Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-10 07:04:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'master' into mj/encoding

Browse source
This commit is contained in:
Miah Johnson 2019-05-08 12:59:55 -07:00 committed by GitHub
commit 11b8da3283
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
245 changed files with 1193 additions and 990 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.github/CODEOWNERS vendored
View file

@ -1,5 +1,6 @@
# Order is important. The last matching pattern has the most precedence.
* @chef/inspec-maintainers
* @chef/inspec-team
docs/** @chef/docs-team @chef/inspec-team
.expeditor/** @chef/jex-team
omnibus/** @chef/ben-team

27
CHANGELOG.md
View file

@ -1,9 +1,32 @@
# Change Log
<!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
<!-- latest_release -->
<!-- latest_release 4.4.7 -->
## [v4.4.7](https://github.com/inspec/inspec/tree/v4.4.7) (2019-05-08)
#### Merged Pull Requests
- Add Coveralls.io support to InSpec [#3988](https://github.com/inspec/inspec/pull/3988) ([miah](https://github.com/miah))
<!-- latest_release -->
<!-- release_rollup -->
<!-- release_rollup since=4.3.2 -->
### Changes since 4.3.2 release
#### New Features
- Rename &#39;attribute&#39; DSL method to &#39;input&#39; [#4008](https://github.com/inspec/inspec/pull/4008) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 4.4.0 -->
#### Enhancements
- Add missing tests for DataSeries#enabled? #disable [#4036](https://github.com/inspec/inspec/pull/4036) ([miah](https://github.com/miah)) <!-- 4.4.5 -->
- Improve testing on inputs that do not have values [#4007](https://github.com/inspec/inspec/pull/4007) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 4.4.0 -->
- Add inspec-*-bin to the plugin filter list [#4018](https://github.com/inspec/inspec/pull/4018) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 4.3.5 -->
#### Merged Pull Requests
- Add Coveralls.io support to InSpec [#3988](https://github.com/inspec/inspec/pull/3988) ([miah](https://github.com/miah)) <!-- 4.4.7 -->
- Enable user telemetry opt-in / opt-out on cli [#4025](https://github.com/inspec/inspec/pull/4025) ([miah](https://github.com/miah)) <!-- 4.4.6 -->
- First step to get inspec names changeable [#3954](https://github.com/inspec/inspec/pull/3954) ([artem-sidorenko](https://github.com/artem-sidorenko)) <!-- 4.4.4 -->
- Change software name from InSpec to Chef Inspec in documentation [#3987](https://github.com/inspec/inspec/pull/3987) ([IanMadd](https://github.com/IanMadd)) <!-- 4.4.3 -->
- Modernize use of Minitest. [#4023](https://github.com/inspec/inspec/pull/4023) ([zenspider](https://github.com/zenspider)) <!-- 4.4.2 -->
- Update the omnibus build license to the Chef EULA [#4038](https://github.com/inspec/inspec/pull/4038) ([btm](https://github.com/btm)) <!-- 4.4.1 -->
- Update resource registry_key documentation example [#4004](https://github.com/inspec/inspec/pull/4004) ([miah](https://github.com/miah)) <!-- 4.3.4 -->
- Update software names in readme [#4014](https://github.com/inspec/inspec/pull/4014) ([mjingle](https://github.com/mjingle)) <!-- 4.3.3 -->
<!-- release_rollup -->
<!-- latest_stable_release -->

1
Gemfile
View file

@ -19,6 +19,7 @@ group :omnibus do
end
group :test do
gem 'coveralls', require: false
gem 'minitest', '~> 5.5'
gem 'rake', '>= 10'
gem 'rubocop', '= 0.49.1'

47
README.md
View file

@ -1,10 +1,17 @@
# InSpec: Inspect Your Infrastructure
# Chef InSpec: Inspect Your Infrastructure
* **Project State: Active**
* **Issues Response SLA: 3 business days**
* **Pull Request Response SLA: 3 business days**
For more information on project states and SLAs, see [this documentation](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md).
[![Slack](https://community-slack.chef.io/badge.svg)](https://community-slack.chef.io/)
[![Build Status Master](https://travis-ci.org/inspec/inspec.svg?branch=master)](https://travis-ci.org/inspec/inspec)
[![Build Status Master](https://ci.appveyor.com/api/projects/status/github/inspec/inspec?branch=master&svg=true&passingText=master%20-%20Ok&pendingText=master%20-%20Pending&failingText=master%20-%20Failing)](https://ci.appveyor.com/project/Chef/inspec/branch/master)
[![Coverage Status](https://coveralls.io/repos/github/inspec/inspec/badge.svg?branch=master)](https://coveralls.io/github/inspec/inspec?branch=master)
InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.
Chef InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.
```ruby
# Disallow insecure protocols by testing
@ -18,7 +25,7 @@ describe inetd_conf do
end
```
InSpec makes it easy to run your tests wherever you need. More options are found in our [CLI docs](https://www.inspec.io/docs/reference/cli/).
Chef InSpec makes it easy to run your tests wherever you need. More options are found in our [CLI docs](https://www.inspec.io/docs/reference/cli/).
```bash
# run test locally
@ -27,7 +34,7 @@ inspec exec test.rb
# run test on remote host on SSH
inspec exec test.rb -t ssh://user@hostname -i /path/to/key
# run test on remote host using SSH agent private key authentication. Requires InSpec 1.7.1
# run test on remote host using SSH agent private key authentication. Requires Chef InSpec 1.7.1
inspec exec test.rb -t ssh://user@hostname
# run test on remote windows host on WinRM
@ -40,17 +47,17 @@ inspec exec test.rb -t docker://container_id
# Features
- Built-in Compliance: Compliance no longer occurs at the end of the release cycle
- Targeted Tests: InSpec writes tests that specifically target compliance issues
- Targeted Tests: Chef InSpec writes tests that specifically target compliance issues
- Metadata: Includes the metadata required by security and compliance pros
- Easy Testing: Includes a command-line interface to run tests quickly
## Installation
InSpec requires Ruby ( >= 2.4 ).
Chef InSpec requires Ruby ( >= 2.4 ).
### Install as package
The InSpec package is available for MacOS, RedHat, Ubuntu and Windows. Download the latest package at [InSpec Downloads](https://downloads.chef.io/inspec) or install InSpec via script:
The Chef InSpec package is available for MacOS, RedHat, Ubuntu and Windows. Download the latest package at [Chef InSpec Downloads](https://downloads.chef.io/inspec) or install Chef InSpec via script:
```
# RedHat, Ubuntu, and macOS
@ -135,11 +142,11 @@ gem install inspec-*.gem
On Windows, you need to install [Ruby](http://rubyinstaller.org/downloads/) with [Ruby Development Kit](https://github.com/oneclick/rubyinstaller/wiki/Development-Kit) to build dependencies with its native extensions.
### Install via Habitat
### Install via Chef Habitat
Currently, this method of installation only supports Linux. See the [Habitat site](https://www.habitat.sh/) for more information.
Currently, this method of installation only supports Linux. See the [Chef Habitat site](https://www.habitat.sh/) for more information.
Download the `hab` binary from the [Habitat](https://www.habitat.sh/docs/get-habitat/) site.
Download the `hab` binary from the [Chef Habitat](https://www.habitat.sh/docs/get-habitat/) site.
```bash
hab pkg install chef/inspec --binlink
@ -147,7 +154,7 @@ hab pkg install chef/inspec --binlink
inspec
```
### Run InSpec
### Run Chef InSpec
You should now be able to run:
@ -203,10 +210,10 @@ end
```
Also have a look at our examples for:
- [Using InSpec with Test Kitchen & Chef](https://github.com/chef/inspec/tree/master/examples/kitchen-chef)
- [Using InSpec with Test Kitchen & Puppet](https://github.com/chef/inspec/tree/master/examples/kitchen-puppet)
- [Using InSpec with Test Kitchen & Ansible](https://github.com/chef/inspec/tree/master/examples/kitchen-ansible)
- [Implementing an InSpec profile](https://github.com/chef/inspec/tree/master/examples/profile)
- [Using Chef InSpec with Test Kitchen & Chef Infra](https://github.com/chef/inspec/tree/master/examples/kitchen-chef)
- [Using Chef InSpec with Test Kitchen & Puppet](https://github.com/chef/inspec/tree/master/examples/kitchen-puppet)
- [Using Chef InSpec with Test Kitchen & Ansible](https://github.com/chef/inspec/tree/master/examples/kitchen-ansible)
- [Implementing an Chef InSpec profile](https://github.com/chef/inspec/tree/master/examples/profile)
## Or tests: Testing for a OR b
@ -335,13 +342,13 @@ Relationship to other tools (RSpec, Serverspec):
## Share your Profiles
You may share your InSpec Profiles in the [Tools &amp; Plugins section](https://supermarket.chef.io/tools-directory) of the [Chef Supermarket](https://supermarket.chef.io/). [Sign in](https://supermarket.chef.io/sign-in) and [add the details of your profile](https://supermarket.chef.io/tools/new).
You may share your Chef InSpec Profiles in the [Tools &amp; Plugins section](https://supermarket.chef.io/tools-directory) of the [Chef Supermarket](https://supermarket.chef.io/). [Sign in](https://supermarket.chef.io/sign-in) and [add the details of your profile](https://supermarket.chef.io/tools/new).
You may also [browse the Supermarket for shared Compliance Profiles](https://supermarket.chef.io/tools?type=compliance_profile).
## Kudos
InSpec is inspired by the wonderful [Serverspec](http://serverspec.org) project. Kudos to [mizzy](https://github.com/mizzy) and [all contributors](https://github.com/mizzy/serverspec/graphs/contributors)!
Chef InSpec is inspired by the wonderful [Serverspec](http://serverspec.org) project. Kudos to [mizzy](https://github.com/mizzy) and [all contributors](https://github.com/mizzy/serverspec/graphs/contributors)!
The AWS resources were inspired by [inspec-aws](https://github.com/arothian/inspec-aws) from [arothian](https://github.com/arothian).
@ -353,7 +360,7 @@ The AWS resources were inspired by [inspec-aws](https://github.com/arothian/insp
1. Push to the branch (git push origin my-new-feature)
1. Create new Pull Request
The InSpec community and maintainers are very active and helpful. This project benefits greatly from this activity.
The Chef InSpec community and maintainers are very active and helpful. This project benefits greatly from this activity.
If you'd like to chat with the community and maintainers directly join us in the `#inspec` channel on the [Chef Community Slack](http://community-slack.chef.io/).
@ -361,7 +368,7 @@ As a reminder, all participants are expected to follow the [Code of Conduct](htt
[![Slack](https://community-slack.chef.io/badge.svg)](https://community-slack.chef.io/)
## Testing InSpec
## Testing Chef InSpec
We offer `unit`, `integration`, and `aws` tests.
@ -389,7 +396,7 @@ bundle exec m test/unit/resources/user_test.rb -l 123
### Integration tests
These tests download various virtual machines, to ensure InSpec is working as expected across different operating systems.
These tests download various virtual machines, to ensure Chef InSpec is working as expected across different operating systems.
These tests require the following gems:

2
Rakefile Normal file → Executable file
View file

@ -65,7 +65,7 @@ Rake::TestTask.new do |t|
'lib/plugins/inspec-*/test/unit/**/*_test.rb',
])
t.warning = false
t.verbose = true
t.verbose = !!ENV["V"] # default to off. the test commands are _huge_.
t.ruby_opts = ['--dev'] if defined?(JRUBY_VERSION)
end

2
VERSION
View file

@ -1 +1 @@
4.3.2
4.4.7

6
docs/README.md
View file

@ -1,6 +1,6 @@
# InSpec documentation
# Chef InSpec documentation
This is the home of the InSpec documentation. This documentation provides an introduction to this mechanism and shows how to write custom tests.
This is the home of the Chef InSpec documentation. This documentation provides an introduction to this mechanism and shows how to write custom tests.
The goal of this folder is for any community member to clone these docs, make the changes, check if they are valid, and contribute to the project.
@ -30,7 +30,7 @@ bundle exec rake --tasks docs
## Stability Index
Every available InSpec resource will indicate its stability. As InSpec matures, certain parts are more reliable than others. Brand new features are likely to be redesigned and marked as such.
Every available Chef InSpec resource will indicate its stability. As Chef InSpec matures, certain parts are more reliable than others. Brand new features are likely to be redesigned and marked as such.
The stability indices are as follows:

8
docs/config.md
View file

@ -1,10 +1,10 @@
# The InSpec Configuration File
# The Chef InSpec Configuration File
This documents the InSpec configuration file format introduced in version 3.5 of InSpec.
This documents the Chef InSpec configuration file format introduced in version 3.5 of InSpec.
## Config File Location
By default, InSpec looks for a config file in `~/.inspec/config.json`. InSpec does not need a configuration file to run.
By default, Chef InSpec looks for a config file in `~/.inspec/config.json`. Chef InSpec does not need a configuration file to run.
You may also specify the location using `--config`. For example, to run the shell using a config file in `/etc/inspec`, use `inspec shell --config /etc/inspec/config.json`.
@ -74,7 +74,7 @@ Each Train transport offers a variety of options. By using the credential set fa
You may have as many credential sets in the config file as you require.
If you use a target URI and the portion after the `://` cannot be matched to credential set name, InSpec will send the URI to Train to be parsed as a Train URI. Thus, you can still do `ssh://someuser@myhost.com`.
If you use a target URI and the portion after the `://` cannot be matched to credential set name, Chef InSpec will send the URI to Train to be parsed as a Train URI. Thus, you can still do `ssh://someuser@myhost.com`.
You can use a credential set, and then override individual options using command line options.

6
docs/dev/control-eval.md
View file

@ -6,8 +6,8 @@
## Tips
* In the early days of InSpec / ServerSpec, controls were called "rules". Throughout various places in the code, the word "rule" is used to mean "control". Make the mental subsitution.
* InSpec supports reading profiles from tarballs, local files, git repos, etc. So, don't count on local file reading; instead it uses a special source reader to obtain the contents of the files.
* In the early days of Chef InSpec / ServerSpec, controls were called "rules". Throughout various places in the code, the word "rule" is used to mean "control". Make the mental subsitution.
* Chef InSpec supports reading profiles from tarballs, local files, git repos, etc. So, don't count on local file reading; instead it uses a special source reader to obtain the contents of the files.
## The basics of the stack
@ -20,7 +20,7 @@
## A profile context is created
Like many things in InSpec core, a profile context is an anonymous class. (verify)
Like many things in Chef InSpec core, a profile context is an anonymous class. (verify)
Additionally, a control_eval_context is created. It is an instance of an anonymous class; it has a class<->relationship with its profile context. See `lib/inspec/control_eval_context.rb`.

12
docs/dev/deprecation.md
View file

@ -2,18 +2,18 @@
## Overview
The centralized deprecation facility is used to deprecate (retire, withdraw, etc) features both within InSpec core code, InSpec core resources, plugins, and custom resources.
The centralized deprecation facility is used to deprecate (retire, withdraw, etc) features both within Chef InSpec core code, Chef InSpec core resources, plugins, and custom resources.
The most important goal of the deprecation facility was to collect decisions about what actions should be taken for a deprecation in a central place, so that it is easier to handle major version changes.
### Audience
The deprecation facility is intended to be used by core InSpec developers, contributors, and resource developers. The configuration file, while intended to be easily understood and editable, is not intended to be modified by a typical InSpec user. The configuration present there should be considered part of the "release configuration," not part of the "runtime configuration."
The deprecation facility is intended to be used by core Chef InSpec developers, contributors, and resource developers. The configuration file, while intended to be easily understood and editable, is not intended to be modified by a typical Chef InSpec user. The configuration present there should be considered part of the "release configuration," not part of the "runtime configuration."
### Example
```
# In some code in InSpec core
# In some code in Chef InSpec core
def something_crufty
Inspec.deprecate :old_feature, 'Don't call something_crufty anymore'
end
@ -48,7 +48,7 @@ This makes the deprecation silent - it is there and ready to be triggered, but h
For v4:
```
"groups": {
"old_shadow_features": { "action": "warn", "suffix": "Certain properties of shadow will be withdrawn in InSpec v5.0" }
"old_shadow_features": { "action": "warn", "suffix": "Certain properties of shadow will be withdrawn in Chef InSpec v5.0" }
}
```
@ -67,9 +67,9 @@ Again, no need to update the deprecation calls; though in v6 it might make sense
### Groups
When you make a deprecation message, you add it to a group. InSpec will read the file `$INSPEC_INSTALL_ROOT/etc/deprecation.json` to determine the known groups - you may add to that file at any time.
When you make a deprecation message, you add it to a group. Chef InSpec will read the file `$INSPEC_INSTALL_ROOT/etc/deprecation.json` to determine the known groups - you may add to that file at any time.
If you make a deprecation using a group that is unknown, InSpec will by default treat it as a warning. You can change that behavior by setting the "unknown_group_action" top-level property to any of the valid actions.
If you make a deprecation using a group that is unknown, Chef InSpec will by default treat it as a warning. You can change that behavior by setting the "unknown_group_action" top-level property to any of the valid actions.
There are no restrictions on the number or the naming of groups; you can have as many or as few as needed.

7
docs/dev/integration-testing.md
View file

@ -2,7 +2,7 @@
## Introduction
InSpec uses Test Kitchen for its integration testing. Our current testing uses Docker as our backend. You should install and have Docker running befor you run any tests.
Chef InSpec uses Test Kitchen for its integration testing. Our current testing uses Docker as our backend. You should install and have Docker running befor you run any tests.
### How to run specific integrations
@ -17,7 +17,7 @@ Example:
bundle exec rake test:integration[default-ubuntu-1604]
```
# InSpec Integrations
# Chef InSpec Integrations
### Test Kitchen
@ -25,7 +25,6 @@ We run the test/integration/default profile at the end of each integration test
### Audit Testing
For Audit cookbook testing InSpec sets up some special hooks. The integration rake command will bundle up the current checkout into a gem which is passed along to test kitchen in the os_prepare cookbook. When this cookbook is ran it will install the local inspec gem. Audit will then use this gem accordingly when running in the post chef-client validators. The .kitchen.yml is setup to export the audit report to a json file which we look for and confirm the structure in the test/integration/default/controls/audit_spec.rb file.
For Audit cookbook testing Chef InSpec sets up some special hooks. The integration rake command will bundle up the current checkout into a gem which is passed along to test kitchen in the os_prepare cookbook. When this cookbook is run it will install the local inspec gem. Audit will then use this gem accordingly when running in the post chef-client validators. The .kitchen.yml is setup to export the audit report to a json file which we look for and confirm the structure in the test/integration/default/controls/audit_spec.rb file.
In the validation file we confirm that the file was created from audit and that the structure looks correct. We also validate that the inspec ran with audit is the same that the current branch is using. This validates that audit did not use a older version for some reason.

46
docs/dev/plugins.md
View file

@ -1,14 +1,14 @@
# Developing InSpec Plugins for the v2 plugin API
# Developing Chef InSpec Plugins for the v2 plugin API
## Introduction
### Inspiration
The software design of the InSpec Plugin v2 API is deeply inspired by the Vagrant plugin v2 system. While the InSpec Plugin v2 system is an independent implementation, acknowledgements are due to the Hashicorp team for such a well-thought-out design.
The software design of the Chef InSpec Plugin v2 API is deeply inspired by the Vagrant plugin v2 system. While the Chef InSpec Plugin v2 system is an independent implementation, acknowledgements are due to the Hashicorp team for such a well-thought-out design.
### Note About versions
"v2" refers to the second major version of the Plugin API. It doesn't refer to the InSpec release number.
"v2" refers to the second major version of the Plugin API. It doesn't refer to the Chef InSpec release number.
### Design Goals
@ -36,9 +36,9 @@ For local development or site-specific installations, you can also 'install' a p
### The plugins.json file
InSpec stores its list of known plugins in a file, `~/.inspec/plugins.json`. The purpose of this file is avoid having to do a gem path filesystem scan to locate plugins. When you install, update, or uninstall a plugin using `inspec plugin`, InSpec updates this file.
Chef InSpec stores its list of known plugins in a file, `~/.inspec/plugins.json`. The purpose of this file is avoid having to do a gem path filesystem scan to locate plugins. When you install, update, or uninstall a plugin using `inspec plugin`, Chef InSpec updates this file.
You can tell inspec to use a different config directory using the INSPEC_CONFIG_DIR environment variable.
You can tell Chef InSpec to use a different config directory using the INSPEC_CONFIG_DIR environment variable.
Top-level entries in the JSON file:
@ -49,11 +49,11 @@ Each plugin entry may have the following keys:
* `name` - Required. String name of the plugin. Internal machine name of the plugin. Must match `plugin_name` DSL call (see Plugin class below).
* `installation_type` - Optional, default "gem". Selects a loading mechanism, may be either "path" or "gem"
* `installation_path` - Required if installation_type is "path". A `require` will be attempted against this path. It may be absolute or relative; InSpec adds both the process current working directory as well as the InSpec installation root to the load path.
* `installation_path` - Required if installation_type is "path". A `require` will be attempted against this path. It may be absolute or relative; Chef InSpec adds both the process current working directory as well as the Chef InSpec installation root to the load path.
TODO: keys for gem installations
Putting this all together, here is a plugins.json file from the InSpec test suite:
Putting this all together, here is a plugins.json file from the Chef InSpec test suite:
```json
{
@ -86,9 +86,9 @@ Generally, except for the entry point, you may name these files anything you lik
### Gemspec and Plugin Dependencies
This is a normal Gem specification file. When you release your plugin as a gem, you can declare dependencies here, and InSpec will automatically install them along with your plugin.
This is a normal Gem specification file. When you release your plugin as a gem, you can declare dependencies here, and Chef InSpec will automatically install them along with your plugin.
If you are using a path-based install, InSpec will not manage your dependencies.
If you are using a path-based install, Chef InSpec will not manage your dependencies.
### Entry Point
@ -165,7 +165,7 @@ plugin_status = registry[:'inspec-meaning-of-life']
### Discovery (Known Plugins)
If a plugin is mentioned in `plugins.json` or is a plugin distributed with InSpec itself, it is *known*. You can get its status, a `Inspec::Plugin::V2::Status` object.
If a plugin is mentioned in `plugins.json` or is a plugin distributed with Chef InSpec itself, it is *known*. You can get its status, a `Inspec::Plugin::V2::Status` object.
Reading the plugins.json file is handled by the Loader when Loader.new is called; at that point the registry should know about plugins.
@ -187,7 +187,7 @@ Refer to the sections below for details about activation and execution timing.
## Implementing a CLI Command Plugin
The CliCommand plugin_type allows you to extend the InSpec command line interface by adding a namespace of new commands. InSpec is based on [Thor](http://whatisthor.com/) ([docs](https://www.rubydoc.info/github/wycats/thor/Thor)), and the plugin system exposes Thor directly.
The CliCommand plugin_type allows you to extend the Chef InSpec command line interface by adding a namespace of new commands. Chef InSpec is based on [Thor](http://whatisthor.com/) ([docs](https://www.rubydoc.info/github/wycats/thor/Thor)), and the plugin system exposes Thor directly.
CliCommand can do things like:
@ -256,7 +256,7 @@ module InspecPlugins::Sweeten
end
```
The InSpec plugin v2 system promises the following:
The Chef InSpec plugin v2 system promises the following:
* The superclass will be an (indirect) subclass of Thor
* The plugin system will handle registering the subcommand with Thor for you
@ -266,7 +266,7 @@ The InSpec plugin v2 system promises the following:
Within your `cli.rb`, you need to do two things:
* Inform InSpec of your subcommand's usage and description, so the `help` commands will work properly
* Inform Chef InSpec of your subcommand's usage and description, so the `help` commands will work properly
* Implement your subcommands and options using the Thor DSL
See also: [Thor homepage](http://whatisthor.com/) and [Thor docs](https://www.rubydoc.info/github/wycats/thor/Thor).
@ -324,9 +324,9 @@ end
## Implementing DSL Plugins
A DSL is a _domain specific language_, or a set of keywords you can use to write InSpec profiles and resources more fluently.
A DSL is a _domain specific language_, or a set of keywords you can use to write Chef InSpec profiles and resources more fluently.
InSpec offers several DSLs:
Chef InSpec offers several DSLs:
* The Profile DSL, which is the set of keywords you use when writing profiles. The Profile DSL is internally divided into:
* The Outer Profile DSL: those keywords which may appear in a Profile `controls/my-controls.rb` outside of a `control` or `describe` block
@ -337,7 +337,7 @@ InSpec offers several DSLs:
Correspondingly, there are 4 plugin types in play here: `outer_profile_dsl`, `control_dsl`, `describe_dsl`, `test_dsl`, and `resource_dsl`.
DSL plugins let you alter the InSpec profile authoring experience in a fundamental way. For example, if you wish InSpec had a way of expressing that some minimum of a set of tests must pass, but you don't care which, you could implement a `control_dsl` plugin named `threshold`:
DSL plugins let you alter the Chef InSpec profile authoring experience in a fundamental way. For example, if you wish Chef InSpec had a way of expressing that some minimum of a set of tests must pass, but you don't care which, you could implement a `control_dsl` plugin named `threshold`:
```ruby
# in a hypothetical control file
@ -363,7 +363,7 @@ end
### Activation Discipline For DSL Plugins
As DSL keywords are actually method calls, the activation system for the four DSL types is handled by `method_missing`. For example, if you have registered a `control_dsl` activation hook named `threshold`, when InSpec evaluates the code above and encounters the unknown method `threshold`, InSpec will check for a `control_dsl` hook with that name, and if found, activate the hook, and then include the resulting module into that and all future controls. Once the module is loaded and included, future calls bypass the activation and loading mechanism entirely (because the `threshold` method is now defined, we never hit the `method_missing` that watches for activations).
As DSL keywords are actually method calls, the activation system for the four DSL types is handled by `method_missing`. For example, if you have registered a `control_dsl` activation hook named `threshold`, when Chef InSpec evaluates the code above and encounters the unknown method `threshold`, Chef InSpec will check for a `control_dsl` hook with that name, and if found, activate the hook, and then include the resulting module into that and all future controls. Once the module is loaded and included, future calls bypass the activation and loading mechanism entirely (because the `threshold` method is now defined, we never hit the `method_missing` that watches for activations).
The Outer Profile DSL, Control DSL, Describe DSL, Test DSL, and Resource DSL plugin types all have the same basic mechanism; only the scope of their activation varies.
@ -372,7 +372,7 @@ The Outer Profile DSL, Control DSL, Describe DSL, Test DSL, and Resource DSL plu
In your `plugin.rb`, include one or more `outer_profile_dsl`, `control_dsl`, `describe_dsl`, or `resource_dsl` activation blocks. A DSL activation block *must* do two things (though it may do more):
* Return a Module that will be used as a mixin to the file, control, describe block, or resource
* Require any files needed to support returning the implementation module. It's important to require any support files in the activation block, not in the plugin definition; this allows InSpec to only load files as they are needed.
* Require any files needed to support returning the implementation module. It's important to require any support files in the activation block, not in the plugin definition; this allows Chef InSpec to only load files as they are needed.
Continuing the above example, one would declare the `threshold` Control DSL activation hook as follows:
@ -398,9 +398,9 @@ end
Because each DSL plugin type is loaded into a specific context, each method defined in the mixin module you provide will have a specific parent class and state.
*Note*: these areas are deep within the internals of InSpec and RSpec. Documentation and stability of these interfaces will vary.
*Note*: these areas are deep within the internals of Chef InSpec and RSpec. Documentation and stability of these interfaces will vary.
It is recommended to pin your dependency on `inspec` rather tightly, so you can test for compatibility issues prior to your users.
The InSpec project does not consider the internal interfaces exposed to the DSL plugins to be part of the public interface, and thus may introduce breaking changes at anytime. In other words, SemVer doesn't apply here, and you should likely use an exact pin.
The Chef InSpec project does not consider the internal interfaces exposed to the DSL plugins to be part of the public interface, and thus may introduce breaking changes at anytime. In other words, SemVer doesn't apply here, and you should likely use an exact pin.
#### Outer Profile DSL Context
@ -422,9 +422,9 @@ Within your mixin method, you have access the methods RSpec uses to manage an Ex
Test DSL mixin methods will be attached as *instance* methods to [RSpec::Core::ExampleGroup](https://github.com/rspec/rspec-core/blob/master/lib/rspec/core/example_group.rb). Internally, `it`/`its` blocks are evaluated in the context of an instance which is a subclass of the ExampleGroup class. Please see the source of ExampleGroup for further details.
These blocks are called Examples in RSpec terminology. InSpec treats Examples as tests, and sends tests and controls to the reporter engine; note that describe block are effectively ignored.
These blocks are called Examples in RSpec terminology. Chef InSpec treats Examples as tests, and sends tests and controls to the reporter engine; note that describe block are effectively ignored.
Within your mixin method, you have access the methods RSpec uses to manage an Example. You have access to the testing predicates (such as `should`), but also all InSpec resources are available by name. Some useful class methods include `self.class.example_group`, which returns the example group are a member of; and `self.class.metadata` returns a hash of information about the test block, including description and source code location.
Within your mixin method, you have access the methods RSpec uses to manage an Example. You have access to the testing predicates (such as `should`), but also all Chef InSpec resources are available by name. Some useful class methods include `self.class.example_group`, which returns the example group are a member of; and `self.class.metadata` returns a hash of information about the test block, including description and source code location.
#### Resource DSL
@ -505,4 +505,4 @@ module InspecPlugins::ColorDSL
end
```
This approach may make sense among the four Profile DSLs; however the Resource DSL is quite different, and is unlikely to respond well to such an approach.
This approach may make sense among the four Profile DSLs; however the Resource DSL is quite different, and is unlikely to respond well to such an approach.

24
docs/dsl_inspec.md
View file

@ -1,14 +1,14 @@
---
title: InSpec DSL
title: Chef InSpec DSL
---
# InSpec DSL
# Chef InSpec DSL
InSpec is a run-time framework and rule language used to specify compliance, security, and policy requirements. It includes a collection of resources that help you write auditing controls quickly and easily. The syntax used by both open source and |chef compliance| auditing is the same. The open source |InSpec resource| framework is compatible with |chef compliance|.
Chef InSpec is a run-time framework and rule language used to specify compliance, security, and policy requirements. It includes a collection of resources that help you write auditing controls quickly and easily. The syntax used by both open source and |chef compliance| auditing is the same. The open source |Chef InSpec resource| framework is compatible with |chef compliance|.
The InSpec DSL is a Ruby DSL for writing audit controls, which includes audit resources that you can invoke.
The Chef InSpec DSL is a Ruby DSL for writing audit controls, which includes audit resources that you can invoke.
The following sections describe the syntax and show some simple examples of using the InSpec resources.
The following sections describe the syntax and show some simple examples of using the Chef InSpec resources.
## Syntax
@ -27,7 +27,7 @@ control 'sshd-8' do
impact 0.6
title 'Server: Configure the service port'
desc 'Always specify which port the SSH server should listen.'
desc 'rationale', 'This ensures that there are no unexpected settings' # Requires InSpec >=2.3.4
desc 'rationale', 'This ensures that there are no unexpected settings' # Requires Chef InSpec >=2.3.4
tag 'ssh','sshd','openssh-server'
tag cce: 'CCE-27072-8'
ref 'NSA-RH6-STIG - Section 3.5.2.1', url: 'https://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf'
@ -42,7 +42,7 @@ where
* `'sshd-8'` is the name of the control
* `impact`, `title`, and `desc` define metadata that fully describes the importance of the control, its purpose, with a succinct and complete description
* `desc` when given only one argument it sets the default description. As of InSpec 2.3.4, when given 2 arguments (see: `'rationale'`) it will use the first argument as a header when rendering in Automate
* `desc` when given only one argument it sets the default description. As of Chef InSpec 2.3.4, when given 2 arguments (see: `'rationale'`) it will use the first argument as a header when rendering in Automate
* `impact` is a string, or numeric that measures the importance of the compliance results.
Valid strings for impact are `none`, `low`, `medium`, `high`, and `critical`. The values are based off CVSS 3.0.
A numeric value must be between `0.0` and `1.0`. The value ranges are:
@ -54,12 +54,12 @@ where
* `tag` is optional meta-information with with key or key-value pairs
* `ref` is a reference to an external document
* `describe` is a block that contains at least one test. A `control` block must contain at least one `describe` block, but may contain as many as required
* `sshd_config` is an InSpec resource. For the full list of InSpec resources, see InSpec resource documentation
* `sshd_config` is an Chef InSpec resource. For the full list of Chef InSpec resources, see Chef InSpec resource documentation
* `its('Port')` is the matcher; `{ should eq '22' }` is the test. A `describe` block must contain at least one matcher, but may contain as many as required
## Advanced concepts
With InSpec it is possible to check if at least one of a collection of checks is true. For example: If a setting is configured in two different locations, you may want to test if either configuration A or configuration B have been set. This is accomplished via `describe.one`. It defines a block of tests with at least one valid check.
With Chef InSpec it is possible to check if at least one of a collection of checks is true. For example: If a setting is configured in two different locations, you may want to test if either configuration A or configuration B have been set. This is accomplished via `describe.one`. It defines a block of tests with at least one valid check.
```ruby
describe.one do
@ -261,7 +261,7 @@ end
# Using Ruby in InSpec
The InSpec DSL is a Ruby based language. This allows you to be flexible with
The Chef InSpec DSL is a Ruby based language. This allows you to be flexible with
Ruby code in controls:
```ruby
@ -280,8 +280,8 @@ Core and custom resources are written as regular Ruby classes which inherit from
## Interactive Debugging with Pry
Here's a sample InSpec control that users Ruby variables to instantiate
an InSpec resource once and use the content in multiple tests.
Here's a sample Chef InSpec control that users Ruby variables to instantiate
an Chef InSpec resource once and use the content in multiple tests.
```ruby
control 'check-perl' do

6
docs/dsl_resource.md
View file

@ -4,7 +4,7 @@ title: Resource DSL
# Resource DSL
InSpec provides a mechanism for defining custom resources. These become
Chef InSpec provides a mechanism for defining custom resources. These become
available with their respective names and provide easy functionality to
profiles.
@ -32,7 +32,7 @@ end
Resources are written as a regular Ruby class which inherits from
Inspec.resource. The number (1) specifies the version this resource
plugin targets. As InSpec evolves, this interface may change and may
plugin targets. As Chef InSpec evolves, this interface may change and may
require a higher version.
The following attributes can be configured:
@ -40,7 +40,7 @@ The following attributes can be configured:
- name - Identifier of the resource (required)
- desc - Description of the resource (optional)
- example - Example usage of the resource (optional)
- supports - (InSpec 2.0+) Platform restrictions of the resource (optional)
- supports - (Chef InSpec 2.0+) Platform restrictions of the resource (optional)
The following methods are available to the resource:

20
docs/glossary.md
View file

@ -1,6 +1,6 @@
# InSpec Glossary
# Chef InSpec Glossary
This document should help you become familiar with some of the terminology used by the InSpec project.
This document should help you become familiar with some of the terminology used by the Chef InSpec project.
There are two ways to use it:
@ -11,7 +11,7 @@ There are two ways to use it:
### Motivating Example
Suppose we are interested in auditing cars. Let's suppose we have two InSpec resources for auditing: `cars`, which searches for and filters groups of cars, and `car`, which performs detailed auditing of a single car.
Suppose we are interested in auditing cars. Let's suppose we have two Chef InSpec resources for auditing: `cars`, which searches for and filters groups of cars, and `car`, which performs detailed auditing of a single car.
### Basic Syntax
@ -108,7 +108,7 @@ _be >=_ is an [operator matcher](#operator matcher). It allows you to perform nu
### attribute
An _attribute_ is a parameter that InSpec reads from a YAML file provided on the command line. You can use this feature either to change a [profile's](#profile) behavior by passing different attribute files or to store secrets that should not be directly present in a profile. InSpec attributes are unrelated to Chef attributes.
An _attribute_ is a parameter that Chef InSpec reads from a YAML file provided on the command line. You can use this feature either to change a [profile's](#profile) behavior by passing different attribute files or to store secrets that should not be directly present in a profile. Chef InSpec attributes are unrelated to Chef attributes.
The CLI syntax for attributes is documented under the [`inspec exec`](https://www.inspec.io/docs/reference/cli/#exec) command.
@ -132,7 +132,7 @@ A [resource](#resource) that is _not_ included with InSpec. It may be a resource
### describe block
The _`describe`_ keyword is used with a _`describe block`_ to refer to an InSpec resource. You use the `describe` keyword along with the name of a [resource](#resource) to enclose related [tests](#test) that apply to the resource. Multiple describe blocks are usually grouped together in a [control](#control), but you can also use them outside of a control.
The _`describe`_ keyword is used with a _`describe block`_ to refer to an Chef InSpec resource. You use the `describe` keyword along with the name of a [resource](#resource) to enclose related [tests](#test) that apply to the resource. Multiple describe blocks are usually grouped together in a [control](#control), but you can also use them outside of a control.
```Ruby
control 'Rule 1.1 - Color restrictions' do
@ -145,7 +145,7 @@ end
### DSL
_DSL_ is an acronym for _Domain Specific Language_. It refers to the language extensions InSpec provides to make authoring resources and controls easier. While InSpec control files are use Ruby, the _Control DSL_ makes it easy to write controls without knowledge of Ruby by providing DSL keywords such as [describe](#describe), [control](#control), [it](#it) and [its](#its). See the [InSpec DSL page](https://www.inspec.io/docs/reference/dsl_inspec/) for details about keywords available to control authors.
_DSL_ is an acronym for _Domain Specific Language_. It refers to the language extensions Chef InSpec provides to make authoring resources and controls easier. While Chef InSpec control files are use Ruby, the _Control DSL_ makes it easy to write controls without knowledge of Ruby by providing DSL keywords such as [describe](#describe), [control](#control), [it](#it) and [its](#its). See the [Chef InSpec DSL page](https://www.inspec.io/docs/reference/dsl_inspec/) for details about keywords available to control authors.
For [custom resource](#custom-resource) authors, an additional DSL is available - see the [Resource DSL page](https://www.inspec.io/docs/reference/dsl_resource/).
@ -245,7 +245,7 @@ A _`matcher`_ performs the actual assertions against [resources](#resource) or t
Some matchers accept parameters, called [expected results](#expected-results).
For information on how RSpec matchers are related o InSpec matchers, see [InSpec and RSpec](https://www.inspec.io/docs/reference/inspec_and_friends/#rspec).
For information on how RSpec matchers are related o Chef InSpec matchers, see [Chef InSpec and RSpec](https://www.inspec.io/docs/reference/inspec_and_friends/#rspec).
Here, `be_classy` is a resource-specific matcher operating directly on the `car`, while `cmp` is a universal matcher operating on the `manufacturer` property.
@ -308,7 +308,7 @@ An output format for the `inspec exec` command line. Several reporters are avail
### resource
A _`resource`_ represents a category of things on the [target](#target) you wish to examine. For example, to check for the existence and permissions of a file, you would use the [`file`](https://www.inspec.io/docs/reference/resources/file/) resource. InSpec offers dozens of different resources, from the highly specialized (such as `aws_security_group`, which examines firewall rules in AWS) to the very general (such as `command`, which runs a command and lets you examine its output).
A _`resource`_ represents a category of things on the [target](#target) you wish to examine. For example, to check for the existence and permissions of a file, you would use the [`file`](https://www.inspec.io/docs/reference/resources/file/) resource. Chef InSpec offers dozens of different resources, from the highly specialized (such as `aws_security_group`, which examines firewall rules in AWS) to the very general (such as `command`, which runs a command and lets you examine its output).
Resources are generally categorized as either [singular](#singular-resource) or [plural](#plural-resource), though there are some irregular resources that cannot be cleanly considered one or the other.
@ -346,7 +346,7 @@ A [matcher](#matcher) that operates directly on the [resource](#resource), as op
Resource-specific matchers often provide highly customized behavior. Check the [resource documentation](#https://www.inspec.io/docs/reference/resources/) to discover which resource-specific matchers are available for your resource.
For example, the hypothetical `car` resource defines a `classy?` method, which is exposed as the `be_classy` matcher in InSpec tests.
For example, the hypothetical `car` resource defines a `classy?` method, which is exposed as the `be_classy` matcher in Chef InSpec tests.
```Ruby
describe car(owner: 'Tony Clifton') do
@ -360,7 +360,7 @@ A [resource](#resource) intended to uniquely identify a single object on the [ta
### target
The _`target`_ is the OS or API on which InSpec is performing audits. In InSpec 1.x, this was always an operating system target (a bare metal machine, VM, or container). In InSpec 2.x and later, this can be an OS target, or an API target, including cloud providers such as AWS. InSpec is agentless, meaning that the InSpec code and profiles remain on your workstation, and the target is remotely interrogated without installing anything.
The _`target`_ is the OS or API on which Chef InSpec is performing audits. In Chef InSpec 1.x, this was always an operating system target (a bare metal machine, VM, or container). In Chef InSpec 2.x and later, this can be an OS target, or an API target, including cloud providers such as AWS. Chef InSpec is agentless, meaning that the Chef InSpec code and profiles remain on your workstation, and the target is remotely interrogated without installing anything.
### test

50
docs/habitat.md
View file

@ -1,32 +1,32 @@
---
title: InSpec Integration with Habitat
title: Chef InSpec Integration with Chef Habitat
---
# Habitat Integration
# Chef Habitat Integration
InSpec provides an easy method to create an executable Habitat package for an InSpec profile. When run via the Habitat Supervisor, the package will run InSpec with your profile and write out its findings to a JSON file. This provides the ability to ship your compliance controls alongside your Habitat-packaged application and continuously run InSpec, providing you *Continuous Compliance.*
Chef InSpec provides an easy method to create an executable Chef Habitat package for an Chef InSpec profile. When run via the Chef Habitat Supervisor, the package will run Chef InSpec with your profile and write out its findings to a JSON file. This provides the ability to ship your compliance controls alongside your Chef Habitat-packaged application and continuously run InSpec, providing you *Continuous Compliance.*
## What is Habitat
## What is Chef Habitat
Habitat by Chef is our new Application Automation tool that aims to make it easy, safe, and fast to build, deploy, and manage applications. From build dependencies, runtime dependencies, dynamic configuration, and service discovery (just to name a few), Habitat packages the automation with the application instead of relying on an underlying platform.
Chef Habitat by Chef is our new Application Automation tool that aims to make it easy, safe, and fast to build, deploy, and manage applications. From build dependencies, runtime dependencies, dynamic configuration, and service discovery (just to name a few), Chef Habitat packages the automation with the application instead of relying on an underlying platform.
To learn more about Habitat and try our demos and tutorials, visit [https://www.habitat.sh](https://www.habitat.sh).
To learn more about Chef Habitat and try our demos and tutorials, visit [https://www.habitat.sh](https://www.habitat.sh).
## Using the Habitat Integration
## Using the Chef Habitat Integration
After creating a Habitat package for an InSpec profile (see CLI commands below) and uploading the package to a Habitat Depot or manually distributing to a host, start the Habitat Supervisor with your package:
After creating a Chef Habitat package for an Chef InSpec profile (see CLI commands below) and uploading the package to a Chef Habitat Depot or manually distributing to a host, start the Chef Habitat Supervisor with your package:
```bash
hab start adamleff/inspec-profile-frontend1
```
The Habitat Supervisor will install InSpec and execute your profile in a loop. By default, the loop runs every 300 seconds but can be changed via the `sleep_time` configuration value:
The Chef Habitat Supervisor will install Chef InSpec and execute your profile in a loop. By default, the loop runs every 300 seconds but can be changed via the `sleep_time` configuration value:
```bash
HAB_INSPEC_PROFILE_FRONTEND1="sleep_time = 60" hab start adamleff/inspec-profile-frontend1
```
The Habitat Supervisor will display output like this:
The Chef Habitat Supervisor will display output like this:
```text
hab start adamleff/inspec-profile-frontend1
@ -35,7 +35,7 @@ hab start adamleff/inspec-profile-frontend1
↓ Downloading core/hab-sup/0.17.0/20170214235450
1.68 MB / 1.68 MB - [=========================================================================] 100.00 % 7.43 MB/s
... more Habitat output here ...
... more Chef Habitat output here ...
hab-sup(MN): Starting adamleff/inspec-profile-frontend1/0.1.0/20170328173005
hab-sup(CS): adamleff/inspec-profile-frontend1/0.1.0/20170328173005 is not installed
@ -45,7 +45,7 @@ hab-sup(CS): adamleff/inspec-profile-frontend1/0.1.0/20170328173005 is not insta
↓ Downloading chef/inspec/1.17.0/20170321214949
16.93 MB / 16.93 MB / [======================================================================] 100.00 % 10.49 MB/s
... more Habitat output here ...
... more Chef Habitat output here ...
★ Install of adamleff/inspec-profile-frontend1/0.1.0/20170328173005 complete with 9 new packages installed.
hab-sup(MR): Butterfly Member ID d9bd761e18c144469d755b1b97406eb2
@ -53,26 +53,26 @@ hab-sup(MR): Starting butterfly on 0.0.0.0:9638
hab-sup(MR): Starting http-gateway on 0.0.0.0:9631
inspec-profile-frontend1.default(SR): Initializing
inspec-profile-frontend1.default(SV): Starting process as user=hab, group=hab
inspec-profile-frontend1.default(O): Executing InSpec for adamleff/inspec-profile-frontend1
inspec-profile-frontend1.default(O): Executing InSpec adamleff/inspec-profile-frontend1
inspec-profile-frontend1.default(O): InSpec run completed successfully.
inspec-profile-frontend1.default(O): sleeping for 300 seconds
```
The above sample output shows the supervisor starting, downloading the necessary dependencies for the supervisor and the InSpec profile, and then shows the supervisor running InSpec successfully.
The above sample output shows the supervisor starting, downloading the necessary dependencies for the supervisor and the Chef InSpec profile, and then shows the supervisor running Chef InSpec successfully.
InSpec will write a JSON file in the `${svc_var_path}/inspec_results` directory containing the results of the last InSpec run. For example, for the `adamleff/inspec-profile-frontend1` package, the InSpec results will be at:
Chef InSpec will write a JSON file in the `${svc_var_path}/inspec_results` directory containing the results of the last Chef InSpec run. For example, for the `adamleff/inspec-profile-frontend1` package, the Chef InSpec results will be at:
```text
/hab/svc/inspec-profile-frontend1/var/inspec_results/inspec-profile-frontend1.json
```
## InSpec Habitat CLI Commands
## Chef InSpec Chef Habitat CLI Commands
### inspec habitat profile create
Create a Habitat package for an InSpec profile. InSpec will validate the profile, fetch and vendor any dependencies (if necessary), and build the Habitat package with a dependency on the latest InSpec. The resulting package will be saved to the current working directory.
Create a Chef Habitat package for an Chef InSpec profile. Chef InSpec will validate the profile, fetch and vendor any dependencies (if necessary), and build the Chef Habitat package with a dependency on the latest InSpec. The resulting package will be saved to the current working directory.
The package can then be manually uploaded to a Habitat Depot or manually distributed to a host and installed via `hab pkg install`.
The package can then be manually uploaded to a Chef Habitat Depot or manually distributed to a host and installed via `hab pkg install`.
The package file will be named:
@ -118,17 +118,17 @@ $ habitat profile create ~/profiles/frontend1
↓ Downloading core/hab-backline/0.19.0/20170311034116
2.17 KB / 2.17 KB / [=========================================================================] 100.00 % 4.33 MB/s
... more Habitat output here...
... more Chef Habitat output here...
[2017-03-28T13:30:18-04:00] INFO: Copying artifact to /Users/aleff...
```
### inspec habitat profile setup
Create a Habitat directory that includes a plan file, config hooks, and more in a profile directory.
Create a Chef Habitat directory that includes a plan file, config hooks, and more in a profile directory.
This is the same process that is used by `inspec habitat profile create` - but this adds the generated Habitat
directory and file to your system so that you can commit them to source control. If you commit these files to GitHub, you can connect that plan to the [Habitat Builder Service](https://www.habitat.sh/docs/using-builder/).
This is the same process that is used by `inspec habitat profile create` - but this adds the generated Chef Habitat
directory and file to your system so that you can commit them to source control. If you commit these files to GitHub, you can connect that plan to the [Chef Habitat Builder Service](https://www.habitat.sh/docs/using-builder/).
#### Syntax
@ -157,7 +157,7 @@ inspec habitat profile setup ~/profiles/frontend1
### inspec habitat profile upload
Create and then upload a Habitat package for an InSpec profile. Like the `inspec habitat profile create` command, InSpec will validate the profile, fetch and vendor any dependencies (if necessary), and build the Habitat package with a dependency on the latest InSpec. However, instead of saving the package locally to the workstation, InSpec will upload it to the depot defined in the `HAB_DEPOT` environment variable. If `HAB_DEPOT` is not defined, the package will be uploaded to the public Habitat depot at [https://app.habitat.sh](https://app.habitat.sh).
Create and then upload a Chef Habitat package for an Chef InSpec profile. Like the `inspec habitat profile create` command, Chef InSpec will validate the profile, fetch and vendor any dependencies (if necessary), and build the Chef Habitat package with a dependency on the latest InSpec. However, instead of saving the package locally to the workstation, Chef InSpec will upload it to the depot defined in the `HAB_DEPOT` environment variable. If `HAB_DEPOT` is not defined, the package will be uploaded to the public Chef Habitat depot at [https://app.habitat.sh](https://app.habitat.sh).
#### Syntax
@ -190,8 +190,8 @@ inspec habitat profile upload ~/profiles/frontend1
↓ Downloading core/hab-backline/0.19.0/20170311034116
2.17 KB / 2.17 KB / [=========================================================================] 100.00 % 4.33 MB/s
... more Habitat output here...
... more Chef Habitat output here...
[2017-03-28T13:30:18-04:00] INFO: Uploading the Habitat artifact to our Depot...
[2017-03-28T13:30:23-04:00] INFO: Upload complete!
```
```

36
docs/inspec_and_friends.md
View file

@ -1,10 +1,10 @@
---
title: InSpec and friends
title: Chef InSpec and friends
---
# InSpec and friends
# Chef InSpec and friends
This page looks at projects that are similar to InSpec to explain how they
This page looks at projects that are similar to Chef InSpec to explain how they
relate to each other.
## RSpec
@ -13,16 +13,16 @@ RSpec is an awesome framework that is widely used by software engineers to test
Ruby code. It enables test-driven development (TDD) and helps developers to write
better code every day.
InSpec is built on top of RSpec and uses it as the underlying foundation
Chef InSpec is built on top of RSpec and uses it as the underlying foundation
to execute tests. It uses the key strengths of RSpec, easily execute
tests and a DSL to write tests, but extends the functionality for use as
compliance audits. InSpec ships with custom audit resources that make it
compliance audits. Chef InSpec ships with custom audit resources that make it
easy to write audit checks and with the ability to run those checks on
remote servers. These audit resources provided know the differences
between operating systems and help you abstract from the local operating
system, similar to other resources you might use in your Chef recipes.
A complete InSpec rule looks like:
A complete Chef InSpec rule looks like:
```ruby
control "sshd-11" do
@ -40,12 +40,12 @@ control "sshd-11" do
end
```
That said, InSpec is not RSpec. Some key differences:
That said, Chef InSpec is not RSpec. Some key differences:
* In InSpec, `describe` blocks should not be nested; instead use `control` blocks to describe a higher-level grouping of tests.
* The RSpec `shared_example` construct is not supported. Instead, create a simple custom resource that executes repetitious tasks.
* InSpec is aimed at compliance practitioners and infrastructure testers, so our focus is providing a few, well-supported, easy-to-use [universal matchers](https://www.inspec.io/docs/reference/matchers/), such as `cmp`. In contrast, RSpec is a tool designed for software engineers. It thus supports a very large range of matchers, to enable testing of software engineering constructs such as exceptions, Object Oriented Programming relationships, and so on.
* While InSpec uses parts of the RSpec project and codebase, it is a separate project from InSpec. Rspec's release schedule and feature set are beyond the control of the InSpec team. While it is possible to use many of the RSpec core features within InSpec profiles, InSpec can only guarantee that the features described at [docs.inspec.io](https://docs.inspec.io) will function correctly. Some RSpec core functionality may be removed in future versions of InSpec as needed to ensure stability in the InSpec project.
* Chef InSpec is aimed at compliance practitioners and infrastructure testers, so our focus is providing a few, well-supported, easy-to-use [universal matchers](https://www.inspec.io/docs/reference/matchers/), such as `cmp`. In contrast, RSpec is a tool designed for software engineers. It thus supports a very large range of matchers, to enable testing of software engineering constructs such as exceptions, Object Oriented Programming relationships, and so on.
* While Chef InSpec uses parts of the RSpec project and codebase, it is a separate project from InSpec. Rspec's release schedule and feature set are beyond the control of the Chef InSpec team. While it is possible to use many of the RSpec core features within Chef InSpec profiles, Chef InSpec can only guarantee that the features described at [docs.inspec.io](https://docs.inspec.io) will function correctly. Some RSpec core functionality may be removed in future versions of Chef InSpec as needed to ensure stability in the Chef InSpec project.
## Serverspec
@ -53,7 +53,7 @@ Serverspec is the first extension of RSpec that enabled
users to run RSpec tests on servers to verify deployed artifacts. It was
created in March 2013 by Gosuke Miyashita and has been widely adopted.
It is also one of the core test frameworks within test-kitchen and has
been widely used within the Chef ecosystem. InSpec takes lessons learned
been widely used within the Chef ecosystem. Chef InSpec takes lessons learned
implementing and using Serverspec and builds on them to make auditing
and compliance easier.
@ -67,11 +67,11 @@ Lessons learned from Serverspec include:
* Support for Windows is a first-class requirement.
* A command line interface (CLI) is required for faster iteration of test code.
You can also watch this [podcast](http://foodfightshow.org/2016/02/inspec.html) to find out more on the relationship of InSpec and Serverspec.
You can also watch this [podcast](http://foodfightshow.org/2016/02/inspec.html) to find out more on the relationship of Chef InSpec and Serverspec.
### How is InSpec different from Serverspec
### How is Chef InSpec different from Serverspec
One of the key differences is that InSpec targets more user groups. It
One of the key differences is that Chef InSpec targets more user groups. It
is optimized for DevOps, Security, and Compliance professionals.
Additional metadata, such as impact, title, and description, make it
easier to fully describe the controls which makes it easier to share the
@ -97,18 +97,18 @@ end
**Why not fork Serverspec?**
InSpec started as an extension of Serverspec. As the extension grew, it
Chef InSpec started as an extension of Serverspec. As the extension grew, it
became clear that a new library was required. Creating and maintaining a
fork was not practical so a new project was born.
**Will InSpec only work on machines managed by Chef?**
**Will Chef InSpec only work on machines managed by Chef?**
No, InSpec can be used on any machine. It doesnt matter if that machine
No, Chef InSpec can be used on any machine. It doesnt matter if that machine
was configured by Chef or configured lovingly by the hands of your local
System Administrator.
**Is InSpec a replacement of Serverspec?**
**Is Chef InSpec a replacement of Serverspec?**
InSpec is intended to be a drop-in replacement of Serverspec. Popular
Chef InSpec is intended to be a drop-in replacement of Serverspec. Popular
Serverspec resources have been ported to InSpec. It changed some
behaviour as documented in our migration guide.

8
docs/matchers.md
View file

@ -1,10 +1,10 @@
---
title: InSpec Universal Matchers Reference
title: Chef InSpec Universal Matchers Reference
---
# InSpec Universal Matchers Reference
# Chef InSpec Universal Matchers Reference
InSpec uses matchers to help compare resource values to expectations.
Chef InSpec uses matchers to help compare resource values to expectations.
The following matchers are available:
You may also use any matcher provided by [RSpec::Expectations](https://relishapp.com/rspec/rspec-expectations/docs), but those matchers are outside of InSpec's [scope of support](https://www.inspec.io/docs/reference/inspec_and_friends/#rspec).
@ -18,7 +18,7 @@ The following InSpec-supported universal matchers are available:
* [`include`](#include) - look for an expected value in a list-valued property
* [`match`](#match) - look for patterns in text using regular expressions
See [Explore InSpec resources](https://learn.chef.io/modules/explore-inspec-resources#/) on Learn Chef Rally to learn more about InSpec's built-in matchers.
See [Explore Chef InSpec resources](https://learn.chef.io/modules/explore-inspec-resources#/) on Learn Chef Rally to learn more about InSpec's built-in matchers.
## be

24
docs/migration.md
View file

@ -1,22 +1,22 @@
---
title: InSpec Migration Guide
title: Chef InSpec Migration Guide
---
# Migrate from Serverspec to InSpec
## How is InSpec different from Serverspec
## How is Chef InSpec different from Serverspec
We've written a complete blog post about that topic: [The Road to InSpec](https://blog.chef.io/2015/11/04/the-road-to-inspec/)
## Is InSpec suitable for infrastructure testing?
## Is Chef InSpec suitable for infrastructure testing?
InSpec is a framework that allows you to run infrastructure testing as well as compliance testing. The compliance features are always optional and provide customers a way to use InSpec for both use-cases. To ensure we build the best infrastructure testing, we migrate our cookbooks [chef-cookbooks](https://github.com/chef-cookbooks) to InSpec.
Chef InSpec is a framework that allows you to run infrastructure testing as well as compliance testing. The compliance features are always optional and provide customers a way to use Chef InSpec for both use-cases. To ensure we build the best infrastructure testing, we migrate our cookbooks [chef-cookbooks](https://github.com/chef-cookbooks) to InSpec.
## Which Serverspec resources are available in InSpec?
The following resources are available in InSpec:
| Serverspec | InSpec |
| Serverspec | Chef InSpec |
|:------------------------------------------------------------------------------------------:|:------------------------------------------------------------------------------------:|
| [`bond`](http://serverspec.org/resource_types.html#bond) | [`bond`](https://www.inspec.io/docs/reference/resources/bond/) |
| [`bridge`](http://serverspec.org/resource_types.html#bridge) | [`bridge`](https://www.inspec.io/docs/reference/resources/bridge/) |
@ -62,7 +62,7 @@ Some Serverspec resources are not available yet. We will implement those resourc
* [`selinux_module`](http://serverspec.org/resource_types.html#selinux_module)
* [`x509_private_key`](http://serverspec.org/resource_types.html#x509_private_key)
In addition InSpec provides additional [resources](https://www.inspec.io/docs/reference/resources/) that are not available in Serverspec:
In addition Chef InSpec provides additional [resources](https://www.inspec.io/docs/reference/resources/) that are not available in Serverspec:
* [`apache_conf`](https://www.inspec.io/docs/reference/resources/apache_conf/)
* [`apt`](https://www.inspec.io/docs/reference/resources/apt/)
@ -88,7 +88,7 @@ In addition InSpec provides additional [resources](https://www.inspec.io/docs/re
## How do I migrate my Serverspec tests to InSpec
For most cases, the migration to InSpec is pretty straight forward. First, replace the current verifier in `kitchen.yml` configuration with:
For most cases, the migration to Chef InSpec is pretty straight forward. First, replace the current verifier in `kitchen.yml` configuration with:
```
verifier:
@ -107,7 +107,7 @@ require 'serverspec'
set :backend, :exec
```
InSpec is now configured with Test-Kitchen:
Chef InSpec is now configured with Test-Kitchen:
```
kitchen verify package-install-centos-72
@ -143,7 +143,7 @@ Some general recommendations:
## Do I still need the backend configuration?
InSpec does not attach backend information to test files. All tests are defined independently of any backend. Therefore a Serverspec test file:
Chef InSpec does not attach backend information to test files. All tests are defined independently of any backend. Therefore a Serverspec test file:
```
require 'serverspec'
@ -166,7 +166,7 @@ describe 'PHP' do
end
```
will become the following InSpec test file:
will become the following Chef InSpec test file:
```
describe 'PHP' do
@ -184,7 +184,7 @@ describe 'PHP' do
end
```
As you can see, the InSpec test files just focuses on tests and tries to avoid all clutter.
As you can see, the Chef InSpec test files just focuses on tests and tries to avoid all clutter.
## Nested describe blocks
@ -216,7 +216,7 @@ describe 'chef-server-directories' do
end
```
In InSpec you would split up groups into files.
In Chef InSpec you would split up groups into files.
```
tests

26
docs/platforms.md
View file

@ -1,8 +1,8 @@
# Using InSpec on Cloud Platforms
# Using Chef InSpec on Cloud Platforms
As of InSpec 2.0, we have expanded our platform support beyond individual machines and now include support for select AWS and Azure resources.
As of Chef InSpec 2.0, we have expanded our platform support beyond individual machines and now include support for select AWS and Azure resources.
Using InSpec, you can use several InSpec resources to audit properties of your cloud infrastructure - for example, an Amazon Web Services S3 bucket.
Using InSpec, you can use several Chef InSpec resources to audit properties of your cloud infrastructure - for example, an Amazon Web Services S3 bucket.
<br>
@ -10,15 +10,15 @@ Using InSpec, you can use several InSpec resources to audit properties of your c
### Setting up AWS credentials for InSpec
InSpec uses the standard AWS authentication mechanisms. Typically, you will create an IAM user specifically for auditing activities.
Chef InSpec uses the standard AWS authentication mechanisms. Typically, you will create an IAM user specifically for auditing activities.
* 1 Create an IAM user in the AWS console, with your choice of username. Check the box marked "Programmatic Access."
* 2 On the Permissions screen, choose Direct Attach. Select the AWS-managed IAM Profile named "ReadOnlyAccess." If you wish to restrict the user further, you may do so; see individual InSpec resources to identify which permissions are required.
* 2 On the Permissions screen, choose Direct Attach. Select the AWS-managed IAM Profile named "ReadOnlyAccess." If you wish to restrict the user further, you may do so; see individual Chef InSpec resources to identify which permissions are required.
* 3 After generating the key, record the Access Key ID and Secret Key.
#### Using Environment Variables to provide credentials
You may provide the credentials to InSpec by setting the following environment variables: `AWS_REGION`, `AWS_ACCESS_KEY_ID`, and `AWS_SECRET_KEY_ID`. You may also use `AWS_PROFILE`, or if you are using MFA, `AWS_SESSION_TOKEN`. See the [AWS Command Line Interface Docs](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) for details.
You may provide the credentials to Chef InSpec by setting the following environment variables: `AWS_REGION`, `AWS_ACCESS_KEY_ID`, and `AWS_SECRET_KEY_ID`. You may also use `AWS_PROFILE`, or if you are using MFA, `AWS_SESSION_TOKEN`. See the [AWS Command Line Interface Docs](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) for details.
Once you have your environment variables set, you can verify your credentials by running:
@ -31,7 +31,7 @@ Families: cloud, api
Release: aws-sdk-v2.10.125
```
#### Using the InSpec target option to provide credentials on AWS
#### Using the Chef InSpec target option to provide credentials on AWS
Look for a file in your home directory named `~/.aws/credentials`. If it does not exist, create it. Choose a name for your profile; here, we're using the name 'auditing'. Add your credentials as a new profile, in INI format:
@ -41,7 +41,7 @@ aws_access_key_id = AKIA....
aws_secret_access_key = 1234....abcd
```
You may now run InSpec using the `--target` / `-t` option, using the format `-t aws://region/profile`. For example, to connect to the Ohio region using a profile named 'auditing', use `-t aws://us-east-2/auditing`.
You may now run Chef InSpec using the `--target` / `-t` option, using the format `-t aws://region/profile`. For example, to connect to the Ohio region using a profile named 'auditing', use `-t aws://us-east-2/auditing`.
To verify your credentials,
@ -60,7 +60,7 @@ Release: aws-sdk-v2.10.125
### Setting up Azure credentials for InSpec
To use InSpec Azure resources, you will need to create a Service Principal Name (SPN) for auditing an Azure subscription.
To use Chef InSpec Azure resources, you will need to create a Service Principal Name (SPN) for auditing an Azure subscription.
This can be done on the command line or from the Azure Portal:
@ -68,11 +68,11 @@ This can be done on the command line or from the Azure Portal:
* [PowerShell](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authenticate-service-principal)
* [Azure Portal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal)
The information from the SPN can be specified either in the file `~/.azure/credentials`, as environment variables, or by using InSpec target URIs.
The information from the SPN can be specified either in the file `~/.azure/credentials`, as environment variables, or by using Chef InSpec target URIs.
#### Setting up the Azure Credentials File
By default InSpec is configured to look at ~/.azure/credentials, and it should contain:
By default Chef InSpec is configured to look at ~/.azure/credentials, and it should contain:
```powershell
[<SUBSCRIPTION_ID>]
@ -110,9 +110,9 @@ AZURE_CLIENT_SECRET="Jibr4iwwaaZwBb6W" \
AZURE_TENANT_ID="6ad89b58-df2e-11e6-bf01-fe55135034f3" inspec exec my-profile -t azure://
```
#### Using the InSpec target option to provide credentials on Azure
#### Using the Chef InSpec target option to provide credentials on Azure
If you have created a `~/.azure/credentials` file as above, you may also use the InSpec command line `--target` / `-t` option to select a subscription ID. For example:
If you have created a `~/.azure/credentials` file as above, you may also use the Chef InSpec command line `--target` / `-t` option to select a subscription ID. For example:
```bash
inspec exec my-profile -t azure://2fbdbb02-df2e-11e6-bf01-fe55135034f3

8
docs/plugin_kitchen_inspec.md
View file

@ -4,9 +4,9 @@ title: About kitchen-inspec
# kitchen-inspec
Use InSpec as a Kitchen verifier with `kitchen-inspec`.
Use Chef InSpec as a Kitchen verifier with `kitchen-inspec`.
Add the InSpec verifier to the `.kitchen.yml` file:
Add the Chef InSpec verifier to the `.kitchen.yml` file:
```YML
verifier:
@ -45,7 +45,7 @@ Use a compliance profile from the Chef Supermarket:
- supermarket://dev-sec/ssh-baseline
```
Use InSpec tests from the local file system:
Use Chef InSpec tests from the local file system:
```YML
suites:
@ -57,4 +57,4 @@ Use InSpec tests from the local file system:
- test/integration/default
```
Check out [Detect and correct with Test Kitchen](https://learn.chef.io/modules/detect-correct-kitchen#/) on Learn Chef Rally for a hands-on look at how to use Test Kitchen to run InSpec profiles.
Check out [Detect and correct with Test Kitchen](https://learn.chef.io/modules/detect-correct-kitchen#/) on Learn Chef Rally for a hands-on look at how to use Test Kitchen to run Chef InSpec profiles.

20
docs/plugins.md
View file

@ -1,16 +1,16 @@
---
title: About InSpec and Train Plugins
title: About Chef InSpec and Train Plugins
---
# InSpec and Train Plugins
# Chef InSpec and Train Plugins
## What are InSpec Plugins?
## What are Chef InSpec Plugins?
InSpec Plugins are optional software components that extend the capabilities of InSpec. For example, [`inspec-iggy`](https://github.com/inspec/inspec-iggy) is a Plugin project that aims to generate InSpec controls from infrastructure-as-code files. Plugins are distributed as RubyGems, and InSpec manages their installation. InSpec Plugins always begin with the prefix 'inspec-'.
Chef InSpec Plugins are optional software components that extend the capabilities of InSpec. For example, [`inspec-iggy`](https://github.com/inspec/inspec-iggy) is a Plugin project that aims to generate Chef InSpec controls from infrastructure-as-code files. Plugins are distributed as RubyGems, and Chef InSpec manages their installation. Chef InSpec Plugins always begin with the prefix 'inspec-'.
## What are Train Plugins?
Train Plugins allow InSpec to speak to new kinds of targets (typically new remote targets or APIs, but you could treat the local system in a new way if you wished to). For example, if you wanted to audit a Kubernetes cluster, you might want a transport that can talk to the supervisor API. You would develop a Train Plugin for that, and install it using the InSpec command line. Train Plugins always begin with the prefix 'train-'.
Train Plugins allow Chef InSpec to speak to new kinds of targets (typically new remote targets or APIs, but you could treat the local system in a new way if you wished to). For example, if you wanted to audit a Kubernetes cluster, you might want a transport that can talk to the supervisor API. You would develop a Train Plugin for that, and install it using the Chef InSpec command line. Train Plugins always begin with the prefix 'train-'.
## What can plugins do?
@ -24,11 +24,11 @@ Currently, each plugin can offer one or more of these capabilities:
Future work might include new capability types, such as:
* reporters (output generators)
* attribute fetchers to allow reading InSpec attributes from new sources (for example, a remote encrypted key-value store)
* attribute fetchers to allow reading Chef InSpec attributes from new sources (for example, a remote encrypted key-value store)
## How do I find out which plugins are available?
The InSpec CLI can tell you which plugins are available:
The Chef InSpec CLI can tell you which plugins are available:
```bash
$ inspec plugin search inspec-
@ -36,7 +36,7 @@ $ inspec plugin search inspec-
## How do I install and manage plugins?
The InSpec command line now offers a new subcommand just for managing plugins.
The Chef InSpec command line now offers a new subcommand just for managing plugins.
You can install a plugin by running:
@ -49,9 +49,9 @@ For more details on what the `plugin` command can do, see the [online help](http
## How do I write a plugin?
### InSpec Plugins
### Chef InSpec Plugins
For details on how to author an InSpec Plugin, see the [developer documentation](https://github.com/inspec/inspec/blob/master/docs/dev/plugins.md)
For details on how to author an Chef InSpec Plugin, see the [developer documentation](https://github.com/inspec/inspec/blob/master/docs/dev/plugins.md)
### Train Plugins

34
docs/profiles.md
View file

@ -1,10 +1,10 @@
---
title: About InSpec Profiles
title: About Chef InSpec Profiles
---
# InSpec Profiles
# Chef InSpec Profiles
InSpec supports the creation of complex test and compliance profiles, which organize controls to support dependency management and code reuse. Each profile is a standalone structure with its own distribution and execution flow.
Chef InSpec supports the creation of complex test and compliance profiles, which organize controls to support dependency management and code reuse. Each profile is a standalone structure with its own distribution and execution flow.
# Profile Structure
@ -27,13 +27,13 @@ where:
* `inspec.yml` includes the profile description (required)
* `controls` is the directory in which all tests are located (required)
* `libraries` is the directory in which all InSpec resource extensions are located (optional)
* `libraries` is the directory in which all Chef InSpec resource extensions are located (optional)
* `files` is the directory with additional files that a profile can access (optional)
* `README.md` should be used to explain the profile, its scope, and usage
See a complete example profile in the InSpec open source repository: [Example InSpec Profile](https://github.com/chef/inspec/tree/master/examples/profile)
See a complete example profile in the Chef InSpec open source repository: [Example Chef InSpec Profile](https://github.com/chef/inspec/tree/master/examples/profile)
Also check out [Explore InSpec resources](https://learn.chef.io/modules/explore-inspec-resources#/) on Learn Chef Rally to learn more about how profiles are structured with hands-on examples.
Also check out [Explore Chef InSpec resources](https://learn.chef.io/modules/explore-inspec-resources#/) on Learn Chef Rally to learn more about how profiles are structured with hands-on examples.
## inspec.yml
@ -48,7 +48,7 @@ Each profile must have an `inspec.yml` file that defines the following informati
* Use `summary` to specify a one line summary for the profile.
* Use `description` to specify a multiple line description of the profile.
* Use `version` to specify the profile version.
* Use `inspec_version` to place SemVer constraints on the version of InSpec that the profile can run under.
* Use `inspec_version` to place SemVer constraints on the version of Chef InSpec that the profile can run under.
* Use `supports` to specify a list of supported platform targets.
* Use `depends` to define a list of profiles on which this profile depends.
* Use `attributes` to define a list of attributes you can use in your controls.
@ -109,7 +109,7 @@ Use the `supports` setting in the `inspec.yml` file to specify one (or more) pla
For compatibility we support `os-name` and `os-family`. We recommend all users to change `os-name` to `platform-name` and `os-family` to `platform-family`.
With InSpec 2.0, we introduced new families to help distinguish the cloud platforms. The new families can restrict the platform family to `os`, `aws`, `azure` or `gcp`.
With Chef InSpec 2.0, we introduced new families to help distinguish the cloud platforms. The new families can restrict the platform family to `os`, `aws`, `azure` or `gcp`.
For example, to target anything running Debian Linux:
@ -158,9 +158,9 @@ supports:
# Profile Dependencies
An InSpec profile can bring in the controls and custom resources from another InSpec profile. Additionally, when inheriting the controls of another profile, a profile can skip or even modify those included controls.
An Chef InSpec profile can bring in the controls and custom resources from another Chef InSpec profile. Additionally, when inheriting the controls of another profile, a profile can skip or even modify those included controls.
For hands-on examples, check out [Create a custom InSpec profile](https://learn.chef.io/modules/create-a-custom-profile#/) on Learn Chef Rally.
For hands-on examples, check out [Create a custom Chef InSpec profile](https://learn.chef.io/modules/create-a-custom-profile#/) on Learn Chef Rally.
## Defining the Dependencies
@ -174,7 +174,7 @@ depends:
url: https://github.com/dev-sec/ssh-baseline/archive/master.tar.gz
```
InSpec supports a number of dependency sources.
Chef InSpec supports a number of dependency sources.
### path
@ -281,7 +281,7 @@ including controls from other profiles!
### Skipping a Control from a Profile
What if one of the controls from the included profile does not apply to your environment? Luckily, it is not necessary to maintain a slightly-modified copy of the included profile just to delete a control. The `skip_control` command tells InSpec to not run a particular control.
What if one of the controls from the included profile does not apply to your environment? Luckily, it is not necessary to maintain a slightly-modified copy of the included profile just to delete a control. The `skip_control` command tells Chef InSpec to not run a particular control.
![Include Controls with Skip](/images/profile_inheritance/include_controls_with_skip.png)
@ -486,7 +486,7 @@ $ inspec exec examples/profile-attribute --attrs examples/windows.yml
$ inspec exec examples/profile-attribute --attrs examples/linux.yml
```
See the full example in the InSpec open source repository: [Example InSpec Profile with Attributes](https://github.com/chef/inspec/tree/master/examples/profile-attribute)
See the full example in the Chef InSpec open source repository: [Example Chef InSpec Profile with Attributes](https://github.com/chef/inspec/tree/master/examples/profile-attribute)
## Attribute Value Precedence
@ -498,7 +498,7 @@ Attribute values are always set in the following precedence (highest to lowest):
# Profile files
An InSpec profile may contain additional files that can be accessed during tests. A profile file enables you to separate the logic of your tests from the data your tests check for, for example, the list of ports you require to be open.
An Chef InSpec profile may contain additional files that can be accessed during tests. A profile file enables you to separate the logic of your tests from the data your tests check for, for example, the list of ports you require to be open.
To access these files, they must be stored in the `files` directory at the root of a profile. They are accessed by their name relative to this folder with `inspec.profile.file(...)`.
@ -538,13 +538,13 @@ describe port(s['port']) do
end
```
For a more complete example that uses a profile file, see [Explore InSpec resources](https://learn.chef.io/modules/explore-inspec-resources#/) on Learn Chef Rally.
For a more complete example that uses a profile file, see [Explore Chef InSpec resources](https://learn.chef.io/modules/explore-inspec-resources#/) on Learn Chef Rally.
# "should" vs. "expect" syntax
Users familiar with the RSpec testing framework may know that there are two ways to write test statements: `should` and `expect`. The RSpec community decided that `expect` is the preferred syntax. However, InSpec recommends the `should` syntax as it tends to read more easily to those users who are not as technical.
Users familiar with the RSpec testing framework may know that there are two ways to write test statements: `should` and `expect`. The RSpec community decided that `expect` is the preferred syntax. However, Chef InSpec recommends the `should` syntax as it tends to read more easily to those users who are not as technical.
InSpec will continue to support both methods of writing tests. Consider this `file` test:
Chef InSpec will continue to support both methods of writing tests. Consider this `file` test:
```Ruby
describe file('/tmp/test.txt') do

10
docs/reporters.md
View file

@ -1,14 +1,14 @@
---
title: InSpec Reporters
title: Chef InSpec Reporters
---
# InSpec Reporters
# Chef InSpec Reporters
Introduced in InSpec 1.51.6
Introduced in Chef InSpec 1.51.6
A `reporter` is a facility for formatting and delivering the results of an InSpec auditing run.
A `reporter` is a facility for formatting and delivering the results of an Chef InSpec auditing run.
InSpec allows you to output your test results to one or more reporters. Configure the reporter(s) using either the `--reporter` option or as part of the general config file using the `--config` (or `--json-config`, prior to v3.6) option. While you can configure multiple reporters to write to different files, only one reporter can output to the screen(stdout).
Chef InSpec allows you to output your test results to one or more reporters. Configure the reporter(s) using either the `--reporter` option or as part of the general config file using the `--config` (or `--json-config`, prior to v3.6) option. While you can configure multiple reporters to write to different files, only one reporter can output to the screen(stdout).
## Syntax

6
docs/resources/aide_conf.md.erb
View file

@ -5,7 +5,7 @@ platform: linux
# aide_conf
Use the `aide_conf` InSpec audit resource to test the rules established for the file integrity tool AIDE. Controlled by the aide.conf file typically at /etc/aide.conf.
Use the `aide_conf` Chef InSpec audit resource to test the rules established for the file integrity tool AIDE. Controlled by the aide.conf file typically at /etc/aide.conf.
<br>
@ -13,7 +13,7 @@ Use the `aide_conf` InSpec audit resource to test the rules established for the
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -53,7 +53,7 @@ Use the where clause to match a selection_line to one rule or a particular set o
## Property Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test if all selection lines contain the xattr rule

10
docs/resources/apache.md.erb
View file

@ -5,9 +5,9 @@ platform: linux
# apache
Use the `apache` InSpec audit resource to test the state of the Apache server on Linux/Unix systems.
Use the `apache` Chef InSpec audit resource to test the state of the Apache server on Linux/Unix systems.
<p class="warning">This resource is deprecated and should not be used. It will be removed in InSpec 3.0.</p>
<p class="warning">This resource is deprecated and should not be used. It will be removed in Chef InSpec 3.0.</p>
<br>
@ -15,7 +15,7 @@ Use the `apache` InSpec audit resource to test the state of the Apache server on
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -23,7 +23,7 @@ This resource first became available in v1.51.15 of InSpec.
## Syntax
An `apache` InSpec audit resource block declares settings that should be tested:
An `apache` Chef InSpec audit resource block declares settings that should be tested:
describe apache do
its('setting_name') { should cmp 'value' }
@ -44,7 +44,7 @@ where
## Property Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test the service name.

10
docs/resources/apache_conf.md.erb
View file

@ -5,7 +5,7 @@ platform: linux
# apache_conf
Use the `apache_conf` InSpec audit resource to test the configuration settings for Apache. This file is typically located under `/etc/apache2` on the Debian and Ubuntu platforms and under `/etc/httpd` on the Fedora, CentOS, RedHat Enterprise Linux, and ArchLinux platforms. The configuration settings may vary significantly from platform to platform.
Use the `apache_conf` Chef InSpec audit resource to test the configuration settings for Apache. This file is typically located under `/etc/apache2` on the Debian and Ubuntu platforms and under `/etc/httpd` on the Fedora, CentOS, RedHat Enterprise Linux, and ArchLinux platforms. The configuration settings may vary significantly from platform to platform.
<br>
@ -13,7 +13,7 @@ Use the `apache_conf` InSpec audit resource to test the configuration settings f
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -21,7 +21,7 @@ This resource first became available in v1.0.0 of InSpec.
## Syntax
An `apache_conf` InSpec audit resource block declares configuration settings that should be tested:
An `apache_conf` Chef InSpec audit resource block declares configuration settings that should be tested:
describe apache_conf('path') do
its('setting_name') { should eq 'value' }
@ -37,7 +37,7 @@ where
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test for blocking .htaccess files on CentOS
@ -62,7 +62,7 @@ The following examples show how to use this InSpec audit resource.
## Matchers
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
This InSpec audit resource matches any service that is listed in the Apache configuration file:
This Chef InSpec audit resource matches any service that is listed in the Apache configuration file:
its('PidFile') { should_not eq '/var/run/httpd.pid' }

6
docs/resources/apt.md.erb
View file

@ -5,7 +5,7 @@ platform: linux
# apt
Use the `apt` InSpec audit resource to verify Apt repositories on the Debian and Ubuntu platforms, and also PPA repositories on the Ubuntu platform.
Use the `apt` Chef InSpec audit resource to verify Apt repositories on the Debian and Ubuntu platforms, and also PPA repositories on the Ubuntu platform.
<br>
@ -13,7 +13,7 @@ Use the `apt` InSpec audit resource to verify Apt repositories on the Debian and
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -38,7 +38,7 @@ where
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test if apt repository exists and is enabled

6
docs/resources/audit_policy.md.erb
View file

@ -5,7 +5,7 @@ platform: linux
# audit_policy
Use the `audit_policy` InSpec audit resource to test auditing policies on the Windows platform. An auditing policy is a category of security-related events to be audited. Auditing is disabled by default and may be enabled for categories like account management, logon events, policy changes, process tracking, privilege use, system events, or object access. For each enabled auditing category property, the auditing level may be set to `No Auditing`, `Not Specified`, `Success`, `Success and Failure`, or `Failure`.
Use the `audit_policy` Chef InSpec audit resource to test auditing policies on the Windows platform. An auditing policy is a category of security-related events to be audited. Auditing is disabled by default and may be enabled for categories like account management, logon events, policy changes, process tracking, privilege use, system events, or object access. For each enabled auditing category property, the auditing level may be set to `No Auditing`, `Not Specified`, `Success`, `Success and Failure`, or `Failure`.
<br>
@ -13,7 +13,7 @@ Use the `audit_policy` InSpec audit resource to test auditing policies on the Wi
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -36,7 +36,7 @@ where
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test that a parameter is not set to "No Auditing"

6
docs/resources/auditd.md.erb
View file

@ -5,7 +5,7 @@ platform: linux
# auditd
Use the `auditd` InSpec audit resource to test the rules for logging that exist on the system. The audit.rules file is typically located under /etc/audit/ and contains the list of rules that define what is captured in log files. These rules are output using the auditctl -l command. This resource supports versions of `audit` >= 2.3.
Use the `auditd` Chef InSpec audit resource to test the rules for logging that exist on the system. The audit.rules file is typically located under /etc/audit/ and contains the list of rules that define what is captured in log files. These rules are output using the auditctl -l command. This resource supports versions of `audit` >= 2.3.
<br>
@ -13,7 +13,7 @@ Use the `auditd` InSpec audit resource to test the rules for logging that exist
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -40,7 +40,7 @@ where each test must declare one (or more) rules to be tested.
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test if a rule contains a matching element that is identified by a regular expression

6
docs/resources/auditd_conf.md.erb
View file

@ -5,7 +5,7 @@ platform: linux
# auditd_conf
Use the `auditd_conf` InSpec audit resource to test the configuration settings for the audit daemon. This file is typically located under `/etc/audit/auditd.conf'` on Unix and Linux platforms.
Use the `auditd_conf` Chef InSpec audit resource to test the configuration settings for the audit daemon. This file is typically located under `/etc/audit/auditd.conf'` on Unix and Linux platforms.
<br>
@ -13,7 +13,7 @@ Use the `auditd_conf` InSpec audit resource to test the configuration settings f
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -43,7 +43,7 @@ This matcher will match any property listed in the `auditd.conf` configuration f
## Property Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test the auditd.conf file

2
docs/resources/aws_billing_report.md.erb
View file

@ -6,7 +6,7 @@ platform: aws
# aws\_billing\_report
Use the `aws_billing_report` InSpec audit resource to test properties of a single AWS Cost and Billing report.
Use the `aws_billing_report` Chef InSpec audit resource to test properties of a single AWS Cost and Billing report.
<br>

2
docs/resources/aws_billing_reports.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_billing\_reports
Use the `aws_billing_reports` InSpec audit resource to test properties of a some or all AWS Cost and Billing reports.
Use the `aws_billing_reports` Chef InSpec audit resource to test properties of a some or all AWS Cost and Billing reports.
<br>

8
docs/resources/aws_cloudtrail_trail.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_cloudtrail\_trail
Use the `aws_cloudtrail_trail` InSpec audit resource to test properties of a single AWS Cloudtrail Trail.
Use the `aws_cloudtrail_trail` Chef InSpec audit resource to test properties of a single AWS Cloudtrail Trail.
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.
@ -17,7 +17,7 @@ Each AWS Cloudtrail Trail is uniquely identified by its `trail_name` or `trail_a
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -41,7 +41,7 @@ An `aws_cloudtrail_trail` resource block identifies a trail by `trail_name`.
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test that the specified trail does exist
@ -132,7 +132,7 @@ Specifies the number of days ago the CloudTrail delivered logs to CloudWatch Log
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### be\_multi\_region\_trail

8
docs/resources/aws_cloudtrail_trails.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_cloudtrail\_trails
Use the `aws_cloudtrail_trails` InSpec audit resource to test properties of some or all AWS CloudTrail Trails.
Use the `aws_cloudtrail_trails` Chef InSpec audit resource to test properties of some or all AWS CloudTrail Trails.
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.
@ -17,7 +17,7 @@ Each AWS CloudTrail Trails is uniquely identified by its trail name or trail arn
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -36,7 +36,7 @@ An `aws_cloudtrail_trails` resource block collects a group of CloudTrail Trails
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
As this is the initial release of `aws_cloudtrail_trails`, its limited functionality precludes examples.
@ -78,7 +78,7 @@ Provides a list of trail arns for all CloudTrail Trails in the AWS account.
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### exists

8
docs/resources/aws_cloudwatch_alarm.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_cloudwatch\_alarm
Use the `aws_cloudwatch_alarm` InSpec audit resource to test properties of a single Cloudwatch Alarm.
Use the `aws_cloudwatch_alarm` Chef InSpec audit resource to test properties of a single Cloudwatch Alarm.
Cloudwatch Alarms are currently identified using the metric name and metric namespace. Future work may allow other approaches to identifying alarms.
@ -15,7 +15,7 @@ Cloudwatch Alarms are currently identified using the metric name and metric name
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -37,7 +37,7 @@ An `aws_cloudwatch_alarm` resource block searches for a Cloudwatch Alarm, specif
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Ensure an Alarm has at least one alarm action
@ -72,7 +72,7 @@ The following examples show how to use this InSpec audit resource.
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### exists

6
docs/resources/aws_cloudwatch_log_metric_filter.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_cloudwatch\_log\_metric\_filter
Use the `aws_cloudwatch_log_metric_filter` InSpec audit resource to search for and test properties of individual AWS Cloudwatch Log Metric Filters.
Use the `aws_cloudwatch_log_metric_filter` Chef InSpec audit resource to search for and test properties of individual AWS Cloudwatch Log Metric Filters.
A Log Metric Filter (LMF) is an AWS resource that observes log traffic, looks for a specified pattern, and then updates a metric about the number times the match occurs. The metric can also be connected to AWS Cloudwatch Alarms, so that actions can be taken when a match occurs.
@ -15,7 +15,7 @@ A Log Metric Filter (LMF) is an AWS resource that observes log traffic, looks fo
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -145,7 +145,7 @@ The pattern used to match entries from the logs in the log group.
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### exist

8
docs/resources/aws_config_delivery_channel.md.erb
View file

@ -7,7 +7,7 @@ title: About the aws_config_delivery_channel Resource
The AWS Config service can monitor and record changes to your AWS resource configurations. A Delivery Channel can record the changes
to an S3 Bucket, an SNS or both.
Use the `aws_config_delivery_channel` InSpec audit resource to examine how the AWS Config service delivers those change notifications.
Use the `aws_config_delivery_channel` Chef InSpec audit resource to examine how the AWS Config service delivers those change notifications.
As of April 2018, each AWS region may have only one Delivery Channel.
@ -17,7 +17,7 @@ As of April 2018, each AWS region may have only one Delivery Channel.
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -37,7 +37,7 @@ You may specify the Delivery Channel name:
it { should exist }
end
However, since you may only have one Delivery Channel per region, and InSpec connections are per-region, you may also omit the `channel_name` to obtain the one Delivery Channel (if any) that exists:
However, since you may only have one Delivery Channel per region, and Chef InSpec connections are per-region, you may also omit the `channel_name` to obtain the one Delivery Channel (if any) that exists:
describe aws_config_delivery_channel do
it { should exist }
@ -47,7 +47,7 @@ However, since you may only have one Delivery Channel per region, and InSpec con
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test how frequently the channel writes configuration changes to the s3 bucket.

8
docs/resources/aws_config_recorder.md.erb
View file

@ -4,7 +4,7 @@ title: About the aws_config_recorder Resource
# aws\_config\_recorder
Use the `aws_config_recorder` InSpec audit resource to test properties of your AWS Config Service.
Use the `aws_config_recorder` Chef InSpec audit resource to test properties of your AWS Config Service.
The AWS Config service can monitor and record changes to your AWS resource configurations. The Aws Config Recorder is used to detect changes in resource configurations and capture these changes as configuration items.
@ -16,7 +16,7 @@ As of April 2018, you are only permitted one configuration recorder per region.
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -36,7 +36,7 @@ You may specify a recorder by name:
it { should exist }
end
However, since you may only have one recorder per region, and InSpec connections are per-region, you may also omit the `recorder_name` to obtain the one recorder (if any) that exists:
However, since you may only have one recorder per region, and Chef InSpec connections are per-region, you may also omit the `recorder_name` to obtain the one recorder (if any) that exists:
describe aws_config_recorder do
it { should exist }
@ -46,7 +46,7 @@ However, since you may only have one recorder per region, and InSpec connections
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test if the recorder is active and recording.

8
docs/resources/aws_ebs_volume.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_ebs\_volume
Use the `aws_ebs_volume` InSpec audit resource to test properties of a single AWS EBS volume.
Use the `aws_ebs_volume` Chef InSpec audit resource to test properties of a single AWS EBS volume.
<br>
@ -13,7 +13,7 @@ Use the `aws_ebs_volume` InSpec audit resource to test properties of a single AW
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
## Syntax
@ -31,7 +31,7 @@ An `aws_ebs_volume` resource block declares the tests for a single AWS EBS volum
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test that an EBS Volume does not exist
@ -61,7 +61,7 @@ The following examples show how to use this InSpec audit resource.
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### be\_encrypted

6
docs/resources/aws_ebs_volumes.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_ebs\_volumes
Use the `aws_ebs_volumes` InSpec audit resource to test properties of some or all AWS EBS volumes. To audit a single EBS volume, use `aws_ebs_volume` (singular).
Use the `aws_ebs_volumes` Chef InSpec audit resource to test properties of some or all AWS EBS volumes. To audit a single EBS volume, use `aws_ebs_volume` (singular).
EBS volumes are persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud.
@ -17,7 +17,7 @@ Each EBS volume is uniquely identified by its ID.
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
## Syntax
@ -28,7 +28,7 @@ An `aws_ebs_volumes` resource block collects a group of EBS volumes and then tes
its('volume_ids.count') { should cmp 3 }
end
# Use the InSpec resource to enumerate IDs, then test in-depth using `aws_ebs_volume`.
# Use the Chef InSpec resource to enumerate IDs, then test in-depth using `aws_ebs_volume`.
aws_ebs_volumes.volume_ids.each do |volume_id|
describe aws_ebs_volume(volume_id) do
it { should exist }

8
docs/resources/aws_ec2_instance.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_ec2\_instance
Use the `aws_ec2_instance` InSpec audit resource to test properties of a single AWS EC2 instance.
Use the `aws_ec2_instance` Chef InSpec audit resource to test properties of a single AWS EC2 instance.
<br>
@ -13,7 +13,7 @@ Use the `aws_ec2_instance` InSpec audit resource to test properties of a single
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -35,7 +35,7 @@ An `aws_ec2_instance` resource block declares the tests for a single AWS EC2 ins
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test that an EC2 instance does not exist
@ -71,7 +71,7 @@ The following examples show how to use this InSpec audit resource.
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### be\_pending

6
docs/resources/aws_ec2_instances.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_ec2\_instances
Use the `aws_ec2_instances` InSpec audit resource to test properties of some or all AWS EC2 instances. To audit a single EC2 instance, use `aws_ec2_instance` (singular).
Use the `aws_ec2_instances` Chef InSpec audit resource to test properties of some or all AWS EC2 instances. To audit a single EC2 instance, use `aws_ec2_instance` (singular).
EC2 instances are the basic unit of computing within AWS. An instance is a virtual machine that contains a running OS, and may be created or destroyed by code.
@ -17,7 +17,7 @@ Each EC2 instance is uniquely identified by its ID.
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -32,7 +32,7 @@ An `aws_ec2_instances` resource block collects a group of EC2 Instances and then
its('instance_ids.count') { should cmp 3 }
end
# Use the InSpec resource to enumerate IDs, then test in-depth using `aws_ec2_instance`.
# Use the Chef InSpec resource to enumerate IDs, then test in-depth using `aws_ec2_instance`.
aws_ec2_instances.instance_ids.each do |instance_id|
describe aws_ec2_instance(instance_id) do
its('key_name') { should cmp 'admin-ssh-key' }

4
docs/resources/aws_eks_cluster.md.erb
View file

@ -14,7 +14,7 @@ An `aws_eks_cluster` resource block declares the tests for a single EKS Cluster
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test that an EKS Cluster does not exist
@ -180,7 +180,7 @@ Using the resource together with other AWS resources.
## Matchers
This InSpec audit resource has no special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has no special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
## AWS Permissions

8
docs/resources/aws_elb.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_elb
Use the `aws_elb` InSpec audit resource to test properties of a single AWS Elastic Load Balancer (ELB, also known as a Classic Load Balancer).
Use the `aws_elb` Chef InSpec audit resource to test properties of a single AWS Elastic Load Balancer (ELB, also known as a Classic Load Balancer).
To audit ELBs in bulk or to search, use `aws_elbs` (plural).
@ -15,7 +15,7 @@ To audit ELBs in bulk or to search, use `aws_elbs` (plural).
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -37,7 +37,7 @@ An `aws_elb` resource block declares the tests for a single AWS ELB by ELB name.
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test that an ELB does not exist
@ -144,7 +144,7 @@ Returns a String reflecting the ID of the VPC in which the ELB is located.
## Matchers
This InSpec audit resource has no special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has no special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
## AWS Permissions

6
docs/resources/aws_elbs.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_elbs
Use the `aws_elbs` InSpec audit resource to test properties of AWS Elastic Load Balancers (ELBs, also known as a Classic Load Balancers) in bulk, or to search for a group of them based on their properties.
Use the `aws_elbs` Chef InSpec audit resource to test properties of AWS Elastic Load Balancers (ELBs, also known as a Classic Load Balancers) in bulk, or to search for a group of them based on their properties.
To audit a specific ELB in detail when its name is known, use `aws_elb` (singular).
@ -15,7 +15,7 @@ To audit a specific ELB in detail when its name is known, use `aws_elb` (singula
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -229,7 +229,7 @@ An array of strings reflecting the ID of the VPCs in which the selected ELBs are
## Matchers
This InSpec audit resource has the following resource-specific matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following resource-specific matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
### exists

4
docs/resources/aws_flow_log.md.erb
View file

@ -5,13 +5,13 @@ platform: aws
# aws\_flow\_log
Use the `aws_flow_log` InSpec audit resource to test properties of a single Flow Log.
Use the `aws_flow_log` Chef InSpec audit resource to test properties of a single Flow Log.
## Availability
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version

8
docs/resources/aws_iam_access_key.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_iam\_access\_key
Use the `aws_iam_access_key` InSpec audit resource to test properties of a single AWS IAM access key.
Use the `aws_iam_access_key` Chef InSpec audit resource to test properties of a single AWS IAM access key.
<br>
@ -13,7 +13,7 @@ Use the `aws_iam_access_key` InSpec audit resource to test properties of a singl
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -56,7 +56,7 @@ You may also use both username and access key id to ensure that a particular key
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test that an IAM access key is not active
@ -124,7 +124,7 @@ The IAM user that owns this key.
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### be\_active

8
docs/resources/aws_iam_access_keys.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_iam\_access\_keys
Use the `aws_iam_access_keys` InSpec audit resource to test properties of some or all IAM Access Keys.
Use the `aws_iam_access_keys` Chef InSpec audit resource to test properties of some or all IAM Access Keys.
To test properties of a single Access Key, use the `aws_iam_access_key` resource instead.
To test properties of an individual user's access keys, use the `aws_iam_user` resource.
@ -18,7 +18,7 @@ Access Keys are closely related to AWS User resources. Use this resource to perf
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -47,7 +47,7 @@ An `aws_iam_access_keys` resource block uses an optional filter to select a grou
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Disallow access keys created more than 90 days ago
@ -191,7 +191,7 @@ Provides access to the raw results of the query. This can be useful for checking
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### exists

6
docs/resources/aws_iam_group.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_iam\_group
Use the `aws_iam_group` InSpec audit resource to test properties of a single IAM group.
Use the `aws_iam_group` Chef InSpec audit resource to test properties of a single IAM group.
To test properties of multiple or all groups, use the `aws_iam_groups` resource.
@ -15,7 +15,7 @@ To test properties of multiple or all groups, use the `aws_iam_groups` resource.
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -39,7 +39,7 @@ An `aws_iam_group` resource block identifies a group by group name.
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
As this is the initial release of `aws_iam_group`, its limited functionality precludes examples.

6
docs/resources/aws_iam_groups.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_iam\_groups
Use the `aws_iam_groups` InSpec audit resource to test properties of all or multiple groups.
Use the `aws_iam_groups` Chef InSpec audit resource to test properties of all or multiple groups.
To test properties of a single group, use the `aws_iam_group` resource.
@ -15,7 +15,7 @@ To test properties of a single group, use the `aws_iam_group` resource.
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -34,7 +34,7 @@ An `aws_iam_groups` resource block uses an optional filter to select a collectio
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
As this is the initial release of `aws_iam_groups`, its limited functionality precludes examples.

6
docs/resources/aws_iam_password_policy.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_iam\_password\_policy
Use the `aws_iam_password_policy` InSpec audit resource to test properties of the AWS IAM Password Policy.
Use the `aws_iam_password_policy` Chef InSpec audit resource to test properties of the AWS IAM Password Policy.
<br>
@ -13,7 +13,7 @@ Use the `aws_iam_password_policy` InSpec audit resource to test properties of th
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -35,7 +35,7 @@ An `aws_iam_password_policy` resource block takes no parameters. Several propert
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test that the IAM Password Policy requires lowercase characters, uppercase characters, numbers, symbols, and a minimum length greater than eight

6
docs/resources/aws_iam_policies.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_iam\_policies
Use the `aws_iam_policies` InSpec audit resource to test properties of some or all AWS IAM Policies.
Use the `aws_iam_policies` Chef InSpec audit resource to test properties of some or all AWS IAM Policies.
A policy is an entity in AWS that, when attached to an identity or resource, defines their permissions. AWS evaluates these policies when a principal, such as a user, makes a request. Permissions in the policies determine if the request is allowed or denied.
@ -17,7 +17,7 @@ Each IAM Policy is uniquely identified by either its `policy_name` or `arn`.
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -36,7 +36,7 @@ An `aws_iam_policies` resource block collects a group of IAM Policies and then t
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
As this is the initial release of `aws_iam_policies`, its limited functionality precludes examples.

8
docs/resources/aws_iam_policy.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_iam\_policy
Use the `aws_iam_policy` InSpec audit resource to test properties of a single managed AWS IAM Policy. Use `aws_iam_policies` to audit IAM policies in bulk.
Use the `aws_iam_policy` Chef InSpec audit resource to test properties of a single managed AWS IAM Policy. Use `aws_iam_policies` to audit IAM policies in bulk.
A policy defines the permissions of an identity or resource within AWS. AWS evaluates these policies when a principal, such as a user, makes a request. Policy permissions, also called "policy statements" in AWS, determine if a request is authorized -- and allow or deny it accordingly.
@ -17,7 +17,7 @@ Each IAM Policy is uniquely identified by either its policy\_name or arn.
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -46,7 +46,7 @@ An `aws_iam_policy` resource block identifies a policy by policy name.
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test that a policy does exist
@ -158,7 +158,7 @@ Returns the number of statements present in the `policy`.
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
### be\_attached

6
docs/resources/aws_iam_role.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_iam\_role
Use the `aws_iam_role` InSpec audit resource to test properties of a single IAM Role. A Role is a collection of permissions that may be temporarily assumed by a user, EC2 Instance, Lambda Function, or certain other resources.
Use the `aws_iam_role` Chef InSpec audit resource to test properties of a single IAM Role. A Role is a collection of permissions that may be temporarily assumed by a user, EC2 Instance, Lambda Function, or certain other resources.
<br>
@ -13,7 +13,7 @@ Use the `aws_iam_role` InSpec audit resource to test properties of a single IAM
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -58,7 +58,7 @@ A textual description of the IAM Role.
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### exist

8
docs/resources/aws_iam_root_user.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_iam\_root\_user
Use the `aws_iam_root_user` InSpec audit resource to test properties of the root user (owner of the account).
Use the `aws_iam_root_user` Chef InSpec audit resource to test properties of the root user (owner of the account).
To test properties of all or multiple users, use the `aws_iam_users` resource.
@ -17,7 +17,7 @@ To test properties of a specific AWS user use the `aws_iam_user` resource.
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -35,7 +35,7 @@ An `aws_iam_root_user` resource block requires no parameters but has several mat
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test that the AWS root account has at-least one access key
@ -53,7 +53,7 @@ The following examples show how to use this InSpec audit resource.
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### have\_mfa\_enabled

8
docs/resources/aws_iam_user.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_iam\_user
Use the `aws_iam_user` InSpec audit resource to test properties of a single AWS IAM user.
Use the `aws_iam_user` Chef InSpec audit resource to test properties of a single AWS IAM user.
To test properties of more than one user, use the `aws_iam_users` resource.
@ -17,7 +17,7 @@ To test properties of the special AWS root user (which owns the account), use th
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -35,7 +35,7 @@ An `aws_iam_user` resource block declares a user by name, and then lists tests t
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test that a user does not exist
@ -93,7 +93,7 @@ Returns a list of IAM Inline Policy Names as strings that identify the inline po
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [universal matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [universal matchers page](https://www.inspec.io/docs/reference/matchers/).
### have\_attached\_policies

8
docs/resources/aws_iam_users.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_iam\_users
Use the `aws_iam_users` InSpec audit resource to test properties of a all or multiple users.
Use the `aws_iam_users` Chef InSpec audit resource to test properties of a all or multiple users.
To test properties of a single user, use the `aws_iam_user` resource.
@ -17,7 +17,7 @@ To test properties of the special AWS root user (which owns the account), use th
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -41,7 +41,7 @@ An `aws_iam_users` resource block uses a filter to select a group of users and t
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test that all users have Multi-Factor Authentication enabled
@ -232,7 +232,7 @@ Array of strings. Each entry is the name of a user that matched. There will be e
## Matchers
This InSpec audit resource has the following resource-specific matchers.
This Chef InSpec audit resource has the following resource-specific matchers.
For a full list of available matchers, please visit our [universal matchers page](https://www.inspec.io/docs/reference/matchers/).
As a plural resource, all matchers beginning with `have_` will return true if _any_ of the selected users match.

8
docs/resources/aws_kms_key.md.erb
View file

@ -4,7 +4,7 @@ title: About the aws_kms_key Resource
# aws\_kms\_key
Use the `aws_kms_key` InSpec audit resource to test properties of a single AWS KMS Key.
Use the `aws_kms_key` Chef InSpec audit resource to test properties of a single AWS KMS Key.
Use aws_kms_key to verify the properties of a single key. Use aws_kms_keys to verify the properties of all or a group of keys.
@ -18,7 +18,7 @@ Each AWS KMS Key is uniquely identified by its key_id or arn.
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -47,7 +47,7 @@ An aws_kms_key resource block identifies a key by key_arn or the key id.
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test that the specified key does exist
@ -139,7 +139,7 @@ Provides the date and time until the key is not valid. Once the key is not vali
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers (such as `exist`) please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers (such as `exist`) please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### be\_enabled

8
docs/resources/aws_kms_keys.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_kms\_keys
Use the `aws_kms_keys` InSpec audit resource to test properties of some or all AWS KMS Keys.
Use the `aws_kms_keys` Chef InSpec audit resource to test properties of some or all AWS KMS Keys.
AWS Key Management Service (KMS) is a managed service that makes creating and controlling your encryption keys for your data easier. KMS uses Hardware Security Modules (HSMs) to protect the security of your keys.
@ -19,7 +19,7 @@ Each AWS KMS Key is uniquely identified by its key-id or key-arn.
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -38,7 +38,7 @@ An `aws_kms_keys` resource block uses an optional filter to select a group of KM
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
As this is the initial release of `aws_kms_keys`, its limited functionality precludes examples.
@ -81,7 +81,7 @@ Provides a list of key ids for all KMS Keys in the AWS account.
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### exists

8
docs/resources/aws_rds_instance.md.erb
View file

@ -4,7 +4,7 @@ title: About the aws_rds_instance Resource
# aws\_rds\_instance
Use the `aws_rds_instance` InSpec audit resource to test detailed properties of an individual RDS instance.
Use the `aws_rds_instance` Chef InSpec audit resource to test detailed properties of an individual RDS instance.
RDS gives you access to the capabilities of a MySQL, MariaDB, PostgreSQL, Microsoft SQL Server, Oracle, or Amazon Aurora database server.
@ -14,7 +14,7 @@ RDS gives you access to the capabilities of a MySQL, MariaDB, PostgreSQL, Micros
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -40,7 +40,7 @@ An `aws_rds_instance` resource block uses resource parameters to search for an R
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
As this is the initial release of `aws_rds_instance`, its limited functionality precludes examples.
@ -48,7 +48,7 @@ As this is the initial release of `aws_rds_instance`, its limited functionality
## Resource Parameters
This InSpec resource accepts the following parameters, which are used to search for the RDS instance.
This Chef InSpec resource accepts the following parameters, which are used to search for the RDS instance.
### exists

4
docs/resources/aws_route_table.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_route\_table
Use the `aws_route_table` InSpec audit resource to test properties of a single Route Table. A route table contains a set of rules, called routes, that are used to determine where network traffic is directed.
Use the `aws_route_table` Chef InSpec audit resource to test properties of a single Route Table. A route table contains a set of rules, called routes, that are used to determine where network traffic is directed.
<br>
@ -13,7 +13,7 @@ Use the `aws_route_table` InSpec audit resource to test properties of a single R
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version

4
docs/resources/aws_route_tables.md.erb
View file

@ -4,7 +4,7 @@ title: About the aws_route_tables Resource
# aws\_route\_table
Use the `aws_route_tables` InSpec audit resource to test properties of all or a group of Route Tables. A Route Table contains a set of rules, called routes, that are used to determine where network traffic is directed.
Use the `aws_route_tables` Chef InSpec audit resource to test properties of all or a group of Route Tables. A Route Table contains a set of rules, called routes, that are used to determine where network traffic is directed.
<br>
@ -12,7 +12,7 @@ Use the `aws_route_tables` InSpec audit resource to test properties of all or a
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version

8
docs/resources/aws_s3_bucket.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_s3\_bucket
Use the `aws_s3_bucket` InSpec audit resource to test properties of a single AWS bucket.
Use the `aws_s3_bucket` Chef InSpec audit resource to test properties of a single AWS bucket.
To test properties of a multiple S3 buckets, use the `aws_s3_buckets` resource.
@ -25,7 +25,7 @@ In particular, users of the `be_public` matcher should carefully examine the con
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -48,7 +48,7 @@ An `aws_s3_bucket` resource block declares a bucket by name, and then lists test
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test the bucket-level ACL
@ -123,7 +123,7 @@ If there is no bucket policy, this property returns an empty array.
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### be\_public

8
docs/resources/aws_s3_bucket_object.md.erb
View file

@ -4,7 +4,7 @@ title: About the aws_s3_bucket_object Resource
# aws\_s3\_bucket\_object
Use the `aws_s3_bucket_object` InSpec audit resource to test properties of a single AWS bucket object.
Use the `aws_s3_bucket_object` Chef InSpec audit resource to test properties of a single AWS bucket object.
Each S3 Object has a 'key' which can be thought of as the name of the S3 Object which uniquely identifies it.
@ -21,7 +21,7 @@ As of January 2018, this resource supports evaluating S3 Object ACLs. In particu
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -40,7 +40,7 @@ An `aws_s3_bucket_object` resource block declares a bucket and an object key by
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test a object's object-level ACL
@ -79,7 +79,7 @@ The value of object_acl is an Array of simple objects. Each object has a `permi
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers (such as `exist`) please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers (such as `exist`) please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### be\_public

8
docs/resources/aws_s3_buckets.md.erb
View file

@ -4,9 +4,9 @@ title: About the aws_s3_buckets Resource
# aws\_s3\_buckets
Use the `aws_s3_buckets` InSpec audit resource to list all buckets in a single account.
Use the `aws_s3_buckets` Chef InSpec audit resource to list all buckets in a single account.
Use the `aws_s3_bucket` InSpec audit resource to perform in-depth auditing of a single S3 bucket.
Use the `aws_s3_bucket` Chef InSpec audit resource to perform in-depth auditing of a single S3 bucket.
<br>
@ -14,7 +14,7 @@ Use the `aws_s3_bucket` InSpec audit resource to perform in-depth auditing of a
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -32,7 +32,7 @@ An `aws_s3_buckets` resource block takes no arguments
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
As this is the initial release of `aws_s3_buckets`, its limited functionality precludes examples.

10
docs/resources/aws_security_group.md.erb
View file

@ -4,7 +4,7 @@ title: About the aws_security_group Resource
# aws\_security\_group
Use the `aws_security_group` InSpec audit resource to test detailed properties of an individual Security Group (SG).
Use the `aws_security_group` Chef InSpec audit resource to test detailed properties of an individual Security Group (SG).
SGs are a networking construct which contain ingress and egress rules for network communications. SGs may be attached to EC2 instances, as well as certain other AWS resources. Along with Network Access Control Lists, SGs are one of the two main mechanisms of enforcing network-level security.
@ -20,7 +20,7 @@ While this resource provides facilities for searching inbound and outbound rules
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -59,7 +59,7 @@ An `aws_security_group` resource block uses resource parameters to search for an
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
# Ensure that the linux_servers Security Group permits
# SSH from the 10.5.0.0/16 range, but not the world.
@ -118,7 +118,7 @@ The following examples show how to use this InSpec audit resource.
## Resource Parameters
This InSpec resource accepts the following parameters, which are used to search for the Security Group.
This Chef InSpec resource accepts the following parameters, which are used to search for the Security Group.
### id, group\_id
@ -254,7 +254,7 @@ A String in the format 'vpc-' followed by 8 hexadecimal characters reflecting VP
## Matchers
This InSpec audit resource has the following special matchers. For a full list of additional available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of additional available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
* [`allow_in`](#allow_in), [`allow_in_only`](#allow_in_only), [`allow_out`](#allow_out), [`allow_out_only`](#allow_out_only)

8
docs/resources/aws_security_groups.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_security\_groups
Use the `aws_security_groups` InSpec audit resource to test properties of some or all security groups.
Use the `aws_security_groups` Chef InSpec audit resource to test properties of some or all security groups.
Security groups are a networking construct that contain ingress and egress rules for network communications. Security groups may be attached to EC2 instances, as well as certain other AWS resources. Along with Network Access Control Lists, Security Groups are one of the two main mechanisms of enforcing network-level security.
@ -15,7 +15,7 @@ Security groups are a networking construct that contain ingress and egress rules
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -34,7 +34,7 @@ An `aws_security_groups` resource block uses an optional filter to select a grou
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
As this is the initial release of `aws_security_groups`, its limited functionality precludes examples.
@ -89,7 +89,7 @@ Provides a list of all security group IDs matched.
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### exists

8
docs/resources/aws_sns_subscription.md.erb
View file

@ -4,7 +4,7 @@ title: About the aws_sns_subscription Resource
# aws\_sns\_subscription
Use the `aws_sns_subscription` InSpec audit resource to test detailed properties of a AWS SNS Subscription.
Use the `aws_sns_subscription` Chef InSpec audit resource to test detailed properties of a AWS SNS Subscription.
<br>
@ -12,7 +12,7 @@ Use the `aws_sns_subscription` InSpec audit resource to test detailed properties
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -30,7 +30,7 @@ An `aws_sns_subscription` resource block uses resource parameters to search for
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
As this is the initial release of `aws_sns_subscription`, its limited functionality precludes examples.
@ -38,7 +38,7 @@ As this is the initial release of `aws_sns_subscription`, its limited functional
## Resource Parameters
This InSpec resource accepts the following parameters, which are used to search for the Security Group.
This Chef InSpec resource accepts the following parameters, which are used to search for the Security Group.
### subscription\_arn

6
docs/resources/aws_sns_topic.md.erb
View file

@ -4,7 +4,7 @@ title: About the aws_sns_topic Resource
# aws\_sns\_topic
Use the `aws_sns_topic` InSpec audit resource to test properties of a single AWS Simple Notification Service Topic. SNS topics are channels for related events. AWS resources place events in the SNS topic, while other AWS resources _subscribe_ to receive notifications when new events have appeared.
Use the `aws_sns_topic` Chef InSpec audit resource to test properties of a single AWS Simple Notification Service Topic. SNS topics are channels for related events. AWS resources place events in the SNS topic, while other AWS resources _subscribe_ to receive notifications when new events have appeared.
<br>
@ -12,7 +12,7 @@ Use the `aws_sns_topic` InSpec audit resource to test properties of a single AWS
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -56,7 +56,7 @@ An integer indicating the number of currently active subscriptions.
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### exist

8
docs/resources/aws_sns_topics.md.erb
View file

@ -3,9 +3,9 @@ title: About the aws_sns_topics Resource
---
# aws\_sns\_topics
Use the `aws_sns_topics` InSpec audit resource to test all or a group of the SNS Topic ARNs in an account.
Use the `aws_sns_topics` Chef InSpec audit resource to test all or a group of the SNS Topic ARNs in an account.
User the 'aws_sns_topic' InSpec audit resource to test a single SNS Topic in an account.
User the 'aws_sns_topic' Chef InSpec audit resource to test a single SNS Topic in an account.
<br>
@ -13,7 +13,7 @@ User the 'aws_sns_topic' InSpec audit resource to test a single SNS Topic in an
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -32,7 +32,7 @@ An `aws_sns_topics` resource block takes no filter conditions.
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
As this is the initial release of `aws_sns_topics`, its limited functionality precludes examples.

6
docs/resources/aws_sqs_queue.md.erb
View file

@ -4,7 +4,7 @@ title: About the aws_sqs_queue Resource
# aws\_sqs\_queue
Use the `aws_sqs_queue` InSpec audit resource to test properties of a single AWS Simple Queue Service queue.
Use the `aws_sqs_queue` Chef InSpec audit resource to test properties of a single AWS Simple Queue Service queue.
<br>
@ -12,7 +12,7 @@ Use the `aws_sqs_queue` InSpec audit resource to test properties of a single AWS
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -104,7 +104,7 @@ A boolean value indicate if content based dedcuplication is enabled or not
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### exist

8
docs/resources/aws_subnet.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_subnet
Use the `aws_subnet` InSpec audit resource to test properties of a vpc subnet.
Use the `aws_subnet` Chef InSpec audit resource to test properties of a vpc subnet.
To test properties of a single VPC subnet, use the `aws_subnet` resource.
@ -17,7 +17,7 @@ To test properties of all or a group of VPC subnets, use the `aws_subnets` resou
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -36,7 +36,7 @@ An `aws_subnet` resource block uses the parameter to select a VPC and a subnet i
## Resource Parameters
This InSpec resource accepts the following parameters, which are used to search for the VPCs subnet.
This Chef InSpec resource accepts the following parameters, which are used to search for the VPCs subnet.
### subnet\_id
@ -101,7 +101,7 @@ Provides the ID of the VPC the subnet is in.
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### assigning\_ipv\_6\_address\_on\_creation

6
docs/resources/aws_subnets.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_subnets
Use the `aws_subnets` InSpec audit resource to test properties of some or all subnets.
Use the `aws_subnets` Chef InSpec audit resource to test properties of some or all subnets.
Subnets are networks within a VPC that can have their own block of IP address's and ACL's.
VPCs span across all availability zones in AWS, while a subnet in a VPC can only span a single availability zone.
@ -17,7 +17,7 @@ Separating IP addresses allows for protection if there is a failure in one avail
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -37,7 +37,7 @@ An `aws_subnets` resource block uses an optional filter to select a group of sub
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
As this is the initial release of `aws_subnets`, its limited functionality precludes examples.

8
docs/resources/aws_vpc.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_vpc
Use the `aws_vpc` InSpec audit resource to test properties of a single AWS Virtual Private Cloud (VPC).
Use the `aws_vpc` Chef InSpec audit resource to test properties of a single AWS Virtual Private Cloud (VPC).
To test properties of all or multiple VPCs, use the `aws_vpcs` resource.
@ -21,7 +21,7 @@ Every AWS account has at least one VPC, the "default" VPC, in every region.
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -50,7 +50,7 @@ An `aws_vpc` resource block identifies a VPC by id. If no VPC ID is provided, th
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test that a VPC does not exist
@ -122,7 +122,7 @@ The ID of the VPC.
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### be\_default

8
docs/resources/aws_vpcs.md.erb
View file

@ -5,7 +5,7 @@ platform: aws
# aws\_vpcs
Use the `aws_vpcs` InSpec audit resource to test properties of some or all AWS Virtual Private Clouds (VPCs).
Use the `aws_vpcs` Chef InSpec audit resource to test properties of some or all AWS Virtual Private Clouds (VPCs).
A VPC is a networking construct that provides an isolated environment. A VPC is contained in a geographic region, but spans availability zones in that region. A VPC may have multiple subnets, internet gateways, and other networking resources. Computing resources--such as EC2 instances--reside on subnets within the VPC.
@ -19,7 +19,7 @@ Every AWS account has at least one VPC, the "default" VPC, in every region.
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -45,7 +45,7 @@ An `aws_vpcs` resource block uses an optional filter to select a group of VPCs a
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Check for a Particular VPC ID
@ -117,7 +117,7 @@ The vpc_ids property provides a list of the IDs of the matched VPCs.
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
### exists

14
docs/resources/azure_generic_resource.md.erb
View file

@ -4,15 +4,15 @@ title: About the azure_generic_resource Resource
# azure\_generic\_resource
<p class="warning">This resource is deprecated and should not be used. It will be removed in InSpec 3.0.</p>
<p class="warning">This resource is deprecated and should not be used. It will be removed in Chef InSpec 3.0.</p>
Use the `azure_generic_resource` InSpec audit resource to test any valid Azure Resource. This is very useful if you need to test something that we do not yet have a specific InSpec resource for.
Use the `azure_generic_resource` Chef InSpec audit resource to test any valid Azure Resource. This is very useful if you need to test something that we do not yet have a specific Chef InSpec resource for.
## Availability
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -98,13 +98,13 @@ When the options have been set as well as the environment variables, the environ
The properties that can be tested are entirely dependent on the Azure Resource that is under scrutiny. That means the properties vary. The best way to see what is available please use the [Azure Resources Portal](https://resources.azure.com) to select the resource you are interested in and see what can be tested.
This resource allows you to test _any_ valid Azure Resource. The trade off for this is that the language to check each item is not as natural as it would be for a native InSpec resource.
This resource allows you to test _any_ valid Azure Resource. The trade off for this is that the language to check each item is not as natural as it would be for a native Chef InSpec resource.
<br>
## Property Examples
The following examples show how to use some of the InSpec audit properties:
The following examples show how to use some of the Chef InSpec audit properties:
### Tests the virtual machine's location
@ -172,7 +172,7 @@ The following examples show how to use some of the InSpec audit properties:
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
<br>
@ -180,4 +180,4 @@ This InSpec audit resource has the following special matchers. For a full list o
Please see the integration tests for in depth examples of how this resource can be used.
[InSpec Integration Tests for Azure Generic Resources](https://github.com/chef/inspec/tree/master/test/integration/azure/verify/controls)
[Chef InSpec Integration Tests for Azure Generic Resources](https://github.com/chef/inspec/tree/master/test/integration/azure/verify/controls)

8
docs/resources/azure_resource_group.md.erb
View file

@ -5,13 +5,13 @@ platform: azure
# azure\_resource\_group\_resource\_counts
Use the `azure_resource_group_resource_counts` InSpec audit resource to check the number of Azure resources in a resource group.
Use the `azure_resource_group_resource_counts` Chef InSpec audit resource to check the number of Azure resources in a resource group.
## Availability
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -33,7 +33,7 @@ where
## Examples
The following examples show how to use this InSpec audit resource:
The following examples show how to use this Chef InSpec audit resource:
### Ensure the Resource Group has the correct number of resources
@ -105,7 +105,7 @@ When the options have been set as well as the environment variables, the environ
## Property Examples
This InSpec audit resource has the following properties:
This Chef InSpec audit resource has the following properties:
### name

10
docs/resources/azure_virtual_machine.md.erb
View file

@ -5,13 +5,13 @@ platform: azure
# azure\_virtual\_machine
Use the `azure_virtual_machine` InSpec audit resource to ensure that a Virtual Machine has been provisioned correctly.
Use the `azure_virtual_machine` Chef InSpec audit resource to ensure that a Virtual Machine has been provisioned correctly.
## Availability
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -34,7 +34,7 @@ where
## Examples
The following examples show to use this InSpec audit resource.
The following examples show to use this Chef InSpec audit resource.
### Check that the first data disk is of the correct size
@ -94,7 +94,7 @@ When the options have been set as well as the environment variables, the environ
## Property Examples
This InSpec audit resource has the following properties that can be tested:
This Chef InSpec audit resource has the following properties that can be tested:
### type
@ -262,7 +262,7 @@ If boot diagnostics are enabled for the machine they will be saved in a storage
There are a number of built in comparison operators that are available to test the result with an expected value.
For information on all that are available please refer to the [InSpec Matchers Reference](https://www.inspec.io/docs/reference/matchers/) page.
For information on all that are available please refer to the [Chef InSpec Matchers Reference](https://www.inspec.io/docs/reference/matchers/) page.
### boot\_diagnostics?

6
docs/resources/azure_virtual_machine_data_disk.md.erb
View file

@ -11,7 +11,7 @@ Use this resource to ensure that a specific data disk attached to a machine has
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -36,7 +36,7 @@ where
## Examples
The following examples show to use this InSpec audit resource.
The following examples show to use this Chef InSpec audit resource.
### Check that the first data disk is of the correct size
@ -209,7 +209,7 @@ This is derived from the `id`.
## Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
The following properties are applied to the virtual machine itself and not specific disks.

4
docs/resources/bash.md.erb
View file

@ -5,7 +5,7 @@ platform: linux
# bash
Use the `bash` InSpec audit resource to test an arbitrary command that is run on the system using a Bash script.
Use the `bash` Chef InSpec audit resource to test an arbitrary command that is run on the system using a Bash script.
<br>
@ -13,7 +13,7 @@ Use the `bash` InSpec audit resource to test an arbitrary command that is run on
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version

6
docs/resources/bond.md.erb
View file

@ -5,7 +5,7 @@ platform: linux
# bond
Use the `bond` InSpec audit resource to test a logical, bonded network interface (i.e. "two or more network interfaces aggregated into a single, logical network interface"). On Linux platforms, any value in the `/proc/net/bonding` directory may be tested.
Use the `bond` Chef InSpec audit resource to test a logical, bonded network interface (i.e. "two or more network interfaces aggregated into a single, logical network interface"). On Linux platforms, any value in the `/proc/net/bonding` directory may be tested.
<br>
@ -13,7 +13,7 @@ Use the `bond` InSpec audit resource to test a logical, bonded network interface
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -36,7 +36,7 @@ where
## Property Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### content

4
docs/resources/bridge.md.erb
View file

@ -5,7 +5,7 @@ platform: linux
# bridge
Use the `bridge` InSpec audit resource to test basic network bridge properties, such as name, if an interface is defined, and the associations for any defined interface.
Use the `bridge` Chef InSpec audit resource to test basic network bridge properties, such as name, if an interface is defined, and the associations for any defined interface.
<br>
@ -13,7 +13,7 @@ Use the `bridge` InSpec audit resource to test basic network bridge properties,
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version

4
docs/resources/bsd_service.md.erb
View file

@ -5,7 +5,7 @@ platform: linux
# bsd_service
Use the `bsd_service` InSpec audit resource to test a service using a Berkeley OS-style `init` on the FreeBSD platform.
Use the `bsd_service` Chef InSpec audit resource to test a service using a Berkeley OS-style `init` on the FreeBSD platform.
<br>
@ -13,7 +13,7 @@ Use the `bsd_service` InSpec audit resource to test a service using a Berkeley O
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version

6
docs/resources/chocolatey_package.md.erb
View file

@ -5,7 +5,7 @@ platform: windows
# chocolatey_package
Use the `chocolatey_package` InSpec audit resource to test if the named [Chocolatey](https://chocolatey.org/) package and/or package version is installed on the system.
Use the `chocolatey_package` Chef InSpec audit resource to test if the named [Chocolatey](https://chocolatey.org/) package and/or package version is installed on the system.
<br>
@ -13,7 +13,7 @@ Use the `chocolatey_package` InSpec audit resource to test if the named [Chocola
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -36,7 +36,7 @@ where
## Examples
The following examples show how to use this InSpec audit resource
The following examples show how to use this Chef InSpec audit resource
### Test if NSSM version 2.1.0 is installed

8
docs/resources/command.md.erb
View file

@ -5,7 +5,7 @@ platform: os
# command
Use the `command` InSpec audit resource to test an arbitrary command that is run on the system.
Use the `command` Chef InSpec audit resource to test an arbitrary command that is run on the system.
<br>
@ -13,7 +13,7 @@ Use the `command` InSpec audit resource to test an arbitrary command that is run
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -38,7 +38,7 @@ where
## Property Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### exit_status
@ -136,7 +136,7 @@ Wix includes several tools -- such as `candle` (preprocesses and compiles source
### Redacting Sensitive Commands
By default the command that is ran is shown in the InSpec output. This can be problematic if the command contains sensitive arguments such as a password. These sensitive parts can be redacted by passing in `redact_regex` and a regular expression to redact. Optionally, you can use 2 capture groups to fine tune what is redacted.
By default the command that is ran is shown in the Chef InSpec output. This can be problematic if the command contains sensitive arguments such as a password. These sensitive parts can be redacted by passing in `redact_regex` and a regular expression to redact. Optionally, you can use 2 capture groups to fine tune what is redacted.
The following examples show how to use `redact_regex`:

6
docs/resources/cpan.md.erb
View file

@ -5,7 +5,7 @@ platform: linux
# cpan
Use the `cpan` InSpec audit resource to test Perl modules that are installed by system packages or the CPAN installer.
Use the `cpan` Chef InSpec audit resource to test Perl modules that are installed by system packages or the CPAN installer.
<br>
@ -13,7 +13,7 @@ Use the `cpan` InSpec audit resource to test Perl modules that are installed by
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -68,7 +68,7 @@ Hint: You can pass multiple paths separated with a colon
## Property Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### version

8
docs/resources/cran.md.erb
View file

@ -5,7 +5,7 @@ platform: linux
# cran
Use the `cran` InSpec audit resource to test R modules that are installed from CRAN package repository.
Use the `cran` Chef InSpec audit resource to test R modules that are installed from CRAN package repository.
<br>
@ -13,7 +13,7 @@ Use the `cran` InSpec audit resource to test R modules that are installed from C
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -36,7 +36,7 @@ where
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test if DBI is installed on the system
@ -65,7 +65,7 @@ The `version` property tests if the named package version is on the system:
## Matchers
This InSpec audit resource has the following matchers:
This Chef InSpec audit resource has the following matchers:
### be_installed

8
docs/resources/crontab.md.erb
View file

@ -5,7 +5,7 @@ platform: linux
# crontab
Use the `crontab` InSpec audit resource to test the crontab entries for a particular user on the system. It recognizes special time strings (@yearly, @weekly, etc).
Use the `crontab` Chef InSpec audit resource to test the crontab entries for a particular user on the system. It recognizes special time strings (@yearly, @weekly, etc).
<br>
@ -13,7 +13,7 @@ Use the `crontab` InSpec audit resource to test the crontab entries for a partic
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -39,7 +39,7 @@ Note that only the path or the user (and not both) should be supplied as argumen
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test that root's crontab has a particular command
@ -102,7 +102,7 @@ end
its('commands') { should include '/some/scheduled/task.sh' }
end
InSpec will automatically interpret crontab-supported special time strings. For example, a crontab entry set to run `@yearly` can be tested as if the entry was manually configured to run on January 1, 12 AM.
Chef InSpec will automatically interpret crontab-supported special time strings. For example, a crontab entry set to run `@yearly` can be tested as if the entry was manually configured to run on January 1, 12 AM.
<br>

6
docs/resources/csv.md.erb
View file

@ -5,7 +5,7 @@ platform: os
# csv
Use the `csv` InSpec audit resource to test configuration data in a CSV file.
Use the `csv` Chef InSpec audit resource to test configuration data in a CSV file.
<br>
@ -13,7 +13,7 @@ Use the `csv` InSpec audit resource to test configuration data in a CSV file.
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -37,7 +37,7 @@ where
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test a CSV file

4
docs/resources/dh_params.md.erb
View file

@ -5,7 +5,7 @@ platform: linux
# dh_params
Use the `dh_params` InSpec audit resource to test Diffie-Hellman (DH) parameters.
Use the `dh_params` Chef InSpec audit resource to test Diffie-Hellman (DH) parameters.
<br>
@ -13,7 +13,7 @@ Use the `dh_params` InSpec audit resource to test Diffie-Hellman (DH) parameters
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version

4
docs/resources/directory.md.erb
View file

@ -5,7 +5,7 @@ platform: os
# directory
Use the `directory` InSpec audit resource to test if the file type is a directory. This is equivalent to using the [`file` resource](https://www.inspec.io/docs/reference/resources/file/) and the `be_directory` matcher, but provides a simpler and more direct way to test directories.
Use the `directory` Chef InSpec audit resource to test if the file type is a directory. This is equivalent to using the [`file` resource](https://www.inspec.io/docs/reference/resources/file/) and the `be_directory` matcher, but provides a simpler and more direct way to test directories.
<br>
@ -13,7 +13,7 @@ Use the `directory` InSpec audit resource to test if the file type is a director
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version

6
docs/resources/docker.md.erb
View file

@ -5,7 +5,7 @@ platform: linux
# docker
Use the `docker` InSpec audit resource to test configuration data for the Docker daemon. It is a very comprehensive resource. See also: [docker_container](https://www.inspec.io/docs/reference/resources/docker_container/) and [docker_image](https://www.inspec.io/docs/reference/resources/docker_image/), too.
Use the `docker` Chef InSpec audit resource to test configuration data for the Docker daemon. It is a very comprehensive resource. See also: [docker_container](https://www.inspec.io/docs/reference/resources/docker_container/) and [docker_image](https://www.inspec.io/docs/reference/resources/docker_image/), too.
<br>
@ -13,7 +13,7 @@ Use the `docker` InSpec audit resource to test configuration data for the Docker
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -58,7 +58,7 @@ where
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Return all running containers

6
docs/resources/docker_container.md.erb
View file

@ -5,7 +5,7 @@ platform: linux
# docker_container
Use the `docker_container` InSpec audit resource to test a Docker container.
Use the `docker_container` Chef InSpec audit resource to test a Docker container.
<br>
@ -13,7 +13,7 @@ Use the `docker_container` InSpec audit resource to test a Docker container.
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -60,7 +60,7 @@ Alternatively, you can pass in the container id:
## Property Examples
The following examples show how to use this InSpec resource.
The following examples show how to use this Chef InSpec resource.
### id

4
docs/resources/docker_image.md.erb
View file

@ -5,7 +5,7 @@ platform: linux
# docker_image
Use the `docker_image` InSpec audit resource to verify a Docker image.
Use the `docker_image` Chef InSpec audit resource to verify a Docker image.
<br>
@ -13,7 +13,7 @@ Use the `docker_image` InSpec audit resource to verify a Docker image.
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version

2
docs/resources/docker_plugin.md.erb
View file

@ -5,7 +5,7 @@ platform: linux
# docker_plugin
Use the `docker_plugin` InSpec audit resource to verify a Docker plugin.
Use the `docker_plugin` Chef InSpec audit resource to verify a Docker plugin.
<br>

6
docs/resources/docker_service.md.erb
View file

@ -5,7 +5,7 @@ platform: linux
# docker_service
Use the `docker_service` InSpec audit resource to verify a docker swarm service.
Use the `docker_service` Chef InSpec audit resource to verify a docker swarm service.
<br>
@ -13,7 +13,7 @@ Use the `docker_service` InSpec audit resource to verify a docker swarm service.
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -50,7 +50,7 @@ You can also pass in the fully-qualified image:
## Property Examples
The following examples show how to use InSpec `docker_service` resource.
The following examples show how to use Chef InSpec `docker_service` resource.
### id

4
docs/resources/elasticsearch.md.erb
View file

@ -6,7 +6,7 @@ platform: linux
# elasticsearch
Use the `elasticsearch` resource to test the status of a node against a running
Elasticsearch cluster. InSpec retrieves the node list from the cluster node URL
Elasticsearch cluster. Chef InSpec retrieves the node list from the cluster node URL
provided (defaults to `http://localhost:9200`) and provides the ability to query
a variety of settings and statuses.
@ -16,7 +16,7 @@ a variety of settings and statuses.
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version

4
docs/resources/etc_fstab.md.erb
View file

@ -5,7 +5,7 @@ platform: linux
# etc_fstab
Use the `etc_fstab` InSpec audit resource to test information about all partitions and storage devices on a Linux system.
Use the `etc_fstab` Chef InSpec audit resource to test information about all partitions and storage devices on a Linux system.
<br>
@ -13,7 +13,7 @@ Use the `etc_fstab` InSpec audit resource to test information about all partitio
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version

6
docs/resources/etc_group.md.erb
View file

@ -5,7 +5,7 @@ platform: linux
# etc_group
Use the `etc_group` InSpec audit resource to test groups that are defined on Linux and Unix platforms. The `/etc/group` file stores details about each group: group name, password, group identifier, along with a comma-separate list of users that belong to the group.
Use the `etc_group` Chef InSpec audit resource to test groups that are defined on Linux and Unix platforms. The `/etc/group` file stores details about each group: group name, password, group identifier, along with a comma-separate list of users that belong to the group.
<br>
@ -13,7 +13,7 @@ Use the `etc_group` InSpec audit resource to test groups that are defined on Lin
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
This resource is distributed along with Chef InSpec itself. You can use it automatically.
### Version
@ -51,7 +51,7 @@ where
## Examples
The following examples show how to use this InSpec audit resource.
The following examples show how to use this Chef InSpec audit resource.
### Test group identifiers (GIDs) for duplicates

Some files were not shown because too many files have changed in this diff Show more