Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2025-02-16 22:18:38 +00:00
Code Issues Projects Releases Packages Wiki Activity

Docs updates to install inspec 6 (#6574)

Browse source 
* CHEF-3412 Preliminary commit to add inspec6 install docs

Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>

* Add instructions for versioning content

Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>

* Write docs for inspec 6 license key setting on first run

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Move content back to one page

Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>

* Editing

Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>

* Remove mention of discontinued homebrew availability

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Remove mention of motivation for local licensing server

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* More edits

Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>

* Remove text about creating trial license

Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>

* More edits

Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>

* Add an install menu section, platforms page, uninstall page, and license page

Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>

* nitpicking

Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>

---------

Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Co-authored-by: Clinton Wolfe <clintoncwolfe@gmail.com>
This commit is contained in:
Ian Maddaus 2023-10-18 16:35:09 -04:00 committed by GitHub
parent 84bcafc66f
commit 921ce66918
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 545 additions and 283 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
docs-chef-io/config.toml
View file

@ -9,6 +9,12 @@ gh_path = "https://github.com/inspec/inspec/tree/main/docs-chef-io/content/"
title = "Chef InSpec"
identifier = "inspec"
[[menu.inspec]]
title = "Install"
identifier = "inspec/install"
parent = "inspec"
weight = 20
[[menu.inspec]]
title = "Chef InSpec Reference"
identifier = "inspec/reference"

207
docs-chef-io/content/inspec/cloud_platforms.md Normal file
View file

@ -0,0 +1,207 @@
+++
title = "Using Chef InSpec on Cloud Platforms"
draft = false
gh_repo = "inspec"
[menu]
[menu.inspec]
title = "Chef InSpec for the Cloud"
identifier = "inspec/Chef InSpec on Cloud Platforms"
parent = "inspec"
weight = 30
+++
As of Chef InSpec 2.0, we have expanded our platform support beyond individual machines and now include support for select AWS, Azure, GCP, and AliCloud resources.
Using InSpec, you can use several Chef InSpec resources to audit properties of your cloud infrastructure - for example, an Amazon Web Services S3 bucket.
## AWS Platform Support in InSpec
### Setting up AWS credentials for InSpec
Chef InSpec uses the standard AWS authentication mechanisms. Typically, you will create an IAM user specifically for auditing activities.
1. Create an IAM user in the AWS console, with your choice of username. Check the box marked "Programmatic Access."
1. On the Permissions screen, choose Direct Attach. Select the AWS-managed IAM Profile named "ReadOnlyAccess." If you wish to restrict the user further, you may do so; see individual Chef InSpec resources to identify which permissions are required.
1. After generating the key, record the Access Key ID and Secret Key.
#### Using Environment Variables to provide credentials
You may provide the credentials to Chef InSpec by setting the following environment variables: `AWS_REGION`, `AWS_ACCESS_KEY_ID`, and `AWS_SECRET_ACCESS_KEY`. You may also use `AWS_PROFILE`, or if you are using MFA, `AWS_SESSION_TOKEN`. See the [AWS Command Line Interface Docs](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) for details.
Once you have your environment variables set, you can verify your credentials by running:
```bash
$ inspec detect -t aws://
== Platform Details
Name: aws
Families: cloud, api
Release: aws-sdk-v2.10.125
```
#### Using the Chef InSpec target option to provide credentials on AWS
Look for a file in your home directory named `~/.aws/credentials`. If it does not exist, create it. Choose a name for your profile; here, we're using the name 'auditing'. Add your credentials as a new profile, in INI format:
```bash
[auditing]
aws_access_key_id = AKIA....
aws_secret_access_key = 1234....abcd
```
You may now run Chef InSpec using the `--target` / `-t` option, using the format `-t aws://region/profile`. For example, to connect to the Ohio region using a profile named 'auditing', use `-t aws://us-east-2/auditing`.
To verify your credentials, run:
```bash
$ inspec detect -t aws://
== Platform Details
Name: aws
Families: cloud, api
Release: aws-sdk-v2.10.125
```
## Azure Platform Support in InSpec
### Setting up Azure credentials for InSpec
To use Chef InSpec Azure resources, you will need to create a Service Principal Name (SPN) for auditing an Azure subscription.
This can be done on the command line or from the Azure Portal:
- [Azure CLI](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authenticate-service-principal-cli)
- [PowerShell](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authenticate-service-principal)
- [Azure Portal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal)
The information from the SPN can be specified either in the file `~/.azure/credentials`, as environment variables, or by using Chef InSpec target URIs.
#### Setting up the Azure Credentials File
By default, Chef InSpec is configured to look at `~/.azure/credentials`, and it should contain:
```powershell
[<SUBSCRIPTION_ID>]
client_id = "<CLIENT_ID>"
client_secret = "<CLIENT_SECRET>"
tenant_id = "<TENANT_ID>"
```
{{< note >}}
In the Azure web portal, these values are labeled differently:
- The client_id is referred to as the 'Application ID'
- The client_secret is referred to as the 'Key (Password Type)'
- The tenant_id is referred to as the 'Directory ID'
{{< /note >}}
With the credentials are in place, you may now execute InSpec:
```bash
inspec exec my-inspec-profile -t azure://
```
#### Using Environment variables to provide credentials
You may also set the Azure credentials via environment variables:
- `AZURE_SUBSCRIPTION_ID`
- `AZURE_CLIENT_ID`
- `AZURE_CLIENT_SECRET`
- `AZURE_TENANT_ID`
For example:
```bash
AZURE_SUBSCRIPTION_ID="2fbdbb02-df2e-11e6-bf01-fe55135034f3" \
AZURE_CLIENT_ID="58dc4f6c-df2e-11e6-bf01-fe55135034f3" \
AZURE_CLIENT_SECRET="Jibr4iwwaaZwBb6W" \
AZURE_TENANT_ID="6ad89b58-df2e-11e6-bf01-fe55135034f3" inspec exec my-profile -t azure://
```
#### Using the Chef InSpec target option to provide credentials on Azure
If you have created a `~/.azure/credentials` file as above, you may also use the Chef InSpec command line `--target` / `-t` option to select a subscription ID. For example:
```bash
inspec exec my-profile -t azure://2fbdbb02-df2e-11e6-bf01-fe55135034f3
```
## AliCloud Platform Support in InSpec
You will need to install AliCloud SDK version 0.8.0 and require AliCloud credentials to use the Chef InSpec AliCloud resources.
### Setting up AliCloud credentials for InSpec
You can configure AliCloud credentials in an [.envrc file](https://github.com/inspec/inspec-alicloud#:~:text=shell.%20(See%20example-,.envrc%20file,-)) or export them in your shell.
```bash
# Example configuration
export ALICLOUD_ACCESS_KEY="anaccesskey"
export ALICLOUD_SECRET_KEY="asecretkey"
export ALICLOUD_REGION="eu-west-1"
```
## GCP Platform Support in InSpec
### Setting up GCP credentials for InSpec
To use Chef InSpec GCP resources, you will need to install and configure the Google Cloud SDK. Instructions for this pre-requisite can be found in the
[Google CLoud SDK documentation](https://cloud.google.com/sdk/docs/). Be sure that your InSpec installation is the latest version. The minimal required InSpec version is 3.0.25.
### Create an InSpec profile that makes use of `inspec-gcp`
With a version of InSpec above 4.0.0, it is possible to create a profile with the following command:
```bash
$ inspec init profile --platform gcp my-profile
Create new profile at /Users/me/my-profile
* Creating directory libraries
* Creating file README.md
* Creating directory controls
* Creating file controls/example.rb
* Creating file inspec.yml
* Creating file inputs.yml
* Creating file libraries/.gitkeep
```
Assuming the `inputs.yml` file contains your GCP project ID, this sample profile can then be executed using the following command:
```bash
inspec exec my-profile --input-file=my-profile/inputs.yml -t gcp://
```
#### Setting up the GCP Credentials File
While InSpec can use user accounts for authentication, [Google Cloud documentation](https://cloud.google.com/docs/authentication/) recommends using service accounts. Following GCP best practices, first create a service account with the scopes appropriate for your needs. See [these instructions](https://cloud.google.com/docs/authentication/getting-started) on creating a service account.
Then, download the credential JSON file, e.g. `project-credentials.json`, to your workspace and run the following command to activate your service account:
```bash
gcloud auth activate-service-account --key-file project-credentials.json
```
#### Using Environment variables for providing credentials
You may also set the GCP credentials json file via the `GOOGLE_APPLICATION_CREDENTIALS` environment variable.
```bash
export GOOGLE_APPLICATION_CREDENTIALS='/Users/me/.config/gcloud/myproject-1-feb7993e8660.json'
```
Once you have your environment variables set, you can verify your credentials by running:
```bash
$ inspec detect -t gcp://
== Platform Details
Name: gcp
Families: cloud, api
Release: google-cloud-v
```

113
docs-chef-io/content/inspec/install.md
View file

@ -1,70 +1,51 @@
+++
title = "Install and Uninstall"
title = "Install Chef InSpec"
draft = false
gh_repo = "inspec"
[menu]
[menu.inspec]
title = "Install and Uninstall"
identifier = "inspec/install.md Install and Uninstall"
parent = "inspec"
title = "Install"
identifier = "inspec/install/install"
parent = "inspec/install"
weight = 20
+++
Users can choose between operating systems of MacOS, Windows, and Linux for Chef InSpec.
Use [Chef Downloads](https://www.chef.io/downloads), an installer, script, or package manager to install Chef InSpec.
## Install Chef InSpec
To see which platforms and platform versions Chef InSpec is supported on, see the [InSpec's platforms documentation](/inspec/platforms/).
You can download the latest Chef InSpec package relevant to your operating system
at [our Downloads Page](https://www.chef.io/downloads/tools/inspec).
## macOS
Alternatively, Chef InSpec can be installed via installer, script, or package
manager, according to your operating system and method as listed below.
### CLI
### macOS
#### Homebrew
Chef InSpec is available as a standalone [Homebrew](https://brew.sh/) package.
Run the following command in your terminal to install Chef InSpec:
```bash
brew install chef/chef/inspec
```
While this command is running, you may be prompted to enter your macOS user account
password for installation to complete.
#### CLI
You can download Chef InSpec via curl script:
You can install Chef InSpec using a curl script.
```bash
curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P inspec
```
### Windows
## Windows
#### Installer
### Installer
Once you downloaded the latest [Chef InSpec package](https://www.chef.io/downloads/tools/inspec)
relevant to your Microsoft version, double-click the `.msi` file to launch the
installer and follow the prompts.
Download a Windows Chef InSpec package from [Chef Downloads](https://www.chef.io/downloads),
then double-click on the `.msi` file to launch the installer and follow the prompts.
#### Powershell
### Powershell
Use the following command to install Chef InSpec via Powershell script:
You can install Chef InSpec using the following Powershell script.
```powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -project inspec
```
Once Chef InSpec is installed, run `inspec version` to verify that the installation
Once you have installed Chef InSpec, run `inspec version` to verify that the installation
was successful.
### Linux
## Linux
#### CLI
### CLI
The following curl script will install Chef InSpec for Ubuntu and Red Hat Enterprise Linux:
@ -73,7 +54,7 @@ curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P inspec
```
If you prefer, you can use a package manager to install Chef InSpec.
Once you downloaded the latest [Chef InSpec package](https://www.chef.io/downloads/tools/inspec)
Once you downloaded the latest [Chef InSpec package](https://www.chef.io/downloads)
relevant to your Linux-based platform, use the command for the respective package
manager listed below. Replace the example file path with the file path leading to
your downloaded package.
@ -96,57 +77,7 @@ For SUSE Linux Enterprise Server, use the following command to install Chef InSp
sudo zypper install /path-to/inspec.rpm
```
## Next steps
## Uninstall Chef InSpec
Chef InSpec can be uninstalled using the steps below that are appropriate for the
method of Chef InSpec installation.
### macOS
#### Homebrew
Use the following *destructive* command to remove the Chef InSpec standalone Homebrew package:
```bash
brew cask uninstall inspec
```
#### CLI
Use the following *destructive* command in your terminal to remove the Chef InSpec package:
```bash
sudo rm -rf /opt/inspec
```
### Windows
#### Installer
Use *Add / Remove Programs* to remove Chef InSpec.
### Linux
#### CLI
The supported Linux-based platforms and their respective *destructive* command
for their package manager are listed below.
For Ubuntu, use the following *destructive* command to uninstall:
```bash
sudo dpkg -P inspec
```
For Red Hat Enterprise Linux, use the following *destructive* command to uninstall:
```bash
sudo rpm -e inspec
```
For SUSE Linux Enterprise Server, use the following *destructive* command to uninstall Chef InSpec:
```bash
sudo zypper remove inspec
```
After installing Chef InSpec, you must accept the Chef EULA and---starting with **Chef InSpec 6**---add a license key.
See the [Chef InSpec license documentation](/inspec/license/) to complete these tasks.

213
docs-chef-io/content/inspec/license.md Normal file
View file

@ -0,0 +1,213 @@
+++
title = "License Chef InSpec"
draft = false
gh_repo = "inspec"
[menu]
[menu.inspec]
title = "License"
identifier = "inspec/install/license"
parent = "inspec/install"
weight = 30
+++
Before running Chef InSpec, you must accept the Chef EULA and---starting with **Chef InSpec 6**---add a license key.
Chef InSpec accepts a license key using one of two methods:
- by setting a license key with an [environment variable or using the InSpec CLI](#license-key)
- by retrieving a license key from a [Chef Local License Service URL](#chef-local-license-service)
For more information on Chef licenses, see [Chef's licensing documentation](/licensing/).
You can [request a trial license](https://www.chef.io/licensing/inspec/license-generation-free-trial) if you'd like to try out InSpec.
## Accept the Chef EULA
You must accept the [Chef End User License Agreement (EULA)](https://www.chef.io/end-user-license-agreement) before running Chef InSpec using one of two methods.
- [command line option](#command-line-option)
- [environment variable](#environment-variable)
If no command line argument or environment variable is set, Chef InSpec requests acceptance through an interactive prompt. If the prompt can't be displayed, then the product will fail with exit code 172.
If the product attempts to persist the accepted license and fails, Chef InSpec sends a message to STDOUT and continues to run. In a future invocation, you will need to accept the license again.
### Command line option
Use the `--chef-license <value>` argument to accept the Chef EULA.
```sh
inspec exec <PROFILE_NAME> --chef-license <value>
```
Replace `<value>` with one of the following options.
`accept`
: Accept the license and attempts to persist a marker file locally. Persisting these marker files means future invocations don't require accepting the license again.
`accept-silent`
: Similar to `accept`, but no messaging is sent to STDOUT.
`accept-no-persist`
: Similar to `accept-silent`, but no marker file is persisted. Future invocation will require accepting the license again.
### Environment variable
Use the `CHEF_LICENSE="<value>"` environment variable to accept the Chef EULA.
```sh
export CHEF_LICENSE="<value>"
inspec exec <PROFILE_NAME>
```
Replace `<value>` with one of the following options.
`accept`
: Accept the license and attempts to persist a marker file locally. Persisting these marker files means future invocations don't require accepting the license again.
`accept-silent`
: Similar to `accept`, but no messaging is sent to STDOUT.
`accept-no-persist`
: Similar to `accept-silent`, but no marker file is persisted. Future invocation will require accepting the license again.
## License key
Set a license key for Chef InSpec using one of three methods.
- [interactive license dialog](#interactive-license-dialog)
- [command line option](#command-line-option-1)
- [environment variable](#environment-variable-1)
{{< note >}}
Existing commercial customers of Progress Chef may use an asset serial number from the [Progress support portal](https://community.progress.com/s/products/chef) as a license key.
{{< /note >}}
### Interactive license dialog
The easiest way to provide a license key to Chef InSpec is to run Chef InSpec.
Run any major top-level command (such as `inspec exec`, `inspec check`, or `inspec shell`) and InSpec will start an interactive licensing dialog
if no license key is already set and it doesn't detect an automated method of setting the license key.
1. To start the interactive licensing dialog, run a top-level command such as `inspec shell`.
1. At the first prompt, select **I already have a license ID**.
```bash
inspec shell
------------------------------------------------------------
License ID Validation
To continue using Chef InSpec, a license ID is required.
(Free, Trial, or Commercial)
If you generated a license previously, you might
have received it in an email.
If you are a commercial user, you can also find it in the
supportlink.chef.io portal.
------------------------------------------------------------
Please choose one of the options below (Press ↑/↓ arrow to move and Enter to select)
‣ I already have a license ID
I don't have a license ID and would like to generate a new license ID
Skip
```
1. Enter your license key at the second prompt.
```bash
Please choose one of the options below I already have a license ID
Please enter your license ID: <LICENSE_KEY>
✔ [Success] License validated successfully.
------------------------------------------------------------
License Details
Asset Name : InSpec
License ID : <LICENSE_KEY>
Type : Trial
Status : Active
Validity : Unlimited
No. Of Units : 10 Targets
------------------------------------------------------------
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
You are currently running on:
Name: mac_os_x
Families: darwin, bsd, unix, os
Release: 22.5.0
Arch: arm64
inspec> exit
```
Chef InSpec validates the license key, displays information about the license entitlements, and then runs `inspec shell` as requested.
Chef InSpec stores license keys for future use and will not prompt you for the license key for the duration of your license.
### Command line option
You can set the license key in the command line using the `--chef-license-key` option.
You may provide this argument to most Chef InSpec CLI main commands, however some plugins may not support the flag.
```bash
inspec exec <PROFILE_NAME> --chef-license-key <LICENSE_KEY>
```
### Environment variable
You can set the license key using the `CHEF_LICENSE_KEY` environment variable.
Chef InSpec will read the license key from the variable and attempt to validate the key.
If successful, InSpec saves the key and will not prompt you for it the next time you run InSpec.
```bash
export CHEF_LICENSE_KEY=<LICENSE_KEY>
inspec exec <PROFILE_NAME>
```
## Chef Local License Service
For large or isolated (air-gapped) fleets, Chef InSpec can retrieve a license key from a [Chef Local License Service](/licensing/local_license_service/).
With Chef Local License Service, InSpec users do not need to know a license key---only the service URL(s).
Chef InSpec sends a request to the Local License Service for a list of license keys and then uses that response to license itself during execution.
InSpec will not prompt you for a license key.
Chef InSpec does not store license keys for long-term use when they are retrieved from a Chef Local License Service.
Use one of the following methods to set a Local License Service URL.
- [command line option](#command-line-option-2)
- [environment variable](#environment-variable-2)
### Command line option
Use the `--chef-license-server` command line option to set a Chef Local License Service URL.
```bash
inspec exec <PROFILE_NAME> --chef-license-server https://license-server.example.com
```
### Environment variable
Use the `CHEF_LICENSE_SERVER` environment variable to set a Chef Local License Service URL.
```bash
export CHEF_LICENSE_SERVER=https://license-server.example.com
inspec exec <PROFILE_NAME>
```
#### Multiple license servers
You can set multiple Chef Local License Services, which provides resiliency and redundancy for managing licenses.
Enter up to five Chef Local License Service URLs as a comma-separated list. Chef InSpec will try each URL and use the first one that works.
```bash
export CHEF_LICENSE_SERVER=https://license-server-01.example.com,https://license-server-02.example.com
inspec exec <PROFILE_NAME>
```
This capability is basic and you must synchronize the license servers, otherwise you may get inconsistent results.

205
docs-chef-io/content/inspec/platforms.md
View file

@ -1,207 +1,28 @@
+++
title = "Using Chef InSpec on Cloud Platforms"
title = "Supported Platforms"
draft = false
gh_repo = "inspec"
[menu]
[menu.inspec]
title = "Chef InSpec for the Cloud"
identifier = "inspec/platforms.md Using Chef InSpec on Cloud Platforms"
parent = "inspec"
weight = 30
title = "Platforms"
identifier = "inspec/install/platforms"
parent = "inspec/install"
weight = 10
+++
As of Chef InSpec 2.0, we have expanded our platform support beyond individual machines and now include support for select AWS, Azure, GCP, and AliCloud resources.
Chef InSpec is supported on the operating systems (platforms) listed below.
Using InSpec, you can use several Chef InSpec resources to audit properties of your cloud infrastructure - for example, an Amazon Web Services S3 bucket.
## Commercially supported platforms
## AWS Platform Support in InSpec
The following table lists the commercially-supported platforms and versions for Chef InSpec.
### Setting up AWS credentials for InSpec
{{< readfile file="content/inspec/reusable/md/support_commercial_platforms.md" >}}
Chef InSpec uses the standard AWS authentication mechanisms. Typically, you will create an IAM user specifically for auditing activities.
## Derived platforms
1. Create an IAM user in the AWS console, with your choice of username. Check the box marked "Programmatic Access."
The following table lists supported derived platforms and versions for Chef InSpec.
1. On the Permissions screen, choose Direct Attach. Select the AWS-managed IAM Profile named "ReadOnlyAccess." If you wish to restrict the user further, you may do so; see individual Chef InSpec resources to identify which permissions are required.
See our policy on [support for derived platforms](/platforms/#support-for-derived-platforms) for more information.
1. After generating the key, record the Access Key ID and Secret Key.
#### Using Environment Variables to provide credentials
You may provide the credentials to Chef InSpec by setting the following environment variables: `AWS_REGION`, `AWS_ACCESS_KEY_ID`, and `AWS_SECRET_ACCESS_KEY`. You may also use `AWS_PROFILE`, or if you are using MFA, `AWS_SESSION_TOKEN`. See the [AWS Command Line Interface Docs](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) for details.
Once you have your environment variables set, you can verify your credentials by running:
```bash
$ inspec detect -t aws://
== Platform Details
Name: aws
Families: cloud, api
Release: aws-sdk-v2.10.125
```
#### Using the Chef InSpec target option to provide credentials on AWS
Look for a file in your home directory named `~/.aws/credentials`. If it does not exist, create it. Choose a name for your profile; here, we're using the name 'auditing'. Add your credentials as a new profile, in INI format:
```bash
[auditing]
aws_access_key_id = AKIA....
aws_secret_access_key = 1234....abcd
```
You may now run Chef InSpec using the `--target` / `-t` option, using the format `-t aws://region/profile`. For example, to connect to the Ohio region using a profile named 'auditing', use `-t aws://us-east-2/auditing`.
To verify your credentials, run:
```bash
$ inspec detect -t aws://
== Platform Details
Name: aws
Families: cloud, api
Release: aws-sdk-v2.10.125
```
## Azure Platform Support in InSpec
### Setting up Azure credentials for InSpec
To use Chef InSpec Azure resources, you will need to create a Service Principal Name (SPN) for auditing an Azure subscription.
This can be done on the command line or from the Azure Portal:
- [Azure CLI](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authenticate-service-principal-cli)
- [PowerShell](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authenticate-service-principal)
- [Azure Portal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal)
The information from the SPN can be specified either in the file `~/.azure/credentials`, as environment variables, or by using Chef InSpec target URIs.
#### Setting up the Azure Credentials File
By default, Chef InSpec is configured to look at `~/.azure/credentials`, and it should contain:
```powershell
[<SUBSCRIPTION_ID>]
client_id = "<CLIENT_ID>"
client_secret = "<CLIENT_SECRET>"
tenant_id = "<TENANT_ID>"
```
{{< note >}}
In the Azure web portal, these values are labeled differently:
- The client_id is referred to as the 'Application ID'
- The client_secret is referred to as the 'Key (Password Type)'
- The tenant_id is referred to as the 'Directory ID'
{{< /note >}}
With the credentials are in place, you may now execute InSpec:
```bash
inspec exec my-inspec-profile -t azure://
```
#### Using Environment variables to provide credentials
You may also set the Azure credentials via environment variables:
- `AZURE_SUBSCRIPTION_ID`
- `AZURE_CLIENT_ID`
- `AZURE_CLIENT_SECRET`
- `AZURE_TENANT_ID`
For example:
```bash
AZURE_SUBSCRIPTION_ID="2fbdbb02-df2e-11e6-bf01-fe55135034f3" \
AZURE_CLIENT_ID="58dc4f6c-df2e-11e6-bf01-fe55135034f3" \
AZURE_CLIENT_SECRET="Jibr4iwwaaZwBb6W" \
AZURE_TENANT_ID="6ad89b58-df2e-11e6-bf01-fe55135034f3" inspec exec my-profile -t azure://
```
#### Using the Chef InSpec target option to provide credentials on Azure
If you have created a `~/.azure/credentials` file as above, you may also use the Chef InSpec command line `--target` / `-t` option to select a subscription ID. For example:
```bash
inspec exec my-profile -t azure://2fbdbb02-df2e-11e6-bf01-fe55135034f3
```
## AliCloud Platform Support in InSpec
You will need to install AliCloud SDK version 0.8.0 and require AliCloud credentials to use the Chef InSpec AliCloud resources.
### Setting up AliCloud credentials for InSpec
You can configure AliCloud credentials in an [.envrc file](https://github.com/inspec/inspec-alicloud#:~:text=shell.%20(See%20example-,.envrc%20file,-)) or export them in your shell.
```bash
# Example configuration
export ALICLOUD_ACCESS_KEY="anaccesskey"
export ALICLOUD_SECRET_KEY="asecretkey"
export ALICLOUD_REGION="eu-west-1"
```
## GCP Platform Support in InSpec
### Setting up GCP credentials for InSpec
To use Chef InSpec GCP resources, you will need to install and configure the Google Cloud SDK. Instructions for this pre-requisite can be found in the
[Google CLoud SDK documentation](https://cloud.google.com/sdk/docs/). Be sure that your InSpec installation is the latest version. The minimal required InSpec version is 3.0.25.
### Create an InSpec profile that makes use of `inspec-gcp`
With a version of InSpec above 4.0.0, it is possible to create a profile with the following command:
```bash
$ inspec init profile --platform gcp my-profile
Create new profile at /Users/me/my-profile
* Creating directory libraries
* Creating file README.md
* Creating directory controls
* Creating file controls/example.rb
* Creating file inspec.yml
* Creating file inputs.yml
* Creating file libraries/.gitkeep
```
Assuming the `inputs.yml` file contains your GCP project ID, this sample profile can then be executed using the following command:
```bash
inspec exec my-profile --input-file=my-profile/inputs.yml -t gcp://
```
#### Setting up the GCP Credentials File
While InSpec can use user accounts for authentication, [Google Cloud documentation](https://cloud.google.com/docs/authentication/) recommends using service accounts. Following GCP best practices, first create a service account with the scopes appropriate for your needs. See [these instructions](https://cloud.google.com/docs/authentication/getting-started) on creating a service account.
Then, download the credential JSON file, e.g. `project-credentials.json`, to your workspace and run the following command to activate your service account:
```bash
gcloud auth activate-service-account --key-file project-credentials.json
```
#### Using Environment variables for providing credentials
You may also set the GCP credentials json file via the `GOOGLE_APPLICATION_CREDENTIALS` environment variable.
```bash
export GOOGLE_APPLICATION_CREDENTIALS='/Users/me/.config/gcloud/myproject-1-feb7993e8660.json'
```
Once you have your environment variables set, you can verify your credentials by running:
```bash
$ inspec detect -t gcp://
== Platform Details
Name: gcp
Families: cloud, api
Release: google-cloud-v
```
{{< readfile file="content/inspec/reusable/md/support_derived_platforms.md" >}}

5
docs-chef-io/content/inspec/reusable/index.md Normal file
View file

@ -0,0 +1,5 @@
+++
headless = true
## headless = true makes this directory a headless bundle.
## See https://gohugo.io/content-management/page-bundles/#headless-bundle
+++

10
docs-chef-io/content/inspec/reusable/md/support_commercial_platforms.md Normal file
View file

@ -0,0 +1,10 @@
| Platform | Architecture | Version |
| --- | --- | --- |
| Amazon Linux | `x86_64`, `aarch64` | `2.x` |
| Debian | `x86_64`, `aarch64` (10.x only) | `9`, `10`, `11` |
| macOS | `x86_64`, `aarch64` (M1 processors) | `10.15`, `11.x`, `12.x` |
| Oracle Enterprise Linux | `x86_64`, `aarch64` (7.x / 8.x only) | `6.x`, `7.x`, `8.x` |
| Red Hat Enterprise Linux | `x86_64`, `aarch64` (7.x and 8.x only) | `6.x`, `7.x`, `8.x` |
| SUSE Linux Enterprise Server | `x86_64`, `aarch64` (15.x only) | `12.x`, `15.x` |
| Ubuntu | `x86_64` | `16.04`, `18.04`, `20.04` |
| Windows | `x86_64` | `8.1`, `2012`, `2012 R2`, `2016`, `10` (all channels except "insider" builds), `2019`, `11`, `2022` |

6
docs-chef-io/content/inspec/reusable/md/support_derived_platforms.md Normal file
View file

@ -0,0 +1,6 @@
| Platform | Architecture | Version | Parent platform |
| --- | --- | --- | --- |
| AlmaLinux | `x86_64`, `aarch64` | `8.x` | CentOS |
| Rocky Linux | `x86_64`, `aarch64` | `8.x` | CentOS |
Chef InSpec Target Mode (`inspec --target`) may be functional on additional platforms, versions, and architectures but arent validated by Chef.

63
docs-chef-io/content/inspec/uninstall.md Normal file
View file

@ -0,0 +1,63 @@
+++
title = "Uninstall Chef InSpec"
draft = false
gh_repo = "inspec"
[menu]
[menu.inspec]
title = "Uninstall"
identifier = "inspec/install/uninstall"
parent = "inspec/install"
weight = 40
+++
You can uninstall Chef InSpec using the steps below that are appropriate for the
method of Chef InSpec installation.
## macOS
### Homebrew
Use the following *destructive* command to remove the Chef InSpec standalone Homebrew package:
```bash
brew cask uninstall inspec
```
### CLI
Use the following *destructive* command in your terminal to remove the Chef InSpec package:
```bash
sudo rm -rf /opt/inspec
```
## Windows
### Installer
Use *Add / Remove Programs* to remove Chef InSpec.
## Linux
### CLI
Use the following *destructive* commands to uninstall Chef InSpec from Linux-based platforms.
For Ubuntu, use the following *destructive* command to uninstall Chef InSpec:
```bash
sudo dpkg -P inspec
```
For Red Hat Enterprise Linux, use the following *destructive* command to uninstall Chef InSpec:
```bash
sudo rpm -e inspec
```
For SUSE Linux Enterprise Server, use the following *destructive* command to uninstall Chef InSpec:
```bash
sudo zypper remove inspec
```