Merge branch 'master' into mj/tktk

This commit is contained in:
Miah Johnson 2020-01-24 11:38:47 -08:00 committed by GitHub
commit 88164b058a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 86 additions and 27 deletions

View file

@ -1,19 +1,24 @@
# Change Log
<!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
<!-- latest_release 4.18.61 -->
## [v4.18.61](https://github.com/inspec/inspec/tree/v4.18.61) (2020-01-15)
<!-- latest_release 4.18.64 -->
## [v4.18.64](https://github.com/inspec/inspec/tree/v4.18.64) (2020-01-24)
#### Merged Pull Requests
- Fixed duplicate groups on osx by merging members by gid. [#4833](https://github.com/inspec/inspec/pull/4833) ([zenspider](https://github.com/zenspider))
- Refactor some of resources/service.rb [#4849](https://github.com/inspec/inspec/pull/4849) ([zenspider](https://github.com/zenspider))
<!-- latest_release -->
<!-- release_rollup since=4.18.51 -->
### Changes since 4.18.51 release
#### New Features
- Add: certificate content x509_certificate [#4845](https://github.com/inspec/inspec/pull/4845) ([frezbo](https://github.com/frezbo)) <!-- 4.18.63 -->
#### Bug Fixes
- upstream is basic_auth_only not basic_auth [#4834](https://github.com/inspec/inspec/pull/4834) ([shawnifoley](https://github.com/shawnifoley)) <!-- 4.18.60 -->
#### Merged Pull Requests
- Refactor some of resources/service.rb [#4849](https://github.com/inspec/inspec/pull/4849) ([zenspider](https://github.com/zenspider)) <!-- 4.18.64 -->
- Windows 7 EOL Docs Update [#4841](https://github.com/inspec/inspec/pull/4841) ([mjingle](https://github.com/mjingle)) <!-- 4.18.62 -->
- Fixed duplicate groups on osx by merging members by gid. [#4833](https://github.com/inspec/inspec/pull/4833) ([zenspider](https://github.com/zenspider)) <!-- 4.18.61 -->
- updates file resource doc to add example for sticky bit with leading … [#4823](https://github.com/inspec/inspec/pull/4823) ([collinmcneese](https://github.com/collinmcneese)) <!-- 4.18.59 -->
- Fix empty attributes array in json reporter [#4815](https://github.com/inspec/inspec/pull/4815) ([nazliBeit](https://github.com/nazliBeit)) <!-- 4.18.58 -->

View file

@ -312,7 +312,7 @@ Remote Targets
| Oracle Enterprise Linux | 5, 6, 7 | i386, x86_64 |
| Red Hat Enterprise Linux | 5, 6, 7 | i386, x86_64 |
| Solaris | 10, 11 | sparc, x86 |
| Windows\* | 7, 8, 8.1, 10, 2008, 2008R2 , 2012, 2012R2, 2016 | x86, x86_64 |
| Windows\* | 8, 8.1, 10, 2012, 2012R2, 2016 | x86, x86_64 |
| Ubuntu Linux | | x86, x86_64 |
| SUSE Linux Enterprise Server | 11, 12 | x86_64 |
| Scientific Linux | 5.x, 6.x and 7.x | i386, x86_64 |
@ -332,7 +332,7 @@ In addition, runtime support is provided for:
| Debian | 8, 9 | x86_64 |
| RHEL | 6, 7 | x86_64 |
| Ubuntu | 12.04+ | x86_64 |
| Windows | 7+ | x86_64 |
| Windows | 8+ | x86_64 |
| Windows | 2012+ | x86_64 |
## Documentation

View file

@ -1 +1 @@
4.18.61
4.18.64

View file

@ -33,6 +33,22 @@ An `x509_certificate` resource block declares a certificate `key file` to be tes
its('validity_in_days') { should be > 30 }
end
The `filepath` property can also be used.
describe x509_certificate(filepath: 'mycertificate.pem') do
its('validity_in_days') { should be > 30 }
end
The resource also supports passing in the certificate content.
cert_content = file('certificate.pem').content
describe x509_certificate(content: cert_content) do
its('validity_in_days') { should be > 30 }
end
If both `content` and `filepath` is given, the value passed in `content` is used.
<br>
## Properties

View file

@ -1,5 +1,5 @@
# This file managed by automation - do not edit manually
module InspecBin
INSPECBIN_ROOT = File.expand_path("../..", __FILE__)
VERSION = "4.18.61".freeze
VERSION = "4.18.64".freeze
end

View file

@ -112,21 +112,23 @@ module Inspec::Resources
# Ubuntu < 15.04 : Upstart
# Upstart runs with PID 1 as /sbin/init.
# Systemd runs with PID 1 as /lib/systemd/systemd.
if %w{ubuntu}.include?(platform)
case platform
when "ubuntu"
version = os[:release].to_f
if version < 15.04
Upstart.new(inspec, service_ctl)
else
Systemd.new(inspec, service_ctl)
end
elsif %w{linuxmint}.include?(platform)
when "linuxmint"
version = os[:release].to_f
if version < 18
Upstart.new(inspec, service_ctl)
else
Systemd.new(inspec, service_ctl)
end
elsif %w{debian}.include?(platform)
when "debian"
if os[:release] == "buster/sid"
version = 10
else
@ -137,40 +139,44 @@ module Inspec::Resources
elsif version > 0
SysV.new(inspec, service_ctl || "/usr/sbin/service")
end
elsif %w{redhat fedora centos oracle cloudlinux}.include?(platform)
when "redhat", "fedora", "centos", "oracle", "cloudlinux"
version = os[:release].to_i
if (%w{redhat centos oracle cloudlinux}.include?(platform) && version >= 7) || (platform == "fedora" && version >= 15)
systemd = ((platform != "fedora" && version >= 7) ||
(platform == "fedora" && version >= 15))
if systemd
Systemd.new(inspec, service_ctl)
else
SysV.new(inspec, service_ctl || "/sbin/service")
end
elsif %w{wrlinux}.include?(platform)
when "wrlinux"
SysV.new(inspec, service_ctl)
elsif %w{mac_os_x}.include?(platform)
when "mac_os_x"
LaunchCtl.new(inspec, service_ctl)
elsif os.windows?
when "windows"
WindowsSrv.new(inspec)
elsif %w{freebsd}.include?(platform)
when "freebsd"
BSDInit.new(inspec, service_ctl)
elsif %w{arch}.include?(platform)
when "arch"
Systemd.new(inspec, service_ctl)
elsif %w{coreos}.include?(platform)
when "coreos"
Systemd.new(inspec, service_ctl)
elsif %w{suse opensuse}.include?(platform)
when "suse", "opensuse"
if os[:release].to_i >= 12
Systemd.new(inspec, service_ctl)
else
SysV.new(inspec, service_ctl || "/sbin/service")
end
elsif %w{aix}.include?(platform)
when "aix"
SrcMstr.new(inspec)
elsif %w{amazon}.include?(platform)
when "amazon"
if os[:release] =~ /^20\d\d/
Upstart.new(inspec, service_ctl)
else
Systemd.new(inspec, service_ctl)
end
elsif os.solaris?
when "solaris", "smartos", "omnios", "openindiana", "opensolaris", "nexentacore"
Svcs.new(inspec)
end
end

View file

@ -34,13 +34,15 @@ module Inspec::Resources
include FileReader
# @see https://tools.ietf.org/html/rfc5280#page-23
def initialize(filename)
@certpath = filename
def initialize(opts)
@opts = options(opts)
@issuer = nil
@parsed_subject = nil
@parsed_issuer = nil
@extensions = nil
@cert = OpenSSL::X509::Certificate.new read_file_content(@certpath)
@content = @opts[:content]
@content ||= read_file_content(@opts[:filepath])
@cert = OpenSSL::X509::Certificate.new @content
end
# Forward these methods directly to OpenSSL::X509::Certificate instance
@ -137,7 +139,19 @@ module Inspec::Resources
end
def to_s
"x509_certificate #{@certpath}"
cert = @opts[:filepath]
cert ||= subject.CN
"x509_certificate #{cert}"
end
private
def options(opts)
if opts.is_a?(String)
{ filepath: opts }
else
opts
end
end
end
end

View file

@ -1,3 +1,3 @@
module Inspec
VERSION = "4.18.61".freeze
VERSION = "4.18.64".freeze
end

View file

@ -10,6 +10,20 @@ describe "Inspec::Resources::X509Certificate" do
)
end
let(:resource_cert_with_content) do
load_resource(
"x509_certificate",
content: File.read("test/fixtures/files/test_certificate.rsa.crt.pem")
)
end
let(:resource_cert_with_filepath) do
load_resource(
"x509_certificate",
filepath: "test_certificate.rsa.crt.pem"
)
end
# TODO: Regenerate certificate using `InSpec` not `Inspec`
it "verify subject distingushed name" do
_(resource_cert.send("subject_dn")).must_match "Inspec Test Certificate"
@ -19,6 +33,10 @@ describe "Inspec::Resources::X509Certificate" do
it "parses the certificate subject" do
_(resource_cert.send("subject").CN).must_equal "Inspec Test Certificate"
_(resource_cert.send("subject").emailAddress).must_equal "support@chef.io"
_(resource_cert_with_content.send("subject").CN).must_equal "Inspec Test Certificate"
_(resource_cert_with_content.send("subject").emailAddress).must_equal "support@chef.io"
_(resource_cert_with_filepath.send("subject").CN).must_equal "Inspec Test Certificate"
_(resource_cert_with_filepath.send("subject").emailAddress).must_equal "support@chef.io"
end
# TODO: Regenerate certificate using `InSpec` not `Inspec`