inspec 4.7.3 → 4.7.18
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/inspec.gemspec +1 -1
- data/lib/bundles/inspec-supermarket/api.rb +2 -1
- data/lib/bundles/inspec-supermarket/cli.rb +6 -6
- data/lib/bundles/inspec-supermarket/target.rb +1 -0
- data/lib/fetchers/git.rb +3 -1
- data/lib/fetchers/mock.rb +1 -0
- data/lib/fetchers/url.rb +6 -3
- data/lib/inspec/backend.rb +1 -0
- data/lib/inspec/base_cli.rb +4 -1
- data/lib/inspec/cli.rb +5 -4
- data/lib/inspec/config.rb +9 -1
- data/lib/inspec/control_eval_context.rb +1 -0
- data/lib/inspec/dependencies/cache.rb +1 -0
- data/lib/inspec/dependencies/dependency_set.rb +2 -0
- data/lib/inspec/dependencies/lockfile.rb +1 -0
- data/lib/inspec/dependencies/requirement.rb +8 -7
- data/lib/inspec/dependencies/resolver.rb +3 -3
- data/lib/inspec/describe.rb +1 -0
- data/lib/inspec/dsl.rb +1 -1
- data/lib/inspec/dsl_shared.rb +1 -1
- data/lib/inspec/env_printer.rb +4 -4
- data/lib/inspec/fetcher.rb +4 -2
- data/lib/inspec/file_provider.rb +18 -8
- data/lib/inspec/formatters/base.rb +5 -0
- data/lib/inspec/impact.rb +2 -0
- data/lib/inspec/input_registry.rb +14 -13
- data/lib/inspec/metadata.rb +6 -2
- data/lib/inspec/method_source.rb +1 -1
- data/lib/inspec/objects/control.rb +4 -1
- data/lib/inspec/objects/describe.rb +3 -1
- data/lib/inspec/objects/input.rb +6 -5
- data/lib/inspec/objects/list.rb +2 -0
- data/lib/inspec/objects/test.rb +3 -2
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +7 -0
- data/lib/inspec/plugin/v1/plugins.rb +4 -3
- data/lib/inspec/plugin/v1/registry.rb +3 -2
- data/lib/inspec/plugin/v2.rb +1 -0
- data/lib/inspec/plugin/v2/activator.rb +2 -0
- data/lib/inspec/plugin/v2/config_file.rb +4 -1
- data/lib/inspec/plugin/v2/filter.rb +1 -0
- data/lib/inspec/plugin/v2/installer.rb +9 -7
- data/lib/inspec/plugin/v2/loader.rb +2 -0
- data/lib/inspec/plugin/v2/plugin_base.rb +1 -0
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +2 -2
- data/lib/inspec/plugin/v2/registry.rb +3 -1
- data/lib/inspec/profile.rb +13 -6
- data/lib/inspec/profile_context.rb +4 -2
- data/lib/inspec/reporters/cli.rb +14 -10
- data/lib/inspec/reporters/json.rb +1 -0
- data/lib/inspec/reporters/json_automate.rb +3 -0
- data/lib/inspec/reporters/json_min.rb +2 -0
- data/lib/inspec/resource.rb +2 -0
- data/lib/inspec/resources/aide_conf.rb +4 -3
- data/lib/inspec/resources/apache_conf.rb +1 -1
- data/lib/inspec/resources/apt.rb +2 -0
- data/lib/inspec/resources/auditd.rb +19 -18
- data/lib/inspec/resources/bridge.rb +5 -2
- data/lib/inspec/resources/chocolatey_package.rb +2 -0
- data/lib/inspec/resources/command.rb +1 -1
- data/lib/inspec/resources/crontab.rb +9 -8
- data/lib/inspec/resources/csv.rb +1 -1
- data/lib/inspec/resources/dh_params.rb +6 -0
- data/lib/inspec/resources/docker.rb +37 -34
- data/lib/inspec/resources/docker_container.rb +1 -0
- data/lib/inspec/resources/docker_image.rb +1 -0
- data/lib/inspec/resources/docker_plugin.rb +1 -0
- data/lib/inspec/resources/docker_service.rb +1 -0
- data/lib/inspec/resources/elasticsearch.rb +24 -24
- data/lib/inspec/resources/etc_fstab.rb +8 -7
- data/lib/inspec/resources/etc_group.rb +4 -0
- data/lib/inspec/resources/etc_hosts.rb +4 -4
- data/lib/inspec/resources/etc_hosts_allow_deny.rb +5 -3
- data/lib/inspec/resources/file.rb +4 -1
- data/lib/inspec/resources/filesystem.rb +5 -3
- data/lib/inspec/resources/firewalld.rb +7 -4
- data/lib/inspec/resources/groups.rb +6 -4
- data/lib/inspec/resources/grub_conf.rb +3 -0
- data/lib/inspec/resources/host.rb +5 -3
- data/lib/inspec/resources/http.rb +6 -4
- data/lib/inspec/resources/iis_app.rb +1 -0
- data/lib/inspec/resources/iis_app_pool.rb +1 -1
- data/lib/inspec/resources/iis_site.rb +4 -3
- data/lib/inspec/resources/interface.rb +10 -7
- data/lib/inspec/resources/json.rb +1 -1
- data/lib/inspec/resources/kernel_module.rb +1 -1
- data/lib/inspec/resources/kernel_parameter.rb +2 -1
- data/lib/inspec/resources/key_rsa.rb +5 -0
- data/lib/inspec/resources/mount.rb +3 -1
- data/lib/inspec/resources/mysql_conf.rb +3 -1
- data/lib/inspec/resources/mysql_session.rb +2 -0
- data/lib/inspec/resources/nginx.rb +1 -0
- data/lib/inspec/resources/nginx_conf.rb +10 -6
- data/lib/inspec/resources/ntp_conf.rb +1 -0
- data/lib/inspec/resources/oneget.rb +1 -1
- data/lib/inspec/resources/oracledb_session.rb +4 -2
- data/lib/inspec/resources/os_env.rb +1 -0
- data/lib/inspec/resources/package.rb +10 -6
- data/lib/inspec/resources/packages.rb +7 -5
- data/lib/inspec/resources/passwd.rb +7 -7
- data/lib/inspec/resources/pip.rb +2 -0
- data/lib/inspec/resources/port.rb +22 -8
- data/lib/inspec/resources/postgres.rb +2 -1
- data/lib/inspec/resources/postgres_conf.rb +2 -0
- data/lib/inspec/resources/postgres_hba_conf.rb +6 -6
- data/lib/inspec/resources/postgres_ident_conf.rb +3 -3
- data/lib/inspec/resources/processes.rb +16 -15
- data/lib/inspec/resources/rabbitmq_config.rb +2 -0
- data/lib/inspec/resources/registry_key.rb +8 -3
- data/lib/inspec/resources/security_identifier.rb +3 -1
- data/lib/inspec/resources/security_policy.rb +2 -1
- data/lib/inspec/resources/service.rb +13 -1
- data/lib/inspec/resources/shadow.rb +1 -0
- data/lib/inspec/resources/ssh_config.rb +2 -0
- data/lib/inspec/resources/ssl.rb +12 -11
- data/lib/inspec/resources/users.rb +29 -19
- data/lib/inspec/resources/virtualization.rb +10 -0
- data/lib/inspec/resources/windows_feature.rb +1 -1
- data/lib/inspec/resources/windows_hotfix.rb +2 -0
- data/lib/inspec/resources/windows_task.rb +4 -0
- data/lib/inspec/resources/wmi.rb +2 -1
- data/lib/inspec/resources/x509_certificate.rb +8 -0
- data/lib/inspec/resources/xinetd_conf.rb +10 -9
- data/lib/inspec/resources/yum.rb +15 -11
- data/lib/inspec/resources/zfs_dataset.rb +4 -2
- data/lib/inspec/resources/zfs_pool.rb +2 -1
- data/lib/inspec/rule.rb +11 -1
- data/lib/inspec/runner.rb +9 -6
- data/lib/inspec/runner_rspec.rb +10 -8
- data/lib/inspec/schema.rb +1 -0
- data/lib/inspec/secrets.rb +1 -0
- data/lib/inspec/secrets/yaml.rb +1 -0
- data/lib/inspec/shell.rb +20 -19
- data/lib/inspec/shell_detector.rb +1 -1
- data/lib/inspec/source_reader.rb +2 -0
- data/lib/inspec/ui.rb +1 -0
- data/lib/inspec/utils/deprecation/config_file.rb +8 -4
- data/lib/inspec/utils/erlang_parser.rb +2 -0
- data/lib/inspec/utils/file_reader.rb +1 -1
- data/lib/inspec/utils/filter.rb +16 -3
- data/lib/inspec/utils/find_files.rb +2 -2
- data/lib/inspec/utils/object_traversal.rb +1 -0
- data/lib/inspec/utils/parser.rb +2 -0
- data/lib/inspec/utils/simpleconfig.rb +4 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -0
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +4 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +12 -11
- data/lib/plugins/inspec-artifact/test/functional/inspec_artifact_test.rb +3 -3
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +15 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +4 -2
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +13 -12
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +3 -0
- data/lib/plugins/inspec-compliance/test/unit/api_test.rb +28 -28
- data/lib/plugins/inspec-compliance/test/unit/target_test.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +1 -1
- data/lib/plugins/inspec-habitat/test/unit/profile_test.rb +7 -6
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +2 -2
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +1 -0
- data/lib/plugins/inspec-init/test/functional/inspec_init_plugin_test.rb +12 -10
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +6 -5
- data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +1 -0
- data/lib/plugins/shared/core_plugin_test_helper.rb +1 -0
- data/lib/resource_support/aws/aws_resource_mixin.rb +3 -2
- data/lib/resources/aws/aws_billing_report.rb +1 -1
- data/lib/resources/aws/aws_billing_reports.rb +8 -7
- data/lib/resources/aws/aws_cloudtrail_trail.rb +1 -1
- data/lib/resources/aws/aws_cloudtrail_trails.rb +1 -0
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +4 -3
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +2 -1
- data/lib/resources/aws/aws_config_delivery_channel.rb +1 -1
- data/lib/resources/aws/aws_config_recorder.rb +2 -0
- data/lib/resources/aws/aws_ebs_volume.rb +1 -0
- data/lib/resources/aws/aws_ebs_volumes.rb +2 -0
- data/lib/resources/aws/aws_ec2_instance.rb +2 -0
- data/lib/resources/aws/aws_ec2_instances.rb +2 -0
- data/lib/resources/aws/aws_ecs_cluster.rb +2 -2
- data/lib/resources/aws/aws_eks_cluster.rb +3 -3
- data/lib/resources/aws/aws_elb.rb +2 -2
- data/lib/resources/aws/aws_elbs.rb +14 -12
- data/lib/resources/aws/aws_flow_log.rb +2 -2
- data/lib/resources/aws/aws_iam_access_key.rb +3 -1
- data/lib/resources/aws/aws_iam_access_keys.rb +18 -16
- data/lib/resources/aws/aws_iam_groups.rb +1 -0
- data/lib/resources/aws/aws_iam_password_policy.rb +9 -7
- data/lib/resources/aws/aws_iam_policies.rb +2 -1
- data/lib/resources/aws/aws_iam_policy.rb +10 -1
- data/lib/resources/aws/aws_iam_role.rb +1 -0
- data/lib/resources/aws/aws_iam_user.rb +5 -2
- data/lib/resources/aws/aws_iam_users.rb +12 -11
- data/lib/resources/aws/aws_kms_key.rb +2 -2
- data/lib/resources/aws/aws_kms_keys.rb +3 -1
- data/lib/resources/aws/aws_route_table.rb +2 -2
- data/lib/resources/aws/aws_route_tables.rb +2 -1
- data/lib/resources/aws/aws_s3_bucket.rb +5 -3
- data/lib/resources/aws/aws_s3_bucket_object.rb +3 -1
- data/lib/resources/aws/aws_s3_buckets.rb +1 -0
- data/lib/resources/aws/aws_security_group.rb +20 -9
- data/lib/resources/aws/aws_security_groups.rb +1 -0
- data/lib/resources/aws/aws_sns_subscription.rb +1 -1
- data/lib/resources/aws/aws_sns_topics.rb +2 -0
- data/lib/resources/aws/aws_subnet.rb +2 -2
- data/lib/resources/aws/aws_subnets.rb +4 -3
- data/lib/resources/aws/aws_vpc.rb +1 -1
- data/lib/resources/aws/aws_vpcs.rb +3 -2
- data/lib/resources/azure/azure_generic_resource.rb +4 -4
- data/lib/resources/azure/azure_resource_group.rb +1 -0
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +13 -12
- data/lib/source_readers/flat.rb +1 -0
- data/lib/source_readers/inspec.rb +1 -0
- metadata +2 -2
@@ -45,6 +45,7 @@ module InspecPlugins
|
|
45
45
|
def self.post_file(url, headers, file_path, insecure)
|
46
46
|
uri = _parse_url(url)
|
47
47
|
raise "Unable to parse URL: #{url}" if uri.nil? || uri.host.nil?
|
48
|
+
|
48
49
|
http = Net::HTTP.new(uri.host, uri.port)
|
49
50
|
|
50
51
|
# set connection flags
|
@@ -69,6 +70,7 @@ module InspecPlugins
|
|
69
70
|
def self.post_multipart_file(url, headers, file_path, insecure)
|
70
71
|
uri = _parse_url(url)
|
71
72
|
raise "Unable to parse URL: #{url}" if uri.nil? || uri.host.nil?
|
73
|
+
|
72
74
|
http = Net::HTTP.new(uri.host, uri.port)
|
73
75
|
|
74
76
|
# set connection flags
|
@@ -93,6 +95,7 @@ module InspecPlugins
|
|
93
95
|
opts[:verify_mode] = OpenSSL::SSL::VERIFY_NONE if insecure
|
94
96
|
|
95
97
|
raise "Unable to parse URI: #{uri}" if uri.nil? || uri.host.nil?
|
98
|
+
|
96
99
|
res = Net::HTTP.start(uri.host, uri.port, opts) do |http|
|
97
100
|
http.request(req)
|
98
101
|
end
|
@@ -292,8 +292,8 @@ describe InspecPlugins::Compliance::API do
|
|
292
292
|
good_response.stubs(:code).returns("400")
|
293
293
|
|
294
294
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
295
|
-
|
296
|
-
|
295
|
+
.with(url + automate2_endpoint, headers, insecure)
|
296
|
+
.returns(good_response)
|
297
297
|
|
298
298
|
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:automate2)
|
299
299
|
end
|
@@ -303,11 +303,11 @@ describe InspecPlugins::Compliance::API do
|
|
303
303
|
bad_response.stubs(:code).returns("404")
|
304
304
|
|
305
305
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
306
|
-
|
307
|
-
|
306
|
+
.with(url + automate2_endpoint, headers, insecure)
|
307
|
+
.returns(bad_response)
|
308
308
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
309
|
-
|
310
|
-
|
309
|
+
.with(url + automate_endpoint, headers, insecure)
|
310
|
+
.returns(good_response)
|
311
311
|
|
312
312
|
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:automate)
|
313
313
|
end
|
@@ -321,11 +321,11 @@ describe InspecPlugins::Compliance::API do
|
|
321
321
|
good_response.stubs(:body).returns("Are You Looking For the Chef Server?")
|
322
322
|
|
323
323
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
324
|
-
|
325
|
-
|
324
|
+
.with(url + automate2_endpoint, headers, insecure)
|
325
|
+
.returns(bad_response)
|
326
326
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
327
|
-
|
328
|
-
|
327
|
+
.with(url + automate_endpoint, headers, insecure)
|
328
|
+
.returns(good_response)
|
329
329
|
|
330
330
|
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:automate)
|
331
331
|
end
|
@@ -335,17 +335,17 @@ describe InspecPlugins::Compliance::API do
|
|
335
335
|
bad_response.stubs(:body).returns("No Chef Manage here")
|
336
336
|
|
337
337
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
338
|
-
|
339
|
-
|
338
|
+
.with(url + automate_endpoint, headers, insecure)
|
339
|
+
.returns(bad_response)
|
340
340
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
341
|
-
|
342
|
-
|
341
|
+
.with(url + automate2_endpoint, headers, insecure)
|
342
|
+
.returns(bad_response)
|
343
343
|
|
344
344
|
mock_compliance_response = mock
|
345
345
|
mock_compliance_response.stubs(:code).returns("404")
|
346
346
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
347
|
-
|
348
|
-
|
347
|
+
.with(url + compliance_endpoint, headers, insecure)
|
348
|
+
.returns(mock_compliance_response)
|
349
349
|
|
350
350
|
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_be_nil
|
351
351
|
end
|
@@ -355,14 +355,14 @@ describe InspecPlugins::Compliance::API do
|
|
355
355
|
bad_response.stubs(:code).returns("404")
|
356
356
|
|
357
357
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
358
|
-
|
359
|
-
|
358
|
+
.with(url + automate_endpoint, headers, insecure)
|
359
|
+
.returns(bad_response)
|
360
360
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
361
|
-
|
362
|
-
|
361
|
+
.with(url + automate2_endpoint, headers, insecure)
|
362
|
+
.returns(bad_response)
|
363
363
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
364
|
-
|
365
|
-
|
364
|
+
.with(url + compliance_endpoint, headers, insecure)
|
365
|
+
.returns(good_response)
|
366
366
|
|
367
367
|
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_equal(:compliance)
|
368
368
|
end
|
@@ -371,14 +371,14 @@ describe InspecPlugins::Compliance::API do
|
|
371
371
|
bad_response.stubs(:code).returns("404")
|
372
372
|
|
373
373
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
374
|
-
|
375
|
-
|
374
|
+
.with(url + automate2_endpoint, headers, insecure)
|
375
|
+
.returns(bad_response)
|
376
376
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
377
|
-
|
378
|
-
|
377
|
+
.with(url + automate_endpoint, headers, insecure)
|
378
|
+
.returns(bad_response)
|
379
379
|
InspecPlugins::Compliance::HTTP.expects(:get)
|
380
|
-
|
381
|
-
|
380
|
+
.with(url + compliance_endpoint, headers, insecure)
|
381
|
+
.returns(bad_response)
|
382
382
|
|
383
383
|
InspecPlugins::Compliance::API.determine_server_type(url, insecure).must_be_nil
|
384
384
|
end
|
@@ -147,7 +147,7 @@ describe InspecPlugins::Compliance::Fetcher do
|
|
147
147
|
it "contains the upstream_sha256" do
|
148
148
|
InspecPlugins::Compliance::API.stubs(:profiles).returns(["success", profiles_result])
|
149
149
|
prof = profiles_result[0]
|
150
|
-
target = "compliance://#{prof[
|
150
|
+
target = "compliance://#{prof["owner"]}/#{prof["name"]}"
|
151
151
|
fetcher = InspecPlugins::Compliance::Fetcher.resolve(target)
|
152
152
|
fetcher.upstream_sha256.must_equal prof["sha256"]
|
153
153
|
end
|
@@ -194,7 +194,7 @@ module InspecPlugins
|
|
194
194
|
FileUtils.mkdir_p(File.dirname(file))
|
195
195
|
template_path = File.join(__dir__, "../../templates/habitat", template)
|
196
196
|
contents = ERB.new(File.read(template_path))
|
197
|
-
|
197
|
+
.result(OpenStruct.new(vars).instance_eval { binding })
|
198
198
|
File.write(file, contents)
|
199
199
|
end
|
200
200
|
|
@@ -116,8 +116,8 @@ class InspecPlugins::Habitat::ProfileTest < Minitest::Test
|
|
116
116
|
def test_duplicate_profile
|
117
117
|
current_profile = @test_profile
|
118
118
|
duplicated_profile = @hab_profile.send(:duplicate_profile,
|
119
|
-
|
120
|
-
|
119
|
+
@test_profile_path,
|
120
|
+
@tmpdir)
|
121
121
|
assert duplicated_profile.is_a?(Inspec::Profile)
|
122
122
|
assert duplicated_profile.sha256 == current_profile.sha256.to_s
|
123
123
|
refute_same duplicated_profile.root_path, current_profile.root_path
|
@@ -130,8 +130,8 @@ class InspecPlugins::Habitat::ProfileTest < Minitest::Test
|
|
130
130
|
|
131
131
|
def test_copy_profile_to_working_dir
|
132
132
|
duplicated_profile = @hab_profile.send(:duplicate_profile,
|
133
|
-
|
134
|
-
|
133
|
+
@test_profile_path,
|
134
|
+
@tmpdir)
|
135
135
|
|
136
136
|
dst = File.join(@tmpdir, "working_dir")
|
137
137
|
FileUtils.mkdir_p(dst)
|
@@ -145,6 +145,7 @@ class InspecPlugins::Habitat::ProfileTest < Minitest::Test
|
|
145
145
|
|
146
146
|
actual_files = Dir.glob(File.join(dst, "**/*")).map do |path|
|
147
147
|
next unless File.file?(path)
|
148
|
+
|
148
149
|
File.basename(path)
|
149
150
|
end.compact
|
150
151
|
|
@@ -175,7 +176,7 @@ class InspecPlugins::Habitat::ProfileTest < Minitest::Test
|
|
175
176
|
|
176
177
|
Inspec::ProfileVendor.stub :new, mock do
|
177
178
|
new_profile = @hab_profile.send(:vendor_profile_dependencies!,
|
178
|
-
|
179
|
+
@test_profile)
|
179
180
|
assert new_profile.is_a?(Inspec::Profile)
|
180
181
|
end
|
181
182
|
end
|
@@ -191,7 +192,7 @@ class InspecPlugins::Habitat::ProfileTest < Minitest::Test
|
|
191
192
|
|
192
193
|
Inspec::ProfileVendor.stub :new, mock do
|
193
194
|
new_profile = @hab_profile.send(:vendor_profile_dependencies!,
|
194
|
-
|
195
|
+
@test_profile)
|
195
196
|
assert new_profile.is_a?(Inspec::Profile)
|
196
197
|
end
|
197
198
|
mock.verify
|
@@ -21,12 +21,12 @@ module InspecPlugins
|
|
21
21
|
|
22
22
|
desc "profile [OPTIONS] NAME", "Generate a new profile"
|
23
23
|
option :platform, default: "os", type: :string, aliases: [:p],
|
24
|
-
desc: "Which platform to generate a profile for: choose from #{valid_profile_platforms.join(
|
24
|
+
desc: "Which platform to generate a profile for: choose from #{valid_profile_platforms.join(", ")}"
|
25
25
|
option :overwrite, type: :boolean, default: false,
|
26
26
|
desc: "Overwrites existing directory"
|
27
27
|
def profile(new_profile_name)
|
28
28
|
unless valid_profile_platforms.include?(options[:platform])
|
29
|
-
ui.error "Unable to generate profile: No template available for platform '#{options[:platform]}' (expected one of: #{valid_profile_platforms.join(
|
29
|
+
ui.error "Unable to generate profile: No template available for platform '#{options[:platform]}' (expected one of: #{valid_profile_platforms.join(", ")})"
|
30
30
|
ui.exit(:usage_error)
|
31
31
|
end
|
32
32
|
template_path = File.join("profiles", options[:platform])
|
@@ -54,6 +54,7 @@ module InspecPlugins
|
|
54
54
|
Dir.glob(template_glob) do |source_file|
|
55
55
|
relative_destination_item_path = Pathname.new(source_file).relative_path_from(Pathname.new(source_dir)).to_s
|
56
56
|
next if skip_files.include? relative_destination_item_path
|
57
|
+
|
57
58
|
relative_destination_item_path = file_rename_map[relative_destination_item_path] || relative_destination_item_path
|
58
59
|
full_destination_item_path = Pathname.new(full_destination_path).join(relative_destination_item_path)
|
59
60
|
if File.directory?(source_file)
|
@@ -35,7 +35,7 @@ class InitPluginCli < Minitest::Test
|
|
35
35
|
# Each file must exist, and its contents must match each of the regexen given.
|
36
36
|
{
|
37
37
|
File.join(plugin, "README.md") => [
|
38
|
-
/#{plugin}
|
38
|
+
/#{plugin}/,
|
39
39
|
],
|
40
40
|
File.join(plugin, "LICENSE") => [
|
41
41
|
/(?!opyright)/, # No copyright by default
|
@@ -44,7 +44,7 @@ class InitPluginCli < Minitest::Test
|
|
44
44
|
File.join(plugin, "Gemfile") => [], # No interpolation
|
45
45
|
File.join(plugin, "Rakefile") => [], # No interpolation
|
46
46
|
File.join(plugin, plugin + ".gemspec") => [
|
47
|
-
|
47
|
+
%r{require '#{plugin}/version'},
|
48
48
|
/spec\.name\s+=\s+'#{plugin}'/,
|
49
49
|
/spec\.version\s+=\s+InspecPlugins::#{module_name}::VERSION/,
|
50
50
|
/README\.md\s+#{snake_case}\.gemspec\s+Gemfile/,
|
@@ -52,20 +52,20 @@ class InitPluginCli < Minitest::Test
|
|
52
52
|
/spec\.email\s+=\s+\['you@example\.com'\]/,
|
53
53
|
/spec\.summary\s+=\s+'A plugin with a default summary'/,
|
54
54
|
/spec\.description\s+=\s+''/,
|
55
|
-
|
55
|
+
%r{spec\.homepage\s+=\s+'https://github.com/you/#{plugin}'},
|
56
56
|
/spec\.license\s+=\s+'Apache-2\.0'/,
|
57
57
|
],
|
58
58
|
File.join(plugin, "lib", plugin + ".rb") => [
|
59
|
-
|
59
|
+
%r{require\s'#{plugin}/plugin'},
|
60
60
|
],
|
61
61
|
File.join(plugin, "lib", plugin, "plugin.rb") => [
|
62
|
-
|
62
|
+
%r{require\s'#{plugin}/version'},
|
63
63
|
/\#\s#{plugin}\s=>\s#{module_name}/,
|
64
64
|
/module\s#{module_name}/,
|
65
65
|
/plugin_name\s+:'#{plugin}'/,
|
66
66
|
# Default assumes one cli hook
|
67
67
|
/cli_command :my_command/,
|
68
|
-
|
68
|
+
%r{require\s'#{plugin}/cli_command'},
|
69
69
|
/InspecPlugins::#{module_name}::CliCommand/,
|
70
70
|
],
|
71
71
|
File.join(plugin, "lib", plugin, "version.rb") => [
|
@@ -78,7 +78,7 @@ class InitPluginCli < Minitest::Test
|
|
78
78
|
/\#\sas\s`inspec\smy-command\sdo-something/,
|
79
79
|
/\#\sin\s`inspec\shelp\smy-command`/,
|
80
80
|
/\#\sruns\s`inspec\smy-command\sdo-something`./,
|
81
|
-
|
81
|
+
%r{Edit\slib/#{plugin}/cli_command\.rb\sto\smake\sit\sdo},
|
82
82
|
],
|
83
83
|
File.join(plugin, "test", "helper.rb") => [], # No interpolation
|
84
84
|
File.join(plugin, "test", "functional", "README.md") => [], # No interpolation
|
@@ -86,12 +86,12 @@ class InitPluginCli < Minitest::Test
|
|
86
86
|
# Whatever goes here
|
87
87
|
],
|
88
88
|
File.join(plugin, "test", "unit", "plugin_def_test.rb") => [
|
89
|
-
|
89
|
+
%r{require\s'#{plugin}/plugin'},
|
90
90
|
/describe InspecPlugins::#{module_name}::Plugin\sdo/,
|
91
91
|
/let\(:plugin_name\) \{ \:'#{plugin}\' \}/,
|
92
92
|
],
|
93
93
|
File.join(plugin, "test", "unit", "cli_args_test.rb") => [
|
94
|
-
|
94
|
+
%r{require '#{plugin}/cli_command'},
|
95
95
|
/describe InspecPlugins::#{module_name}::CliCommand do/,
|
96
96
|
/let\(\:cli_class\) \{ InspecPlugins::#{module_name}::CliCommand \}/,
|
97
97
|
],
|
@@ -102,6 +102,7 @@ class InitPluginCli < Minitest::Test
|
|
102
102
|
full_path = File.join(dir, path)
|
103
103
|
assert(File.exist?(full_path), "#{path} should have been generated")
|
104
104
|
next if regexen.empty?
|
105
|
+
|
105
106
|
contents = File.read(full_path)
|
106
107
|
regexen.each do |re|
|
107
108
|
assert_match re, contents, "#{path} should match #{re}"
|
@@ -148,7 +149,7 @@ class InitPluginCli < Minitest::Test
|
|
148
149
|
/spec\.email\s+=\s+\['bob@example\.com'\]/,
|
149
150
|
/spec\.summary\s+=\s+'A fantastic plugin'/,
|
150
151
|
/spec\.description\s+=\s+'That you will really like'/,
|
151
|
-
|
152
|
+
%r{spec\.homepage\s+=\s+'http://example.com'},
|
152
153
|
/spec\.license\s+=\s+'BSD-3-Clause'/,
|
153
154
|
],
|
154
155
|
File.join(plugin, "lib", plugin + ".rb") => [],
|
@@ -163,6 +164,7 @@ class InitPluginCli < Minitest::Test
|
|
163
164
|
full_path = File.join(dir, path)
|
164
165
|
assert(File.exist?(full_path), "#{path} should have been generated")
|
165
166
|
next if regexen.empty?
|
167
|
+
|
166
168
|
contents = File.read(full_path)
|
167
169
|
regexen.each do |re|
|
168
170
|
assert_match re, contents, "#{path} should match #{re}"
|
@@ -20,7 +20,7 @@ module InspecPlugins
|
|
20
20
|
option :all, desc: "Include plugins shipped with #{PRODUCT_NAME} as well.", type: :boolean, aliases: [:a]
|
21
21
|
def list
|
22
22
|
plugin_statuses = Inspec::Plugin::V2::Registry.instance.plugin_statuses
|
23
|
-
plugin_statuses.reject! { |s|
|
23
|
+
plugin_statuses.reject! { |s| %i{core bundle}.include?(s.installation_type) } unless options[:all]
|
24
24
|
|
25
25
|
# TODO: ui object support
|
26
26
|
puts
|
@@ -353,7 +353,7 @@ module InspecPlugins
|
|
353
353
|
puts(red { "Plugin already installed at latest version" } + " - plugin #{plugin_name} #{requested_version} - refusing to install.")
|
354
354
|
else
|
355
355
|
# There are existing versions installed, but none of them are what was requested
|
356
|
-
puts(red { "Update required" } + " - plugin #{plugin_name}, requested #{requested_version}, have #{pre_installed_versions.join(
|
356
|
+
puts(red { "Update required" } + " - plugin #{plugin_name}, requested #{requested_version}, have #{pre_installed_versions.join(", ")}; use `inspec plugin update` - refusing to install.")
|
357
357
|
end
|
358
358
|
|
359
359
|
exit 2
|
@@ -370,6 +370,7 @@ module InspecPlugins
|
|
370
370
|
exit 2
|
371
371
|
rescue Inspec::Plugin::V2::InstallError
|
372
372
|
raise if Inspec::Log.level == :debug
|
373
|
+
|
373
374
|
results = installer.search(plugin_name, exact: true)
|
374
375
|
if results.empty?
|
375
376
|
puts(red { "No such plugin gem " } + plugin_name + " could be found on rubygems.org - installation failed.")
|
@@ -433,9 +434,9 @@ module InspecPlugins
|
|
433
434
|
# TODO: this is naive, and assumes the latest version is the one that will be used. Logged on #3317
|
434
435
|
# In fact, the logic to determine "what version would be used" belongs in the Loader.
|
435
436
|
Inspec::Plugin::V2::Loader.list_installed_plugin_gems
|
436
|
-
|
437
|
-
|
438
|
-
|
437
|
+
.select { |spec| spec.name == status.name.to_s }
|
438
|
+
.sort_by(&:version)
|
439
|
+
.last.version
|
439
440
|
when :path
|
440
441
|
"src"
|
441
442
|
end
|
@@ -126,6 +126,7 @@ module CorePluginFunctionalHelper
|
|
126
126
|
plugin_name = project_dir.basename
|
127
127
|
entry_point = File.join(project_dir.to_s, "lib", plugin_name.to_s + ".rb")
|
128
128
|
raise "Could not find plugin entry point" unless File.exist?(entry_point)
|
129
|
+
|
129
130
|
entry_point
|
130
131
|
end
|
131
132
|
|
@@ -1,7 +1,7 @@
|
|
1
1
|
module AwsResourceMixin
|
2
2
|
def initialize(resource_params = {})
|
3
3
|
Inspec.deprecate(:aws_resources_in_resource_pack,
|
4
|
-
|
4
|
+
"Resource '#{@__resource_name__ ||= self.class.to_s}'")
|
5
5
|
validate_params(resource_params).each do |param, value|
|
6
6
|
instance_variable_set(:"@#{param}", value)
|
7
7
|
end
|
@@ -11,6 +11,7 @@ module AwsResourceMixin
|
|
11
11
|
rescue ArgumentError => e
|
12
12
|
# continue with ArgumentError if testing
|
13
13
|
raise unless respond_to?(:inspec)
|
14
|
+
|
14
15
|
raise Inspec::Exceptions::ResourceFailed, e.message
|
15
16
|
end
|
16
17
|
|
@@ -39,7 +40,7 @@ module AwsResourceMixin
|
|
39
40
|
|
40
41
|
# Any leftovers are unwelcome
|
41
42
|
unless raw_params.empty?
|
42
|
-
raise ArgumentError, "Unrecognized resource param '#{raw_params.keys.first}'. Expected parameters: #{allowed_params.join(
|
43
|
+
raise ArgumentError, "Unrecognized resource param '#{raw_params.keys.first}'. Expected parameters: #{allowed_params.join(", ")}"
|
43
44
|
end
|
44
45
|
|
45
46
|
recognized_params
|
@@ -23,7 +23,7 @@ class AwsBillingReport < Inspec.resource(1)
|
|
23
23
|
include AwsSingularResourceMixin
|
24
24
|
|
25
25
|
attr_reader :report_name, :time_unit, :format, :compression, :s3_bucket,
|
26
|
-
|
26
|
+
:s3_prefix, :s3_region
|
27
27
|
|
28
28
|
def to_s
|
29
29
|
"AWS Billing Report #{report_name}"
|
@@ -24,19 +24,20 @@ class AwsBillingReports < Inspec.resource(1)
|
|
24
24
|
|
25
25
|
filtertable = FilterTable.create
|
26
26
|
filtertable.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
27
|
+
.register_column(:report_names, field: :report_name)
|
28
|
+
.register_column(:time_units, field: :time_unit, style: :simple)
|
29
|
+
.register_column(:formats, field: :format, style: :simple)
|
30
|
+
.register_column(:compressions, field: :compression, style: :simple)
|
31
|
+
.register_column(:s3_buckets, field: :s3_bucket, style: :simple)
|
32
|
+
.register_column(:s3_prefixes, field: :s3_prefix, style: :simple)
|
33
|
+
.register_column(:s3_regions, field: :s3_region, style: :simple)
|
34
34
|
filtertable.install_filter_methods_on_resource(self, :table)
|
35
35
|
|
36
36
|
def validate_params(resource_params)
|
37
37
|
unless resource_params.empty?
|
38
38
|
raise ArgumentError, "aws_billing_reports does not accept resource parameters."
|
39
39
|
end
|
40
|
+
|
40
41
|
resource_params
|
41
42
|
end
|
42
43
|
|
@@ -15,7 +15,7 @@ class AwsCloudTrailTrail < Inspec.resource(1)
|
|
15
15
|
|
16
16
|
include AwsSingularResourceMixin
|
17
17
|
attr_reader :cloud_watch_logs_log_group_arn, :cloud_watch_logs_role_arn, :home_region,
|
18
|
-
|
18
|
+
:kms_key_id, :s3_bucket_name, :trail_arn
|
19
19
|
|
20
20
|
def to_s
|
21
21
|
"CloudTrail #{@trail_name}"
|