inspec 3.0.52 → 3.0.61

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c5971c1dc6baf84c252d7f662178f0759a78b470b748c11aa303c2fb52c0de01
-  data.tar.gz: 04164f7e8bf06371813f01126c1cebc86bd90bd282d168d978ca06317530458d
+  metadata.gz: 86ef35666565e8d57ca2acb1cfe50db549911f47e24353c9cedbec221263d7b9
+  data.tar.gz: d7be319f163e120f5b707b6d06bf2f81bf973c34b6372e411f8856f4191e6419
 SHA512:
-  metadata.gz: 1b252d1733f366b92f0e996413fe38166d69f30f02a23762d34fed9de10d1f2ad25ac9cb1395294e49aa9d16d2b61f10924dd1e5a23c5a9e69ad913deeebae85
-  data.tar.gz: 137e9b3594c8245c5171dc5c6ae88ae9d00114d5a362c6a420c316e2856b6568fbc591ffeb8eca2df9db915ebeef0e0796cdae734cf3030bb6f5cf7d8a6b1ac7
+  metadata.gz: 19b0706c8586860e8c6d05fb692389339f073ae77976ddb44eae8e3f0b3e5907a1eaccec8467fcae6fb1d3303df0b9ed0e655b4277dc999e6646a3e459052533
+  data.tar.gz: 3e32a292b04daebdd2ac1bc167fd575e2924a6be93f9e136cb021ce026a2a2219ce16c69ff29f31b38a4a6529035b4df91d603e8a264f9decfc3eed11d001d4a

data/CHANGELOG.md

@@ -1,27 +1,47 @@
 # Change Log
 <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
-<!-- latest_release 3.0.52 -->
-## [v3.0.52](https://github.com/inspec/inspec/tree/v3.0.52) (2018-11-15)
+<!-- latest_release 3.0.61 -->
+## [v3.0.61](https://github.com/inspec/inspec/tree/v3.0.61) (2018-11-29)
 
-#### Merged Pull Requests
-- Load the compliance plugin when the fetcher is needed [#3609](https://github.com/inspec/inspec/pull/3609) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
+#### New Features
+- Plugin Type: DSLs [#3557](https://github.com/inspec/inspec/pull/3557) ([clintoncwolfe](https://github.com/clintoncwolfe))
 <!-- latest_release -->
 
-<!-- release_rollup since=3.0.46 -->
-### Changes since 3.0.46 release
+<!-- release_rollup since=3.0.52 -->
+### Changes since 3.0.52 release
 
-#### Merged Pull Requests
-- Load the compliance plugin when the fetcher is needed [#3609](https://github.com/inspec/inspec/pull/3609) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 3.0.52 -->
+#### New Features
+- Plugin Type: DSLs [#3557](https://github.com/inspec/inspec/pull/3557) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 3.0.61 -->
 
 #### Bug Fixes
-- Adds protection against zipslip vulnerability [#3604](https://github.com/inspec/inspec/pull/3604) ([hdost](https://github.com/hdost)) <!-- 3.0.51 -->
+- package: fix package detection on windows [#3607](https://github.com/inspec/inspec/pull/3607) ([mhackethal](https://github.com/mhackethal)) <!-- 3.0.58 -->
+- www: remove jquery sticky on the sidebar [#3623](https://github.com/inspec/inspec/pull/3623) ([arlimus](https://github.com/arlimus)) <!-- 3.0.57 -->
 
 #### Enhancements
-- Adding --no-pager to service checks [#3592](https://github.com/inspec/inspec/pull/3592) ([fernandoalex](https://github.com/fernandoalex)) <!-- 3.0.50 -->
-- aws_security_group: Query against other security group ids in allow_* matchers [#3576](https://github.com/inspec/inspec/pull/3576) ([j00p34](https://github.com/j00p34)) <!-- 3.0.49 -->
+- filesystem: improve Windows support [#3606](https://github.com/inspec/inspec/pull/3606) ([mhackethal](https://github.com/mhackethal)) <!-- 3.0.56 -->
+
+#### Merged Pull Requests
+- Add SQLcl to Oracledb_session Doc [#3632](https://github.com/inspec/inspec/pull/3632) ([ibsavage](https://github.com/ibsavage)) <!-- 3.0.60 -->
+- lc/add-aws-platform-template [#3622](https://github.com/inspec/inspec/pull/3622) ([Caprowni](https://github.com/Caprowni)) <!-- 3.0.59 -->
+- Revert setting RSpec expectation syntax to &#39;should&#39; mode [#3620](https://github.com/inspec/inspec/pull/3620) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 3.0.55 -->
+- Improvements to the functional helper run_inspec_process [#3603](https://github.com/inspec/inspec/pull/3603) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 3.0.54 -->
+- Create a class to handle the plugins.json file [#3575](https://github.com/inspec/inspec/pull/3575) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 3.0.53 -->
 <!-- release_rollup -->
 
 <!-- latest_stable_release -->
+## [v3.0.52](https://github.com/inspec/inspec/tree/v3.0.52) (2018-11-15)
+
+#### Enhancements
+- aws_security_group: Query against other security group ids in allow_* matchers [#3576](https://github.com/inspec/inspec/pull/3576) ([j00p34](https://github.com/j00p34))
+- Adding --no-pager to service checks [#3592](https://github.com/inspec/inspec/pull/3592) ([fernandoalex](https://github.com/fernandoalex))
+
+#### Bug Fixes
+- Adds protection against zipslip vulnerability [#3604](https://github.com/inspec/inspec/pull/3604) ([hdost](https://github.com/hdost))
+
+#### Merged Pull Requests
+- Load the compliance plugin when the fetcher is needed [#3609](https://github.com/inspec/inspec/pull/3609) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
+<!-- latest_stable_release -->
+
 ## [v3.0.46](https://github.com/inspec/inspec/tree/v3.0.46) (2018-11-08)
 
 #### New Features
@@ -42,7 +62,6 @@
 - Fix functional tests issues with vendoring [#3572](https://github.com/inspec/inspec/pull/3572) ([jquick](https://github.com/jquick))
 - Fixes (some) ruby warnings related to functional tests [#3561](https://github.com/inspec/inspec/pull/3561) ([TheLonelyGhost](https://github.com/TheLonelyGhost))
 - Fixes broken link in documentation [#3588](https://github.com/inspec/inspec/pull/3588) ([dmccown](https://github.com/dmccown))
-<!-- latest_stable_release -->
 
 ## [v3.0.25](https://github.com/inspec/inspec/tree/v3.0.25) (2018-11-01)
 

data/lib/inspec/control_eval_context.rb

@@ -29,6 +29,32 @@ module Inspec
         define_method :attribute do |name|
           Inspec::AttributeRegistry.find_attribute(name, profile_id).value
         end
+
+        # Support for Control DSL plugins.
+        # This is called when an unknown method is encountered
+        # within a control block.
+        def method_missing(method_name, *arguments, &block)
+          # Check to see if there is a control_dsl plugin activator hook with the method name
+          registry = Inspec::Plugin::V2::Registry.instance
+          hook = registry.find_activators(plugin_type: :control_dsl, activator_name: method_name).first
+          if hook
+            # OK, load the hook if it hasn't been already.  We'll then know a module,
+            # which we can then inject into the context
+            registry.activate(:control_dsl, method_name) unless hook.activated?
+            # Inject the module's methods into the context.
+            # implementation_class is the field name, but this is actually a module.
+            self.class.include(hook.implementation_class)
+            # Now that the module is loaded, it defined one or more methods
+            # (presumably the one we were looking for.)
+            # We still haven't called it, so do so now.
+            send(method_name, *arguments, &block)
+          else
+            # If we couldn't find a plugin to match, maybe something up above has it,
+            # or maybe it is just a unknown method error.
+            super
+          end
+        end
+
       end
     end
 
@@ -44,7 +70,6 @@ module Inspec
       profile_context_owner = profile_context
       profile_id = profile_context.profile_id
       rule_class = rule_context(resources_dsl, profile_id)
-
       Class.new do # rubocop:disable Metrics/BlockLength
         include Inspec::DSL
         include Inspec::DSL::RequireOverride

data/lib/inspec/dsl.rb

@@ -27,6 +27,29 @@ module Inspec::DSL
     add_resource(target_name, res)
   end
 
+  # Support for Outer Profile DSL plugins
+  # This is called when an unknown method is encountered
+  # "bare" in a control file - outside of a control or describe block.
+  def method_missing(method_name, *arguments, &block)
+    # Check to see if there is a outer_profile_dsl plugin activator hook with the method name
+    registry = Inspec::Plugin::V2::Registry.instance
+    hook = registry.find_activators(plugin_type: :outer_profile_dsl, activator_name: method_name).first
+    if hook
+      # OK, load the hook if it hasn't been already.  We'll then know a module,
+      # which we can then inject into the context
+      registry.activate(:outer_profile_dsl, method_name) unless hook.activated?
+      # Inject the module's methods into the context
+      # implementation_class is the field name, but this is actually a module.
+      self.class.include(hook.implementation_class)
+      # Now that the module is loaded, it defined one or more methods
+      # (presumably the one we were looking for.)
+      # We still haven't called it, so do so now.
+      send(method_name, *arguments, &block)
+    else
+      super
+    end
+  end
+
   def self.load_spec_files_for_profile(bind_context, opts, &block)
     dependencies = opts[:dependencies]
     profile_id = opts[:profile_id]

data/lib/inspec/plugin/v1/plugin_types/resource.rb

@@ -39,6 +39,34 @@ module Inspec
       __resource_registry[@name].example(example)
     end
 
+    # Support for Resource DSL plugins.
+    # This is called when an unknown method is encountered
+    # within a resource class definition.
+    # Even tho this is defined as an instance method, it gets added to
+    # Inspec::Plugins::Resource via `extend`, so this is actually a class defintion.
+    def method_missing(method_name, *arguments, &block)
+      require 'inspec/plugin/v2'
+      # Check to see if there is a resource_dsl plugin activator hook with the method name
+      registry = Inspec::Plugin::V2::Registry.instance
+      hook = registry.find_activators(plugin_type: :resource_dsl, activator_name: method_name).first
+      if hook
+        # OK, load the hook if it hasn't been already.  We'll then know a module,
+        # which we can then inject into the resource
+        registry.activate(:resource_dsl, method_name) unless hook.activated?
+        # Inject the module's methods into the resource as class methods.
+        # implementation_class is the field name, but this is actually a module.
+        extend(hook.implementation_class)
+        # Now that the module is loaded, it defined one or more methods
+        # (presumably the one we were looking for.)
+        # We still haven't called it, so do so now.
+        send(method_name, *arguments, &block)
+      else
+        # If we couldn't find a plugin to match, maybe something up above has it,
+        # or maybe it is just a unknown method error.
+        super
+      end
+    end
+
     def __resource_registry
       Inspec::Resource.registry
     end

data/lib/inspec/plugin/v2.rb

@@ -24,6 +24,7 @@ module Inspec
 end
 
 require 'inspec/globals'
+require 'inspec/plugin/v2/config_file'
 require 'inspec/plugin/v2/registry'
 require 'inspec/plugin/v2/loader'
 require 'inspec/plugin/v2/plugin_base'

data/lib/inspec/plugin/v2/config_file.rb

@@ -0,0 +1,148 @@
+require 'json'
+
+module Inspec::Plugin::V2
+  # Represents the plugin config file on disk.
+  class ConfigFile
+    include Enumerable
+
+    attr_reader :path
+
+    def initialize(path = nil)
+      @path = path || self.class.default_path
+      @data = blank_structure
+
+      read_and_validate_file if File.exist?(@path)
+    end
+
+    # Returns the defaut path for a config file.
+    # This respects ENV['INSPEC_CONFIG_DIR'].
+    def self.default_path
+      File.join(Inspec.config_dir, 'plugins.json')
+    end
+
+    # Implement Enumerable. All Enumerable methds act
+    # on the plugins list, and yield Hashes that represent
+    # an entry.
+    def each(&block)
+      @data[:plugins].each(&block)
+    end
+
+    # Look for a plugin by name.
+    def plugin_by_name(name)
+      detect { |entry| entry[:name] == name.to_sym }
+    end
+
+    # Check for a plugin
+    def existing_entry?(name)
+      !plugin_by_name(name).nil?
+    end
+
+    # Add an entry with full validation.
+    def add_entry(proposed_entry)
+      unless proposed_entry.keys.all? { |field| field.is_a? Symbol }
+        raise Inspec::Plugin::V2::ConfigError, 'All keys to ConfigFile#add_entry must be symbols'
+      end
+
+      validate_entry(proposed_entry)
+
+      if existing_entry?(proposed_entry[:name])
+        raise Inspec::Plugin::V2::ConfigError, "Duplicate plugin name in call to ConfigFile#add_entry: '#{proposed_entry[:name]}'"
+      end
+
+      @data[:plugins] << proposed_entry
+    end
+
+    # Removes an entry specified by plugin name.
+    def remove_entry(name)
+      unless existing_entry?(name)
+        raise Inspec::Plugin::V2::ConfigError, "No such entry with plugin name '#{name}'"
+      end
+      @data[:plugins].delete_if { |entry| entry[:name] == name.to_sym }
+    end
+
+    # Save the file to disk as a JSON structure at the path.
+    def save
+      dir = File.dirname(path)
+      FileUtils.mkdir_p(dir)
+      File.write(path, JSON.pretty_generate(@data))
+    end
+
+    private
+
+    def blank_structure
+      {
+        plugins_config_version: '1.0.0',
+        plugins: [],
+      }
+    end
+
+    def read_and_validate_file
+      @data = JSON.parse(File.read(path), symbolize_names: true)
+      validate_file
+    rescue JSON::ParserError => e
+      raise Inspec::Plugin::V2::ConfigError, "Failed to load plugins JSON configuration from #{path}:\n#{e}"
+    end
+
+    def validate_file # rubocop: disable Metrics/AbcSize
+      unless @data[:plugins_config_version]
+        raise Inspec::Plugin::V2::ConfigError, "Missing 'plugins_config_version' entry at #{path} - currently support versions: 1.0.0"
+      end
+
+      unless @data[:plugins_config_version] == '1.0.0'
+        raise Inspec::Plugin::V2::ConfigError, "Unsupported plugins.json file version #{@data[:plugins_config_version]} at #{path} - currently support versions: 1.0.0"
+      end
+
+      plugin_entries = @data[:plugins]
+      if plugin_entries.nil?
+        raise Inspec::Plugin::V2::ConfigError, "Malformed plugins.json file at #{path} - missing top-level key named 'plugins', whose value should be an array"
+      end
+
+      unless plugin_entries.is_a?(Array)
+        raise Inspec::Plugin::V2::ConfigError, "Malformed plugins.json file at #{path} - top-level key named 'plugins' should be an array"
+      end
+
+      plugin_entries.each_with_index do |plugin_entry, idx|
+        begin
+          validate_entry(plugin_entry)
+        rescue Inspec::Plugin::V2::ConfigError => ex
+          # append some context to the message
+          raise Inspec::Plugin::V2::ConfigError, 'Malformed plugins.json file - ' + ex.message + " at index #{idx}"
+        end
+
+        # Check for duplicates
+        plugin_entries.each_with_index do |other_entry, other_idx|
+          next if idx == other_idx
+          next unless other_entry.is_a? Hash # We'll catch that invalid entry later
+          next if plugin_entry[:name] != other_entry[:name]
+          indices = [idx, other_idx].sort
+          raise Inspec::Plugin::V2::ConfigError, "Malformed plugins.json file - duplicate plugin entry '#{plugin_entry[:name]}' detected at index #{indices[0]} and #{indices[1]}"
+        end
+      end
+    end
+
+    def validate_entry(plugin_entry)
+      unless plugin_entry.is_a? Hash
+        raise Inspec::Plugin::V2::ConfigError, "each 'plugins' entry should be a Hash / JSON object"
+      end
+
+      unless plugin_entry.key? :name
+        raise Inspec::Plugin::V2::ConfigError, "'plugins' entry missing 'name' field"
+      end
+
+      # Symbolize the name.
+      plugin_entry[:name] = plugin_entry[:name].to_sym
+
+      if plugin_entry.key? :installation_type
+        seen_type = plugin_entry[:installation_type]
+        unless [:gem, :path].include? seen_type.to_sym
+          raise Inspec::Plugin::V2::ConfigError, "'plugins' entry with unrecognized installation_type (must be one of 'gem' or 'path')"
+        end
+        plugin_entry[:installation_type] = seen_type.to_sym
+
+        if plugin_entry[:installation_type] == :path && !plugin_entry.key?(:installation_path)
+          raise Inspec::Plugin::V2::ConfigError, "'plugins' entry with a 'path' installation_type missing installation path"
+        end
+      end
+    end
+  end
+end

data/lib/inspec/plugin/v2/installer.rb

@@ -24,7 +24,7 @@ module Inspec::Plugin::V2
 
     Gem.configuration['verbose'] = false
 
-    attr_reader :loader, :registry
+    attr_reader :conf_file, :loader, :registry
     def_delegator :loader, :plugin_gem_path, :gem_path
     def_delegator :loader, :plugin_conf_file_path
     def_delegator :loader, :list_managed_gems
@@ -459,45 +459,25 @@ module Inspec::Plugin::V2
     #===================================================================#
     #                 plugins.json Maintenance Methods                  #
     #===================================================================#
-
-    # TODO: refactor the plugin.json file to have its own class, which Installer consumes
     def update_plugin_config_file(plugin_name, opts)
-      config = update_plugin_config_data(plugin_name, opts)
-      FileUtils.mkdir_p(Inspec.config_dir)
-      File.write(plugin_conf_file_path, JSON.pretty_generate(config))
-    end
-
-    # TODO: refactor the plugin.json file to have its own class, which Installer consumes
-    def update_plugin_config_data(plugin_name, opts)
-      config = read_or_init_config_data
-      config['plugins'].delete_if { |entry| entry['name'] == plugin_name }
-      return config if opts[:action] == :uninstall
-
-      entry = { 'name' => plugin_name }
-
-      # Parsing by Requirement handles lot of awkward formattoes
-      entry['version'] = Gem::Requirement.new(opts[:version]).to_s if opts.key?(:version)
-
-      if opts.key?(:path)
-        entry['installation_type'] = 'path'
-        entry['installation_path'] = opts[:path]
+      # Be careful no to initialize this until just before we write.
+      # Under testing, ENV['INSPEC_CONFIG_DIR'] may have changed.
+      @conf_file = Inspec::Plugin::V2::ConfigFile.new
+
+      # Remove, then optionally rebuild, the entry for the plugin being modified.
+      conf_file.remove_entry(plugin_name) if conf_file.existing_entry?(plugin_name)
+      unless opts[:action] == :uninstall
+        entry = { name: plugin_name }
+        # Parsing by Requirement handles lot of awkward formattoes
+        entry[:version] = Gem::Requirement.new(opts[:version]).to_s if opts.key?(:version)
+        if opts.key?(:path)
+          entry[:installation_type] = :path
+          entry[:installation_path] = opts[:path]
+        end
+        conf_file.add_entry(entry)
       end
 
-      config['plugins'] << entry
-      config
-    end
-
-    # TODO: check for validity
-    # TODO: refactor the plugin.json file to have its own class, which Installer consumes
-    def read_or_init_config_data
-      if File.exist?(plugin_conf_file_path)
-        JSON.parse(File.read(plugin_conf_file_path))
-      else
-        {
-          'plugins_config_version' => '1.0.0',
-          'plugins' => [],
-        }
-      end
+      conf_file.save
     end
   end
 end

data/lib/inspec/plugin/v2/loader.rb

@@ -1,5 +1,5 @@
-require 'json'
 require 'inspec/log'
+require 'inspec/plugin/v2/config_file'
 
 # Add the current directory of the process to the load path
 $LOAD_PATH.unshift('.') unless $LOAD_PATH.include?('.')
@@ -9,13 +9,13 @@ $LOAD_PATH.unshift(folder) unless $LOAD_PATH.include?('folder')
 
 module Inspec::Plugin::V2
   class Loader
-    attr_reader :registry, :options
+    attr_reader :conf_file, :registry, :options
 
     def initialize(options = {})
       @options = options
       @registry = Inspec::Plugin::V2::Registry.instance
-      read_conf_file
-      unpack_conf_file
+      @conf_file = Inspec::Plugin::V2::ConfigFile.new
+      read_conf_file_into_registry
 
       # Old-style (v0, v1) co-distributed plugins were called 'bundles'
       # and were located in lib/bundles
@@ -104,27 +104,12 @@ module Inspec::Plugin::V2
 
         # OK, activate.
         if activate_me
-          activate(:cli_command, act.activator_name)
+          registry.activate(:cli_command, act.activator_name)
           act.implementation_class.register_with_thor
         end
       end
     end
 
-    def activate(plugin_type, hook_name)
-      activator = registry.find_activators(plugin_type: plugin_type, activator_name: hook_name).first
-      # We want to capture literally any possible exception here, since we are storing them.
-      # rubocop: disable Lint/RescueException
-      begin
-        impl_class = activator.activation_proc.call
-        activator.activated?(true)
-        activator.implementation_class = impl_class
-      rescue Exception => ex
-        activator.exception = ex
-        Inspec::Log.error "Could not activate #{activator.plugin_type} hook named '#{activator.activator_name}' for plugin #{plugin_name}"
-      end
-      # rubocop: enable Lint/RescueException
-    end
-
     def plugin_gem_path
       self.class.plugin_gem_path
     end
@@ -157,16 +142,6 @@ module Inspec::Plugin::V2
       self.class.list_managed_gems
     end
 
-    # TODO: refactor the plugin.json file to have its own class, which Loader consumes
-    def plugin_conf_file_path
-      self.class.plugin_conf_file_path
-    end
-
-    # TODO: refactor the plugin.json file to have its own class, which Loader consumes
-    def self.plugin_conf_file_path
-      File.join(Inspec.config_dir, 'plugins.json')
-    end
-
     private
 
     # 'Activating' a gem adds it to the load path, so 'require "gemname"' will work.
@@ -271,71 +246,22 @@ module Inspec::Plugin::V2
       end
     end
 
-    # TODO: DRY up re: Installer read_or_init_config_file
-    # TODO: refactor the plugin.json file to have its own class, which Loader consumes
-    def read_conf_file
-      if File.exist?(plugin_conf_file_path)
-        @plugin_file_contents = JSON.parse(File.read(plugin_conf_file_path))
-      else
-        @plugin_file_contents = {
-          'plugins_config_version' => '1.0.0',
-          'plugins' => [],
-        }
-      end
-    rescue JSON::ParserError => e
-      raise Inspec::Plugin::V2::ConfigError, "Failed to load plugins JSON configuration from #{plugin_conf_file_path}:\n#{e}"
-    end
-
-    # TODO: refactor the plugin.json file to have its own class, which Loader consumes
-    def unpack_conf_file
-      validate_conf_file
-      @plugin_file_contents['plugins'].each do |plugin_json|
+    def read_conf_file_into_registry
+      conf_file.each do |plugin_entry|
         status = Inspec::Plugin::V2::Status.new
-        status.name = plugin_json['name'].to_sym
+        status.name = plugin_entry[:name]
         status.loaded = false
-        status.installation_type = (plugin_json['installation_type'] || :gem).to_sym
+        status.installation_type = (plugin_entry[:installation_type] || :gem)
         case status.installation_type
         when :gem
           status.entry_point = status.name.to_s
-          status.version = plugin_json['version']
+          status.version = plugin_entry[:version]
         when :path
-          status.entry_point = plugin_json['installation_path']
+          status.entry_point = plugin_entry[:installation_path]
         end
 
         registry[status.name] = status
       end
     end
-
-    # TODO: refactor the plugin.json file to have its own class, which Loader consumes
-    def validate_conf_file
-      unless @plugin_file_contents['plugins_config_version'] == '1.0.0'
-        raise Inspec::Plugin::V2::ConfigError, "Unsupported plugins.json file version #{@plugin_file_contents['plugins_config_version']} at #{plugin_conf_file_path} - currently support versions: 1.0.0"
-      end
-
-      plugin_entries = @plugin_file_contents['plugins']
-      unless plugin_entries.is_a?(Array)
-        raise Inspec::Plugin::V2::ConfigError, "Malformed plugins.json file - should have a top-level key named 'plugins', whose value is an array"
-      end
-
-      plugin_entries.each do |plugin_entry|
-        unless plugin_entry.is_a? Hash
-          raise Inspec::Plugin::V2::ConfigError, "Malformed plugins.json file - each 'plugins' entry should be a Hash / JSON object"
-        end
-
-        unless plugin_entry.key? 'name'
-          raise Inspec::Plugin::V2::ConfigError, "Malformed plugins.json file - each 'plugins' entry must have a 'name' field"
-        end
-
-        next unless plugin_entry.key?('installation_type')
-        unless %w{gem path}.include? plugin_entry['installation_type']
-          raise Inspec::Plugin::V2::ConfigError, "Malformed plugins.json file - each 'installation_type' must be one of 'gem' or 'path'"
-        end
-
-        next unless plugin_entry['installation_type'] == 'path'
-        unless plugin_entry.key?('installation_path')
-          raise Inspec::Plugin::V2::ConfigError, "Malformed plugins.json file - each 'plugins' entry with a 'path' installation_type must provide an 'installation_path' field"
-        end
-      end
-    end
   end
 end

data/lib/inspec/plugin/v2/plugin_types/dsl.rb

@@ -0,0 +1,11 @@
+# All DSL plugin types are defined here.
+
+module Inspec::Plugin::V2::PluginType
+  class Dsl < Inspec::Plugin::V2::PluginBase
+    register_plugin_type(:outer_profile_dsl)
+    register_plugin_type(:control_dsl)
+    register_plugin_type(:describe_dsl)
+    register_plugin_type(:test_dsl)
+    register_plugin_type(:resource_dsl)
+  end
+end

data/lib/inspec/plugin/v2/registry.rb

@@ -67,6 +67,21 @@ module Inspec::Plugin::V2
       end
     end
 
+    def activate(plugin_type, hook_name)
+      activator = find_activators(plugin_type: plugin_type, activator_name: hook_name).first
+      # We want to capture literally any possible exception here, since we are storing them.
+      # rubocop: disable Lint/RescueException
+      begin
+        impl_class = activator.activation_proc.call
+        activator.activated?(true)
+        activator.implementation_class = impl_class
+      rescue Exception => ex
+        activator.exception = ex
+        Inspec::Log.error "Could not activate #{activator.plugin_type} hook named '#{activator.activator_name}' for plugin #{plugin_name}"
+      end
+      # rubocop: enable Lint/RescueException
+    end
+
     def register(name, status)
       if known_plugin? name
         Inspec::Log.debug "PluginLoader: refusing to re-register plugin '#{name}': an existing plugin with that name was loaded via #{registry[name].installation_type}-loading from #{registry[name].entry_point}"

data/lib/inspec/rspec_extensions.rb

@@ -1,20 +1,84 @@
 require 'inspec/attribute_registry'
-require 'rspec/core'
+require 'inspec/plugin/v2'
 require 'rspec/core/example_group'
 
-# Setup RSpec to allow use of `should` syntax without warnings
-RSpec.configure do |config|
-  config.expect_with(:rspec) do |rspec_expectations_config|
-    rspec_expectations_config.syntax = :should
+# Any additions to RSpec::Core::ExampleGroup (the RSpec class behind describe blocks) should go here.
+
+module Inspec
+  # This module exists to intercept the method_missing *class* method on RSpec::Core::ExampleGroup
+  # and is part of support for DSL plugintypes
+  module DescribeDslLazyLoader
+    # Support for Describe DSL plugins
+    def method_missing(method_name, *arguments, &block)
+      # Check to see if there is a describe_dsl plugin activator hook with the method name
+      registry = Inspec::Plugin::V2::Registry.instance
+      hook = registry.find_activators(plugin_type: :describe_dsl, activator_name: method_name).first
+
+      if hook
+        # OK, load the hook if it hasn't been already.  We'll then know a module,
+        # which we can then inject into the context
+        registry.activate(:describe_dsl, method_name) unless hook.activated?
+
+        # Inject the module's methods into the example group contexts.
+        # implementation_class is the field name, but this is actually a module.
+        # RSpec works by having these helper methods defined as class methods
+        # (see the definition of `let` as an example)
+        # So, we use extend to inject the new DSL methods.
+        RSpec::Core::ExampleGroup.extend(hook.implementation_class)
+
+        # We still haven't called the method we were looking for, so do so now.
+        send(method_name, *arguments, &block)
+      else
+        super
+      end
+    end
+  end
+
+  # This module exists to intercept the method_missing *instance* method on RSpec::Core::ExampleGroup
+  # and is part of support for DSL plugintypes
+  module TestDslLazyLoader
+    # Support for test DSL plugins
+    def method_missing(method_name, *arguments, &block)
+      # Check to see if there is a test_dsl plugin activator hook with the method name
+      registry = Inspec::Plugin::V2::Registry.instance
+      hook = registry.find_activators(plugin_type: :test_dsl, activator_name: method_name).first
+
+      if hook
+        # OK, load the hook if it hasn't been already.  We'll then know a module,
+        # which we can then inject into the context
+        registry.activate(:test_dsl, method_name) unless hook.activated?
+
+        # Inject the module's methods into the example group contexts.
+        # implementation_class is the field name, but this is actually a module.
+        # RSpec works by having these helper methods defined as instance methods.
+        # So, we use include to inject the new DSL methods.
+        RSpec::Core::ExampleGroup.include(hook.implementation_class)
+
+        # We still haven't called the method we were looking for, so do so now.
+        send(method_name, *arguments, &block)
+      else
+        super
+      end
+    end
   end
 end
 
-# This file allows you to add ExampleGroups to be used in rspec tests
-#
 class RSpec::Core::ExampleGroup
   # This DSL method allows us to access the values of attributes within InSpec tests
   def attribute(name)
     Inspec::AttributeRegistry.find_attribute(name, self.class.metadata[:profile_id]).value
   end
   define_example_method :attribute
+
+  # Here, we have to ensure our method_missing gets called prior
+  # to RSpec::Core::ExampleGroup.method_missing (the class method).
+  # So, we use prepend.
+  # Because it is a class method we're attempting to prepend, we must
+  # prepend against the singleton class.
+  singleton_class.prepend Inspec::DescribeDslLazyLoader
+
+  # Here, we have to ensure our method_missing gets called prior
+  # to RSpec::Core::ExampleGroup#method_missing (the instance method).
+  # So, we use prepend.
+  prepend Inspec::TestDslLazyLoader
 end

data/lib/inspec/version.rb

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '3.0.52'
+  VERSION = '3.0.61'
 end

data/lib/plugins/inspec-init/lib/inspec-init/templates/profiles/aws/README.md

@@ -0,0 +1,54 @@
+# Example InSpec Profile For AWS
+
+This example shows the implementation of an InSpec profile for AWS.
+
+##  Create a profile 
+
+```
+$ inspec init profile --platform aws aws-security
+Create new profile at /Users/liamcaproni/aws-security
+ * Create directory libraries
+ * Create file README.md
+ * Create directory controls
+ * Create file controls/example.rb
+ * Create file inspec.yml
+ * Create file attributes.yml
+ * Create file libraries/.gitkeep 
+ 
+```
+
+## Update `attributes.yml` to point to your custom VPC
+
+```
+aws_vpc_id: 'custom-vpc-id'
+```
+
+## Run the tests
+
+```
+$ cd aws-profile/
+$ inspec exec -t aws://eu-west-1/test-iam-profile  --attrs attributes.yml aws-security
+
+Profile: InSpec Profile (aws-security)
+Version: 0.1.0
+Target:  aws://eu-west-2
+
+  ✔  aws-vpc-check: Check to see if custom VPC exists.
+     ✔  VPC vpc-0014dad216b7664e3 should exist
+  ✔  aws-vpcs-check: Check in all the VPCs for default sg not allowing 22 inwards
+     ✔  EC2 Security Group sg-05cd285a7499ee2bf should allow in {:port=>22}
+     ✔  EC2 Security Group sg-0f0faf6d01eafc65d should allow in {:port=>22}
+     ✔  EC2 Security Group sg-0cb134808cb42f188 should allow in {:port=>22}
+     ✔  EC2 Security Group sg-06b2ae6dea43e32b6 should allow in {:port=>22}
+     ✔  EC2 Security Group sg-0fc81264868480768 should allow in {:port=>22}
+     ✔  EC2 Security Group sg-0cc3c94d414fdcd1b should allow in {:port=>22}
+     ✔  EC2 Security Group sg-0abe7f61 should allow in {:port=>22}
+     ✔  EC2 Security Group sg-0f346bed179f1e6ad should allow in {:port=>22}
+     ✔  EC2 Security Group sg-0ff737c3be7a370ab should allow in {:port=>22}
+     ✔  EC2 Security Group sg-0f37838285d37d035 should allow in {:port=>22}
+     ✔  EC2 Security Group sg-001651d64991000f7 should allow in {:port=>22}
+
+
+
+
+```

data/lib/plugins/inspec-init/lib/inspec-init/templates/profiles/aws/attributes.yml

@@ -0,0 +1,2 @@
+# Below is to be uncommented and set with your AWS Custom VPC ID:
+# aws_vpc_id: 'vpc-xxxxxxx'

data/lib/plugins/inspec-init/lib/inspec-init/templates/profiles/aws/controls/example.rb

@@ -0,0 +1,26 @@
+# encoding: utf-8
+# copyright: 2018, The Authors
+
+title 'Sample Section'
+
+aws_vpc_id = attribute('aws_vpc_id')
+
+# you add controls here
+control 'aws-vpc-check' do                                                  # A unique ID for this control.
+  impact 1.0                                                                # The criticality, if this control fails.
+  title 'Check to see if custom VPC exists.'                                # A human-readable title
+  describe aws_vpc(aws_vpc_id) do                                           # The test itself.
+    it { should exist }
+  end
+end
+
+# Plural resources can be inspected to check for specific resource details.
+control 'aws-vpcs-check' do
+  impact 1.0
+  title 'Check in all the VPCs for default sg not allowing 22 inwards'
+  aws_vpcs.vpc_ids.each do |vpc_id|
+    describe aws_security_group(vpc_id: vpc_id, group_name: 'default') do
+      it { should allow_in(port: 22) }
+    end
+  end
+end

data/lib/plugins/inspec-init/lib/inspec-init/templates/profiles/aws/inspec.yml

@@ -0,0 +1,16 @@
+name: <%= name %>
+title: AWS InSpec Profile
+maintainer: The Authors
+copyright: The Authors
+copyright_email: you@example.com
+license: Apache-2.0
+summary: An InSpec Compliance Profile For AWS
+version: 0.1.0
+inspec_version: '>= 2.3.5'
+attributes:
+- name: aws_vpc_id
+  required: true
+  description: 'The Custom AWS VPC Id'
+  type: string
+supports:
+- platform: aws

data/lib/plugins/inspec-init/test/functional/inspec_init_test.rb

@@ -61,4 +61,16 @@ class InitCli < MiniTest::Test
       assert_includes Dir.entries(profile).join, 'README.md'
     end
   end
-end
+
+  def test_generating_inspec_profile_aws
+    Dir.mktmpdir do |dir|
+      profile = File.join(dir,'test-aws-profile')
+      out = run_inspec_process("init profile --platform aws test-aws-profile", prefix: "cd #{dir} &&")
+      assert_equal 0, out.exit_status
+      assert_includes out.stdout, 'Create new profile at'
+      assert_includes out.stdout, profile
+      assert_includes Dir.entries(profile).join, 'inspec.yml'
+      assert_includes Dir.entries(profile).join, 'README.md'
+   end
+  end
+end

data/lib/resource_support/aws.rb

@@ -24,6 +24,7 @@ require 'resources/aws/aws_ebs_volumes'
 require 'resources/aws/aws_flow_log'
 require 'resources/aws/aws_ec2_instances'
 require 'resources/aws/aws_ecs_cluster'
+require 'resources/aws/aws_eks_cluster'
 require 'resources/aws/aws_elb'
 require 'resources/aws/aws_elbs'
 require 'resources/aws/aws_iam_access_key'

data/lib/resources/aws/aws_eks_cluster.rb

@@ -0,0 +1,101 @@
+class AwsEksCluster < Inspec.resource(1)
+  name 'aws_eks_cluster'
+  desc 'Verifies settings for an EKS cluster'
+
+  example <<-EOX
+    describe aws_eks_cluster('default') do
+      it { should exist }
+    end
+EOX
+  supports platform: 'aws'
+
+  include AwsSingularResourceMixin
+  attr_reader :version, :arn, :cluster_name, :certificate_authority, :name,
+              :status, :endpoint, :subnets_count, :subnet_ids, :security_group_ids,
+              :created_at, :role_arn, :vpc_id, :security_groups_count, :creating,
+              :active, :failed, :deleting
+  # Use aliases for matchers
+  alias active? active
+  alias failed? failed
+  alias creating? creating
+  alias deleting? deleting
+
+  def to_s
+    "AWS EKS cluster #{cluster_name}"
+  end
+
+  private
+
+  def validate_params(raw_params)
+    validated_params = check_resource_param_names(
+      raw_params: raw_params,
+      allowed_params: [:cluster_name],
+      allowed_scalar_name: :cluster_name,
+      allowed_scalar_type: String,
+    )
+
+    if validated_params.empty?
+      raise ArgumentError, 'You must provide a cluster_name to aws_eks_cluster.'
+    end
+
+    validated_params
+  end
+
+  def fetch_from_api # rubocop:disable Metrics/AbcSize
+    backend = BackendFactory.create(inspec_runner)
+    begin
+      params = { name: cluster_name }
+      resp = backend.describe_cluster(params)
+    rescue Aws::EKS::Errors::ResourceNotFoundException
+      @exists = false
+      populate_as_missing
+      return
+    end
+    @exists = true
+    cluster = resp.to_h[:cluster]
+    @version = cluster[:version]
+    @name = cluster[:name]
+    @arn = cluster[:arn]
+    @certificate_authority = cluster[:certificate_authority][:data]
+    @created_at = cluster[:created_at]
+    @endpoint = cluster[:endpoint]
+    @security_group_ids = cluster[:resources_vpc_config][:security_group_ids]
+    @subnet_ids = cluster[:resources_vpc_config][:subnet_ids]
+    @subnets_count = cluster[:resources_vpc_config][:subnet_ids].length
+    @security_groups_count = cluster[:resources_vpc_config][:security_group_ids].length
+    @vpc_id = cluster[:resources_vpc_config][:vpc_id]
+    @role_arn = cluster[:role_arn]
+    @status = cluster[:status]
+    @active = cluster[:status] == 'ACTIVE'
+    @failed = cluster[:status] == 'FAILED'
+    @creating = cluster[:status] == 'CREATING'
+    @deleting = cluster[:status] == 'DELETING'
+  end
+
+  def populate_as_missing
+    @version = nil
+    @name = cluster_name # name is an alias for cluster_name, and it is retained on a miss
+    @arn = nil
+    @certificate_authority = nil
+    @created_at = nil
+    @endpoint = nil
+    @security_group_ids = []
+    @subnet_ids = []
+    @subnets_count = nil
+    @security_groups_count = nil
+    @vpc_id = nil
+    @role_arn = nil
+    @status = nil
+  end
+
+  class Backend
+    class AwsClientApi < AwsBackendBase
+      BackendFactory.set_default_backend(self)
+      self.aws_client_class = Aws::EKS::Client
+
+      def describe_cluster(query = {})
+        aws_service_client.describe_cluster(query)
+      end
+    end
+  end
+end

data/lib/resources/filesystem.rb

@@ -2,30 +2,103 @@ module Inspec::Resources
   class FileSystemResource < Inspec.resource(1)
     name 'filesystem'
     supports platform: 'linux'
+    supports platform: 'windows'
     desc 'Use the filesystem InSpec resource to test file system'
     example "
       describe filesystem('/') do
         its('size') { should be >= 32000 }
+        its('type') { should eq false }
+      end
+      describe filesystem('c:') do
+        its('size') { should be >= 90 }
+        its('type') { should eq 'NTFS' }
       end
     "
     attr_reader :partition
 
     def initialize(partition)
       @partition = partition
+      @cache = nil
+      # select file system manager
+      @fsman = nil
+
+      os = inspec.os
+      if os.linux?
+        @fsman = LinuxFileSystemResource.new(inspec)
+      elsif os.windows?
+        @fsman = WindowsFileSystemResource.new(inspec)
+      else
+        raise Inspec::Exceptions::ResourceSkipped, 'The `filesystem` resource is not supported on your OS yet.'
+      end
+    end
+
+    def info
+      return @cache if !@cache.nil?
+      return {} if @fsman.nil?
+      @cache = @fsman.info(@partition)
+    end
+
+    def to_s
+      "FileSystem #{@partition}"
     end
 
     def size
-      @size ||= begin
-        cmd = inspec.command("df #{partition} --output=size")
-        raise Inspec::Exceptions::ResourceFailed, "Unable to get available space for partition #{partition}" if cmd.stdout.nil? || cmd.stdout.empty? || !cmd.exit_status.zero?
+      info = @fsman.info(@partition)
+      info[:size]
+    end
 
-        value = cmd.stdout.gsub(/\dK-blocks[\r\n]/, '').strip
-        value.to_i
-      end
+    def type
+      info = @fsman.info(@partition)
+      info[:type]
     end
 
-    def to_s
-      "Filesystem #{partition}"
+    def name
+      info = @fsman.info(@partition)
+      info[:name]
+    end
+  end
+
+  class FsManagement
+    attr_reader :inspec
+    def initialize(inspec)
+      @inspec = inspec
+    end
+  end
+
+  class LinuxFileSystemResource < FsManagement
+    def info(partition)
+      cmd = inspec.command("df #{partition} --output=size")
+      raise Inspec::Exceptions::ResourceFailed, "Unable to get available space for partition #{partition}" if cmd.stdout.nil? || cmd.stdout.empty? || !cmd.exit_status.zero?
+      value = cmd.stdout.gsub(/\dK-blocks[\r\n]/, '').strip
+      {
+        name: partition,
+        size: value.to_i,
+        type: false,
+      }
+    end
+  end
+
+  class WindowsFileSystemResource < FsManagement
+    def info(partition)
+      cmd = inspec.command <<-EOF.gsub(/^\s*/, '')
+        $disk = Get-WmiObject Win32_LogicalDisk -Filter "DeviceID='#{partition}'"
+        $disk.Size = $disk.Size / 1GB
+        $disk | select -property DeviceID,Size,FileSystem | ConvertTo-Json
+      EOF
+
+      raise Inspec::Exceptions::ResourceSkipped, "Unable to get available space for partition #{partition}" if cmd.stdout == '' || cmd.exit_status.to_i != 0
+      begin
+        fs = JSON.parse(cmd.stdout)
+      rescue JSON::ParserError => e
+        raise Inspec::Exceptions::ResourceFailed,
+              'Failed to parse JSON from Powershell. ' \
+              "Error: #{e}"
+      end
+      {
+        name: fs['DeviceID'],
+        size: fs['Size'].to_i,
+        type: fs['FileSystem'],
+      }
     end
   end
 end

data/lib/resources/package.rb

@@ -288,7 +288,7 @@ module Inspec::Resources
       # Find the package
       cmd = inspec.command <<-EOF.gsub(/^\s*/, '')
         Get-ItemProperty (@("#{search_paths.join('", "')}") | Where-Object { Test-Path $_ }) |
-        Where-Object { $_.DisplayName -match "^\\s*#{package_name.shellescape}\\s*$" -or $_.PSChildName -match "^\\s*#{package_name.shellescape}\\s*$" } |
+        Where-Object { $_.DisplayName -match "^\s*#{package_name.shellescape}\.*" -or $_.PSChildName -match "^\s*#{package_name.shellescape}\.*" } |
         Select-Object -Property DisplayName,DisplayVersion | ConvertTo-Json
       EOF
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 3.0.52
+  version: 3.0.61
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-11-15 00:00:00.000000000 Z
+date: 2018-11-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train
@@ -415,11 +415,13 @@ files:
 - lib/inspec/plugin/v1/registry.rb
 - lib/inspec/plugin/v2.rb
 - lib/inspec/plugin/v2/activator.rb
+- lib/inspec/plugin/v2/config_file.rb
 - lib/inspec/plugin/v2/filter.rb
 - lib/inspec/plugin/v2/installer.rb
 - lib/inspec/plugin/v2/loader.rb
 - lib/inspec/plugin/v2/plugin_base.rb
 - lib/inspec/plugin/v2/plugin_types/cli.rb
+- lib/inspec/plugin/v2/plugin_types/dsl.rb
 - lib/inspec/plugin/v2/plugin_types/mock.rb
 - lib/inspec/plugin/v2/registry.rb
 - lib/inspec/plugin/v2/status.rb
@@ -480,6 +482,11 @@ files:
 - lib/plugins/inspec-init/lib/inspec-init.rb
 - lib/plugins/inspec-init/lib/inspec-init/cli.rb
 - lib/plugins/inspec-init/lib/inspec-init/renderer.rb
+- lib/plugins/inspec-init/lib/inspec-init/templates/profiles/aws/README.md
+- lib/plugins/inspec-init/lib/inspec-init/templates/profiles/aws/attributes.yml
+- lib/plugins/inspec-init/lib/inspec-init/templates/profiles/aws/controls/example.rb
+- lib/plugins/inspec-init/lib/inspec-init/templates/profiles/aws/inspec.yml
+- lib/plugins/inspec-init/lib/inspec-init/templates/profiles/aws/libraries/.gitkeep
 - lib/plugins/inspec-init/lib/inspec-init/templates/profiles/gcp/README.md
 - lib/plugins/inspec-init/lib/inspec-init/templates/profiles/gcp/attributes.yml
 - lib/plugins/inspec-init/lib/inspec-init/templates/profiles/gcp/controls/example.rb
@@ -529,6 +536,7 @@ files:
 - lib/resources/aws/aws_ec2_instance.rb
 - lib/resources/aws/aws_ec2_instances.rb
 - lib/resources/aws/aws_ecs_cluster.rb
+- lib/resources/aws/aws_eks_cluster.rb
 - lib/resources/aws/aws_elb.rb
 - lib/resources/aws/aws_elbs.rb
 - lib/resources/aws/aws_flow_log.rb