Class: Inspec::Profile
- Inherits:
-
Object
- Object
- Inspec::Profile
- Extended by:
- Forwardable
- Defined in:
- lib/inspec/profile.rb
Instance Attribute Summary collapse
-
#backend ⇒ Object
readonly
Returns the value of attribute backend.
-
#check_mode ⇒ Object
readonly
Returns the value of attribute check_mode.
-
#parent_profile ⇒ Object
Returns the value of attribute parent_profile.
-
#profile_id ⇒ Object
Returns the value of attribute profile_id.
-
#profile_name ⇒ Object
Returns the value of attribute profile_name.
-
#runner_context ⇒ Object
readonly
Returns the value of attribute runner_context.
-
#source_reader ⇒ Object
readonly
Returns the value of attribute source_reader.
Class Method Summary collapse
-
.copy_deps_into_cache(file_provider, opts) ⇒ Object
Check if the profile contains a vendored cache, move content into global cache TODO: use relative file provider TODO: use source reader for Cache as well.
- .for_fetcher(fetcher, config) ⇒ Object
- .for_path(path, opts) ⇒ Object
- .for_target(target, opts = {}) ⇒ Object
- .resolve_target(target, cache, opts = {}) ⇒ Object
Instance Method Summary collapse
-
#archive(opts) ⇒ Object
generates a archive of a folder profile.
-
#check ⇒ Boolean
Check if the profile is internally well-structured.
- #collect_tests ⇒ Object
- #controls_count ⇒ Object
- #cookstyle_linting_check ⇒ Object
-
#cookstyle_rake_output ⇒ Object
Cookstyle linting rake run output.
-
#cwd ⇒ Object
TODO(ssd): Relative path handling really needs to be carefully thought through, especially with respect to relative paths in tarballs.
- #failed? ⇒ Boolean
- #files ⇒ Object
-
#filter_waived_controls ⇒ Object
Wipe out waived controls.
-
#generate_lockfile ⇒ Inspec::Lockfile
Generate an in-memory lockfile.
-
#include_controls_list ⇒ Object
This creates the list of controls provided in the –controls options which need to be include for evaluation.
-
#include_tags_list ⇒ Object
This creates the list of controls to be filtered by tag values provided in the –tags options.
-
#info(res = params.dup) ⇒ Object
rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/MethodLength.
-
#info! ⇒ Object
return info using uncached params.
-
#initialize(source_reader, options = {}) ⇒ Profile
constructor
rubocop:disable Metrics/AbcSize.
- #load_dependencies ⇒ Object
- #load_libraries ⇒ Object
- #locked_dependencies ⇒ Object
- #lockfile ⇒ Object
- #lockfile_exists? ⇒ Boolean
- #lockfile_path ⇒ Object
- #name ⇒ Object
- #params ⇒ Object
- #root_path ⇒ Object
- #set_status_message(msg) ⇒ Object
-
#sha256 ⇒ Type
Calculate this profile’s SHA256 checksum.
-
#supported? ⇒ Boolean
Is this profile is supported on the current platform of the backend machine and the current inspec version.
-
#supports_platform? ⇒ Boolean
We need to check if we’re using a Mock’d backend for tests to function.
- #supports_runtime? ⇒ Boolean
- #to_s ⇒ Object
- #version ⇒ Object
- #writable? ⇒ Boolean
Constructor Details
#initialize(source_reader, options = {}) ⇒ Profile
rubocop:disable Metrics/AbcSize
88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 |
# File 'lib/inspec/profile.rb', line 88 def initialize(source_reader, = {}) @source_reader = source_reader @target = [:target] @logger = [:logger] || Logger.new(nil) @locked_dependencies = [:dependencies] @controls = [:controls] || [] @tags = [:tags] || [] @writable = [:writable] || false @profile_id = [:id] @profile_name = [:profile_name] @cache = [:vendor_cache] || Cache.new @input_values = [:inputs] @tests_collected = false @libraries_loaded = false @state = :loaded @check_mode = [:check_mode] || false @parent_profile = [:parent_profile] @legacy_profile_path = [:profiles_path] || false @check_cookstyle = [:with_cookstyle] Metadata.finalize(@source_reader., @profile_id, ) # if a backend has already been created, clone it so each profile has its own unique backend object # otherwise, create a new backend object # # This is necessary since we store the RuntimeProfile on the backend object. If a user runs `inspec exec` # with multiple profiles, only the RuntimeProfile for the last-loaded profile will be available if # we share the backend between profiles. # # This will cause issues if a profile attempts to load a file via `inspec.profile.file` = .reject { |k, _| k == "target" } # See https://github.com/chef/inspec/pull/1646 @backend = [:backend].nil? ? Inspec::Backend.create(Inspec::Config.new()) : [:backend].dup @runtime_profile = RuntimeProfile.new(self) @backend.profile = @runtime_profile # The AttributeRegistry is in charge of keeping track of inputs; # it is the single source of truth. Now that we have a profile object, # we can create any inputs that were provided by various mechanisms. [:runner_conf] ||= Inspec::Config.cached # Catch legacy CLI input option usage if [:runner_conf].key?(:attrs) Inspec.deprecate(:rename_attributes_to_inputs, "Use --input-file on the command line instead of --attrs.") [:runner_conf][:input_file] = [:runner_conf].delete(:attrs) elsif [:runner_conf].key?(:input_files) # The kitchen-inspec docs say to use plural. Our CLI and internal expectations are singular. [:runner_conf][:input_file] = [:runner_conf].delete(:input_files) end # Catch legacy kitchen-inspec input usage if [:runner_conf].key?(:attributes) Inspec.deprecate(:rename_attributes_to_inputs, "Use :inputs in your kitchen.yml verifier config instead of :attributes.") [:runner_conf][:inputs] = [:runner_conf].delete(:attributes) end Inspec::InputRegistry.bind_profile_inputs( # Every input only exists in the context of a profile .params[:name], # TODO: test this with profile aliasing # Remaining args are possible sources of inputs cli_input_files: [:runner_conf][:input_file], # From CLI --input-file profile_metadata: , runner_api: [:runner_conf][:inputs], # This is the route the audit_cookbook and kitchen-inspec take cli_input_arg: [:runner_conf][:input] # The --input name=value CLI option ) @runner_context = [:profile_context] || Inspec::ProfileContext.for_profile(self, @backend) if .supports_platform?(@backend) @supports_platform = true else @supports_platform = false @state = :skipped end @supports_runtime = .supports_runtime? end |
Instance Attribute Details
#backend ⇒ Object (readonly)
Returns the value of attribute backend.
81 82 83 |
# File 'lib/inspec/profile.rb', line 81 def backend @backend end |
#check_mode ⇒ Object (readonly)
Returns the value of attribute check_mode.
81 82 83 |
# File 'lib/inspec/profile.rb', line 81 def check_mode @check_mode end |
#parent_profile ⇒ Object
Returns the value of attribute parent_profile.
82 83 84 |
# File 'lib/inspec/profile.rb', line 82 def parent_profile @parent_profile end |
#profile_id ⇒ Object
Returns the value of attribute profile_id.
82 83 84 |
# File 'lib/inspec/profile.rb', line 82 def profile_id @profile_id end |
#profile_name ⇒ Object
Returns the value of attribute profile_name.
82 83 84 |
# File 'lib/inspec/profile.rb', line 82 def profile_name @profile_name end |
#runner_context ⇒ Object (readonly)
Returns the value of attribute runner_context.
81 82 83 |
# File 'lib/inspec/profile.rb', line 81 def runner_context @runner_context end |
#source_reader ⇒ Object (readonly)
Returns the value of attribute source_reader.
81 82 83 |
# File 'lib/inspec/profile.rb', line 81 def source_reader @source_reader end |
Class Method Details
.copy_deps_into_cache(file_provider, opts) ⇒ Object
Check if the profile contains a vendored cache, move content into global cache TODO: use relative file provider TODO: use source reader for Cache as well
29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
# File 'lib/inspec/profile.rb', line 29 def self.copy_deps_into_cache(file_provider, opts) # filter content cache = file_provider.files.find_all do |entry| entry.start_with?("vendor") end content = Hash[cache.map { |x| [x, file_provider.binread(x)] }] keys = content.keys keys.each do |key| next if content[key].nil? # remove prefix rel = Pathname.new(key).relative_path_from(Pathname.new("vendor")).to_s tar = Pathname.new(opts[:vendor_cache].path).join(rel) FileUtils.mkdir_p tar.dirname.to_s Inspec::Log.debug "Copy #{tar} to cache directory" File.binwrite(tar.to_s, content[key]) end end |
.for_fetcher(fetcher, config) ⇒ Object
64 65 66 67 68 69 |
# File 'lib/inspec/profile.rb', line 64 def self.for_fetcher(fetcher, config) opts = config.respond_to?(:final_options) ? config. : config opts[:vendor_cache] = opts[:vendor_cache] || Cache.new path, writable = fetcher.fetch for_path(path, opts.merge(target: fetcher.target, writable: writable)) end |
.for_path(path, opts) ⇒ Object
49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
# File 'lib/inspec/profile.rb', line 49 def self.for_path(path, opts) file_provider = FileProvider.for_path(path) rp = file_provider.relative_provider # copy embedded dependencies into global cache copy_deps_into_cache(rp, opts) unless opts[:vendor_cache].nil? reader = Inspec::SourceReader.resolve(rp) if reader.nil? raise("Don't understand inspec profile in #{path}, it " \ "doesn't look like a supported profile structure.") end new(reader, opts) end |
.for_target(target, opts = {}) ⇒ Object
71 72 73 74 75 76 77 78 79 |
# File 'lib/inspec/profile.rb', line 71 def self.for_target(target, opts = {}) opts[:vendor_cache] ||= Cache.new config = {} unless opts[:runner_conf].nil? config = opts[:runner_conf].respond_to?(:final_options) ? opts[:runner_conf]. : opts[:runner_conf] end fetcher = resolve_target(target, opts[:vendor_cache], config) for_fetcher(fetcher, opts) end |
.resolve_target(target, cache, opts = {}) ⇒ Object
21 22 23 24 |
# File 'lib/inspec/profile.rb', line 21 def self.resolve_target(target, cache, opts = {}) Inspec::Log.debug "Resolve #{target} into cache #{cache.path}" Inspec::CachedFetcher.new(target, cache, opts) end |
Instance Method Details
#archive(opts) ⇒ Object
generates a archive of a folder profile
620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 |
# File 'lib/inspec/profile.rb', line 620 def archive(opts) # check if file exists otherwise overwrite the archive dst = archive_name(opts) if dst.exist? && !opts[:overwrite] @logger.info "Archive #{dst} exists already. Use --overwrite." return false end # remove existing archive FileUtils.rm_f(dst) if dst.exist? @logger.info "Generate archive #{dst}." # filter files that should not be part of the profile # TODO ignore all .files, but add the files to debug output # Generate temporary inspec.json for archive if opts[:export] Inspec::Utils::JsonProfileSummary.produce_json( info: info, # TODO: conditionalize and call info_from_parse write_path: "#{root_path}inspec.json", suppress_output: true ) end # display all files that will be part of the archive @logger.debug "Add the following files to archive:" files.each { |f| @logger.debug " " + f } @logger.debug " inspec.json" if opts[:export] archive_files = opts[:export] ? files.push("inspec.json") : files if opts[:zip] # generate zip archive require "inspec/archive/zip" zag = Inspec::Archive::ZipArchiveGenerator.new zag.archive(root_path, archive_files, dst) else # generate tar archive require "inspec/archive/tar" tag = Inspec::Archive::TarArchiveGenerator.new tag.archive(root_path, archive_files, dst) end # Cleanup FileUtils.rm_f("#{root_path}inspec.json") if opts[:export] @logger.info "Finished archive generation." true end |
#check ⇒ Boolean
Check if the profile is internally well-structured. The logger will be used to print information on errors and warnings which are found.
495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 |
# File 'lib/inspec/profile.rb', line 495 def check # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/MethodLength # initial values for response object result = { summary: { valid: false, timestamp: Time.now.iso8601, location: @target, profile: nil, controls: 0, }, errors: [], warnings: [], offenses: [], } entry = lambda { |file, line, column, control, msg| { file: file, line: line, column: column, control_id: control, msg: msg, } } warn = lambda { |file, line, column, control, msg| @logger.warn(msg) result[:warnings].push(entry.call(file, line, column, control, msg)) } error = lambda { |file, line, column, control, msg| @logger.error(msg) result[:errors].push(entry.call(file, line, column, control, msg)) } offense = lambda { |file, line, column, control, msg| result[:offenses].push(entry.call(file, line, column, control, msg)) } @logger.info "Checking profile in #{@target}" = @source_reader.target.abs_path(@source_reader..ref) # verify metadata m_errors, m_warnings = .valid m_errors.each { |msg| error.call(, 0, 0, nil, msg) } m_warnings.each { |msg| warn.call(, 0, 0, nil, msg) } m_unsupported = .unsupported m_unsupported.each { |u| warn.call(, 0, 0, nil, "doesn't support: #{u}") } @logger.info "Metadata OK." if m_errors.empty? && m_unsupported.empty? # only run the vendor check if the legacy profile-path is not used as argument if @legacy_profile_path == false # verify that a lockfile is present if we have dependencies unless .dependencies.empty? error.call(, 0, 0, nil, "Your profile needs to be vendored with `inspec vendor`.") unless lockfile_exists? end if lockfile_exists? # verify if metadata and lockfile are out of sync if lockfile.deps.size != .dependencies.size error.call(, 0, 0, nil, "inspec.yml and inspec.lock are out-of-sync. Please re-vendor with `inspec vendor`.") end # verify if metadata and lockfile have the same dependency names .dependencies.each do |dep| # Skip if the dependency does not specify a name next if dep[:name].nil? # TODO: should we also verify that the soure is the same? unless lockfile.deps.map { |x| x[:name] }.include? dep[:name] error.call(, 0, 0, nil, "Cannot find #{dep[:name]} in lockfile. Please re-vendor with `inspec vendor`.") end end end end # extract profile name result[:summary][:profile] = .params[:name] count = controls_count result[:summary][:controls] = count if count == 0 warn.call(nil, nil, nil, nil, "No controls or tests were defined.") else @logger.info("Found #{count} controls.") end # iterate over hash of groups params[:controls].each do |id, control| sfile = control[:source_location][:ref] sline = control[:source_location][:line] error.call(sfile, sline, nil, id, "Avoid controls with empty IDs") if id.nil? || id.empty? next if id.start_with? "(generated " warn.call(sfile, sline, nil, id, "Control #{id} has no title") if control[:title].to_s.empty? warn.call(sfile, sline, nil, id, "Control #{id} has no descriptions") if control[:descriptions][:default].to_s.empty? warn.call(sfile, sline, nil, id, "Control #{id} has impact > 1.0") if control[:impact].to_f > 1.0 warn.call(sfile, sline, nil, id, "Control #{id} has impact < 0.0") if control[:impact].to_f < 0.0 warn.call(sfile, sline, nil, id, "Control #{id} has no tests defined") if control[:checks].nil? || control[:checks].empty? end # Running cookstyle to check for code offenses if @check_cookstyle cookstyle_linting_check.each do |lint_output| data = lint_output.split(":") msg = "#{data[-2]}:#{data[-1]}" offense.call(data[0], data[1], data[2], nil, msg) end end # profile is valid if we could not find any error & offenses result[:summary][:valid] = result[:errors].empty? && result[:offenses].empty? @logger.info "Control definitions OK." if result[:warnings].empty? result end |
#collect_tests ⇒ Object
215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 |
# File 'lib/inspec/profile.rb', line 215 def collect_tests unless @tests_collected || failed? return unless supports_platform? locked_dependencies.each(&:collect_tests) tests = filter_waived_controls # Collect tests tests.each do |path, content| next if content.nil? || content.empty? abs_path = source_reader.target.abs_path(path) begin @runner_context.load_control_file(content, abs_path, nil) rescue => e @state = :failed raise Inspec::Exceptions::ProfileLoadFailed, "Failed to load source for #{path}: #{e}" end end @tests_collected = true end @runner_context.all_rules end |
#controls_count ⇒ Object
611 612 613 |
# File 'lib/inspec/profile.rb', line 611 def controls_count params[:controls].values.length end |
#cookstyle_linting_check ⇒ Object
452 453 454 455 456 457 458 459 |
# File 'lib/inspec/profile.rb', line 452 def cookstyle_linting_check msgs = [] return msgs if Inspec.locally_windows? # See #5723 output = cookstyle_rake_output.split("Offenses:").last msgs = output.split("\n").select { |x| x =~ /[A-Z]:/ } unless output.nil? msgs end |
#cookstyle_rake_output ⇒ Object
Cookstyle linting rake run output
462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 |
# File 'lib/inspec/profile.rb', line 462 def cookstyle_rake_output require "cookstyle" require "rubocop/rake_task" begin RuboCop::RakeTask.new(:cookstyle_lint) do |spec| spec. += [ "--display-cop-names", "--parallel", "--only=InSpec/Deprecations", ] spec.patterns += Dir.glob("#{@target}/**/*.rb").reject { |f| File.directory?(f) } spec.fail_on_error = false end rescue LoadError puts "Rubocop is not available. Install the rubocop gem to run the lint tests." end begin stdout = StringIO.new $stdout = stdout Rake::Task["cookstyle_lint"].invoke $stdout = STDOUT Rake.application["cookstyle_lint"].reenable stdout.string rescue => e puts "Cookstyle lint checks could not be performed. Error while running cookstyle - #{e}" "" end end |
#cwd ⇒ Object
TODO(ssd): Relative path handling really needs to be carefully thought through, especially with respect to relative paths in tarballs.
694 695 696 |
# File 'lib/inspec/profile.rb', line 694 def cwd @target.is_a?(String) && File.directory?(@target) ? @target : "./" end |
#failed? ⇒ Boolean
177 178 179 |
# File 'lib/inspec/profile.rb', line 177 def failed? @state == :failed end |
#files ⇒ Object
685 686 687 |
# File 'lib/inspec/profile.rb', line 685 def files @source_reader.target.files end |
#filter_waived_controls ⇒ Object
Wipe out waived controls
241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 |
# File 'lib/inspec/profile.rb', line 241 def filter_waived_controls cfg = Inspec::Config.cached return tests unless cfg["filter_waived_controls"] ## Find the waivers file # - TODO: cli_opts and instance_variable_get could be exposed waiver_paths = cfg.instance_variable_get(:@cli_opts)["waiver_file"] if waiver_paths.blank? Inspec::Log.error "Must use --waiver-file with --filter-waived-controls" Inspec::UI.new.exit(:usage_error) end # # Pull together waiver waived_control_ids = [] waiver_paths.each do |waiver_path| waiver_content = YAML.load_file(waiver_path) unless waiver_content # Note that we will have already issued a detailed warning Inspec::Log.error "YAML parsing error in #{waiver_path}" Inspec::UI.new.exit(:usage_error) end waived_control_ids << waiver_content.keys end waived_control_id_regex = "(#{waived_control_ids.join("|")})" ## Purge tests (this could be doone in next block for performance) ## TODO: implement earlier with pure AST and pure autocorrect AST filtered_tests = {} if cfg["retain_waiver_data"] # VERY EXPERIMENTAL, but an empty describe block at the top level # of the control blocks evaluation of ruby code until later-term # waivers (behind the scenes this tells RSpec to hold on and use its internals to lazy load the code). This allows current waiver-data (e.g. skips) to still # be processed and rendered tests.each do |control_filename, source_code| cleared_tests = source_code.scan(/control\s+['"].+?['"].+?(?=(?:control\s+['"].+?['"])|\z)/m).collect do |element| next if element.blank? if element&.match?(waived_control_id_regex) splitlines = element.split("\n") splitlines[0] + "\ndescribe '---' do\n" + splitlines[1..-1].join("\n") + "\nend\n" else element end end.join("") filtered_tests[control_filename] = cleared_tests end else tests.each do |control_filename, source_code| cleared_tests = source_code.scan(/control\s+['"].+?['"].+?(?=(?:control\s+['"].+?['"])|\z)/m).select do |control_code| !control_code.match?(waived_control_id_regex) end.join("") filtered_tests[control_filename] = cleared_tests end end filtered_tests end |
#generate_lockfile ⇒ Inspec::Lockfile
Generate an in-memory lockfile. This won’t render the lock file to disk, it must be explicitly written to disk by the caller.
713 714 715 716 717 |
# File 'lib/inspec/profile.rb', line 713 def generate_lockfile res = Inspec::DependencySet.new(cwd, @cache, nil, @backend) res.vendor(.dependencies) Inspec::Lockfile.from_dependency_set(res) end |
#include_controls_list ⇒ Object
This creates the list of controls provided in the –controls options which need to be include for evaluation.
301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 |
# File 'lib/inspec/profile.rb', line 301 def include_controls_list return [] if @controls.nil? || @controls.empty? included_controls = @controls # Check for anything that might be a regex in the list, and make it official included_controls.each_with_index do |inclusion, index| next if inclusion.is_a?(Regexp) # Insist the user wrap the regex in slashes to demarcate it as a regex next unless inclusion.start_with?("/") && inclusion.end_with?("/") inclusion = inclusion[1..-2] # Trim slashes begin re = Regexp.new(inclusion) included_controls[index] = re rescue RegexpError => e warn "Ignoring unparseable regex '/#{inclusion}/' in --control CLI option: #{e.}" included_controls[index] = nil end end included_controls.compact! included_controls end |
#include_tags_list ⇒ Object
This creates the list of controls to be filtered by tag values provided in the –tags options
325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 |
# File 'lib/inspec/profile.rb', line 325 def return [] if @tags.nil? || @tags.empty? = @tags # Check for anything that might be a regex in the list, and make it official .each_with_index do |inclusion, index| next if inclusion.is_a?(Regexp) # Insist the user wrap the regex in slashes to demarcate it as a regex next unless inclusion.start_with?("/") && inclusion.end_with?("/") inclusion = inclusion[1..-2] # Trim slashes begin re = Regexp.new(inclusion) [index] = re rescue RegexpError => e warn "Ignoring unparseable regex '/#{inclusion}/' in --control CLI option: #{e.}" [index] = nil end end .compact! end |
#info(res = params.dup) ⇒ Object
rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/MethodLength
391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 |
# File 'lib/inspec/profile.rb', line 391 def info(res = params.dup) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/MethodLength # add information about the controls res[:controls] = res[:controls].map do |id, rule| next if id.to_s.empty? data = rule.dup data.delete(:checks) data[:impact] ||= 0.5 data[:impact] = 1.0 if data[:impact] > 1.0 data[:impact] = 0.0 if data[:impact] < 0.0 data[:id] = id # if the code field is empty try and pull info from dependencies if data[:code].empty? && parent_profile.nil? locked_dependencies.dep_list.each do |_name, dep| profile = dep.profile code = Inspec::MethodSource.code_at(data[:source_location], profile.source_reader) data[:code] = code unless code.nil? || code.empty? break unless data[:code].empty? end end data end.compact # resolve hash structure in groups res[:groups] = res[:groups].map do |id, group| group[:id] = id group end # add information about the required inputs if params[:inputs].nil? || params[:inputs].empty? # convert to array for backwards compatability res[:inputs] = [] else res[:inputs] = params[:inputs].values.map(&:to_hash) end res[:sha256] = sha256 res[:parent_profile] = parent_profile unless parent_profile.nil? if @supports_platform res[:status_message] = @status_message || "" res[:status] = failed? ? "failed" : "loaded" else res[:status] = "skipped" msg = "Skipping profile: '#{name}' on unsupported platform: '#{backend.platform.name}/#{backend.platform.release}'." res[:status_message] = msg end # convert legacy os-* supports to their platform counterpart if res[:supports] && !res[:supports].empty? res[:supports].each do |support| # TODO: deprecate support[:"platform-family"] = support.delete(:"os-family") if support.key?(:"os-family") support[:"platform-name"] = support.delete(:"os-name") if support.key?(:"os-name") end end res end |
#info! ⇒ Object
return info using uncached params
387 388 389 |
# File 'lib/inspec/profile.rb', line 387 def info! info(load_params.dup) end |
#load_dependencies ⇒ Object
719 720 721 722 723 724 725 726 727 |
# File 'lib/inspec/profile.rb', line 719 def load_dependencies config = { cwd: cwd, cache: @cache, backend: @backend, parent_profile: name, } Inspec::DependencySet.from_lockfile(lockfile, config, { inputs: @input_values }) end |
#load_libraries ⇒ Object
348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 |
# File 'lib/inspec/profile.rb', line 348 def load_libraries return @runner_context if @libraries_loaded locked_dependencies.dep_list.each_with_index do |(_name, dep), i| d = dep.profile # this will force a dependent profile load so we are only going to add # this metadata if the parent profile is supported. if @supports_platform && !d.supports_platform? # since ruby 1.9 hashes are ordered so we can just use index values here # TODO: NO! this is a violation of encapsulation to an extreme .dependencies[i][:status] = "skipped" msg = "Skipping profile: '#{d.name}' on unsupported platform: '#{d.backend.platform.name}/#{d.backend.platform.release}'." .dependencies[i][:status_message] = msg .dependencies[i][:skip_message] = msg # Repeat as skip_message for backward compatibility next elsif .dependencies[i] # Currently wrapper profiles will load all dependencies, and then we # load them again when we dive down. This needs to be re-done. .dependencies[i][:status] = "loaded" end # rubocop:disable Layout/ExtraSpacing c = d.load_libraries # !!!RECURSE!!! @runner_context.add_resources(c) end # TODO: why?!? we own both sides of this code libs = libraries.map(&:reverse) @runner_context.load_libraries(libs) @libraries_loaded = true @runner_context end |
#locked_dependencies ⇒ Object
669 670 671 |
# File 'lib/inspec/profile.rb', line 669 def locked_dependencies @locked_dependencies ||= load_dependencies end |
#lockfile ⇒ Object
698 699 700 701 702 703 704 |
# File 'lib/inspec/profile.rb', line 698 def lockfile @lockfile ||= if lockfile_exists? Inspec::Lockfile.from_content(@source_reader.target.read("inspec.lock")) else generate_lockfile end end |
#lockfile_exists? ⇒ Boolean
673 674 675 |
# File 'lib/inspec/profile.rb', line 673 def lockfile_exists? @source_reader.target.files.include?("inspec.lock") end |
#lockfile_path ⇒ Object
677 678 679 |
# File 'lib/inspec/profile.rb', line 677 def lockfile_path File.join(cwd, "inspec.lock") end |
#name ⇒ Object
165 166 167 |
# File 'lib/inspec/profile.rb', line 165 def name .params[:name] end |
#params ⇒ Object
211 212 213 |
# File 'lib/inspec/profile.rb', line 211 def params @params ||= load_params end |
#root_path ⇒ Object
681 682 683 |
# File 'lib/inspec/profile.rb', line 681 def root_path @source_reader.target.prefix end |
#set_status_message(msg) ⇒ Object
615 616 617 |
# File 'lib/inspec/profile.rb', line 615 def (msg) @status_message = msg.to_s end |
#sha256 ⇒ Type
Calculate this profile’s SHA256 checksum. Includes metadata, dependencies, libraries, data files, and controls.
733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 |
# File 'lib/inspec/profile.rb', line 733 def sha256 # get all dependency checksums deps = Hash[locked_dependencies.list.map { |k, v| [k, v.profile.sha256] }] res = OpenSSL::Digest.new("SHA256") files = source_reader.tests.to_a + source_reader.libraries.to_a + source_reader.data_files.to_a + [["inspec.yml", source_reader..content]] + [["inspec.lock.deps", YAML.dump(deps)]] files.sort_by { |a| a[0] } .map { |f| res << f[0] << "\0" << f[1] << "\0" } res.digest.unpack("H*")[0] end |
#supported? ⇒ Boolean
Is this profile is supported on the current platform of the backend machine and the current inspec version.
187 188 189 |
# File 'lib/inspec/profile.rb', line 187 def supported? supports_platform? && supports_runtime? end |
#supports_platform? ⇒ Boolean
We need to check if we’re using a Mock’d backend for tests to function.
193 194 195 196 197 198 199 200 201 202 |
# File 'lib/inspec/profile.rb', line 193 def supports_platform? if @supports_platform.nil? @supports_platform = .supports_platform?(@backend) end if @backend.backend.class.to_s == "Train::Transports::Mock::Connection" @supports_platform = true end @supports_platform end |
#supports_runtime? ⇒ Boolean
204 205 206 207 208 209 |
# File 'lib/inspec/profile.rb', line 204 def supports_runtime? if @supports_runtime.nil? @supports_runtime = .supports_runtime? end @supports_runtime end |
#to_s ⇒ Object
382 383 384 |
# File 'lib/inspec/profile.rb', line 382 def to_s "Inspec::Profile<#{name}>" end |
#version ⇒ Object
169 170 171 |
# File 'lib/inspec/profile.rb', line 169 def version .params[:version] end |
#writable? ⇒ Boolean
173 174 175 |
# File 'lib/inspec/profile.rb', line 173 def writable? @writable end |