Commit graph

2625 commits

Author SHA1 Message Date
Christoph Hartmann
64a5a4d082 switch from os-hardening to ssh-hardening profile 2016-08-25 14:42:55 +02:00
Steven Danna
fd87b679be Minor refactor of Inspec::Profile#load_checks_params 2016-08-25 14:42:55 +02:00
Steven Danna
6034ece853 Initial control isolation support
The goal of this change is to provide an isolated view of the available
profiles when the user calls the include_controls or require_controls
APIs.  Namely,

- A profile should only be able to reference profiles that are part of
  its transitive dependency tree. That is, if the dependency tree for a
  profile looks like the following:

  A
  |- B --> C
  |
  |- D --> E

  Then profile B should only be able to see profile C and fail if it
  tries to reference A, D, or E.

- The same profile should be include-able at different versions from
  different parts of the tree without conflict.  That is, if the
  dependency tree for a profile looks like the following:

  A
  |- B --> C@1.0
  |
  |- D --> C@2.0

  Then profile B should see the 1.0 version of C and profile D should
  see the 2.0 profile C with respect to the included controls.

To achieve these goals we:

- Ensure that we construct ProfileContext objects with respect to the
  correct dependencies in Inspec::DSL.

- Provide a method of accessing all transitively defined rules on a
  ProfileContext without pushing all of the rules onto the same global
  namespace.

This does not yet handle attributes or libraries.
2016-08-25 14:42:55 +02:00
Christoph Hartmann
86c501fdd8 Merge pull request #975 from chef/jk/ruby21
Fix `bundle install` on Ruby 2.1.9
2016-08-25 14:42:17 +02:00
John Keiser
2b37bd6586 Fix bundle install on Ruby 2.1.9 2016-08-25 14:16:16 +02:00
Victoria Jeffrey
11a7c9f0da fix lint error 2016-08-25 07:44:19 -04:00
Christoph Hartmann
d4ec3214d2 Merge pull request #976 from chef/jk/fix-rakefile
Fix `rake` to work again
2016-08-25 13:30:46 +02:00
Victoria Jeffrey
2821dae1b3 first pass at collecting command output for demo 2016-08-24 21:31:56 -04:00
John Keiser
3a9bebdfdb Fix rake to work again
It was searching for `rake generate` because that is the default task,
and does not exist.
2016-08-24 10:00:19 -07:00
Christoph Hartmann
e60666ba66 Merge pull request #963 from chef/anniehedgpeth/psbug
bugfix windows forward slashes handling
2016-08-24 16:56:50 +02:00
Christoph Hartmann
1300900693 add unit test for local fetcher with windows path support 2016-08-24 16:23:27 +02:00
Annie Hedgpeth
fe5c7c49a4 Attempt at a bug fix to read backslashes as forward slashes in local fetcher 2016-08-24 15:11:20 +02:00
Christoph Hartmann
8825b71412 Merge pull request #970 from chef/ksubrama/package
Speed up windows package lookup
2016-08-24 14:57:30 +02:00
Christoph Hartmann
1989c25b2a add integration test for package resource 2016-08-24 14:40:26 +02:00
Christoph Hartmann
956d3b7292 add unit test for new package resource 2016-08-24 14:40:26 +02:00
Christoph Hartmann
3182978e85 fix lint 2016-08-24 14:40:26 +02:00
Kartik Null Cating-Subramanian
db032e437e Speed up windows package lookup - maybe 2016-08-24 14:33:56 +02:00
Christoph Hartmann
53a545ed8f Merge pull request #972 from chef/chris-rock/json2
Allow JSON 2.x
2016-08-24 11:36:40 +02:00
Christoph Hartmann
fb23e53b3d fix json 1.8 version for ruby 1.9 & 2.1 2016-08-24 11:16:43 +02:00
John Keiser
16e759c834 add support for json2 2016-08-24 11:15:17 +02:00
Christoph Hartmann
0413cc4ed6 Merge pull request #964 from chef/chris-rock/restructure-tests-suites
restructure test suites in travis
2016-08-24 11:13:02 +02:00
Christoph Hartmann
02158fbfe4 restructure test suites in travis 2016-08-24 10:50:02 +02:00
Steven Danna
622de28f0f Merge pull request #965 from chef/ssd/expand-path
Expand relative paths based on profile location
2016-08-24 09:29:26 +01:00
Steven Danna
ed179ac088
Only redirect logging to STDERR if format=json
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-24 09:12:59 +01:00
Steven Danna
80fe61b8cd
Expand relative paths based on profile location
Also: Log to STDERR by default

NB: This will result in absolute paths being rendered to lock files. We
think that is OK for now since we are going to build some UX around
path-based dependencies and lock files.  Namely, we are going to tell
people it is a bad idea.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-24 09:12:56 +01:00
Kartik Null Cating-Subramanian
16a943fae5 Merge pull request #968 from Anirudh-Gupta/master
can check windows service startup mode now
2016-08-23 16:41:25 -04:00
Anirudh Gupta
4041f1898e can check windows service startup mode now 2016-08-24 02:01:10 +05:30
Christoph Hartmann
9e45d71bf3 Merge pull request #962 from chef/username-is-already-taken2/win-port-checking
Resolved an issue checking ports on windows
2016-08-23 17:26:28 +02:00
username-is-already-taken2
52c52d565f Update host.rb
Resolved an issue checking ports on windows

The previous version wasn't really checking if a port was accessible as we were only validating if the ping succeeded. Using TcpTestSucceeded to determine if the connection worked or not.
2016-08-23 17:15:33 +02:00
Kartik Null Cating-Subramanian
3415359ea2 Merge pull request #961 from chef/ssd/deps-resolver-replace
WIP: Replace Molinillo-based resolver
2016-08-23 10:52:41 -04:00
Christoph Hartmann
b6318cbc1b Merge pull request #923 from chef/chris-rock/win-file-permissions
Add integration tests for file owner on windows
2016-08-23 16:11:14 +02:00
Christoph Hartmann
a381e406c4 add integration tests for file permissions on windows 2016-08-23 16:03:58 +02:00
Steven Danna
366e65b198
Add the start of tests for the Resolver class
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-23 14:50:12 +01:00
Steven Danna
d64b72d71d
Replace Molinillo-based resolver
The Molinillo library is a good library for systems that need a
constraint solver that will solve dependency problems requiring a single
version of each named dependency.

In our case, the eventual goal is to allow libraries to have conflicting
transitive dependencies at runtime. Isolation will be provided by
restricting all calls within a given profile to scope which can only see
that profile's dependencies.

To facilitate working on the isolation feature, I've replaced the
Molinillo-based resolver with a minimal resolver which will allow us to
load multiple versions of the same library.

Since we will likely want a good amount of logging around this feature
in the future, I've added a Inspec::Log singleton-style class, replacing
the previous Inpsec::Log which appeared unused in the code base.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-23 14:27:57 +01:00
Christoph Hartmann
961e815804 Merge pull request #949 from chef/ssd/deps-lockfile
Add prototype of inspec.lock
2016-08-23 15:25:08 +02:00
Steven Danna
d9b6210d30
Remove unused url functions from fetchers
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-23 13:54:56 +01:00
Steven Danna
02d611e68c
Add archive_path helper to Tar and Url fetchers
Eventually I think we'll want this as part of the fetcher API generally.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-23 13:54:56 +01:00
Steven Danna
a6ec345eac
Don't set nil cwd in inspec/profile 2016-08-23 13:54:56 +01:00
Steven Danna
3049eb1388
Add comments based on code review and plans for future work
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-23 13:54:56 +01:00
Steven Danna
9c1b82e7d4
Add prototype of inspec.lock
This adds a basic prototype of inspec.lock. When the lockfile exists on
disk, the dependencies tree is constructed using the information in the
lock file rather than using the resolver.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-23 13:54:55 +01:00
Christoph Hartmann
13e9a69701 Merge pull request #945 from chef/os_helpers
Add darwin helper
2016-08-23 13:55:58 +02:00
Dominik Richter
3222670379 Merge pull request #943 from chef/ksubrama/shell2
Fix command evaluation for inspec shell -c
2016-08-23 12:09:15 +02:00
Tim Smith
d953986d25 Add darwin helper
Signed-off-by: Tim Smith <tsmith@chef.io>
2016-08-23 10:37:52 +02:00
Kartik Null Cating-Subramanian
039c760545 Fixup behavior and add functional tests 2016-08-23 03:07:23 +02:00
Kartik Null Cating-Subramanian
01763d43ed Fix command evaluation for inspec shell -c 2016-08-23 03:07:23 +02:00
Dominik Richter
856dd920f7 Merge pull request #947 from chef/vj/document-or-feature
document OR feature
2016-08-22 21:58:43 +02:00
Victoria Jeffrey
8bb791c12f document OR feature 2016-08-21 19:01:59 -04:00
Christoph Hartmann
baaaf3c95b Merge pull request #944 from chef/os_docs
Update platforms in the docs to match the code
2016-08-19 20:22:08 +02:00
Tim Smith
0dbe816f57 Docs should reference family not platform
Signed-off-by: Tim Smith <tsmith@chef.io>
2016-08-19 20:14:03 +02:00
Tim Smith
86247c012f Add missing platforms to the docs
Signed-off-by: Tim Smith <tsmith@chef.io>
2016-08-19 20:14:03 +02:00