inspec 1.6.0 → 1.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cd0cb42f326fa8d1e5c78e7cb2d190912f29dbe8
-  data.tar.gz: 1a6b9b13d1c21616d2ab9af800fac73fd573ff8f
+  metadata.gz: a69a3a78ee7d17ad89e5d13c6445346393e1e1a1
+  data.tar.gz: 03059ff1d249a73bc2f49bdfbac8f162eb3ee3ab
 SHA512:
-  metadata.gz: 189769e535f062fb5bc6d8f1ea1f16f3fa24a0904f816216ea5cbf810ec38cc87eeb19171d80ce41fed1d52ebeb1a57e07d5aef3098132ee1ad39e0e0726a131
-  data.tar.gz: 9b456f2b72df9b323c1cb9a96a917bfafe2229aa5fabf8507694ba61d75b48477589a6047750c5cbf592f28e0d691a5c589149c44d554761b7008663abc58b49
+  metadata.gz: c71b46c3f283a84725615ebcdab4d8b0e58e301a7bd53ba0903a4abbd7e0d54af271b2d24dc21d1cafcbade09ced2ee5b1a4cc2af55594d47d925b9b39e13e46
+  data.tar.gz: db25eac456c658775d97fa388e68b7d1e8a39562615cfdaf5d76647d9045c5b4a4ab914f2a12d3321e4e44261f02eaa0ef8ea0017dc667663b98677323cb8cac

data/CHANGELOG.md

@@ -1,7 +1,39 @@
 # Change Log
 
-## [1.6.0](https://github.com/chef/inspec/tree/1.6.0) (2016-11-28)
-[Full Changelog](https://github.com/chef/inspec/compare/v1.5.0...1.6.0)
+## [1.7.0](https://github.com/chef/inspec/tree/1.7.0) (2016-12-02)
+[Full Changelog](https://github.com/chef/inspec/compare/v1.6.0...1.7.0)
+
+**Implemented enhancements:**
+
+- inspec compliance profiles should support automate as a backend [\#1295](https://github.com/chef/inspec/issues/1295)
+- this is killing my eyes!!!!!!!!! [\#951](https://github.com/chef/inspec/issues/951)
+- Show process name during inspec output [\#1329](https://github.com/chef/inspec/pull/1329) ([jcastillocano](https://github.com/jcastillocano))
+
+**Fixed bugs:**
+
+- inspec.lock not loaded from tarball profiles [\#1322](https://github.com/chef/inspec/issues/1322)
+- InSpec tries to re-fetch profiles even if lockfile exists [\#1316](https://github.com/chef/inspec/issues/1316)
+- fix docker release script [\#1328](https://github.com/chef/inspec/pull/1328) ([chris-rock](https://github.com/chris-rock))
+- Provide inspec.lock for archives as well [\#1323](https://github.com/chef/inspec/pull/1323) ([alexpop](https://github.com/alexpop))
+- inspec check and json to use vendored dependencies [\#1321](https://github.com/chef/inspec/pull/1321) ([alexpop](https://github.com/alexpop))
+
+**Closed issues:**
+
+- RegExp in processes resource can't match long-run process [\#1332](https://github.com/chef/inspec/issues/1332)
+- inspec archive vendoring [\#1325](https://github.com/chef/inspec/issues/1325)
+- inspec compliance upload of a meta-profile [\#1294](https://github.com/chef/inspec/issues/1294)
+
+**Merged pull requests:**
+
+- improve functional tests for vendored profiles [\#1337](https://github.com/chef/inspec/pull/1337) ([chris-rock](https://github.com/chris-rock))
+- Adds junit to the inspec help exec [\#1336](https://github.com/chef/inspec/pull/1336) ([burtlo](https://github.com/burtlo))
+- Vendor profile when uploading to chef-compliance [\#1334](https://github.com/chef/inspec/pull/1334) ([vjeffrey](https://github.com/vjeffrey))
+- fix bug: RegExp in processes resource can't match long-run process \#1332 [\#1333](https://github.com/chef/inspec/pull/1333) ([Wing924](https://github.com/Wing924))
+- clean up rspec\_json\_formatter [\#1314](https://github.com/chef/inspec/pull/1314) ([vjeffrey](https://github.com/vjeffrey))
+- enable inspec compliance cli support automate [\#1297](https://github.com/chef/inspec/pull/1297) ([vjeffrey](https://github.com/vjeffrey))
+
+## [v1.6.0](https://github.com/chef/inspec/tree/v1.6.0) (2016-11-28)
+[Full Changelog](https://github.com/chef/inspec/compare/v1.5.0...v1.6.0)
 
 **Fixed bugs:**
 

data/Rakefile

@@ -163,8 +163,8 @@ task :release_docker do
   cmd = "rm *.gem; gem build *gemspec && "\
         "mv *.gem inspec.gem && "\
         "docker build -t chef/inspec:#{version} . && "\
-        "docker push chef/inspec:#{version}"
-        "docker tag chef/inspec:#{version} chef/inspec:latest"
+        "docker push chef/inspec:#{version} && "\
+        "docker tag chef/inspec:#{version} chef/inspec:latest &&"\
         "docker push chef/inspec:latest"
   puts "--> #{cmd}"
   sh('sh', '-c', cmd)

data/examples/meta-profile/inspec.yml

@@ -8,6 +8,6 @@ summary: InSpec Profile that is only consuming dependencies
 version: 0.2.0
 depends:
   - name: hardening/ssh-hardening  # defaults to supermarket
-  - git: https://github.com/dev-sec/ssl-benchmark.git
+  - url: https://github.com/dev-sec/ssl-benchmark
   - name: windows-patch-benchmark
-    git: https://github.com/chris-rock/windows-patch-benchmark.git
+    url: https://github.com/chris-rock/windows-patch-benchmark

data/lib/bundles/inspec-compliance/api.rb

@@ -8,12 +8,12 @@ require 'uri'
 module Compliance
   # API Implementation does not hold any state by itself,
   # everything will be stored in local Configuration store
-  class API
+  class API # rubocop:disable Metrics/ClassLength
     # return all compliance profiles available for the user
     def self.profiles(config)
-      url = "#{config['server']}/user/compliance"
-      # TODO, api should not be dependent on .supported?
-      response = Compliance::HTTP.get(url, config['token'], config['insecure'], !config.supported?(:oidc))
+      config['server_type'] == 'automate' ? url = "#{config['server']}/#{config['user']}" : url = "#{config['server']}/user/compliance"
+      headers = get_headers(config)
+      response = Compliance::HTTP.get(url, headers, config['insecure'])
       data = response.body
       response_code = response.code
       case response_code
@@ -21,11 +21,17 @@ module Compliance
         msg = 'success'
         profiles = JSON.parse(data)
         # iterate over profiles
-        mapped_profiles = profiles.map do |owner, ps|
-          ps.keys.map do |name|
-            { org: owner, name: name }
-          end
-        end.flatten
+        if config['server_type'] == 'automate'
+          mapped_profiles = profiles.map do |owner, ps|
+            { org: ps['owner_id'], name: owner }
+          end.flatten
+        else
+          mapped_profiles = profiles.map do |owner, ps|
+            ps.keys.map do |name|
+              { org: owner, name: name }
+            end
+          end.flatten
+        end
         return msg, mapped_profiles
       when '401'
         msg = '401 Unauthorized. Please check your token.'
@@ -69,8 +75,9 @@ Please login using `inspec compliance login https://compliance.test --user admin
 
     def self.upload(config, owner, profile_name, archive_path)
       # upload the tar to Chef Compliance
-      url = "#{config['server']}/owners/#{owner}/compliance/#{profile_name}/tar"
-      res = Compliance::HTTP.post_file(url, config['token'], archive_path, config['insecure'], !config.supported?(:oidc))
+      config['server_type'] == 'automate' ? url = "#{config['server']}/#{config['user']}" : url = "#{config['server']}/owners/#{owner}/compliance/#{profile_name}/tar"
+      headers = get_headers(config)
+      res = Compliance::HTTP.post_file(url, headers, archive_path, config['insecure'])
       [res.is_a?(Net::HTTPSuccess), res.body]
     end
 
@@ -121,5 +128,20 @@ Please login using `inspec compliance login https://compliance.test --user admin
 
       [success, msg, access_token]
     end
+
+    def self.get_headers(config)
+      if config['server_type'] == 'automate'
+        headers = { 'chef-delivery-enterprise' => config['automate']['ent'] }
+        if config['automate']['token_type'] == 'dctoken'
+          headers['x-data-collector-token'] = config['token']
+        else
+          headers['chef-delivery-user'] = config['user']
+          headers['chef-delivery-token'] = config['token']
+        end
+      else
+        headers = { 'Authorization' => "Bearer #{config['token']}" }
+      end
+      headers
+    end
   end
 end

data/lib/bundles/inspec-compliance/cli.rb

@@ -36,6 +36,7 @@ module Compliance
 
       options['server'] = server
       url = options['server'] + options['apipath']
+
       if !options['user'].nil? && !options['password'].nil?
         # username / password
         _success, msg = login_username_password(url, options['user'], options['password'], options['insecure'])
@@ -56,6 +57,35 @@ module Compliance
       puts '', msg
     end
 
+    desc "login_automate SERVER --user='USER' --ent='ENT' --dctoken or --usertoken='TOKEN'", 'Log in to an Automate SERVER'
+    option :dctoken, type: :string,
+      desc: 'Data Collector token'
+    option :usertoken, type: :string,
+      desc: 'Automate user token'
+    option :user, type: :string,
+      desc: 'Automate username'
+    option :ent, type: :string,
+      desc: 'Enterprise for Chef Automate reporting'
+    option :insecure, aliases: :k, type: :boolean,
+      desc: 'Explicitly allows InSpec to perform "insecure" SSL connections and transfers'
+    def login_automate(server) # rubocop:disable Metrics/AbcSize
+      options['server'] = server
+      url = options['server'] + '/compliance/profiles'
+
+      if url && !options['user'].nil? && !options['ent'].nil?
+        if !options['dctoken'].nil? || !options['usertoken'].nil?
+          msg = login_automate_config(url, options['user'], options['dctoken'], options['usertoken'], options['ent'], options['insecure'])
+        else
+          puts "Please specify a token using --dctoken='DATA_COLLECTOR_TOKEN' or usertoken='AUTOMATE_TOKEN' "
+          exit 1
+        end
+      else
+        puts "Please login to your automate instance using 'inspec compliance login_automate SERVER --user AUTOMATE_USER --ent AUTOMATE_ENT --dctoken DC_TOKEN or --usertoken USER_TOKEN' "
+        exit 1
+      end
+      puts '', msg
+    end
+
     desc 'profiles', 'list all available profiles in Chef Compliance'
     def profiles
       config = Compliance::Configuration.new
@@ -79,10 +109,8 @@ module Compliance
     def exec(*tests)
       config = Compliance::Configuration.new
       return if !loggedin(config)
-
       # iterate over tests and add compliance scheme
       tests = tests.map { |t| 'compliance://' + t }
-
       # execute profile from inspec exec implementation
       diagnose
       run_tests(tests, opts)
@@ -100,6 +128,8 @@ module Compliance
         exit 1
       end
 
+      vendor_deps(path, options) if File.directory?(path)
+
       o = options.dup
       configure_logger(o)
       # check the profile, we only allow to upload valid profiles
@@ -144,7 +174,6 @@ module Compliance
       # if it is a directory, tar it to tmp directory
       if File.directory?(path)
         archive_path = Dir::Tmpname.create([profile_name, '.tar.gz']) {}
-        # archive_path = file.path
         puts "Generate temporary profile archive at #{archive_path}"
         profile.archive({ output: archive_path, ignore_errors: false, overwrite: true })
       else
@@ -154,7 +183,8 @@ module Compliance
       puts "Start upload to #{owner}/#{profile_name}"
       pname = ERB::Util.url_encode(profile_name)
 
-      puts 'Uploading to Chef Compliance'
+      config['server_type'] == 'automate' ? upload_msg = 'Uploading to Chef Automate' : upload_msg = 'Uploading to Chef Compliance'
+      puts upload_msg
       success, msg = Compliance::API.upload(config, owner, pname, archive_path)
 
       if success
@@ -169,24 +199,27 @@ module Compliance
     desc 'version', 'displays the version of the Chef Compliance server'
     def version
       config = Compliance::Configuration.new
-      info = Compliance::API.version(config['server'], config['insecure'])
-      if !info.nil? && info['version']
-        puts "Chef Compliance version: #{info['version']}"
+      if config['server_type'] == 'automate'
+        puts 'Version not available when logged in with Automate.'
       else
-        puts 'Could not determine server version.'
-        exit 1
+        info = Compliance::API.version(config['server'], config['insecure'])
+        if !info.nil? && info['version']
+          puts "Chef Compliance version: #{info['version']}"
+        else
+          puts 'Could not determine server version.'
+          exit 1
+        end
       end
     end
 
     desc 'logout', 'user logout from Chef Compliance'
     def logout
       config = Compliance::Configuration.new
-      unless config.supported?(:oidc) || config['token'].nil?
+      unless config.supported?(:oidc) || config['token'].nil? || config['server_type'] == 'automate'
         config = Compliance::Configuration.new
         url = "#{config['server']}/logout"
         Compliance::API.post(url, config['token'], config['insecure'], !config.supported?(:oidc))
       end
-
       success = config.destroy
 
       if success
@@ -198,6 +231,32 @@ module Compliance
 
     private
 
+    def login_automate_config(url, user, dctoken, usertoken, ent, insecure) # rubocop:disable Metrics/ParameterLists
+      config = Compliance::Configuration.new
+      config['user'] = user
+      config['server'] = url
+      config['automate'] = {}
+      config['automate']['ent'] = ent
+      config['server_type'] = 'automate'
+      config['insecure'] = insecure
+
+      # determine token method being used
+      if !dctoken.nil?
+        config['token'] = dctoken
+        token_type = 'dctoken'
+        token_msg = 'data collector token'
+      else
+        config['token'] = usertoken
+        token_type = 'usertoken'
+        token_msg = 'automate user token'
+      end
+
+      config['automate']['token_type'] = token_type
+      config.store
+      msg = "Stored configuration for Chef Automate: '#{url}' with user: '#{user}', ent: '#{ent}' and your #{token_msg}"
+      msg
+    end
+
     def login_refreshtoken(url, options)
       success, msg, access_token = Compliance::API.get_token_via_refresh_token(url, options['refresh_token'], options['insecure'])
       if success
@@ -206,6 +265,7 @@ module Compliance
         config['token'] = access_token
         config['insecure'] = options['insecure']
         config['version'] = Compliance::API.version(url, options['insecure'])
+        config['server_type'] = 'compliance'
         config.store
       end
 
@@ -221,6 +281,7 @@ module Compliance
         config['token'] = api_token
         config['insecure'] = insecure
         config['version'] = Compliance::API.version(url, insecure)
+        config['server_type'] = 'compliance'
         config.store
         success = true
       end
@@ -267,7 +328,7 @@ module Compliance
 
     def loggedin(config)
       serverknown = !config['server'].nil?
-      puts 'You need to login first with `inspec compliance login`' if !serverknown
+      puts 'You need to login first with `inspec compliance login` or `inspec compliance login_automate`' if !serverknown
       serverknown
     end
   end

data/lib/bundles/inspec-compliance/http.rb

@@ -9,16 +9,13 @@ module Compliance
   # implements a simple http abstraction on top of Net::HTTP
   class HTTP
     # generic get requires
-    def self.get(url, token, insecure, basic_auth = false)
+    def self.get(url, headers = nil, insecure)
       uri = URI.parse(url)
       req = Net::HTTP::Get.new(uri.path)
-
-      return send_request(uri, req, insecure) if token.nil?
-
-      if basic_auth
-        req.basic_auth(token, '')
-      else
-        req['Authorization'] = "Bearer #{token}"
+      if !headers.nil?
+        headers.each do |key, value|
+          req.add_field(key, value)
+        end
       end
       send_request(uri, req, insecure)
     end
@@ -39,7 +36,7 @@ module Compliance
     end
 
     # post a file
-    def self.post_file(url, token, file_path, insecure, basic_auth = false)
+    def self.post_file(url, headers, file_path, insecure)
       uri = URI.parse(url)
       fail "Unable to parse URL: #{url}" if uri.nil? || uri.host.nil?
       http = Net::HTTP.new(uri.host, uri.port)
@@ -49,10 +46,8 @@ module Compliance
       http.verify_mode = OpenSSL::SSL::VERIFY_NONE if insecure
 
       req = Net::HTTP::Post.new(uri.path)
-      if basic_auth
-        req.basic_auth token, ''
-      else
-        req['Authorization'] = "Bearer #{token}"
+      headers.each do |key, value|
+        req.add_field(key, value)
       end
 
       req.body_stream=File.open(file_path, 'rb')

data/lib/bundles/inspec-compliance/target.rb

@@ -13,8 +13,7 @@ module Compliance
   class Fetcher < Fetchers::Url
     name 'compliance'
     priority 500
-
-    def self.resolve(target)
+    def self.resolve(target) # rubocop:disable PerceivedComplexity
       uri = if target.is_a?(String) && URI(target).scheme == 'compliance'
               URI(target)
             elsif target.respond_to?(:key?) && target.key?(:compliance)
@@ -26,14 +25,21 @@ module Compliance
       # check if we have a compliance token
       config = Compliance::Configuration.new
       if config['token'].nil?
+        if config['server_type'] == 'automate'
+          server = 'automate'
+          msg = 'inspec compliance login_automate https://your_automate_server --user USER --ent ENT --dctoken DCTOKEN or --usertoken USERTOKEN'
+        else
+          server = 'compliance'
+          msg = "inspec compliance login https://your_compliance_server --user admin --insecure --token 'PASTE TOKEN HERE' "
+        end
         fail Inspec::FetcherFailure, <<EOF
 
-Cannot fetch #{uri} because your compliance token has not been
+Cannot fetch #{uri} because your #{server} token has not been
 configured.
 
 Please login using
 
-    inspec compliance login https://your_compliance_server --user admin --insecure --token 'PASTE TOKEN HERE'
+    #{msg}
 EOF
       end
 
@@ -48,8 +54,13 @@ EOF
     end
 
     def self.target_url(profile, config)
-      owner, id = profile.split('/')
-      "#{config['server']}/owners/#{owner}/compliance/#{id}/tar"
+      if config['server_type'] == 'automate'
+        target = "#{config['server']}/#{profile}/tar"
+      else
+        owner, id = profile.split('/')
+        target = "#{config['server']}/owners/#{owner}/compliance/#{id}/tar"
+      end
+      target
     end
 
     #

data/lib/fetchers/url.rb

@@ -8,7 +8,7 @@ require 'tempfile'
 require 'open-uri'
 
 module Fetchers
-  class Url < Inspec.fetcher(1)
+  class Url < Inspec.fetcher(1) # rubocop:disable Metrics/ClassLength
     MIME_TYPES = {
       'application/x-zip-compressed' => '.zip',
       'application/zip' => '.zip',
@@ -126,7 +126,19 @@ module Fetchers
       Inspec::Log.debug("Fetching URL: #{@target}")
       http_opts = {}
       http_opts['ssl_verify_mode'.to_sym] = OpenSSL::SSL::VERIFY_NONE if @insecure
-      http_opts['Authorization'] = "Bearer #{@token}" if @token
+      if @config
+        if @config['server_type'] == 'automate'
+          http_opts['chef-delivery-enterprise'] = @config['automate']['ent']
+          if @config['automate']['token_type'] == 'dctoken'
+            http_opts['x-data-collector-token'] = @config['token']
+          else
+            http_opts['chef-delivery-user'] = @config['user']
+            http_opts['chef-delivery-token'] = @config['token']
+          end
+        elsif @token
+          http_opts['Authorization'] = "Bearer #{@token}"
+        end
+      end
       remote = open(@target, http_opts)
       @archive_type = file_type_from_remote(remote) # side effect :(
       archive = Tempfile.new(['inspec-dl-', @archive_type])

data/lib/inspec/base_cli.rb

@@ -57,7 +57,7 @@ module Inspec
       option :controls, type: :array,
         desc: 'A list of controls to run. Ignore all other tests.'
       option :format, type: :string,
-        desc: 'Which formatter to use: cli, progress, documentation, json, json-min'
+        desc: 'Which formatter to use: cli, progress, documentation, json, json-min, junit'
       option :color, type: :boolean, default: true,
         desc: 'Use colors in output.'
       option :attrs, type: :array,
@@ -146,6 +146,35 @@ module Inspec
       end
     end
 
+    def vendor_deps(path, opts)
+      path.nil? ? path = Pathname.new(Dir.pwd) : path = Pathname.new(path)
+      cache_path = path.join('vendor')
+      inspec_lock = path.join('inspec.lock')
+
+      if (cache_path.exist? || inspec_lock.exist?) && !opts[:overwrite]
+        puts 'Profile is already vendored. Use --overwrite.'
+        return false
+      end
+
+      # remove existing
+      FileUtils.rm_rf(cache_path) if cache_path.exist?
+      File.delete(inspec_lock) if inspec_lock.exist?
+
+      puts "Vendor dependencies of #{path} into #{cache_path}"
+      opts[:logger] = Logger.new(STDOUT)
+      opts[:logger].level = get_log_level(opts.log_level)
+      opts[:cache] = Inspec::Cache.new(cache_path.to_s)
+      opts[:backend] = Inspec::Backend.create(target: 'mock://')
+      configure_logger(opts)
+
+      # vendor dependencies and generate lockfile
+      profile = Inspec::Profile.for_target(path.to_s, opts)
+      lockfile = profile.generate_lockfile
+      File.write(inspec_lock, lockfile.to_yaml)
+    rescue StandardError => e
+      pretty_handle_exception(e)
+    end
+
     def configure_logger(o)
       #
       # TODO(ssd): This is a big gross, but this configures the

data/lib/inspec/cli.rb

@@ -33,6 +33,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
   def json(target)
     diagnose
     o = opts.dup
+    configure_logger(o)
     o[:ignore_supports] = true
     o[:backend] = Inspec::Backend.create(target: 'mock://')
 
@@ -59,7 +60,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
   def check(path) # rubocop:disable Metrics/AbcSize
     diagnose
     o = opts.dup
-    # configure_logger(o) # we do not need a logger for check yet
+    configure_logger(o)
     o[:ignore_supports] = true # we check for integrity only
     o[:backend] = Inspec::Backend.create(target: 'mock://')
 
@@ -108,35 +109,9 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
   desc 'vendor PATH', 'Download all dependencies and generate a lockfile in a `vendor` directory'
   option :overwrite, type: :boolean, default: false,
     desc: 'Overwrite existing vendored dependencies and lockfile.'
-  def vendor(path = nil) # rubocop:disable Metrics/AbcSize
+  def vendor(path = nil)
     o = opts.dup
-
-    path.nil? ? path = Pathname.new(Dir.pwd) : path = Pathname.new(path)
-    cache_path = path.join('vendor')
-    inspec_lock = path.join('inspec.lock')
-
-    if (cache_path.exist? || inspec_lock.exist?) && !opts[:overwrite]
-      puts 'Profile is already vendored. Use --overwrite.'
-      return false
-    end
-
-    # remove existing
-    FileUtils.rm_rf(cache_path) if cache_path.exist?
-    File.delete(inspec_lock) if inspec_lock.exist?
-
-    puts "Vendor dependencies of #{path} into #{cache_path}"
-    o[:logger] = Logger.new(STDOUT)
-    o[:logger].level = get_log_level(o.log_level)
-    o[:cache] = Inspec::Cache.new(cache_path.to_s)
-    o[:backend] = Inspec::Backend.create(target: 'mock://')
-    configure_logger(o)
-
-    # vendor dependencies and generate lockfile
-    profile = Inspec::Profile.for_target(path.to_s, o)
-    lockfile = profile.generate_lockfile
-    File.write(inspec_lock, lockfile.to_yaml)
-  rescue StandardError => e
-    pretty_handle_exception(e)
+    vendor_deps(path, o)
   end
 
   desc 'archive PATH', 'archive a profile to tar.gz (default) or zip'
@@ -211,7 +186,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
   option :command, aliases: :c,
     desc: 'A single command string to run instead of launching the shell'
   option :format, type: :string, default: nil, hide: true,
-    desc: 'Which formatter to use: cli, progress, documentation, json, json-min'
+    desc: 'Which formatter to use: cli, progress, documentation, json, json-min, junit'
   def shell_func
     diagnose
     o = opts.dup

data/lib/inspec/dependencies/lockfile.rb

@@ -15,14 +15,19 @@ module Inspec
       new(lockfile_content)
     end
 
-    def self.from_file(path)
-      parsed_content = YAML.load(File.read(path))
+    def self.from_content(content)
+      parsed_content = YAML.load(content)
       version = parsed_content['lockfile_version']
       fail "No lockfile_version set in #{path}!" if version.nil?
       validate_lockfile_version!(version.to_i)
       new(parsed_content)
     end
 
+    def self.from_file(path)
+      content = File.read(path)
+      from_content(content)
+    end
+
     def self.validate_lockfile_version!(version)
       if version < MINIMUM_SUPPORTED_VERSION
         fail <<EOF

data/lib/inspec/profile.rb

@@ -21,10 +21,9 @@ module Inspec
   class Profile # rubocop:disable Metrics/ClassLength
     extend Forwardable
 
-    def self.resolve_target(target, cache = nil)
-      c = cache || Cache.new
-      Inspec::Log.debug "Resolve #{target} into cache #{c.path}"
-      Inspec::CachedFetcher.new(target, cache || Cache.new)
+    def self.resolve_target(target, cache)
+      Inspec::Log.debug "Resolve #{target} into cache #{cache.path}"
+      Inspec::CachedFetcher.new(target, cache)
     end
 
     # Check if the profile contains a vendored cache, move content into global cache
@@ -65,11 +64,13 @@ module Inspec
     end
 
     def self.for_fetcher(fetcher, opts)
+      opts[:cache] = opts[:cache] || Cache.new
       path, writable = fetcher.fetch
       for_path(path, opts.merge(target: fetcher.target, writable: writable))
     end
 
     def self.for_target(target, opts = {})
+      opts[:cache] = opts[:cache] || Cache.new
       fetcher = resolve_target(target, opts[:cache])
       for_fetcher(fetcher, opts)
     end
@@ -205,7 +206,7 @@ module Inspec
       res
     end
 
-    # Check if the profile is internall well-structured. The logger will be
+    # Check if the profile is internally well-structured. The logger will be
     # used to print information on errors and warnings which are found.
     #
     # @return [Boolean] true if no errors were found, false otherwise
@@ -342,7 +343,7 @@ module Inspec
     end
 
     def lockfile_exists?
-      File.exist?(lockfile_path)
+      @source_reader.target.files.include?('inspec.lock')
     end
 
     def lockfile_path
@@ -360,7 +361,7 @@ module Inspec
 
     def lockfile
       @lockfile ||= if lockfile_exists?
-                      Inspec::Lockfile.from_file(lockfile_path)
+                      Inspec::Lockfile.from_content(@source_reader.target.read('inspec.lock'))
                     else
                       generate_lockfile
                     end

data/lib/inspec/rspec_json_formatter.rb

@@ -280,13 +280,7 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
   MULTI_TEST_CONTROL_SUMMARY_MAX_LEN = 60
 
   def initialize(*args)
-    @colors = COLORS
-    @indicators = INDICATORS
-
-    @format = '%color%indicator%id%summary'
     @current_control = nil
-    @current_profile = nil
-    @missing_controls = []
     @anonymous_tests = []
     @control_tests = []
     @profile_printed = false
@@ -294,12 +288,12 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
   end
 
   def close(_notification) # rubocop:disable Metrics/AbcSize
-    flush_current_control
+    flush_current_control(@current_control)
     output.puts('') unless @current_control.nil?
-    print_tests
+    print_tests(@anonymous_tests)
     output.puts('')
 
-    print_profiles_info if !@profile_printed
+    print_profiles_info(@current_control) if !@profile_printed
     controls_res = controls_summary
     tests_res = tests_summary
 
@@ -318,6 +312,31 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
 
   private
 
+  # Formats example; calls example2control, gets a 'status_type', and calls
+  # flush current_control; returns control data
+  def format_example(example)
+    data = super(example)
+    control = example2control(data, @profiles_info) || {}
+    control[:id] = data[:id]
+    control[:profile_id] = data[:profile_id]
+
+    data[:status_type] = status_type(data, control)
+    dump_one_example(data, control)
+
+    @current_control ||= control
+    if !control[:id].nil?
+      if @current_control[:id] != control[:id]
+        flush_current_control(@current_control)
+        @current_control = control
+      end
+    end
+
+    data
+  end
+
+  # Determines 'status_type' (critical, major, minor) of control given
+  # status (failed/passed/skipped) and impact value (0.0 - 1.0).
+  # Called from format_example, sets the 'status_type' for each 'example'
   def status_type(data, control)
     status = data[:status]
     return status if status != 'failed' || control[:impact].nil?
@@ -330,12 +349,45 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
     end
   end
 
-  def current_control_infos
+  # TODO: does a lot of stuff!
+  # Called from format_example and close
+  def flush_current_control(current_control)
+    return if current_control.nil?
+
+    profile = @profiles_info.find { |i| i[:id] == current_control[:profile_id] }
+    print_current_profile(profile) if !@profile_printed
+
+    fails, skips, passes, summary_indicator = current_control_infos(current_control)
+    summary = current_control_summary(fails, skips, current_control)
+
+    control_id = current_control[:id].to_s
+    control_id += ': '
+    if control_id.start_with? '(generated from '
+      @anonymous_tests.push(current_control)
+    else
+      @control_tests.push(current_control)
+      print_line(
+        color:      COLORS[summary_indicator] || '',
+        indicator:  INDICATORS[summary_indicator] || INDICATORS['unknown'],
+        summary:    format_lines(summary, INDICATORS['empty']),
+        id:         control_id,
+        profile:    current_control[:profile_id],
+      )
+
+      print_results(fails + skips + passes)
+    end
+  end
+
+  ############# Current control methods #############
+
+  # Takes current_control (called from flush_current_control) and returns
+  # fails, skips, passes.
+  def current_control_infos(current_control)
     summary_status = STATUS_TYPES['unknown']
     skips = []
     fails = []
     passes = []
-    @current_control[:results].each do |r|
+    current_control[:results].each do |r|
       i = STATUS_TYPES[r[:status_type]]
       summary_status = i if i > summary_status
       fails.push(r) if i > 0
@@ -345,9 +397,11 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
     [fails, skips, passes, STATUS_TYPES.key(summary_status)]
   end
 
-  def current_control_title
-    title = @current_control[:title]
-    res = @current_control[:results]
+  # Determine title for control given current_control.
+  # Called from current_control_summary.
+  def current_control_title(current_control)
+    title = current_control[:title]
+    res = current_control[:results]
     if title
       title
     elsif res.length == 1
@@ -368,9 +422,10 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
     end
   end
 
-  def current_control_summary(fails, skips)
-    title = current_control_title
-    res = @current_control[:results]
+  # Return summary of current_control, called from flush_current_control
+  def current_control_summary(fails, skips, current_control)
+    title = current_control_title(current_control)
+    res = current_control[:results]
     suffix =
       if res.length == 1
         # Single test - be nice and just print the exception message if the test
@@ -389,27 +444,34 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
     end
   end
 
+  ############# Print results and lines methods #############
+
+  # Formats the line (called from print_line)
   def format_line(fields)
-    @format.gsub(/%\w+/) do |x|
+    format = '%color%indicator%id%summary'
+    format.gsub(/%\w+/) do |x|
       term = x[1..-1]
       fields.key?(term.to_sym) ? fields[term.to_sym].to_s : x
-    end + @colors['reset']
+    end + COLORS['reset']
   end
 
+  # Prints line; used to print results
   def print_line(fields)
     output.puts(format_line(fields))
   end
 
+  # Helps formatting summary lines (called from within print_line arguments)
   def format_lines(lines, indentation)
     lines.gsub(/\n/, "\n" + indentation)
   end
 
+  # Sorts through results, calls print_line (called from flush_current_control)
   def print_results(all)
     all.each do |x|
       test_status = x[:status_type]
-      test_color = @colors[test_status]
-      indicator = @indicators[x[:status]]
-      indicator = @indicators['empty'] if indicator.nil?
+      test_color = COLORS[test_status]
+      indicator = INDICATORS[x[:status]]
+      indicator = INDICATORS['empty'] if indicator.nil?
       if x[:message]
         msg = x[:code_desc] + "\n" + x[:message]
       else
@@ -417,15 +479,16 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
       end
       print_line(
         color:      test_color,
-        indicator:  @indicators['small'] + indicator,
-        summary:    format_lines(msg, @indicators['empty']),
+        indicator:  INDICATORS['small'] + indicator,
+        summary:    format_lines(msg, INDICATORS['empty']),
         id: nil, profile: nil
       )
     end
   end
 
-  def print_tests # rubocop:disable Metrics/AbcSize
-    @anonymous_tests.each do |control|
+  # Prints anonymous describe blocks; called from close method
+  def print_tests(anonymous_tests) # rubocop:disable Metrics/AbcSize
+    anonymous_tests.each do |control|
       control_result = control[:results]
       title = control_result[0][:code_desc].split[0..1].join(' ')
       puts '  ' + title
@@ -443,9 +506,9 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
         end
         status_indicator = test[:status_type]
         print_line(
-          color:      @colors[status_indicator] || '',
-          indicator:  @indicators['small'] + @indicators[status_indicator] || @indicators['unknown'],
-          summary:    format_lines(test_result, @indicators['empty']),
+          color:      COLORS[status_indicator] || '',
+          indicator:  INDICATORS['small'] + INDICATORS[status_indicator] || INDICATORS['unknown'],
+          summary:    format_lines(test_result, INDICATORS['empty']),
           id:         control_id,
           profile:    control[:profile_id],
         )
@@ -453,57 +516,33 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
     end
   end
 
-  def flush_current_control
-    return if @current_control.nil?
-
-    @current_profile = @profiles_info.find { |i| i[:id] == @current_control[:profile_id] }
-    print_current_profile if !@profile_printed
-
-    fails, skips, passes, summary_indicator = current_control_infos
-    summary = current_control_summary(fails, skips)
-
-    control_id = @current_control[:id].to_s
-    control_id += ': '
-    if control_id.start_with? '(generated from '
-      @anonymous_tests.push(@current_control)
-    else
-      @control_tests.push(@current_control)
-      print_line(
-        color:      @colors[summary_indicator] || '',
-        indicator:  @indicators[summary_indicator] || @indicators['unknown'],
-        summary:    format_lines(summary, @indicators['empty']),
-        id:         control_id,
-        profile:    @current_control[:profile_id],
-      )
-
-      print_results(fails + skips + passes)
-    end
-  end
+  ############# Print profile info methods #############
 
-  def print_target(before, after)
+  # Prints target information; called from print_current_profile
+  def print_target
     return if @backend.nil?
     connection = @backend.backend
     return unless connection.respond_to?(:uri)
-    output.puts(before + connection.uri + after)
+    output.puts('Target:  ' + connection.uri + "\n\n")
   end
 
-  def print_profiles_info
+  # Prints blank info is no current_control is defined
+  # Called from print_current_profile and close
+  def print_profiles_info(current_control)
     @profiles_info.each do |profile|
       next if profile[:already_printed]
-      @current_profile = profile
-      next unless print_current_profile
+      next unless print_current_profile(profile)
       print_line(
-        color: '', indicator: @indicators['empty'], id: '', profile: '',
+        color: '', indicator: INDICATORS['empty'], id: '', profile: '',
         summary: 'No tests executed.'
-      ) if @current_control.nil?
+      ) if current_control.nil?
       output.puts('')
     end
   end
 
-  def print_current_profile
-    profile = @current_profile
+  def print_current_profile(profile)
     if profile.nil?
-      print_profiles_info
+      print_profiles_info(@current_control)
       @profile_printed = true
       return true
     end
@@ -511,7 +550,7 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
     profile[:already_printed] = true
 
     if profile[:name].nil?
-      print_target('Target:  ', "\n\n")
+      print_target
       @profile_printed = true
       return true
     end
@@ -523,31 +562,10 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
     end
 
     output.puts 'Version: ' + (profile[:version] || 'unknown')
-    print_target('Target:  ', "\n")
-    output.puts
+    print_target
     @profile_printed = true
     true
   end
-
-  def format_example(example)
-    data = super(example)
-    control = example2control(data, @profiles_info) || {}
-    control[:id] = data[:id]
-    control[:profile_id] = data[:profile_id]
-
-    data[:status_type] = status_type(data, control)
-    dump_one_example(data, control)
-
-    @current_control ||= control
-    if control[:id].nil?
-      @missing_controls.push(data)
-    elsif @current_control[:id] != control[:id]
-      flush_current_control
-      @current_control = control
-    end
-
-    data
-  end
 end
 
 class InspecRspecJUnit < RSpecJUnitFormatter

data/lib/inspec/version.rb

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '1.6.0'.freeze
+  VERSION = '1.7.0'.freeze
 end

data/lib/resources/processes.rb

@@ -21,9 +21,10 @@ module Inspec::Resources
                 :states
 
     def initialize(grep)
+      @grep = grep
       # turn into a regexp if it isn't one yet
       if grep.class == String
-        grep = '(/[^/]*)*'+grep if grep[0] != '/'
+        grep = '(/[^/]*)*' + grep if grep[0] != '/'
         grep = Regexp.new('^' + grep + '(\s|$)')
       end
       all_cmds = ps_axo
@@ -38,7 +39,7 @@ module Inspec::Resources
     end
 
     def to_s
-      'Processes'
+      "Processes #{@grep.class == String ? @grep : @grep.inspect}"
     end
 
     private
@@ -48,7 +49,7 @@ module Inspec::Resources
 
       if os.linux?
         command = 'ps axo label,pid,pcpu,pmem,vsz,rss,tty,stat,start,time,user:32,command'
-        regex = /^([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+(.*)$/
+        regex = /^([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+(\w{3} \d{2}|\d{2}:\d{2}:\d{2})\s+([^ ]+)\s+([^ ]+)\s+(.*)$/
       else
         command = 'ps axo pid,pcpu,pmem,vsz,rss,tty,stat,start,time,user,command'
         regex = /^\s*([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+(.*)$/

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 1.6.0
+  version: 1.7.0
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-11-28 00:00:00.000000000 Z
+date: 2016-12-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train