inspec 4.7.24 → 4.10.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 17d4755a71b5ff3f54c357d4f1af43aa021f9bf451352b26796532b82eff8171
-  data.tar.gz: b6adb4d407d16e0c458247f6f66df68d34defee4d237b68e491733c16be6172a
+  metadata.gz: 2be41b8620f4c1d6121a602f39c068ad59168ad95f2d15d0cd470ebba2ce249f
+  data.tar.gz: 883c88f79780d101b26925c1a67c14b8ba36f18b2514e5974bd947ce7192cf39
 SHA512:
-  metadata.gz: 2ff8d76a9eba7a9d4fb62ccd28e3832b86f2d9c0e462e2c5725010182785a9308f0f5a157011008145578742189a3820d9912ddac3e34e3f7be7495e5ee71e4b
-  data.tar.gz: 121d494b210eecbb5cc8a82484efb017b8f6f16317172a916b4f62a2519b3a3ce8253e50d1cd15063230f1f9a081da3f06811db2c11ef5c3bfc4f69c1c23e8d7
+  metadata.gz: 61e4f19e37a19cc4492d890798a323f3f8c9127dc64e4e0469a92f7182b07dd1134d84ce87ba80d60940f40656378f215ee8a332fc1abf965585183e48b9c680
+  data.tar.gz: 298f688326827ee7871d3379ff016be74e2ce710bddebd7eccba4866292519443d0f95f8e36bcb8dc5ec65f336d70d8752c7e5f9bf5ddf7490946f8733542897

data/README.md

@@ -7,8 +7,7 @@
 For more information on project states and SLAs, see [this documentation](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md).
 
 [![Slack](https://community-slack.chef.io/badge.svg)](https://community-slack.chef.io/)
-[![Build Status Master](https://travis-ci.org/inspec/inspec.svg?branch=master)](https://travis-ci.org/inspec/inspec)
-[![Build Status Master](https://ci.appveyor.com/api/projects/status/github/inspec/inspec?branch=master&svg=true&passingText=master%20-%20Ok&pendingText=master%20-%20Pending&failingText=master%20-%20Failing)](https://ci.appveyor.com/project/Chef/inspec/branch/master)
+[![Build status](https://badge.buildkite.com/bf4c5fdc3858cc9f8c8bab8376e8e40d625ad046df9d4d8619.svg?branch=master)](https://buildkite.com/chef-oss/inspec-inspec-master-verify)
 [![Coverage Status](https://coveralls.io/repos/github/inspec/inspec/badge.svg?branch=master)](https://coveralls.io/github/inspec/inspec?branch=master)
 
 Chef InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.

data/lib/fetchers/git.rb

@@ -39,28 +39,65 @@ module Fetchers
       @branch = opts[:branch]
       @tag = opts[:tag]
       @ref = opts[:ref]
-      @remote_url = remote_url
+      @remote_url = expand_local_path(remote_url)
       @repo_directory = nil
+      @relative_path = opts[:relative_path] if opts[:relative_path] && !opts[:relative_path].empty?
     end
 
-    def fetch(dir)
-      @repo_directory = dir
-      FileUtils.mkdir_p(dir) unless Dir.exist?(dir)
+    def expand_local_path(url_or_file_path)
+      # This paths to local on-disk repos, not relative paths within repos.
+      # This is especially needed with testing.
+
+      # We could try to do something clever with URI
+      # processing, but then again, if you passed a relative path
+      # to an on-disk repo, you probably expect it to exist.
+      return url_or_file_path unless File.exist?(url_or_file_path)
+      # It's important to expand this path, because it may be specified
+      # locally in the metadata files, and when we clone, we will be
+      # in a temp dir.
+      File.expand_path(url_or_file_path)
+    end
+
+    def fetch(destination_path)
+      @repo_directory = destination_path # Might be the cache, or vendoring, or something else
+      FileUtils.mkdir_p(destination_path) unless Dir.exist?(destination_path)
 
       if cloned?
         checkout
       else
-        Dir.mktmpdir do |tmpdir|
-          checkout(tmpdir)
-          Inspec::Log.debug("Checkout of #{resolved_ref} successful. Moving checkout to #{dir}")
-          FileUtils.cp_r(tmpdir + "/.", @repo_directory)
+        Dir.mktmpdir do |working_dir|
+          checkout(working_dir)
+          if @relative_path
+            perform_relative_path_fetch(destination_path, working_dir)
+          else
+            Inspec::Log.debug("Checkout of #{resolved_ref} successful. " \
+                              "Moving checkout to #{destination_path}")
+            FileUtils.cp_r(working_dir + "/.", destination_path)
+          end
         end
       end
       @repo_directory
     end
 
+    def perform_relative_path_fetch(destination_path, working_dir)
+      Inspec::Log.debug("Checkout of #{resolved_ref} successful. " \
+                        "Moving #{@relative_path} to #{destination_path}")
+      unless File.exist?("#{working_dir}/#{@relative_path}")
+        # Cleanup the destination path - otherwise we'll have an empty dir
+        # in the cache, which is enough to confuse the cache reader
+        # This is a courtesy, assuming we're writing to the cache; if we're
+        # vendoring to something more complex, don't bother.
+        FileUtils.rmdir(destination_path) if Dir.empty?(destination_path)
+
+        raise ArgumentError, "Cannot find relative path '#{@relative_path}' " \
+                             "within profile in git repo specified by '#{@remote_url}'"
+      end
+      FileUtils.cp_r("#{working_dir}/#{@relative_path}", destination_path)
+    end
+
     def cache_key
-      resolved_ref
+      return resolved_ref unless @relative_path
+      OpenSSL::Digest::SHA256.hexdigest(resolved_ref + @relative_path)
     end
 
     def archive_path
@@ -68,7 +105,9 @@ module Fetchers
     end
 
     def resolved_source
-      { git: @remote_url, ref: resolved_ref }
+      source = { git: @remote_url, ref: resolved_ref }
+      source[:relative_path] = @relative_path if @relative_path
+      source
     end
 
     private

data/lib/inspec/cli.rb

@@ -123,36 +123,32 @@ class Inspec::InspecCLI < Inspec::BaseCLI
       puts JSON.generate(result)
     else
       %w{location profile controls timestamp valid}.each do |item|
-        puts format("%-12s %s", item.to_s.capitalize + ":",
-          mark_text(result[:summary][item.to_sym]))
+        prepared_string = format("%-12s %s",
+                                 "#{item.to_s.capitalize} :",
+                                 result[:summary][item.to_sym])
+        ui.plain_line(prepared_string)
       end
       puts
 
       if result[:errors].empty? && result[:warnings].empty?
-        puts "No errors or warnings"
+        ui.plain_line("No errors or warnings")
       else
-        red    = "\033[31m"
-        yellow = "\033[33m"
-        rst    = "\033[0m"
-
         item_msg = lambda { |item|
           pos = [item[:file], item[:line], item[:column]].compact.join(":")
           pos.empty? ? item[:msg] : pos + ": " + item[:msg]
         }
-        result[:errors].each do |item|
-          puts "#{red}  ✖  #{item_msg.call(item)}#{rst}"
-        end
-        result[:warnings].each do |item|
-          puts "#{yellow}  !  #{item_msg.call(item)}#{rst}"
-        end
+
+        result[:errors].each { |item| ui.red " #{Inspec::UI::GLYPHS[:script_x]}  #{item_msg.call(item)}\n" }
+        result[:warnings].each { |item| ui.yellow " !  #{item_msg.call(item)}\n" }
 
         puts
-        puts format("Summary:     %s%d errors%s, %s%d warnings%s",
-          red, result[:errors].length, rst,
-          yellow, result[:warnings].length, rst)
+
+        errors = ui.red("#{result[:errors].length} errors", print: false)
+        warnings = ui.yellow("#{result[:warnings].length} warnings", print: false)
+        ui.plain_line("Summary:     #{errors}, #{warnings}")
       end
     end
-    exit 1 unless result[:summary][:valid]
+    ui.exit Inspec::UI::EXIT_USAGE_ERROR unless result[:summary][:valid]
   rescue StandardError => e
     pretty_handle_exception(e)
   end
@@ -203,11 +199,11 @@ class Inspec::InspecCLI < Inspec::BaseCLI
 
     if result && !o[:ignore_errors] == false
       o[:logger].info "Profile check failed. Please fix the profile before generating an archive."
-      return exit 1
+      return ui.exit Inspec::UI::EXIT_USAGE_ERROR
     end
 
     # generate archive
-    exit 1 unless profile.archive(o)
+    ui.exit Inspec::UI::EXIT_USAGE_ERROR unless profile.archive(o)
   rescue StandardError => e
     pretty_handle_exception(e)
   end
@@ -294,10 +290,10 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     runner = Inspec::Runner.new(o)
     targets.each { |target| runner.add_target(target) }
 
-    exit runner.run
+    ui.exit runner.run
   rescue ArgumentError, RuntimeError, Train::UserError => e
     $stderr.puts e.message
-    exit 1
+    ui.exit Inspec::UI::EXIT_USAGE_ERROR
   rescue StandardError => e
     pretty_handle_exception(e)
   end
@@ -312,12 +308,12 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     if o["format"] == "json"
       puts res.to_json
     else
-      headline("Platform Details")
-      puts Inspec::BaseCLI.format_platform_info(params: res, indent: 0, color: 36)
+      ui.headline("Platform Details")
+      ui.plain Inspec::BaseCLI.format_platform_info(params: res, indent: 0, color: 36)
     end
   rescue ArgumentError, RuntimeError, Train::UserError => e
     $stderr.puts e.message
-    exit 1
+    ui.exit Inspec::UI::EXIT_USAGE_ERROR
   rescue StandardError => e
     pretty_handle_exception(e)
   end
@@ -348,12 +344,12 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     end
 
     run_type, res = run_command(o)
-    exit res unless run_type == :ruby_eval
+    ui.exit res unless run_type == :ruby_eval
 
     # No InSpec tests - just print evaluation output.
     res = (res.respond_to?(:to_json) ? res.to_json : JSON.dump(res)) if o["reporter"]&.keys&.include?("json")
     puts res
-    exit 0
+    ui.exit Inspec::UI::EXIT_NORMAL
   rescue RuntimeError, Train::UserError => e
     $stderr.puts e.message
   rescue StandardError => e
@@ -385,14 +381,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
       v = { version: Inspec::VERSION }
       puts v.to_json
     else
-      require "inspec/utils/latest_version"
       puts Inspec::VERSION
-      # display outdated version
-      # TODO: remove this. Don't notify of update to a gem when they install omnibus
-      latest = LatestInSpecVersion.new.latest || Inspec::VERSION
-      if Gem::Version.new(Inspec::VERSION) < Gem::Version.new(latest)
-        puts "\nYour version of #{Inspec::Dist::PRODUCT_NAME} is out of date! The latest version is #{latest}."
-      end
     end
   end
   map %w{-v --version} => :version
@@ -470,5 +459,5 @@ rescue Inspec::Plugin::V2::Exception => v2ex
   else
     Inspec::Log.error "Run again with --debug for a stacktrace."
   end
-  exit 2
+  ui.exit Inspec::UI::EXIT_PLUGIN_ERROR
 end

data/lib/inspec/resources/windows_task.rb

@@ -88,6 +88,11 @@ module Inspec::Resources
         return nil
       end
 
+      # If multiple triggers are defined, `schtasks` returns a list.
+      # This merges that list with the latest item taking precedence.
+      # This is the same behavior as `Get-ScheduledTask`.
+      params = params.reduce(:merge) if params.is_a?(Array)
+
       @cache = {
         uri: params["URI"],
         state: params["State"],

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "4.7.24".freeze
+  VERSION = "4.10.4".freeze
 end

data/lib/plugins/inspec-artifact/test/functional/inspec_artifact_test.rb

@@ -5,19 +5,17 @@ require "securerandom"
 class ArtifactCli < Minitest::Test
   include CorePluginFunctionalHelper
 
-  before do
-    skip_windows!
-  end
-
   def test_generating_archive_keys
     Dir.mktmpdir do |dir|
       unique_key_name = SecureRandom.uuid
       out = run_inspec_process("artifact generate --keyname #{unique_key_name}", prefix: "cd #{dir} &&")
-      assert_equal 0, out.exit_status
 
       stdout = out.stdout.force_encoding(Encoding::UTF_8)
+      skip_windows!
       assert_includes stdout, "Generating private key"
       assert_includes stdout, "Generating public key"
+
+      assert_exit_code 0, out
     end
   end
 
@@ -32,13 +30,14 @@ class ArtifactCli < Minitest::Test
       run_inspec_process("init profile artifact-profile", prefix: "cd #{dir} &&")
 
       out = run_inspec_process("artifact generate --keyname #{unique_key_name}", prefix: "cd #{dir} &&")
-      assert_equal 0, out.exit_status
+      skip_windows!
+      assert_exit_code 0, out
 
       out = run_inspec_process("artifact sign-profile --profile #{profile} --keyname #{unique_key_name}", prefix: "cd #{dir} &&")
-      assert_equal 0, out.exit_status
+      assert_exit_code 0, out
 
       out = run_inspec_process("artifact install-profile --infile artifact-profile-0.1.0.iaf --destdir #{install_dir}", prefix: "cd #{dir} &&")
-      assert_equal 0, out.exit_status
+      assert_exit_code 0, out
 
       assert_includes out.stdout.force_encoding(Encoding::UTF_8), "Installing to #{install_dir}"
       assert_includes Dir.entries(install_dir).join, "inspec.yml"

data/lib/plugins/inspec-compliance/test/functional/inspec_compliance_test.rb

@@ -5,37 +5,49 @@ class ComplianceCli < Minitest::Test
 
   def test_help_output
     out = run_inspec_process("compliance help")
-    assert_equal out.exit_status, 0
+
     assert_includes out.stdout, "inspec compliance exec PROFILE"
+
+    assert_exit_code 0, out
   end
 
   def test_logout_command
     out = run_inspec_process("compliance logout")
-    assert_equal out.exit_status, 0
+
     assert_includes out.stdout, ""
+
+    assert_exit_code 0, out
   end
 
   def test_error_login_with_invalid_url
     out = run_inspec_process("compliance login")
-    assert_equal out.exit_status, 1
+
     assert_includes out.stderr, 'ERROR: "inspec compliance login" was called with no arguments'
+
+    assert_exit_code 1, out
   end
 
   def test_profile_list_without_auth
     out = run_inspec_process("compliance profiles")
-    assert_equal out.exit_status, 0 # TODO: make this error
+
     assert_includes out.stdout, "You need to login first with `inspec compliance login`"
+
+    assert_exit_code 0, out # TODO: make this error
   end
 
   def test_error_upload_without_args
     out = run_inspec_process("compliance upload")
-    assert_equal out.exit_status, 1
+
     assert_includes out.stderr, 'ERROR: "inspec compliance upload" was called with no arguments'
+
+    assert_exit_code 1, out
   end
 
   def test_error_upload_with_fake_path
     out = run_inspec_process("compliance upload /path/to/dir")
-    assert_equal out.exit_status, 0 # TODO: make this error
+
     assert_includes out.stdout, "You need to login first with `inspec compliance login`"
+
+    assert_exit_code 0, out # TODO: make this error
   end
 end

data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb

@@ -64,18 +64,6 @@ module InspecPlugins
           habitat_origin: read_habitat_config["origin"],
         }
         create_file_from_template(plan_file, "plan.sh.erb", vars)
-
-        run_hook_file = File.join(path, "habitat", "hooks", "run")
-        logger.info("Generating a Habitat run hook at #{run_hook_file}...")
-        create_file_from_template(run_hook_file, "hooks/run.erb")
-
-        default_toml = File.join(path, "habitat", "default.toml")
-        logger.info("Generating a Habitat default.toml at #{default_toml}...")
-        create_file_from_template(default_toml, "default.toml.erb")
-
-        config = File.join(path, "habitat", "config", "inspec_exec_config.json")
-        logger.info("Generating #{config} for `#{EXEC_NAME} exec`...")
-        create_file_from_template(config, "config/inspec_exec_config.json.erb")
       end
 
       def upload

data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb

@@ -5,81 +5,4 @@ pkg_deps=(chef/inspec)
 pkg_build_deps=(chef/inspec core/jq-static)
 pkg_svc_user=root
 <%= "pkg_license='#{profile.metadata.params[:license]}'" if profile.metadata.params[:license]%>
-
-do_before() {
-  # Exit with error if not in the directory with 'inspec.yml'.
-  # This can happen if someone does 'hab studio enter' from within the
-  # 'habitat/' directory.
-  if [ ! -f "$PLAN_CONTEXT/../inspec.yml" ]; then
-    message="ERROR: Cannot find inspec.yml."
-    message="$message Please build from the profile root"
-    build_line "$message"
-
-    return 1
-  fi
-
-  # Execute an '<%= Inspec::Dist::EXEC_NAME %> compliance login' if a profile needs to be fetched from
-  # the Automate server
-  if [ "$(grep "compliance: " "$PLAN_CONTEXT/../inspec.yml")" ]; then
-    _do_compliance_login;
-  fi
-}
-
-do_setup_environment() {
-  set_buildtime_env PROFILE_CACHE_DIR "$HAB_CACHE_SRC_PATH/$pkg_dirname"
-  set_buildtime_env ARCHIVE_NAME "$pkg_name-$pkg_version.tar.gz"
-
-  # <%= Inspec::Dist::PRODUCT_NAME %> loads `pry` which tries to expand `~`. This fails if HOME isn't set.
-  set_runtime_env HOME "$pkg_svc_var_path"
-
-  # <%= Inspec::Dist::PRODUCT_NAME %> will create a `.inspec` directory in the user's home directory.
-  # This overrides that to write to a place within the running service's path.
-  # NOTE: Setting HOME does the same currently. This is here to be explicit.
-  set_runtime_env INSPEC_CONFIG_DIR  "$pkg_svc_var_path"
-}
-
-do_unpack() {
-  # Change directory to where the profile files are
-  pushd "$PLAN_CONTEXT/../" > /dev/null
-
-  # Get a list of all files in the profile except those that are Habitat related
-  profile_files=($(ls -I habitat -I results -I "*.hart"))
-
-  mkdir -p "$PROFILE_CACHE_DIR" > /dev/null
-
-  # Copy just the profile files to the profile cache directory
-  cp -r ${profile_files[@]} "$PROFILE_CACHE_DIR"
-}
-
-do_build() {
-  <%= Inspec::Dist::EXEC_NAME %> archive "$PROFILE_CACHE_DIR" \
-                                         --overwrite \
-                                         -o "$PROFILE_CACHE_DIR/$ARCHIVE_NAME"
-}
-
-do_install() {
-  cp "$PROFILE_CACHE_DIR/$ARCHIVE_NAME" "$pkg_prefix"
-}
-
-_do_compliance_login() {
-  if [ -z $COMPLIANCE_CREDS ]; then
-    message="ERROR: Please perform an '<%= Inspec::Dist::EXEC_NAME %> compliance login' and set"
-    message="$message \$HAB_STUDIO_SECRET_COMPLIANCE_CREDS to the contents of"
-    message="$message '~/.inspec/compliance/config.json'"
-    build_line "$message"
-    return 1
-  fi
-
-  user=$(echo $COMPLIANCE_CREDS | jq .user | sed 's/"//g')
-  token=$(echo $COMPLIANCE_CREDS | jq .token | sed 's/"//g')
-  automate_server=$(echo $COMPLIANCE_CREDS | \
-                    jq .server | \
-                    sed 's/\/api\/v0//' | \
-                    sed 's/"//g'
-                   )
-  insecure=$(echo $COMPLIANCE_CREDS | jq .insecure)
-  <%= Inspec::Dist::EXEC_NAME %> compliance login --insecure $insecure \
-                                                  --user $user \
-                                                  --token $token \
-                                                  $automate_server
-}
+pkg_scaffolding="chef/scaffolding-chef-inspec"