inspec 4.3.2 → 4.6.3

data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb

@@ -1,17 +1,17 @@
-# encoding: utf-8
+require "inspec/globals"
 
 module InspecPlugins
   module Compliance
     # stores configuration on local filesystem
     class Configuration
       def initialize
-        @config_path = File.join(Inspec.config_dir, 'compliance')
+        @config_path = File.join(Inspec.config_dir, "compliance")
         # ensure the directory is available
         unless File.directory?(@config_path)
           FileUtils.mkdir_p(@config_path)
         end
         # set config file path
-        @config_file = File.join(@config_path, '/config.json')
+        @config_file = File.join(@config_path, "/config.json")
         @config = {}
 
         # load the data
@@ -46,7 +46,7 @@ module InspecPlugins
 
       # stores a hash to json
       def store
-        File.open(@config_file, 'w') do |f|
+        File.open(@config_file, "w") do |f|
           f.chmod(0600)
           f.write(@config.to_json)
         end
@@ -66,13 +66,13 @@ module InspecPlugins
         sup = version_with_support(feature)
 
         # we do not know the version, therefore we do not know if its possible to use the feature
-        return if self['version'].nil? || self['version']['version'].nil?
+        return if self["version"].nil? || self["version"]["version"].nil?
 
         if sup.is_a?(Array)
-          Gem::Version.new(self['version']['version']) >= sup[0] &&
-            Gem::Version.new(self['version']['version']) < sup[1]
+          Gem::Version.new(self["version"]["version"]) >= sup[0] &&
+            Gem::Version.new(self["version"]["version"]) < sup[1]
         else
-          Gem::Version.new(self['version']['version']) >= sup
+          Gem::Version.new(self["version"]["version"]) >= sup
         end
       end
 
@@ -81,7 +81,7 @@ module InspecPlugins
         return if supported?(feature)
 
         puts "This feature (#{feature}) is not available for legacy installations."
-        puts 'Please upgrade to a recent version of Chef Compliance.'
+        puts "Please upgrade to a recent version of Chef Compliance."
         exit 1
       end
 
@@ -93,9 +93,9 @@ module InspecPlugins
       def version_with_support(feature)
         case feature.to_sym
         when :oidc
-          Gem::Version.new('0.16.19')
+          Gem::Version.new("0.16.19")
         else
-          Gem::Version.new('0.0.0')
+          Gem::Version.new("0.0.0")
         end
       end
     end

data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb

@@ -1,8 +1,6 @@
-# encoding: utf-8
-
-require 'net/http'
-require 'net/http/post/multipart'
-require 'uri'
+require "net/http"
+require "net/http/post/multipart"
+require "uri"
 
 module InspecPlugins
   module Compliance
@@ -24,11 +22,11 @@ module InspecPlugins
         uri = _parse_url(url)
         req = Net::HTTP::Post.new(uri.path)
         if basic_auth
-          req.basic_auth token, ''
+          req.basic_auth token, ""
         else
-          req['Authorization'] = "Bearer #{token}"
+          req["Authorization"] = "Bearer #{token}"
         end
-        req.form_data={}
+        req.form_data = {}
 
         send_request(uri, req, insecure)
       end
@@ -50,7 +48,7 @@ module InspecPlugins
         http = Net::HTTP.new(uri.host, uri.port)
 
         # set connection flags
-        http.use_ssl = (uri.scheme == 'https')
+        http.use_ssl = (uri.scheme == "https")
         http.verify_mode = OpenSSL::SSL::VERIFY_NONE if insecure
 
         req = Net::HTTP::Post.new(uri.path)
@@ -58,13 +56,13 @@ module InspecPlugins
           req.add_field(key, value)
         end
 
-        req.body_stream=File.open(file_path, 'rb')
-        req.add_field('Content-Length', File.size(file_path))
-        req.add_field('Content-Type', 'application/x-gzip')
+        req.body_stream = File.open(file_path, "rb")
+        req.add_field("Content-Length", File.size(file_path))
+        req.add_field("Content-Type", "application/x-gzip")
 
-        boundary = 'INSPEC-PROFILE-UPLOAD'
-        req.add_field('session', boundary)
-        res=http.request(req)
+        boundary = "INSPEC-PROFILE-UPLOAD"
+        req.add_field("session", boundary)
+        res = http.request(req)
         res
       end
 
@@ -74,11 +72,11 @@ module InspecPlugins
         http = Net::HTTP.new(uri.host, uri.port)
 
         # set connection flags
-        http.use_ssl = (uri.scheme == 'https')
+        http.use_ssl = (uri.scheme == "https")
         http.verify_mode = OpenSSL::SSL::VERIFY_NONE if insecure
 
         File.open(file_path) do |tar|
-          req = Net::HTTP::Post::Multipart.new(uri, 'file' => UploadIO.new(tar, 'application/x-gzip', File.basename(file_path)))
+          req = Net::HTTP::Post::Multipart.new(uri, "file" => UploadIO.new(tar, "application/x-gzip", File.basename(file_path)))
           headers.each do |key, value|
             req.add_field(key, value)
           end
@@ -90,20 +88,20 @@ module InspecPlugins
       # sends a http requests
       def self.send_request(uri, req, insecure)
         opts = {
-          use_ssl: uri.scheme == 'https',
+          use_ssl: uri.scheme == "https",
         }
         opts[:verify_mode] = OpenSSL::SSL::VERIFY_NONE if insecure
 
         raise "Unable to parse URI: #{uri}" if uri.nil? || uri.host.nil?
-        res = Net::HTTP.start(uri.host, uri.port, opts) { |http|
+        res = Net::HTTP.start(uri.host, uri.port, opts) do |http|
           http.request(req)
-        }
+        end
         res
       rescue OpenSSL::SSL::SSLError => e
-        raise e unless e.message.include? 'certificate verify failed'
+        raise e unless e.message.include? "certificate verify failed"
 
         puts "Error: Failed to connect to #{uri}."
-        puts 'If the server uses a self-signed certificate, please re-run the login command with the --insecure option.'
+        puts "If the server uses a self-signed certificate, please re-run the login command with the --insecure option."
         exit 1
       end
 

data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb

@@ -1,5 +1,3 @@
-# encoding: utf-8
-
 module InspecPlugins
   module Compliance
     # is a helper that provides information which version of compliance supports
@@ -11,9 +9,9 @@ module InspecPlugins
       def self.version_with_support(feature)
         case feature.to_sym
         when :oidc # open id connect authentication
-          Gem::Version.new('0.16.19')
+          Gem::Version.new("0.16.19")
         else
-          Gem::Version.new('0.0.0')
+          Gem::Version.new("0.0.0")
         end
       end
 

data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb

@@ -1,8 +1,7 @@
-# encoding: utf-8
-
-require 'uri'
-require 'inspec/fetcher'
-require 'inspec/errors'
+require "uri"
+require "inspec/fetcher"
+require "inspec/errors"
+require "inspec/dist"
 
 # InSpec Target Helper for Chef Compliance
 # reuses UrlHelper, but it knows the target server and the access token already
@@ -10,13 +9,15 @@ require 'inspec/errors'
 module InspecPlugins
   module Compliance
     class Fetcher < Fetchers::Url
-      name 'compliance'
+      include Inspec::Dist
+
+      name "compliance"
       priority 500
       attr_reader :upstream_sha256
 
       def initialize(target, opts)
         super(target, opts)
-        @upstream_sha256 = ''
+        @upstream_sha256 = ""
         if target.is_a?(Hash) && target.key?(:url)
           @target = target[:url]
           @upstream_sha256 = target[:sha256]
@@ -30,16 +31,16 @@ module InspecPlugins
       end
 
       def self.check_compliance_token(uri, config)
-        if config['token'].nil? && config['refresh_token'].nil?
-          if config['server_type'] == 'automate'
-            server = 'automate'
-            msg = 'inspec compliance login https://your_automate_server --user USER --ent ENT --dctoken DCTOKEN or --token USERTOKEN'
-          elsif config['server_type'] == 'automate2'
-            server = 'automate2'
-            msg = 'inspec compliance login https://your_automate2_server --user USER --token APITOKEN'
+        if config["token"].nil? && config["refresh_token"].nil?
+          if config["server_type"] == "automate"
+            server = "automate"
+            msg = "#{EXEC_NAME} compliance login https://your_automate_server --user USER --ent ENT --dctoken DCTOKEN or --token USERTOKEN"
+          elsif config["server_type"] == "automate2"
+            server = "automate2"
+            msg = "#{EXEC_NAME} compliance login https://your_automate2_server --user USER --token APITOKEN"
           else
-            server = 'compliance'
-            msg = "inspec compliance login https://your_compliance_server --user admin --insecure --token 'PASTE TOKEN HERE' "
+            server = "compliance"
+            msg = "#{EXEC_NAME} compliance login https://your_compliance_server --user admin --insecure --token 'PASTE TOKEN HERE' "
           end
           raise Inspec::FetcherFailure, <<~EOF
 
@@ -54,7 +55,7 @@ module InspecPlugins
       end
 
       def self.get_target_uri(target)
-        if target.is_a?(String) && URI(target).scheme == 'compliance'
+        if target.is_a?(String) && URI(target).scheme == "compliance"
           URI(target)
         elsif target.respond_to?(:key?) && target.key?(:compliance)
           URI("compliance://#{target[:compliance]}")
@@ -84,16 +85,16 @@ module InspecPlugins
             # If version was specified, it will be the first and only result.
             # Note we are calling the sha256 as a string, not a symbol since
             # it was returned as json from the Compliance API.
-            profile_info = profile_result.sort_by { |x| Gem::Version.new(x['version']) }[0]
-            profile_checksum = profile_info.key?('sha256') ? profile_info['sha256'] : ''
+            profile_info = profile_result.sort_by { |x| Gem::Version.new(x["version"]) }[0]
+            profile_checksum = profile_info.key?("sha256") ? profile_info["sha256"] : ""
           end
         end
         # We need to pass the token to the fetcher
-        config['token'] = InspecPlugins::Compliance::API.get_token(config)
+        config["token"] = InspecPlugins::Compliance::API.get_token(config)
 
         # Needed for automate2 post request
         profile_stub = profile || target[:compliance]
-        config['profile'] = InspecPlugins::Compliance::API.profile_split(profile_stub)
+        config["profile"] = InspecPlugins::Compliance::API.profile_split(profile_stub)
 
         new({ url: profile_fetch_url, sha256: profile_checksum }, config)
       rescue URI::Error => _e
@@ -111,7 +112,7 @@ module InspecPlugins
       end
 
       def to_s
-        'Chef Compliance Profile Loader'
+        "#{COMPLIANCE_PRODUCT_NAME} Profile Loader"
       end
 
       private
@@ -128,13 +129,15 @@ module InspecPlugins
 
         if InspecPlugins::Compliance::API.is_automate2_server?(@config)
           m = {}
-          m[:owner] = @config['profile'][0]
-          m[:id] = @config['profile'][1]
+          m[:owner] = @config["profile"][0]
+          m[:id] = @config["profile"][1]
         end
 
-        raise 'Unable to determine compliance profile name. This can be caused by ' \
-          'an incorrect server in your configuration. Try to login to compliance ' \
-          'via the `inspec compliance login` command.' if m.nil?
+        if m.nil?
+          raise "Unable to determine compliance profile name. This can be caused by " \
+            "an incorrect server in your configuration. Try to login to compliance " \
+            "via the `#{EXEC_NAME} compliance login` command."
+        end
 
         "#{m[:owner]}/#{m[:id]}"
       end

data/lib/plugins/inspec-compliance/test/functional/inspec_compliance_test.rb

@@ -1,43 +1,41 @@
-# encoding: utf-8
+require_relative "../../../shared/core_plugin_test_helper.rb"
 
-require_relative '../../../shared/core_plugin_test_helper.rb'
-
-class ComplianceCli < MiniTest::Test
+class ComplianceCli < Minitest::Test
   include CorePluginFunctionalHelper
 
   def test_help_output
-    out = run_inspec_process('compliance help')
+    out = run_inspec_process("compliance help")
     assert_equal out.exit_status, 0
-    assert_includes out.stdout, 'inspec compliance exec PROFILE'
+    assert_includes out.stdout, "inspec compliance exec PROFILE"
   end
 
   def test_logout_command
-    out = run_inspec_process('compliance logout')
+    out = run_inspec_process("compliance logout")
     assert_equal out.exit_status, 0
-    assert_includes out.stdout, ''
+    assert_includes out.stdout, ""
   end
 
   def test_error_login_with_invalid_url
-    out = run_inspec_process('compliance login')
+    out = run_inspec_process("compliance login")
     assert_equal out.exit_status, 1
     assert_includes out.stderr, 'ERROR: "inspec compliance login" was called with no arguments'
   end
 
   def test_profile_list_without_auth
-    out = run_inspec_process('compliance profiles')
+    out = run_inspec_process("compliance profiles")
     assert_equal out.exit_status, 0 # TODO: make this error
-    assert_includes out.stdout, 'You need to login first with `inspec compliance login`'
+    assert_includes out.stdout, "You need to login first with `inspec compliance login`"
   end
 
   def test_error_upload_without_args
-    out = run_inspec_process('compliance upload')
+    out = run_inspec_process("compliance upload")
     assert_equal out.exit_status, 1
     assert_includes out.stderr, 'ERROR: "inspec compliance upload" was called with no arguments'
   end
 
   def test_error_upload_with_fake_path
-    out = run_inspec_process('compliance upload /path/to/dir')
+    out = run_inspec_process("compliance upload /path/to/dir")
     assert_equal out.exit_status, 0 # TODO: make this error
-    assert_includes out.stdout, 'You need to login first with `inspec compliance login`'
+    assert_includes out.stdout, "You need to login first with `inspec compliance login`"
   end
 end

data/lib/plugins/inspec-compliance/test/integration/default/cli.rb

@@ -1,93 +1,91 @@
-# encoding: utf-8
-
 # options
-inspec_bin = 'BUNDLE_GEMFILE=/inspec/Gemfile bundle exec inspec'
-api_url = 'https://0.0.0.0'
-profile = '/inspec/examples/profile'
+inspec_bin = "BUNDLE_GEMFILE=/inspec/Gemfile bundle exec inspec"
+api_url = "https://0.0.0.0"
+profile = "/inspec/examples/profile"
 
-user = command('whoami').stdout.strip
-pwd = command('pwd').stdout.strip
+user = command("whoami").stdout.strip
+pwd = command("pwd").stdout.strip
 puts "Run test as #{user} in path #{pwd}"
 
 # TODO: determine tokens automatically, define in kitchen yml
-access_token = ENV['COMPLIANCE_ACCESSTOKEN']
-refresh_token = ENV['COMPLIANCE_REFRESHTOKEN']
+access_token = ENV["COMPLIANCE_ACCESSTOKEN"]
+refresh_token = ENV["COMPLIANCE_REFRESHTOKEN"]
 
 %w{refresh_token access_token}.each do |type| # rubocop:disable Metrics/BlockLength
   case type
-  when 'access_token'
+  when "access_token"
     token_options = "--token '#{access_token}'"
-  when 'refresh_token'
+  when "refresh_token"
     token_options = "--refresh_token '#{refresh_token}'"
   end
 
   # verifies that the help command works
   describe command("#{inspec_bin} compliance help") do
-    its('stdout') { should include 'inspec compliance help [COMMAND]' }
-    its('stderr') { should eq '' }
-    its('exit_status') { should eq 0 }
+    its("stdout") { should include "inspec compliance help [COMMAND]" }
+    its("stderr") { should eq "" }
+    its("exit_status") { should eq 0 }
   end
 
   # version command fails gracefully when server not configured
   describe command("#{inspec_bin} compliance version") do
-    its('stdout') { should include 'Server configuration information is missing' }
-    its('stderr') { should eq '' }
-    its('exit_status') { should eq 1 }
+    its("stdout") { should include "Server configuration information is missing" }
+    its("stderr") { should eq "" }
+    its("exit_status") { should eq 1 }
   end
 
   # submitting a wrong token should have an exit of 0
   describe command("#{inspec_bin} compliance login #{api_url} --insecure --user 'admin' --token 'wrong-token'") do
-    its('stdout') { should include 'token stored' }
+    its("stdout") { should include "token stored" }
   end
 
   # compliance login --help should give an accurate message for login
   describe command("#{inspec_bin} compliance login --help") do
-    its('stdout') { should include "inspec compliance login SERVER --insecure --user='USER' --token='TOKEN'" }
-    its('exit_status') { should eq 0 }
+    its("stdout") { should include "inspec compliance login SERVER --insecure --user='USER' --token='TOKEN'" }
+    its("exit_status") { should eq 0 }
   end
 
   # profiles command fails gracefully when token/server info is incorrect
   describe command("#{inspec_bin} compliance profiles") do
-    its('stdout') { should include '401 Unauthorized. Please check your token' }
-    its('stderr') { should eq '' }
-    its('exit_status') { should eq 1 }
+    its("stdout") { should include "401 Unauthorized. Please check your token" }
+    its("stderr") { should eq "" }
+    its("exit_status") { should eq 1 }
   end
 
   # login via access token token
   describe command("#{inspec_bin} compliance login #{api_url} --insecure --user 'admin' #{token_options}") do
-    its('stdout') { should include 'token', 'stored' }
-    its('stdout') { should_not include 'Your server supports --user and --password only' }
-    its('stderr') { should eq '' }
-    its('exit_status') { should eq 0 }
+    its("stdout") { should include "token", "stored" }
+    its("stdout") { should_not include "Your server supports --user and --password only" }
+    its("stderr") { should eq "" }
+    its("exit_status") { should eq 0 }
   end
 
   # see available resources
   describe command("#{inspec_bin} compliance profiles") do
-    its('stdout') { should include 'base/ssh' }
-    its('stderr') { should eq '' }
-    its('exit_status') { should eq 0 }
+    its("stdout") { should include "base/ssh" }
+    its("stderr") { should eq "" }
+    its("exit_status") { should eq 0 }
   end
 
   # upload a compliance profile
   describe command("#{inspec_bin} compliance upload #{profile} --overwrite") do
-    its('stdout') { should include 'Profile is valid' }
-    its('stdout') { should include 'Successfully uploaded profile' }
-    its('stdout') { should_not include 'error(s)' }
-    its('stderr') { should eq '' }
-    its('exit_status') { should eq 0 }
+    its("stdout") { should include "Profile is valid" }
+    its("stdout") { should include "Successfully uploaded profile" }
+    its("stdout") { should_not include "error(s)" }
+    its("stderr") { should eq "" }
+    its("exit_status") { should eq 0 }
   end
 
   # returns the version of the server
   describe command("#{inspec_bin} compliance version") do
-    its('stdout') { should include 'Chef Compliance version:' }
-    its('stderr') { should eq '' }
-    its('exit_status') { should eq 0 }
+    its("stdout") { should include "Chef Compliance version:" }
+    its("stderr") { should eq "" }
+    its("exit_status") { should eq 0 }
   end
 
   # logout
   describe command("#{inspec_bin} compliance logout") do
-    its('stdout') { should include 'Successfully logged out' }
-    its('stderr') { should eq '' }
-    its('exit_status') { should eq 0 }
+    its("stdout") { should include "Successfully logged out" }
+    its("stderr") { should eq "" }
+    its("exit_status") { should eq 0 }
   end
 end