inspec 4.3.2 → 4.6.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +36 -38
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/inspec.gemspec +38 -39
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-artifact/test/functional/inspec_artifact_test.rb +12 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-compliance/test/functional/inspec_compliance_test.rb +12 -14
- data/lib/plugins/inspec-compliance/test/integration/default/cli.rb +39 -41
- data/lib/plugins/inspec-compliance/test/unit/api/login_test.rb +64 -64
- data/lib/plugins/inspec-compliance/test/unit/api_test.rb +157 -156
- data/lib/plugins/inspec-compliance/test/unit/target_test.rb +85 -85
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/Berksfile +1 -1
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/metadata.rb +8 -8
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/recipes/default.rb +17 -17
- data/lib/plugins/inspec-habitat/test/functional/inspec_habitat_test.rb +9 -8
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/controls/inspec_habitat.rb +14 -14
- data/lib/plugins/inspec-habitat/test/support/example_profile/controls/example.rb +4 -4
- data/lib/plugins/inspec-habitat/test/unit/profile_test.rb +42 -41
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/functional/inspec_plugin_template_test.rb +5 -5
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/helper.rb +1 -3
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/cli_args_test.rb +2 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/plugin_def_test.rb +2 -2
- data/lib/plugins/inspec-init/templates/profiles/aws/controls/example.rb +10 -11
- data/lib/plugins/inspec-init/templates/profiles/azure/controls/example.rb +4 -5
- data/lib/plugins/inspec-init/templates/profiles/gcp/controls/example.rb +10 -11
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-init/test/functional/inspec_init_plugin_test.rb +51 -50
- data/lib/plugins/inspec-init/test/functional/inspec_init_profile_test.rb +35 -33
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/inspec-plugin-manager-cli/test/fixtures/plugins/wrong-name/lib/wrong-name.rb +1 -1
- data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +281 -271
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +41 -41
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/plugin_def_test.rb +25 -6
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/resource_support/aws.rb +67 -67
- data/lib/resource_support/aws/aws_plural_resource_mixin.rb +4 -1
- data/lib/resource_support/aws/aws_resource_mixin.rb +4 -3
- data/lib/resource_support/aws/aws_singular_resource_mixin.rb +4 -1
- data/lib/resources/aws/aws_billing_report.rb +15 -8
- data/lib/resources/aws/aws_billing_reports.rb +10 -7
- data/lib/resources/aws/aws_cloudtrail_trail.rb +9 -5
- data/lib/resources/aws/aws_cloudtrail_trails.rb +9 -5
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +9 -5
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +12 -8
- data/lib/resources/aws/aws_config_delivery_channel.rb +13 -9
- data/lib/resources/aws/aws_config_recorder.rb +10 -6
- data/lib/resources/aws/aws_ebs_volume.rb +12 -8
- data/lib/resources/aws/aws_ebs_volumes.rb +9 -5
- data/lib/resources/aws/aws_ec2_instance.rb +14 -11
- data/lib/resources/aws/aws_ec2_instances.rb +9 -5
- data/lib/resources/aws/aws_ecs_cluster.rb +11 -7
- data/lib/resources/aws/aws_eks_cluster.rb +13 -9
- data/lib/resources/aws/aws_elb.rb +9 -5
- data/lib/resources/aws/aws_elbs.rb +9 -5
- data/lib/resources/aws/aws_flow_log.rb +17 -13
- data/lib/resources/aws/aws_iam_access_key.rb +15 -11
- data/lib/resources/aws/aws_iam_access_keys.rb +19 -15
- data/lib/resources/aws/aws_iam_group.rb +9 -5
- data/lib/resources/aws/aws_iam_groups.rb +9 -5
- data/lib/resources/aws/aws_iam_password_policy.rb +13 -10
- data/lib/resources/aws/aws_iam_policies.rb +9 -5
- data/lib/resources/aws/aws_iam_policy.rb +16 -12
- data/lib/resources/aws/aws_iam_role.rb +9 -5
- data/lib/resources/aws/aws_iam_root_user.rb +12 -8
- data/lib/resources/aws/aws_iam_user.rb +12 -12
- data/lib/resources/aws/aws_iam_users.rb +10 -10
- data/lib/resources/aws/aws_kms_key.rb +12 -8
- data/lib/resources/aws/aws_kms_keys.rb +9 -5
- data/lib/resources/aws/aws_rds_instance.rb +11 -8
- data/lib/resources/aws/aws_route_table.rb +11 -7
- data/lib/resources/aws/aws_route_tables.rb +10 -6
- data/lib/resources/aws/aws_s3_bucket.rb +14 -11
- data/lib/resources/aws/aws_s3_bucket_object.rb +12 -9
- data/lib/resources/aws/aws_s3_buckets.rb +9 -7
- data/lib/resources/aws/aws_security_group.rb +16 -12
- data/lib/resources/aws/aws_security_groups.rb +12 -8
- data/lib/resources/aws/aws_sns_subscription.rb +15 -11
- data/lib/resources/aws/aws_sns_topic.rb +10 -6
- data/lib/resources/aws/aws_sns_topics.rb +9 -5
- data/lib/resources/aws/aws_sqs_queue.rb +18 -14
- data/lib/resources/aws/aws_subnet.rb +11 -7
- data/lib/resources/aws/aws_subnets.rb +9 -5
- data/lib/resources/aws/aws_vpc.rb +10 -6
- data/lib/resources/aws/aws_vpcs.rb +9 -5
- data/lib/resources/azure/azure_backend.rb +20 -18
- data/lib/resources/azure/azure_generic_resource.rb +13 -15
- data/lib/resources/azure/azure_resource_group.rb +17 -19
- data/lib/resources/azure/azure_virtual_machine.rb +6 -8
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +6 -8
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +141 -142
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
|
@@ -1,19 +1,21 @@
|
|
|
1
|
-
|
|
1
|
+
require "inspec/dist"
|
|
2
2
|
|
|
3
3
|
module InspecPlugins
|
|
4
4
|
module Compliance
|
|
5
5
|
class API
|
|
6
6
|
module Login
|
|
7
|
+
include Inspec::Dist
|
|
8
|
+
|
|
7
9
|
class CannotDetermineServerType < StandardError; end
|
|
8
10
|
|
|
9
11
|
def login(options)
|
|
10
|
-
raise ArgumentError,
|
|
12
|
+
raise ArgumentError, "Please specify a server using `#{EXEC_NAME} compliance login https://SERVER`" unless options["server"]
|
|
11
13
|
|
|
12
|
-
options[
|
|
14
|
+
options["server"] = URI("https://#{options['server']}").to_s if URI(options["server"]).scheme.nil?
|
|
13
15
|
|
|
14
|
-
options[
|
|
16
|
+
options["server_type"] = InspecPlugins::Compliance::API.determine_server_type(options["server"], options["insecure"])
|
|
15
17
|
|
|
16
|
-
case options[
|
|
18
|
+
case options["server_type"]
|
|
17
19
|
when :automate2
|
|
18
20
|
Login::Automate2Server.login(options)
|
|
19
21
|
when :automate
|
|
@@ -21,7 +23,7 @@ module InspecPlugins
|
|
|
21
23
|
when :compliance
|
|
22
24
|
Login::ComplianceServer.login(options)
|
|
23
25
|
else
|
|
24
|
-
raise CannotDetermineServerType, "Unable to determine if #{options['server']} is a
|
|
26
|
+
raise CannotDetermineServerType, "Unable to determine if #{options['server']} is a #{AUTOMATE_PRODUCT_NAME} or #{COMPLIANCE_PRODUCT_NAME} server"
|
|
25
27
|
end
|
|
26
28
|
end
|
|
27
29
|
|
|
@@ -29,8 +31,8 @@ module InspecPlugins
|
|
|
29
31
|
def self.login(options)
|
|
30
32
|
verify_thor_options(options)
|
|
31
33
|
|
|
32
|
-
options[
|
|
33
|
-
token = options[
|
|
34
|
+
options["url"] = options["server"] + "/api/v0"
|
|
35
|
+
token = options["dctoken"] || options["token"]
|
|
34
36
|
store_access_token(options, token)
|
|
35
37
|
end
|
|
36
38
|
|
|
@@ -38,16 +40,16 @@ module InspecPlugins
|
|
|
38
40
|
config = InspecPlugins::Compliance::Configuration.new
|
|
39
41
|
config.clean
|
|
40
42
|
|
|
41
|
-
config[
|
|
42
|
-
config[
|
|
43
|
-
config[
|
|
44
|
-
config[
|
|
45
|
-
config[
|
|
46
|
-
config[
|
|
47
|
-
config[
|
|
48
|
-
config[
|
|
49
|
-
config[
|
|
50
|
-
config[
|
|
43
|
+
config["automate"] = {}
|
|
44
|
+
config["automate"]["ent"] = "automate"
|
|
45
|
+
config["automate"]["token_type"] = "dctoken"
|
|
46
|
+
config["server"] = options["url"]
|
|
47
|
+
config["user"] = options["user"]
|
|
48
|
+
config["owner"] = options["user"]
|
|
49
|
+
config["insecure"] = options["insecure"] || false
|
|
50
|
+
config["server_type"] = options["server_type"].to_s
|
|
51
|
+
config["token"] = token
|
|
52
|
+
config["version"] = "0"
|
|
51
53
|
|
|
52
54
|
config.store
|
|
53
55
|
config
|
|
@@ -56,10 +58,10 @@ module InspecPlugins
|
|
|
56
58
|
def self.verify_thor_options(o)
|
|
57
59
|
error_msg = []
|
|
58
60
|
|
|
59
|
-
error_msg.push(
|
|
61
|
+
error_msg.push("Please specify a user using `--user='USER'`") if o["user"].nil?
|
|
60
62
|
|
|
61
|
-
if o[
|
|
62
|
-
error_msg.push(
|
|
63
|
+
if o["token"].nil? && o["dctoken"].nil?
|
|
64
|
+
error_msg.push("Please specify a token using `--token='APITOKEN'`")
|
|
63
65
|
end
|
|
64
66
|
|
|
65
67
|
raise ArgumentError, error_msg.join("\n") unless error_msg.empty?
|
|
@@ -70,31 +72,31 @@ module InspecPlugins
|
|
|
70
72
|
def self.login(options)
|
|
71
73
|
verify_thor_options(options)
|
|
72
74
|
|
|
73
|
-
options[
|
|
74
|
-
token = options[
|
|
75
|
+
options["url"] = options["server"] + "/compliance"
|
|
76
|
+
token = options["dctoken"] || options["token"]
|
|
75
77
|
store_access_token(options, token)
|
|
76
78
|
end
|
|
77
79
|
|
|
78
80
|
def self.store_access_token(options, token)
|
|
79
|
-
token_type = if options[
|
|
80
|
-
|
|
81
|
+
token_type = if options["token"]
|
|
82
|
+
"usertoken"
|
|
81
83
|
else
|
|
82
|
-
|
|
84
|
+
"dctoken"
|
|
83
85
|
end
|
|
84
86
|
|
|
85
87
|
config = InspecPlugins::Compliance::Configuration.new
|
|
86
88
|
|
|
87
89
|
config.clean
|
|
88
90
|
|
|
89
|
-
config[
|
|
90
|
-
config[
|
|
91
|
-
config[
|
|
92
|
-
config[
|
|
93
|
-
config[
|
|
94
|
-
config[
|
|
95
|
-
config[
|
|
96
|
-
config[
|
|
97
|
-
config[
|
|
91
|
+
config["automate"] = {}
|
|
92
|
+
config["automate"]["ent"] = options["ent"]
|
|
93
|
+
config["automate"]["token_type"] = token_type
|
|
94
|
+
config["server"] = options["url"]
|
|
95
|
+
config["user"] = options["user"]
|
|
96
|
+
config["insecure"] = options["insecure"] || false
|
|
97
|
+
config["server_type"] = options["server_type"].to_s
|
|
98
|
+
config["token"] = token
|
|
99
|
+
config["version"] = InspecPlugins::Compliance::API.version(config)
|
|
98
100
|
|
|
99
101
|
config.store
|
|
100
102
|
config
|
|
@@ -104,11 +106,11 @@ module InspecPlugins
|
|
|
104
106
|
def self.verify_thor_options(o)
|
|
105
107
|
error_msg = []
|
|
106
108
|
|
|
107
|
-
error_msg.push(
|
|
108
|
-
error_msg.push(
|
|
109
|
+
error_msg.push("Please specify a user using `--user='USER'`") if o["user"].nil?
|
|
110
|
+
error_msg.push("Please specify an enterprise using `--ent='automate'`") if o["ent"].nil?
|
|
109
111
|
|
|
110
|
-
if o[
|
|
111
|
-
error_msg.push(
|
|
112
|
+
if o["token"].nil? && o["dctoken"].nil?
|
|
113
|
+
error_msg.push("Please specify a token using `--token='AUTOMATE_TOKEN'` or `--dctoken='DATA_COLLECTOR_TOKEN'`")
|
|
112
114
|
end
|
|
113
115
|
|
|
114
116
|
raise ArgumentError, error_msg.join("\n") unless error_msg.empty?
|
|
@@ -116,26 +118,28 @@ module InspecPlugins
|
|
|
116
118
|
end
|
|
117
119
|
|
|
118
120
|
module ComplianceServer
|
|
121
|
+
include Inspec::Dist
|
|
122
|
+
|
|
119
123
|
def self.login(options)
|
|
120
124
|
compliance_verify_thor_options(options)
|
|
121
125
|
|
|
122
|
-
options[
|
|
126
|
+
options["url"] = options["server"] + "/api"
|
|
123
127
|
|
|
124
|
-
if options[
|
|
125
|
-
compliance_store_access_token(options, options[
|
|
126
|
-
elsif options[
|
|
128
|
+
if options["user"] && options["token"]
|
|
129
|
+
compliance_store_access_token(options, options["token"])
|
|
130
|
+
elsif options["user"] && options["password"]
|
|
127
131
|
compliance_login_user_pass(options)
|
|
128
|
-
elsif options[
|
|
132
|
+
elsif options["refresh_token"]
|
|
129
133
|
compliance_login_refresh_token(options)
|
|
130
134
|
end
|
|
131
135
|
end
|
|
132
136
|
|
|
133
137
|
def self.compliance_login_user_pass(options)
|
|
134
138
|
success, msg, token = InspecPlugins::Compliance::API.get_token_via_password(
|
|
135
|
-
options[
|
|
136
|
-
options[
|
|
137
|
-
options[
|
|
138
|
-
options[
|
|
139
|
+
options["url"],
|
|
140
|
+
options["user"],
|
|
141
|
+
options["password"],
|
|
142
|
+
options["insecure"]
|
|
139
143
|
)
|
|
140
144
|
|
|
141
145
|
raise msg unless success
|
|
@@ -144,9 +148,9 @@ module InspecPlugins
|
|
|
144
148
|
|
|
145
149
|
def self.compliance_login_refresh_token(options)
|
|
146
150
|
success, msg, token = InspecPlugins::Compliance::API.get_token_via_refresh_token(
|
|
147
|
-
options[
|
|
148
|
-
options[
|
|
149
|
-
options[
|
|
151
|
+
options["url"],
|
|
152
|
+
options["refresh_token"],
|
|
153
|
+
options["insecure"]
|
|
150
154
|
)
|
|
151
155
|
|
|
152
156
|
raise msg unless success
|
|
@@ -157,12 +161,12 @@ module InspecPlugins
|
|
|
157
161
|
config = InspecPlugins::Compliance::Configuration.new
|
|
158
162
|
config.clean
|
|
159
163
|
|
|
160
|
-
config[
|
|
161
|
-
config[
|
|
162
|
-
config[
|
|
163
|
-
config[
|
|
164
|
-
config[
|
|
165
|
-
config[
|
|
164
|
+
config["user"] = options["user"] if options["user"]
|
|
165
|
+
config["server"] = options["url"]
|
|
166
|
+
config["insecure"] = options["insecure"] || false
|
|
167
|
+
config["server_type"] = options["server_type"].to_s
|
|
168
|
+
config["token"] = token
|
|
169
|
+
config["version"] = InspecPlugins::Compliance::API.version(config)
|
|
166
170
|
|
|
167
171
|
config.store
|
|
168
172
|
config
|
|
@@ -173,14 +177,14 @@ module InspecPlugins
|
|
|
173
177
|
def self.compliance_verify_thor_options(o)
|
|
174
178
|
error_msg = []
|
|
175
179
|
|
|
176
|
-
error_msg.push(
|
|
180
|
+
error_msg.push("Please specify a server using `#{EXEC_NAME} compliance login https://SERVER`") if o["server"].nil?
|
|
177
181
|
|
|
178
|
-
if o[
|
|
179
|
-
error_msg.push(
|
|
182
|
+
if o["user"].nil? && o["refresh_token"].nil?
|
|
183
|
+
error_msg.push("Please specify a `--user='USER'` or a `--refresh-token='TOKEN'`")
|
|
180
184
|
end
|
|
181
185
|
|
|
182
|
-
if o[
|
|
183
|
-
error_msg.push(
|
|
186
|
+
if o["user"] && o["password"].nil? && o["token"].nil? && o["refresh_token"].nil?
|
|
187
|
+
error_msg.push("Please specify either a `--password`, `--token`, or `--refresh-token`")
|
|
184
188
|
end
|
|
185
189
|
|
|
186
190
|
raise ArgumentError, error_msg.join("\n") unless error_msg.empty?
|
|
@@ -1,16 +1,18 @@
|
|
|
1
|
-
|
|
1
|
+
require "inspec/dist"
|
|
2
2
|
|
|
3
|
-
require_relative
|
|
3
|
+
require_relative "api"
|
|
4
4
|
|
|
5
5
|
module InspecPlugins
|
|
6
6
|
module Compliance
|
|
7
7
|
class CLI < Inspec.plugin(2, :cli_command)
|
|
8
|
-
|
|
8
|
+
include Inspec::Dist
|
|
9
|
+
|
|
10
|
+
subcommand_desc "compliance SUBCOMMAND", "#{COMPLIANCE_PRODUCT_NAME} commands"
|
|
9
11
|
|
|
10
12
|
# desc "login https://SERVER --insecure --user='USER' --ent='ENTERPRISE' --token='TOKEN'", 'Log in to a Chef Compliance/Chef Automate SERVER'
|
|
11
|
-
desc
|
|
13
|
+
desc "login", "Log in to a #{COMPLIANCE_PRODUCT_NAME}/#{AUTOMATE_PRODUCT_NAME} SERVER"
|
|
12
14
|
long_desc <<-LONGDESC
|
|
13
|
-
`login` allows you to use InSpec with
|
|
15
|
+
`login` allows you to use InSpec with #{AUTOMATE_PRODUCT_NAME} or a #{COMPLIANCE_PRODUCT_NAME} Server
|
|
14
16
|
|
|
15
17
|
You need to a token for communication. More information about token retrieval
|
|
16
18
|
is available at:
|
|
@@ -20,54 +22,54 @@ module InspecPlugins
|
|
|
20
22
|
option :insecure, aliases: :k, type: :boolean,
|
|
21
23
|
desc: 'Explicitly allows InSpec to perform "insecure" SSL connections and transfers'
|
|
22
24
|
option :user, type: :string, required: false,
|
|
23
|
-
desc:
|
|
25
|
+
desc: "Username"
|
|
24
26
|
option :password, type: :string, required: false,
|
|
25
|
-
desc:
|
|
27
|
+
desc: "Password (#{COMPLIANCE_PRODUCT_NAME} Only)"
|
|
26
28
|
option :token, type: :string, required: false,
|
|
27
|
-
desc:
|
|
29
|
+
desc: "Access token"
|
|
28
30
|
option :refresh_token, type: :string, required: false,
|
|
29
|
-
desc:
|
|
31
|
+
desc: "#{COMPLIANCE_PRODUCT_NAME} refresh token (#{COMPLIANCE_PRODUCT_NAME} Only)"
|
|
30
32
|
option :dctoken, type: :string, required: false,
|
|
31
|
-
desc:
|
|
33
|
+
desc: "Data Collector token (#{AUTOMATE_PRODUCT_NAME} Only)"
|
|
32
34
|
option :ent, type: :string, required: false,
|
|
33
|
-
desc:
|
|
35
|
+
desc: "Enterprise for #{AUTOMATE_PRODUCT_NAME} reporting (#{AUTOMATE_PRODUCT_NAME} Only)"
|
|
34
36
|
def login(server)
|
|
35
|
-
options[
|
|
37
|
+
options["server"] = server
|
|
36
38
|
InspecPlugins::Compliance::API.login(options)
|
|
37
39
|
config = InspecPlugins::Compliance::Configuration.new
|
|
38
40
|
puts "Stored configuration for Chef #{config['server_type'].capitalize}: #{config['server']}' with user: '#{config['user']}'"
|
|
39
41
|
end
|
|
40
42
|
|
|
41
|
-
desc
|
|
43
|
+
desc "profiles", "list all available profiles in #{COMPLIANCE_PRODUCT_NAME}"
|
|
42
44
|
option :owner, type: :string, required: false,
|
|
43
|
-
desc:
|
|
45
|
+
desc: "owner whose profiles to list"
|
|
44
46
|
def profiles
|
|
45
47
|
config = InspecPlugins::Compliance::Configuration.new
|
|
46
48
|
return if !loggedin(config)
|
|
47
49
|
|
|
48
50
|
# set owner to config
|
|
49
|
-
config[
|
|
51
|
+
config["owner"] = options["owner"] || config["user"]
|
|
50
52
|
|
|
51
53
|
msg, profiles = InspecPlugins::Compliance::API.profiles(config)
|
|
52
|
-
profiles.sort_by! { |hsh| hsh[
|
|
54
|
+
profiles.sort_by! { |hsh| hsh["title"] }
|
|
53
55
|
if !profiles.empty?
|
|
54
56
|
# iterate over profiles
|
|
55
|
-
headline(
|
|
56
|
-
profiles.each
|
|
57
|
-
owner = profile[
|
|
57
|
+
headline("Available profiles:")
|
|
58
|
+
profiles.each do |profile|
|
|
59
|
+
owner = profile["owner_id"] || profile["owner"]
|
|
58
60
|
li("#{profile['title']} v#{profile['version']} (#{mark_text(owner + '/' + profile['name'])})")
|
|
59
|
-
|
|
61
|
+
end
|
|
60
62
|
else
|
|
61
|
-
puts msg if msg !=
|
|
62
|
-
puts
|
|
63
|
+
puts msg if msg != "success"
|
|
64
|
+
puts "Could not find any profiles"
|
|
63
65
|
exit 1
|
|
64
66
|
end
|
|
65
67
|
rescue InspecPlugins::Compliance::ServerConfigurationMissing
|
|
66
|
-
|
|
68
|
+
$stderr.puts "\nServer configuration information is missing. Please login using `#{EXEC_NAME} compliance login`"
|
|
67
69
|
exit 1
|
|
68
70
|
end
|
|
69
71
|
|
|
70
|
-
desc
|
|
72
|
+
desc "exec PROFILE", "executes a #{COMPLIANCE_PRODUCT_NAME} profile"
|
|
71
73
|
exec_options
|
|
72
74
|
def exec(*tests)
|
|
73
75
|
config = InspecPlugins::Compliance::Configuration.new
|
|
@@ -77,7 +79,7 @@ module InspecPlugins
|
|
|
77
79
|
configure_logger(o)
|
|
78
80
|
|
|
79
81
|
# iterate over tests and add compliance scheme
|
|
80
|
-
tests = tests.map { |t|
|
|
82
|
+
tests = tests.map { |t| "compliance://" + InspecPlugins::Compliance::API.sanitize_profile_name(t) }
|
|
81
83
|
|
|
82
84
|
runner = Inspec::Runner.new(o)
|
|
83
85
|
tests.each { |target| runner.add_target(target) }
|
|
@@ -88,9 +90,9 @@ module InspecPlugins
|
|
|
88
90
|
exit 1
|
|
89
91
|
end
|
|
90
92
|
|
|
91
|
-
desc
|
|
93
|
+
desc "download PROFILE", "downloads a profile from #{COMPLIANCE_PRODUCT_NAME}"
|
|
92
94
|
option :name, type: :string,
|
|
93
|
-
desc:
|
|
95
|
+
desc: "Name of the archive filename (file type will be added)"
|
|
94
96
|
def download(profile_name)
|
|
95
97
|
o = options.dup
|
|
96
98
|
configure_logger(o)
|
|
@@ -105,30 +107,30 @@ module InspecPlugins
|
|
|
105
107
|
fetcher = InspecPlugins::Compliance::Fetcher.resolve(
|
|
106
108
|
{
|
|
107
109
|
compliance: profile_name,
|
|
108
|
-
}
|
|
110
|
+
}
|
|
109
111
|
)
|
|
110
112
|
|
|
111
113
|
# we provide a name, the fetcher adds the extension
|
|
112
|
-
_owner, id = profile_name.split(
|
|
114
|
+
_owner, id = profile_name.split("/")
|
|
113
115
|
file_name = fetcher.fetch(o.name || id)
|
|
114
116
|
puts "Profile stored to #{file_name}"
|
|
115
117
|
else
|
|
116
|
-
puts "Profile #{profile_name} is not available in
|
|
118
|
+
puts "Profile #{profile_name} is not available in #{COMPLIANCE_PRODUCT_NAME}."
|
|
117
119
|
exit 1
|
|
118
120
|
end
|
|
119
121
|
end
|
|
120
122
|
|
|
121
|
-
desc
|
|
123
|
+
desc "upload PATH", "uploads a local profile to #{COMPLIANCE_PRODUCT_NAME}"
|
|
122
124
|
option :overwrite, type: :boolean, default: false,
|
|
123
|
-
desc:
|
|
125
|
+
desc: "Overwrite existing profile on Server."
|
|
124
126
|
option :owner, type: :string, required: false,
|
|
125
|
-
desc:
|
|
127
|
+
desc: "Owner that should own the profile"
|
|
126
128
|
def upload(path) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, PerceivedComplexity, Metrics/CyclomaticComplexity
|
|
127
129
|
config = InspecPlugins::Compliance::Configuration.new
|
|
128
130
|
return if !loggedin(config)
|
|
129
131
|
|
|
130
132
|
# set owner to config
|
|
131
|
-
config[
|
|
133
|
+
config["owner"] = options["owner"] || config["user"]
|
|
132
134
|
|
|
133
135
|
unless File.exist?(path)
|
|
134
136
|
puts "Directory #{path} does not exist."
|
|
@@ -157,14 +159,14 @@ module InspecPlugins
|
|
|
157
159
|
|
|
158
160
|
result = profile.check
|
|
159
161
|
unless result[:summary][:valid]
|
|
160
|
-
error.call(
|
|
162
|
+
error.call("Profile check failed. Please fix the profile before upload.")
|
|
161
163
|
else
|
|
162
|
-
puts(
|
|
164
|
+
puts("Profile is valid")
|
|
163
165
|
end
|
|
164
166
|
|
|
165
167
|
# determine user information
|
|
166
|
-
if (config[
|
|
167
|
-
error.call(
|
|
168
|
+
if (config["token"].nil? && config["refresh_token"].nil?) || config["user"].nil?
|
|
169
|
+
error.call("Please login via `#{EXEC_NAME} compliance login`")
|
|
168
170
|
end
|
|
169
171
|
|
|
170
172
|
# read profile name from inspec.yml
|
|
@@ -175,8 +177,8 @@ module InspecPlugins
|
|
|
175
177
|
|
|
176
178
|
# check that the profile is not uploaded already,
|
|
177
179
|
# confirm upload to the user (overwrite with --force)
|
|
178
|
-
if InspecPlugins::Compliance::API.exist?(config, "#{config['owner']}/#{profile_name}##{profile_version}") && !options[
|
|
179
|
-
error.call(
|
|
180
|
+
if InspecPlugins::Compliance::API.exist?(config, "#{config['owner']}/#{profile_name}##{profile_version}") && !options["overwrite"]
|
|
181
|
+
error.call("Profile exists on the server, use --overwrite")
|
|
180
182
|
end
|
|
181
183
|
|
|
182
184
|
# abort if we found an error
|
|
@@ -189,7 +191,7 @@ module InspecPlugins
|
|
|
189
191
|
generated = false
|
|
190
192
|
if File.directory?(path)
|
|
191
193
|
generated = true
|
|
192
|
-
archive_path = Dir::Tmpname.create([profile_name,
|
|
194
|
+
archive_path = Dir::Tmpname.create([profile_name, ".tar.gz"]) {}
|
|
193
195
|
puts "Generate temporary profile archive at #{archive_path}"
|
|
194
196
|
profile.archive({ output: archive_path, ignore_errors: false, overwrite: true })
|
|
195
197
|
else
|
|
@@ -200,62 +202,62 @@ module InspecPlugins
|
|
|
200
202
|
pname = ERB::Util.url_encode(profile_name)
|
|
201
203
|
|
|
202
204
|
if InspecPlugins::Compliance::API.is_automate_server?(config) || InspecPlugins::Compliance::API.is_automate2_server?(config)
|
|
203
|
-
puts
|
|
205
|
+
puts "Uploading to #{AUTOMATE_PRODUCT_NAME}"
|
|
204
206
|
else
|
|
205
|
-
puts
|
|
207
|
+
puts "Uploading to #{COMPLIANCE_PRODUCT_NAME}"
|
|
206
208
|
end
|
|
207
|
-
success, msg = InspecPlugins::Compliance::API.upload(config, config[
|
|
209
|
+
success, msg = InspecPlugins::Compliance::API.upload(config, config["owner"], pname, archive_path)
|
|
208
210
|
|
|
209
211
|
# delete temp file if it was temporary generated
|
|
210
212
|
File.delete(archive_path) if generated && File.exist?(archive_path)
|
|
211
213
|
|
|
212
214
|
if success
|
|
213
|
-
puts
|
|
215
|
+
puts "Successfully uploaded profile"
|
|
214
216
|
else
|
|
215
|
-
puts
|
|
217
|
+
puts "Error during profile upload:"
|
|
216
218
|
puts msg
|
|
217
219
|
exit 1
|
|
218
220
|
end
|
|
219
221
|
end
|
|
220
222
|
|
|
221
|
-
desc
|
|
223
|
+
desc "version", "displays the version of the #{COMPLIANCE_PRODUCT_NAME} server"
|
|
222
224
|
def version
|
|
223
225
|
config = InspecPlugins::Compliance::Configuration.new
|
|
224
226
|
info = InspecPlugins::Compliance::API.version(config)
|
|
225
|
-
if !info.nil? && info[
|
|
227
|
+
if !info.nil? && info["version"]
|
|
226
228
|
puts "Name: #{info['api']}"
|
|
227
229
|
puts "Version: #{info['version']}"
|
|
228
230
|
else
|
|
229
|
-
puts
|
|
231
|
+
puts "Could not determine server version."
|
|
230
232
|
exit 1
|
|
231
233
|
end
|
|
232
234
|
rescue InspecPlugins::Compliance::ServerConfigurationMissing
|
|
233
|
-
puts "\nServer configuration information is missing. Please login using
|
|
235
|
+
puts "\nServer configuration information is missing. Please login using `#{EXEC_NAME} compliance login`"
|
|
234
236
|
exit 1
|
|
235
237
|
end
|
|
236
238
|
|
|
237
|
-
desc
|
|
239
|
+
desc "logout", "user logout from #{COMPLIANCE_PRODUCT_NAME}"
|
|
238
240
|
def logout
|
|
239
241
|
config = InspecPlugins::Compliance::Configuration.new
|
|
240
|
-
unless config.supported?(:oidc) || config[
|
|
242
|
+
unless config.supported?(:oidc) || config["token"].nil? || config["server_type"] == "automate"
|
|
241
243
|
config = InspecPlugins::Compliance::Configuration.new
|
|
242
244
|
url = "#{config['server']}/logout"
|
|
243
|
-
InspecPlugins::Compliance::HTTP.post(url, config[
|
|
245
|
+
InspecPlugins::Compliance::HTTP.post(url, config["token"], config["insecure"], !config.supported?(:oidc))
|
|
244
246
|
end
|
|
245
247
|
success = config.destroy
|
|
246
248
|
|
|
247
249
|
if success
|
|
248
|
-
puts
|
|
250
|
+
puts "Successfully logged out"
|
|
249
251
|
else
|
|
250
|
-
puts
|
|
252
|
+
puts "Could not log out"
|
|
251
253
|
end
|
|
252
254
|
end
|
|
253
255
|
|
|
254
256
|
private
|
|
255
257
|
|
|
256
258
|
def loggedin(config)
|
|
257
|
-
serverknown = !config[
|
|
258
|
-
puts
|
|
259
|
+
serverknown = !config["server"].nil?
|
|
260
|
+
puts "You need to login first with `#{EXEC_NAME} compliance login`" if !serverknown
|
|
259
261
|
serverknown
|
|
260
262
|
end
|
|
261
263
|
end
|