RubyGems - train-k8s-container-mitre - Versions diffs - 2.0.0 - Mend

train-k8s-container-mitre 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

checksums.yaml +7 -0
data/.expeditor/buildkite/coverage.sh +46 -0
data/.expeditor/buildkite/run_linux_tests.sh +16 -0
data/.expeditor/config.yml +61 -0
data/.expeditor/coverage.pipeline.yml +19 -0
data/.expeditor/update_version.sh +12 -0
data/.expeditor/verify.pipeline.yml +44 -0
data/.rspec +4 -0
data/.rubocop.yml +57 -0
data/CHANGELOG.md +158 -0
data/CODE_OF_CONDUCT.md +13 -0
data/CONTRIBUTING.md +161 -0
data/DEVELOPMENT.md +315 -0
data/Gemfile +23 -0
data/LICENSE.md +9 -0
data/NOTICE.md +9 -0
data/README.md +237 -0
data/Rakefile +37 -0
data/SECURITY.md +100 -0
data/VERSION +1 -0
data/cliff.toml +80 -0
data/docs/README.md +1 -0
data/lib/train-k8s-container/ansi_sanitizer.rb +31 -0
data/lib/train-k8s-container/connection.rb +102 -0
data/lib/train-k8s-container/errors.rb +22 -0
data/lib/train-k8s-container/kubectl_command_builder.rb +87 -0
data/lib/train-k8s-container/kubectl_exec_client.rb +176 -0
data/lib/train-k8s-container/kubernetes_name_validator.rb +44 -0
data/lib/train-k8s-container/platform.rb +93 -0
data/lib/train-k8s-container/pty_session.rb +156 -0
data/lib/train-k8s-container/result_processor.rb +94 -0
data/lib/train-k8s-container/retry_handler.rb +35 -0
data/lib/train-k8s-container/session_manager.rb +95 -0
data/lib/train-k8s-container/shell_detector.rb +198 -0
data/lib/train-k8s-container/transport.rb +30 -0
data/lib/train-k8s-container/version.rb +7 -0
data/lib/train-k8s-container.rb +12 -0
data/sonar-project.properties +17 -0
data/train-k8s-container.gemspec +49 -0
metadata +107 -0

data/lib/train-k8s-container/transport.rb ADDED Viewed

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+require 'train'
+require 'train/plugins'
+module TrainPlugins
+  module K8sContainer
+    # Train transport for connecting to Kubernetes containers via kubectl exec
+    class Transport < Train.plugin(1)
+      require_relative 'connection'
+      name 'k8s-container'
+      option :kubeconfig, default: ENV['KUBECONFIG'] || '~/.kube/config'
+      option :pod, default: nil
+      option :container_name, default: nil
+      option :namespace, default: nil
+      def connection(state = nil, &)
+        opts = merge_options(@options, state || {})
+        create_new_connection(opts, &)
+      end
+      def create_new_connection(options, &)
+        @connection_options = options
+        @connection = Connection.new(options, &)
+      end
+    end
+  end
+end

data/lib/train-k8s-container/version.rb ADDED Viewed

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+module TrainPlugins
+  module K8sContainer
+    VERSION = File.read(File.expand_path('../../VERSION', __dir__)).strip
+  end
+end

data/lib/train-k8s-container.rb ADDED Viewed

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+libdir = File.dirname(__FILE__)
+$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
+require_relative 'train-k8s-container/version'
+require_relative 'train-k8s-container/errors'
+require_relative 'train-k8s-container/platform'
+require_relative 'train-k8s-container/retry_handler'
+require_relative 'train-k8s-container/transport'
+require_relative 'train-k8s-container/connection'
+require_relative 'train-k8s-container/kubectl_exec_client'

data/sonar-project.properties ADDED Viewed

@@ -0,0 +1,17 @@
+# must be unique in a given SonarQube instance
+sonar.projectKey=inspec_train-k8s-container_AYvdJXl0G2RNgd1H9hTX
+sonar.projectName=Chef-Inspec-train-k8s-container
+# path to test coverage report generated by simplecov
+#sonar.ruby.coverage.reportPaths=coverage/coverage.json
+# exclude test directories from coverage
+sonar.coverage.exclusions=spec/*
+sonar.exclusions=**/*.java,**/*.js,vendor/*
+# skip C-language processor
+sonar.c.file.suffixes=-
+sonar.cpp.file.suffixes=-
+sonar.objc.file.suffixes=-

data/train-k8s-container.gemspec ADDED Viewed

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'train-k8s-container/version'
+Gem::Specification.new do |spec|
+  spec.name = 'train-k8s-container-mitre'
+  spec.version = TrainPlugins::K8sContainer::VERSION
+  spec.authors = ['MITRE SAF Team']
+  spec.email = ['saf@groups.mitre.org']
+  spec.summary = 'Train transport plugin for scanning Kubernetes containers with InSpec/Cinc Auditor.'
+  spec.description = <<~DESC
+    A Train transport plugin that enables Chef InSpec and Cinc Auditor to run compliance
+    scans against containers running in Kubernetes clusters. Uses kubectl exec to execute
+    commands inside containers, with proper platform detection for accurate OS resource behavior.
+  DESC
+  spec.homepage = 'https://github.com/mitre/train-k8s-container'
+  spec.license = 'Apache-2.0'
+  spec.required_ruby_version = '>= 3.1'
+  spec.metadata['rubygems_mfa_required'] = 'true'
+  spec.metadata['source_code_uri'] = 'https://github.com/mitre/train-k8s-container'
+  spec.metadata['changelog_uri'] = 'https://github.com/mitre/train-k8s-container/blob/main/CHANGELOG.md'
+  spec.metadata['bug_tracker_uri'] = 'https://github.com/mitre/train-k8s-container/issues'
+  spec.metadata['documentation_uri'] = 'https://github.com/mitre/train-k8s-container#readme'
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(__dir__) do
+    `git ls-files -z`.split("\x0").reject do |f|
+      (File.expand_path(f) == __FILE__) || f.start_with?(*%w[bin/ test/ spec/ features/ .git])
+    end
+  end
+  spec.require_paths = ['lib']
+  # NOTE: Do not list 'train' or 'inspec' as dependencies.
+  # Train plugins are loaded within InSpec's environment, which already provides
+  # train, train-core, and all their dependencies. Declaring train as a dependency
+  # causes gem activation conflicts (e.g., multi_json version conflicts).
+  #
+  # For development, add train to Gemfile in the development group.
+  # Ruby 3.4+ will remove base64 from default gems - add it explicitly
+  # This fixes the deprecation warning from train-core
+  spec.add_dependency 'base64', '~> 0.2', '>= 0.2.0'
+end

metadata ADDED Viewed

@@ -0,0 +1,107 @@
+--- !ruby/object:Gem::Specification
+name: train-k8s-container-mitre
+version: !ruby/object:Gem::Version
+  version: 2.0.0
+platform: ruby
+authors:
+- MITRE SAF Team
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: base64
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+description: |
+  A Train transport plugin that enables Chef InSpec and Cinc Auditor to run compliance
+  scans against containers running in Kubernetes clusters. Uses kubectl exec to execute
+  commands inside containers, with proper platform detection for accurate OS resource behavior.
+email:
+- saf@groups.mitre.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".expeditor/buildkite/coverage.sh"
+- ".expeditor/buildkite/run_linux_tests.sh"
+- ".expeditor/config.yml"
+- ".expeditor/coverage.pipeline.yml"
+- ".expeditor/update_version.sh"
+- ".expeditor/verify.pipeline.yml"
+- ".rspec"
+- ".rubocop.yml"
+- CHANGELOG.md
+- CODE_OF_CONDUCT.md
+- CONTRIBUTING.md
+- DEVELOPMENT.md
+- Gemfile
+- LICENSE.md
+- NOTICE.md
+- README.md
+- Rakefile
+- SECURITY.md
+- VERSION
+- cliff.toml
+- docs/README.md
+- lib/train-k8s-container.rb
+- lib/train-k8s-container/ansi_sanitizer.rb
+- lib/train-k8s-container/connection.rb
+- lib/train-k8s-container/errors.rb
+- lib/train-k8s-container/kubectl_command_builder.rb
+- lib/train-k8s-container/kubectl_exec_client.rb
+- lib/train-k8s-container/kubernetes_name_validator.rb
+- lib/train-k8s-container/platform.rb
+- lib/train-k8s-container/pty_session.rb
+- lib/train-k8s-container/result_processor.rb
+- lib/train-k8s-container/retry_handler.rb
+- lib/train-k8s-container/session_manager.rb
+- lib/train-k8s-container/shell_detector.rb
+- lib/train-k8s-container/transport.rb
+- lib/train-k8s-container/version.rb
+- sonar-project.properties
+- train-k8s-container.gemspec
+homepage: https://github.com/mitre/train-k8s-container
+licenses:
+- Apache-2.0
+metadata:
+  rubygems_mfa_required: 'true'
+  source_code_uri: https://github.com/mitre/train-k8s-container
+  changelog_uri: https://github.com/mitre/train-k8s-container/blob/main/CHANGELOG.md
+  bug_tracker_uri: https://github.com/mitre/train-k8s-container/issues
+  documentation_uri: https://github.com/mitre/train-k8s-container#readme
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.1'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.7.2
+specification_version: 4
+summary: Train transport plugin for scanning Kubernetes containers with InSpec/Cinc
+  Auditor.
+test_files: []