Class: Inspec::BaseCLI
- Inherits:
-
Thor
- Object
- Thor
- Inspec::BaseCLI
- Defined in:
- lib/inspec/plugin/v2/plugin_types/cli.rb,
lib/inspec/base_cli.rb
Overview
The InSpec load order has this file being loaded before ‘inspec/base_cli` can finish being loaded. So, we must define Inspec::BaseCLI here first to avoid a NameError below.
Direct Known Subclasses
InspecCLI, Plugin::V2::PluginType::CliCommand, Supermarket::SupermarketCLI
Class Attribute Summary collapse
-
.inspec_cli_command ⇒ Object
Returns the value of attribute inspec_cli_command.
Class Method Summary collapse
-
.check_license! ⇒ Object
EULA acceptance.
- .exec_options ⇒ Object
- .exit_on_failure? ⇒ Boolean
- .format_platform_info(params: {}, indent: 0, color: 39, enable_color: true) ⇒ Object
- .help(*args) ⇒ Object
- .profile_options ⇒ Object
- .start(given_args = ARGV, config = {}) ⇒ Object
- .supermarket_options ⇒ Object
-
.target_options ⇒ Object
rubocop:disable Metrics/MethodLength.
Class Attribute Details
.inspec_cli_command ⇒ Object
Returns the value of attribute inspec_cli_command.
29 30 31 |
# File 'lib/inspec/base_cli.rb', line 29 def inspec_cli_command @inspec_cli_command end |
Class Method Details
.check_license! ⇒ Object
EULA acceptance
39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
# File 'lib/inspec/base_cli.rb', line 39 def self.check_license! allowed_commands = ["-h", "--help", "help", "-v", "--version", "version"] require "license_acceptance/acceptor" begin if (allowed_commands & ARGV.map(&:downcase)).empty? && # Did they use a non-exempt command? !ARGV.empty? # Did they supply at least one command? license_acceptor_output = LicenseAcceptance::Acceptor.check_and_persist( Inspec::Dist::EXEC_NAME, Inspec::VERSION, logger: Inspec::Log ) if license_acceptor_output && ARGV.count == 1 && (ARGV.first.include? "--chef-license") Inspec::UI.new.exit end license_acceptor_output end rescue LicenseAcceptance::LicenseNotAcceptedError Inspec::Log.error "#{Inspec::Dist::PRODUCT_NAME} cannot execute without accepting the license" Inspec::UI.new.exit(:license_not_accepted) end end |
.exec_options ⇒ Object
145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 |
# File 'lib/inspec/base_cli.rb', line 145 def self. option :controls, type: :array, desc: "A list of control names to run, or a list of /regexes/ to match against control names. Ignore all other tests." option :tags, type: :array, desc: "A list of tags names that are part of controls to filter and run controls, or a list of /regexes/ to match against tags names of controls. Ignore all other tests." option :reporter, type: :array, banner: "one two:/output/file/path", desc: "Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit, yaml" option :reporter_message_truncation, type: :string, desc: "Number of characters to truncate failure messages and code_desc in report data to (default: no truncation)" option :reporter_backtrace_inclusion, type: :boolean, desc: "Include a code backtrace in report data (default: true)" option :input, type: :array, banner: "name1=value1 name2=value2", desc: "Specify one or more inputs directly on the command line, as --input NAME=VALUE. Accepts single-quoted YAML and JSON structures." option :input_file, type: :array, desc: "Load one or more input files, a YAML file with values for the profile to use" option :waiver_file, type: :array, desc: "Load one or more waiver files." option :attrs, type: :array, desc: "Legacy name for --input-file - deprecated." option :create_lockfile, type: :boolean, desc: "Write out a lockfile based on this execution (unless one already exists)" option :backend_cache, type: :boolean, desc: "Allow caching for backend command output. (default: true)" option :show_progress, type: :boolean, desc: "Show progress while executing tests." option :distinct_exit, type: :boolean, default: true, desc: "Exit with code 101 if any tests fail, and 100 if any are skipped (default). If disabled, exit 0 on skips and 1 for failures." option :silence_deprecations, type: :array, banner: "[all]|[GROUP GROUP...]", desc: "Suppress deprecation warnings. See install_dir/etc/deprecations.json for list of GROUPs or use 'all'." option :diff, type: :boolean, default: true, desc: "Use --no-diff to suppress 'diff' output of failed textual test results." option :sort_results_by, type: :string, default: "file", banner: "--sort-results-by=none|control|file|random", desc: "After normal execution order, results are sorted by control ID, or by file (default), or randomly. None uses legacy unsorted mode." option :filter_empty_profiles, type: :boolean, default: false, desc: "Filter empty profiles (profiles without controls) from the report." option :filter_waived_controls, type: :boolean, desc: "Do not execute waived controls in InSpec at all. Must use with --waiver-file. Ignores `run` setting of waiver file." option :retain_waiver_data, type: :boolean, desc: "EXPERIMENTAL: Only works in conjunction with --filter-waived-controls, retains waiver data about controls that were skipped" option :command_timeout, type: :numeric, desc: "Maximum seconds to allow commands to run during execution.", long_desc: "Maximum seconds to allow commands to run during execution. A timed out command is considered an error." option :reporter_include_source, type: :boolean, default: false, desc: "Include full source code of controls in the CLI report" end |
.exit_on_failure? ⇒ Boolean
63 64 65 |
# File 'lib/inspec/base_cli.rb', line 63 def self.exit_on_failure? true end |
.format_platform_info(params: {}, indent: 0, color: 39, enable_color: true) ⇒ Object
202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 |
# File 'lib/inspec/base_cli.rb', line 202 def self.format_platform_info(params: {}, indent: 0, color: 39, enable_color: true) str = "" params.each do |item, info| data = info # Format Array for better output if applicable data = data.join(", ") if data.is_a?(Array) # Do not output fields of data is missing ('unknown' is fine) next if data.nil? data = "\e[1m\e[#{color}m#{data}\e[0m" if enable_color str << format("#{" " * indent}%-10s %s\n", item.to_s.capitalize + ":", data) end str end |
.help(*args) ⇒ Object
196 197 198 199 200 |
# File 'lib/inspec/base_cli.rb', line 196 def self.help(*args) super(*args) puts "\nAbout #{Inspec::Dist::PRODUCT_NAME}:" puts " Patents: chef.io/patents\n\n" end |
.profile_options ⇒ Object
133 134 135 136 137 138 |
# File 'lib/inspec/base_cli.rb', line 133 def self. option :profiles_path, type: :string, desc: "Folder which contains referenced profiles." option :vendor_cache, type: :string, desc: "Use the given path for caching dependencies. (default: ~/.inspec/cache)" end |
.start(given_args = ARGV, config = {}) ⇒ Object
32 33 34 35 36 |
# File 'lib/inspec/base_cli.rb', line 32 def self.start(given_args = ARGV, config = {}) check_license! if config[:enforce_license] || config[:enforce_license].nil? super(given_args, config) end |
.supermarket_options ⇒ Object
140 141 142 143 |
# File 'lib/inspec/base_cli.rb', line 140 def self. option :supermarket_url, type: :string, desc: "Specify the URL of a private Chef Supermarket." end |
.target_options ⇒ Object
rubocop:disable Metrics/MethodLength
67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 |
# File 'lib/inspec/base_cli.rb', line 67 def self. # rubocop:disable Metrics/MethodLength option :target, aliases: :t, type: :string, desc: "Simple targeting option using URIs, e.g. ssh://user:pass@host:port" option :backend, aliases: :b, type: :string, desc: "Choose a backend: local, ssh, winrm, docker." option :host, type: :string, desc: "Specify a remote host which is tested." option :port, aliases: :p, type: :numeric, desc: "Specify the login port for a remote scan." option :user, type: :string, desc: "The login user for a remote scan." option :password, type: :string, lazy_default: -1, desc: "Login password for a remote scan, if required." option :enable_password, type: :string, lazy_default: -1, desc: "Password for enable mode on Cisco IOS devices." option :key_files, aliases: :i, type: :array, desc: "Login key or certificate file for a remote scan." option :path, type: :string, desc: "Login path to use when connecting to the target (WinRM)." option :sudo, type: :boolean, desc: "Run scans with sudo. Only activates on Unix and non-root user." option :sudo_password, type: :string, lazy_default: -1, desc: "Specify a sudo password, if it is required." option :sudo_options, type: :string, desc: "Additional sudo options for a remote scan." option :sudo_command, type: :string, desc: "Alternate command for sudo." option :shell, type: :boolean, desc: "Run scans in a subshell. Only activates on Unix." option :shell_options, type: :string, desc: "Additional shell options." option :shell_command, type: :string, desc: "Specify a particular shell to use." option :ssl, type: :boolean, desc: "Use SSL for transport layer encryption (WinRM)." option :self_signed, type: :boolean, desc: "Allow remote scans with self-signed certificates (WinRM)." option :winrm_transport, type: :string, default: "negotiate", desc: "Specify which transport to use, defaults to negotiate (WinRM)." option :winrm_disable_sspi, type: :boolean, desc: "Whether to use disable sspi authentication, defaults to false (WinRM)." option :winrm_basic_auth_only, type: :boolean, desc: "Whether to use basic authentication, defaults to false (WinRM)." option :config, type: :string, desc: "Read configuration from JSON file (`-` reads from stdin)." option :json_config, type: :string, hide: true option :proxy_command, type: :string, desc: "Specifies the command to use to connect to the server" option :bastion_host, type: :string, desc: "Specifies the bastion host if applicable" option :bastion_user, type: :string, desc: "Specifies the bastion user if applicable" option :bastion_port, type: :string, desc: "Specifies the bastion port if applicable" option :insecure, type: :boolean, default: false, desc: "Disable SSL verification on select targets" option :target_id, type: :string, desc: "Provide a ID which will be included on reports" option :winrm_shell_type, type: :string, default: "powershell", desc: "Specify a shell type for winrm (eg. 'elevated' or 'powershell')" option :docker_url, type: :string, desc: "Provides path to Docker API endpoint (Docker)" option :ssh_config_file, type: :array, desc: "A list of paths to the ssh config file, e.g ~/.ssh/config or /etc/ssh/ssh_config" end |