etc_hosts resource: test the contents of the /etc/hosts file #2065
Conversation
Signed-off-by: dromazos <[email protected]>
Signed-off-by: dromazos <[email protected]>
Signed-off-by: dromazos <[email protected]>
Signed-off-by: dromazos <[email protected]>
Signed-off-by: dromazos <[email protected]>
adamleff
changed the title
docs/resources/etc_hosts.md.erb
Outdated
| # etc_hosts | ||
|
|
||
| Use the `etc_hosts` InSpec audit resource to test rules set to match IP address's with hostnames. | ||
| ## Syntax |
docs/resources/etc_hosts.md.erb
Outdated
|
|
||
| # etc_hosts | ||
|
|
||
| Use the `etc_hosts` InSpec audit resource to test rules set to match IP address's with hostnames. |
docs/resources/etc_hosts.md.erb
Outdated
| Use the `etc_hosts` InSpec audit resource to test rules set to match IP address's with hostnames. | ||
| ## Syntax | ||
|
|
||
| An etc/hosts rule specifies an IP address and what it's hostname is along with an aliase names it can have. |
There was a problem hiding this comment.
Also not sure what aliase should be... alias or aliases? Probably alias?
docs/resources/etc_hosts.md.erb
Outdated
|
|
||
| An etc/hosts rule specifies an IP address and what it's hostname is along with an aliase names it can have. | ||
|
|
||
| ## Syntax |
There was a problem hiding this comment.
Please see the #2064 PR and apply the same points to the documentation here (remove extra spaces in parens, use the cmp matcher to avoid the double-array stuff, removing the return object type from the headers in each of the supported methods/matchers, etc.)
docs/resources/etc_hosts.md.erb
Outdated
| its ( 'all_host_names' ) { should eq [['list']] } | ||
| end | ||
|
|
||
| Use the optional constructor parameter to give an alternative path to hosts file |
There was a problem hiding this comment.
The example here doesn't use the optional parameter you speak of. 🙂
lib/resources/etc_hosts.rb
Outdated
|
|
||
| def initialize(hosts_path = nil) | ||
| return skip_resource 'The `etc_hosts` resource is not supported on your OS.' unless inspec.os.linux? || inspec.os.windows? | ||
| @conf_path = get_hosts_path_by_os(hosts_path) |
There was a problem hiding this comment.
It's more common to handle the override here, rather than in the get_hosts_path_by_os method...
@conf_path = hosts_path || get_hosts_path_by_osI'd also recommend naming the method default_hosts_file_path so it's clear why the method exists and its purpose.
lib/resources/etc_hosts.rb
Outdated
|
|
||
| private | ||
|
|
||
| def get_hosts_path_by_os(hosts_path) |
There was a problem hiding this comment.
I'd rewrite this a bit based on the above comment.
if inspec.os.linux?
'/etc/hosts'
elsif inspec.os.windows?
'c:\windows\system32\drivers\etc\hosts'
endThere was a problem hiding this comment.
This produces an error with lint, it tells you to use the return => unless.
There was a problem hiding this comment.
I am unable to reproduce that, and likely had to do with the nil checking, not the structure of the conditional. We use this pattern in other resources already. You can see it at the top of the file resource.
lib/resources/etc_hosts.rb
Outdated
| { | ||
| 'ip_address' => line_parts[0], | ||
| 'canonical_hostname' => line_parts[1], | ||
| 'all_host_names' => line_parts[1..-1] || '', |
There was a problem hiding this comment.
Shouldn't the default return if there are no elements 1+ be an empty array [] instead of an empty string?
There was a problem hiding this comment.
Also, to avoid that condition completely, maybe this should skip any line that has less than 2 line_parts...
line_parts = line.split
return unless line_parts.length >= 2
... etc ...
Then you shouldn't even need to worry about the default value for all_host_names
lib/resources/etc_hosts.rb
Outdated
|
|
||
| raw_conf = file.content | ||
| if raw_conf.empty? && !file.empty? | ||
| return skip_resource("File is empty.\"#{@conf_path}\"") |
There was a problem hiding this comment.
File isn't empty. Better error message: "Could not read file contents #{@conf_path}"
lib/resources/etc_hosts.rb
Outdated
| if raw_conf.empty? && !file.empty? | ||
| return skip_resource("File is empty.\"#{@conf_path}\"") | ||
| end | ||
| inspec.file(conf_path).content.lines |
There was a problem hiding this comment.
Why are you reading the file again? You've already read it in and stored it in raw_conf. This should probably be raw_conf.lines
Signed-off-by: dromazos <[email protected]>
lib/resources/etc_hosts.rb
Outdated
| # author: Matthew Dromazos | ||
|
|
||
| require 'utils/parser' | ||
| require 'pry' |
There was a problem hiding this comment.
Still needs to be removed, please!
lib/resources/etc_hosts.rb
Outdated
|
|
||
| def initialize(hosts_path = nil) | ||
| return skip_resource 'The `etc_hosts` resource is not supported on your OS.' unless inspec.os.linux? || inspec.os.windows? | ||
| @conf_path = hosts_path || default_hosts_file_path(hosts_path) |
There was a problem hiding this comment.
You're doing an || here (which is great), which means default_hosts_file_path doesn't need to receive it as an argument. It will simplify the default_hosts_file_path method as well.
lib/resources/etc_hosts.rb
Outdated
|
|
||
| private | ||
|
|
||
| def default_hosts_file_path(hosts_path) |
There was a problem hiding this comment.
As per above, hosts_path should be needed here; this method should just return the appropriate default and let the initialize method either call it or not call it depending on whether the user supplied a path. I'd really simplify down to one line:
inspec.os.windows? ? 'C:\windows\system32\drivers\etc\hosts' : '/etc/hosts'
lib/resources/etc_hosts.rb
Outdated
| line_parts = line.split | ||
| return nil unless line_parts.length >= 2 | ||
| { | ||
| 'ip_address' => line_parts[0], |
There was a problem hiding this comment.
Can you please align these or remove the extraneous spaces? Lines 64-66. Either way is fine as long as it's consistent. Thanks!
lib/resources/etc_hosts.rb
Outdated
|
|
||
| raw_conf = file.content | ||
| if raw_conf.empty? && !file.empty? | ||
| return skip_resource("Could not read file contents\"#{@conf_path}\"") |
There was a problem hiding this comment.
Missing a space between contents and \"
Signed-off-by: dromazmj <[email protected]>
There was a problem hiding this comment.
This looks good to me. We'll need to fix the conflict in test/helper.rb but I'd hold off on doing that until right before we merge after getting a 2nd approval or we're just going to have to come back and fix it again due to the other pending PRs that may get merged before this.
Thanks, @dromazmj.
Signed-off-by: dromazos [email protected]