inspec 2.2.61 → 2.2.64

data/lib/inspec/plugin/v2/plugin_base.rb

@@ -0,0 +1,98 @@
+module Inspec::Plugin::V2
+  # Base class for all plugins.  Specific plugin types *may* inherit from this; but they must register with it.
+  class PluginBase
+    # rubocop: disable Style/ClassVars
+    @@plugin_type_classes = {}
+    # rubocop: enable Style/ClassVars
+
+    #=====================================================================#
+    #                         Management Methods
+    #=====================================================================#
+
+    # The global registry.
+    # @returns [Inspec::Plugin::V2::Registry] the singleton Plugin Registry object.
+    def self.registry
+      Inspec::Plugin::V2::Registry.instance
+    end
+
+    # Inform the plugin system of a new plgin type.
+    # This has the following effects:
+    #  * enables Inspec.plugin(2, :your_type_here) to return the plugin
+    #    type base class
+    #  * defines the DSL method with the same name as the plugin type.
+    #
+    # @param [Symbol] plugin_type_name
+    # @param [Class] the plugin type class, defaults to assuming inheritance
+    def self.register_plugin_type(plugin_type_name, new_plugin_type_base_class = self)
+      new_dsl_method_name = plugin_type_name
+
+      # This lets the Inspec.plugin(2,:your_plugin_type) work
+      @@plugin_type_classes[plugin_type_name] = new_plugin_type_base_class
+
+      # This part defines the DSL command to register a concrete plugin's implementation of a plugin type
+      Inspec::Plugin::V2::PluginBase.define_singleton_method(new_dsl_method_name) do |hook_name, &hook_body|
+        plugin_concrete_class = self
+
+        # Verify class is registered (i.e. plugin_name has been called)
+        status = registry.find_status_by_class(plugin_concrete_class)
+        if status.nil?
+          raise Inspec::Plugin::V2::LoadError, "You must call 'plugin_name' prior to calling #{plugin_type_name} for plugin class #{plugin_concrete_class}"
+        end
+
+        # Construct the Activator record
+        activator = Inspec::Plugin::V2::Activator.new
+        activator.plugin_name = plugin_concrete_class.plugin_name
+        activator.plugin_type = plugin_type_name
+        activator.activator_name = hook_name.to_sym
+        activator.activation_proc = hook_body
+
+        status.activators << activator
+      end
+    end
+
+    # Determine the base class for a given plugin type
+    # @param [Symbol] plugin_type_name
+    # @returns [Class] the plugin type base class
+    def self.base_class_for_type(plugin_type_name)
+      @@plugin_type_classes[plugin_type_name]
+    end
+
+    #=====================================================================#
+    #                           DSL Methods
+    #=====================================================================#
+
+    # If no name provided, looks up a known plugin by class and returns the name.
+    #
+    # DSL method to declare a plugin.  Once this has been called, the plugin will certainly be
+    # registered (known) with the Registry, and is eligible to be activated.
+    # This mainly handles status annotation.
+    #
+    # @param [Symbol] Name of the plugin.  If a string is provided, it is converted to a Symbol.
+    # @returns [Symbol] Name of the plugin
+    def self.plugin_name(name = nil)
+      reg = Inspec::Plugin::V2::Registry.instance
+      return reg.find_status_by_class(self).name if name.nil?
+
+      name = name.to_sym
+
+      # Typically our status will already exist in the registry, from loading the
+      # plugin.json. If we're being loaded, presumably entry_point,
+      # installation_type, version
+      # are known.
+      unless reg.known_plugin?(name)
+        # Under some testing situations, we may not pre-exist.
+        status = Inspec::Plugin::V2::Status.new
+        reg.register(name, status)
+        status.entry_point = 'inline'
+        status.installation_type = :mock_inline
+      end
+
+      status = reg[name]
+      status.api_generation = 2
+      status.plugin_class = self
+      status.name = name
+
+      name
+    end
+  end
+end

data/lib/inspec/plugin/v2/plugin_types/cli.rb

@@ -0,0 +1,27 @@
+require 'inspec/base_cli'
+
+module Inspec::Plugin::V2::PluginType
+  class CliCommand < Inspec::BaseCLI
+    # This class MUST inherit from Thor, which makes it a bit awkward to register the plugin subtype
+    # Since we can't inherit from PluginBase, we use the two-arg form of register_plugin_type
+    Inspec::Plugin::V2::PluginBase.register_plugin_type(:cli_command, self)
+
+    # Provide a description for the command group.
+    def self.subcommand_desc(usage_msg, desc_msg)
+      @usage_msg = usage_msg
+      @desc_msg = desc_msg
+    end
+
+    # Register the command group with Thor.  This must be called on the implementation class AFTER
+    # the the cli_command activator has been called
+    def self.register_with_thor
+      # Figure out my activator name (= subcommand group name)
+      subcommand_name = Inspec::Plugin::V2::Registry.instance \
+                                                    .find_activators(plugin_type: :cli_command, implementation_class: self) \
+                                                    .first.activator_name.to_s
+
+      # Register with Thor
+      Inspec::InspecCLI.register(self, subcommand_name, @usage_msg, @desc_msg, {})
+    end
+  end
+end

data/lib/inspec/plugin/v2/plugin_types/mock.rb

@@ -0,0 +1,12 @@
+module Inspec::Plugin::V2::PluginType
+  # Test plugin type
+  class Mock < Inspec::Plugin::V2::PluginBase
+    register_plugin_type(:mock_plugin_type)
+
+    # This is the API for the mock plugin type: when a mock plugin is
+    # activated, it is expected to be able to respond to this, and "do something"
+    def mock_hook
+      raise NotImplementedError, 'Mock plugins must implement mock_hook'
+    end
+  end
+end

data/lib/inspec/plugin/v2/registry.rb

@@ -0,0 +1,76 @@
+require 'forwardable'
+require 'singleton'
+require_relative 'status'
+require_relative 'activator'
+
+module Inspec::Plugin::V2
+  class Registry
+    include Singleton
+    extend Forwardable
+
+    attr_reader :registry
+    def_delegator :registry, :each
+    def_delegator :registry, :[]
+    def_delegator :registry, :key?, :known_plugin?
+    def_delegator :registry, :keys, :plugin_names
+    def_delegator :registry, :values, :plugin_statuses
+    def_delegator :registry, :select
+
+    def initialize
+      @registry = {}
+    end
+
+    def any_load_failures?
+      !plugin_statuses.select(&:load_exception).empty?
+    end
+
+    def loaded_plugin?(name)
+      registry.dig(name, :loaded)
+    end
+
+    def loaded_count
+      registry.values.select(&:loaded).count
+    end
+
+    def known_count
+      registry.values.count
+    end
+
+    def loaded_plugin_names
+      registry.values.select(&:loaded).map(&:name)
+    end
+
+    def find_status_by_class(klass)
+      registry.values.detect { |status| status.plugin_class == klass }
+    end
+
+    # Finds Activators matching criteria (all optional) you specify as a Hash.
+    # @param [Symbol] plugin_name Restricts the search to the given plugin
+    # @param [Symbol] plugin_type Restricts the search to the given plugin type
+    # @param [Symbol] activator_name Name of the activator
+    # @param [Class] implementation_class Implementation class returned by an already-actived plugin type
+    # @returns [Array] Possibly empty array of Activators
+    def find_activators(filters = {})
+      plugin_statuses.map(&:activators).flatten.select do |act|
+        [:plugin_name, :plugin_type, :activator_name, :implementation_class].all? do |criteria|
+          !filters.key?(criteria) || act[criteria] == filters[criteria]
+        end
+      end
+    end
+
+    def register(name, status)
+      if known_plugin? name
+        Inspec::Log.warn "PluginLoader: refusing to re-register plugin '#{name}': an existing plugin with that name was loaded via #{existing.installation_type}-loading from #{existing.entry_point}"
+      else
+        registry[name.to_sym] = status
+      end
+    end
+
+    alias []= register
+
+    # Provided for test support. Purges the registry.
+    def __reset
+      @registry.clear
+    end
+  end
+end

data/lib/inspec/plugin/v2/status.rb

@@ -0,0 +1,29 @@
+module Inspec::Plugin::V2
+  # Track loading status of each plugin.  These are the elements of the Registry.
+  #
+  # Lifecycle of an installed plugin:
+  #  If present in the config file, bundled, or core, it is "known"
+  #  All known plugins are loaded.  v1 plugins auto-activate. All loaded plugins know their version.
+  #  v2 plugins activate when they are used.  All activated plugins know their implementation class.
+  Status = Struct.new(
+    :activators,              # Array of Activators - where plugin_type info gets stored
+    :api_generation,          # 0,1,2 # TODO: convert all bundled (v0) to v2
+    :plugin_class,            # Plugin class
+    :entry_point,             # a gem name or filesystem path
+    :installation_type,       # :gem, :path, :core, bundle # TODO: combine core and bundle
+    :loaded,                  # true, false False could mean not attempted or failed
+    :load_exception,          # Exception class if it failed to load
+    :name,                    # String name
+    :version,                 # three-digit version.  Core / bundled plugins use InSpec version here.
+  ) do
+    def initialize(*)
+      super
+      self[:activators] = []
+      self[:loaded] = false
+    end
+
+    def plugin_types
+      activators.map(&:plugin_type).uniq.sort
+    end
+  end
+end

data/lib/inspec/reporters.rb

@@ -1,7 +1,7 @@
 require 'inspec/reporters/base'
 require 'inspec/reporters/cli'
 require 'inspec/reporters/json'
-require 'inspec/reporters/json_merged'
+require 'inspec/reporters/json_automate'
 require 'inspec/reporters/json_min'
 require 'inspec/reporters/junit'
 require 'inspec/reporters/automate'
@@ -17,6 +17,10 @@ module Inspec::Reporters
       reporter = Inspec::Reporters::CLI.new(config)
     when 'json'
       reporter = Inspec::Reporters::Json.new(config)
+    # This reporter is only used for Chef internal. We reserve the
+    # right to introduce breaking changes to this reporter at any time.
+    when 'json-automate'
+      reporter = Inspec::Reporters::JsonAutomate.new(config)
     when 'json-min'
       reporter = Inspec::Reporters::JsonMin.new(config)
     when 'junit'

data/lib/inspec/reporters/automate.rb

@@ -4,7 +4,7 @@ require 'json'
 require 'net/http'
 
 module Inspec::Reporters
-  class Automate < JsonMerged
+  class Automate < JsonAutomate
     def initialize(config)
       super(config)
 

data/lib/inspec/reporters/{json_merged.rb → json_automate.rb}

@@ -3,7 +3,7 @@
 require 'json'
 
 module Inspec::Reporters
-  class JsonMerged < Json
+  class JsonAutomate < Json
     def initialize(config)
       super(config)
       @profiles = []

data/lib/inspec/resource.rb

@@ -2,7 +2,7 @@
 # copyright: 2015, Vulcano Security GmbH
 # author: Dominik Richter
 # author: Christoph Hartmann
-require 'inspec/plugins'
+require 'inspec/plugin/v1'
 
 module Inspec
   class ProfileNotFound < StandardError; end

data/lib/inspec/rule.rb

@@ -42,7 +42,7 @@ module Inspec
       @__rule_id = id
       @__profile_id = profile_id
       @__checks = []
-      @__skip_rule = nil
+      @__skip_rule = {}
       @__merge_count = 0
       @__merge_changes = []
       @__skip_only_if_eval = opts[:skip_only_if_eval]
@@ -118,11 +118,12 @@ module Inspec
     #
     # @param [Type] &block returns true if tests are added, false otherwise
     # @return [nil]
-    def only_if
+    def only_if(message = nil)
       return unless block_given?
       return if @__skip_only_if_eval == true
 
-      @__skip_rule ||= !yield
+      @__skip_rule[:result] ||= !yield
+      @__skip_rule[:message] = message
     end
 
     # Describe will add one or more tests to this control. There is 2 ways
@@ -174,8 +175,9 @@ module Inspec
       rule.instance_variable_get(:@__skip_rule)
     end
 
-    def self.set_skip_rule(rule, value)
-      rule.instance_variable_set(:@__skip_rule, value)
+    def self.set_skip_rule(rule, value, message = nil)
+      rule.instance_variable_set(:@__skip_rule,
+                                 { result: value, message: message })
     end
 
     def self.merge_count(rule)
@@ -187,9 +189,13 @@ module Inspec
     end
 
     def self.prepare_checks(rule)
-      msg = skip_status(rule)
-      return checks(rule) unless msg
-      msg = 'Skipped control due to only_if condition.' if msg == true
+      skip_check = skip_status(rule)
+      return checks(rule) unless skip_check[:result].eql?(true)
+      if skip_check[:message]
+        msg = "Skipped control due to only_if condition: #{skip_check[:message]}"
+      else
+        msg = 'Skipped control due to only_if condition.'
+      end
 
       # TODO: we use os as the carrier here, but should consider
       # a separate resource to do skipping

data/lib/inspec/secrets.rb

@@ -2,8 +2,7 @@
 # author: Christoph Hartmann
 # author: Dominik Richter
 
-require 'inspec/plugins'
-require 'utils/plugin_registry'
+require 'inspec/plugin/v1'
 
 module Inspec
   SecretsBackend = PluginRegistry.new

data/lib/inspec/source_reader.rb

@@ -2,8 +2,7 @@
 # author: Dominik Richter
 # author: Christoph Hartmann
 
-require 'inspec/plugins'
-require 'utils/plugin_registry'
+require 'inspec/plugin/v1'
 
 module Inspec
   # Pre-checking of target resolution. Make sure that SourceReader plugins

data/lib/inspec/version.rb

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '2.2.61'
+  VERSION = '2.2.64'
 end

data/lib/resources/apache_conf.rb

@@ -125,7 +125,7 @@ module Inspec::Resources
     end
 
     def read_file(path)
-      @files_contents[path] ||= read_file_content(path)
+      @files_contents[path] ||= read_file_content(path, true)
     end
 
     def conf_dir

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 2.2.61
+  version: 2.2.64
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-08-09 00:00:00.000000000 Z
+date: 2018-08-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train
@@ -313,6 +313,7 @@ files:
 - docs/dev/control-eval.md
 - docs/dev/filtertable-internals.md
 - docs/dev/filtertable-usage.md
+- docs/dev/plugins.md
 - docs/dsl_inspec.md
 - docs/dsl_resource.md
 - docs/glossary.md
@@ -619,12 +620,22 @@ files:
 - lib/inspec/objects/tag.rb
 - lib/inspec/objects/test.rb
 - lib/inspec/objects/value.rb
-- lib/inspec/plugins.rb
-- lib/inspec/plugins/cli.rb
-- lib/inspec/plugins/fetcher.rb
-- lib/inspec/plugins/resource.rb
-- lib/inspec/plugins/secret.rb
-- lib/inspec/plugins/source_reader.rb
+- lib/inspec/plugin/v1.rb
+- lib/inspec/plugin/v1/plugin_types/cli.rb
+- lib/inspec/plugin/v1/plugin_types/fetcher.rb
+- lib/inspec/plugin/v1/plugin_types/resource.rb
+- lib/inspec/plugin/v1/plugin_types/secret.rb
+- lib/inspec/plugin/v1/plugin_types/source_reader.rb
+- lib/inspec/plugin/v1/plugins.rb
+- lib/inspec/plugin/v1/registry.rb
+- lib/inspec/plugin/v2.rb
+- lib/inspec/plugin/v2/activator.rb
+- lib/inspec/plugin/v2/loader.rb
+- lib/inspec/plugin/v2/plugin_base.rb
+- lib/inspec/plugin/v2/plugin_types/cli.rb
+- lib/inspec/plugin/v2/plugin_types/mock.rb
+- lib/inspec/plugin/v2/registry.rb
+- lib/inspec/plugin/v2/status.rb
 - lib/inspec/polyfill.rb
 - lib/inspec/profile.rb
 - lib/inspec/profile_context.rb
@@ -634,7 +645,7 @@ files:
 - lib/inspec/reporters/base.rb
 - lib/inspec/reporters/cli.rb
 - lib/inspec/reporters/json.rb
-- lib/inspec/reporters/json_merged.rb
+- lib/inspec/reporters/json_automate.rb
 - lib/inspec/reporters/json_min.rb
 - lib/inspec/reporters/junit.rb
 - lib/inspec/reporters/yaml.rb
@@ -823,7 +834,6 @@ files:
 - lib/utils/object_traversal.rb
 - lib/utils/parser.rb
 - lib/utils/pkey_reader.rb
-- lib/utils/plugin_registry.rb
 - lib/utils/simpleconfig.rb
 - lib/utils/spdx.rb
 - lib/utils/spdx.txt