Class: Inspec::ControlEvalContext

Inherits:
Object
  • Object
show all
Defined in:
lib/inspec/control_eval_context.rb

Overview

ControlEvalContext constructs an anonymous class that control files will be instance_exec’d against.

The anonymous class includes the given passed resource_dsl as well as the basic DSL of the control files (describe, control, title, etc).

Class Method Summary collapse

Class Method Details

.create(profile_context, resources_dsl) ⇒ ProfileContextClass

Creates the heart of the control eval context:

An instantiated object which has all resources registered to it and exposes them to the a test file.

Parameters:

Returns:

  • (ProfileContextClass)


43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
# File 'lib/inspec/control_eval_context.rb', line 43

def self.create(profile_context, resources_dsl) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
  profile_context_owner = profile_context
  profile_id = profile_context.profile_id
  rule_class = rule_context(resources_dsl, profile_id)

  Class.new do # rubocop:disable Metrics/BlockLength
    include Inspec::DSL
    include Inspec::DSL::RequireOverride
    include resources_dsl

    attr_accessor :skip_file

    def initialize(backend, conf, dependencies, require_loader, skip_only_if_eval)
      @backend = backend
      @conf = conf
      @dependencies = dependencies
      @require_loader = require_loader
      @skip_file_message = nil
      @skip_file = false
      @skip_only_if_eval = skip_only_if_eval
    end

    define_method :title do |arg|
      profile_context_owner.set_header(:title, arg)
    end

    def to_s
      "Control Evaluation Context (#{profile_name})"
    end

    define_method :profile_name do
      profile_id
    end

    define_method :control do |*args, &block|
      id = args[0]
      opts = args[1] || {}
      opts[:skip_only_if_eval] = @skip_only_if_eval
      register_control(rule_class.new(id, profile_id, opts, &block))
    end

    #
    # Describe allows users to write rspec-like bare describe
    # blocks without declaring an inclosing control. Here, we
    # generate a control for them automatically and then execute
    # the describe block in the context of that control.
    #
    define_method :describe do |*args, &block|
      loc = block_location(block, caller(1..1).first)
      id = "(generated from #{loc} #{SecureRandom.hex})"

      res = nil
      rule = rule_class.new(id, profile_id, {}) do
        res = describe(*args, &block)
      end
      register_control(rule, &block)

      res
    end

    define_method :add_resource do |name, new_res|
      resources_dsl.module_exec do
        define_method name.to_sym do |*args|
          new_res.new(@backend, name.to_s, *args)
        end
      end
    end

    define_method :add_resources do |context|
      self.class.class_eval do
        include context.to_resources_dsl
      end

      rule_class.class_eval do
        include context.to_resources_dsl
      end
    end

    define_method :add_subcontext do |context|
      profile_context_owner.add_subcontext(context)
    end

    define_method :register_control do |control, &block|
      if @skip_file
        ::Inspec::Rule.set_skip_rule(control, true, @skip_file_message)
      end

      unless profile_context_owner.profile_supports_platform?
        platform = inspec.platform
        msg = "Profile #{profile_context_owner.profile_id} is not supported on platform #{platform.name}/#{platform.release}."
        ::Inspec::Rule.set_skip_rule(control, true, msg)
      end

      unless profile_context_owner.profile_supports_inspec_version?
        msg = "Profile #{profile_context_owner.profile_id} is not supported on InSpec version (#{Inspec::VERSION})."
        ::Inspec::Rule.set_skip_rule(control, true, msg)
      end

      profile_context_owner.register_rule(control, &block) unless control.nil?
    end

    # method for attributes; import attribute handling
    define_method :attribute do |name, options = nil|
      if options.nil?
        Inspec::AttributeRegistry.find_attribute(name, profile_id).value
      else
        profile_context_owner.register_attribute(name, options)
      end
    end

    define_method :skip_control do |id|
      profile_context_owner.unregister_rule(id)
    end

    define_method :only_if do |message = nil, &block|
      return unless block
      return if @skip_file == true
      return if @skip_only_if_eval == true

      return if block.yield == true
      # Apply `set_skip_rule` for other rules in the same file
      profile_context_owner.rules.values.each do |r|
        sources_match = r.source_file == block.source_location[0]
        Inspec::Rule.set_skip_rule(r, true, message) if sources_match
      end

      @skip_file_message = message
      @skip_file = true
    end

    alias_method :rule, :control
    alias_method :skip_rule, :skip_control

    private

    def block_location(block, alternate_caller)
      if block.nil?
        alternate_caller[/^(.+:\d+):in .+$/, 1] || 'unknown'
      else
        path, line = block.source_location
        "#{File.basename(path)}:#{line}"
      end
    end
  end
end

.rule_context(resources_dsl, profile_id) ⇒ RuleContext

Create the context for controls. This includes all components of the DSL, including matchers and resources.

Parameters:

  • resources_dsl (ResourcesDSL)

    which has all resources to attach

Returns:

  • (RuleContext)

    the inner context of rules



22
23
24
25
26
27
28
29
30
31
32
33
# File 'lib/inspec/control_eval_context.rb', line 22

def self.rule_context(resources_dsl, profile_id)
  require 'rspec/core/dsl'
  Class.new(Inspec::Rule) do
    include RSpec::Core::DSL
    with_resource_dsl resources_dsl

    # allow attributes to be accessed within control blocks
    define_method :attribute do |name|
      Inspec::AttributeRegistry.find_attribute(name, profile_id).value
    end
  end
end