inspec 0.24.0 → 0.25.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cdee2bef2b5cae85b1427243ae5013641ec00de9
-  data.tar.gz: ff0b32c16345ee013475a10254c52afc1780e49e
+  metadata.gz: ee0308ac7f5c85399e7ad0a3854ff85bbc94d765
+  data.tar.gz: 85d09ad742b7744f075b8aa8326192d6fc09cc35
 SHA512:
-  metadata.gz: 0e54f5100590735780ec9815a570f7171c3297a2747c9dbd7c40d7c8fe099acd36000ee74cd05e1269ea4ebb2b06276dc46f0c551547da2a3060b7aa861d7cb3
-  data.tar.gz: eb40755a53b7e4f9d5fa264b92a778829833835ca77d81a8ba91b59fb0b057f6a7981a47ab87336832bed17b691c2b13d70594a83c83d08a83f1b1770ed75716
+  metadata.gz: db34bc62e3bb9789ed7974617814a5249ff4ebc0175e70275b87b398bc2ffc47c63ac665d6ee1ac34059c4041c7a0dc57c1a57b1913a9e2e4893d34ecaf0cad4
+  data.tar.gz: d7490e64740e145aa8fafeb1d821988d841c7d05542ba1fa73a57f88f171b5bf349c961140c04804344b9edaeecfa5e08609e2b50b033d4e794df6fdf8ba28b0

data/CHANGELOG.md

@@ -1,7 +1,19 @@
 # Change Log
 
-## [0.24.0](https://github.com/chef/inspec/tree/0.24.0) (2016-06-03)
-[Full Changelog](https://github.com/chef/inspec/compare/v0.23...0.24.0)
+## [0.25.0](https://github.com/chef/inspec/tree/0.25.0) (2016-06-14)
+[Full Changelog](https://github.com/chef/inspec/compare/v0.24.0...0.25.0)
+
+**Closed issues:**
+
+- Why mode matcher doesn't work on a file resource [\#781](https://github.com/chef/inspec/issues/781)
+
+**Merged pull requests:**
+
+- Update readme with Annie's Tutorial Day 5 [\#785](https://github.com/chef/inspec/pull/785) ([anniehedgpeth](https://github.com/anniehedgpeth))
+- Feature: Implementation of RFC Attributes [\#723](https://github.com/chef/inspec/pull/723) ([chris-rock](https://github.com/chris-rock))
+
+## [v0.24.0](https://github.com/chef/inspec/tree/v0.24.0) (2016-06-03)
+[Full Changelog](https://github.com/chef/inspec/compare/v0.23...v0.24.0)
 
 **Implemented enhancements:**
 

data/README.md

@@ -222,6 +222,7 @@ Blogs:
  * [InSpec Tutorial: Day 2 - Command Resource Blog Logo](http://www.anniehedgie.com/inspec-basics-2)
  * [InSpec Tutorial: Day 3 - File Resource](http://www.anniehedgie.com/inspec-basics-3)
  * [InSpec Tutorial: Day 4 - Custom Matchers](http://www.anniehedgie.com/inspec-basics-4)
+ * [InSpec Tutorial: Day 5 - Creating a Profile](http://www.anniehedgie.com/inspec-basics-5)
  * [Windows infrastructure testing using InSpec – Part I](http://datatomix.com/?p=236)
  * [Windows infrastructure testing using InSpec and Profiles – Part II](http://datatomix.com/?p=238)
  * [Testing Ansible with Inspec](http://scienceofficersblog.blogspot.de/2016/02/testing-ansible-with-inspec.html)

data/examples/profile-attribute.yml

@@ -0,0 +1,2 @@
+user: bob
+password: secret

data/examples/profile-attribute/README.md

@@ -0,0 +1,14 @@
+# Example InSpec Profile with Attributes
+
+This profile uses InSpec attributes to parameterize a profile.
+
+## Usage
+
+```
+$ inspec exec examples/profile-attribute --attrs examples/profile-attribute.yml
+....
+
+Finished in 0.00178 seconds (files took 0.48529 seconds to load)
+4 examples, 0 failures
+
+```

data/examples/profile-attribute/controls/example.rb

@@ -0,0 +1,11 @@
+# encoding: utf-8
+val_user = attribute('user', default: 'alice', description: 'An identification for the user')
+val_password = attribute('password', description: 'A value for the password')
+
+describe val_user do
+  it { should eq 'bob' }
+end
+
+describe val_password do
+  it { should eq 'secret' }
+end

data/examples/profile-attribute/inspec.yml

@@ -0,0 +1,8 @@
+name: profile-attribute
+title: InSpec Profile
+maintainer: The Authors
+copyright: The Authors
+copyright_email: you@example.com
+license: All Rights Reserved
+summary: An InSpec Compliance Profile
+version: 0.1.0

data/lib/inspec/cli.rb

@@ -108,7 +108,10 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
   exec_options
   def exec(*targets)
     diagnose
-    run_tests(targets, opts)
+    o = opts.dup
+
+    # run tests
+    run_tests(targets, o)
   end
 
   desc 'detect', 'detect the target OS'

data/lib/inspec/objects.rb

@@ -1,6 +1,7 @@
 # encoding: utf-8
 
 module Inspec
+  autoload :Attribute, 'inspec/objects/attribute'
   autoload :Control, 'inspec/objects/control'
   autoload :EachLoop, 'inspec/objects/each_loop'
   autoload :List, 'inspec/objects/list'

data/lib/inspec/objects/attribute.rb

@@ -0,0 +1,35 @@
+# encoding:utf-8
+
+module Inspec
+  class Attribute
+    attr_accessor :name
+    def initialize(name, options)
+      @name = name
+      @opts = options
+      @value = nil
+    end
+
+    # implicit call is done by inspec to determine the value of an attribute
+    def value(newvalue = nil)
+      unless newvalue.nil?
+        @value = newvalue
+      end
+      @value || default
+    end
+
+    def default
+      @opts[:default]
+    end
+
+    def to_hash
+      {
+        name: @name,
+        options: @opts,
+      }
+    end
+
+    def to_s
+      "Attribute #{@name} with #{@value}"
+    end
+  end
+end

data/lib/inspec/plugins.rb

@@ -11,6 +11,7 @@ module Inspec
     autoload :CLI, 'inspec/plugins/cli'
     autoload :Fetcher, 'inspec/plugins/fetcher'
     autoload :SourceReader, 'inspec/plugins/source_reader'
+    autoload :Secret, 'inspec/plugins/secret'
   end
 
   # PLEASE NOTE: The Plugin system is an internal mechanism for connecting

data/lib/inspec/plugins/secret.rb

@@ -0,0 +1,15 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+require 'utils/plugin_registry'
+
+module Inspec
+  module Plugins
+    class Secret < PluginRegistry::Plugin
+      def self.plugin_registry
+        Inspec::SecretsBackend
+      end
+    end
+  end
+end

data/lib/inspec/profile.rb

@@ -57,6 +57,7 @@ module Inspec
 
     def info
       res = params.dup
+      # add information about the controls
       controls = res[:controls].map do |id, rule|
         next if id.to_s.empty?
         data = rule.dup
@@ -67,6 +68,9 @@ module Inspec
         [id, data]
       end
       res[:controls] = Hash[controls.compact]
+
+      # add information about the required attributes
+      res[:attributes] = res[:attributes].map(&:to_hash) unless res[:attributes].nil? || res[:attributes].empty?
       res
     end
 
@@ -248,13 +252,16 @@ module Inspec
           f = load_rule_filepath(prefix, rule)
           load_rule(rule, f, controls, groups)
         end
+        params[:attributes] = runner.attributes
       else
         # load from context
         @runner_context.rules.values.each do |rule|
           f = load_rule_filepath(prefix, rule)
           load_rule(rule, f, controls, groups)
         end
+        params[:attributes] = @runner_context.attributes
       end
+      params
     end
 
     def load_rule_filepath(prefix, rule)

data/lib/inspec/profile_context.rb

@@ -6,10 +6,12 @@ require 'inspec/rule'
 require 'inspec/dsl'
 require 'inspec/require_loader'
 require 'securerandom'
+require 'inspec/objects/attribute'
 
 module Inspec
   class ProfileContext # rubocop:disable Metrics/ClassLength
     attr_reader :rules
+    attr_reader :attributes
     def initialize(profile_id, backend, conf)
       if backend.nil?
         fail 'ProfileContext is initiated with a backend == nil. ' \
@@ -21,7 +23,7 @@ module Inspec
       @conf = conf.dup
       @rules = {}
       @require_loader = ::Inspec::RequireLoader.new
-
+      @attributes = []
       reload_dsl
     end
 
@@ -84,6 +86,15 @@ module Inspec
       end
     end
 
+    def register_attribute(name, options = {})
+      # we need to return an attribute object, to allow dermination of default values
+      attr = Attribute.new(name, options)
+      # read value from given gived values
+      attr.value(@conf['attributes'][attr.name]) unless @conf['attributes'].nil?
+      @attributes.push(attr)
+      attr.value
+    end
+
     def set_header(field, val)
       @current_load[field] = val
     end
@@ -180,9 +191,9 @@ module Inspec
           profile_context_owner.register_rule(control, &block) unless control.nil?
         end
 
-        # TODO: mock method for attributes; import attribute handling
-        define_method :attributes do |_name, _options|
-          nil
+        # method for attributes; import attribute handling
+        define_method :attribute do |name, options|
+          profile_context_owner.register_attribute(name, options)
         end
 
         define_method :skip_control do |id|

data/lib/inspec/runner.rb

@@ -10,12 +10,13 @@ require 'inspec/backend'
 require 'inspec/profile_context'
 require 'inspec/profile'
 require 'inspec/metadata'
+require 'inspec/secrets'
 # spec requirements
 
 module Inspec
   class Runner # rubocop:disable Metrics/ClassLength
     extend Forwardable
-    attr_reader :backend, :rules
+    attr_reader :backend, :rules, :attributes
     def initialize(conf = {})
       @rules = {}
       @conf = conf.dup
@@ -26,6 +27,10 @@ module Inspec
         RunnerRspec.new(@conf)
       end
 
+      # list of profile attributes
+      @attributes = []
+
+      load_attributes(@conf)
       configure_transport
     end
 
@@ -45,6 +50,21 @@ module Inspec
       @backend = Inspec::Backend.create(@conf)
     end
 
+    # determine all attributes before the execution, fetch data from secrets backend
+    def load_attributes(options)
+      attributes = {}
+      # read endpoints for secrets eg. yml file
+      secrets_targets = options['attrs']
+      unless secrets_targets.nil?
+        secrets_targets.each do |target|
+          secrets = Inspec::SecretsBackend.resolve(target)
+          # merge hash values
+          attributes = attributes.merge(secrets.attributes) unless secrets.nil? || secrets.attributes.nil?
+        end
+      end
+      options['attributes'] = attributes
+    end
+
     def add_target(target, options = {})
       profile = Inspec::Profile.for_target(target, options)
       fail "Could not resolve #{target} to valid input." if profile.nil?
@@ -110,6 +130,9 @@ module Inspec
       tests = [tests] unless tests.is_a? Array
       tests.each { |t| add_test_to_context(t, ctx) }
 
+      # merge all collect all attributes
+      @attributes |= ctx.attributes
+
       # process the resulting rules
       filter_controls(ctx.rules, options[:controls]).each do |rule_id, rule|
         register_rule(rule_id, rule)

data/lib/inspec/secrets.rb

@@ -0,0 +1,19 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'inspec/plugins'
+require 'utils/plugin_registry'
+
+module Inspec
+  SecretsBackend = PluginRegistry.new
+
+  def self.secrets(version)
+    if version != 1
+      fail 'Only secrets version 1 is supported!'
+    end
+    Inspec::Plugins::Secret
+  end
+end
+
+require 'inspec/secrets/yaml'

data/lib/inspec/secrets/yaml.rb

@@ -0,0 +1,23 @@
+# encoding: utf-8
+
+require 'yaml'
+
+module Secrets
+  class YAML < Inspec.secrets(1)
+    name 'yaml'
+
+    attr_reader :attributes
+
+    def self.resolve(target)
+      unless target.is_a?(String) && File.file?(target) && target.end_with?('.yml')
+        return nil
+      end
+      new(target)
+    end
+
+    # array of yaml file paths
+    def initialize(target)
+      @attributes = ::YAML.load_file(target)
+    end
+  end
+end

data/lib/inspec/version.rb

@@ -3,5 +3,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '0.24.0'.freeze
+  VERSION = '0.25.0'.freeze
 end

data/lib/utils/base_cli.rb

@@ -55,6 +55,8 @@ module Inspec
         desc: 'Which formatter to use: progress, documentation, json'
       option :color, type: :boolean, default: true,
         desc: 'Use colors in output.'
+      option :attrs, type: :array,
+        desc: 'Load attributes file (experimental)'
     end
 
     private

data/test/functional/inspec_exec_json_test.rb

@@ -39,7 +39,6 @@ describe 'inspec exec with json formatter' do
       actual = profile.dup
       key = actual.delete('controls').keys
                   .find { |x| x =~ /generated from example.rb/ }
-
       actual.must_equal({
         "name" => "profile",
         "title" => "InSpec Example Profile",
@@ -55,6 +54,7 @@ describe 'inspec exec with json formatter' do
           "controls/example.rb" => {"title"=>"/tmp profile", "controls"=>["tmp-1.0", key]},
           "controls/gordon.rb" => {"title"=>"Gordon Config Checks", "controls"=>["gordon-1.0"]},
         },
+        "attributes" => []
       })
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 0.24.0
+  version: 0.25.0
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-06-03 00:00:00.000000000 Z
+date: 2016-06-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: r-train
@@ -220,6 +220,10 @@ files:
 - examples/kitchen-puppet/manifests/site.pp
 - examples/kitchen-puppet/metadata.json
 - examples/kitchen-puppet/test/integration/default/web_spec.rb
+- examples/profile-attribute.yml
+- examples/profile-attribute/README.md
+- examples/profile-attribute/controls/example.rb
+- examples/profile-attribute/inspec.yml
 - examples/profile/README.md
 - examples/profile/controls/example.rb
 - examples/profile/controls/gordon.rb
@@ -267,6 +271,7 @@ files:
 - lib/inspec/log.rb
 - lib/inspec/metadata.rb
 - lib/inspec/objects.rb
+- lib/inspec/objects/attribute.rb
 - lib/inspec/objects/control.rb
 - lib/inspec/objects/each_loop.rb
 - lib/inspec/objects/list.rb
@@ -278,6 +283,7 @@ files:
 - lib/inspec/plugins/cli.rb
 - lib/inspec/plugins/fetcher.rb
 - lib/inspec/plugins/resource.rb
+- lib/inspec/plugins/secret.rb
 - lib/inspec/plugins/source_reader.rb
 - lib/inspec/polyfill.rb
 - lib/inspec/profile.rb
@@ -289,6 +295,8 @@ files:
 - lib/inspec/runner.rb
 - lib/inspec/runner_mock.rb
 - lib/inspec/runner_rspec.rb
+- lib/inspec/secrets.rb
+- lib/inspec/secrets/yaml.rb
 - lib/inspec/shell.rb
 - lib/inspec/source_reader.rb
 - lib/inspec/version.rb
@@ -360,7 +368,6 @@ files:
 - lib/utils/filter_array.rb
 - lib/utils/find_files.rb
 - lib/utils/hash.rb
-- lib/utils/hash_map.rb
 - lib/utils/json_log.rb
 - lib/utils/modulator.rb
 - lib/utils/object_traversal.rb
@@ -557,8 +564,6 @@ files:
 - test/unit/mock/profiles/library/inspec.yml
 - test/unit/mock/profiles/library/libraries/gordonlib.rb
 - test/unit/mock/profiles/library/libraries/testlib.rb
-- test/unit/mock/profiles/resource-tiny/inspec.yml
-- test/unit/mock/profiles/resource-tiny/libraries/resource.rb
 - test/unit/mock/profiles/simple-metadata/inspec.yml
 - test/unit/mock/profiles/skippy-profile-os/controls/one.rb
 - test/unit/mock/profiles/skippy-profile-os/inspec.yml
@@ -647,7 +652,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 2.4.6
 signing_key: 
 specification_version: 4
 summary: Infrastructure and compliance testing.
@@ -841,8 +846,6 @@ test_files:
 - test/unit/mock/profiles/library/inspec.yml
 - test/unit/mock/profiles/library/libraries/gordonlib.rb
 - test/unit/mock/profiles/library/libraries/testlib.rb
-- test/unit/mock/profiles/resource-tiny/inspec.yml
-- test/unit/mock/profiles/resource-tiny/libraries/resource.rb
 - test/unit/mock/profiles/simple-metadata/inspec.yml
 - test/unit/mock/profiles/skippy-profile-os/controls/one.rb
 - test/unit/mock/profiles/skippy-profile-os/inspec.yml

data/lib/utils/hash_map.rb

@@ -1,37 +0,0 @@
-# encoding: utf-8
-# author: Dominik Richter
-# author: Christoph Hartmann
-
-class HashMap
-  class << self
-    def [](hash, *keys)
-      return hash if keys.empty? || hash.nil?
-      key = keys.shift
-      if hash.is_a?(Array)
-        map = hash.map { |i| [i, key] }
-      else
-        map = hash[key]
-      end
-      [map, *keys]
-    rescue NoMethodError => _
-      nil
-    end
-  end
-end
-
-class StringMap
-  class << self
-    def [](hash, *keys)
-      return hash if keys.empty? || hash.nil?
-      key = keys.shift
-      if hash.is_a?(Array)
-        map = hash.map { |i| [i, key] }
-      else
-        map = hash[key]
-      end
-      [map, *keys]
-    rescue NoMethodError => _
-      nil
-    end
-  end
-end

data/test/unit/mock/profiles/resource-tiny/inspec.yml

@@ -1,10 +0,0 @@
-name: complete
-title: complete example profile
-maintainer: Chef Software, Inc.
-copyright: Chef Software, Inc.
-copyright_email: support@chef.io
-license: Proprietary, All rights reserved
-summary: Testing stub
-version: 1.0.0
-supports:
-- os-family: linux

data/test/unit/mock/profiles/resource-tiny/libraries/resource.rb

@@ -1,3 +0,0 @@
-class Tiny < Inspec.resource(1)
-  name 'tiny'
-end