Class: Inspec::Runner

Inherits:

Object

• Object
• Inspec::Runner

Extended by:

Forwardable

Defined in:

lib/inspec/runner.rb

Overview

Inspec::Runner coordinates the running of tests and is the main entry point to the application.

Users are expected to insantiate a runner, add targets to be run, and then call the run method:

“‘ r = Inspec::Runner.new() r.add_target(“/path/to/some/profile”) r.add_target(“url/to/some/profile”) r.run “`

Instance Attribute Summary

• #backend ⇒ Object readonly

  Returns the value of attribute backend.

• #inputs ⇒ Object readonly

  Returns the value of attribute inputs.

• #rules ⇒ Object readonly

  Returns the value of attribute rules.

Instance Method Summary

• #add_target(target, _opts = []) ⇒ Object

  add_target allows the user to add a target whose tests will be run when the user calls the run method.

• #all_rules ⇒ Object

  In some places we read the rules off of the runner, in other places we read it off of the profile context.

• #attributes ⇒ Object
• #configure_transport ⇒ Object
• #eval_with_virtual_profile(command) ⇒ Object
• #initialize(conf = {}) ⇒ Runner constructor

  A new instance of Runner.

• #load ⇒ Object
• #load_inputs(options) ⇒ Object

  determine all inputs before the execution, fetch data from secrets backend.

• #register_rules(ctx) ⇒ Object
• #render_output(run_data) ⇒ Object
• #report ⇒ Object
• #reset ⇒ Object
• #run(with = nil) ⇒ Object
• #run_tests(with = nil) ⇒ Object
• #supports_profile?(profile) ⇒ Boolean
• #tests ⇒ Object
• #write_lockfile(profile) ⇒ Object

Constructor Details

#initialize(conf = {}) ⇒ Runner

Returns a new instance of Runner.

# File 'lib/inspec/runner.rb', line 42

def initialize(conf = {})
  @rules = []
  # If we were handed a Hash config (by audit cookbook or kitchen-inspec),
  # upgrade it to a proper config. This handles a lot of config finalization,
  # like reporter parsing.
  @conf = conf.is_a?(Hash) ? Inspec::Config.new(conf) : conf
  @conf[:logger] ||= Logger.new(nil)
  @target_profiles = []
  @controls = @conf[:controls] || []
  @depends = @conf[:depends] || []
  @create_lockfile = @conf[:create_lockfile]
  @cache = Inspec::Cache.new(@conf[:vendor_cache])

  @test_collector = @conf.delete(:test_collector) || begin
    require 'inspec/runner_rspec'
    RunnerRspec.new(@conf)
  end

  # list of profile inputs
  @inputs = {}

  load_inputs(@conf)
  configure_transport
end

Instance Attribute Details

#backend ⇒ Object (readonly)

Returns the value of attribute backend.

# File 'lib/inspec/runner.rb', line 35

def backend
  @backend
end

#inputs ⇒ Object (readonly)

Returns the value of attribute inputs.

# File 'lib/inspec/runner.rb', line 35

def inputs
  @inputs
end

#rules ⇒ Object (readonly)

Returns the value of attribute rules.

# File 'lib/inspec/runner.rb', line 35

def rules
  @rules
end

Instance Method Details

#add_target(target, _opts = []) ⇒ Object

add_target allows the user to add a target whose tests will be run when the user calls the run method.

A target is a path or URL that points to a profile. Using this target we generate a Profile and a ProfileContext. The content (libraries, tests, and inputs) from the Profile are loaded into the ProfileContext.

If the profile depends on other profiles, those profiles will be loaded on-demand when include_content or required_content are called using similar code in Inspec::DSL.

Once the we’ve loaded all of the tests files in the profile, we query the profile for the full list of rules. Those rules are registered with the @test_collector which is ultimately responsible for actually running the tests.

TODO: Deduplicate/clarify the loading code that exists in here, the ProfileContext, the Profile, and Inspec::DSL

# File 'lib/inspec/runner.rb', line 203

def add_target(target, _opts = [])
  profile = Inspec::Profile.for_target(target,
                                       vendor_cache: @cache,
                                       backend: @backend,
                                       controls: @controls,
                                       inputs: @conf[:attributes]) # TODO: read form :inputs here (user visible)
  raise "Could not resolve #{target} to valid input." if profile.nil?
  @target_profiles << profile if supports_profile?(profile)
end

#all_rules ⇒ Object

In some places we read the rules off of the runner, in other places we read it off of the profile context. To keep the API’s the same, we provide an #all_rules method here as well.

# File 'lib/inspec/runner.rb', line 226

def all_rules
  @rules
end

#attributes ⇒ Object

# File 'lib/inspec/runner.rb', line 37

def attributes
  Inspec.deprecate(:rename_attributes_to_inputs, "Don't call runner.attributes, call runner.inputs")
  inputs
end

#configure_transport ⇒ Object

# File 'lib/inspec/runner.rb', line 71

def configure_transport
  @backend = Inspec::Backend.create(@conf)
  @test_collector.backend = @backend
end

#eval_with_virtual_profile(command) ⇒ Object

# File 'lib/inspec/runner.rb', line 240

def eval_with_virtual_profile(command)
  require 'fetchers/mock'
  add_target({ 'inspec.yml' => 'name: inspec-shell' })
  our_profile = @target_profiles.first
  ctx = our_profile.runner_context

  # Load local profile dependencies. This is used in inspec shell
  # to provide access to local profiles that add resources.
  @depends.each do |dep|
    # support for windows paths
    dep = dep.tr('\\', '/')
    Inspec::Profile.for_path(dep, { profile_context: ctx }).load_libraries
  end

  ctx.load(command)
end

#load ⇒ Object

# File 'lib/inspec/runner.rb', line 84

def load
  all_controls = []

  @target_profiles.each do |profile|
    @test_collector.add_profile(profile)
    next unless profile.supports_platform?

    write_lockfile(profile) if @create_lockfile
    profile.locked_dependencies
    profile_context = profile.load_libraries

    profile_context.dependencies.list.values.each do |requirement|
      unless requirement.profile.supports_platform?
        Inspec::Log.warn "Skipping profile: '#{requirement.profile.name}'" \
         " on unsupported platform: '#{@backend.platform.name}/#{@backend.platform.release}'."
        next
      end
      @test_collector.add_profile(requirement.profile)
    end

    @inputs = profile.runner_context.inputs if @inputs.empty?
    tests = profile.collect_tests
    all_controls += tests unless tests.nil?
  end

  all_controls.each do |rule|
    register_rule(rule) unless rule.nil?
  end
end

#load_inputs(options) ⇒ Object

determine all inputs before the execution, fetch data from secrets backend

# File 'lib/inspec/runner.rb', line 153

def load_inputs(options)
  # TODO: - rename :attributes and :attrs - these are both user-visible
  options[:attributes] ||= {}

  secrets_targets = options[:attrs]
  return options[:attributes] if secrets_targets.nil?

  secrets_targets.each do |target|
    validate_inputs_file_readability!(target)

    secrets = Inspec::SecretsBackend.resolve(target)
    if secrets.nil?
      raise Inspec::Exceptions::SecretsBackendNotFound,
            "Cannot find parser for inputs file '#{target}'. " \
            'Check to make sure file has the appropriate extension.'
    end

    next if secrets.inputs.nil?
    options[:attributes].merge!(secrets.inputs)
  end

  options[:attributes]
end

#register_rules(ctx) ⇒ Object

# File 'lib/inspec/runner.rb', line 230

def register_rules(ctx)
  new_tests = false
  ctx.rules.each do |rule_id, rule|
    next if block_given? && !(yield rule_id, rule)
    new_tests = true
    register_rule(rule)
  end
  new_tests
end

#render_output(run_data) ⇒ Object

# File 'lib/inspec/runner.rb', line 120

def render_output(run_data)
  return if @conf['reporter'].nil?

  @conf['reporter'].each do |reporter|
    result = Inspec::Reporters.render(reporter, run_data)
    raise Inspec::ReporterError, "Error generating reporter '#{reporter[0]}'" if result == false
  end
end

#report ⇒ Object

# File 'lib/inspec/runner.rb', line 129

def report
  Inspec::Reporters.report(@conf['reporter'].first, @run_data)
end

#reset ⇒ Object

# File 'lib/inspec/runner.rb', line 76

def reset
  @test_collector.reset
  @target_profiles.each do |profile|
    profile.runner_context.rules = {}
  end
  @rules = []
end

#run(with = nil) ⇒ Object

# File 'lib/inspec/runner.rb', line 114

def run(with = nil)
  Inspec::Log.debug "Starting run with targets: #{@target_profiles.map(&:to_s)}"
  load
  run_tests(with)
end

#run_tests(with = nil) ⇒ Object

# File 'lib/inspec/runner.rb', line 145

def run_tests(with = nil)
  @run_data = @test_collector.run(with)
  # dont output anything if we want a report
  render_output(@run_data) unless @conf['report']
  @test_collector.exit_code
end

#supports_profile?(profile) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/inspec/runner.rb', line 213

def supports_profile?(profile)
  if !profile.supports_runtime?
    raise 'This profile requires InSpec version '\
         "#{profile.metadata.inspec_requirement}. You are running "\
         "InSpec v#{Inspec::VERSION}.\n"
  end

  true
end

#tests ⇒ Object

# File 'lib/inspec/runner.rb', line 67

def tests
  @test_collector.tests
end

#write_lockfile(profile) ⇒ Object

# File 'lib/inspec/runner.rb', line 133

def write_lockfile(profile)
  return false if !profile.writable?

  if profile.lockfile_exists?
    Inspec::Log.debug "Using existing lockfile #{profile.lockfile_path}"
  else
    Inspec::Log.debug "Creating lockfile: #{profile.lockfile_path}"
    lockfile = profile.generate_lockfile
    File.write(profile.lockfile_path, lockfile.to_yaml)
  end
end