inspec 3.6.6 → 3.7.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (33) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +4 -1
  3. data/README.md +7 -7
  4. data/etc/deprecations.json +10 -0
  5. data/lib/inspec.rb +1 -1
  6. data/lib/inspec/base_cli.rb +1 -1
  7. data/lib/inspec/cli.rb +1 -1
  8. data/lib/inspec/config.rb +31 -1
  9. data/lib/inspec/control_eval_context.rb +4 -4
  10. data/lib/inspec/errors.rb +10 -10
  11. data/lib/inspec/exceptions.rb +2 -2
  12. data/lib/inspec/{attribute_registry.rb → input_registry.rb} +18 -18
  13. data/lib/inspec/objects.rb +1 -1
  14. data/lib/inspec/objects/{attribute.rb → input.rb} +61 -28
  15. data/lib/inspec/profile.rb +14 -14
  16. data/lib/inspec/profile_context.rb +11 -11
  17. data/lib/inspec/reporters/json.rb +1 -1
  18. data/lib/inspec/rspec_extensions.rb +3 -3
  19. data/lib/inspec/runner.rb +25 -18
  20. data/lib/inspec/schema.rb +1 -1
  21. data/lib/inspec/secrets/yaml.rb +5 -5
  22. data/lib/inspec/version.rb +1 -1
  23. data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +1 -1
  24. data/lib/plugins/inspec-init/{lib/inspec-init/templates → templates}/profiles/aws/README.md +0 -0
  25. data/lib/plugins/inspec-init/{lib/inspec-init/templates → templates}/profiles/aws/attributes.yml +0 -0
  26. data/lib/plugins/inspec-init/{lib/inspec-init/templates → templates}/profiles/aws/controls/example.rb +0 -0
  27. data/lib/plugins/inspec-init/{lib/inspec-init/templates → templates}/profiles/aws/inspec.yml +0 -0
  28. data/lib/plugins/inspec-init/{lib/inspec-init/templates → templates}/profiles/aws/libraries/.gitkeep +0 -0
  29. data/lib/plugins/inspec-init/test/functional/inspec_init_profile_test.rb +14 -2
  30. data/lib/resource_support/aws/aws_resource_mixin.rb +1 -0
  31. data/lib/resources/postgres.rb +31 -15
  32. data/lib/utils/pkey_reader.rb +4 -4
  33. metadata +9 -9
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 90e04c89090a258fa5a4d935ab067275c5de0a5ca7782468cfce06724a011f4f
4
- data.tar.gz: e2f19a2d08ce57fa6724f645299a9e92b01b50e9098f51cbfb9f08363f30bbdc
3
+ metadata.gz: 5fac8050f287e7724b43ec98cc5d315849aeabe1ba832068c30eab5d1c2e990f
4
+ data.tar.gz: 5779e58ee9fb65084d06c3a118fff3f9f99083436f747a60230c34a857a6e71f
5
5
  SHA512:
6
- metadata.gz: e9538cdecc9989f89c6fc45b0caec1a6d6c5b6ab6da029a3a128d0be5a563b376c323fd0b00a8bd7f012d7ae264f0db0bbae6de5e56ac591eaa1308d614fd8ee
7
- data.tar.gz: '0709d10065ed6589747007e82f12115b011494485b555ba04ee7edfcd6cdd47d170518fa71c34792af9ae5ca1be115cb61448c6b930a13145e1422548b267190'
6
+ metadata.gz: f13bf3144f139198a8443ac4db6e8e0bb1c3ac38cc3c2aaec9169544d90133991888d25f98c74ff3634440fd269cf9ddfb3231b69129c7d6aedf69ef934ff335
7
+ data.tar.gz: 5f6587a9d8716b90b79d024f3d486a76ae8f77ec85ab72b4e0f1232261b7c0a88cf399d35c5e59ee52559d8ef946e2a6a4c9dd4ac23dd95dfb195a5c7865d419
data/Gemfile CHANGED
@@ -22,7 +22,10 @@ group :test do
22
22
  end
23
23
 
24
24
  group :integration do
25
- gem 'berkshelf', '~> 5.2'
25
+ # this version check can be removed when inspec no longer support ruby 2.3
26
+ if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.4')
27
+ gem 'berkshelf', '~> 7'
28
+ end
26
29
  gem 'test-kitchen', '>= 1.24'
27
30
  gem 'kitchen-vagrant'
28
31
  # we need winrm v2 support >= 0.15.1
data/README.md CHANGED
@@ -288,9 +288,9 @@ Remote Targets
288
288
  | ---------------------------- | ------------------------------------------------ | ------------- |
289
289
  | AIX | 6.1, 7.1, 7.2 | ppc64 |
290
290
  | CentOS | 5, 6, 7 | i386, x86_64 |
291
- | Debian | 7, 8 | i386, x86_64 |
292
- | FreeBSD | 9, 10 | i386, amd64 |
293
- | Mac OS X | 10.9, 10.10, 10.11 | x86_64 |
291
+ | Debian | 7, 8, 9 | i386, x86_64 |
292
+ | FreeBSD | 9, 10, 11 | i386, amd64 |
293
+ | Mac OS X | 10.9, 10.10, 10.11, 10.12, 10.13, 10.14 | x86_64 |
294
294
  | Oracle Enterprise Linux | 5, 6, 7 | i386, x86_64 |
295
295
  | Red Hat Enterprise Linux | 5, 6, 7 | i386, x86_64 |
296
296
  | Solaris | 10, 11 | sparc, x86 |
@@ -299,7 +299,7 @@ Remote Targets
299
299
  | SUSE Linux Enterprise Server | 11, 12 | x86_64 |
300
300
  | Scientific Linux | 5.x, 6.x and 7.x | i386, x86_64 |
301
301
  | Fedora | | x86_64 |
302
- | OpenSUSE | 13.1/13.2/42.1 | x86_64 |
302
+ | OpenSUSE | 13, 42 | x86_64 |
303
303
  | OmniOS | | x86_64 |
304
304
  | Gentoo Linux | | x86_64 |
305
305
  | Arch Linux | | x86_64 |
@@ -311,7 +311,7 @@ In addition, runtime support is provided for:
311
311
 
312
312
  | Platform | Versions |
313
313
  | -------- | -------- |
314
- | Debian | 8 |
314
+ | Debian | 8, 9 |
315
315
  | RHEL | 6, 7 |
316
316
  | Ubuntu | 12.04+ |
317
317
  | Windows | 7+ |
@@ -440,7 +440,7 @@ Please see [TESTING_AGAINST_AZURE.md](./test/integration/aws/TESTING_AGAINST_AZU
440
440
  | **Author:** | Dominik Richter (<drichter@chef.io>) |
441
441
  | **Author:** | Christoph Hartmann (<chartmann@chef.io>) |
442
442
  | **Copyright:** | Copyright (c) 2015 Vulcano Security GmbH. |
443
- | **Copyright:** | Copyright (c) 2017 Chef Software Inc. |
443
+ | **Copyright:** | Copyright (c) 2017-2018 Chef Software Inc.|
444
444
  | **License:** | Apache License, Version 2.0 |
445
445
 
446
446
  Licensed under the Apache License, Version 2.0 (the "License");
@@ -453,4 +453,4 @@ Unless required by applicable law or agreed to in writing, software
453
453
  distributed under the License is distributed on an "AS IS" BASIS,
454
454
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
455
455
  See the License for the specific language governing permissions and
456
- limitations under the License.
456
+ limitations under the License.
@@ -14,6 +14,16 @@
14
14
  "filesystem_property_size": {
15
15
  "action": "ignore",
16
16
  "comment": "See #3778"
17
+ },
18
+ "rename_attributes_to_inputs": {
19
+ "action": "ignore",
20
+ "prefix": "InSpec Attributes are being renamed to InSpec Inputs to avoid confusion with Chef Attributes.",
21
+ "comment": "See #3802"
22
+ },
23
+ "aws_resources_in_resource_pack": {
24
+ "comment": "See #3822",
25
+ "action": "ignore",
26
+ "prefix": "AWS resources shipped with core InSpec are being to moved to a resource pack for faster iteration. Please update your profiles to depend on git@github.com:inspec/inspec-aws.git ."
17
27
  }
18
28
  }
19
29
  }
data/lib/inspec.rb CHANGED
@@ -16,7 +16,7 @@ require 'inspec/runner'
16
16
  require 'inspec/shell'
17
17
  require 'inspec/formatters'
18
18
  require 'inspec/reporters'
19
- require 'inspec/attribute_registry'
19
+ require 'inspec/input_registry'
20
20
  require 'inspec/rspec_extensions'
21
21
  require 'inspec/globals'
22
22
  require 'inspec/impact'
@@ -108,7 +108,7 @@ module Inspec
108
108
  banner: 'one two:/output/file/path',
109
109
  desc: 'Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit, yaml'
110
110
  option :attrs, type: :array,
111
- desc: 'Load attributes file (experimental)'
111
+ desc: 'Load one or more input files, a YAML file with values for the profile to use'
112
112
  option :create_lockfile, type: :boolean,
113
113
  desc: 'Write out a lockfile based on this execution (unless one already exists)'
114
114
  option :backend_cache, type: :boolean,
data/lib/inspec/cli.rb CHANGED
@@ -216,7 +216,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
216
216
  inspec exec /path/to/profile
217
217
  ```
218
218
 
219
- Local single test (doesn't allow attributes or custom resources)
219
+ Local single test (doesn't allow inputs or custom resources)
220
220
  ```
221
221
  inspec exec /path/to/a_test.rb
222
222
  ```
data/lib/inspec/config.rb CHANGED
@@ -71,6 +71,8 @@ module Inspec
71
71
  # transport name prefixed, which is stripped before being added
72
72
  # to the creds hash)
73
73
  # * the --target CLI option, which is interpreted:
74
+ # - as a transport://credset format, which looks up the creds in
75
+ # the config file in the credentials section
74
76
  # - as an arbitrary URI, which is parsed by Train.unpack_target_from_uri
75
77
 
76
78
  def unpack_train_credentials
@@ -82,8 +84,9 @@ module Inspec
82
84
  credentials.merge!(_utc_generic_credentials)
83
85
 
84
86
  _utc_determine_backend(credentials)
85
- credentials.merge!(Train.unpack_target_from_uri(final_options[:target] || '')) # TODO: this will be replaced with the credset work
86
87
  transport_name = credentials[:backend].to_s
88
+
89
+ _utc_merge_credset(credentials, transport_name)
87
90
  _utc_merge_transport_options(credentials, transport_name)
88
91
 
89
92
  # Convert to all-Symbol keys
@@ -137,6 +140,33 @@ module Inspec
137
140
  credentials[:backend] = transport_name.to_s # these are indeed stored in Train as Strings.
138
141
  end
139
142
 
143
+ def _utc_merge_credset(credentials, transport_name)
144
+ # Look for Config File credentials/transport_name/credset
145
+ credset_name = _utc_find_credset_name(credentials, transport_name)
146
+
147
+ if credset_name
148
+ credset = @cfg_file_contents.dig('credentials', transport_name, credset_name)
149
+ if credset
150
+ credentials.merge!(credset)
151
+ else
152
+ # OK, we had a target that looked like transport://something
153
+ # But we don't know what that something is - there was no
154
+ # matching credset with it. Let train parse it.
155
+ credentials.merge!(Train.unpack_target_from_uri(final_options[:target]))
156
+ end
157
+ elsif final_options.key?(:target)
158
+ # Not sure what target looked like at all!
159
+ # Let train parse it.
160
+ credentials.merge!(Train.unpack_target_from_uri(final_options[:target]))
161
+ end
162
+ end
163
+
164
+ def _utc_find_credset_name(_credentials, transport_name)
165
+ return nil unless final_options[:target]
166
+ match = final_options[:target].match(%r{^#{transport_name}://(?<credset_name>[\w\d\-]+)$})
167
+ match ? match[:credset_name] : nil
168
+ end
169
+
140
170
  #-----------------------------------------------------------------------#
141
171
  # Reading Config Files
142
172
  #-----------------------------------------------------------------------#
@@ -27,7 +27,7 @@ module Inspec
27
27
 
28
28
  # allow attributes to be accessed within control blocks
29
29
  define_method :attribute do |name|
30
- Inspec::AttributeRegistry.find_attribute(name, profile_id).value
30
+ Inspec::InputRegistry.find_input(name, profile_id).value
31
31
  end
32
32
 
33
33
  # Support for Control DSL plugins.
@@ -167,12 +167,12 @@ module Inspec
167
167
  profile_context_owner.register_rule(control, &block) unless control.nil?
168
168
  end
169
169
 
170
- # method for attributes; import attribute handling
170
+ # method for inputs; import input handling
171
171
  define_method :attribute do |name, options = nil|
172
172
  if options.nil?
173
- Inspec::AttributeRegistry.find_attribute(name, profile_id).value
173
+ Inspec::InputRegistry.find_input(name, profile_id).value
174
174
  else
175
- profile_context_owner.register_attribute(name, options)
175
+ profile_context_owner.register_input(name, options)
176
176
  end
177
177
  end
178
178
 
data/lib/inspec/errors.rb CHANGED
@@ -18,29 +18,29 @@ module Inspec
18
18
  class ConfigError::MalformedJson < ConfigError; end
19
19
  class ConfigError::Invalid < ConfigError; end
20
20
 
21
- class Attribute
21
+ class Input
22
22
  class Error < Inspec::Error; end
23
23
  class ValidationError < Error
24
- attr_accessor :attribute_name
25
- attr_accessor :attribute_value
26
- attr_accessor :attribute_type
24
+ attr_accessor :input_name
25
+ attr_accessor :input_value
26
+ attr_accessor :input_type
27
27
  end
28
28
  class TypeError < Error
29
- attr_accessor :attribute_type
29
+ attr_accessor :input_type
30
30
  end
31
31
  class RequiredError < Error
32
- attr_accessor :attribute_name
32
+ attr_accessor :input_name
33
33
  end
34
34
  end
35
35
 
36
- class AttributeRegistry
36
+ class InputRegistry
37
37
  class Error < Inspec::Error; end
38
- class ProfileError < Error
38
+ class ProfileLookupError < Error
39
39
  attr_accessor :profile_name
40
40
  end
41
- class AttributeError < Error
41
+ class InputLookupError < Error
42
42
  attr_accessor :profile_name
43
- attr_accessor :attribute_name
43
+ attr_accessor :input_name
44
44
  end
45
45
  end
46
46
 
@@ -3,8 +3,8 @@
3
3
 
4
4
  module Inspec
5
5
  module Exceptions
6
- class AttributesFileDoesNotExist < ArgumentError; end
7
- class AttributesFileNotReadable < ArgumentError; end
6
+ class InputsFileDoesNotExist < ArgumentError; end
7
+ class InputsFileNotReadable < ArgumentError; end
8
8
  class ResourceFailed < StandardError; end
9
9
  class ResourceSkipped < StandardError; end
10
10
  class SecretsBackendNotFound < ArgumentError; end
@@ -1,9 +1,9 @@
1
1
  require 'forwardable'
2
2
  require 'singleton'
3
- require 'inspec/objects/attribute'
3
+ require 'inspec/objects/input'
4
4
 
5
5
  module Inspec
6
- class AttributeRegistry
6
+ class InputRegistry
7
7
  include Singleton
8
8
  extend Forwardable
9
9
 
@@ -15,54 +15,54 @@ module Inspec
15
15
 
16
16
  # These self methods are convenience methods so you dont always
17
17
  # have to specify instance when calling the registry
18
- def self.find_attribute(name, profile)
19
- instance.find_attribute(name, profile)
18
+ def self.find_input(name, profile)
19
+ instance.find_input(name, profile)
20
20
  end
21
21
 
22
- def self.register_attribute(name, profile, options = {})
23
- instance.register_attribute(name, profile, options)
22
+ def self.register_input(name, profile, options = {})
23
+ instance.register_input(name, profile, options)
24
24
  end
25
25
 
26
26
  def self.register_profile_alias(name, alias_name)
27
27
  instance.register_profile_alias(name, alias_name)
28
28
  end
29
29
 
30
- def self.list_attributes_for_profile(profile)
31
- instance.list_attributes_for_profile(profile)
30
+ def self.list_inputs_for_profile(profile)
31
+ instance.list_inputs_for_profile(profile)
32
32
  end
33
33
 
34
34
  def initialize
35
- # this is a collection of profiles which have a value of attribute objects
35
+ # this is a collection of profiles which have a value of input objects
36
36
  @list = {}
37
37
 
38
38
  # this is a list of optional profile name overrides set in the inspec.yml
39
39
  @profile_aliases = {}
40
40
  end
41
41
 
42
- def find_attribute(name, profile)
42
+ def find_input(name, profile)
43
43
  profile = @profile_aliases[profile] if !profile_exist?(profile) && @profile_aliases[profile]
44
44
  unless profile_exist?(profile)
45
- error = Inspec::AttributeRegistry::ProfileError.new
45
+ error = Inspec::InputRegistry::ProfileLookupError.new
46
46
  error.profile_name = profile
47
- raise error, "Profile '#{error.profile_name}' does not have any attributes"
47
+ raise error, "Profile '#{error.profile_name}' does not have any inputs"
48
48
  end
49
49
 
50
50
  unless list[profile].key?(name)
51
- error = Inspec::AttributeRegistry::AttributeError.new
52
- error.attribute_name = name
51
+ error = Inspec::InputRegistry::InputLookupError.new
52
+ error.input_name = name
53
53
  error.profile_name = profile
54
- raise error, "Profile '#{error.profile_name}' does not have an attribute with name '#{error.attribute_name}'"
54
+ raise error, "Profile '#{error.profile_name}' does not have an input with name '#{error.input_name}'"
55
55
  end
56
56
  list[profile][name]
57
57
  end
58
58
 
59
- def register_attribute(name, profile, options = {})
59
+ def register_input(name, profile, options = {})
60
60
  # check for a profile override name
61
61
  if profile_exist?(profile) && list[profile][name] && options.empty?
62
62
  list[profile][name]
63
63
  else
64
64
  list[profile] = {} unless profile_exist?(profile)
65
- list[profile][name] = Inspec::Attribute.new(name, options)
65
+ list[profile][name] = Inspec::Input.new(name, options)
66
66
  end
67
67
  end
68
68
 
@@ -70,7 +70,7 @@ module Inspec
70
70
  @profile_aliases[name] = alias_name
71
71
  end
72
72
 
73
- def list_attributes_for_profile(profile)
73
+ def list_inputs_for_profile(profile)
74
74
  list[profile] = {} unless profile_exist?(profile)
75
75
  list[profile]
76
76
  end
@@ -1,7 +1,7 @@
1
1
  # encoding: utf-8
2
2
 
3
3
  module Inspec
4
- autoload :Attribute, 'inspec/objects/attribute'
4
+ autoload :Input, 'inspec/objects/input'
5
5
  autoload :Tag, 'inspec/objects/tag'
6
6
  autoload :Control, 'inspec/objects/control'
7
7
  autoload :Describe, 'inspec/objects/describe'
@@ -2,21 +2,22 @@
2
2
 
3
3
  require 'utils/deprecation'
4
4
 
5
+ # For backwards compatibility during the rename (see #3802),
6
+ # maintain the Inspec::Attribute namespace for people checking for
7
+ # Inspec::Attribute::DEFAULT_ATTRIBUTE
5
8
  module Inspec
6
9
  class Attribute
7
- attr_accessor :name
8
-
9
- VALID_TYPES = %w{
10
- String
11
- Numeric
12
- Regexp
13
- Array
14
- Hash
15
- Boolean
16
- Any
17
- }.freeze
10
+ # This only exists to create the Inspec::Attribute::DEFAULT_ATTRIBUTE symbol with a class
11
+ class DEFAULT_ATTRIBUTE; end # rubocop: disable Style/ClassAndModuleCamelCase
12
+ end
13
+ end
18
14
 
19
- DEFAULT_ATTRIBUTE = Class.new do
15
+ module Inspec
16
+ class Input
17
+ # This special class is used to represent the value when an input has
18
+ # not been assigned a value. This allows a user to explicitly assign nil
19
+ # to an input.
20
+ class NO_VALUE_SET # rubocop: disable Style/ClassAndModuleCamelCase
20
21
  def initialize(name)
21
22
  @name = name
22
23
 
@@ -37,17 +38,49 @@ module Inspec
37
38
  end
38
39
 
39
40
  def to_s
40
- "Attribute '#{@name}' does not have a value. Skipping test."
41
+ "Input '#{@name}' does not have a value. Skipping test."
42
+ end
43
+
44
+ def is_a?(klass)
45
+ if klass == Inspec::Attribute::DEFAULT_ATTRIBUTE
46
+ Inspec.deprecate(:rename_attributes_to_inputs, "Don't check for `is_a?(Inspec::Attribute::DEFAULT_ATTRIBUTE)`, check for `Inspec::Input::NO_VALUE_SET")
47
+ true # lie for backward compatibility
48
+ else
49
+ super(klass)
50
+ end
51
+ end
52
+
53
+ def kind_of?(klass)
54
+ if klass == Inspec::Attribute::DEFAULT_ATTRIBUTE
55
+ Inspec.deprecate(:rename_attributes_to_inputs, "Don't check for `kind_of?(Inspec::Attribute::DEFAULT_ATTRIBUTE)`, check for `Inspec::Input::NO_VALUE_SET")
56
+ true # lie for backward compatibility
57
+ else
58
+ super(klass)
59
+ end
41
60
  end
42
61
  end
62
+ end
63
+
64
+ class Input
65
+ attr_accessor :name
66
+
67
+ VALID_TYPES = %w{
68
+ String
69
+ Numeric
70
+ Regexp
71
+ Array
72
+ Hash
73
+ Boolean
74
+ Any
75
+ }.freeze
43
76
 
44
77
  def initialize(name, options = {})
45
78
  @name = name
46
79
  @opts = options
47
80
  if @opts.key?(:default)
48
- Inspec.deprecate(:attrs_value_replaces_default, "attribute name: '#{name}'")
81
+ Inspec.deprecate(:attrs_value_replaces_default, "input name: '#{name}'")
49
82
  if @opts.key?(:value)
50
- Inspec::Log.warn "Attribute #{@name} created using both :default and :value options - ignoring :default"
83
+ Inspec::Log.warn "Input #{@name} created using both :default and :value options - ignoring :default"
51
84
  @opts.delete(:default)
52
85
  else
53
86
  @opts[:value] = @opts.delete(:default)
@@ -104,7 +137,7 @@ module Inspec
104
137
  end
105
138
 
106
139
  def to_s
107
- "Attribute #{@name} with #{@value}"
140
+ "Input #{@name} with #{@value}"
108
141
  end
109
142
 
110
143
  private
@@ -115,9 +148,9 @@ module Inspec
115
148
 
116
149
  # value will be set already if a secrets file was passed in
117
150
  if (!@opts.key?(:default) && value.nil?) || (@opts[:default].nil? && value.nil?)
118
- error = Inspec::Attribute::RequiredError.new
119
- error.attribute_name = @name
120
- raise error, "Attribute '#{error.attribute_name}' is required and does not have a value."
151
+ error = Inspec::Input::RequiredError.new
152
+ error.input_name = @name
153
+ raise error, "Input '#{error.input_name}' is required and does not have a value."
121
154
  end
122
155
  end
123
156
 
@@ -129,9 +162,9 @@ module Inspec
129
162
  }
130
163
  type = abbreviations[type] if abbreviations.key?(type)
131
164
  if !VALID_TYPES.include?(type)
132
- error = Inspec::Attribute::TypeError.new
133
- error.attribute_type = type
134
- raise error, "Type '#{error.attribute_type}' is not a valid attribute type."
165
+ error = Inspec::Input::TypeError.new
166
+ error.input_type = type
167
+ raise error, "Type '#{error.input_type}' is not a valid input type."
135
168
  end
136
169
  type
137
170
  end
@@ -168,17 +201,17 @@ module Inspec
168
201
  end
169
202
 
170
203
  if invalid_type == true
171
- error = Inspec::Attribute::ValidationError.new
172
- error.attribute_name = @name
173
- error.attribute_value = value
174
- error.attribute_type = type
175
- raise error, "Attribute '#{error.attribute_name}' with value '#{error.attribute_value}' does not validate to type '#{error.attribute_type}'."
204
+ error = Inspec::Input::ValidationError.new
205
+ error.input_name = @name
206
+ error.input_value = value
207
+ error.input_type = type
208
+ raise error, "Input '#{error.input_name}' with value '#{error.input_value}' does not validate to type '#{error.input_type}'."
176
209
  end
177
210
  end
178
211
  # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
179
212
 
180
213
  def value_or_dummy
181
- @opts.key?(:value) ? @opts[:value] : DEFAULT_ATTRIBUTE.new(@name)
214
+ @opts.key?(:value) ? @opts[:value] : Inspec::Input::NO_VALUE_SET.new(@name)
182
215
  end
183
216
  end
184
217
  end
@@ -5,7 +5,7 @@
5
5
 
6
6
  require 'forwardable'
7
7
  require 'openssl'
8
- require 'inspec/attribute_registry'
8
+ require 'inspec/input_registry'
9
9
  require 'inspec/polyfill'
10
10
  require 'inspec/cached_fetcher'
11
11
  require 'inspec/file_provider'
@@ -97,7 +97,7 @@ module Inspec
97
97
  @profile_id = options[:id]
98
98
  @profile_name = options[:profile_name]
99
99
  @cache = options[:vendor_cache] || Cache.new
100
- @attr_values = options[:attributes]
100
+ @input_values = options[:inputs]
101
101
  @tests_collected = false
102
102
  @libraries_loaded = false
103
103
  @check_mode = options[:check_mode] || false
@@ -120,22 +120,22 @@ module Inspec
120
120
 
121
121
  @runner_context =
122
122
  options[:profile_context] ||
123
- Inspec::ProfileContext.for_profile(self, @backend, @attr_values)
123
+ Inspec::ProfileContext.for_profile(self, @backend, @input_values)
124
124
 
125
125
  @supports_platform = metadata.supports_platform?(@backend)
126
126
  @supports_runtime = metadata.supports_runtime?
127
- register_metadata_attributes
127
+ register_metadata_inputs
128
128
  end
129
129
 
130
- def register_metadata_attributes
130
+ def register_metadata_inputs # TODO: deprecate
131
131
  if metadata.params.key?(:attributes) && metadata.params[:attributes].is_a?(Array)
132
132
  metadata.params[:attributes].each do |attribute|
133
133
  attr_dup = attribute.dup
134
134
  name = attr_dup.delete(:name)
135
- @runner_context.register_attribute(name, attr_dup)
135
+ @runner_context.register_input(name, attr_dup)
136
136
  end
137
137
  elsif metadata.params.key?(:attributes)
138
- Inspec::Log.warn 'Attributes must be defined as an Array. Skipping current definition.'
138
+ Inspec::Log.warn 'Inputs must be defined as an Array. Skipping current definition.'
139
139
  end
140
140
  end
141
141
 
@@ -297,12 +297,12 @@ module Inspec
297
297
  group
298
298
  end
299
299
 
300
- # add information about the required attributes
301
- if res[:attributes].nil? || res[:attributes].empty?
302
- # convert to array for backwords compatability
303
- res[:attributes] = []
300
+ # add information about the required inputs
301
+ if res[:inputs].nil? || res[:inputs].empty?
302
+ # convert to array for backwards compatability
303
+ res[:inputs] = []
304
304
  else
305
- res[:attributes] = res[:attributes].values.map(&:to_hash)
305
+ res[:inputs] = res[:inputs].values.map(&:to_hash)
306
306
  end
307
307
  res[:sha256] = sha256
308
308
  res[:parent_profile] = parent_profile unless parent_profile.nil?
@@ -530,7 +530,7 @@ module Inspec
530
530
  backend: @backend,
531
531
  parent_profile: name,
532
532
  }
533
- Inspec::DependencySet.from_lockfile(lockfile, config, { attributes: @attr_values })
533
+ Inspec::DependencySet.from_lockfile(lockfile, config, { inputs: @input_values })
534
534
  end
535
535
 
536
536
  # Calculate this profile's SHA256 checksum. Includes metadata, dependencies,
@@ -595,7 +595,7 @@ module Inspec
595
595
  f = load_rule_filepath(prefix, rule)
596
596
  load_rule(rule, f, controls, groups)
597
597
  end
598
- params[:attributes] = @runner_context.attributes
598
+ params[:inputs] = @runner_context.inputs
599
599
  params
600
600
  end
601
601
 
@@ -8,17 +8,17 @@ require 'inspec/library_eval_context'
8
8
  require 'inspec/control_eval_context'
9
9
  require 'inspec/require_loader'
10
10
  require 'securerandom'
11
- require 'inspec/objects/attribute'
11
+ require 'inspec/objects/input'
12
12
 
13
13
  module Inspec
14
14
  class ProfileContext
15
- def self.for_profile(profile, backend, attributes)
15
+ def self.for_profile(profile, backend, inputs)
16
16
  new(profile.name, backend, { 'profile' => profile,
17
- 'attributes' => attributes,
17
+ 'inputs' => inputs,
18
18
  'check_mode' => profile.check_mode })
19
19
  end
20
20
 
21
- attr_reader :attributes, :backend, :profile_name, :profile_id, :resource_registry
21
+ attr_reader :inputs, :backend, :profile_name, :profile_id, :resource_registry
22
22
  attr_accessor :rules
23
23
  def initialize(profile_id, backend, conf)
24
24
  if backend.nil?
@@ -34,8 +34,8 @@ module Inspec
34
34
  @control_subcontexts = []
35
35
  @lib_subcontexts = []
36
36
  @require_loader = ::Inspec::RequireLoader.new
37
- Inspec::AttributeRegistry.register_profile_alias(@profile_id, @profile_name) if @profile_id != @profile_name
38
- @attributes = Inspec::AttributeRegistry.list_attributes_for_profile(@profile_id)
37
+ Inspec::InputRegistry.register_profile_alias(@profile_id, @profile_name) if @profile_id != @profile_name
38
+ @inputs = Inspec::InputRegistry.list_inputs_for_profile(@profile_id)
39
39
  # A local resource registry that only contains resources defined
40
40
  # in the transitive dependency tree of the loaded profile.
41
41
  @resource_registry = Inspec::Resource.new_registry
@@ -187,11 +187,11 @@ module Inspec
187
187
  end
188
188
  end
189
189
 
190
- def register_attribute(name, options = {})
191
- # we need to return an attribute object, to allow dermination of default values
192
- attribute = Inspec::AttributeRegistry.register_attribute(name, @profile_id, options)
193
- attribute.value = @conf['attributes'][name] unless @conf['attributes'].nil? || @conf['attributes'][name].nil?
194
- attribute.value
190
+ def register_input(name, options = {})
191
+ # we need to return an input object, to allow dermination of values
192
+ input = Inspec::InputRegistry.register_input(name, @profile_id, options)
193
+ input.value = @conf['inputs'][name] unless @conf['inputs'].nil? || @conf['inputs'][name].nil?
194
+ input.value
195
195
  end
196
196
 
197
197
  def set_header(field, val)
@@ -107,7 +107,7 @@ module Inspec::Reporters
107
107
  copyright: p[:copyright],
108
108
  copyright_email: p[:copyright_email],
109
109
  supports: p[:supports],
110
- attributes: p[:attributes],
110
+ attributes: (p[:inputs] ? p[:inputs] : p[:attributes]), # TODO: rename exposed field to inputs, see #3802
111
111
  parent_profile: p[:parent_profile],
112
112
  depends: p[:depends],
113
113
  groups: profile_groups(p),
@@ -1,4 +1,4 @@
1
- require 'inspec/attribute_registry'
1
+ require 'inspec/input_registry'
2
2
  require 'inspec/plugin/v2'
3
3
  require 'rspec/core/example_group'
4
4
 
@@ -64,9 +64,9 @@ module Inspec
64
64
  end
65
65
 
66
66
  class RSpec::Core::ExampleGroup
67
- # This DSL method allows us to access the values of attributes within InSpec tests
67
+ # This DSL method allows us to access the values of inputs within InSpec tests
68
68
  def attribute(name)
69
- Inspec::AttributeRegistry.find_attribute(name, self.class.metadata[:profile_id]).value
69
+ Inspec::InputRegistry.find_input(name, self.class.metadata[:profile_id]).value
70
70
  end
71
71
  define_example_method :attribute
72
72
 
data/lib/inspec/runner.rb CHANGED
@@ -32,7 +32,13 @@ module Inspec
32
32
  class Runner
33
33
  extend Forwardable
34
34
 
35
- attr_reader :backend, :rules, :attributes
35
+ attr_reader :backend, :rules, :inputs
36
+
37
+ def attributes
38
+ Inspec.deprecate(:rename_attributes_to_inputs, "Don't call runner.attributes, call runner.inputs")
39
+ inputs
40
+ end
41
+
36
42
  def initialize(conf = {})
37
43
  @rules = []
38
44
  # If we were handed a Hash config (by audit cookbook or kitchen-inspec),
@@ -51,10 +57,10 @@ module Inspec
51
57
  RunnerRspec.new(@conf)
52
58
  end
53
59
 
54
- # list of profile attributes
55
- @attributes = {}
60
+ # list of profile inputs
61
+ @inputs = {}
56
62
 
57
- load_attributes(@conf)
63
+ load_inputs(@conf)
58
64
  configure_transport
59
65
  end
60
66
 
@@ -95,7 +101,7 @@ module Inspec
95
101
  @test_collector.add_profile(requirement.profile)
96
102
  end
97
103
 
98
- @attributes = profile.runner_context.attributes if @attributes.empty?
104
+ @inputs = profile.runner_context.inputs if @inputs.empty?
99
105
  tests = profile.collect_tests
100
106
  all_controls += tests unless tests.nil?
101
107
  end
@@ -143,25 +149,26 @@ module Inspec
143
149
  @test_collector.exit_code
144
150
  end
145
151
 
146
- # determine all attributes before the execution, fetch data from secrets backend
147
- def load_attributes(options)
152
+ # determine all inputs before the execution, fetch data from secrets backend
153
+ def load_inputs(options)
154
+ # TODO: - rename :attributes and :attrs - these are both user-visible
148
155
  options[:attributes] ||= {}
149
156
 
150
157
  secrets_targets = options[:attrs]
151
158
  return options[:attributes] if secrets_targets.nil?
152
159
 
153
160
  secrets_targets.each do |target|
154
- validate_attributes_file_readability!(target)
161
+ validate_inputs_file_readability!(target)
155
162
 
156
163
  secrets = Inspec::SecretsBackend.resolve(target)
157
164
  if secrets.nil?
158
165
  raise Inspec::Exceptions::SecretsBackendNotFound,
159
- "Cannot find parser for attributes file '#{target}'. " \
166
+ "Cannot find parser for inputs file '#{target}'. " \
160
167
  'Check to make sure file has the appropriate extension.'
161
168
  end
162
169
 
163
- next if secrets.attributes.nil?
164
- options[:attributes].merge!(secrets.attributes)
170
+ next if secrets.inputs.nil?
171
+ options[:attributes].merge!(secrets.inputs)
165
172
  end
166
173
 
167
174
  options[:attributes]
@@ -173,7 +180,7 @@ module Inspec
173
180
  #
174
181
  # A target is a path or URL that points to a profile. Using this
175
182
  # target we generate a Profile and a ProfileContext. The content
176
- # (libraries, tests, and attributes) from the Profile are loaded
183
+ # (libraries, tests, and inputs) from the Profile are loaded
177
184
  # into the ProfileContext.
178
185
  #
179
186
  # If the profile depends on other profiles, those profiles will be
@@ -198,7 +205,7 @@ module Inspec
198
205
  vendor_cache: @cache,
199
206
  backend: @backend,
200
207
  controls: @controls,
201
- attributes: @conf[:attributes])
208
+ inputs: @conf[:attributes]) # TODO: read form :inputs here (user visible)
202
209
  raise "Could not resolve #{target} to valid input." if profile.nil?
203
210
  @target_profiles << profile if supports_profile?(profile)
204
211
  end
@@ -289,16 +296,16 @@ module Inspec
289
296
  examples.each { |e| @test_collector.add_test(e, rule) }
290
297
  end
291
298
 
292
- def validate_attributes_file_readability!(target)
299
+ def validate_inputs_file_readability!(target)
293
300
  unless File.exist?(target)
294
- raise Inspec::Exceptions::AttributesFileDoesNotExist,
295
- "Cannot find attributes file '#{target}'. " \
301
+ raise Inspec::Exceptions::InputsFileDoesNotExist,
302
+ "Cannot find input file '#{target}'. " \
296
303
  'Check to make sure file exists.'
297
304
  end
298
305
 
299
306
  unless File.readable?(target)
300
- raise Inspec::Exceptions::AttributesFileNotReadable,
301
- "Cannot read attributes file '#{target}'. " \
307
+ raise Inspec::Exceptions::InputsFileNotReadable,
308
+ "Cannot read input file '#{target}'. " \
302
309
  'Check to make sure file is readable.'
303
310
  end
304
311
 
data/lib/inspec/schema.rb CHANGED
@@ -153,7 +153,7 @@ module Inspec
153
153
  'type' => 'array',
154
154
  'items' => CONTROL_GROUP,
155
155
  },
156
- 'attributes' => {
156
+ 'attributes' => { # TODO: rename to inputs, refs #3802
157
157
  'type' => 'array',
158
158
  # TODO: more detailed specification needed
159
159
  },
@@ -6,7 +6,7 @@ module Secrets
6
6
  class YAML < Inspec.secrets(1)
7
7
  name 'yaml'
8
8
 
9
- attr_reader :attributes
9
+ attr_reader :inputs
10
10
 
11
11
  def self.resolve(target)
12
12
  unless target.is_a?(String) && File.file?(target) && ['.yml', '.yaml'].include?(File.extname(target).downcase)
@@ -17,14 +17,14 @@ module Secrets
17
17
 
18
18
  # array of yaml file paths
19
19
  def initialize(target)
20
- @attributes = ::YAML.load_file(target)
20
+ @inputs = ::YAML.load_file(target)
21
21
 
22
- if @attributes == false || !@attributes.is_a?(Hash)
22
+ if @inputs == false || !@inputs.is_a?(Hash)
23
23
  Inspec::Log.warn("#{self.class} unable to parse #{target}: invalid YAML or contents is not a Hash")
24
- @attributes = nil
24
+ @inputs = nil
25
25
  end
26
26
  rescue => e
27
- raise "Error reading InSpec attributes: #{e}"
27
+ raise "Error reading InSpec inputs: #{e}"
28
28
  end
29
29
  end
30
30
  end
@@ -4,5 +4,5 @@
4
4
  # author: Christoph Hartmann
5
5
 
6
6
  module Inspec
7
- VERSION = '3.6.6'
7
+ VERSION = '3.7.1'
8
8
  end
@@ -141,7 +141,7 @@ module InspecPlugins
141
141
  configure_logger(o)
142
142
 
143
143
  # only run against the mock backend, otherwise we run against the local system
144
- o[:backend] = Inspec::Backend.create(target: 'mock://')
144
+ o[:backend] = Inspec::Backend.create(Inspec::Config.mock)
145
145
  o[:check_mode] = true
146
146
  o[:vendor_cache] = Inspec::Cache.new(o[:vendor_cache])
147
147
 
@@ -62,15 +62,27 @@ class InitCli < MiniTest::Test
62
62
  end
63
63
  end
64
64
 
65
+ def test_generating_inspec_profile_aws
66
+ Dir.mktmpdir do |dir|
67
+ profile = File.join(dir, 'test-aws-profile')
68
+ out = run_inspec_process("init profile --platform aws test-aws-profile", prefix: "cd #{dir} &&")
69
+ assert_equal 0, out.exit_status
70
+ assert_includes out.stdout, 'Creating new profile at'
71
+ assert_includes out.stdout, profile
72
+ assert_includes Dir.entries(profile).join, 'inspec.yml'
73
+ assert_includes Dir.entries(profile).join, 'README.md'
74
+ end
75
+ end
76
+
65
77
  def test_generating_inspec_profile_os
66
78
  Dir.mktmpdir do |dir|
67
- profile = File.join(dir,'test-os-profile')
79
+ profile = File.join(dir, 'test-os-profile')
68
80
  out = run_inspec_process("init profile --platform os test-os-profile", prefix: "cd #{dir} &&")
69
81
  assert_equal 0, out.exit_status
70
82
  assert_includes out.stdout, 'Creating new profile at'
71
83
  assert_includes out.stdout, profile
72
84
  assert_includes Dir.entries(profile).join, 'inspec.yml'
73
85
  assert_includes Dir.entries(profile).join, 'README.md'
74
- end
86
+ end
75
87
  end
76
88
  end
@@ -1,5 +1,6 @@
1
1
  module AwsResourceMixin
2
2
  def initialize(resource_params = {})
3
+ Inspec.deprecate(:aws_resources_in_resource_pack, "Resource '#{@__resource_name__}'")
3
4
  validate_params(resource_params).each do |param, value|
4
5
  instance_variable_set(:"@#{param}", value)
5
6
  end
@@ -9,6 +9,28 @@ module Inspec::Resources
9
9
 
10
10
  attr_reader :service, :data_dir, :conf_dir, :conf_path, :version, :cluster
11
11
  def initialize
12
+ # determine dirs and service based on versions
13
+ determine_dirs
14
+ determine_service
15
+
16
+ # print warnings if the dirs do not exist
17
+ verify_dirs
18
+
19
+ if !@version.nil? && !@conf_dir.empty?
20
+ @conf_path = File.join @conf_dir, 'postgresql.conf'
21
+ else
22
+ @conf_path = nil
23
+ return skip_resource 'Seems like PostgreSQL is not installed on your system'
24
+ end
25
+ end
26
+
27
+ def to_s
28
+ 'PostgreSQL'
29
+ end
30
+
31
+ private
32
+
33
+ def determine_dirs
12
34
  if inspec.os.debian?
13
35
  #
14
36
  # https://wiki.debian.org/PostgreSql
@@ -33,26 +55,18 @@ module Inspec::Resources
33
55
  end
34
56
  @data_dir = locate_data_dir_location_by_version(@version)
35
57
  end
36
-
37
- @service = 'postgresql'
38
- @service += "-#{@version}" if @version.to_f >= 9.4
39
58
  @conf_dir ||= @data_dir
40
-
41
- verify_dirs
42
- if !@version.nil? && !@conf_dir.empty?
43
- @conf_path = File.join @conf_dir, 'postgresql.conf'
44
- else
45
- @conf_path = nil
46
- return skip_resource 'Seems like PostgreSQL is not installed on your system'
47
- end
48
59
  end
49
60
 
50
- def to_s
51
- 'PostgreSQL'
61
+ def determine_service
62
+ @service = 'postgresql'
63
+ if @version.to_i >= 10
64
+ @service += "-#{@version.to_i}"
65
+ elsif @version.to_f >= 9.4
66
+ @service += "-#{@version}"
67
+ end
52
68
  end
53
69
 
54
- private
55
-
56
70
  def verify_dirs
57
71
  warn "Default postgresql configuration directory: #{@conf_dir} does not exist. " \
58
72
  "Postgresql may not be installed or we've misidentified the configuration " \
@@ -71,6 +85,8 @@ module Inspec::Resources
71
85
  def locate_data_dir_location_by_version(ver = @version)
72
86
  dir_list = [
73
87
  "/var/lib/pgsql/#{ver}/data",
88
+ # for 10, the versions are just stored in `10` although their version `10.7`
89
+ "/var/lib/pgsql/#{ver.to_i}/data",
74
90
  '/var/lib/pgsql/data',
75
91
  '/var/lib/postgres/data',
76
92
  '/var/lib/postgresql/data',
@@ -1,15 +1,15 @@
1
1
  module PkeyReader
2
2
  def read_pkey(filecontent, passphrase)
3
- raise_if_default(passphrase)
3
+ raise_if_unset(passphrase)
4
4
 
5
5
  OpenSSL::PKey.read(filecontent, passphrase)
6
6
  rescue OpenSSL::PKey::PKeyError
7
7
  raise Inspec::Exceptions::ResourceFailed, 'passphrase error'
8
8
  end
9
9
 
10
- def raise_if_default(passphrase)
11
- if passphrase.is_a? Inspec::Attribute::DEFAULT_ATTRIBUTE
12
- raise Inspec::Exceptions::ResourceFailed, 'Please provide default value for attribute'
10
+ def raise_if_unset(passphrase)
11
+ if passphrase.is_a? Inspec::Input::NO_VALUE_SET
12
+ raise Inspec::Exceptions::ResourceFailed, 'Please provide a value for input for openssl key passphrase'
13
13
  end
14
14
  end
15
15
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.6.6
4
+ version: 3.7.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dominik Richter
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-02-12 00:00:00.000000000 Z
11
+ date: 2019-03-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: train
@@ -386,7 +386,6 @@ files:
386
386
  - lib/inspec.rb
387
387
  - lib/inspec/archive/tar.rb
388
388
  - lib/inspec/archive/zip.rb
389
- - lib/inspec/attribute_registry.rb
390
389
  - lib/inspec/backend.rb
391
390
  - lib/inspec/base_cli.rb
392
391
  - lib/inspec/cached_fetcher.rb
@@ -416,15 +415,16 @@ files:
416
415
  - lib/inspec/formatters/show_progress.rb
417
416
  - lib/inspec/globals.rb
418
417
  - lib/inspec/impact.rb
418
+ - lib/inspec/input_registry.rb
419
419
  - lib/inspec/library_eval_context.rb
420
420
  - lib/inspec/log.rb
421
421
  - lib/inspec/metadata.rb
422
422
  - lib/inspec/method_source.rb
423
423
  - lib/inspec/objects.rb
424
- - lib/inspec/objects/attribute.rb
425
424
  - lib/inspec/objects/control.rb
426
425
  - lib/inspec/objects/describe.rb
427
426
  - lib/inspec/objects/each_loop.rb
427
+ - lib/inspec/objects/input.rb
428
428
  - lib/inspec/objects/list.rb
429
429
  - lib/inspec/objects/or_test.rb
430
430
  - lib/inspec/objects/ruby_helper.rb
@@ -511,11 +511,6 @@ files:
511
511
  - lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb
512
512
  - lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb
513
513
  - lib/plugins/inspec-init/lib/inspec-init/renderer.rb
514
- - lib/plugins/inspec-init/lib/inspec-init/templates/profiles/aws/README.md
515
- - lib/plugins/inspec-init/lib/inspec-init/templates/profiles/aws/attributes.yml
516
- - lib/plugins/inspec-init/lib/inspec-init/templates/profiles/aws/controls/example.rb
517
- - lib/plugins/inspec-init/lib/inspec-init/templates/profiles/aws/inspec.yml
518
- - lib/plugins/inspec-init/lib/inspec-init/templates/profiles/aws/libraries/.gitkeep
519
514
  - lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile
520
515
  - lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/LICENSE
521
516
  - lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/README.md
@@ -532,6 +527,11 @@ files:
532
527
  - lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/README.md
533
528
  - lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/cli_args_test.rb
534
529
  - lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/plugin_def_test.rb
530
+ - lib/plugins/inspec-init/templates/profiles/aws/README.md
531
+ - lib/plugins/inspec-init/templates/profiles/aws/attributes.yml
532
+ - lib/plugins/inspec-init/templates/profiles/aws/controls/example.rb
533
+ - lib/plugins/inspec-init/templates/profiles/aws/inspec.yml
534
+ - lib/plugins/inspec-init/templates/profiles/aws/libraries/.gitkeep
535
535
  - lib/plugins/inspec-init/templates/profiles/gcp/README.md
536
536
  - lib/plugins/inspec-init/templates/profiles/gcp/attributes.yml
537
537
  - lib/plugins/inspec-init/templates/profiles/gcp/controls/example.rb