simp-beaker-helpers 1.8.0 → 1.8.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/simp/beaker_helpers/inspec.rb +50 -18
- data/lib/simp/beaker_helpers/version.rb +1 -1
- metadata +11 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8057e97359b2ce3f693b144d39f261cf290e69bd
|
4
|
+
data.tar.gz: a2f7f470c423876cc605a889ade1e17b514ee20d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 99fac64a05ae979b97cb88ebfeaea71e24c8b9d13416443168fb2c3c29cb2431d3b44adea3f658f02fbab6539e7c6fc302a19703335cf7241e5dfcad2674f937
|
7
|
+
data.tar.gz: 83c474b816ab946c71e5e272484c5727cb4959450627dd200d88e6e8436da0273ffeed49cbcdf8e04add066e30c7dd114d9d281ff71a05c046bd9576649dddd9
|
@@ -2,6 +2,11 @@ module Simp::BeakerHelpers
|
|
2
2
|
|
3
3
|
# Helpers for working with Inspec
|
4
4
|
class Inspec
|
5
|
+
|
6
|
+
attr_reader :profile
|
7
|
+
attr_reader :profile_dir
|
8
|
+
attr_reader :deps_root
|
9
|
+
|
5
10
|
# Create a new Inspec helper for the specified host against the specified profile
|
6
11
|
#
|
7
12
|
# @param sut
|
@@ -15,7 +20,16 @@ module Simp::BeakerHelpers
|
|
15
20
|
|
16
21
|
@sut.install_package('inspec')
|
17
22
|
|
18
|
-
|
23
|
+
os = fact_on(@sut, 'operatingsystem')
|
24
|
+
os_rel = fact_on(@sut, 'operatingsystemmajrelease')
|
25
|
+
|
26
|
+
@profile = "#{os}-#{os_rel}-#{profile}"
|
27
|
+
@profile_dir = '/tmp/inspec/inspec_profiles'
|
28
|
+
@deps_root = '/tmp/inspec'
|
29
|
+
|
30
|
+
@test_dir = @profile_dir + "/#{@profile}"
|
31
|
+
|
32
|
+
sut.mkdir_p(@profile_dir)
|
19
33
|
|
20
34
|
output_dir = File.absolute_path('sec_results/inspec')
|
21
35
|
|
@@ -23,37 +37,52 @@ module Simp::BeakerHelpers
|
|
23
37
|
FileUtils.mkdir_p(output_dir)
|
24
38
|
end
|
25
39
|
|
26
|
-
|
27
|
-
|
28
|
-
|
40
|
+
local_profile = File.join(fixtures_path, 'inspec_profiles', %(#{os}-#{os_rel}-#{profile}))
|
41
|
+
local_deps = File.join(fixtures_path, 'inspec_deps')
|
42
|
+
|
43
|
+
@result_file = File.join(output_dir, "#{@sut.hostname}-inspec-#{Time.now.to_i}")
|
29
44
|
|
30
|
-
@
|
45
|
+
if @sut[:hypervisor] == 'docker'
|
46
|
+
%x(docker cp -L "#{local_profile}" "#{@sut.hostname}:#{@test_dir}")
|
47
|
+
else
|
48
|
+
scp_to(@sut, local_profile, @test_dir)
|
49
|
+
end
|
31
50
|
|
32
|
-
|
51
|
+
if File.exist?(local_deps)
|
52
|
+
if @sut[:hypervisor] == 'docker'
|
53
|
+
%x(docker cp -L "#{local_deps}" "#{@sut.hostname}:#{@deps_root}")
|
54
|
+
else
|
55
|
+
scp_to(@sut, local_deps, @deps_root)
|
56
|
+
end
|
57
|
+
end
|
33
58
|
|
34
59
|
# The results of the inspec scan in Hash form
|
35
|
-
@
|
60
|
+
@results = {}
|
36
61
|
end
|
37
62
|
|
38
63
|
# Run the inspec tests and record the results
|
39
64
|
def run
|
40
65
|
sut_inspec_results = '/tmp/inspec_results.json'
|
41
66
|
|
42
|
-
inspec_cmd = "inspec exec --format json #{@
|
67
|
+
inspec_cmd = "inspec exec --format json #{@test_dir} > #{sut_inspec_results}"
|
43
68
|
result = on(@sut, inspec_cmd, :accept_all_exit_codes => true)
|
44
69
|
|
45
70
|
tmpdir = Dir.mktmpdir
|
46
71
|
begin
|
47
72
|
Dir.chdir(tmpdir) do
|
48
|
-
|
73
|
+
if @sut[:hypervisor] == 'docker'
|
74
|
+
%x(docker cp "#{@sut.hostname}:#{sut_inspec_results}" .)
|
75
|
+
else
|
76
|
+
scp_from(@sut, sut_inspec_results, '.')
|
77
|
+
end
|
49
78
|
|
50
79
|
local_inspec_results = File.basename(sut_inspec_results)
|
51
80
|
|
52
81
|
if File.exist?(local_inspec_results)
|
53
82
|
begin
|
54
|
-
@
|
83
|
+
@results = JSON.load(File.read(local_inspec_results))
|
55
84
|
rescue JSON::ParserError, JSON::GeneratorError
|
56
|
-
@
|
85
|
+
@results = nil
|
57
86
|
end
|
58
87
|
end
|
59
88
|
end
|
@@ -61,13 +90,13 @@ module Simp::BeakerHelpers
|
|
61
90
|
FileUtils.remove_entry_secure tmpdir
|
62
91
|
end
|
63
92
|
|
64
|
-
unless @
|
65
|
-
File.open(@
|
93
|
+
unless @results
|
94
|
+
File.open(@result_file + '.err', 'w') do |fh|
|
66
95
|
fh.puts(result.stderr.strip)
|
67
96
|
end
|
68
97
|
|
69
98
|
err_msg = ["Error running inspec command #{inspec_cmd}"]
|
70
|
-
err_msg << "Error captured in #{@
|
99
|
+
err_msg << "Error captured in #{@result_file}" + '.err'
|
71
100
|
|
72
101
|
fail(err_msg.join("\n"))
|
73
102
|
end
|
@@ -79,11 +108,11 @@ module Simp::BeakerHelpers
|
|
79
108
|
# The inspec results Hash
|
80
109
|
#
|
81
110
|
def write_report(report)
|
82
|
-
File.open(@
|
83
|
-
fh.puts(JSON.pretty_generate(@
|
111
|
+
File.open(@result_file + '.json', 'w') do |fh|
|
112
|
+
fh.puts(JSON.pretty_generate(@results))
|
84
113
|
end
|
85
114
|
|
86
|
-
File.open(@
|
115
|
+
File.open(@result_file + '.report', 'w') do |fh|
|
87
116
|
fh.puts(report[:report].uncolor)
|
88
117
|
end
|
89
118
|
end
|
@@ -104,7 +133,7 @@ module Simp::BeakerHelpers
|
|
104
133
|
:report => []
|
105
134
|
}
|
106
135
|
|
107
|
-
profiles = @
|
136
|
+
profiles = @results['profiles']
|
108
137
|
|
109
138
|
profiles.each do |profile|
|
110
139
|
stats[:report] << "Name: #{profile['name']}"
|
@@ -112,6 +141,9 @@ module Simp::BeakerHelpers
|
|
112
141
|
profile['controls'].each do |control|
|
113
142
|
title = control['title']
|
114
143
|
|
144
|
+
# Skip auto-generated material
|
145
|
+
next unless title
|
146
|
+
|
115
147
|
if title.length > 72
|
116
148
|
title = title[0..71] + '(...)'
|
117
149
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: simp-beaker-helpers
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.8.
|
4
|
+
version: 1.8.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Chris Tessmer
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2017-
|
12
|
+
date: 2017-09-02 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: beaker
|
@@ -93,8 +93,15 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
93
93
|
version: '0'
|
94
94
|
requirements: []
|
95
95
|
rubyforge_project:
|
96
|
-
rubygems_version: 2.4.
|
96
|
+
rubygems_version: 2.4.8
|
97
97
|
signing_key:
|
98
98
|
specification_version: 4
|
99
99
|
summary: beaker helper methods for SIMP
|
100
|
-
test_files:
|
100
|
+
test_files:
|
101
|
+
- spec/acceptance/enable_fips_spec.rb
|
102
|
+
- spec/acceptance/fixture_modules_spec.rb
|
103
|
+
- spec/acceptance/nodesets/default.yml
|
104
|
+
- spec/acceptance/pki_tests_spec.rb
|
105
|
+
- spec/acceptance/set_hieradata_on_spec.rb
|
106
|
+
- spec/acceptance/write_hieradata_to_spec.rb
|
107
|
+
- spec/spec_helper_acceptance.rb
|