Merge branch 'master' into mj/tktk

2024-11-22 20:53:11 +00:00 · 2020-01-24 11:38:47 -08:00 · 2020-01-24 11:38:47 -08:00 · 88164b058a
commit 88164b058a
parent fc4944017e 038485f685
9 changed files with 86 additions and 27 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,19 +1,24 @@
 # Change Log
 <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
-<!-- latest_release 4.18.61 -->
-## [v4.18.61](https://github.com/inspec/inspec/tree/v4.18.61) (2020-01-15)
+<!-- latest_release 4.18.64 -->
+## [v4.18.64](https://github.com/inspec/inspec/tree/v4.18.64) (2020-01-24)

 #### Merged Pull Requests
- Fixed duplicate groups on osx by merging members by gid. [#4833](https://github.com/inspec/inspec/pull/4833) ([zenspider](https://github.com/zenspider))
+- Refactor some of resources/service.rb [#4849](https://github.com/inspec/inspec/pull/4849) ([zenspider](https://github.com/zenspider))
 <!-- latest_release -->

 <!-- release_rollup since=4.18.51 -->
 ### Changes since 4.18.51 release

+#### New Features
+- Add: certificate content x509_certificate [#4845](https://github.com/inspec/inspec/pull/4845) ([frezbo](https://github.com/frezbo)) <!-- 4.18.63 -->
+
 #### Bug Fixes
 - upstream is basic_auth_only not basic_auth [#4834](https://github.com/inspec/inspec/pull/4834) ([shawnifoley](https://github.com/shawnifoley)) <!-- 4.18.60 -->

 #### Merged Pull Requests
+- Refactor some of resources/service.rb [#4849](https://github.com/inspec/inspec/pull/4849) ([zenspider](https://github.com/zenspider)) <!-- 4.18.64 -->
+- Windows 7 EOL Docs Update [#4841](https://github.com/inspec/inspec/pull/4841) ([mjingle](https://github.com/mjingle)) <!-- 4.18.62 -->
 - Fixed duplicate groups on osx by merging members by gid. [#4833](https://github.com/inspec/inspec/pull/4833) ([zenspider](https://github.com/zenspider)) <!-- 4.18.61 -->
 - updates file resource doc to add example for sticky bit with leading … [#4823](https://github.com/inspec/inspec/pull/4823) ([collinmcneese](https://github.com/collinmcneese)) <!-- 4.18.59 -->
 - Fix empty attributes array in json reporter [#4815](https://github.com/inspec/inspec/pull/4815) ([nazliBeit](https://github.com/nazliBeit)) <!-- 4.18.58 -->
--- a/README.md
+++ b/README.md
@ -312,7 +312,7 @@ Remote Targets
 | Oracle Enterprise Linux      | 5, 6, 7                                          | i386, x86_64  |
 | Red Hat Enterprise Linux     | 5, 6, 7                                          | i386, x86_64  |
 | Solaris                      | 10, 11                                           | sparc, x86    |
-| Windows\*                    | 7, 8, 8.1, 10, 2008, 2008R2 , 2012, 2012R2, 2016 | x86, x86_64   |
+| Windows\*                    | 8, 8.1, 10, 2012, 2012R2, 2016                   | x86, x86_64   |
 | Ubuntu Linux                 |                                                  | x86, x86_64   |
 | SUSE Linux Enterprise Server | 11, 12                                           | x86_64        |
 | Scientific Linux             | 5.x, 6.x and 7.x                                 | i386, x86_64  |
@ -332,7 +332,7 @@ In addition, runtime support is provided for:
 | Debian   | 8, 9     | x86_64 |
 | RHEL     | 6, 7     | x86_64 |
 | Ubuntu   | 12.04+   | x86_64 |
-| Windows  | 7+       | x86_64 |
+| Windows  | 8+       | x86_64 |
 | Windows  | 2012+    | x86_64 |

 ## Documentation
--- a/2
+++ b/2
@ -1 +1 @@
-4.18.61
+4.18.64
--- a/docs/resources/x509_certificate.md.erb
+++ b/docs/resources/x509_certificate.md.erb
@ -33,6 +33,22 @@ An `x509_certificate` resource block declares a certificate `key file` to be tes
      its('validity_in_days') { should be > 30 }
    end

+The `filepath` property can also be used.
+
+    describe x509_certificate(filepath: 'mycertificate.pem') do
+      its('validity_in_days') { should be > 30 }
+    end
+
+The resource also supports passing in the certificate content.
+
+    cert_content = file('certificate.pem').content
+
+    describe x509_certificate(content: cert_content) do
+      its('validity_in_days') { should be > 30 }
+    end
+
+If both `content` and `filepath` is given, the value passed in `content` is used.
+
 <br>

 ## Properties
--- a/inspec-bin/lib/inspec-bin/version.rb
+++ b/inspec-bin/lib/inspec-bin/version.rb
@ -1,5 +1,5 @@
 # This file managed by automation - do not edit manually
 module InspecBin
  INSPECBIN_ROOT = File.expand_path("../..", __FILE__)
-  VERSION = "4.18.61".freeze
+  VERSION = "4.18.64".freeze
 end
--- a/lib/inspec/resources/service.rb
+++ b/lib/inspec/resources/service.rb
@ -112,21 +112,23 @@ module Inspec::Resources
      # Ubuntu < 15.04 : Upstart
      # Upstart runs with PID 1 as /sbin/init.
      # Systemd runs with PID 1 as /lib/systemd/systemd.
-      if %w{ubuntu}.include?(platform)
+
+      case platform
+      when "ubuntu"
        version = os[:release].to_f
        if version < 15.04
          Upstart.new(inspec, service_ctl)
        else
          Systemd.new(inspec, service_ctl)
        end
-      elsif %w{linuxmint}.include?(platform)
+      when "linuxmint"
        version = os[:release].to_f
        if version < 18
          Upstart.new(inspec, service_ctl)
        else
          Systemd.new(inspec, service_ctl)
        end
-      elsif %w{debian}.include?(platform)
+      when "debian"
        if os[:release] == "buster/sid"
          version = 10
        else
@ -137,40 +139,44 @@ module Inspec::Resources
        elsif version > 0
          SysV.new(inspec, service_ctl || "/usr/sbin/service")
        end
-      elsif %w{redhat fedora centos oracle cloudlinux}.include?(platform)
+      when "redhat", "fedora", "centos", "oracle", "cloudlinux"
        version = os[:release].to_i
-        if (%w{redhat centos oracle cloudlinux}.include?(platform) && version >= 7) || (platform == "fedora" && version >= 15)
+
+        systemd = ((platform != "fedora" && version >= 7) ||
+                   (platform == "fedora" && version >= 15))
+
+        if systemd
          Systemd.new(inspec, service_ctl)
        else
          SysV.new(inspec, service_ctl || "/sbin/service")
        end
-      elsif %w{wrlinux}.include?(platform)
+      when "wrlinux"
        SysV.new(inspec, service_ctl)
-      elsif %w{mac_os_x}.include?(platform)
+      when "mac_os_x"
        LaunchCtl.new(inspec, service_ctl)
-      elsif os.windows?
+      when "windows"
        WindowsSrv.new(inspec)
-      elsif %w{freebsd}.include?(platform)
+      when "freebsd"
        BSDInit.new(inspec, service_ctl)
-      elsif %w{arch}.include?(platform)
+      when "arch"
        Systemd.new(inspec, service_ctl)
-      elsif %w{coreos}.include?(platform)
+      when "coreos"
        Systemd.new(inspec, service_ctl)
-      elsif %w{suse opensuse}.include?(platform)
+      when "suse", "opensuse"
        if os[:release].to_i >= 12
          Systemd.new(inspec, service_ctl)
        else
          SysV.new(inspec, service_ctl || "/sbin/service")
        end
-      elsif %w{aix}.include?(platform)
+      when "aix"
        SrcMstr.new(inspec)
-      elsif %w{amazon}.include?(platform)
+      when "amazon"
        if os[:release] =~ /^20\d\d/
          Upstart.new(inspec, service_ctl)
        else
          Systemd.new(inspec, service_ctl)
        end
-      elsif os.solaris?
+      when "solaris", "smartos", "omnios", "openindiana", "opensolaris", "nexentacore"
        Svcs.new(inspec)
      end
    end
--- a/lib/inspec/resources/x509_certificate.rb
+++ b/lib/inspec/resources/x509_certificate.rb
@ -34,13 +34,15 @@ module Inspec::Resources
    include FileReader

    # @see https://tools.ietf.org/html/rfc5280#page-23
-    def initialize(filename)
-      @certpath = filename
+    def initialize(opts)
+      @opts = options(opts)
      @issuer = nil
      @parsed_subject = nil
      @parsed_issuer = nil
      @extensions = nil
-      @cert = OpenSSL::X509::Certificate.new read_file_content(@certpath)
+      @content = @opts[:content]
+      @content ||= read_file_content(@opts[:filepath])
+      @cert = OpenSSL::X509::Certificate.new @content
    end

    # Forward these methods directly to OpenSSL::X509::Certificate instance
@ -137,7 +139,19 @@ module Inspec::Resources
    end

    def to_s
-      "x509_certificate #{@certpath}"
+      cert = @opts[:filepath]
+      cert ||= subject.CN
+      "x509_certificate #{cert}"
+    end
+
+    private
+
+    def options(opts)
+      if opts.is_a?(String)
+        { filepath: opts }
+      else
+        opts
+      end
    end
  end
 end
--- a/lib/inspec/version.rb
+++ b/lib/inspec/version.rb
@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "4.18.61".freeze
+  VERSION = "4.18.64".freeze
 end
--- a/test/unit/resources/x509_certificate_test.rb
+++ b/test/unit/resources/x509_certificate_test.rb
@ -10,6 +10,20 @@ describe "Inspec::Resources::X509Certificate" do
    )
  end

+  let(:resource_cert_with_content) do
+    load_resource(
+      "x509_certificate",
+      content: File.read("test/fixtures/files/test_certificate.rsa.crt.pem")
+    )
+  end
+
+  let(:resource_cert_with_filepath) do
+    load_resource(
+      "x509_certificate",
+      filepath: "test_certificate.rsa.crt.pem"
+    )
+  end
+
  # TODO: Regenerate certificate using `InSpec` not `Inspec`
  it "verify subject distingushed name" do
    _(resource_cert.send("subject_dn")).must_match "Inspec Test Certificate"
@ -19,6 +33,10 @@ describe "Inspec::Resources::X509Certificate" do
  it "parses the certificate subject" do
    _(resource_cert.send("subject").CN).must_equal "Inspec Test Certificate"
    _(resource_cert.send("subject").emailAddress).must_equal "support@chef.io"
+    _(resource_cert_with_content.send("subject").CN).must_equal "Inspec Test Certificate"
+    _(resource_cert_with_content.send("subject").emailAddress).must_equal "support@chef.io"
+    _(resource_cert_with_filepath.send("subject").CN).must_equal "Inspec Test Certificate"
+    _(resource_cert_with_filepath.send("subject").emailAddress).must_equal "support@chef.io"
  end

  # TODO: Regenerate certificate using `InSpec` not `Inspec`
 @ -1 +1 @@
 .18.61
 .18.64