inspec 4.3.2 → 4.6.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +36 -38
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/inspec.gemspec +38 -39
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-artifact/test/functional/inspec_artifact_test.rb +12 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-compliance/test/functional/inspec_compliance_test.rb +12 -14
- data/lib/plugins/inspec-compliance/test/integration/default/cli.rb +39 -41
- data/lib/plugins/inspec-compliance/test/unit/api/login_test.rb +64 -64
- data/lib/plugins/inspec-compliance/test/unit/api_test.rb +157 -156
- data/lib/plugins/inspec-compliance/test/unit/target_test.rb +85 -85
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/Berksfile +1 -1
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/metadata.rb +8 -8
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/recipes/default.rb +17 -17
- data/lib/plugins/inspec-habitat/test/functional/inspec_habitat_test.rb +9 -8
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/controls/inspec_habitat.rb +14 -14
- data/lib/plugins/inspec-habitat/test/support/example_profile/controls/example.rb +4 -4
- data/lib/plugins/inspec-habitat/test/unit/profile_test.rb +42 -41
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/functional/inspec_plugin_template_test.rb +5 -5
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/helper.rb +1 -3
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/cli_args_test.rb +2 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/plugin_def_test.rb +2 -2
- data/lib/plugins/inspec-init/templates/profiles/aws/controls/example.rb +10 -11
- data/lib/plugins/inspec-init/templates/profiles/azure/controls/example.rb +4 -5
- data/lib/plugins/inspec-init/templates/profiles/gcp/controls/example.rb +10 -11
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-init/test/functional/inspec_init_plugin_test.rb +51 -50
- data/lib/plugins/inspec-init/test/functional/inspec_init_profile_test.rb +35 -33
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/inspec-plugin-manager-cli/test/fixtures/plugins/wrong-name/lib/wrong-name.rb +1 -1
- data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +281 -271
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +41 -41
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/plugin_def_test.rb +25 -6
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/resource_support/aws.rb +67 -67
- data/lib/resource_support/aws/aws_plural_resource_mixin.rb +4 -1
- data/lib/resource_support/aws/aws_resource_mixin.rb +4 -3
- data/lib/resource_support/aws/aws_singular_resource_mixin.rb +4 -1
- data/lib/resources/aws/aws_billing_report.rb +15 -8
- data/lib/resources/aws/aws_billing_reports.rb +10 -7
- data/lib/resources/aws/aws_cloudtrail_trail.rb +9 -5
- data/lib/resources/aws/aws_cloudtrail_trails.rb +9 -5
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +9 -5
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +12 -8
- data/lib/resources/aws/aws_config_delivery_channel.rb +13 -9
- data/lib/resources/aws/aws_config_recorder.rb +10 -6
- data/lib/resources/aws/aws_ebs_volume.rb +12 -8
- data/lib/resources/aws/aws_ebs_volumes.rb +9 -5
- data/lib/resources/aws/aws_ec2_instance.rb +14 -11
- data/lib/resources/aws/aws_ec2_instances.rb +9 -5
- data/lib/resources/aws/aws_ecs_cluster.rb +11 -7
- data/lib/resources/aws/aws_eks_cluster.rb +13 -9
- data/lib/resources/aws/aws_elb.rb +9 -5
- data/lib/resources/aws/aws_elbs.rb +9 -5
- data/lib/resources/aws/aws_flow_log.rb +17 -13
- data/lib/resources/aws/aws_iam_access_key.rb +15 -11
- data/lib/resources/aws/aws_iam_access_keys.rb +19 -15
- data/lib/resources/aws/aws_iam_group.rb +9 -5
- data/lib/resources/aws/aws_iam_groups.rb +9 -5
- data/lib/resources/aws/aws_iam_password_policy.rb +13 -10
- data/lib/resources/aws/aws_iam_policies.rb +9 -5
- data/lib/resources/aws/aws_iam_policy.rb +16 -12
- data/lib/resources/aws/aws_iam_role.rb +9 -5
- data/lib/resources/aws/aws_iam_root_user.rb +12 -8
- data/lib/resources/aws/aws_iam_user.rb +12 -12
- data/lib/resources/aws/aws_iam_users.rb +10 -10
- data/lib/resources/aws/aws_kms_key.rb +12 -8
- data/lib/resources/aws/aws_kms_keys.rb +9 -5
- data/lib/resources/aws/aws_rds_instance.rb +11 -8
- data/lib/resources/aws/aws_route_table.rb +11 -7
- data/lib/resources/aws/aws_route_tables.rb +10 -6
- data/lib/resources/aws/aws_s3_bucket.rb +14 -11
- data/lib/resources/aws/aws_s3_bucket_object.rb +12 -9
- data/lib/resources/aws/aws_s3_buckets.rb +9 -7
- data/lib/resources/aws/aws_security_group.rb +16 -12
- data/lib/resources/aws/aws_security_groups.rb +12 -8
- data/lib/resources/aws/aws_sns_subscription.rb +15 -11
- data/lib/resources/aws/aws_sns_topic.rb +10 -6
- data/lib/resources/aws/aws_sns_topics.rb +9 -5
- data/lib/resources/aws/aws_sqs_queue.rb +18 -14
- data/lib/resources/aws/aws_subnet.rb +11 -7
- data/lib/resources/aws/aws_subnets.rb +9 -5
- data/lib/resources/aws/aws_vpc.rb +10 -6
- data/lib/resources/aws/aws_vpcs.rb +9 -5
- data/lib/resources/azure/azure_backend.rb +20 -18
- data/lib/resources/azure/azure_generic_resource.rb +13 -15
- data/lib/resources/azure/azure_resource_group.rb +17 -19
- data/lib/resources/azure/azure_virtual_machine.rb +6 -8
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +6 -8
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +141 -142
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
|
@@ -1,25 +1,25 @@
|
|
|
1
|
-
require
|
|
2
|
-
require
|
|
3
|
-
require
|
|
4
|
-
require_relative
|
|
1
|
+
require "minitest/autorun"
|
|
2
|
+
require "mocha/setup"
|
|
3
|
+
require "webmock/minitest"
|
|
4
|
+
require_relative "../../../lib/inspec-compliance/api.rb"
|
|
5
5
|
|
|
6
6
|
describe InspecPlugins::Compliance::API do
|
|
7
7
|
let(:automate_options) do
|
|
8
8
|
{
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
9
|
+
"server" => "https://automate.example.com",
|
|
10
|
+
"ent" => "automate",
|
|
11
|
+
"user" => "someone",
|
|
12
|
+
"token" => "token",
|
|
13
13
|
}
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
let(:compliance_options) do
|
|
17
17
|
{
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
18
|
+
"server" => "https://compliance.example.com",
|
|
19
|
+
"user" => "someone",
|
|
20
|
+
"password" => "password",
|
|
21
|
+
"token" => "token",
|
|
22
|
+
"refresh_token" => "refresh_token",
|
|
23
23
|
}
|
|
24
24
|
end
|
|
25
25
|
|
|
@@ -49,138 +49,138 @@ describe InspecPlugins::Compliance::API do
|
|
|
49
49
|
FakeConfig.new
|
|
50
50
|
end
|
|
51
51
|
|
|
52
|
-
describe
|
|
53
|
-
describe
|
|
52
|
+
describe ".login" do
|
|
53
|
+
describe "when target is a Chef Automate2 server" do
|
|
54
54
|
before do
|
|
55
55
|
InspecPlugins::Compliance::API.expects(:determine_server_type).returns(:automate2)
|
|
56
56
|
end
|
|
57
57
|
|
|
58
|
-
it
|
|
58
|
+
it "raises an error if `--user` is missing" do
|
|
59
59
|
options = automate_options
|
|
60
|
-
options.delete(
|
|
60
|
+
options.delete("user")
|
|
61
61
|
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
|
62
62
|
err.message.must_match(/Please specify a user.*/)
|
|
63
63
|
err.message.lines.length.must_equal(1)
|
|
64
64
|
end
|
|
65
65
|
|
|
66
|
-
it
|
|
66
|
+
it "raises an error if `--token` and `--dctoken` are missing" do
|
|
67
67
|
options = automate_options
|
|
68
|
-
options.delete(
|
|
69
|
-
options.delete(
|
|
68
|
+
options.delete("token")
|
|
69
|
+
options.delete("dctoken")
|
|
70
70
|
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
|
71
71
|
err.message.must_match(/Please specify a token.*/)
|
|
72
72
|
err.message.lines.length.must_equal(1)
|
|
73
73
|
end
|
|
74
74
|
|
|
75
|
-
it
|
|
76
|
-
stub_request(:get, automate_options[
|
|
77
|
-
.to_return(status: 200, body:
|
|
75
|
+
it "stores an access token" do
|
|
76
|
+
stub_request(:get, automate_options["server"] + "/compliance/version")
|
|
77
|
+
.to_return(status: 200, body: "", headers: {})
|
|
78
78
|
options = automate_options
|
|
79
79
|
InspecPlugins::Compliance::Configuration.expects(:new).returns(fake_config)
|
|
80
80
|
|
|
81
81
|
InspecPlugins::Compliance::API.login(options)
|
|
82
|
-
fake_config[
|
|
83
|
-
fake_config[
|
|
84
|
-
fake_config[
|
|
85
|
-
fake_config[
|
|
86
|
-
fake_config[
|
|
87
|
-
fake_config[
|
|
82
|
+
fake_config["automate"]["ent"].must_equal("automate")
|
|
83
|
+
fake_config["automate"]["token_type"].must_equal("dctoken")
|
|
84
|
+
fake_config["user"].must_equal("someone")
|
|
85
|
+
fake_config["server"].must_equal("https://automate.example.com/api/v0")
|
|
86
|
+
fake_config["server_type"].must_equal("automate2")
|
|
87
|
+
fake_config["token"].must_equal("token")
|
|
88
88
|
end
|
|
89
89
|
end
|
|
90
90
|
|
|
91
|
-
describe
|
|
91
|
+
describe "when target is a Chef Automate server" do
|
|
92
92
|
before do
|
|
93
93
|
InspecPlugins::Compliance::API.expects(:determine_server_type).returns(:automate)
|
|
94
94
|
end
|
|
95
95
|
|
|
96
|
-
it
|
|
96
|
+
it "raises an error if `--user` is missing" do
|
|
97
97
|
options = automate_options
|
|
98
|
-
options.delete(
|
|
98
|
+
options.delete("user")
|
|
99
99
|
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
|
100
100
|
err.message.must_match(/Please specify a user.*/)
|
|
101
101
|
err.message.lines.length.must_equal(1)
|
|
102
102
|
end
|
|
103
103
|
|
|
104
|
-
it
|
|
104
|
+
it "raises an error if `--ent` is missing" do
|
|
105
105
|
options = automate_options
|
|
106
|
-
options.delete(
|
|
106
|
+
options.delete("ent")
|
|
107
107
|
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
|
108
108
|
err.message.must_match(/Please specify an enterprise.*/)
|
|
109
109
|
err.message.lines.length.must_equal(1)
|
|
110
110
|
end
|
|
111
111
|
|
|
112
|
-
it
|
|
112
|
+
it "raises an error if `--token` and `--dctoken` are missing" do
|
|
113
113
|
options = automate_options
|
|
114
|
-
options.delete(
|
|
115
|
-
options.delete(
|
|
114
|
+
options.delete("token")
|
|
115
|
+
options.delete("dctoken")
|
|
116
116
|
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
|
117
117
|
err.message.must_match(/Please specify a token.*/)
|
|
118
118
|
err.message.lines.length.must_equal(1)
|
|
119
119
|
end
|
|
120
120
|
|
|
121
|
-
it
|
|
122
|
-
stub_request(:get, automate_options[
|
|
123
|
-
.to_return(status: 200, body:
|
|
121
|
+
it "stores an access token" do
|
|
122
|
+
stub_request(:get, automate_options["server"] + "/compliance/version")
|
|
123
|
+
.to_return(status: 200, body: "", headers: {})
|
|
124
124
|
options = automate_options
|
|
125
125
|
InspecPlugins::Compliance::Configuration.expects(:new).returns(fake_config)
|
|
126
126
|
|
|
127
127
|
InspecPlugins::Compliance::API.login(options)
|
|
128
|
-
fake_config[
|
|
129
|
-
fake_config[
|
|
130
|
-
fake_config[
|
|
131
|
-
fake_config[
|
|
132
|
-
fake_config[
|
|
133
|
-
fake_config[
|
|
128
|
+
fake_config["automate"]["ent"].must_equal("automate")
|
|
129
|
+
fake_config["automate"]["token_type"].must_equal("usertoken")
|
|
130
|
+
fake_config["user"].must_equal("someone")
|
|
131
|
+
fake_config["server"].must_equal("https://automate.example.com/compliance")
|
|
132
|
+
fake_config["server_type"].must_equal("automate")
|
|
133
|
+
fake_config["token"].must_equal("token")
|
|
134
134
|
end
|
|
135
135
|
end
|
|
136
136
|
|
|
137
|
-
describe
|
|
137
|
+
describe "when target is a Chef Compliance server" do
|
|
138
138
|
before do
|
|
139
139
|
InspecPlugins::Compliance::API.expects(:determine_server_type).returns(:compliance)
|
|
140
140
|
end
|
|
141
141
|
|
|
142
|
-
it
|
|
142
|
+
it "raises an error if `--user` and `--refresh-token` are missing" do
|
|
143
143
|
options = automate_options
|
|
144
|
-
options.delete(
|
|
145
|
-
options.delete(
|
|
144
|
+
options.delete("user")
|
|
145
|
+
options.delete("refresh_token")
|
|
146
146
|
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
|
147
147
|
err.message.must_match(/Please specify a.*--user.*--refresh-token.*/)
|
|
148
148
|
err.message.lines.length.must_equal(1)
|
|
149
149
|
end
|
|
150
150
|
|
|
151
|
-
it
|
|
151
|
+
it "raises an error if `--user` is present but authentication method missing" do
|
|
152
152
|
options = automate_options
|
|
153
|
-
options.delete(
|
|
154
|
-
options.delete(
|
|
155
|
-
options.delete(
|
|
153
|
+
options.delete("password")
|
|
154
|
+
options.delete("token")
|
|
155
|
+
options.delete("refresh_token")
|
|
156
156
|
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
|
157
157
|
err.message.must_match(/Please specify.*--password.*--token.*--refresh-token.*/)
|
|
158
158
|
err.message.lines.length.must_equal(1)
|
|
159
159
|
end
|
|
160
160
|
|
|
161
|
-
it
|
|
162
|
-
stub_request(:get, compliance_options[
|
|
163
|
-
.to_return(status: 200, body:
|
|
161
|
+
it "stores an access token" do
|
|
162
|
+
stub_request(:get, compliance_options["server"] + "/api/version")
|
|
163
|
+
.to_return(status: 200, body: "", headers: {})
|
|
164
164
|
options = compliance_options
|
|
165
165
|
InspecPlugins::Compliance::Configuration.expects(:new).returns(fake_config)
|
|
166
166
|
|
|
167
167
|
InspecPlugins::Compliance::API.login(options)
|
|
168
|
-
fake_config[
|
|
169
|
-
fake_config[
|
|
170
|
-
fake_config[
|
|
171
|
-
fake_config[
|
|
168
|
+
fake_config["user"].must_equal("someone")
|
|
169
|
+
fake_config["server"].must_equal("https://compliance.example.com/api")
|
|
170
|
+
fake_config["server_type"].must_equal("compliance")
|
|
171
|
+
fake_config["token"].must_equal("token")
|
|
172
172
|
end
|
|
173
173
|
end
|
|
174
174
|
|
|
175
|
-
describe
|
|
176
|
-
it
|
|
175
|
+
describe "when target is neither a Chef Compliance nor Chef Automate server" do
|
|
176
|
+
it "raises an error if `https://SERVER` is missing" do
|
|
177
177
|
options = {}
|
|
178
178
|
err = proc { InspecPlugins::Compliance::API.login(options) }.must_raise(ArgumentError)
|
|
179
179
|
err.message.must_match(/Please specify a server.*/)
|
|
180
180
|
err.message.lines.length.must_equal(1)
|
|
181
181
|
end
|
|
182
182
|
|
|
183
|
-
it
|
|
183
|
+
it "rasies a `CannotDetermineServerType` error" do
|
|
184
184
|
InspecPlugins::Compliance::API.expects(:determine_server_type).returns(nil)
|
|
185
185
|
err = proc { InspecPlugins::Compliance::API.login(automate_options) }.must_raise(StandardError)
|
|
186
186
|
err.message.must_match(/Unable to determine/)
|
|
@@ -1,52 +1,53 @@
|
|
|
1
|
-
require
|
|
2
|
-
require
|
|
3
|
-
|
|
1
|
+
require "minitest/autorun"
|
|
2
|
+
require "webmock/minitest"
|
|
3
|
+
require "mocha/setup"
|
|
4
|
+
require_relative "../../lib/inspec-compliance/api.rb"
|
|
4
5
|
|
|
5
6
|
describe InspecPlugins::Compliance::API do
|
|
6
7
|
let(:profiles_response) do
|
|
7
|
-
[{
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
{
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
{
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
8
|
+
[{ "name" => "apache-baseline",
|
|
9
|
+
"title" => "DevSec Apache Baseline",
|
|
10
|
+
"maintainer" => "DevSec Hardening Framework Team",
|
|
11
|
+
"copyright" => "DevSec Hardening Framework Team",
|
|
12
|
+
"copyright_email" => "hello@dev-sec.io",
|
|
13
|
+
"license" => "Apache 2 license",
|
|
14
|
+
"summary" => "Test-suite for best-practice apache hardening",
|
|
15
|
+
"version" => "2.0.2",
|
|
16
|
+
"supports" => [{ "os-family" => "unix" }],
|
|
17
|
+
"depends" => nil,
|
|
18
|
+
"owner_id" => "admin" },
|
|
19
|
+
{ "name" => "apache-baseline",
|
|
20
|
+
"title" => "DevSec Apache Baseline",
|
|
21
|
+
"maintainer" => "Hardening Framework Team",
|
|
22
|
+
"copyright" => "Hardening Framework Team",
|
|
23
|
+
"copyright_email" => "hello@dev-sec.io",
|
|
24
|
+
"license" => "Apache 2 license",
|
|
25
|
+
"summary" => "Test-suite for best-practice apache hardening",
|
|
26
|
+
"version" => "2.0.1",
|
|
27
|
+
"supports" => [{ "os-family" => "unix" }],
|
|
28
|
+
"depends" => nil,
|
|
29
|
+
"latest_version" => "2.0.2",
|
|
30
|
+
"owner_id" => "admin" },
|
|
31
|
+
{ "name" => "cis-aix-5.3-6.1-level1",
|
|
32
|
+
"title" => "CIS AIX 5.3 and AIX 6.1 Benchmark Level 1",
|
|
33
|
+
"maintainer" => "Chef Software, Inc.",
|
|
34
|
+
"copyright" => "Chef Software, Inc.",
|
|
35
|
+
"copyright_email" => "support@chef.io",
|
|
36
|
+
"license" => "Proprietary, All rights reserved",
|
|
37
|
+
"summary" => "CIS AIX 5.3 and AIX 6.1 Benchmark Level 1 translated from SCAP",
|
|
38
|
+
"version" => "1.1.0",
|
|
39
|
+
"supports" => nil,
|
|
40
|
+
"depends" => nil,
|
|
41
|
+
"latest_version" => "1.1.0-3",
|
|
42
|
+
"owner_id" => "admin" }]
|
|
42
43
|
end
|
|
43
44
|
|
|
44
|
-
describe
|
|
45
|
-
let(:headers) {
|
|
45
|
+
describe ".version" do
|
|
46
|
+
let(:headers) { "test-headers" }
|
|
46
47
|
let(:config) do
|
|
47
48
|
{
|
|
48
|
-
|
|
49
|
-
|
|
49
|
+
"server" => "myserver",
|
|
50
|
+
"insecure" => true,
|
|
50
51
|
}
|
|
51
52
|
end
|
|
52
53
|
|
|
@@ -54,72 +55,72 @@ describe InspecPlugins::Compliance::API do
|
|
|
54
55
|
InspecPlugins::Compliance::API.expects(:get_headers).returns(headers)
|
|
55
56
|
end
|
|
56
57
|
|
|
57
|
-
describe
|
|
58
|
-
it
|
|
58
|
+
describe "when a 404 is received" do
|
|
59
|
+
it "should return an empty hash" do
|
|
59
60
|
response = mock
|
|
60
|
-
response.stubs(:code).returns(
|
|
61
|
-
InspecPlugins::Compliance::HTTP.expects(:get).with(
|
|
61
|
+
response.stubs(:code).returns("404")
|
|
62
|
+
InspecPlugins::Compliance::HTTP.expects(:get).with("myserver/version", "test-headers", true).returns(response)
|
|
62
63
|
InspecPlugins::Compliance::API.version(config).must_equal({})
|
|
63
64
|
end
|
|
64
65
|
end
|
|
65
66
|
|
|
66
|
-
describe
|
|
67
|
-
it
|
|
67
|
+
describe "when the returned body is nil" do
|
|
68
|
+
it "should return an empty hash" do
|
|
68
69
|
response = mock
|
|
69
|
-
response.stubs(:code).returns(
|
|
70
|
+
response.stubs(:code).returns("200")
|
|
70
71
|
response.stubs(:body).returns(nil)
|
|
71
|
-
InspecPlugins::Compliance::HTTP.expects(:get).with(
|
|
72
|
+
InspecPlugins::Compliance::HTTP.expects(:get).with("myserver/version", "test-headers", true).returns(response)
|
|
72
73
|
InspecPlugins::Compliance::API.version(config).must_equal({})
|
|
73
74
|
end
|
|
74
75
|
end
|
|
75
76
|
|
|
76
|
-
describe
|
|
77
|
-
it
|
|
77
|
+
describe "when the returned body is an empty string" do
|
|
78
|
+
it "should return an empty hash" do
|
|
78
79
|
response = mock
|
|
79
|
-
response.stubs(:code).returns(
|
|
80
|
-
response.stubs(:body).returns(
|
|
81
|
-
InspecPlugins::Compliance::HTTP.expects(:get).with(
|
|
80
|
+
response.stubs(:code).returns("200")
|
|
81
|
+
response.stubs(:body).returns("")
|
|
82
|
+
InspecPlugins::Compliance::HTTP.expects(:get).with("myserver/version", "test-headers", true).returns(response)
|
|
82
83
|
InspecPlugins::Compliance::API.version(config).must_equal({})
|
|
83
84
|
end
|
|
84
85
|
end
|
|
85
86
|
|
|
86
|
-
describe
|
|
87
|
-
it
|
|
87
|
+
describe "when the returned body has no version key" do
|
|
88
|
+
it "should return an empty hash" do
|
|
88
89
|
response = mock
|
|
89
|
-
response.stubs(:code).returns(
|
|
90
|
+
response.stubs(:code).returns("200")
|
|
90
91
|
response.stubs(:body).returns('{"api":"compliance"}')
|
|
91
|
-
InspecPlugins::Compliance::HTTP.expects(:get).with(
|
|
92
|
+
InspecPlugins::Compliance::HTTP.expects(:get).with("myserver/version", "test-headers", true).returns(response)
|
|
92
93
|
InspecPlugins::Compliance::API.version(config).must_equal({})
|
|
93
94
|
end
|
|
94
95
|
end
|
|
95
96
|
|
|
96
|
-
describe
|
|
97
|
-
it
|
|
97
|
+
describe "when the returned body has an empty version key" do
|
|
98
|
+
it "should return an empty hash" do
|
|
98
99
|
response = mock
|
|
99
|
-
response.stubs(:code).returns(
|
|
100
|
+
response.stubs(:code).returns("200")
|
|
100
101
|
response.stubs(:body).returns('{"api":"compliance","version":""}')
|
|
101
|
-
InspecPlugins::Compliance::HTTP.expects(:get).with(
|
|
102
|
+
InspecPlugins::Compliance::HTTP.expects(:get).with("myserver/version", "test-headers", true).returns(response)
|
|
102
103
|
InspecPlugins::Compliance::API.version(config).must_equal({})
|
|
103
104
|
end
|
|
104
105
|
end
|
|
105
106
|
|
|
106
|
-
describe
|
|
107
|
-
it
|
|
107
|
+
describe "when the returned body has a proper version" do
|
|
108
|
+
it "should return an empty hash" do
|
|
108
109
|
response = mock
|
|
109
|
-
response.stubs(:code).returns(
|
|
110
|
+
response.stubs(:code).returns("200")
|
|
110
111
|
response.stubs(:body).returns('{"api":"compliance","version":"1.2.3"}')
|
|
111
|
-
InspecPlugins::Compliance::HTTP.expects(:get).with(
|
|
112
|
-
InspecPlugins::Compliance::API.version(config).must_equal({
|
|
112
|
+
InspecPlugins::Compliance::HTTP.expects(:get).with("myserver/version", "test-headers", true).returns(response)
|
|
113
|
+
InspecPlugins::Compliance::API.version(config).must_equal({ "version" => "1.2.3", "api" => "compliance" })
|
|
113
114
|
end
|
|
114
115
|
end
|
|
115
116
|
end
|
|
116
117
|
|
|
117
|
-
describe
|
|
118
|
-
describe
|
|
119
|
-
it
|
|
118
|
+
describe "automate/compliance is? checks" do
|
|
119
|
+
describe "when the config has a compliance server_type" do
|
|
120
|
+
it "automate/compliance server is? methods return correctly" do
|
|
120
121
|
config = InspecPlugins::Compliance::Configuration.new
|
|
121
122
|
config.clean
|
|
122
|
-
config[
|
|
123
|
+
config["server_type"] = "compliance"
|
|
123
124
|
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal true
|
|
124
125
|
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal false
|
|
125
126
|
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal false
|
|
@@ -128,11 +129,11 @@ describe InspecPlugins::Compliance::API do
|
|
|
128
129
|
end
|
|
129
130
|
end
|
|
130
131
|
|
|
131
|
-
describe
|
|
132
|
-
it
|
|
132
|
+
describe "when the config has a automate2 server_type" do
|
|
133
|
+
it "automate/compliance server is? methods return correctly" do
|
|
133
134
|
config = InspecPlugins::Compliance::Configuration.new
|
|
134
135
|
config.clean
|
|
135
|
-
config[
|
|
136
|
+
config["server_type"] = "automate2"
|
|
136
137
|
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
|
137
138
|
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal false
|
|
138
139
|
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal false
|
|
@@ -141,11 +142,11 @@ describe InspecPlugins::Compliance::API do
|
|
|
141
142
|
end
|
|
142
143
|
end
|
|
143
144
|
|
|
144
|
-
describe
|
|
145
|
-
it
|
|
145
|
+
describe "when the config has an automate server_type and no version key" do
|
|
146
|
+
it "automate/compliance server is? methods return correctly" do
|
|
146
147
|
config = InspecPlugins::Compliance::Configuration.new
|
|
147
148
|
config.clean
|
|
148
|
-
config[
|
|
149
|
+
config["server_type"] = "automate"
|
|
149
150
|
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
|
150
151
|
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
|
|
151
152
|
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal true
|
|
@@ -154,12 +155,12 @@ describe InspecPlugins::Compliance::API do
|
|
|
154
155
|
end
|
|
155
156
|
end
|
|
156
157
|
|
|
157
|
-
describe
|
|
158
|
-
it
|
|
158
|
+
describe "when the config has an automate server_type and a version key that is not a hash" do
|
|
159
|
+
it "automate/compliance server is? methods return correctly" do
|
|
159
160
|
config = InspecPlugins::Compliance::Configuration.new
|
|
160
161
|
config.clean
|
|
161
|
-
config[
|
|
162
|
-
config[
|
|
162
|
+
config["server_type"] = "automate"
|
|
163
|
+
config["version"] = "1.2.3"
|
|
163
164
|
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
|
164
165
|
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
|
|
165
166
|
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal true
|
|
@@ -168,12 +169,12 @@ describe InspecPlugins::Compliance::API do
|
|
|
168
169
|
end
|
|
169
170
|
end
|
|
170
171
|
|
|
171
|
-
describe
|
|
172
|
-
it
|
|
172
|
+
describe "when the config has an automate server_type and a version hash with no version" do
|
|
173
|
+
it "automate/compliance server is? methods return correctly" do
|
|
173
174
|
config = InspecPlugins::Compliance::Configuration.new
|
|
174
175
|
config.clean
|
|
175
|
-
config[
|
|
176
|
-
config[
|
|
176
|
+
config["server_type"] = "automate"
|
|
177
|
+
config["version"] = {}
|
|
177
178
|
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
|
178
179
|
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
|
|
179
180
|
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal true
|
|
@@ -181,12 +182,12 @@ describe InspecPlugins::Compliance::API do
|
|
|
181
182
|
end
|
|
182
183
|
end
|
|
183
184
|
|
|
184
|
-
describe
|
|
185
|
-
it
|
|
185
|
+
describe "when the config has an automate server_type and a version hash with a version" do
|
|
186
|
+
it "automate/compliance server is? methods return correctly" do
|
|
186
187
|
config = InspecPlugins::Compliance::Configuration.new
|
|
187
188
|
config.clean
|
|
188
|
-
config[
|
|
189
|
-
config[
|
|
189
|
+
config["server_type"] = "automate"
|
|
190
|
+
config["version"] = { "version" => "0.8.1" }
|
|
190
191
|
InspecPlugins::Compliance::API.is_compliance_server?(config).must_equal false
|
|
191
192
|
InspecPlugins::Compliance::API.is_automate_server?(config).must_equal true
|
|
192
193
|
InspecPlugins::Compliance::API.is_automate_server_pre_080?(config).must_equal false
|
|
@@ -195,100 +196,100 @@ describe InspecPlugins::Compliance::API do
|
|
|
195
196
|
end
|
|
196
197
|
end
|
|
197
198
|
|
|
198
|
-
describe
|
|
199
|
-
it
|
|
199
|
+
describe ".server_version_from_config" do
|
|
200
|
+
it "returns nil when the config has no version key" do
|
|
200
201
|
config = {}
|
|
201
202
|
InspecPlugins::Compliance::API.server_version_from_config(config).must_be_nil
|
|
202
203
|
end
|
|
203
204
|
|
|
204
|
-
it
|
|
205
|
-
config = {
|
|
205
|
+
it "returns nil when the version value is not a hash" do
|
|
206
|
+
config = { "version" => "123" }
|
|
206
207
|
InspecPlugins::Compliance::API.server_version_from_config(config).must_be_nil
|
|
207
208
|
end
|
|
208
209
|
|
|
209
|
-
it
|
|
210
|
-
config = {
|
|
210
|
+
it "returns nil when the version value is a hash but has no version key inside" do
|
|
211
|
+
config = { "version" => {} }
|
|
211
212
|
InspecPlugins::Compliance::API.server_version_from_config(config).must_be_nil
|
|
212
213
|
end
|
|
213
214
|
|
|
214
|
-
it
|
|
215
|
-
config = {
|
|
216
|
-
InspecPlugins::Compliance::API.server_version_from_config(config).must_equal
|
|
215
|
+
it "returns the version if the version value is a hash containing a version" do
|
|
216
|
+
config = { "version" => { "version" => "1.2.3" } }
|
|
217
|
+
InspecPlugins::Compliance::API.server_version_from_config(config).must_equal "1.2.3"
|
|
217
218
|
end
|
|
218
219
|
end
|
|
219
220
|
|
|
220
|
-
describe
|
|
221
|
-
it
|
|
222
|
-
InspecPlugins::Compliance::API.profile_split(
|
|
221
|
+
describe "profile_split" do
|
|
222
|
+
it "handles a profile without version" do
|
|
223
|
+
InspecPlugins::Compliance::API.profile_split("admin/apache-baseline").must_equal ["admin", "apache-baseline", nil]
|
|
223
224
|
end
|
|
224
225
|
|
|
225
|
-
it
|
|
226
|
-
InspecPlugins::Compliance::API.profile_split(
|
|
226
|
+
it "handles a profile with a version" do
|
|
227
|
+
InspecPlugins::Compliance::API.profile_split("admin/apache-baseline#2.0.1").must_equal ["admin", "apache-baseline", "2.0.1"]
|
|
227
228
|
end
|
|
228
229
|
end
|
|
229
230
|
|
|
230
|
-
describe
|
|
231
|
-
it
|
|
231
|
+
describe "target_url" do
|
|
232
|
+
it "handles a automate profile with and without version" do
|
|
232
233
|
config = InspecPlugins::Compliance::Configuration.new
|
|
233
234
|
config.clean
|
|
234
|
-
config[
|
|
235
|
-
config[
|
|
236
|
-
config[
|
|
237
|
-
InspecPlugins::Compliance::API.target_url(config,
|
|
238
|
-
InspecPlugins::Compliance::API.target_url(config,
|
|
235
|
+
config["server_type"] = "automate"
|
|
236
|
+
config["server"] = "https://myautomate"
|
|
237
|
+
config["version"] = "1.6.99"
|
|
238
|
+
InspecPlugins::Compliance::API.target_url(config, "admin/apache-baseline").must_equal "https://myautomate/profiles/admin/apache-baseline/tar"
|
|
239
|
+
InspecPlugins::Compliance::API.target_url(config, "admin/apache-baseline#2.0.2").must_equal "https://myautomate/profiles/admin/apache-baseline/version/2.0.2/tar"
|
|
239
240
|
end
|
|
240
241
|
|
|
241
|
-
it
|
|
242
|
+
it "handles a chef-compliance profile with and without version" do
|
|
242
243
|
config = InspecPlugins::Compliance::Configuration.new
|
|
243
244
|
config.clean
|
|
244
|
-
config[
|
|
245
|
-
config[
|
|
246
|
-
config[
|
|
247
|
-
InspecPlugins::Compliance::API.target_url(config,
|
|
248
|
-
InspecPlugins::Compliance::API.target_url(config,
|
|
245
|
+
config["server_type"] = "compliance"
|
|
246
|
+
config["server"] = "https://mychefcompliance"
|
|
247
|
+
config["version"] = "1.1.2"
|
|
248
|
+
InspecPlugins::Compliance::API.target_url(config, "admin/apache-baseline").must_equal "https://mychefcompliance/owners/admin/compliance/apache-baseline/tar"
|
|
249
|
+
InspecPlugins::Compliance::API.target_url(config, "admin/apache-baseline#2.0.2").must_equal "https://mychefcompliance/owners/admin/compliance/apache-baseline/tar"
|
|
249
250
|
end
|
|
250
251
|
end
|
|
251
252
|
|
|
252
|
-
describe
|
|
253
|
-
it
|
|
253
|
+
describe "exist?" do
|
|
254
|
+
it "works with profiles returned by Automate" do
|
|
254
255
|
# ruby 2.3.3 has issues running stub_requests properly
|
|
255
256
|
# skipping for that specific version
|
|
256
|
-
return if RUBY_VERSION
|
|
257
|
+
return if RUBY_VERSION == "2.3.3"
|
|
257
258
|
|
|
258
259
|
config = InspecPlugins::Compliance::Configuration.new
|
|
259
260
|
config.clean
|
|
260
|
-
config[
|
|
261
|
-
config[
|
|
262
|
-
config[
|
|
263
|
-
config[
|
|
264
|
-
config[
|
|
265
|
-
config[
|
|
266
|
-
|
|
267
|
-
stub_request(:get,
|
|
268
|
-
.with(headers: {
|
|
261
|
+
config["owner"] = "admin"
|
|
262
|
+
config["server_type"] = "automate"
|
|
263
|
+
config["server"] = "https://myautomate"
|
|
264
|
+
config["version"] = "1.6.99"
|
|
265
|
+
config["automate"] = { "ent" => "automate", "token_type" => "dctoken" }
|
|
266
|
+
config["version"] = { "api" => "compliance", "version" => "0.8.24" }
|
|
267
|
+
|
|
268
|
+
stub_request(:get, "https://myautomate/profiles/admin")
|
|
269
|
+
.with(headers: { "Accept" => "*/*", "Accept-Encoding" => "gzip;q=1.0,deflate;q=0.6,identity;q=0.3", "Chef-Delivery-Enterprise" => "automate", "User-Agent" => "Ruby", "X-Data-Collector-Token" => "" })
|
|
269
270
|
.to_return(status: 200, body: profiles_response.to_json, headers: {})
|
|
270
271
|
|
|
271
|
-
InspecPlugins::Compliance::API.exist?(config,
|
|
272
|
-
InspecPlugins::Compliance::API.exist?(config,
|
|
273
|
-
InspecPlugins::Compliance::API.exist?(config,
|
|
274
|
-
InspecPlugins::Compliance::API.exist?(config,
|
|
272
|
+
InspecPlugins::Compliance::API.exist?(config, "admin/apache-baseline").must_equal true
|
|
273
|
+
InspecPlugins::Compliance::API.exist?(config, "admin/apache-baseline#2.0.1").must_equal true
|
|
274
|
+
InspecPlugins::Compliance::API.exist?(config, "admin/apache-baseline#2.0.999").must_equal false
|
|
275
|
+
InspecPlugins::Compliance::API.exist?(config, "admin/missing-in-action").must_equal false
|
|
275
276
|
end
|
|
276
277
|
end
|
|
277
278
|
|
|
278
|
-
describe
|
|
279
|
-
let(:url) {
|
|
279
|
+
describe ".determine_server_type" do
|
|
280
|
+
let(:url) { "https://someserver.onthe.net/" }
|
|
280
281
|
|
|
281
|
-
let(:compliance_endpoint) {
|
|
282
|
-
let(:automate_endpoint) {
|
|
283
|
-
let(:automate2_endpoint) {
|
|
282
|
+
let(:compliance_endpoint) { "/api/version" }
|
|
283
|
+
let(:automate_endpoint) { "/compliance/version" }
|
|
284
|
+
let(:automate2_endpoint) { "/dex/auth" }
|
|
284
285
|
let(:headers) { nil }
|
|
285
286
|
let(:insecure) { true }
|
|
286
287
|
|
|
287
288
|
let(:good_response) { mock }
|
|
288
289
|
let(:bad_response) { mock }
|
|
289
290
|
|
|
290
|
-
it
|
|
291
|
-
good_response.stubs(:code).returns(
|
|
291
|
+
it "returns `:automate2` when a 400 is received from `https://URL/dex/auth`" do
|
|
292
|
+
good_response.stubs(:code).returns("400")
|
|
292
293
|
|
|
293
294
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
|
294
295
|
.with(url + automate2_endpoint, headers, insecure)
|
|
@@ -297,9 +298,9 @@ describe InspecPlugins::Compliance::API do
|
|
|
297
298
|
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:automate2)
|
|
298
299
|
end
|
|
299
300
|
|
|
300
|
-
it
|
|
301
|
-
good_response.stubs(:code).returns(
|
|
302
|
-
bad_response.stubs(:code).returns(
|
|
301
|
+
it "returns `:automate` when a 401 is received from `https://URL/compliance/version`" do
|
|
302
|
+
good_response.stubs(:code).returns("401")
|
|
303
|
+
bad_response.stubs(:code).returns("404")
|
|
303
304
|
|
|
304
305
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
|
305
306
|
.with(url + automate2_endpoint, headers, insecure)
|
|
@@ -314,10 +315,10 @@ describe InspecPlugins::Compliance::API do
|
|
|
314
315
|
# Chef Automate currently returns 401 for `/compliance/version` but some
|
|
315
316
|
# versions of OpsWorks Chef Automate return 200 and a Chef Manage page when
|
|
316
317
|
# unauthenticated requests are received.
|
|
317
|
-
it
|
|
318
|
-
bad_response.stubs(:code).returns(
|
|
319
|
-
good_response.stubs(:code).returns(
|
|
320
|
-
good_response.stubs(:body).returns(
|
|
318
|
+
it "returns `:automate` when a 200 is received from `https://URL/compliance/version`" do
|
|
319
|
+
bad_response.stubs(:code).returns("404")
|
|
320
|
+
good_response.stubs(:code).returns("200")
|
|
321
|
+
good_response.stubs(:body).returns("Are You Looking For the Chef Server?")
|
|
321
322
|
|
|
322
323
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
|
323
324
|
.with(url + automate2_endpoint, headers, insecure)
|
|
@@ -329,9 +330,9 @@ describe InspecPlugins::Compliance::API do
|
|
|
329
330
|
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:automate)
|
|
330
331
|
end
|
|
331
332
|
|
|
332
|
-
it
|
|
333
|
-
bad_response.stubs(:code).returns(
|
|
334
|
-
bad_response.stubs(:body).returns(
|
|
333
|
+
it "returns `nil` if a 200 is received from `https://URL/compliance/version` but not redirected to Chef Manage" do
|
|
334
|
+
bad_response.stubs(:code).returns("200")
|
|
335
|
+
bad_response.stubs(:body).returns("No Chef Manage here")
|
|
335
336
|
|
|
336
337
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
|
337
338
|
.with(url + automate_endpoint, headers, insecure)
|
|
@@ -341,7 +342,7 @@ describe InspecPlugins::Compliance::API do
|
|
|
341
342
|
.returns(bad_response)
|
|
342
343
|
|
|
343
344
|
mock_compliance_response = mock
|
|
344
|
-
mock_compliance_response.stubs(:code).returns(
|
|
345
|
+
mock_compliance_response.stubs(:code).returns("404")
|
|
345
346
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
|
346
347
|
.with(url + compliance_endpoint, headers, insecure)
|
|
347
348
|
.returns(mock_compliance_response)
|
|
@@ -349,9 +350,9 @@ describe InspecPlugins::Compliance::API do
|
|
|
349
350
|
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_be_nil
|
|
350
351
|
end
|
|
351
352
|
|
|
352
|
-
it
|
|
353
|
-
good_response.stubs(:code).returns(
|
|
354
|
-
bad_response.stubs(:code).returns(
|
|
353
|
+
it "returns `:compliance` when a 200 is received from `https://URL/api/version`" do
|
|
354
|
+
good_response.stubs(:code).returns("200")
|
|
355
|
+
bad_response.stubs(:code).returns("404")
|
|
355
356
|
|
|
356
357
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
|
357
358
|
.with(url + automate_endpoint, headers, insecure)
|
|
@@ -366,8 +367,8 @@ describe InspecPlugins::Compliance::API do
|
|
|
366
367
|
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:compliance)
|
|
367
368
|
end
|
|
368
369
|
|
|
369
|
-
it
|
|
370
|
-
bad_response.stubs(:code).returns(
|
|
370
|
+
it "returns `nil` if it cannot determine the server type" do
|
|
371
|
+
bad_response.stubs(:code).returns("404")
|
|
371
372
|
|
|
372
373
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
|
373
374
|
.with(url + automate2_endpoint, headers, insecure)
|