name][:klass]
+    end
+
+    def detect_bundled_plugins
+      bundle_dir = File.expand_path(File.join(File.dirname(__FILE__), '..', '..', '..', 'bundles'))
+      globs = [
+        File.join(bundle_dir, 'inspec-*.rb'),
+        File.join(bundle_dir, 'train-*.rb'),
+      ]
+      Dir.glob(globs).each do |loader_file|
+        name = File.basename(loader_file, '.rb').gsub(/^(inspec|train)-/, '')
+        status = Inspec::Plugin::V2::Status.new
+        status.name = name
+        status.entry_point = loader_file
+        status.installation_type = :bundle
+        status.loaded = false
+        registry[name] = status
+      end
+    end
+
+    def determine_plugin_conf_file
+      @plugin_conf_file_path = ENV['INSPEC_CONFIG_DIR'] ? ENV['INSPEC_CONFIG_DIR'] : File.join(Dir.home, '.inspec')
+      @plugin_conf_file_path = File.join(@plugin_conf_file_path, 'plugins.json')
+    end
+
+    def read_conf_file
+      if File.exist?(@plugin_conf_file_path)
+        @plugin_file_contents = JSON.parse(File.read(@plugin_conf_file_path))
+      else
+        @plugin_file_contents = {
+          'plugins_config_version' => '1.0.0',
+          'plugins' => [],
+        }
+      end
+    rescue JSON::ParserError => e
+      raise Inspec::Plugin::V2::ConfigError, "Failed to load plugins JSON configuration from #{@plugin_conf_file_path}:\n#{e}"
+    end
+
+    def unpack_conf_file
+      validate_conf_file
+      @plugin_file_contents['plugins'].each do |plugin_json|
+        status = Inspec::Plugin::V2::Status.new
+        status.name = plugin_json['name'].to_sym
+        status.loaded = false
+        status.installation_type = plugin_json['installation_type'].to_sym || :gem
+        case status.installation_type
+        when :gem
+          status.entry_point = status.name
+          status.version = plugin_json['version']
+        when :path
+          status.entry_point = plugin_json['installation_path']
+        end
+
+        registry[status.name] = status
+      end
+    end
+
+    def validate_conf_file
+      unless @plugin_file_contents['plugins_config_version'] == '1.0.0'
+        raise Inspec::Plugin::V2::ConfigError, "Unsupported plugins.json file version #{@plugin_file_contents['plugins_config_version']} at #{@plugin_conf_file_path} - currently support versions: 1.0.0"
+      end
+
+      plugin_entries = @plugin_file_contents['plugins']
+      unless plugin_entries.is_a?(Array)
+        raise Inspec::Plugin::V2::ConfigError, "Malformed plugins.json file - should have a top-level key named 'plugins', whose value is an array"
+      end
+
+      plugin_entries.each do |plugin_entry|
+        unless plugin_entry.is_a? Hash
+          raise Inspec::Plugin::V2::ConfigError, "Malformed plugins.json file - each 'plugins' entry should be a Hash / JSON object"
+        end
+
+        unless plugin_entry.key? 'name'
+          raise Inspec::Plugin::V2::ConfigError, "Malformed plugins.json file - each 'plugins' entry must have a 'name' field"
+        end
+
+        next unless plugin_entry.key?('installation_type')
+        unless %w{gem path}.include? plugin_entry['installation_type']
+          raise Inspec::Plugin::V2::ConfigError, "Malformed plugins.json file - each 'installation_type' must be one of 'gem' or 'path'"
+        end
+
+        next unless plugin_entry['installation_type'] == 'path'
+        unless plugin_entry.key?('installation_path')
+          raise Inspec::Plugin::V2::ConfigError, "Malformed plugins.json file - each 'plugins' entry with a 'path' installation_type must provide an 'installation_path' field"
+        end
+      end
+    end
+  end
+end