inspec 4.3.2 → 4.6.3

data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb

@@ -1,5 +1,5 @@
-# encoding: utf-8
-require_relative 'base'
+require_relative "base"
+require "inspec/dist"
 
 #
 # Notes:
@@ -73,39 +73,41 @@ require_relative 'base'
 module InspecPlugins
   module Artifact
     class CLI < Inspec.plugin(2, :cli_command)
-      subcommand_desc 'artifact SUBCOMMAND', 'Manage InSpec Artifacts'
+      include Inspec::Dist
 
-      desc 'generate', 'Generate a RSA key pair for signing and verification'
+      subcommand_desc "artifact SUBCOMMAND", "Manage #{PRODUCT_NAME} Artifacts"
+
+      desc "generate", "Generate a RSA key pair for signing and verification"
       option :keyname, type: :string, required: true,
-        desc: 'Desriptive name of key'
-      option :keydir, type: :string, default: './',
-        desc: 'Directory to search for keys'
+        desc: "Desriptive name of key"
+      option :keydir, type: :string, default: "./",
+        desc: "Directory to search for keys"
       def generate_keys
-        puts 'Generating keys'
+        puts "Generating keys"
         InspecPlugins::Artifact::Base.keygen(options)
       end
 
-      desc 'sign-profile', 'Create a signed .iaf artifact'
+      desc "sign-profile", "Create a signed .iaf artifact"
       option :profile, type: :string, required: true,
-        desc: 'Path to profile directory'
+        desc: "Path to profile directory"
       option :keyname, type: :string, required: true,
-        desc: 'Desriptive name of key'
+        desc: "Desriptive name of key"
       def sign_profile
         InspecPlugins::Artifact::Base.profile_sign(options)
       end
 
-      desc 'verify-profile', 'Verify a signed .iaf artifact'
+      desc "verify-profile", "Verify a signed .iaf artifact"
       option :infile, type: :string, required: true,
-          desc: '.iaf file to verify'
+          desc: ".iaf file to verify"
       def verify_profile
         InspecPlugins::Artifact::Base.profile_verify(options)
       end
 
-      desc 'install-profile', 'Verify and install a signed .iaf artifact'
+      desc "install-profile", "Verify and install a signed .iaf artifact"
       option :infile, type: :string, required: true,
-          desc: '.iaf file to install'
+          desc: ".iaf file to install"
       option :destdir, type: :string, required: true,
-        desc: 'Installation directory'
+        desc: "Installation directory"
       def install_profile
         InspecPlugins::Artifact::Base.profile_install(options)
       end

data/lib/plugins/inspec-artifact/test/functional/inspec_artifact_test.rb

@@ -1,12 +1,14 @@
-# encoding: utf-8
+require_relative "../../../shared/core_plugin_test_helper.rb"
+require "fileutils"
+require "securerandom"
 
-require_relative '../../../shared/core_plugin_test_helper.rb'
-require 'fileutils'
-require 'securerandom'
-
-class ArtifactCli < MiniTest::Test
+class ArtifactCli < Minitest::Test
   include CorePluginFunctionalHelper
 
+  before do
+    skip_windows!
+  end
+
   def test_generating_archive_keys
     Dir.mktmpdir do |dir|
       unique_key_name = SecureRandom.uuid()
@@ -14,8 +16,8 @@ class ArtifactCli < MiniTest::Test
       assert_equal 0, out.exit_status
 
       stdout = out.stdout.force_encoding(Encoding::UTF_8)
-      assert_includes stdout, 'Generating private key'
-      assert_includes stdout, 'Generating public key'
+      assert_includes stdout, "Generating private key"
+      assert_includes stdout, "Generating public key"
     end
   end
 
@@ -23,11 +25,10 @@ class ArtifactCli < MiniTest::Test
     Dir.mktmpdir do |dir|
       unique_key_name = SecureRandom.uuid()
       install_dir = File.join(dir, SecureRandom.uuid())
-      profile = File.join(dir, 'profile')
       FileUtils.mkdir(install_dir)
 
       # create profile
-      profile = File.join(dir, 'artifact-profile')
+      profile = File.join(dir, "artifact-profile")
       run_inspec_process("init profile artifact-profile", prefix: "cd #{dir} &&")
 
       out = run_inspec_process("artifact generate --keyname #{unique_key_name}", prefix: "cd #{dir} &&")
@@ -40,7 +41,7 @@ class ArtifactCli < MiniTest::Test
       assert_equal 0, out.exit_status
 
       assert_includes out.stdout.force_encoding(Encoding::UTF_8), "Installing to #{install_dir}"
-      assert_includes Dir.entries(install_dir).join, 'inspec.yml'
+      assert_includes Dir.entries(install_dir).join, "inspec.yml"
     end
   end
 end

data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb

@@ -4,7 +4,7 @@ module InspecPlugins
       plugin_name :'inspec-compliance'
 
       cli_command :compliance do
-        require_relative 'inspec-compliance/cli'
+        require_relative "inspec-compliance/cli"
         InspecPlugins::Compliance::CLI
       end
     end

data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb

@@ -1,14 +1,13 @@
-# encoding: utf-8
+require "net/http"
+require "uri"
+require "json"
+require "inspec/dist"
 
-require 'net/http'
-require 'uri'
-require 'json'
-
-require_relative 'api/login'
-require_relative 'configuration'
-require_relative 'http'
-require_relative 'target'
-require_relative 'support'
+require_relative "api/login"
+require_relative "configuration"
+require_relative "http"
+require_relative "target"
+require_relative "support"
 
 module InspecPlugins
   module Compliance
@@ -17,13 +16,14 @@ module InspecPlugins
     # API Implementation does not hold any state by itself,
     # everything will be stored in local Configuration store
     class API
+      include Inspec::Dist
       extend InspecPlugins::Compliance::API::Login
 
       # return all compliance profiles available for the user
       # the user is either specified in the options hash or by default
       # the username of the account is used that is logged in
       def self.profiles(config, profile_filter = nil) # rubocop:disable PerceivedComplexity, Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/MethodLength
-        owner = config['owner'] || config['user']
+        owner = config["owner"] || config["user"]
 
         # Chef Compliance
         if is_compliance_server?(config)
@@ -47,43 +47,43 @@ module InspecPlugins
 
         if is_automate2_server?(config)
           body = { owner: owner, name: id }.to_json
-          response = InspecPlugins::Compliance::HTTP.post_with_headers(url, headers, body, config['insecure'])
+          response = InspecPlugins::Compliance::HTTP.post_with_headers(url, headers, body, config["insecure"])
         else
-          response = InspecPlugins::Compliance::HTTP.get(url, headers, config['insecure'])
+          response = InspecPlugins::Compliance::HTTP.get(url, headers, config["insecure"])
         end
         data = response.body
         response_code = response.code
         case response_code
-        when '200'
-          msg = 'success'
+        when "200"
+          msg = "success"
           profiles = JSON.parse(data)
           # iterate over profiles
           if is_compliance_server?(config)
             mapped_profiles = []
-            profiles.values.each { |org|
+            profiles.values.each do |org|
               mapped_profiles += org.values
-            }
+            end
           # Chef Automate pre 0.8.0
           elsif is_automate_server_pre_080?(config)
             mapped_profiles = profiles.values.flatten
           elsif is_automate2_server?(config)
             mapped_profiles = []
-            profiles['profiles'].each { |p|
+            profiles["profiles"].each do |p|
               mapped_profiles << p
-            }
+            end
           else
-            mapped_profiles = profiles.map { |e|
-              e['owner_id'] = owner
+            mapped_profiles = profiles.map do |e|
+              e["owner_id"] = owner
               e
-            }
+            end
           end
           # filter by name and version if they were specified in profile_filter
           mapped_profiles.select! do |p|
-            (!ver || p['version'] == ver) && (!id || p['name'] == id)
+            (!ver || p["version"] == ver) && (!id || p["name"] == id)
           end
           return msg, mapped_profiles
-        when '401'
-          msg = '401 Unauthorized. Please check your token.'
+        when "401"
+          msg = "401 Unauthorized. Please check your token."
           return msg, []
         else
           msg = "An unexpected error occurred (HTTP #{response_code}): #{response.message}"
@@ -95,20 +95,20 @@ module InspecPlugins
       # NB this method does not use Compliance::Configuration to allow for using
       # it before we know the version (e.g. oidc or not)
       def self.version(config)
-        url = config['server']
-        insecure = config['insecure']
+        url = config["server"]
+        insecure = config["insecure"]
 
         raise ServerConfigurationMissing if url.nil?
 
         headers = get_headers(config)
-        response = InspecPlugins::Compliance::HTTP.get(url+'/version', headers, insecure)
-        return {} if response.code == '404'
+        response = InspecPlugins::Compliance::HTTP.get(url + "/version", headers, insecure)
+        return {} if response.code == "404"
 
         data = response.body
         return {} if data.nil? || data.empty?
 
         parsed = JSON.parse(data)
-        return {} unless parsed.key?('version') && !parsed['version'].empty?
+        return {} unless parsed.key?("version") && !parsed["version"].empty?
 
         parsed
       end
@@ -135,9 +135,9 @@ module InspecPlugins
 
         headers = get_headers(config)
         if is_automate2_server?(config)
-          res = InspecPlugins::Compliance::HTTP.post_multipart_file(url, headers, archive_path, config['insecure'])
+          res = InspecPlugins::Compliance::HTTP.post_multipart_file(url, headers, archive_path, config["insecure"])
         else
-          res = InspecPlugins::Compliance::HTTP.post_file(url, headers, archive_path, config['insecure'])
+          res = InspecPlugins::Compliance::HTTP.post_file(url, headers, archive_path, config["insecure"])
         end
 
         [res.is_a?(Net::HTTPSuccess), res.body]
@@ -151,11 +151,11 @@ module InspecPlugins
         access_token = nil
         response = InspecPlugins::Compliance::HTTP.send_request(uri, req, insecure)
         data = response.body
-        if response.code == '200'
+        if response.code == "200"
           begin
             tokendata = JSON.parse(data)
-            access_token = tokendata['access_token']
-            msg = 'Successfully fetched API access token'
+            access_token = tokendata["access_token"]
+            msg = "Successfully fetched API access token"
             success = true
           rescue JSON::ParserError => e
             success = false
@@ -178,9 +178,9 @@ module InspecPlugins
         access_token = nil
         response = InspecPlugins::Compliance::HTTP.send_request(uri, req, insecure)
         data = response.body
-        if response.code == '200'
+        if response.code == "200"
           access_token = data
-          msg = 'Successfully fetched an API access token valid for 12 hours'
+          msg = "Successfully fetched an API access token valid for 12 hours"
           success = true
         else
           success = false
@@ -194,22 +194,22 @@ module InspecPlugins
       def self.get_headers(config)
         token = get_token(config)
         if is_automate_server?(config) || is_automate2_server?(config)
-          headers = { 'chef-delivery-enterprise' => config['automate']['ent'] }
-          if config['automate']['token_type'] == 'dctoken'
-            headers['x-data-collector-token'] = token
+          headers = { "chef-delivery-enterprise" => config["automate"]["ent"] }
+          if config["automate"]["token_type"] == "dctoken"
+            headers["x-data-collector-token"] = token
           else
-            headers['chef-delivery-user'] = config['user']
-            headers['chef-delivery-token'] = token
+            headers["chef-delivery-user"] = config["user"]
+            headers["chef-delivery-token"] = token
           end
         else
-          headers = { 'Authorization' => "Bearer #{token}" }
+          headers = { "Authorization" => "Bearer #{token}" }
         end
         headers
       end
 
       def self.get_token(config)
-        return config['token'] unless config['refresh_token']
-        _success, _msg, token = get_token_via_refresh_token(config['server'], config['refresh_token'], config['insecure'])
+        return config["token"] unless config["refresh_token"]
+        _success, _msg, token = get_token_via_refresh_token(config["server"], config["refresh_token"], config["insecure"])
         token
       end
 
@@ -227,52 +227,52 @@ module InspecPlugins
       end
 
       def self.profile_split(profile)
-        owner, id = profile.split('/')
-        id, version = id.split('#')
+        owner, id = profile.split("/")
+        id, version = id.split("#")
         [owner, id, version]
       end
 
       # returns a parsed url for `admin/profile` or `compliance://admin/profile`
       def self.sanitize_profile_name(profile)
-        if URI(profile).scheme == 'compliance'
+        if URI(profile).scheme == "compliance"
           uri = URI(profile)
         else
           uri = URI("compliance://#{profile}")
         end
-        uri.to_s.sub(%r{^compliance:\/\/}, '')
+        uri.to_s.sub(%r{^compliance:\/\/}, "")
       end
 
       def self.is_compliance_server?(config)
-        config['server_type'] == 'compliance'
+        config["server_type"] == "compliance"
       end
 
       def self.is_automate_server_pre_080?(config)
         # Automate versions before 0.8.x do not have a valid version in the config
-        return false unless config['server_type'] == 'automate'
+        return false unless config["server_type"] == "automate"
         server_version_from_config(config).nil?
       end
 
       def self.is_automate_server_080_and_later?(config)
         # Automate versions 0.8.x and later will have a "version" key in the config
         # that is properly parsed out via server_version_from_config below
-        return false unless config['server_type'] == 'automate'
+        return false unless config["server_type"] == "automate"
         !server_version_from_config(config).nil?
       end
 
       def self.is_automate2_server?(config)
-        config['server_type'] == 'automate2'
+        config["server_type"] == "automate2"
       end
 
       def self.is_automate_server?(config)
-        config['server_type'] == 'automate'
+        config["server_type"] == "automate"
       end
 
       def self.server_version_from_config(config)
         # Automate versions 0.8.x and later will have a "version" key in the config
         # that looks like: "version":{"api":"compliance","version":"0.8.24"}
-        return nil unless config.key?('version')
-        return nil unless config['version'].is_a?(Hash)
-        config['version']['version']
+        return nil unless config.key?("version")
+        return nil unless config["version"].is_a?(Hash)
+        config["version"]["version"]
       end
 
       def self.determine_server_type(url, insecure)
@@ -283,18 +283,18 @@ module InspecPlugins
         elsif target_is_compliance_server?(url, insecure)
           :compliance
         else
-          Inspec::Log.debug('Could not determine server type using known endpoints')
+          Inspec::Log.debug("Could not determine server type using known endpoints")
           nil
         end
       end
 
       def self.target_is_automate2_server?(url, insecure)
-        automate_endpoint = '/dex/auth'
+        automate_endpoint = "/dex/auth"
         response = InspecPlugins::Compliance::HTTP.get(url + automate_endpoint, nil, insecure)
-        if response.code == '400'
+        if response.code == "400"
           Inspec::Log.debug(
             "Received 400 from #{url}#{automate_endpoint} - " \
-            'assuming target is a Chef Automate2 instance',
+            "assuming target is a #{AUTOMATE_PRODUCT_NAME}2 instance"
           )
           true
         else
@@ -303,30 +303,30 @@ module InspecPlugins
       end
 
       def self.target_is_automate_server?(url, insecure)
-        automate_endpoint = '/compliance/version'
+        automate_endpoint = "/compliance/version"
         response = InspecPlugins::Compliance::HTTP.get(url + automate_endpoint, nil, insecure)
         case response.code
-        when '401'
+        when "401"
           Inspec::Log.debug(
             "Received 401 from #{url}#{automate_endpoint} - " \
-            'assuming target is a Chef Automate instance',
+            "assuming target is a #{AUTOMATE_PRODUCT_NAME} instance"
           )
           true
-        when '200'
+        when "200"
           # Chef Automate currently returns 401 for `/compliance/version` but some
           # versions of OpsWorks Chef Automate return 200 and a Chef Manage page
           # when unauthenticated requests are received.
-          if response.body.include?('Are You Looking For the Chef Server?')
+          if response.body.include?("Are You Looking For the #{SERVER_PRODUCT_NAME}?")
             Inspec::Log.debug(
               "Received 200 from #{url}#{automate_endpoint} - " \
-              'assuming target is an OpsWorks Chef Automate instance',
+              "assuming target is an #{AUTOMATE_PRODUCT_NAME} instance"
             )
             true
           else
             Inspec::Log.debug(
               "Received 200 from #{url}#{automate_endpoint} " \
-              'but did not receive the Chef Manage page - ' \
-              'assuming target is not a Chef Automate instance',
+              "but did not receive the Chef Manage page - " \
+              "assuming target is not a #{AUTOMATE_PRODUCT_NAME} instance"
             )
             false
           end
@@ -334,7 +334,7 @@ module InspecPlugins
           Inspec::Log.debug(
             "Received unexpected status code #{response.code} " \
             "from #{url}#{automate_endpoint} - " \
-            'assuming target is not a Chef Automate instance',
+            "assuming target is not a #{AUTOMATE_PRODUCT_NAME} instance"
           )
           false
         end
@@ -342,14 +342,14 @@ module InspecPlugins
 
       def self.target_is_compliance_server?(url, insecure)
         # All versions of Chef Compliance return 200 for `/api/version`
-        compliance_endpoint = '/api/version'
+        compliance_endpoint = "/api/version"
 
         response = InspecPlugins::Compliance::HTTP.get(url + compliance_endpoint, nil, insecure)
-        return false unless response.code == '200'
+        return false unless response.code == "200"
 
         Inspec::Log.debug(
           "Received 200 from #{url}#{compliance_endpoint} - " \
-          'assuming target is a Compliance server',
+          "assuming target is a #{COMPLIANCE_PRODUCT_NAME} server"
         )
         true
       end