Commit graph

4061 commits

Author SHA1 Message Date
Adam Leff
06a3a6e95b Bump Omnibus ruby to 2.4.2 (#2294)
Signed-off-by: Adam Leff <adam@leff.co>
2017-11-09 11:09:54 +01:00
Adam Leff
884204f1ef
Updated "code" style on website (#2298)
The existing style was a bit harsh, especially with a lot of code
blocks in a row. This lightens it a bit to be more focused on the
monospace aspect rather than offsetting code with different backgrounds.

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-08 16:41:06 -05:00
Chef Expeditor
13a93ebd32 Bump version to 1.44.3 by Expeditor 2017-11-08 17:43:28 +00:00
Adam Leff
0a11280444
nginx resource: support quoted identifiers (#2292)
An nginx config may contain configuration settings that are quoted, such
as a map entry:

"~^\/opcache-api" 1;

The `nginx_conf` resource was failing to properly parse these.

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-08 12:42:37 -05:00
Chef Expeditor
690b1df805 Bump version to 1.44.2 by Expeditor 2017-11-08 10:41:11 +00:00
Adam Leff
9e9025c138 Switch to tomlrb for TOML parsing (#2295)
The `toml` gem has a very strict version dependency on an old version
of parslet. This change switches us to use `tomlrb` instead which has
no direct dependencies. This will allow us to bump up to a later version
of parslet that has better error handling and insight into parser errors.

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-08 11:41:00 +01:00
Chef Expeditor
9440ce6321 Bump version to 1.44.1 by Expeditor 2017-11-07 19:02:06 +00:00
Dominik Richter
eb729c4034 allow users to specify user/namespace when fetching profiles from Chef Automate (#2275)
* allow users to configure the profiles namespace

By default it uses the username of the user that is logged into the system. However, the user can now specify the `--user` on the cli to list profiles from a user other than his own domain.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* allow users to provide owner for profile listing and uploading

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>

* use config only

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-11-07 14:01:55 -05:00
Chef Expeditor
c2ec4b9545 Bump version to 1.44.0 by Expeditor 2017-11-06 18:29:02 +00:00
Jerry Aldrich III
43b71ff132 Add non-halting exception support to resources (#2235)
* Add non-halting exception support to resources

This adds two `Inspec::Exceptions` that can be used within resources to
either skip or fail a test without halting execution.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-11-06 13:28:53 -05:00
Chef Expeditor
0961e07d73 Bump version to 1.43.10 by Expeditor 2017-11-03 20:24:06 +00:00
Adam Leff
7616597b7f
Pin RubyGems to 2.6.14 (#2287)
* Pin RubyGems to 2.6.14

2.7.0 seems to have introduced an issue causing bundler to fail to
install in our Jenkins pipeline.

Signed-off-by: Adam Leff <adam@leff.co>

* Added comment explaining the pin

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-03 16:23:56 -04:00
Chef Expeditor
356939443c Bump version to 1.43.9 by Expeditor 2017-11-03 18:29:08 +00:00
Seth Chisamore
af8443d1ea Use proper syntax in curl header option (#2285)
`curl` expects a valid header per RFC 2616 when using the
`-H`/`--header` option. RFC 2616 declares header field/values
should be separated using a colon (`:`):
https://tools.ietf.org/html/rfc2616#section-4.2

Signed-off-by: Seth Chisamore <schisamo@chef.io>
2017-11-03 14:28:54 -04:00
Chef Expeditor
197398d49f Update CHANGELOG.md to reflect the promotion of 1.43.8 to stable 2017-11-02 20:35:44 +00:00
Chef Expeditor
d3d44bf285 Bump version to 1.43.8 by Expeditor 2017-11-02 14:04:06 +00:00
Wei He
71ed5ef964 service resource: properly search for SysV Init S files (#2274)
* bug fix: Service resource

Signed-off-by: Wing924 <weihe924stephen@gmail.com>

* fix test case

Signed-off-by: Wing924 <weihe924stephen@gmail.com>
2017-11-02 15:03:51 +01:00
Chef Expeditor
e44de521b6 Bump version to 1.43.7 by Expeditor 2017-11-01 11:01:33 +00:00
Markus Grobelin
221db7e132 mount resource: fix for Device-/Sharenames and Mountpoints including … (#2257)
* mount resource: fix for Device-/Sharenames and Mountpoints including whitespaces

Device-/Sharenames and Mountpoints on Linux may include whitespaces (\040), e.g. /etc/fstab entry like:

```//fileserver.corp.internal/Research\040&\040Development /mnt/Research\040&\040Development cifs OTHER_OPTS```

... results in a mount line like:

```//fileserver.corp.internal/Research & Development on /mnt/Research & Development type cifs (OTHER_OPTS)```

The Linux mount command replaces \040 with whitspace automatically, so this should be tributed.

I used a control like this:

```
    describe mount('/mnt/Research & Development') do
      it { should be_mounted }
      its('device') { should eq  '//fileserver.corp.internal/Research & Development' }
    end
```

Before:

```
  ×  whitespaces-1: Mount with whitespace within sharename and mountpoint. (1 failed)
     ✔  Mount /mnt/Research & Development should be mounted
     ×  Mount /mnt/Research & Development device should eq "//fileserver.corp.internal/Research & Development"

     expected: "//fileserver.corp.internal/Research & Development"
          got: "//fileserver.corp.internal/Research"

     (compared using ==)
```

After:

```
  ✔  whitespaces-01: Mount with whitespace within sharename and mountpoint.
     ✔  Mount /mnt/Research & Development should be mounted
     ✔  Mount /mnt/Research & Development device should eq "//fileserver.corp.internal/Research & Development"
```

Signed-off-by: Markus Grobelin <grobi@koppzu.de>

* mounts_with_whitespaces: make lint happy

Signed-off-by: Markus Grobelin <grobi@koppzu.de>

* mount resource: added parentheses as suggested by https://github.com/chef/inspec/pull/2257/files

Signed-off-by: Markus Grobelin <grobi@koppzu.de>

* mount resource: fix for Device-/Sharenames and Mountpoints including whitespaces
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
2017-11-01 12:01:21 +01:00
Szymon Szypulski
615779c538 Use names when quering for containers (#2270)
Name does not work.

Obvious fix.
2017-10-31 16:37:33 -04:00
Chef Expeditor
5d8384f767 Bump version to 1.43.6 by Expeditor 2017-10-27 08:33:04 +00:00
Jerry Aldrich III
94a79b2fc7 Force https scheme for inspec compliance login (#2268)
This allows a user to specify an Automate server without prepending
`https://`. Without this, anything using the `url` fetcher will fail
because `open` doesn't interpret the argument as a URL.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-10-27 10:32:52 +02:00
Adam Leff
cdbb288d39 shadow resource: Docs clarification of the passwords property (#2269)
Signed-off-by: Adam Leff <adam@leff.co>
2017-10-27 10:31:48 +02:00
Adam Leff
e469a947fc Fix sorting of resources on website (#2267)
Not sure how this ever worked without us force-sorting, but the
list of resources is now guaranteed to be alpha-sorted.

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-26 17:02:48 -04:00
Adam Leff
f2be9a035f Update segment tag on inspec.io website (#2263)
* Update segment tag on inspec.io website

Signed-off-by: Adam Leff <adam@leff.co>

* Remove redundant include of segment.js

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-26 16:37:38 -04:00
Chef Expeditor
2b201231e5 Update CHANGELOG.md to reflect the promotion of 1.43.5 to stable 2017-10-26 19:54:46 +00:00
Chef Expeditor
e2f0b0c751 Bump version to 1.43.5 by Expeditor 2017-10-26 15:32:56 +00:00
Jerry Aldrich III
91403d8c81 Add Chef Automate support to inspec compliance login (#2203)
* Merge `login` and `login_automate` commands

This provides a single interface for logging into either Chef Automate
or Chef Compliance servers. Server type is evaluated at run time via
HTTP responses from designated endpoints.

This also moves the login logic from `Compliance::ComplianceCLI` to a
separate set of modules in `Compliance::API`. This removes logic from
Thor and allows for more in depth Unit testing.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Remove empty line below class definition

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Add message to `raise CannotDetermineServerType`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Refactor `token_info` assignment

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Remove unnecessary rubocop disable

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Modify `Login` module namespacing

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Remove mentions of login_automate and --usertoken

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Modify `determine_server_type` to return a symbol

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Add support for `login_automate` and `--usertoken`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Fix encoding typo

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Address PR feedback

This does the following:
  - Moves `CannotDetermineServerType` error to `.login`
  - Changes methods that store configuration to return the configuration
  - Moves user output to one location in `.login`
  - Makes other small improvements

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-10-26 17:32:47 +02:00
Adam Leff
a238083403 Fix the docs for the shadow resource (#2266)
* Fix the docs for the shadow resource

Inspired by the work in PR #2246

Signed-off-by: Adam Leff <adam@leff.co>

* Fix typo

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-25 12:23:52 -04:00
Chef Expeditor
274b1a53e5 Bump version to 1.43.4 by Expeditor 2017-10-25 14:14:42 +00:00
Markus Grobelin
2251270929 cran resource: check for R module installation (#2255)
* Added CRAN resource to check R modules

control 'cran-1' do
  impact 1.0
  desc '
    Ensure R module DBI is installed.
  '

  describe cpan('DBI') do
    it { should be_installed }
    its('version') { should cmp >= '3.0' }
  end
end

Signed-off-by: Markus Grobelin <grobi@koppzu.de>

* cran resource: made lint happy, added negative unit test, removed unused arg perl_lib_path

Signed-off-by: Markus Grobelin <grobi@koppzu.de>
2017-10-25 16:14:29 +02:00
Chef Expeditor
90ca9528aa Bump version to 1.43.3 by Expeditor 2017-10-25 14:01:36 +00:00
Markus Grobelin
c626dfdbd9 cpan resource: check for Perl module installation (#2254)
* Added CPAN resource to check Perl modules

control 'cpan-1' do
  impact 1.0
  desc '
    Ensure Perl modules DBI and DBD::Pg are installed.
  '

  describe cpan('DBI') do
    it { should be_installed }
  end

  describe cpan('DBD::Pg') do
    it { should be_installed }
    its('version') { should cmp >= '3.0' }
  end
end

Signed-off-by: Markus Grobelin <grobi@koppzu.de>

* cpan resource: fixed unit test for non-installed module

Signed-off-by: Markus Grobelin <grobi@koppzu.de>
2017-10-25 16:01:26 +02:00
lhasadreams
7df4d2d418 Corrected name to be service_name (#2262)
Signed-off-by: Adrian Daniels <adrian@chef.io>
2017-10-24 17:51:30 -04:00
Chef Expeditor
69a629c726 Bump version to 1.43.2 by Expeditor 2017-10-24 21:50:32 +00:00
Dominik Richter
39d743b12e Include ref when writing out inspec control objects (#2259)
* support ref for inspec control objects

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* lint

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-10-24 17:50:23 -04:00
Chef Expeditor
b2597cecfa Bump version to 1.43.1 by Expeditor 2017-10-24 20:23:08 +00:00
Jerry Aldrich III
a4cd589b93 Fix regression regarding profile upload (#2264)
Fix regression when uploading compliance profiles
2017-10-24 16:22:57 -04:00
Chef Expeditor
f43178dde8 Bump version to 1.43.0 by Expeditor 2017-10-20 21:28:57 +00:00
Adam Leff
8dc48533aa new resource: elasticsearch resource, test cluster/node state (#2261)
* new resource: elasticsearch resource, test cluster/node state

This is a new resource for testing an Elasticsearch cluster. It operates
by fetching the `_nodes` endpoint from a given Elasticsearch node and
collects data about each node in a cluster, even if there's only a
single node.

This work is based on inspiration from an initial PR #1956 submitted by
@rx294.

Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>
Signed-off-by: Adam Leff <adam@leff.co>

* Reduce mock data on non-default tests

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-20 17:28:48 -04:00
Chef Expeditor
1479feecd3 Update CHANGELOG.md to reflect the promotion of 1.42.3 to stable 2017-10-19 15:41:43 +00:00
Chef Expeditor
69dd8d16ec Bump version to 1.42.3 by Chef Expeditor 2017-10-18 11:24:18 +00:00
Matt Ray
c21ce063ab Replace WMI query with PowerShell cmdlet "get-hotfix" (#2252)
Signed-off-by: Matt Ray <matthewhray@gmail.com>
2017-10-18 12:24:11 +01:00
Adam Leff
ff42eb5ba6 Cleanup changelog (#2249)
Some items were in the wrong sections because of lack of PR labels.

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-17 16:36:09 +01:00
Chef Expeditor
63b8fb3b8f Bump version to 1.42.2 by Chef Expeditor 2017-10-17 15:30:46 +00:00
Sebastian Gumprich
9f9715b90b Update postgres.rb (#2248)
Signed-off-by: Sebastian Gumprich <github@gumpri.ch>
2017-10-17 16:30:35 +01:00
Chef Expeditor
0652112129 Bump version to 1.42.1 by Chef Expeditor 2017-10-17 13:02:00 +00:00
David Alexander
6ed4068fd1 Extend Windows ACL matchers (#1744)
* Adds alias for 'ListDirectory' permission

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Works with Ruby array of permissions as long as possible

Converts to PowerShell array just before use.

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Abstracts user-provided permissions to router method

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Adds FullControl as a specifiable permission

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Adds specific permission 'modify'

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Fixes #1743

Limits Windows' broad "read" permission to if it can read all of the
above, instead of just the first:

- File contents
- File attributes
- File extended attributes
- File permissions

This better aligns with how Windows names the permissions.

  'read' -> Read instead of 'read' -> ReadData

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* 'Execute' Windows ACL has alias of 'Traverse'

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Adds 'Delete' permission

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Adds `should allow('perm').by_user('me')` matcher

Provides hooks for later use with Windows ACL matching

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Adds remaining Windows ACL hooks

Skips ReadAndExecute on intentionally since it just aliases the combo of
2 permissions into one new one.

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* [Rubocop] Reduces ABC / Cyclomatic complexity

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Reduces global scope with `allows()` -> `be_allowed()`

RSpec inferred matchers work nicely here. This changes the `by_user()`
and `by()` chained matchers to just be an options hash on the underlying
`allowed?()` method.

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Fixes integration tests with rename `allows()` -> `be_allowed()`

Signed-off-by: David Alexander <opensource@thelonelyghost.com>
2017-10-17 15:01:51 +02:00
Chef Expeditor
e5ce31fcc7 Bump version to 1.42.0 by Chef Expeditor 2017-10-17 12:53:49 +00:00
Adam Leff
3c3cb741ff Add inspec habitat profile setup command (#2239)
Introduces a new `inspec habitat profile setup` command
which will set up an existing profile repository with all
the files necessary to build a Habitat package. This will
prime a repository to be used by the Habitat Builder service.

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-17 14:53:41 +02:00