inspec 4.3.2 → 4.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +36 -38
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/inspec.gemspec +38 -39
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-artifact/test/functional/inspec_artifact_test.rb +12 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-compliance/test/functional/inspec_compliance_test.rb +12 -14
- data/lib/plugins/inspec-compliance/test/integration/default/cli.rb +39 -41
- data/lib/plugins/inspec-compliance/test/unit/api/login_test.rb +64 -64
- data/lib/plugins/inspec-compliance/test/unit/api_test.rb +157 -156
- data/lib/plugins/inspec-compliance/test/unit/target_test.rb +85 -85
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/Berksfile +1 -1
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/metadata.rb +8 -8
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/recipes/default.rb +17 -17
- data/lib/plugins/inspec-habitat/test/functional/inspec_habitat_test.rb +9 -8
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/controls/inspec_habitat.rb +14 -14
- data/lib/plugins/inspec-habitat/test/support/example_profile/controls/example.rb +4 -4
- data/lib/plugins/inspec-habitat/test/unit/profile_test.rb +42 -41
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/functional/inspec_plugin_template_test.rb +5 -5
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/helper.rb +1 -3
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/cli_args_test.rb +2 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/plugin_def_test.rb +2 -2
- data/lib/plugins/inspec-init/templates/profiles/aws/controls/example.rb +10 -11
- data/lib/plugins/inspec-init/templates/profiles/azure/controls/example.rb +4 -5
- data/lib/plugins/inspec-init/templates/profiles/gcp/controls/example.rb +10 -11
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-init/test/functional/inspec_init_plugin_test.rb +51 -50
- data/lib/plugins/inspec-init/test/functional/inspec_init_profile_test.rb +35 -33
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/inspec-plugin-manager-cli/test/fixtures/plugins/wrong-name/lib/wrong-name.rb +1 -1
- data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +281 -271
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +41 -41
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/plugin_def_test.rb +25 -6
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/resource_support/aws.rb +67 -67
- data/lib/resource_support/aws/aws_plural_resource_mixin.rb +4 -1
- data/lib/resource_support/aws/aws_resource_mixin.rb +4 -3
- data/lib/resource_support/aws/aws_singular_resource_mixin.rb +4 -1
- data/lib/resources/aws/aws_billing_report.rb +15 -8
- data/lib/resources/aws/aws_billing_reports.rb +10 -7
- data/lib/resources/aws/aws_cloudtrail_trail.rb +9 -5
- data/lib/resources/aws/aws_cloudtrail_trails.rb +9 -5
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +9 -5
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +12 -8
- data/lib/resources/aws/aws_config_delivery_channel.rb +13 -9
- data/lib/resources/aws/aws_config_recorder.rb +10 -6
- data/lib/resources/aws/aws_ebs_volume.rb +12 -8
- data/lib/resources/aws/aws_ebs_volumes.rb +9 -5
- data/lib/resources/aws/aws_ec2_instance.rb +14 -11
- data/lib/resources/aws/aws_ec2_instances.rb +9 -5
- data/lib/resources/aws/aws_ecs_cluster.rb +11 -7
- data/lib/resources/aws/aws_eks_cluster.rb +13 -9
- data/lib/resources/aws/aws_elb.rb +9 -5
- data/lib/resources/aws/aws_elbs.rb +9 -5
- data/lib/resources/aws/aws_flow_log.rb +17 -13
- data/lib/resources/aws/aws_iam_access_key.rb +15 -11
- data/lib/resources/aws/aws_iam_access_keys.rb +19 -15
- data/lib/resources/aws/aws_iam_group.rb +9 -5
- data/lib/resources/aws/aws_iam_groups.rb +9 -5
- data/lib/resources/aws/aws_iam_password_policy.rb +13 -10
- data/lib/resources/aws/aws_iam_policies.rb +9 -5
- data/lib/resources/aws/aws_iam_policy.rb +16 -12
- data/lib/resources/aws/aws_iam_role.rb +9 -5
- data/lib/resources/aws/aws_iam_root_user.rb +12 -8
- data/lib/resources/aws/aws_iam_user.rb +12 -12
- data/lib/resources/aws/aws_iam_users.rb +10 -10
- data/lib/resources/aws/aws_kms_key.rb +12 -8
- data/lib/resources/aws/aws_kms_keys.rb +9 -5
- data/lib/resources/aws/aws_rds_instance.rb +11 -8
- data/lib/resources/aws/aws_route_table.rb +11 -7
- data/lib/resources/aws/aws_route_tables.rb +10 -6
- data/lib/resources/aws/aws_s3_bucket.rb +14 -11
- data/lib/resources/aws/aws_s3_bucket_object.rb +12 -9
- data/lib/resources/aws/aws_s3_buckets.rb +9 -7
- data/lib/resources/aws/aws_security_group.rb +16 -12
- data/lib/resources/aws/aws_security_groups.rb +12 -8
- data/lib/resources/aws/aws_sns_subscription.rb +15 -11
- data/lib/resources/aws/aws_sns_topic.rb +10 -6
- data/lib/resources/aws/aws_sns_topics.rb +9 -5
- data/lib/resources/aws/aws_sqs_queue.rb +18 -14
- data/lib/resources/aws/aws_subnet.rb +11 -7
- data/lib/resources/aws/aws_subnets.rb +9 -5
- data/lib/resources/aws/aws_vpc.rb +10 -6
- data/lib/resources/aws/aws_vpcs.rb +9 -5
- data/lib/resources/azure/azure_backend.rb +20 -18
- data/lib/resources/azure/azure_generic_resource.rb +13 -15
- data/lib/resources/azure/azure_resource_group.rb +17 -19
- data/lib/resources/azure/azure_virtual_machine.rb +6 -8
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +6 -8
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +141 -142
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
@@ -1,25 +1,25 @@
|
|
1
|
-
require
|
2
|
-
require
|
3
|
-
require
|
4
|
-
require_relative
|
1
|
+
require "minitest/autorun"
|
2
|
+
require "mocha/setup"
|
3
|
+
require "webmock/minitest"
|
4
|
+
require_relative "../../../lib/inspec-compliance/api.rb"
|
5
5
|
|
6
6
|
describe InspecPlugins::Compliance::API do
|
7
7
|
let(:automate_options) do
|
8
8
|
{
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
9
|
+
"server" => "https://automate.example.com",
|
10
|
+
"ent" => "automate",
|
11
|
+
"user" => "someone",
|
12
|
+
"token" => "token",
|
13
13
|
}
|
14
14
|
end
|
15
15
|
|
16
16
|
let(:compliance_options) do
|
17
17
|
{
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
18
|
+
"server" => "https://compliance.example.com",
|
19
|
+
"user" => "someone",
|
20
|
+
"password" => "password",
|
21
|
+
"token" => "token",
|
22
|
+
"refresh_token" => "refresh_token",
|
23
23
|
}
|
24
24
|
end
|
25
25
|
|
@@ -49,138 +49,138 @@ describe InspecPlugins::Compliance::API do
|
|
49
49
|
FakeConfig.new
|
50
50
|
end
|
51
51
|
|
52
|
-
describe
|
53
|
-
describe
|
52
|
+
describe ".login" do
|
53
|
+
describe "when target is a Chef Automate2 server" do
|
54
54
|
before do
|
55
55
|
InspecPlugins::Compliance::API.expects(:determine_server_type).returns(:automate2)
|
56
56
|
end
|
57
57
|
|
58
|
-
it
|
58
|
+
it "raises an error if `--user` is missing" do
|
59
59
|
options = automate_options
|
60
|
-
options.delete(
|
60
|
+
options.delete("user")
|
61
61
|
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
62
62
|
err.message.must_match(/Please specify a user.*/)
|
63
63
|
err.message.lines.length.must_equal(1)
|
64
64
|
end
|
65
65
|
|
66
|
-
it
|
66
|
+
it "raises an error if `--token` and `--dctoken` are missing" do
|
67
67
|
options = automate_options
|
68
|
-
options.delete(
|
69
|
-
options.delete(
|
68
|
+
options.delete("token")
|
69
|
+
options.delete("dctoken")
|
70
70
|
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
71
71
|
err.message.must_match(/Please specify a token.*/)
|
72
72
|
err.message.lines.length.must_equal(1)
|
73
73
|
end
|
74
74
|
|
75
|
-
it
|
76
|
-
stub_request(:get, automate_options[
|
77
|
-
.to_return(status: 200, body:
|
75
|
+
it "stores an access token" do
|
76
|
+
stub_request(:get, automate_options["server"] + "/compliance/version")
|
77
|
+
.to_return(status: 200, body: "", headers: {})
|
78
78
|
options = automate_options
|
79
79
|
InspecPlugins::Compliance::Configuration.expects(:new).returns(fake_config)
|
80
80
|
|
81
81
|
InspecPlugins::Compliance::API.login(options)
|
82
|
-
fake_config[
|
83
|
-
fake_config[
|
84
|
-
fake_config[
|
85
|
-
fake_config[
|
86
|
-
fake_config[
|
87
|
-
fake_config[
|
82
|
+
fake_config["automate"]["ent"].must_equal("automate")
|
83
|
+
fake_config["automate"]["token_type"].must_equal("dctoken")
|
84
|
+
fake_config["user"].must_equal("someone")
|
85
|
+
fake_config["server"].must_equal("https://automate.example.com/api/v0")
|
86
|
+
fake_config["server_type"].must_equal("automate2")
|
87
|
+
fake_config["token"].must_equal("token")
|
88
88
|
end
|
89
89
|
end
|
90
90
|
|
91
|
-
describe
|
91
|
+
describe "when target is a Chef Automate server" do
|
92
92
|
before do
|
93
93
|
InspecPlugins::Compliance::API.expects(:determine_server_type).returns(:automate)
|
94
94
|
end
|
95
95
|
|
96
|
-
it
|
96
|
+
it "raises an error if `--user` is missing" do
|
97
97
|
options = automate_options
|
98
|
-
options.delete(
|
98
|
+
options.delete("user")
|
99
99
|
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
100
100
|
err.message.must_match(/Please specify a user.*/)
|
101
101
|
err.message.lines.length.must_equal(1)
|
102
102
|
end
|
103
103
|
|
104
|
-
it
|
104
|
+
it "raises an error if `--ent` is missing" do
|
105
105
|
options = automate_options
|
106
|
-
options.delete(
|
106
|
+
options.delete("ent")
|
107
107
|
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
108
108
|
err.message.must_match(/Please specify an enterprise.*/)
|
109
109
|
err.message.lines.length.must_equal(1)
|
110
110
|
end
|
111
111
|
|
112
|
-
it
|
112
|
+
it "raises an error if `--token` and `--dctoken` are missing" do
|
113
113
|
options = automate_options
|
114
|
-
options.delete(
|
115
|
-
options.delete(
|
114
|
+
options.delete("token")
|
115
|
+
options.delete("dctoken")
|
116
116
|
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
117
117
|
err.message.must_match(/Please specify a token.*/)
|
118
118
|
err.message.lines.length.must_equal(1)
|
119
119
|
end
|
120
120
|
|
121
|
-
it
|
122
|
-
stub_request(:get, automate_options[
|
123
|
-
.to_return(status: 200, body:
|
121
|
+
it "stores an access token" do
|
122
|
+
stub_request(:get, automate_options["server"] + "/compliance/version")
|
123
|
+
.to_return(status: 200, body: "", headers: {})
|
124
124
|
options = automate_options
|
125
125
|
InspecPlugins::Compliance::Configuration.expects(:new).returns(fake_config)
|
126
126
|
|
127
127
|
InspecPlugins::Compliance::API.login(options)
|
128
|
-
fake_config[
|
129
|
-
fake_config[
|
130
|
-
fake_config[
|
131
|
-
fake_config[
|
132
|
-
fake_config[
|
133
|
-
fake_config[
|
128
|
+
fake_config["automate"]["ent"].must_equal("automate")
|
129
|
+
fake_config["automate"]["token_type"].must_equal("usertoken")
|
130
|
+
fake_config["user"].must_equal("someone")
|
131
|
+
fake_config["server"].must_equal("https://automate.example.com/compliance")
|
132
|
+
fake_config["server_type"].must_equal("automate")
|
133
|
+
fake_config["token"].must_equal("token")
|
134
134
|
end
|
135
135
|
end
|
136
136
|
|
137
|
-
describe
|
137
|
+
describe "when target is a Chef Compliance server" do
|
138
138
|
before do
|
139
139
|
InspecPlugins::Compliance::API.expects(:determine_server_type).returns(:compliance)
|
140
140
|
end
|
141
141
|
|
142
|
-
it
|
142
|
+
it "raises an error if `--user` and `--refresh-token` are missing" do
|
143
143
|
options = automate_options
|
144
|
-
options.delete(
|
145
|
-
options.delete(
|
144
|
+
options.delete("user")
|
145
|
+
options.delete("refresh_token")
|
146
146
|
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
147
147
|
err.message.must_match(/Please specify a.*--user.*--refresh-token.*/)
|
148
148
|
err.message.lines.length.must_equal(1)
|
149
149
|
end
|
150
150
|
|
151
|
-
it
|
151
|
+
it "raises an error if `--user` is present but authentication method missing" do
|
152
152
|
options = automate_options
|
153
|
-
options.delete(
|
154
|
-
options.delete(
|
155
|
-
options.delete(
|
153
|
+
options.delete("password")
|
154
|
+
options.delete("token")
|
155
|
+
options.delete("refresh_token")
|
156
156
|
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
157
157
|
err.message.must_match(/Please specify.*--password.*--token.*--refresh-token.*/)
|
158
158
|
err.message.lines.length.must_equal(1)
|
159
159
|
end
|
160
160
|
|
161
|
-
it
|
162
|
-
stub_request(:get, compliance_options[
|
163
|
-
.to_return(status: 200, body:
|
161
|
+
it "stores an access token" do
|
162
|
+
stub_request(:get, compliance_options["server"] + "/api/version")
|
163
|
+
.to_return(status: 200, body: "", headers: {})
|
164
164
|
options = compliance_options
|
165
165
|
InspecPlugins::Compliance::Configuration.expects(:new).returns(fake_config)
|
166
166
|
|
167
167
|
InspecPlugins::Compliance::API.login(options)
|
168
|
-
fake_config[
|
169
|
-
fake_config[
|
170
|
-
fake_config[
|
171
|
-
fake_config[
|
168
|
+
fake_config["user"].must_equal("someone")
|
169
|
+
fake_config["server"].must_equal("https://compliance.example.com/api")
|
170
|
+
fake_config["server_type"].must_equal("compliance")
|
171
|
+
fake_config["token"].must_equal("token")
|
172
172
|
end
|
173
173
|
end
|
174
174
|
|
175
|
-
describe
|
176
|
-
it
|
175
|
+
describe "when target is neither a Chef Compliance nor Chef Automate server" do
|
176
|
+
it "raises an error if `https://SERVER` is missing" do
|
177
177
|
options = {}
|
178
178
|
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
179
179
|
err.message.must_match(/Please specify a server.*/)
|
180
180
|
err.message.lines.length.must_equal(1)
|
181
181
|
end
|
182
182
|
|
183
|
-
it
|
183
|
+
it "rasies a `CannotDetermineServerType` error" do
|
184
184
|
InspecPlugins::Compliance::API.expects(:determine_server_type).returns(nil)
|
185
185
|
err = proc { InspecPlugins::Compliance::API.login(automate_options) }.must_raise(StandardError)
|
186
186
|
err.message.must_match(/Unable to determine/)
|
@@ -1,52 +1,53 @@
|
|
1
|
-
require
|
2
|
-
require
|
3
|
-
|
1
|
+
require "minitest/autorun"
|
2
|
+
require "webmock/minitest"
|
3
|
+
require "mocha/setup"
|
4
|
+
require_relative "../../lib/inspec-compliance/api.rb"
|
4
5
|
|
5
6
|
describe InspecPlugins::Compliance::API do
|
6
7
|
let(:profiles_response) do
|
7
|
-
[{
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
{
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
{
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
8
|
+
[{ "name" => "apache-baseline",
|
9
|
+
"title" => "DevSec Apache Baseline",
|
10
|
+
"maintainer" => "DevSec Hardening Framework Team",
|
11
|
+
"copyright" => "DevSec Hardening Framework Team",
|
12
|
+
"copyright_email" => "hello@dev-sec.io",
|
13
|
+
"license" => "Apache 2 license",
|
14
|
+
"summary" => "Test-suite for best-practice apache hardening",
|
15
|
+
"version" => "2.0.2",
|
16
|
+
"supports" => [{ "os-family" => "unix" }],
|
17
|
+
"depends" => nil,
|
18
|
+
"owner_id" => "admin" },
|
19
|
+
{ "name" => "apache-baseline",
|
20
|
+
"title" => "DevSec Apache Baseline",
|
21
|
+
"maintainer" => "Hardening Framework Team",
|
22
|
+
"copyright" => "Hardening Framework Team",
|
23
|
+
"copyright_email" => "hello@dev-sec.io",
|
24
|
+
"license" => "Apache 2 license",
|
25
|
+
"summary" => "Test-suite for best-practice apache hardening",
|
26
|
+
"version" => "2.0.1",
|
27
|
+
"supports" => [{ "os-family" => "unix" }],
|
28
|
+
"depends" => nil,
|
29
|
+
"latest_version" => "2.0.2",
|
30
|
+
"owner_id" => "admin" },
|
31
|
+
{ "name" => "cis-aix-5.3-6.1-level1",
|
32
|
+
"title" => "CIS AIX 5.3 and AIX 6.1 Benchmark Level 1",
|
33
|
+
"maintainer" => "Chef Software, Inc.",
|
34
|
+
"copyright" => "Chef Software, Inc.",
|
35
|
+
"copyright_email" => "support@chef.io",
|
36
|
+
"license" => "Proprietary, All rights reserved",
|
37
|
+
"summary" => "CIS AIX 5.3 and AIX 6.1 Benchmark Level 1 translated from SCAP",
|
38
|
+
"version" => "1.1.0",
|
39
|
+
"supports" => nil,
|
40
|
+
"depends" => nil,
|
41
|
+
"latest_version" => "1.1.0-3",
|
42
|
+
"owner_id" => "admin" }]
|
42
43
|
end
|
43
44
|
|
44
|
-
describe
|
45
|
-
let(:headers) {
|
45
|
+
describe ".version" do
|
46
|
+
let(:headers) { "test-headers" }
|
46
47
|
let(:config) do
|
47
48
|
{
|
48
|
-
|
49
|
-
|
49
|
+
"server" => "myserver",
|
50
|
+
"insecure" => true,
|
50
51
|
}
|
51
52
|
end
|
52
53
|
|
@@ -54,72 +55,72 @@ describe InspecPlugins::Compliance::API do
|
|
54
55
|
InspecPlugins::Compliance::API.expects(:get_headers).returns(headers)
|
55
56
|
end
|
56
57
|
|
57
|
-
describe
|
58
|
-
it
|
58
|
+
describe "when a 404 is received" do
|
59
|
+
it "should return an empty hash" do
|
59
60
|
response = mock
|
60
|
-
response.stubs(:code).returns(
|
61
|
-
InspecPlugins::Compliance::HTTP.expects(:get).with(
|
61
|
+
response.stubs(:code).returns("404")
|
62
|
+
InspecPlugins::Compliance::HTTP.expects(:get).with("myserver/version", "test-headers", true).returns(response)
|
62
63
|
InspecPlugins::Compliance::API.version(config).must_equal({})
|
63
64
|
end
|
64
65
|
end
|
65
66
|
|
66
|
-
describe
|
67
|
-
it
|
67
|
+
describe "when the returned body is nil" do
|
68
|
+
it "should return an empty hash" do
|
68
69
|
response = mock
|
69
|
-
response.stubs(:code).returns(
|
70
|
+
response.stubs(:code).returns("200")
|
70
71
|
response.stubs(:body).returns(nil)
|
71
|
-
InspecPlugins::Compliance::HTTP.expects(:get).with(
|
72
|
+
InspecPlugins::Compliance::HTTP.expects(:get).with("myserver/version", "test-headers", true).returns(response)
|
72
73
|
InspecPlugins::Compliance::API.version(config).must_equal({})
|
73
74
|
end
|
74
75
|
end
|
75
76
|
|
76
|
-
describe
|
77
|
-
it
|
77
|
+
describe "when the returned body is an empty string" do
|
78
|
+
it "should return an empty hash" do
|
78
79
|
response = mock
|
79
|
-
response.stubs(:code).returns(
|
80
|
-
response.stubs(:body).returns(
|
81
|
-
InspecPlugins::Compliance::HTTP.expects(:get).with(
|
80
|
+
response.stubs(:code).returns("200")
|
81
|
+
response.stubs(:body).returns("")
|
82
|
+
InspecPlugins::Compliance::HTTP.expects(:get).with("myserver/version", "test-headers", true).returns(response)
|
82
83
|
InspecPlugins::Compliance::API.version(config).must_equal({})
|
83
84
|
end
|
84
85
|
end
|
85
86
|
|
86
|
-
describe
|
87
|
-
it
|
87
|
+
describe "when the returned body has no version key" do
|
88
|
+
it "should return an empty hash" do
|
88
89
|
response = mock
|
89
|
-
response.stubs(:code).returns(
|
90
|
+
response.stubs(:code).returns("200")
|
90
91
|
response.stubs(:body).returns('{"api":"compliance"}')
|
91
|
-
InspecPlugins::Compliance::HTTP.expects(:get).with(
|
92
|
+
InspecPlugins::Compliance::HTTP.expects(:get).with("myserver/version", "test-headers", true).returns(response)
|
92
93
|
InspecPlugins::Compliance::API.version(config).must_equal({})
|
93
94
|
end
|
94
95
|
end
|
95
96
|
|
96
|
-
describe
|
97
|
-
it
|
97
|
+
describe "when the returned body has an empty version key" do
|
98
|
+
it "should return an empty hash" do
|
98
99
|
response = mock
|
99
|
-
response.stubs(:code).returns(
|
100
|
+
response.stubs(:code).returns("200")
|
100
101
|
response.stubs(:body).returns('{"api":"compliance","version":""}')
|
101
|
-
InspecPlugins::Compliance::HTTP.expects(:get).with(
|
102
|
+
InspecPlugins::Compliance::HTTP.expects(:get).with("myserver/version", "test-headers", true).returns(response)
|
102
103
|
InspecPlugins::Compliance::API.version(config).must_equal({})
|
103
104
|
end
|
104
105
|
end
|
105
106
|
|
106
|
-
describe
|
107
|
-
it
|
107
|
+
describe "when the returned body has a proper version" do
|
108
|
+
it "should return an empty hash" do
|
108
109
|
response = mock
|
109
|
-
response.stubs(:code).returns(
|
110
|
+
response.stubs(:code).returns("200")
|
110
111
|
response.stubs(:body).returns('{"api":"compliance","version":"1.2.3"}')
|
111
|
-
InspecPlugins::Compliance::HTTP.expects(:get).with(
|
112
|
-
InspecPlugins::Compliance::API.version(config).must_equal({
|
112
|
+
InspecPlugins::Compliance::HTTP.expects(:get).with("myserver/version", "test-headers", true).returns(response)
|
113
|
+
InspecPlugins::Compliance::API.version(config).must_equal({ "version" => "1.2.3", "api" => "compliance" })
|
113
114
|
end
|
114
115
|
end
|
115
116
|
end
|
116
117
|
|
117
|
-
describe
|
118
|
-
describe
|
119
|
-
it
|
118
|
+
describe "automate/compliance is? checks" do
|
119
|
+
describe "when the config has a compliance server_type" do
|
120
|
+
it "automate/compliance server is? methods return correctly" do
|
120
121
|
config = InspecPlugins::Compliance::Configuration.new
|
121
122
|
config.clean
|
122
|
-
config[
|
123
|
+
config["server_type"] = "compliance"
|
123
124
|
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal true
|
124
125
|
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal false
|
125
126
|
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal false
|
@@ -128,11 +129,11 @@ describe InspecPlugins::Compliance::API do
|
|
128
129
|
end
|
129
130
|
end
|
130
131
|
|
131
|
-
describe
|
132
|
-
it
|
132
|
+
describe "when the config has a automate2 server_type" do
|
133
|
+
it "automate/compliance server is? methods return correctly" do
|
133
134
|
config = InspecPlugins::Compliance::Configuration.new
|
134
135
|
config.clean
|
135
|
-
config[
|
136
|
+
config["server_type"] = "automate2"
|
136
137
|
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
137
138
|
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal false
|
138
139
|
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal false
|
@@ -141,11 +142,11 @@ describe InspecPlugins::Compliance::API do
|
|
141
142
|
end
|
142
143
|
end
|
143
144
|
|
144
|
-
describe
|
145
|
-
it
|
145
|
+
describe "when the config has an automate server_type and no version key" do
|
146
|
+
it "automate/compliance server is? methods return correctly" do
|
146
147
|
config = InspecPlugins::Compliance::Configuration.new
|
147
148
|
config.clean
|
148
|
-
config[
|
149
|
+
config["server_type"] = "automate"
|
149
150
|
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
150
151
|
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
|
151
152
|
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal true
|
@@ -154,12 +155,12 @@ describe InspecPlugins::Compliance::API do
|
|
154
155
|
end
|
155
156
|
end
|
156
157
|
|
157
|
-
describe
|
158
|
-
it
|
158
|
+
describe "when the config has an automate server_type and a version key that is not a hash" do
|
159
|
+
it "automate/compliance server is? methods return correctly" do
|
159
160
|
config = InspecPlugins::Compliance::Configuration.new
|
160
161
|
config.clean
|
161
|
-
config[
|
162
|
-
config[
|
162
|
+
config["server_type"] = "automate"
|
163
|
+
config["version"] = "1.2.3"
|
163
164
|
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
164
165
|
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
|
165
166
|
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal true
|
@@ -168,12 +169,12 @@ describe InspecPlugins::Compliance::API do
|
|
168
169
|
end
|
169
170
|
end
|
170
171
|
|
171
|
-
describe
|
172
|
-
it
|
172
|
+
describe "when the config has an automate server_type and a version hash with no version" do
|
173
|
+
it "automate/compliance server is? methods return correctly" do
|
173
174
|
config = InspecPlugins::Compliance::Configuration.new
|
174
175
|
config.clean
|
175
|
-
config[
|
176
|
-
config[
|
176
|
+
config["server_type"] = "automate"
|
177
|
+
config["version"] = {}
|
177
178
|
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
178
179
|
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
|
179
180
|
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal true
|
@@ -181,12 +182,12 @@ describe InspecPlugins::Compliance::API do
|
|
181
182
|
end
|
182
183
|
end
|
183
184
|
|
184
|
-
describe
|
185
|
-
it
|
185
|
+
describe "when the config has an automate server_type and a version hash with a version" do
|
186
|
+
it "automate/compliance server is? methods return correctly" do
|
186
187
|
config = InspecPlugins::Compliance::Configuration.new
|
187
188
|
config.clean
|
188
|
-
config[
|
189
|
-
config[
|
189
|
+
config["server_type"] = "automate"
|
190
|
+
config["version"] = { "version" => "0.8.1" }
|
190
191
|
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
191
192
|
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
|
192
193
|
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal false
|
@@ -195,100 +196,100 @@ describe InspecPlugins::Compliance::API do
|
|
195
196
|
end
|
196
197
|
end
|
197
198
|
|
198
|
-
describe
|
199
|
-
it
|
199
|
+
describe ".server_version_from_config" do
|
200
|
+
it "returns nil when the config has no version key" do
|
200
201
|
config = {}
|
201
202
|
InspecPlugins::Compliance::API.server_version_from_config(config).must_be_nil
|
202
203
|
end
|
203
204
|
|
204
|
-
it
|
205
|
-
config = {
|
205
|
+
it "returns nil when the version value is not a hash" do
|
206
|
+
config = { "version" => "123" }
|
206
207
|
InspecPlugins::Compliance::API.server_version_from_config(config).must_be_nil
|
207
208
|
end
|
208
209
|
|
209
|
-
it
|
210
|
-
config = {
|
210
|
+
it "returns nil when the version value is a hash but has no version key inside" do
|
211
|
+
config = { "version" => {} }
|
211
212
|
InspecPlugins::Compliance::API.server_version_from_config(config).must_be_nil
|
212
213
|
end
|
213
214
|
|
214
|
-
it
|
215
|
-
config = {
|
216
|
-
InspecPlugins::Compliance::API.server_version_from_config(config).must_equal
|
215
|
+
it "returns the version if the version value is a hash containing a version" do
|
216
|
+
config = { "version" => { "version" => "1.2.3" } }
|
217
|
+
InspecPlugins::Compliance::API.server_version_from_config(config).must_equal "1.2.3"
|
217
218
|
end
|
218
219
|
end
|
219
220
|
|
220
|
-
describe
|
221
|
-
it
|
222
|
-
InspecPlugins::Compliance::API.profile_split(
|
221
|
+
describe "profile_split" do
|
222
|
+
it "handles a profile without version" do
|
223
|
+
InspecPlugins::Compliance::API.profile_split("admin/apache-baseline").must_equal ["admin", "apache-baseline", nil]
|
223
224
|
end
|
224
225
|
|
225
|
-
it
|
226
|
-
InspecPlugins::Compliance::API.profile_split(
|
226
|
+
it "handles a profile with a version" do
|
227
|
+
InspecPlugins::Compliance::API.profile_split("admin/apache-baseline#2.0.1").must_equal ["admin", "apache-baseline", "2.0.1"]
|
227
228
|
end
|
228
229
|
end
|
229
230
|
|
230
|
-
describe
|
231
|
-
it
|
231
|
+
describe "target_url" do
|
232
|
+
it "handles a automate profile with and without version" do
|
232
233
|
config = InspecPlugins::Compliance::Configuration.new
|
233
234
|
config.clean
|
234
|
-
config[
|
235
|
-
config[
|
236
|
-
config[
|
237
|
-
InspecPlugins::Compliance::API.target_url(config,
|
238
|
-
InspecPlugins::Compliance::API.target_url(config,
|
235
|
+
config["server_type"] = "automate"
|
236
|
+
config["server"] = "https://myautomate"
|
237
|
+
config["version"] = "1.6.99"
|
238
|
+
InspecPlugins::Compliance::API.target_url(config, "admin/apache-baseline").must_equal "https://myautomate/profiles/admin/apache-baseline/tar"
|
239
|
+
InspecPlugins::Compliance::API.target_url(config, "admin/apache-baseline#2.0.2").must_equal "https://myautomate/profiles/admin/apache-baseline/version/2.0.2/tar"
|
239
240
|
end
|
240
241
|
|
241
|
-
it
|
242
|
+
it "handles a chef-compliance profile with and without version" do
|
242
243
|
config = InspecPlugins::Compliance::Configuration.new
|
243
244
|
config.clean
|
244
|
-
config[
|
245
|
-
config[
|
246
|
-
config[
|
247
|
-
InspecPlugins::Compliance::API.target_url(config,
|
248
|
-
InspecPlugins::Compliance::API.target_url(config,
|
245
|
+
config["server_type"] = "compliance"
|
246
|
+
config["server"] = "https://mychefcompliance"
|
247
|
+
config["version"] = "1.1.2"
|
248
|
+
InspecPlugins::Compliance::API.target_url(config, "admin/apache-baseline").must_equal "https://mychefcompliance/owners/admin/compliance/apache-baseline/tar"
|
249
|
+
InspecPlugins::Compliance::API.target_url(config, "admin/apache-baseline#2.0.2").must_equal "https://mychefcompliance/owners/admin/compliance/apache-baseline/tar"
|
249
250
|
end
|
250
251
|
end
|
251
252
|
|
252
|
-
describe
|
253
|
-
it
|
253
|
+
describe "exist?" do
|
254
|
+
it "works with profiles returned by Automate" do
|
254
255
|
# ruby 2.3.3 has issues running stub_requests properly
|
255
256
|
# skipping for that specific version
|
256
|
-
return if RUBY_VERSION
|
257
|
+
return if RUBY_VERSION == "2.3.3"
|
257
258
|
|
258
259
|
config = InspecPlugins::Compliance::Configuration.new
|
259
260
|
config.clean
|
260
|
-
config[
|
261
|
-
config[
|
262
|
-
config[
|
263
|
-
config[
|
264
|
-
config[
|
265
|
-
config[
|
266
|
-
|
267
|
-
stub_request(:get,
|
268
|
-
.with(headers: {
|
261
|
+
config["owner"] = "admin"
|
262
|
+
config["server_type"] = "automate"
|
263
|
+
config["server"] = "https://myautomate"
|
264
|
+
config["version"] = "1.6.99"
|
265
|
+
config["automate"] = { "ent" => "automate", "token_type" => "dctoken" }
|
266
|
+
config["version"] = { "api" => "compliance", "version" => "0.8.24" }
|
267
|
+
|
268
|
+
stub_request(:get, "https://myautomate/profiles/admin")
|
269
|
+
.with(headers: { "Accept" => "*/*", "Accept-Encoding" => "gzip;q=1.0,deflate;q=0.6,identity;q=0.3", "Chef-Delivery-Enterprise" => "automate", "User-Agent" => "Ruby", "X-Data-Collector-Token" => "" })
|
269
270
|
.to_return(status: 200, body: profiles_response.to_json, headers: {})
|
270
271
|
|
271
|
-
InspecPlugins::Compliance::API.exist?(config,
|
272
|
-
InspecPlugins::Compliance::API.exist?(config,
|
273
|
-
InspecPlugins::Compliance::API.exist?(config,
|
274
|
-
InspecPlugins::Compliance::API.exist?(config,
|
272
|
+
InspecPlugins::Compliance::API.exist?(config, "admin/apache-baseline").must_equal true
|
273
|
+
InspecPlugins::Compliance::API.exist?(config, "admin/apache-baseline#2.0.1").must_equal true
|
274
|
+
InspecPlugins::Compliance::API.exist?(config, "admin/apache-baseline#2.0.999").must_equal false
|
275
|
+
InspecPlugins::Compliance::API.exist?(config, "admin/missing-in-action").must_equal false
|
275
276
|
end
|
276
277
|
end
|
277
278
|
|
278
|
-
describe
|
279
|
-
let(:url) {
|
279
|
+
describe ".determine_server_type" do
|
280
|
+
let(:url) { "https://someserver.onthe.net/" }
|
280
281
|
|
281
|
-
let(:compliance_endpoint) {
|
282
|
-
let(:automate_endpoint) {
|
283
|
-
let(:automate2_endpoint) {
|
282
|
+
let(:compliance_endpoint) { "/api/version" }
|
283
|
+
let(:automate_endpoint) { "/compliance/version" }
|
284
|
+
let(:automate2_endpoint) { "/dex/auth" }
|
284
285
|
let(:headers) { nil }
|
285
286
|
let(:insecure) { true }
|
286
287
|
|
287
288
|
let(:good_response) { mock }
|
288
289
|
let(:bad_response) { mock }
|
289
290
|
|
290
|
-
it
|
291
|
-
good_response.stubs(:code).returns(
|
291
|
+
it "returns `:automate2` when a 400 is received from `https://URL/dex/auth`" do
|
292
|
+
good_response.stubs(:code).returns("400")
|
292
293
|
|
293
294
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
294
295
|
.with(url + automate2_endpoint, headers, insecure)
|
@@ -297,9 +298,9 @@ describe InspecPlugins::Compliance::API do
|
|
297
298
|
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:automate2)
|
298
299
|
end
|
299
300
|
|
300
|
-
it
|
301
|
-
good_response.stubs(:code).returns(
|
302
|
-
bad_response.stubs(:code).returns(
|
301
|
+
it "returns `:automate` when a 401 is received from `https://URL/compliance/version`" do
|
302
|
+
good_response.stubs(:code).returns("401")
|
303
|
+
bad_response.stubs(:code).returns("404")
|
303
304
|
|
304
305
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
305
306
|
.with(url + automate2_endpoint, headers, insecure)
|
@@ -314,10 +315,10 @@ describe InspecPlugins::Compliance::API do
|
|
314
315
|
# Chef Automate currently returns 401 for `/compliance/version` but some
|
315
316
|
# versions of OpsWorks Chef Automate return 200 and a Chef Manage page when
|
316
317
|
# unauthenticated requests are received.
|
317
|
-
it
|
318
|
-
bad_response.stubs(:code).returns(
|
319
|
-
good_response.stubs(:code).returns(
|
320
|
-
good_response.stubs(:body).returns(
|
318
|
+
it "returns `:automate` when a 200 is received from `https://URL/compliance/version`" do
|
319
|
+
bad_response.stubs(:code).returns("404")
|
320
|
+
good_response.stubs(:code).returns("200")
|
321
|
+
good_response.stubs(:body).returns("Are You Looking For the Chef Server?")
|
321
322
|
|
322
323
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
323
324
|
.with(url + automate2_endpoint, headers, insecure)
|
@@ -329,9 +330,9 @@ describe InspecPlugins::Compliance::API do
|
|
329
330
|
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:automate)
|
330
331
|
end
|
331
332
|
|
332
|
-
it
|
333
|
-
bad_response.stubs(:code).returns(
|
334
|
-
bad_response.stubs(:body).returns(
|
333
|
+
it "returns `nil` if a 200 is received from `https://URL/compliance/version` but not redirected to Chef Manage" do
|
334
|
+
bad_response.stubs(:code).returns("200")
|
335
|
+
bad_response.stubs(:body).returns("No Chef Manage here")
|
335
336
|
|
336
337
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
337
338
|
.with(url + automate_endpoint, headers, insecure)
|
@@ -341,7 +342,7 @@ describe InspecPlugins::Compliance::API do
|
|
341
342
|
.returns(bad_response)
|
342
343
|
|
343
344
|
mock_compliance_response = mock
|
344
|
-
mock_compliance_response.stubs(:code).returns(
|
345
|
+
mock_compliance_response.stubs(:code).returns("404")
|
345
346
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
346
347
|
.with(url + compliance_endpoint, headers, insecure)
|
347
348
|
.returns(mock_compliance_response)
|
@@ -349,9 +350,9 @@ describe InspecPlugins::Compliance::API do
|
|
349
350
|
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_be_nil
|
350
351
|
end
|
351
352
|
|
352
|
-
it
|
353
|
-
good_response.stubs(:code).returns(
|
354
|
-
bad_response.stubs(:code).returns(
|
353
|
+
it "returns `:compliance` when a 200 is received from `https://URL/api/version`" do
|
354
|
+
good_response.stubs(:code).returns("200")
|
355
|
+
bad_response.stubs(:code).returns("404")
|
355
356
|
|
356
357
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
357
358
|
.with(url + automate_endpoint, headers, insecure)
|
@@ -366,8 +367,8 @@ describe InspecPlugins::Compliance::API do
|
|
366
367
|
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:compliance)
|
367
368
|
end
|
368
369
|
|
369
|
-
it
|
370
|
-
bad_response.stubs(:code).returns(
|
370
|
+
it "returns `nil` if it cannot determine the server type" do
|
371
|
+
bad_response.stubs(:code).returns("404")
|
371
372
|
|
372
373
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
373
374
|
.with(url + automate2_endpoint, headers, insecure)
|