inspec 2.3.5 → 2.3.10

data/lib/plugins/inspec-compliance/test/unit/target_test.rb

@@ -0,0 +1,155 @@
+require 'minitest/autorun'
+require 'mocha/setup'
+require_relative '../../lib/inspec-compliance/api.rb'
+
+describe InspecPlugins::Compliance::Fetcher do
+  let(:config) { { 'server' => 'myserver' } }
+
+  describe 'the check_compliance_token method' do
+    let(:fetcher) { fetcher = InspecPlugins::Compliance::Fetcher.new('a/bad/url', config) }
+
+    it 'returns without error if token is set' do
+      config['token'] = 'my-token'
+      fetcher.class.check_compliance_token('http://test.com', config)
+    end
+
+    it 'returns an error when token is not set' do
+      ex = assert_raises(Inspec::FetcherFailure) { fetcher.class.check_compliance_token('http://test.com', config) }
+      ex.message.must_include "Cannot fetch http://test.com because your compliance token has not been\nconfigured."
+    end
+  end
+
+  describe 'when the server is an automate2 server' do
+    before { InspecPlugins::Compliance::API.expects(:is_automate2_server?).with(config).returns(true) }
+
+    it 'returns the correct owner and profile name' do
+      config['profile'] = ['admin', 'ssh-baseline', nil]
+      fetcher = InspecPlugins::Compliance::Fetcher.new('myserver/profile', config)
+      fetcher.send(:compliance_profile_name).must_equal 'admin/ssh-baseline'
+    end
+  end
+
+  describe 'when the server is an automate server pre-0.8.0' do
+    before { InspecPlugins::Compliance::API.expects(:is_automate_server_pre_080?).with(config).returns(true) }
+
+    it 'returns the correct profile name when the url is correct' do
+      fetcher = InspecPlugins::Compliance::Fetcher.new('myserver/myowner/myprofile/tar', config)
+      fetcher.send(:compliance_profile_name).must_equal 'myowner/myprofile'
+    end
+
+    it 'raises an exception if the url is malformed' do
+      fetcher = InspecPlugins::Compliance::Fetcher.new('a/bad/url', config)
+      proc { fetcher.send(:compliance_profile_name) }.must_raise RuntimeError
+    end
+  end
+
+  describe 'when the server is an automate server 0.8.0-or-later' do
+    before do
+      InspecPlugins::Compliance::API.expects(:is_automate_server_pre_080?).with(config).returns(false)
+      InspecPlugins::Compliance::API.expects(:is_automate_server_080_and_later?).with(config).returns(true)
+    end
+
+    it 'returns the correct profile name when the url is correct' do
+      fetcher = InspecPlugins::Compliance::Fetcher.new('myserver/profiles/myowner/myprofile/tar', config)
+      fetcher.send(:compliance_profile_name).must_equal 'myowner/myprofile'
+    end
+
+    it 'raises an exception if the url is malformed' do
+      fetcher = InspecPlugins::Compliance::Fetcher.new('a/bad/url', config)
+      proc { fetcher.send(:compliance_profile_name) }.must_raise RuntimeError
+    end
+  end
+
+  describe 'when the server is not an automate server (likely a compliance server)' do
+    before do
+      InspecPlugins::Compliance::API.expects(:is_automate_server_pre_080?).with(config).returns(false)
+      InspecPlugins::Compliance::API.expects(:is_automate_server_080_and_later?).with(config).returns(false)
+    end
+
+    it 'returns the correct profile name when the url is correct' do
+      fetcher = InspecPlugins::Compliance::Fetcher.new('myserver/owners/myowner/compliance/myprofile/tar', config)
+      fetcher.send(:compliance_profile_name).must_equal 'myowner/myprofile'
+    end
+
+    it 'raises an exception if the url is malformed' do
+      fetcher = InspecPlugins::Compliance::Fetcher.new('a/bad/url', config)
+      proc { fetcher.send(:compliance_profile_name) }.must_raise RuntimeError
+    end
+  end
+
+  describe 'when the server calls an automate profile' do
+    let(:profiles_result) do
+      [{ 'name'=>'ssh-baseline',
+          'title'=>'InSpec Profile',
+          'maintainer'=>'The Authors',
+          'copyright'=>'The Authors',
+          'copyright_email'=>'you@example.com',
+          'license'=>'Apache-2.0',
+          'summary'=>'An InSpec Compliance Profile',
+          'version'=>'0.1.1',
+          'owner'=>'admin',
+          'supports'=>[],
+          'depends'=>[],
+          'sha256'=>'132j1kjdasfasdoaefaewo12312',
+          'groups'=>[],
+          'controls'=>[],
+          'attributes'=>[],
+          'latest_version'=>'' }]
+    end
+    before do
+      InspecPlugins::Compliance::Configuration.expects(:new).returns({ 'token' => '123abc', 'server' => 'https://a2.instance.com' })
+    end
+
+    it 'returns the correct profile name when parsing url' do
+      InspecPlugins::Compliance::API.stubs(:profiles).returns(['success', profiles_result])
+      fetcher = InspecPlugins::Compliance::Fetcher.resolve('compliance://admin/ssh-baseline')
+      assert = ['admin', 'ssh-baseline', nil]
+      fetcher.instance_variable_get(:"@config")['profile'].must_equal assert
+    end
+
+    it 'returns the correct profile name when parsing compliance hash' do
+      InspecPlugins::Compliance::API.stubs(:profiles).returns(['success', profiles_result])
+      hash = {
+        target: 'https://a2.instance.com/api/v0/compliance/tar',
+        compliance: 'admin/ssh-baseline',
+        sha256: '132j1kjdasfasdoaefaewo12312',
+      }
+      fetcher = InspecPlugins::Compliance::Fetcher.resolve(hash)
+      assert = ['admin', 'ssh-baseline', nil]
+      fetcher.instance_variable_get(:"@config")['profile'].must_equal assert
+    end
+  end
+
+  describe 'when the server provides a sha256 in the profiles_result' do
+    let(:profiles_result) do
+      [{ 'name'=>'ssh-baseline',
+          'title'=>'InSpec Profile',
+          'maintainer'=>'The Authors',
+          'copyright'=>'The Authors',
+          'copyright_email'=>'you@example.com',
+          'license'=>'Apache-2.0',
+          'summary'=>'An InSpec Compliance Profile',
+          'version'=>'0.1.1',
+          'owner'=>'admin',
+          'supports'=>[],
+          'depends'=>[],
+          'sha256'=>'132j1kjdasfasdoaefaewo12312',
+          'groups'=>[],
+          'controls'=>[],
+          'attributes'=>[],
+          'latest_version'=>'' }]
+    end
+
+    before do
+      InspecPlugins::Compliance::Configuration.expects(:new).returns({ 'token' => '123abc', 'server' => 'https://a2.instance.com' })
+    end
+
+    it 'contains the upstream_sha256' do
+      InspecPlugins::Compliance::API.stubs(:profiles).returns(['success', profiles_result])
+      prof = profiles_result[0]
+      target = "compliance://#{prof['owner']}/#{prof['name']}"
+      fetcher = InspecPlugins::Compliance::Fetcher.resolve(target)
+      fetcher.upstream_sha256.must_equal prof['sha256']
+    end
+  end
+end

data/lib/resources/processes.rb

@@ -126,7 +126,7 @@ module Inspec::Resources
     def ps_configuration_for_linux
       if busybox_ps?
         command = 'ps -o pid,vsz,rss,tty,stat,time,ruser,args'
-        regex = /^\s*(\d+)\s+(\d+)\s+(\d+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(.*)$/
+        regex = /^\s*(\d+)\s+(\d+(?:\.\d+)?[gm]?)\s+(\d+(?:\.\d+)?[gm]?)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(.*)$/
         field_map = {
           pid: 1,
           vsz: 2,
@@ -163,6 +163,18 @@ module Inspec::Resources
       @busybox_ps ||= inspec.command('ps --help').stderr.include?('BusyBox')
     end
 
+    def convert_to_kilobytes(param)
+      return param.to_i unless param.is_a?(String)
+
+      if param.end_with?('g')
+        (param[0..-2].to_f * 1024 * 1024).to_i
+      elsif param.end_with?('m')
+        (param[0..-2].to_f * 1024).to_i
+      else
+        param.to_i
+      end
+    end
+
     def build_process_list(command, regex, field_map)
       cmd = inspec.command(command)
       all = cmd.stdout.split("\n")[1..-1]
@@ -187,8 +199,12 @@ module Inspec::Resources
         end
 
         # ensure pid, vsz, and rss are integers for backward compatibility
-        [:pid, :vsz, :rss].each do |int_param|
-          process_data[int_param] = process_data[int_param].to_i if process_data.key?(int_param)
+        process_data[:pid] = process_data[:pid].to_i if process_data.key?(:pid)
+
+        # some ps variants (*cough* busybox) display vsz and rss as human readable MB or GB
+        [:vsz, :rss].each do |param|
+          next unless process_data.key?(param)
+          process_data[param] = convert_to_kilobytes(process_data[param])
         end
 
         # strip any newlines off the command

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 2.3.5
+  version: 2.3.10
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-09-28 00:00:00.000000000 Z
+date: 2018-10-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train
@@ -587,19 +587,11 @@ files:
 - examples/profile/libraries/gordon_config.rb
 - inspec.gemspec
 - lib/bundles/README.md
-- lib/bundles/inspec-compliance.rb
-- lib/bundles/inspec-compliance/.kitchen.yml
-- lib/bundles/inspec-compliance/README.md
 - lib/bundles/inspec-compliance/api.rb
-- lib/bundles/inspec-compliance/api/login.rb
-- lib/bundles/inspec-compliance/bootstrap.sh
-- lib/bundles/inspec-compliance/cli.rb
 - lib/bundles/inspec-compliance/configuration.rb
 - lib/bundles/inspec-compliance/http.rb
-- lib/bundles/inspec-compliance/images/cc-token.png
 - lib/bundles/inspec-compliance/support.rb
 - lib/bundles/inspec-compliance/target.rb
-- lib/bundles/inspec-compliance/test/integration/default/cli.rb
 - lib/bundles/inspec-supermarket.rb
 - lib/bundles/inspec-supermarket/README.md
 - lib/bundles/inspec-supermarket/api.rb
@@ -707,6 +699,21 @@ files:
 - lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb
 - lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb
 - lib/plugins/inspec-artifact/test/functional/inspec_artifact_test.rb
+- lib/plugins/inspec-compliance/README.md
+- lib/plugins/inspec-compliance/lib/inspec-compliance.rb
+- lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb
+- lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb
+- lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb
+- lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb
+- lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb
+- lib/plugins/inspec-compliance/lib/inspec-compliance/images/cc-token.png
+- lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb
+- lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb
+- lib/plugins/inspec-compliance/test/functional/inspec_compliance_test.rb
+- lib/plugins/inspec-compliance/test/integration/default/cli.rb
+- lib/plugins/inspec-compliance/test/unit/api/login_test.rb
+- lib/plugins/inspec-compliance/test/unit/api_test.rb
+- lib/plugins/inspec-compliance/test/unit/target_test.rb
 - lib/plugins/inspec-habitat/lib/inspec-habitat.rb
 - lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb
 - lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb

data/lib/bundles/inspec-compliance.rb

@@ -1,16 +0,0 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-
-libdir = File.dirname(__FILE__)
-$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
-
-module Compliance
-  autoload :Configuration, 'inspec-compliance/configuration'
-  autoload :HTTP, 'inspec-compliance/http'
-  autoload :Support, 'inspec-compliance/support'
-  autoload :API, 'inspec-compliance/api'
-end
-
-require 'inspec-compliance/cli'
-require 'inspec-compliance/target'

data/lib/bundles/inspec-compliance/.kitchen.yml

@@ -1,20 +0,0 @@
----
-driver:
-  name: vagrant
-  synced_folders:
-    - ['../../../', '/inspec']
-  network:
-    - ['private_network', {ip: '192.168.251.2'}]
-
-provisioner:
-  name: shell
-
-verifier:
-  name: inspec
-
-platforms:
-  - name: ubuntu-14.04
-suites:
-  - name: default
-    run_list:
-    attributes:

data/lib/bundles/inspec-compliance/api/login.rb

@@ -1,193 +0,0 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Ricter
-# author: Jerry Aldrich
-
-module Compliance
-  class API
-    module Login
-      class CannotDetermineServerType < StandardError; end
-
-      def login(options)
-        raise ArgumentError, 'Please specify a server using `inspec compliance login https://SERVER`' unless options['server']
-
-        options['server'] = URI("https://#{options['server']}").to_s if URI(options['server']).scheme.nil?
-
-        options['server_type'] = Compliance::API.determine_server_type(options['server'], options['insecure'])
-
-        case options['server_type']
-        when :automate2
-          Login::Automate2Server.login(options)
-        when :automate
-          Login::AutomateServer.login(options)
-        when :compliance
-          Login::ComplianceServer.login(options)
-        else
-          raise CannotDetermineServerType, "Unable to determine if #{options['server']} is a Chef Automate or Chef Compliance server"
-        end
-      end
-
-      module Automate2Server
-        def self.login(options)
-          verify_thor_options(options)
-
-          options['url'] = options['server'] + '/api/v0'
-          token = options['dctoken'] || options['token']
-          store_access_token(options, token)
-        end
-
-        def self.store_access_token(options, token)
-          config = Compliance::Configuration.new
-          config.clean
-
-          config['automate'] = {}
-          config['automate']['ent'] = 'automate'
-          config['automate']['token_type'] = 'dctoken'
-          config['server'] = options['url']
-          config['user'] = options['user']
-          config['owner'] = options['user']
-          config['insecure'] = options['insecure'] || false
-          config['server_type'] = options['server_type'].to_s
-          config['token'] = token
-          config['version'] = '0'
-
-          config.store
-          config
-        end
-
-        def self.verify_thor_options(o)
-          error_msg = []
-
-          error_msg.push('Please specify a user using `--user=\'USER\'`') if o['user'].nil?
-
-          if o['token'].nil? && o['dctoken'].nil?
-            error_msg.push('Please specify a token using `--token=\'APITOKEN\'`')
-          end
-
-          raise ArgumentError, error_msg.join("\n") unless error_msg.empty?
-        end
-      end
-
-      module AutomateServer
-        def self.login(options)
-          verify_thor_options(options)
-
-          options['url'] = options['server'] + '/compliance'
-          token = options['dctoken'] || options['token']
-          store_access_token(options, token)
-        end
-
-        def self.store_access_token(options, token)
-          token_type = if options['token']
-                         'usertoken'
-                       else
-                         'dctoken'
-                       end
-
-          config = Compliance::Configuration.new
-
-          config.clean
-
-          config['automate'] = {}
-          config['automate']['ent'] = options['ent']
-          config['automate']['token_type'] = token_type
-          config['server'] = options['url']
-          config['user'] = options['user']
-          config['insecure'] = options['insecure'] || false
-          config['server_type'] = options['server_type'].to_s
-          config['token'] = token
-          config['version'] = Compliance::API.version(config)
-
-          config.store
-          config
-        end
-
-        # Automate login requires `--ent`, `--user`, and either `--token` or `--dctoken`
-        def self.verify_thor_options(o)
-          error_msg = []
-
-          error_msg.push('Please specify a user using `--user=\'USER\'`') if o['user'].nil?
-          error_msg.push('Please specify an enterprise using `--ent=\'automate\'`') if o['ent'].nil?
-
-          if o['token'].nil? && o['dctoken'].nil?
-            error_msg.push('Please specify a token using `--token=\'AUTOMATE_TOKEN\'` or `--dctoken=\'DATA_COLLECTOR_TOKEN\'`')
-          end
-
-          raise ArgumentError, error_msg.join("\n") unless error_msg.empty?
-        end
-      end
-
-      module ComplianceServer
-        def self.login(options)
-          compliance_verify_thor_options(options)
-
-          options['url'] = options['server'] + '/api'
-
-          if options['user'] && options['token']
-            compliance_store_access_token(options, options['token'])
-          elsif options['user'] && options['password']
-            compliance_login_user_pass(options)
-          elsif options['refresh_token']
-            compliance_login_refresh_token(options)
-          end
-        end
-
-        def self.compliance_login_user_pass(options)
-          success, msg, token = Compliance::API.get_token_via_password(
-            options['url'],
-            options['user'],
-            options['password'],
-            options['insecure'],
-          )
-
-          raise msg unless success
-          compliance_store_access_token(options, token)
-        end
-
-        def self.compliance_login_refresh_token(options)
-          success, msg, token = Compliance::API.get_token_via_refresh_token(
-            options['url'],
-            options['refresh_token'],
-            options['insecure'],
-          )
-
-          raise msg unless success
-          compliance_store_access_token(options, token)
-        end
-
-        def self.compliance_store_access_token(options, token)
-          config = Compliance::Configuration.new
-          config.clean
-
-          config['user'] = options['user'] if options['user']
-          config['server'] = options['url']
-          config['insecure'] = options['insecure'] || false
-          config['server_type'] = options['server_type'].to_s
-          config['token'] = token
-          config['version'] = Compliance::API.version(config)
-
-          config.store
-          config
-        end
-
-        # Compliance login requires `--user` or `--refresh_token`
-        # If `--user` then either `--password`, `--token`, or `--refresh-token`, is required
-        def self.compliance_verify_thor_options(o)
-          error_msg = []
-
-          error_msg.push('Please specify a server using `inspec compliance login https://SERVER`') if o['server'].nil?
-
-          if o['user'].nil? && o['refresh_token'].nil?
-            error_msg.push('Please specify a `--user=\'USER\'` or a `--refresh-token=\'TOKEN\'`')
-          end
-
-          if o['user'] && o['password'].nil? && o['token'].nil? && o['refresh_token'].nil?
-            error_msg.push('Please specify either a `--password`, `--token`, or `--refresh-token`')
-          end
-
-          raise ArgumentError, error_msg.join("\n") unless error_msg.empty?
-        end
-      end
-    end
-  end
-end