inspec 2.3.5 → 2.3.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2563861cf6fc6a68aa706c45b9eee94b2843429fd4bd49d84f9dd1dcf0ddde4e
-  data.tar.gz: bef95a1410a887e15ce6fc22bf4a38c7cbfcde3507f2f969a99dc740a9601355
+  metadata.gz: d261f57b62c68d93b2eae0ac5638f4a629bb79957706cc69076c104cf48275a2
+  data.tar.gz: 3e56e8f8d99b7ffccd9cd3e2987728c81515170e78d0f00edd088cda80f606ab
 SHA512:
-  metadata.gz: 5cef35305f5ad3894b168efb7c2d502dd1d8ef3923ee01fe43aa3ac7d4b5aa8e86ebfc5562d230f1f35c6756423f9f7b1d6ffa45e0b3bf19f110244411c8f380
-  data.tar.gz: 484850ebb63fd31e554ec52f29b07d86ee543e35fabc9c36cce9cfc67d470499c14475dab199476af6a6a82c68a03ca1634ab63a08bf1b641708e9e578eda71b
+  metadata.gz: 6ad6c74ff0b50cc206aa2611aa0230aeaafbbb62cdeba18044437f2d482ccf3392d07b6cb8d1b2fadb5b6634a7cb2502808cd11f1de387158b6db981f2fac8ef
+  data.tar.gz: ee8921329a5652a91cce8a7d9720da31be2a2aae5b50af909a7f073ae1296177c8060f0ca3650eaf63b12f873fc59413e92b52c9d5221bc92cbdb3dc200018e9

data/CHANGELOG.md

@@ -1,20 +1,34 @@
 # Change Log
 <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
-<!-- latest_release 2.3.5 -->
-## [v2.3.5](https://github.com/inspec/inspec/tree/v2.3.5) (2018-09-28)
+<!-- latest_release 2.3.10 -->
+## [v2.3.10](https://github.com/inspec/inspec/tree/v2.3.10) (2018-10-04)
 
-#### Bug Fixes
-- Update plugin gem install code [#3453](https://github.com/inspec/inspec/pull/3453) ([jquick](https://github.com/jquick))
+#### Enhancements
+- Move compliance to v2 plugin  [#3423](https://github.com/inspec/inspec/pull/3423) ([jquick](https://github.com/jquick))
 <!-- latest_release -->
 
-<!-- release_rollup since=2.3.4 -->
-### Changes since 2.3.4 release
+<!-- release_rollup since=2.3.5 -->
+### Changes since 2.3.5 release
 
 #### Bug Fixes
-- Update plugin gem install code [#3453](https://github.com/inspec/inspec/pull/3453) ([jquick](https://github.com/jquick)) <!-- 2.3.5 -->
+- Fix distinct_exit cli desc to reflect reality [#3463](https://github.com/inspec/inspec/pull/3463) ([teknofire](https://github.com/teknofire)) <!-- 2.3.8 -->
+
+#### Merged Pull Requests
+- Fix `attribute` with empty hash regression [#3454](https://github.com/inspec/inspec/pull/3454) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.3.7 -->
+
+#### Enhancements
+- Move compliance to v2 plugin  [#3423](https://github.com/inspec/inspec/pull/3423) ([jquick](https://github.com/jquick)) <!-- 2.3.10 -->
+- Support finding larger processes on Busybox [#3446](https://github.com/inspec/inspec/pull/3446) ([RoboticCheese](https://github.com/RoboticCheese)) <!-- 2.3.9 -->
+- Modify `cmp` matcher output to use `.inspect` [#3450](https://github.com/inspec/inspec/pull/3450) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.3.6 -->
 <!-- release_rollup -->
 
 <!-- latest_stable_release -->
+## [v2.3.5](https://github.com/inspec/inspec/tree/v2.3.5) (2018-10-01)
+
+#### Bug Fixes
+- Update plugin gem install code [#3453](https://github.com/inspec/inspec/pull/3453) ([jquick](https://github.com/jquick))
+<!-- latest_stable_release -->
+
 ## [v2.3.4](https://github.com/inspec/inspec/tree/v2.3.4) (2018-09-28)
 
 #### New Features
@@ -37,7 +51,6 @@
 - RFC inspec style guide [#3356](https://github.com/inspec/inspec/pull/3356) ([arlimus](https://github.com/arlimus))
 - Pin postgresql to a lower cookbook version [#3449](https://github.com/inspec/inspec/pull/3449) ([jquick](https://github.com/jquick))
 - Plugins: Example CLI Plugin, a Resource Lister [#3421](https://github.com/inspec/inspec/pull/3421) ([clintoncwolfe](https://github.com/clintoncwolfe))
-<!-- latest_stable_release -->
 
 ## [v2.2.112](https://github.com/inspec/inspec/tree/v2.2.112) (2018-09-19)
 

data/Rakefile

@@ -58,7 +58,7 @@ Rake::TestTask.new do |t|
     'test/unit/**/*_test.rb',
     'lib/plugins/inspec-*/test/unit/**/*_test.rb',
   ])
-  t.warning = true
+  t.warning = false
   t.verbose = true
   t.ruby_opts = ['--dev'] if defined?(JRUBY_VERSION)
 end
@@ -91,7 +91,6 @@ namespace :test do
       'test/functional/inspec_exec_json_test.rb',
       'test/functional/inspec_detect_test.rb',
       'test/functional/inspec_vendor_test.rb',
-      'test/functional/inspec_compliance_test.rb',
       'test/functional/inspec_check_test.rb',
       'test/functional/filter_table_test.rb',
     ]

data/lib/bundles/inspec-compliance/api.rb

@@ -1,354 +1,4 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
+# This file has been moved to the v2.0 plugins. This redirect allows for legacy use.
+# TODO: Remove in inspec 4.0
 
-require 'net/http'
-require 'uri'
-require 'json'
-
-require_relative 'api/login'
-
-module Compliance
-  class ServerConfigurationMissing < StandardError; end
-
-  # API Implementation does not hold any state by itself,
-  # everything will be stored in local Configuration store
-  class API
-    extend Compliance::API::Login
-
-    # return all compliance profiles available for the user
-    # the user is either specified in the options hash or by default
-    # the username of the account is used that is logged in
-    def self.profiles(config, profile_filter = nil) # rubocop:disable PerceivedComplexity, Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/MethodLength
-      owner = config['owner'] || config['user']
-
-      # Chef Compliance
-      if is_compliance_server?(config)
-        url = "#{config['server']}/user/compliance"
-      # Chef Automate2
-      elsif is_automate2_server?(config)
-        url = "#{config['server']}/compliance/profiles/search"
-      # Chef Automate
-      elsif is_automate_server?(config)
-        url = "#{config['server']}/profiles/#{owner}"
-      else
-        raise ServerConfigurationMissing
-      end
-
-      headers = get_headers(config)
-      if profile_filter
-        _owner, id, ver = profile_split(profile_filter)
-      else
-        id, ver = nil
-      end
-
-      if is_automate2_server?(config)
-        body = { owner: owner, name: id }.to_json
-        response = Compliance::HTTP.post_with_headers(url, headers, body, config['insecure'])
-      else
-        response = Compliance::HTTP.get(url, headers, config['insecure'])
-      end
-      data = response.body
-      response_code = response.code
-      case response_code
-      when '200'
-        msg = 'success'
-        profiles = JSON.parse(data)
-        # iterate over profiles
-        if is_compliance_server?(config)
-          mapped_profiles = []
-          profiles.values.each { |org|
-            mapped_profiles += org.values
-          }
-        # Chef Automate pre 0.8.0
-        elsif is_automate_server_pre_080?(config)
-          mapped_profiles = profiles.values.flatten
-        elsif is_automate2_server?(config)
-          mapped_profiles = []
-          profiles['profiles'].each { |p|
-            mapped_profiles << p
-          }
-        else
-          mapped_profiles = profiles.map { |e|
-            e['owner_id'] = owner
-            e
-          }
-        end
-        # filter by name and version if they were specified in profile_filter
-        mapped_profiles.select! do |p|
-          (!ver || p['version'] == ver) && (!id || p['name'] == id)
-        end
-        return msg, mapped_profiles
-      when '401'
-        msg = '401 Unauthorized. Please check your token.'
-        return msg, []
-      else
-        msg = "An unexpected error occurred (HTTP #{response_code}): #{response.message}"
-        return msg, []
-      end
-    end
-
-    # return the server api version
-    # NB this method does not use Compliance::Configuration to allow for using
-    # it before we know the version (e.g. oidc or not)
-    def self.version(config)
-      url = config['server']
-      insecure = config['insecure']
-
-      raise ServerConfigurationMissing if url.nil?
-
-      headers = get_headers(config)
-      response = Compliance::HTTP.get(url+'/version', headers, insecure)
-      return {} if response.code == '404'
-
-      data = response.body
-      return {} if data.nil? || data.empty?
-
-      parsed = JSON.parse(data)
-      return {} unless parsed.key?('version') && !parsed['version'].empty?
-
-      parsed
-    end
-
-    # verifies that a profile exists
-    def self.exist?(config, profile)
-      _msg, profiles = Compliance::API.profiles(config, profile)
-      !profiles.empty?
-    end
-
-    def self.upload(config, owner, profile_name, archive_path)
-      # Chef Compliance
-      if is_compliance_server?(config)
-        url = "#{config['server']}/owners/#{owner}/compliance/#{profile_name}/tar"
-      # Chef Automate pre 0.8.0
-      elsif is_automate_server_pre_080?(config)
-        url = "#{config['server']}/#{owner}"
-      elsif is_automate2_server?(config)
-        url = "#{config['server']}/compliance/profiles?owner=#{owner}"
-      # Chef Automate
-      else
-        url = "#{config['server']}/profiles/#{owner}"
-      end
-
-      headers = get_headers(config)
-      if is_automate2_server?(config)
-        res = Compliance::HTTP.post_multipart_file(url, headers, archive_path, config['insecure'])
-      else
-        res = Compliance::HTTP.post_file(url, headers, archive_path, config['insecure'])
-      end
-
-      [res.is_a?(Net::HTTPSuccess), res.body]
-    end
-
-    # Use username and refresh_token to get an API access token
-    def self.get_token_via_refresh_token(url, refresh_token, insecure)
-      uri = URI.parse("#{url}/login")
-      req = Net::HTTP::Post.new(uri.path)
-      req.body = { token: refresh_token }.to_json
-      access_token = nil
-      response = Compliance::HTTP.send_request(uri, req, insecure)
-      data = response.body
-      if response.code == '200'
-        begin
-          tokendata = JSON.parse(data)
-          access_token = tokendata['access_token']
-          msg = 'Successfully fetched API access token'
-          success = true
-        rescue JSON::ParserError => e
-          success = false
-          msg = e.message
-        end
-      else
-        success = false
-        msg = "Failed to authenticate to #{url} \n\
-  Response code: #{response.code}\n  Body: #{response.body}"
-      end
-
-      [success, msg, access_token]
-    end
-
-    # Use username and password to get an API access token
-    def self.get_token_via_password(url, username, password, insecure)
-      uri = URI.parse("#{url}/login")
-      req = Net::HTTP::Post.new(uri.path)
-      req.body = { userid: username, password: password }.to_json
-      access_token = nil
-      response = Compliance::HTTP.send_request(uri, req, insecure)
-      data = response.body
-      if response.code == '200'
-        access_token = data
-        msg = 'Successfully fetched an API access token valid for 12 hours'
-        success = true
-      else
-        success = false
-        msg = "Failed to authenticate to #{url} \n\
-  Response code: #{response.code}\n  Body: #{response.body}"
-      end
-
-      [success, msg, access_token]
-    end
-
-    def self.get_headers(config)
-      token = get_token(config)
-      if is_automate_server?(config) || is_automate2_server?(config)
-        headers = { 'chef-delivery-enterprise' => config['automate']['ent'] }
-        if config['automate']['token_type'] == 'dctoken'
-          headers['x-data-collector-token'] = token
-        else
-          headers['chef-delivery-user'] = config['user']
-          headers['chef-delivery-token'] = token
-        end
-      else
-        headers = { 'Authorization' => "Bearer #{token}" }
-      end
-      headers
-    end
-
-    def self.get_token(config)
-      return config['token'] unless config['refresh_token']
-      _success, _msg, token = get_token_via_refresh_token(config['server'], config['refresh_token'], config['insecure'])
-      token
-    end
-
-    def self.target_url(config, profile)
-      owner, id, ver = profile_split(profile)
-
-      return "#{config['server']}/compliance/profiles/tar" if is_automate2_server?(config)
-      return "#{config['server']}/owners/#{owner}/compliance/#{id}/tar" unless is_automate_server?(config)
-
-      if ver.nil?
-        "#{config['server']}/profiles/#{owner}/#{id}/tar"
-      else
-        "#{config['server']}/profiles/#{owner}/#{id}/version/#{ver}/tar"
-      end
-    end
-
-    def self.profile_split(profile)
-      owner, id = profile.split('/')
-      id, version = id.split('#')
-      [owner, id, version]
-    end
-
-    # returns a parsed url for `admin/profile` or `compliance://admin/profile`
-    def self.sanitize_profile_name(profile)
-      if URI(profile).scheme == 'compliance'
-        uri = URI(profile)
-      else
-        uri = URI("compliance://#{profile}")
-      end
-      uri.to_s.sub(%r{^compliance:\/\/}, '')
-    end
-
-    def self.is_compliance_server?(config)
-      config['server_type'] == 'compliance'
-    end
-
-    def self.is_automate_server_pre_080?(config)
-      # Automate versions before 0.8.x do not have a valid version in the config
-      return false unless config['server_type'] == 'automate'
-      server_version_from_config(config).nil?
-    end
-
-    def self.is_automate_server_080_and_later?(config)
-      # Automate versions 0.8.x and later will have a "version" key in the config
-      # that is properly parsed out via server_version_from_config below
-      return false unless config['server_type'] == 'automate'
-      !server_version_from_config(config).nil?
-    end
-
-    def self.is_automate2_server?(config)
-      config['server_type'] == 'automate2'
-    end
-
-    def self.is_automate_server?(config)
-      config['server_type'] == 'automate'
-    end
-
-    def self.server_version_from_config(config)
-      # Automate versions 0.8.x and later will have a "version" key in the config
-      # that looks like: "version":{"api":"compliance","version":"0.8.24"}
-      return nil unless config.key?('version')
-      return nil unless config['version'].is_a?(Hash)
-      config['version']['version']
-    end
-
-    def self.determine_server_type(url, insecure)
-      if target_is_automate2_server?(url, insecure)
-        :automate2
-      elsif target_is_automate_server?(url, insecure)
-        :automate
-      elsif target_is_compliance_server?(url, insecure)
-        :compliance
-      else
-        Inspec::Log.debug('Could not determine server type using known endpoints')
-        nil
-      end
-    end
-
-    def self.target_is_automate2_server?(url, insecure)
-      automate_endpoint = '/dex/auth'
-      response = Compliance::HTTP.get(url + automate_endpoint, nil, insecure)
-      if response.code == '400'
-        Inspec::Log.debug(
-          "Received 400 from #{url}#{automate_endpoint} - " \
-          'assuming target is a Chef Automate2 instance',
-        )
-        true
-      else
-        false
-      end
-    end
-
-    def self.target_is_automate_server?(url, insecure)
-      automate_endpoint = '/compliance/version'
-      response = Compliance::HTTP.get(url + automate_endpoint, nil, insecure)
-      case response.code
-      when '401'
-        Inspec::Log.debug(
-          "Received 401 from #{url}#{automate_endpoint} - " \
-          'assuming target is a Chef Automate instance',
-        )
-        true
-      when '200'
-        # Chef Automate currently returns 401 for `/compliance/version` but some
-        # versions of OpsWorks Chef Automate return 200 and a Chef Manage page
-        # when unauthenticated requests are received.
-        if response.body.include?('Are You Looking For the Chef Server?')
-          Inspec::Log.debug(
-            "Received 200 from #{url}#{automate_endpoint} - " \
-            'assuming target is an OpsWorks Chef Automate instance',
-          )
-          true
-        else
-          Inspec::Log.debug(
-            "Received 200 from #{url}#{automate_endpoint} " \
-            'but did not receive the Chef Manage page - ' \
-            'assuming target is not a Chef Automate instance',
-          )
-          false
-        end
-      else
-        Inspec::Log.debug(
-          "Received unexpected status code #{response.code} " \
-          "from #{url}#{automate_endpoint} - " \
-          'assuming target is not a Chef Automate instance',
-        )
-        false
-      end
-    end
-
-    def self.target_is_compliance_server?(url, insecure)
-      # All versions of Chef Compliance return 200 for `/api/version`
-      compliance_endpoint = '/api/version'
-
-      response = Compliance::HTTP.get(url + compliance_endpoint, nil, insecure)
-      return false unless response.code == '200'
-
-      Inspec::Log.debug(
-        "Received 200 from #{url}#{compliance_endpoint} - " \
-        'assuming target is a Compliance server',
-      )
-      true
-    end
-  end
-end
+require 'plugins/inspec-compliance/lib/inspec-compliance/api'

data/lib/bundles/inspec-compliance/configuration.rb

@@ -1,103 +1,4 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
+# This file has been moved to the v2.0 plugins. This redirect allows for legacy use.
+# TODO: Remove in inspec 4.0
 
-module Compliance
-  # stores configuration on local filesystem
-  class Configuration
-    def initialize
-      @config_path = File.join(Dir.home, '.inspec', 'compliance')
-      # ensure the directory is available
-      unless File.directory?(@config_path)
-        FileUtils.mkdir_p(@config_path)
-      end
-      # set config file path
-      @config_file = File.join(@config_path, '/config.json')
-      @config = {}
-
-      # load the data
-      get
-    end
-
-    # direct access to config
-    def [](key)
-      @config[key]
-    end
-
-    def []=(key, value)
-      @config[key] = value
-    end
-
-    def key?(key)
-      @config.key?(key)
-    end
-
-    def clean
-      @config = {}
-    end
-
-    # return the json data
-    def get
-      if File.exist?(@config_file)
-        file = File.read(@config_file)
-        @config = JSON.parse(file)
-      end
-      @config
-    end
-
-    # stores a hash to json
-    def store
-      File.open(@config_file, 'w') do |f|
-        f.chmod(0600)
-        f.write(@config.to_json)
-      end
-    end
-
-    # deletes data
-    def destroy
-      if File.exist?(@config_file)
-        File.delete(@config_file)
-      else
-        true
-      end
-    end
-
-    # return if the (stored) api version does not support a certain feature
-    def supported?(feature)
-      sup = version_with_support(feature)
-
-      # we do not know the version, therefore we do not know if its possible to use the feature
-      return if self['version'].nil? || self['version']['version'].nil?
-
-      if sup.is_a?(Array)
-        Gem::Version.new(self['version']['version']) >= sup[0] &&
-          Gem::Version.new(self['version']['version']) < sup[1]
-      else
-        Gem::Version.new(self['version']['version']) >= sup
-      end
-    end
-
-    # exit 1 if the version of compliance that we're working with doesn't support odic
-    def legacy_check!(feature)
-      return if supported?(feature)
-
-      puts "This feature (#{feature}) is not available for legacy installations."
-      puts 'Please upgrade to a recent version of Chef Compliance.'
-      exit 1
-    end
-
-    private
-
-    # for a feature, returns either:
-    #  - a version v0:                      v supports v0       iff v0 <= v
-    #  - an array [v0, v1] of two versions: v supports [v0, v1] iff v0 <= v < v1
-    def version_with_support(feature)
-      case feature.to_sym
-      when :oidc
-        Gem::Version.new('0.16.19')
-      else
-        Gem::Version.new('0.0.0')
-      end
-    end
-  end
-end
+require 'plugins/inspec-compliance/lib/inspec-compliance/configuration'