inspec 0.31.0 → 0.32.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +56 -2
- data/Gemfile +6 -2
- data/MAINTAINERS.md +3 -1
- data/MAINTAINERS.toml +1 -1
- data/README.md +20 -1
- data/Rakefile +8 -0
- data/docs/cli.rst +18 -2
- data/docs/resources.rst +55 -3
- data/inspec.gemspec +2 -2
- data/lib/bundles/inspec-supermarket/api.rb +1 -0
- data/lib/fetchers/local.rb +12 -1
- data/lib/fetchers/tar.rb +4 -0
- data/lib/fetchers/url.rb +4 -0
- data/lib/inspec/base_cli.rb +17 -0
- data/lib/inspec/cli.rb +33 -12
- data/lib/inspec/dependencies/dependency_set.rb +50 -5
- data/lib/inspec/dependencies/lockfile.rb +94 -0
- data/lib/inspec/dependencies/requirement.rb +93 -53
- data/lib/inspec/dependencies/resolver.rb +53 -170
- data/lib/inspec/dependencies/vendor_index.rb +11 -4
- data/lib/inspec/dsl.rb +23 -15
- data/lib/inspec/errors.rb +1 -7
- data/lib/inspec/log.rb +2 -25
- data/lib/inspec/profile.rb +68 -28
- data/lib/inspec/profile_context.rb +28 -5
- data/lib/inspec/rspec_json_formatter.rb +48 -25
- data/lib/inspec/rule.rb +7 -0
- data/lib/inspec/runner.rb +26 -15
- data/lib/inspec/runner_rspec.rb +2 -6
- data/lib/inspec/shell.rb +35 -26
- data/lib/inspec/version.rb +2 -1
- data/lib/resources/host.rb +13 -6
- data/lib/resources/iis_site.rb +1 -0
- data/lib/resources/os.rb +1 -1
- data/lib/resources/package.rb +22 -6
- data/lib/resources/port.rb +1 -11
- data/lib/resources/service.rb +9 -0
- data/lib/resources/user.rb +8 -8
- metadata +14 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0d4137116907e9d6bee7f88e2a1ec7c16372ee1c
|
4
|
+
data.tar.gz: 0c88924d165b05a9765a940197c3b3e779ba09f1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e1016672adc6e043a2896ff1e78304f244d8f9ca7af64f8d85164e19c938916e0792df984f6c26d63d364ee03da385078d045235d42d4900704c19bec465bd25
|
7
|
+
data.tar.gz: 894d6fd605277f8608296b3ff0afc2f9510e8e4a6b57dde9ed5cf740d4adaf3114e89a2efd54c734792382036b1a32417bb5bb496c126fe61a47a3e88d87ea18
|
data/CHANGELOG.md
CHANGED
@@ -1,7 +1,61 @@
|
|
1
1
|
# Change Log
|
2
2
|
|
3
|
-
## [0.
|
4
|
-
[Full Changelog](https://github.com/chef/inspec/compare/v0.
|
3
|
+
## [0.32.0](https://github.com/chef/inspec/tree/0.32.0) (2016-08-26)
|
4
|
+
[Full Changelog](https://github.com/chef/inspec/compare/v0.31.0...0.32.0)
|
5
|
+
|
6
|
+
**Implemented enhancements:**
|
7
|
+
|
8
|
+
- Provide SSL InSpec with full demo [\#903](https://github.com/chef/inspec/issues/903)
|
9
|
+
- improve package resource on windows [\#86](https://github.com/chef/inspec/issues/86)
|
10
|
+
- can check windows service startup mode now [\#968](https://github.com/chef/inspec/pull/968) ([Anirudh-Gupta](https://github.com/Anirudh-Gupta))
|
11
|
+
- Resolved an issue checking ports on windows [\#962](https://github.com/chef/inspec/pull/962) ([chris-rock](https://github.com/chris-rock))
|
12
|
+
|
13
|
+
**Fixed bugs:**
|
14
|
+
|
15
|
+
- Grouping multiple `it` blocks in one `describe` blocks ruins console output during test runs [\#918](https://github.com/chef/inspec/issues/918)
|
16
|
+
- Windows default path format causes errors with inspec check [\#672](https://github.com/chef/inspec/issues/672)
|
17
|
+
- bugfix windows forward slashes handling [\#963](https://github.com/chef/inspec/pull/963) ([chris-rock](https://github.com/chris-rock))
|
18
|
+
- Fix command evaluation for inspec shell -c [\#943](https://github.com/chef/inspec/pull/943) ([ksubrama](https://github.com/ksubrama))
|
19
|
+
|
20
|
+
**Closed issues:**
|
21
|
+
|
22
|
+
- Support sid for user resource [\#960](https://github.com/chef/inspec/issues/960)
|
23
|
+
- Create and load Lockfiles for dependencies [\#950](https://github.com/chef/inspec/issues/950)
|
24
|
+
- Implement test cases for inspec shell [\#942](https://github.com/chef/inspec/issues/942)
|
25
|
+
- Transitive dependency loading [\#915](https://github.com/chef/inspec/issues/915)
|
26
|
+
- Document InSpec OR features [\#853](https://github.com/chef/inspec/issues/853)
|
27
|
+
- Document ini resource [\#848](https://github.com/chef/inspec/issues/848)
|
28
|
+
- Document special service resources [\#495](https://github.com/chef/inspec/issues/495)
|
29
|
+
|
30
|
+
**Merged pull requests:**
|
31
|
+
|
32
|
+
- Reformat service resource docs for discoverability [\#986](https://github.com/chef/inspec/pull/986) ([stevendanna](https://github.com/stevendanna))
|
33
|
+
- Generate documentation for the `vendor` command [\#985](https://github.com/chef/inspec/pull/985) ([stevendanna](https://github.com/stevendanna))
|
34
|
+
- suport for ruby 2.2.2 [\#983](https://github.com/chef/inspec/pull/983) ([chris-rock](https://github.com/chris-rock))
|
35
|
+
- Add windows user SID as 'UID' in user resource. Fix \#960 [\#982](https://github.com/chef/inspec/pull/982) ([ksubrama](https://github.com/ksubrama))
|
36
|
+
- document ini resource [\#981](https://github.com/chef/inspec/pull/981) ([vjeffrey](https://github.com/vjeffrey))
|
37
|
+
- Upgrade FFI to Ruby 2.3 issues on windows [\#980](https://github.com/chef/inspec/pull/980) ([ksubrama](https://github.com/ksubrama))
|
38
|
+
- move train connection out of loop for command\_simulator [\#979](https://github.com/chef/inspec/pull/979) ([vjeffrey](https://github.com/vjeffrey))
|
39
|
+
- Update port.rb Documentation [\#978](https://github.com/chef/inspec/pull/978) ([nvtkaszpir](https://github.com/nvtkaszpir))
|
40
|
+
- first pass at collecting command output for demo [\#977](https://github.com/chef/inspec/pull/977) ([vjeffrey](https://github.com/vjeffrey))
|
41
|
+
- Fix `rake` to work again [\#976](https://github.com/chef/inspec/pull/976) ([jkeiser](https://github.com/jkeiser))
|
42
|
+
- Fix `bundle install` on Ruby 2.1.9 [\#975](https://github.com/chef/inspec/pull/975) ([jkeiser](https://github.com/jkeiser))
|
43
|
+
- Initial control isolation support [\#973](https://github.com/chef/inspec/pull/973) ([stevendanna](https://github.com/stevendanna))
|
44
|
+
- Allow JSON 2.x [\#972](https://github.com/chef/inspec/pull/972) ([chris-rock](https://github.com/chris-rock))
|
45
|
+
- Add Ruby 2.3 to the test matrix, make it the primary test for most suites [\#971](https://github.com/chef/inspec/pull/971) ([jkeiser](https://github.com/jkeiser))
|
46
|
+
- Speed up windows package lookup [\#970](https://github.com/chef/inspec/pull/970) ([ksubrama](https://github.com/ksubrama))
|
47
|
+
- Expand relative paths based on profile location [\#965](https://github.com/chef/inspec/pull/965) ([stevendanna](https://github.com/stevendanna))
|
48
|
+
- restructure test suites in travis [\#964](https://github.com/chef/inspec/pull/964) ([chris-rock](https://github.com/chris-rock))
|
49
|
+
- Replace Molinillo-based resolver [\#961](https://github.com/chef/inspec/pull/961) ([stevendanna](https://github.com/stevendanna))
|
50
|
+
- Add prototype of inspec.lock [\#949](https://github.com/chef/inspec/pull/949) ([stevendanna](https://github.com/stevendanna))
|
51
|
+
- document OR feature [\#947](https://github.com/chef/inspec/pull/947) ([vjeffrey](https://github.com/vjeffrey))
|
52
|
+
- print controls, then tests; print header of describe, then individual test results [\#946](https://github.com/chef/inspec/pull/946) ([vjeffrey](https://github.com/vjeffrey))
|
53
|
+
- Add darwin helper [\#945](https://github.com/chef/inspec/pull/945) ([tas50](https://github.com/tas50))
|
54
|
+
- Update platforms in the docs to match the code [\#944](https://github.com/chef/inspec/pull/944) ([tas50](https://github.com/tas50))
|
55
|
+
- Add integration tests for file owner on windows [\#923](https://github.com/chef/inspec/pull/923) ([chris-rock](https://github.com/chris-rock))
|
56
|
+
|
57
|
+
## [v0.31.0](https://github.com/chef/inspec/tree/v0.31.0) (2016-08-19)
|
58
|
+
[Full Changelog](https://github.com/chef/inspec/compare/v0.30.0...v0.31.0)
|
5
59
|
|
6
60
|
**Implemented enhancements:**
|
7
61
|
|
data/Gemfile
CHANGED
@@ -8,8 +8,12 @@ if Gem::Version.new(RUBY_VERSION) <= Gem::Version.new('1.9.3')
|
|
8
8
|
gem 'net-ssh', '~> 2.9'
|
9
9
|
end
|
10
10
|
|
11
|
-
|
12
|
-
gem '
|
11
|
+
if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.2.2')
|
12
|
+
gem 'json', '~> 1.8'
|
13
|
+
gem 'rack', '< 2.0'
|
14
|
+
end
|
15
|
+
|
16
|
+
gem 'ffi', '>= 1.9.14'
|
13
17
|
|
14
18
|
group :test do
|
15
19
|
gem 'bundler', '~> 1.5'
|
data/MAINTAINERS.md
CHANGED
@@ -8,7 +8,7 @@ This file lists how the InSpec project is maintained. When making changes to the
|
|
8
8
|
system, this file tells you who needs to review your patch - you need at least
|
9
9
|
two maintainers to provide a :+1: on your pull request. Additionally, you need
|
10
10
|
to not receive a veto from a Lieutenant or the Project Lead.
|
11
|
-
Check out [How Chef is Maintained](https://github.com/
|
11
|
+
Check out [How Chef is Maintained](https://github.com/chef/chef-rfc/blob/master/rfc030-maintenance-policy.md#how-the-project-is-maintained)
|
12
12
|
for details on the process, how to become a maintainer, lieutenant, or the
|
13
13
|
project lead.
|
14
14
|
|
@@ -18,6 +18,8 @@ project lead.
|
|
18
18
|
|
19
19
|
Handles the [InSpec](https://github.com/chef/inspec) toolset.
|
20
20
|
|
21
|
+
To mention the team, use @chef/inspec-maintainers
|
22
|
+
|
21
23
|
### Lieutenant
|
22
24
|
|
23
25
|
* [Dominik Richter](https://github.com/arlimus)
|
data/MAINTAINERS.toml
CHANGED
@@ -5,7 +5,7 @@ This file lists how the InSpec project is maintained. When making changes to the
|
|
5
5
|
system, this file tells you who needs to review your patch - you need at least
|
6
6
|
two maintainers to provide a :+1: on your pull request. Additionally, you need
|
7
7
|
to not receive a veto from a Lieutenant or the Project Lead.
|
8
|
-
Check out [How Chef is Maintained](https://github.com/
|
8
|
+
Check out [How Chef is Maintained](https://github.com/chef/chef-rfc/blob/master/rfc030-maintenance-policy.md#how-the-project-is-maintained)
|
9
9
|
for details on the process, how to become a maintainer, lieutenant, or the
|
10
10
|
project lead.
|
11
11
|
"""
|
data/README.md
CHANGED
@@ -170,6 +170,25 @@ Also have a look at our examples for:
|
|
170
170
|
- [Using InSpec with Test Kitchen & Ansible](https://github.com/chef/inspec/tree/master/examples/kitchen-ansible)
|
171
171
|
- [Implementing an InSpec profile](https://github.com/chef/inspec/tree/master/examples/profile)
|
172
172
|
|
173
|
+
## Or tests: Testing for a OR b
|
174
|
+
|
175
|
+
* Using describe.one, you can test for a or b. The control will be marked as passing if EITHER condition is met.
|
176
|
+
|
177
|
+
```ruby
|
178
|
+
control 'or-test' do
|
179
|
+
impact 1.0
|
180
|
+
title 'This is a OR test'
|
181
|
+
describe.one do
|
182
|
+
describe ssh_config do
|
183
|
+
its('Protocol') { should eq('3') }
|
184
|
+
end
|
185
|
+
describe ssh_config do
|
186
|
+
its('Protocol') { should eq('2') }
|
187
|
+
end
|
188
|
+
end
|
189
|
+
end
|
190
|
+
```
|
191
|
+
|
173
192
|
## Command Line Usage
|
174
193
|
|
175
194
|
### exec
|
@@ -231,7 +250,7 @@ OpenSUSE | 13.1/13.2/42.1 | x86_64
|
|
231
250
|
OmniOS | | x86_64
|
232
251
|
Gentoo Linux | | x86_64
|
233
252
|
Arch Linux | | x86_64
|
234
|
-
HP-UX | 11.31 | ia64
|
253
|
+
HP-UX | 11.31 | ia64
|
235
254
|
|
236
255
|
* For Windows 2008 and 2008 R2 an updated Powershell (Windows Management Framework 5.0) is required.
|
237
256
|
|
data/Rakefile
CHANGED
@@ -17,6 +17,13 @@ end
|
|
17
17
|
desc 'Run robocop linter'
|
18
18
|
task lint: [:rubocop]
|
19
19
|
|
20
|
+
# update command output for demo
|
21
|
+
desc 'Run inspec commands and save results to www/app/responses'
|
22
|
+
task :update_demo do
|
23
|
+
commands = 'tasks/command_simulator.rb'
|
24
|
+
ruby commands
|
25
|
+
end
|
26
|
+
|
20
27
|
# run tests
|
21
28
|
task default: [:test, :lint]
|
22
29
|
|
@@ -145,6 +152,7 @@ task :bump_version, [:version] do |_, args|
|
|
145
152
|
check_update_requirements
|
146
153
|
inspec_version(v)
|
147
154
|
Rake::Task['changelog'].invoke
|
155
|
+
Rake::Task['docs:cli'].invoke
|
148
156
|
end
|
149
157
|
|
150
158
|
desc 'Release a new docker image'
|
data/docs/cli.rst
CHANGED
@@ -63,7 +63,7 @@ Options
|
|
63
63
|
This subcommand has additional options:
|
64
64
|
|
65
65
|
``--format=FORMAT``
|
66
|
-
|
66
|
+
|
67
67
|
|
68
68
|
``--profiles-path=PROFILES_PATH``
|
69
69
|
Folder which contains referenced profiles.
|
@@ -109,7 +109,7 @@ This subcommand has additional options:
|
|
109
109
|
Choose a backend: local, ssh, winrm, docker.
|
110
110
|
|
111
111
|
``--format=FORMAT``
|
112
|
-
|
112
|
+
|
113
113
|
|
114
114
|
``--host=HOST``
|
115
115
|
Specify a remote host which is tested.
|
@@ -408,6 +408,22 @@ This subcommand has the following syntax:
|
|
408
408
|
|
409
409
|
|
410
410
|
|
411
|
+
vendor
|
412
|
+
=====================================================
|
413
|
+
|
414
|
+
Download all dependencies and generate a lockfile
|
415
|
+
|
416
|
+
Syntax
|
417
|
+
-----------------------------------------------------
|
418
|
+
|
419
|
+
This subcommand has the following syntax:
|
420
|
+
|
421
|
+
.. code-block:: bash
|
422
|
+
|
423
|
+
$ inspec vendor
|
424
|
+
|
425
|
+
|
426
|
+
|
411
427
|
version
|
412
428
|
=====================================================
|
413
429
|
|
data/docs/resources.rst
CHANGED
@@ -23,6 +23,7 @@ The following InSpec audit resources are available:
|
|
23
23
|
* `host`_
|
24
24
|
* `iis_site`_
|
25
25
|
* `inetd_conf`_
|
26
|
+
* `ini`_
|
26
27
|
* `interface`_
|
27
28
|
* `iptables`_
|
28
29
|
* `kernel_module`_
|
@@ -1999,6 +2000,48 @@ then the same test will return ``false`` for ``ftp`` and the entire test will fa
|
|
1999
2000
|
end
|
2000
2001
|
|
2001
2002
|
|
2003
|
+
ini
|
2004
|
+
=====================================================
|
2005
|
+
Use the ``ini`` |inspec resource| to test data in a INI file.
|
2006
|
+
|
2007
|
+
**Stability: Stable**
|
2008
|
+
|
2009
|
+
Syntax
|
2010
|
+
-----------------------------------------------------
|
2011
|
+
An ``ini`` |inspec resource| block declares the content of the ``ini`` file:
|
2012
|
+
|
2013
|
+
.. code-block:: ruby
|
2014
|
+
|
2015
|
+
describe ini('path/to/ini_file.ini') do
|
2016
|
+
its('auth_protocol') { should eq 'https' }
|
2017
|
+
end
|
2018
|
+
|
2019
|
+
where
|
2020
|
+
|
2021
|
+
* ``'auth_protocol'`` is a key in the ``ini`` file
|
2022
|
+
* ``('https')`` is the expected value associated with the above key in the ``ini`` file
|
2023
|
+
|
2024
|
+
Matchers
|
2025
|
+
-----------------------------------------------------
|
2026
|
+
This |inspec resource| matches any content in the ``ini`` file:
|
2027
|
+
|
2028
|
+
.. code-block:: ruby
|
2029
|
+
|
2030
|
+
its('port') { should eq '143' }
|
2031
|
+
|
2032
|
+
Examples
|
2033
|
+
-----------------------------------------------------
|
2034
|
+
The following examples show how to use this InSpec audit resource.
|
2035
|
+
|
2036
|
+
For example:
|
2037
|
+
|
2038
|
+
.. code-block:: ruby
|
2039
|
+
|
2040
|
+
describe ini('path/to/ini_file.ini') do
|
2041
|
+
its('port') { should eq '143' }
|
2042
|
+
its('server') { should eq '192.0.2.62' }
|
2043
|
+
end
|
2044
|
+
|
2002
2045
|
|
2003
2046
|
interface
|
2004
2047
|
=====================================================
|
@@ -2854,7 +2897,7 @@ A ``os`` |inspec resource| block declares the platform to be tested:
|
|
2854
2897
|
|
2855
2898
|
where
|
2856
2899
|
|
2857
|
-
* ``'
|
2900
|
+
* ``'family'`` is one of ``aix``, ``bsd``, ``debian``, ``hpux``, ``linux``, ``redhat``, ``solaris``, ``suse``, ``unix``, or ``windows``
|
2858
2901
|
|
2859
2902
|
|
2860
2903
|
Matchers
|
@@ -4194,8 +4237,17 @@ Under some circumstances, it may be required to override the logic in place to s
|
|
4194
4237
|
it { should be_running }
|
4195
4238
|
end
|
4196
4239
|
|
4197
|
-
|
4198
|
-
|
4240
|
+
The following service-manager-specific resources are available:
|
4241
|
+
|
4242
|
+
* ``systemd_service``,
|
4243
|
+
* ``runit_service``,
|
4244
|
+
* ``sysv_service``,
|
4245
|
+
* ``bsd_service``, and
|
4246
|
+
* ``launchd_service``.
|
4247
|
+
|
4248
|
+
These resources support the same matchers as the `service` resource.
|
4249
|
+
|
4250
|
+
You can also provide the path to the service manager's control tool. This is useful in cases when it isn't available in the current `PATH`.
|
4199
4251
|
For example, if your `sv` command for services managed by Runit is not in PATH:
|
4200
4252
|
|
4201
4253
|
.. code-block:: ruby
|
data/inspec.gemspec
CHANGED
@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
|
|
26
26
|
|
27
27
|
spec.add_dependency 'train', '>=0.16.0', '<1.0'
|
28
28
|
spec.add_dependency 'thor', '~> 0.19'
|
29
|
-
spec.add_dependency 'json', '
|
29
|
+
spec.add_dependency 'json', '>= 1.8', '< 3.0'
|
30
30
|
spec.add_dependency 'rainbow', '~> 2'
|
31
31
|
spec.add_dependency 'method_source', '~> 0.8'
|
32
32
|
spec.add_dependency 'rubyzip', '~> 1.1'
|
@@ -34,6 +34,6 @@ Gem::Specification.new do |spec|
|
|
34
34
|
spec.add_dependency 'rspec-its', '~> 1.2'
|
35
35
|
spec.add_dependency 'pry', '~> 0'
|
36
36
|
spec.add_dependency 'hashie', '~> 3.4'
|
37
|
-
spec.add_dependency '
|
37
|
+
spec.add_dependency 'mixlib-log'
|
38
38
|
spec.add_dependency 'sslshake', '~> 1'
|
39
39
|
end
|
data/lib/fetchers/local.rb
CHANGED
@@ -10,7 +10,17 @@ module Fetchers
|
|
10
10
|
attr_reader :files
|
11
11
|
|
12
12
|
def self.resolve(target)
|
13
|
-
unless target.is_a?(String)
|
13
|
+
return nil unless target.is_a?(String)
|
14
|
+
|
15
|
+
# Support "urls" in the form of file://
|
16
|
+
if target.start_with?('file://')
|
17
|
+
target = target.gsub(%r{^file://}, '')
|
18
|
+
else
|
19
|
+
# support for windows paths
|
20
|
+
target = target.tr('\\', '/')
|
21
|
+
end
|
22
|
+
|
23
|
+
if !File.exist?(target)
|
14
24
|
nil
|
15
25
|
else
|
16
26
|
new(target)
|
@@ -18,6 +28,7 @@ module Fetchers
|
|
18
28
|
end
|
19
29
|
|
20
30
|
def initialize(target)
|
31
|
+
@target = target
|
21
32
|
if File.file?(target)
|
22
33
|
@files = [target]
|
23
34
|
else
|
data/lib/fetchers/tar.rb
CHANGED
data/lib/fetchers/url.rb
CHANGED
data/lib/inspec/base_cli.rb
CHANGED
@@ -3,6 +3,7 @@
|
|
3
3
|
# author: Dominik Richter
|
4
4
|
|
5
5
|
require 'thor'
|
6
|
+
require 'inspec/log'
|
6
7
|
|
7
8
|
module Inspec
|
8
9
|
class BaseCLI < Thor # rubocop:disable Metrics/ClassLength
|
@@ -128,6 +129,22 @@ module Inspec
|
|
128
129
|
end
|
129
130
|
|
130
131
|
def configure_logger(o)
|
132
|
+
#
|
133
|
+
# TODO(ssd): This is a big gross, but this configures the
|
134
|
+
# logging singleton Inspec::Log. Eventually it would be nice to
|
135
|
+
# move internal debug logging to use this logging singleton.
|
136
|
+
#
|
137
|
+
loc = if o.log_location
|
138
|
+
o.log_location
|
139
|
+
elsif %w{json json-min}.include?(o['format'])
|
140
|
+
STDERR
|
141
|
+
else
|
142
|
+
STDOUT
|
143
|
+
end
|
144
|
+
|
145
|
+
Inspec::Log.init(loc)
|
146
|
+
Inspec::Log.level = get_log_level(o.log_level)
|
147
|
+
|
131
148
|
o[:logger] = Logger.new(STDOUT)
|
132
149
|
# output json if we have activated the json formatter
|
133
150
|
if opts['log-format'] == 'json'
|
data/lib/inspec/cli.rb
CHANGED
@@ -15,6 +15,12 @@ require 'inspec/runner_mock'
|
|
15
15
|
require 'inspec/env_printer'
|
16
16
|
|
17
17
|
class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
|
18
|
+
class_option :log_level, aliases: :l, type: :string,
|
19
|
+
desc: 'Set the log level: info (default), debug, warn, error'
|
20
|
+
|
21
|
+
class_option :log_location, type: :string,
|
22
|
+
desc: 'Location to send diagnostic log messages to. (default: STDOUT or STDERR)'
|
23
|
+
|
18
24
|
class_option :diagnose, type: :boolean,
|
19
25
|
desc: 'Show diagnostics (versions, configurations)'
|
20
26
|
|
@@ -93,6 +99,14 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
|
|
93
99
|
exit 1 unless result[:summary][:valid]
|
94
100
|
end
|
95
101
|
|
102
|
+
desc 'vendor', 'Download all dependencies and generate a lockfile'
|
103
|
+
def vendor(path = nil)
|
104
|
+
configure_logger(opts)
|
105
|
+
profile = Inspec::Profile.for_target('./', opts)
|
106
|
+
lockfile = profile.generate_lockfile(path)
|
107
|
+
File.write('inspec.lock', lockfile.to_yaml)
|
108
|
+
end
|
109
|
+
|
96
110
|
desc 'archive PATH', 'archive a profile to tar.gz (default) or zip'
|
97
111
|
profile_options
|
98
112
|
option :output, aliases: :o, type: :string,
|
@@ -128,6 +142,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
|
|
128
142
|
exec_options
|
129
143
|
def exec(*targets)
|
130
144
|
diagnose
|
145
|
+
configure_logger(opts)
|
131
146
|
o = opts.dup
|
132
147
|
|
133
148
|
# run tests
|
@@ -140,7 +155,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
|
|
140
155
|
def detect
|
141
156
|
o = opts.dup
|
142
157
|
o[:command] = 'os.params'
|
143
|
-
res = run_command(o)
|
158
|
+
(_, res) = run_command(o)
|
144
159
|
if opts['format'] == 'json'
|
145
160
|
puts res.to_json
|
146
161
|
else
|
@@ -162,22 +177,23 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
|
|
162
177
|
diagnose
|
163
178
|
o = opts.dup
|
164
179
|
|
165
|
-
|
180
|
+
json_output = ['json', 'json-min'].include?(opts['format'])
|
181
|
+
log_device = json_output ? nil : STDOUT
|
166
182
|
o[:logger] = Logger.new(log_device)
|
167
183
|
o[:logger].level = get_log_level(o.log_level)
|
168
184
|
|
169
185
|
if o[:command].nil?
|
170
186
|
runner = Inspec::Runner.new(o)
|
171
187
|
return Inspec::Shell.new(runner).start
|
172
|
-
else
|
173
|
-
res = run_command(o)
|
174
|
-
if opts['format'] == 'json'
|
175
|
-
jres = res.respond_to?(:to_json) ? res.to_json : JSON.dump(res)
|
176
|
-
puts jres
|
177
|
-
else
|
178
|
-
puts res
|
179
|
-
end
|
180
188
|
end
|
189
|
+
|
190
|
+
run_type, res = run_command(o)
|
191
|
+
exit res unless run_type == :ruby_eval
|
192
|
+
|
193
|
+
# No InSpec tests - just print evaluation output.
|
194
|
+
res = (res.respond_to?(:to_json) ? res.to_json : JSON.dump(res)) if json_output
|
195
|
+
puts res
|
196
|
+
exit 0
|
181
197
|
rescue RuntimeError, Train::UserError => e
|
182
198
|
$stderr.puts e.message
|
183
199
|
end
|
@@ -196,9 +212,14 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
|
|
196
212
|
private
|
197
213
|
|
198
214
|
def run_command(opts)
|
199
|
-
opts[:test_collector] = Inspec::RunnerMock.new
|
200
215
|
runner = Inspec::Runner.new(opts)
|
201
|
-
runner.create_context
|
216
|
+
ctx = runner.create_context(opts)
|
217
|
+
res = ctx.load(opts[:command])
|
218
|
+
|
219
|
+
return :ruby_eval, res if ctx.rules.empty?
|
220
|
+
|
221
|
+
runner.register_rules(ctx)
|
222
|
+
return :rspec_run, runner.run # rubocop:disable Style/RedundantReturn
|
202
223
|
end
|
203
224
|
end
|
204
225
|
|