inspec 4.18.51 → 4.18.85

data/lib/plugins/inspec-habitat/Berksfile

@@ -1,5 +0,0 @@
-source "https://supermarket.chef.io"
-
-group :integration do
-  cookbook "inspec_habitat_fixture", path: "test/cookbooks/inspec_habitat_fixture/"
-end

data/lib/plugins/inspec-habitat/README.md

@@ -1,150 +0,0 @@
-# InSpec Habitat Plugin
-
-## Summary
-
-This plugin allows you to do the following:
-  1. Add Habitat configuration to a profile
-  2. Create/Upload a Habitat package from an InSpec profile
-
-Creating a [Habitat](https://www.habitat.sh/) package from an InSpec profile
-allows you to execute that profile as a service (via a Habitat Supervisor) on
-any Linux based platform.
-
-When running as a service, an InSpec report will be created in JSON format (by
-default at `/hab/svc/YOUR_SERVICE/logs/inspec_last_run.json`).  Additionally, a
-log of the last run will be located at
-`/hab/svc/YOUR_SERVICE/logs/inspec_log.txt` and CLI output is viewable in
-the Supervisor logs by default. You can also configure this service to report
-to [Chef Automate](https://www.chef.io/automate/).
-
-See below for usage instructions.
-
-## Plugin Usage
-
-### Adding Habitat Configuration to an InSpec Profile
-
-Run the following command:
-
-```
-inspec habitat profile setup PATH
-```
-
-This will create the following files:
-  - habitat/plan.sh (Provides build time instructions to Habitat)
-  - habitat/default.toml (Used to configure the running Habitat service)
-  - habitat/hooks/run (Shell script to execute this profile as a service)
-  - habitat/config/inspec_exec_config.json (JSON for `inspec exec` CLI options)
-
-### Creating a Habitat Package
-
-> This command requires Habitat to be installed and configured. For instructions
-on how to do that see [here](https://www.habitat.sh/docs/install-habitat/).
-
-Run the following command:
-
-```
-inspec habitat profile create PATH
-```
-
-This command will:
-  - Create a Habitat artifact (`.hart` file).
-
-> NOTE: If you are fetching packages from Chef Automate see
-[below](#Integrating-with-Chef-Automate).
-
-### Uploading a Habitat Package
-
-> This command requires Habitat to be installed and configured. For instructions
-on how to do that see [here](https://www.habitat.sh/docs/install-habitat/).
-
-Run the following command:
-
-```
-inspec habitat profile upload PATH
-```
-
-This command will:
-  - Create a Habitat artifact (`.hart` file).
-  - Upload the Habitat artifact to [bldr.habitat.sh](bldr.habitat.sh).
-
-> NOTE: If you are fetching packages from Chef Automate see
-[below](#Integrating-with-Chef-Automate).
-
-## Habitat Package Usage
-
-> This command requires Habitat to be installed and configured. For instructions
-on how to do that see [here](https://www.habitat.sh/docs/install-habitat/).
-
-General usage instructions for using Habitat packages can be found
-[here](https://www.habitat.sh/docs/using-habitat/#Using-Habitat-Packages).
-
-Installing the package from a HART file:
-
-```
-# See Habitat docs for more info. The below is for testing only.
-hab pkg install PATH_TO_CREATED_HART_FILE
-hab sup run YOUR_ORIGIN/inspec-profile-YOUR_PROFILE_NAME
-```
-
-Installing the package from the Public Builder Depot:
-
-```
-# See Habitat docs for more info. The below is for testing only.
-hab pkg install YOUR_ORIGIN/inspec-profile-YOUR_PROFILE_NAME
-hab sup run YOUR_ORIGIN/inspec-profile-YOUR_PROFILE_NAME
-```
-
-## Integrating with Chef Automate
-
-### Fetching Profiles from Chef Automate During Build
-
-Fetching profiles from Chef Automate requires authentication.
-
-Run the following commands prior to creating/uploading your Habitat package:
-
-```
-# Remove -k if you are not using a self-signed certificate
-inspec compliance login -k --user USER --token API_TOKEN https://AUTOMATE_FQDN
-export HAB_STUDIO_SECRET_COMPLIANCE_CREDS=$(cat ~/.inspec/compliance/config.json)
-```
-
-### Sending InSpec Reports to Chef Automate
-
-After running your Habitat package as a service you can configure it to report
-to Chef Automate via a
-[configuration update](https://www.habitat.sh/docs/using-habitat/#config-updates).
-
-For example, create a TOML file (config.toml) that matches the below:
-
-```
-[automate]
-url = 'https://chef-automate.test'
-token = 'TOKEN'
-user = 'admin'
-```
-
-Then apply it like so:
-
-```
-# The '1' here is the config version (increment this with each change)
-hab config apply inspec-profile-PROFILE_NAME.default 1 /path/to/config.toml
-```
-
-This will apply the configuration to all services in the service group. For
-more info on service groups see the
-[Habitat docs](https://www.habitat.sh/docs/using-habitat/#service-groups)
-
-## Testing
-
-Lint, unit, and functional tests are ran from the root of the InSpec source:
-
-```
-bundle exec rake test
-```
-
-To execute the integration tests (Test Kitchen + Vagrant + VirtualBox) run the
-following from the directory containing this README.md:
-
-```
-bundle exec kitchen test
-```

data/lib/plugins/inspec-habitat/kitchen.yml

@@ -1,28 +0,0 @@
----
-driver:
-  name: vagrant
-
-provisioner:
-  name: chef_solo
-  sudo: true
-
-verifier:
-  name: inspec
-
-platforms:
-  - name: ubuntu-18.04
-
-lifecycle:
-  # Build the InSpec gem so it is available to install during `kitchen converge`
-  pre_create:
-    - cd ../../../ && gem build inspec.gemspec
-    - mv ../../../inspec-*.gem test/cookbooks/inspec_habitat_fixture/files/inspec-local.gem
-  post_converge:
-    - local: sleep 10 # Wait for Habitat to load/run hab service before `verify`
-
-suites:
-  - name: default
-    run_list:
-      - recipe[inspec_habitat_fixture]
-    attributes:
-

data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb

@@ -1,11 +0,0 @@
-module InspecPlugins
-  module Habitat
-    class Plugin < Inspec.plugin(2)
-      plugin_name :'inspec-habitat'
-      cli_command :habitat do
-        require_relative "inspec-habitat/cli"
-        InspecPlugins::Habitat::CLI
-      end
-    end
-  end
-end

data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb

@@ -1,41 +0,0 @@
-require_relative "profile"
-require "inspec/dist"
-
-module InspecPlugins
-  module Habitat
-    class ProfileCLI < Inspec.plugin(2, :cli_command)
-      # Override banner method to correct missing subcommand.
-      # @see https://github.com/erikhuda/thor/issues/261
-      def self.banner(command, _namespace = nil, _subcommand = false)
-        "#{basename} habitat profile #{command.usage}"
-      end
-
-      desc "create PATH", "Create a Habitat artifact for the profile found at PATH"
-      option :output_dir, type: :string, required: false,
-        desc: "Output directory for the Habitat artifact. Default: current directory"
-      def create(path = ".")
-        InspecPlugins::Habitat::Profile.new(path, options).create
-      end
-
-      desc "setup PATH", "Configure the profile at PATH for Habitat, including a plan and hooks"
-      def setup(path = ".")
-        InspecPlugins::Habitat::Profile.new(path, options).setup
-      end
-
-      desc "upload PATH", "Create then upload a Habitat artifact for the profile found at PATH to the Habitat Builder Depot"
-      def upload(path = ".")
-        InspecPlugins::Habitat::Profile.new(path, options).upload
-      end
-    end
-
-    class CLI < Inspec.plugin(2, :cli_command)
-      include Inspec::Dist
-
-      subcommand_desc "habitat SUBCOMMAND", "Manage Habitat with #{PRODUCT_NAME}"
-      namespace "habitat"
-
-      desc "profile", "Manage #{PRODUCT_NAME} profiles as Habitat artifacts"
-      subcommand "profile", ProfileCLI
-    end
-  end
-end

data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb

@@ -1,265 +0,0 @@
-require "inspec/profile_vendor"
-require "mixlib/shellout"
-require "tomlrb"
-require "ostruct"
-require "inspec/dist"
-
-module InspecPlugins
-  module Habitat
-    class Profile
-      include Inspec::Dist
-
-      attr_reader :logger
-      def initialize(path, options = {})
-        @path    = path
-        @options = options
-        @logger  = Inspec::Log
-        logger.level(options.fetch(:log_level, "info").to_sym)
-      end
-
-      def create
-        logger.info("Creating a Habitat artifact for '#{@path}'...")
-
-        # Need to create working directory first so `ensure` doesn't error
-        working_dir = create_working_dir
-
-        habitat_config = read_habitat_config
-        verify_habitat_setup(habitat_config)
-
-        output_dir = @options[:output_dir] || Dir.pwd
-        unless File.directory?(output_dir)
-          exit_with_error("Output directory #{output_dir} is not a directory " \
-                          "or does not exist.")
-        end
-
-        duplicated_profile = duplicate_profile(@path, working_dir)
-        prepare_profile!(duplicated_profile)
-
-        hart_file = build_hart(working_dir, habitat_config)
-
-        logger.debug("Copying artifact to #{output_dir}...")
-        destination = File.join(output_dir, File.basename(hart_file))
-        FileUtils.cp(hart_file, destination)
-
-        logger.info("Habitat artifact '#{@destination}' created.")
-        destination
-      rescue => e
-        logger.debug(e.backtrace.join("\n"))
-        exit_with_error("Unable to create Habitat artifact.")
-      ensure
-        if Dir.exist?(working_dir)
-          logger.debug("Deleting working directory #{working_dir}")
-          FileUtils.rm_rf(working_dir)
-        end
-      end
-
-      def setup(profile = profile_from_path(@path))
-        path = profile.root_path
-        logger.debug("Setting up #{path} for Habitat...")
-
-        plan_file = File.join(path, "habitat", "plan.sh")
-        logger.info("Generating Habitat plan at #{plan_file}...")
-        vars = {
-          profile: profile,
-          habitat_origin: read_habitat_config["origin"],
-        }
-        create_file_from_template(plan_file, "plan.sh.erb", vars)
-      end
-
-      def upload
-        habitat_config = read_habitat_config
-
-        if habitat_config["auth_token"].nil?
-          exit_with_error(
-            "Unable to determine Habitat auth token for uploading.",
-            "Run `hab setup` or set the HAB_AUTH_TOKEN environment variable."
-          )
-        end
-
-        # Run create command to create habitat artifact
-        hart = create
-
-        logger.info("Uploading Habitat artifact #{hart}...")
-        upload_hart(hart, habitat_config)
-        logger.info("Habitat artifact #{hart} uploaded.")
-      rescue => e
-        logger.debug(e.backtrace.join("\n"))
-        exit_with_error("Unable to upload Habitat artifact.")
-      end
-
-      private
-
-      def create_working_dir
-        working_dir = Dir.mktmpdir
-        logger.debug("Generated working directory #{working_dir}")
-        working_dir
-      end
-
-      def duplicate_profile(path, working_dir)
-        profile = profile_from_path(path)
-        copy_profile_to_working_dir(profile, working_dir)
-        profile_from_path(working_dir)
-      end
-
-      def prepare_profile!(profile)
-        vendored_profile = vendor_profile_dependencies!(profile)
-        verify_profile(vendored_profile)
-        setup(vendored_profile)
-      end
-
-      def profile_from_path(path)
-        Inspec::Profile.for_target(
-          path,
-          backend: Inspec::Backend.create(Inspec::Config.mock)
-        )
-      end
-
-      def copy_profile_to_working_dir(profile, working_dir)
-        logger.debug("Copying profile contents to the working directory...")
-        profile.files.each do |profile_file|
-          next if File.extname(profile_file) == ".hart"
-
-          src = File.join(profile.root_path, profile_file)
-          dst = File.join(working_dir, profile_file)
-          if File.directory?(profile_file)
-            logger.debug("Creating directory #{dst}")
-            FileUtils.mkdir_p(dst)
-          else
-            logger.debug("Copying file #{src} to #{dst}")
-            FileUtils.cp_r(src, dst)
-          end
-        end
-      end
-
-      def verify_profile(profile)
-        logger.debug("Checking to see if the profile is valid...")
-
-        unless profile.check[:summary][:valid]
-          exit_with_error("Profile check failed. Please fix the profile " \
-                          "before creating a Habitat artifact.")
-        end
-
-        logger.debug("Profile is valid.")
-      end
-
-      def vendor_profile_dependencies!(profile)
-        profile_vendor = Inspec::ProfileVendor.new(profile.root_path)
-        if profile_vendor.lockfile.exist? && profile_vendor.cache_path.exist?
-          logger.debug("Profile's dependencies are already vendored, skipping " \
-                    "vendor process.")
-        else
-          logger.debug("Vendoring the profile's dependencies...")
-          profile_vendor.vendor!
-
-          logger.debug("Ensuring all vendored content has read permissions...")
-          profile_vendor.make_readable
-        end
-
-        # Return new profile since it has changed
-        Inspec::Profile.for_target(
-          profile.root_path,
-          backend: Inspec::Backend.create(Inspec::Config.mock)
-        )
-      end
-
-      def verify_habitat_setup(habitat_config)
-        logger.debug("Checking to see if Habitat is installed...")
-        cmd = Mixlib::ShellOut.new("hab --version")
-        cmd.run_command
-        if cmd.error?
-          exit_with_error("Unable to run Habitat commands.", cmd.stderr)
-        end
-
-        if habitat_config["origin"].nil?
-          exit_with_error(
-            "Unable to determine Habitat origin name.",
-            "Run `hab setup` or set the HAB_ORIGIN environment variable."
-          )
-        end
-      end
-
-      def create_file_from_template(file, template, vars = {})
-        FileUtils.mkdir_p(File.dirname(file))
-        template_path = File.join(__dir__, "../../templates/habitat", template)
-        contents = ERB.new(File.read(template_path))
-          .result(OpenStruct.new(vars).instance_eval { binding })
-        File.write(file, contents)
-      end
-
-      def build_hart(working_dir, habitat_config)
-        logger.debug("Building our Habitat artifact...")
-
-        env = {
-          "TERM" => "vt100",
-          "HAB_ORIGIN" => habitat_config["origin"],
-          "HAB_NONINTERACTIVE" => "true",
-        }
-
-        env["RUST_LOG"] = "debug" if logger.level == :debug
-
-        # TODO: Would love to use Mixlib::ShellOut here, but it doesn't
-        # seem to preserve the STDIN tty, and docker gets angry.
-        Dir.chdir(working_dir) do
-          unless system(env, "hab pkg build .")
-            exit_with_error("Unable to build the Habitat artifact.")
-          end
-        end
-
-        hart_files = Dir.glob(File.join(working_dir, "results", "*.hart"))
-
-        if hart_files.length > 1
-          exit_with_error("More than one Habitat artifact was created which " \
-                          "was not expected.")
-        elsif hart_files.empty?
-          exit_with_error("No Habitat artifact was created.")
-        end
-
-        hart_files.first
-      end
-
-      def upload_hart(hart_file, habitat_config)
-        logger.debug("Uploading '#{hart_file}' to the Habitat Builder Depot...")
-
-        config = habitat_config
-
-        env = {
-          "HAB_AUTH_TOKEN" => config["auth_token"],
-          "HAB_NONINTERACTIVE" => "true",
-          "HAB_ORIGIN" => config["origin"],
-          "TERM" => "vt100",
-        }
-
-        env["HAB_DEPOT_URL"] = ENV["HAB_DEPOT_URL"] if ENV["HAB_DEPOT_URL"]
-
-        cmd = Mixlib::ShellOut.new("hab pkg upload #{hart_file}", env: env)
-        cmd.run_command
-        if cmd.error?
-          exit_with_error(
-            "Unable to upload Habitat artifact to the Depot.",
-            cmd.stdout,
-            cmd.stderr
-          )
-        end
-
-        logger.debug("Upload complete!")
-      end
-
-      def read_habitat_config
-        cli_toml = File.join(ENV["HOME"], ".hab", "etc", "cli.toml")
-        cli_toml = "/hab/etc/cli.toml" unless File.exist?(cli_toml)
-        cli_config = File.exist?(cli_toml) ? Tomlrb.load_file(cli_toml) : {}
-        cli_config["origin"] ||= ENV["HAB_ORIGIN"]
-        cli_config["auth_token"] ||= ENV["HAB_AUTH_TOKEN"]
-        cli_config
-      end
-
-      def exit_with_error(*errors)
-        errors.each do |error_msg|
-          logger.error(error_msg)
-        end
-
-        exit 1
-      end
-    end
-  end
-end