mirror of
https://github.com/inspec/inspec
synced 2024-11-11 07:34:15 +00:00
Merge branch 'master' into mj/tktk
This commit is contained in:
commit
88164b058a
9 changed files with 86 additions and 27 deletions
11
CHANGELOG.md
11
CHANGELOG.md
|
@ -1,19 +1,24 @@
|
|||
# Change Log
|
||||
<!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
|
||||
<!-- latest_release 4.18.61 -->
|
||||
## [v4.18.61](https://github.com/inspec/inspec/tree/v4.18.61) (2020-01-15)
|
||||
<!-- latest_release 4.18.64 -->
|
||||
## [v4.18.64](https://github.com/inspec/inspec/tree/v4.18.64) (2020-01-24)
|
||||
|
||||
#### Merged Pull Requests
|
||||
- Fixed duplicate groups on osx by merging members by gid. [#4833](https://github.com/inspec/inspec/pull/4833) ([zenspider](https://github.com/zenspider))
|
||||
- Refactor some of resources/service.rb [#4849](https://github.com/inspec/inspec/pull/4849) ([zenspider](https://github.com/zenspider))
|
||||
<!-- latest_release -->
|
||||
|
||||
<!-- release_rollup since=4.18.51 -->
|
||||
### Changes since 4.18.51 release
|
||||
|
||||
#### New Features
|
||||
- Add: certificate content x509_certificate [#4845](https://github.com/inspec/inspec/pull/4845) ([frezbo](https://github.com/frezbo)) <!-- 4.18.63 -->
|
||||
|
||||
#### Bug Fixes
|
||||
- upstream is basic_auth_only not basic_auth [#4834](https://github.com/inspec/inspec/pull/4834) ([shawnifoley](https://github.com/shawnifoley)) <!-- 4.18.60 -->
|
||||
|
||||
#### Merged Pull Requests
|
||||
- Refactor some of resources/service.rb [#4849](https://github.com/inspec/inspec/pull/4849) ([zenspider](https://github.com/zenspider)) <!-- 4.18.64 -->
|
||||
- Windows 7 EOL Docs Update [#4841](https://github.com/inspec/inspec/pull/4841) ([mjingle](https://github.com/mjingle)) <!-- 4.18.62 -->
|
||||
- Fixed duplicate groups on osx by merging members by gid. [#4833](https://github.com/inspec/inspec/pull/4833) ([zenspider](https://github.com/zenspider)) <!-- 4.18.61 -->
|
||||
- updates file resource doc to add example for sticky bit with leading … [#4823](https://github.com/inspec/inspec/pull/4823) ([collinmcneese](https://github.com/collinmcneese)) <!-- 4.18.59 -->
|
||||
- Fix empty attributes array in json reporter [#4815](https://github.com/inspec/inspec/pull/4815) ([nazliBeit](https://github.com/nazliBeit)) <!-- 4.18.58 -->
|
||||
|
|
|
@ -312,7 +312,7 @@ Remote Targets
|
|||
| Oracle Enterprise Linux | 5, 6, 7 | i386, x86_64 |
|
||||
| Red Hat Enterprise Linux | 5, 6, 7 | i386, x86_64 |
|
||||
| Solaris | 10, 11 | sparc, x86 |
|
||||
| Windows\* | 7, 8, 8.1, 10, 2008, 2008R2 , 2012, 2012R2, 2016 | x86, x86_64 |
|
||||
| Windows\* | 8, 8.1, 10, 2012, 2012R2, 2016 | x86, x86_64 |
|
||||
| Ubuntu Linux | | x86, x86_64 |
|
||||
| SUSE Linux Enterprise Server | 11, 12 | x86_64 |
|
||||
| Scientific Linux | 5.x, 6.x and 7.x | i386, x86_64 |
|
||||
|
@ -332,7 +332,7 @@ In addition, runtime support is provided for:
|
|||
| Debian | 8, 9 | x86_64 |
|
||||
| RHEL | 6, 7 | x86_64 |
|
||||
| Ubuntu | 12.04+ | x86_64 |
|
||||
| Windows | 7+ | x86_64 |
|
||||
| Windows | 8+ | x86_64 |
|
||||
| Windows | 2012+ | x86_64 |
|
||||
|
||||
## Documentation
|
||||
|
|
2
VERSION
2
VERSION
|
@ -1 +1 @@
|
|||
4.18.61
|
||||
4.18.64
|
|
@ -33,6 +33,22 @@ An `x509_certificate` resource block declares a certificate `key file` to be tes
|
|||
its('validity_in_days') { should be > 30 }
|
||||
end
|
||||
|
||||
The `filepath` property can also be used.
|
||||
|
||||
describe x509_certificate(filepath: 'mycertificate.pem') do
|
||||
its('validity_in_days') { should be > 30 }
|
||||
end
|
||||
|
||||
The resource also supports passing in the certificate content.
|
||||
|
||||
cert_content = file('certificate.pem').content
|
||||
|
||||
describe x509_certificate(content: cert_content) do
|
||||
its('validity_in_days') { should be > 30 }
|
||||
end
|
||||
|
||||
If both `content` and `filepath` is given, the value passed in `content` is used.
|
||||
|
||||
<br>
|
||||
|
||||
## Properties
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
# This file managed by automation - do not edit manually
|
||||
module InspecBin
|
||||
INSPECBIN_ROOT = File.expand_path("../..", __FILE__)
|
||||
VERSION = "4.18.61".freeze
|
||||
VERSION = "4.18.64".freeze
|
||||
end
|
||||
|
|
|
@ -112,21 +112,23 @@ module Inspec::Resources
|
|||
# Ubuntu < 15.04 : Upstart
|
||||
# Upstart runs with PID 1 as /sbin/init.
|
||||
# Systemd runs with PID 1 as /lib/systemd/systemd.
|
||||
if %w{ubuntu}.include?(platform)
|
||||
|
||||
case platform
|
||||
when "ubuntu"
|
||||
version = os[:release].to_f
|
||||
if version < 15.04
|
||||
Upstart.new(inspec, service_ctl)
|
||||
else
|
||||
Systemd.new(inspec, service_ctl)
|
||||
end
|
||||
elsif %w{linuxmint}.include?(platform)
|
||||
when "linuxmint"
|
||||
version = os[:release].to_f
|
||||
if version < 18
|
||||
Upstart.new(inspec, service_ctl)
|
||||
else
|
||||
Systemd.new(inspec, service_ctl)
|
||||
end
|
||||
elsif %w{debian}.include?(platform)
|
||||
when "debian"
|
||||
if os[:release] == "buster/sid"
|
||||
version = 10
|
||||
else
|
||||
|
@ -137,40 +139,44 @@ module Inspec::Resources
|
|||
elsif version > 0
|
||||
SysV.new(inspec, service_ctl || "/usr/sbin/service")
|
||||
end
|
||||
elsif %w{redhat fedora centos oracle cloudlinux}.include?(platform)
|
||||
when "redhat", "fedora", "centos", "oracle", "cloudlinux"
|
||||
version = os[:release].to_i
|
||||
if (%w{redhat centos oracle cloudlinux}.include?(platform) && version >= 7) || (platform == "fedora" && version >= 15)
|
||||
|
||||
systemd = ((platform != "fedora" && version >= 7) ||
|
||||
(platform == "fedora" && version >= 15))
|
||||
|
||||
if systemd
|
||||
Systemd.new(inspec, service_ctl)
|
||||
else
|
||||
SysV.new(inspec, service_ctl || "/sbin/service")
|
||||
end
|
||||
elsif %w{wrlinux}.include?(platform)
|
||||
when "wrlinux"
|
||||
SysV.new(inspec, service_ctl)
|
||||
elsif %w{mac_os_x}.include?(platform)
|
||||
when "mac_os_x"
|
||||
LaunchCtl.new(inspec, service_ctl)
|
||||
elsif os.windows?
|
||||
when "windows"
|
||||
WindowsSrv.new(inspec)
|
||||
elsif %w{freebsd}.include?(platform)
|
||||
when "freebsd"
|
||||
BSDInit.new(inspec, service_ctl)
|
||||
elsif %w{arch}.include?(platform)
|
||||
when "arch"
|
||||
Systemd.new(inspec, service_ctl)
|
||||
elsif %w{coreos}.include?(platform)
|
||||
when "coreos"
|
||||
Systemd.new(inspec, service_ctl)
|
||||
elsif %w{suse opensuse}.include?(platform)
|
||||
when "suse", "opensuse"
|
||||
if os[:release].to_i >= 12
|
||||
Systemd.new(inspec, service_ctl)
|
||||
else
|
||||
SysV.new(inspec, service_ctl || "/sbin/service")
|
||||
end
|
||||
elsif %w{aix}.include?(platform)
|
||||
when "aix"
|
||||
SrcMstr.new(inspec)
|
||||
elsif %w{amazon}.include?(platform)
|
||||
when "amazon"
|
||||
if os[:release] =~ /^20\d\d/
|
||||
Upstart.new(inspec, service_ctl)
|
||||
else
|
||||
Systemd.new(inspec, service_ctl)
|
||||
end
|
||||
elsif os.solaris?
|
||||
when "solaris", "smartos", "omnios", "openindiana", "opensolaris", "nexentacore"
|
||||
Svcs.new(inspec)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -34,13 +34,15 @@ module Inspec::Resources
|
|||
include FileReader
|
||||
|
||||
# @see https://tools.ietf.org/html/rfc5280#page-23
|
||||
def initialize(filename)
|
||||
@certpath = filename
|
||||
def initialize(opts)
|
||||
@opts = options(opts)
|
||||
@issuer = nil
|
||||
@parsed_subject = nil
|
||||
@parsed_issuer = nil
|
||||
@extensions = nil
|
||||
@cert = OpenSSL::X509::Certificate.new read_file_content(@certpath)
|
||||
@content = @opts[:content]
|
||||
@content ||= read_file_content(@opts[:filepath])
|
||||
@cert = OpenSSL::X509::Certificate.new @content
|
||||
end
|
||||
|
||||
# Forward these methods directly to OpenSSL::X509::Certificate instance
|
||||
|
@ -137,7 +139,19 @@ module Inspec::Resources
|
|||
end
|
||||
|
||||
def to_s
|
||||
"x509_certificate #{@certpath}"
|
||||
cert = @opts[:filepath]
|
||||
cert ||= subject.CN
|
||||
"x509_certificate #{cert}"
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def options(opts)
|
||||
if opts.is_a?(String)
|
||||
{ filepath: opts }
|
||||
else
|
||||
opts
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
module Inspec
|
||||
VERSION = "4.18.61".freeze
|
||||
VERSION = "4.18.64".freeze
|
||||
end
|
||||
|
|
|
@ -10,6 +10,20 @@ describe "Inspec::Resources::X509Certificate" do
|
|||
)
|
||||
end
|
||||
|
||||
let(:resource_cert_with_content) do
|
||||
load_resource(
|
||||
"x509_certificate",
|
||||
content: File.read("test/fixtures/files/test_certificate.rsa.crt.pem")
|
||||
)
|
||||
end
|
||||
|
||||
let(:resource_cert_with_filepath) do
|
||||
load_resource(
|
||||
"x509_certificate",
|
||||
filepath: "test_certificate.rsa.crt.pem"
|
||||
)
|
||||
end
|
||||
|
||||
# TODO: Regenerate certificate using `InSpec` not `Inspec`
|
||||
it "verify subject distingushed name" do
|
||||
_(resource_cert.send("subject_dn")).must_match "Inspec Test Certificate"
|
||||
|
@ -19,6 +33,10 @@ describe "Inspec::Resources::X509Certificate" do
|
|||
it "parses the certificate subject" do
|
||||
_(resource_cert.send("subject").CN).must_equal "Inspec Test Certificate"
|
||||
_(resource_cert.send("subject").emailAddress).must_equal "support@chef.io"
|
||||
_(resource_cert_with_content.send("subject").CN).must_equal "Inspec Test Certificate"
|
||||
_(resource_cert_with_content.send("subject").emailAddress).must_equal "support@chef.io"
|
||||
_(resource_cert_with_filepath.send("subject").CN).must_equal "Inspec Test Certificate"
|
||||
_(resource_cert_with_filepath.send("subject").emailAddress).must_equal "support@chef.io"
|
||||
end
|
||||
|
||||
# TODO: Regenerate certificate using `InSpec` not `Inspec`
|
||||
|
|
Loading…
Reference in a new issue