Commit graph

783 commits

Author SHA1 Message Date
Clinton Wolfe
e317fff2ed
Move files under lib back to libraries
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-14 23:41:12 -05:00
Clinton Wolfe
a33146f9a4
Skeleton aws_ec2_security_group resource
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-14 09:28:29 -05:00
Clinton Wolfe
4229974e7d
Skeleton resource for aws_ec2_security_groups
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-13 22:36:23 -05:00
Clinton Wolfe
e5dc4a1c29
Add skeleton of aws_iam_role
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-13 22:34:52 -05:00
Clinton Wolfe
f5251f3c29 Re-work unit tests for user and users (#125)
* Constructor unit tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Constructor tests pass, all others gutted

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Basic 'where' test in place, no criteria

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Wired up filter table to backend list users

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Unit testing for has_mfa_enabled and has_console_password

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Simple AWS client implementation for Users

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rework resource parameters and validation; copy in code from #121

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add constructor tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add search/recall tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Recall unit tests pass

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Failing unit tests for username and has_console_password

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* has_console_password works in unit tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* has_mfa_enabled failing unit tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* has_mfa_enabled passes unit tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Failing unit tests for Access Keys

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* CLean up bad rebase commit

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Access keys property works, as an uncooked AWS response

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* De-linting

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Integration tests work

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Remove provider support libraries

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Integration tests pass for users resource

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* De-lint

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Remove aws connection load from user

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Adapt aws_iam_user to rely on AwsResourceMixin

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-08 19:34:09 +01:00
Miah Johnson
e33f4959e1 Allow crontab resource to read crontab at user specified paths. (#2328)
* add a emulated /etc/cron.d/crondotd file to the mocking system.

* test that we handle incoming paths correctly by rendering to_s.

* We take in both users and a path, so lets call that destination.

* To make the test pass we'll determine if we are dealing with a path or
a user and return the correct string.

* we will need the ability to determine if we are dealing with a path when either calling the crontab command or reading the file directly, so break that out into a path? method.

* remove author field.

* test contents of our crondotd file.

* we have to explicitly make @destination a String to use include?.

* when we get a path we use inspec.file to get conents, otherwise we run the crontab command.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add documentation for example usage with file path.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Make path? and path_or_user private methods

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add missing username filed to crondotd mock file

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Pass argument as a hash when testing file paths

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Expected results should include usernames when testing file paths

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add special string `@yearly` test to crondotd mock file

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add user to existing cron tests

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Rubocop says I need spaces after/before curly brackets

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add user to crondotd file tests and add @yearly test

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Modify initialize to take options hash and be backwards compatible.

Change initialize default argument to create a hash by default, though
it is still possible to pass in a 'user' string argument.

@user gets set with the argument value unless its a hash, in which case
it tries to set the value of the user key, otherwise it becomes nil.

@file gets set with the value of the path key, unless it doesn't exist
in which case it becomes nil.

All hash keys are symbolized to ensure consistent access.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Check if @path is nil to determine if we run crontab command or parse
file.

path? was removed as we're not overloading a @destination variable
anymore.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* if @user is nil assume current user otherwise crontab for @user

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Change to complete if rather than ternary.

We have three possible cases, current user, other user, or file path.
This accounts for all of them.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add user to the crontab FilterTable

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Remove path? and path_or_user

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Move crontab parsing to two methods, parse_user_crontab and
parse_system_crontab

Because a command in a crontab file could have spaces we must parse user
and system crontabs differently.

When we parse user crontabs the user field will either be nil, or the requested user.

Both user and path parsers handle special strings (@yearly, @weekly,
etc). And also account for position of user in these files (or adds it
in user case)

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Update examples with user: and path:

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add spaces after : in example docs

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Disable rubocop ClassLength check

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Moved rubocop ClassLength metric next to class instead of above the
module.

Remove unnecessary braces.

Add is_system_crontab? and is_user_crontab helper methods and use them.

Add tests to see if error conditions are raised when the resource is
invoked with missing parameters (user, or path), and on a unsupported
os.

Change initialize to group all hash functions together and raise errors
when user and path is unset. Also raise errors on unsupported operating
systems.

Change order of ternary and use is_system_crontab? rather than
@path.nil?

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2017-12-07 13:50:07 +01:00
Jared Quick
72af4a96f1 Update default cli options to be per command. (#2378)
Signed-off-by: Jared Quick <jquick@chef.io>
2017-12-07 13:19:36 +01:00
Jared Quick
4c592f49c1 Resolve merge issue with json-config vs thor defaults (#2377)
* Add debug for caching and fix cli merge bug.

Signed-off-by: Jared Quick <jquick@chef.io>

* Update options merge to take cli options over json.

Signed-off-by: Jared Quick <jquick@chef.io>
2017-12-06 22:22:11 +01:00
Jared Quick
31578de5e4 Fix inspec appveyor test with the new local train transport (#2376)
* test appveyor with ruby#File

Signed-off-by: Jared Quick <jquick@chef.io>

* Update inspec train to version 0.31.1

Signed-off-by: Jared Quick <jquick@chef.io>
2017-12-06 15:18:38 -05:00
Jared Quick
578577f79a Update command resource to check for mock backend. (#2353)
Signed-off-by: Jared Quick <jquick@chef.io>
2017-12-05 14:21:31 +01:00
Jerry Aldrich III
49d36de0f3 Allow inspec check to ignore only_if (#2250)
* Allow `inspec check` to ignore `only_if`

When using `inspec check` a mock Train backend is created. This means
that the following would raise an error because `os.name` is `nil`

```
only_if { os.name.include?('anything') }
```

Since `inspec check` isn't concerned with the evaluation of `only_if`
this skips those checks if the block given raises an error.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Remove unnecessary `e` in rescue

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Modify implementation to use `check_mode`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Move `check_mode` concept to the Profile scope

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Fix lint after rubocop upgrade

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Add comment for mocked ControlEvalContext options

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-12-05 14:13:41 +01:00
Jared Quick
0dc0e3b457 Update rspec cli control summary to not uniq fails. (#2362)
Signed-off-by: Jared Quick <jquick@chef.io>
2017-12-05 13:07:31 +01:00
Jared Quick
d49f4e3fe1 Enable caching for backend calls (#2309)
* Enable caching for command and file calls to train
* Moved transport conn to connection and refactored tests
* Update caching flag to use train caching.
* Move caching flag to cli option.
* Add backed cache default from thor.
* Add hard disable for cache option and remove all cache from debug shell.
* Add comment to caching settings conditional.
* Force file cache on when caching enabled.
* Update gemspec for train 0.30.0.

Signed-off-by: Jared Quick <jquick@chef.io>
2017-12-04 16:40:14 -05:00
Jared Quick
4b1c1b041f security_policy resource: use PID for filename instead of random (#2368)
* Update security policy export to use pid instead of random.

Signed-off-by: Jared Quick <jquick@chef.io>

* Update helper for the new train.

Signed-off-by: Jared Quick <jquick@chef.io>
2017-12-04 15:31:06 -05:00
Clinton Wolfe
2955aabf7f DRY up AWS resource implementation and test backend implementations (#121)
* Standardize requires in unit tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Standardize requires in resources

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Move AWS connection hook into non-resource library area

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add an AWS resource mixin, pushing constructor out to it

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Push resource param name recognition into mixin

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Push exists predicate up to mixin

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rename base.rb to be resource_mixin for clarity

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Separate the backend from its factory, and push it out into a class mixin

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Push BackendFactory up into the resource mixin

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* De-linting

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Remove aws_conn require from LMF and CloudWatch Alarm filters

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Use resource mixin for Cloudwatch Alarm

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rework LMF to use the resource mixin

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rubocop.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Remove SDK load from connection.rb; that happens in aws.rb now

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Mixin should default to allowing empty resource params

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Update LMF to enforce params being required

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-04 19:32:13 +01:00
Adam Leff
3ffaee91c2 docker_image resource: properly handle registries in image strings (#2356)
When supplying a docker image that contains a registry with a port number,
such as `localhost:5000/chef/inspec:1.46.3`, the docker_image resource
was unable to locate the image in question due to incorrect parsing
of the repository and tag.

Signed-off-by: Adam Leff <adam@leff.co>
2017-12-01 10:24:15 +01:00
Adam Leff
12fec238f7
json resource: ensure params is not nil in even of read/parse failure (#2354)
When the JSON resource (and those that subclass off of it) were modified
to properly throw exceptions in the event of failure, this caused the
`params` method to return nil instead of what it used to be, an empty
hash.

This is fine in the case of a describe block, but it's not okay when used
outside of a describe, as it will cause users trying to pluck from the
hash to throw a dreaded-and-unhelpful NilClass error.

This change pre-populates the params to be an empty hash, and if the
read/parse steps fail, it will still be one.

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-29 16:31:06 -05:00
Jared Quick
3f14e467b3 Unique export file for security policy resource (#2350)
* Add a unique export for security policy resource.

Signed-off-by: Jared Quick <jquick@chef.io>

* Remove skip resource on empty policy file.

Signed-off-by: Jared Quick <jquick@chef.io>
2017-11-29 15:16:40 +01:00
Jerry Aldrich III
71057675de Allow skipping/failing resources in FilterTable (#2349)
* Allow skipping/failing resources in FilterTable

`FilterTable` is commonly used in the class body of a resource and is
evaluated during an `instance_eval`. This means that if you raise an
exception (e.g. SkipResource) it will halt `inspec exec` and
`inspec check`.

This adds an `ExceptionCatcher` class that will postpone evaluation
until test execution.

This allows `inspec check` and `inspec exec` to perform as intended when
skipping/failing a resource in `FilterTable`

Huge thanks to @adamleff for providing the starting code/ideas!

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Comment why `ExceptionCatcher` doesn't raise

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Remove `accessor` from `ExceptionCatcher`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Return the existing ExceptionCatcher object rather than creating new

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-29 07:32:40 -05:00
Adam Leff
98db74a466 http resource: properly support HEAD request with remote worker (#2340)
The existing method of adding `-X HEAD` to the curl command does not
work properly and can cause timeouts because curl doesn't properly
close the connection. The correct way is to use curl's own `--head`
flag.

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-27 18:17:39 +01:00
Adam Leff
6c3ab70dd1
json resource (et. al.): allow inspec check to succeed when using command (#2317)
* json resource (et. al.): allow inspec check to succeed when using command

When using the `json` resource (or any of the resources that subclass
JsonConfig), `inspec check` would fail if the content was supplied with
the `command` option. This is because the `command` resource is mocked
and an empty string would be returned for `stdout`. That content would
be blindly passed to the `parse` method would which raise an exception
and cause `inspec check` to fail.

This change refactors JsonConfig to be a bit cleaner and use some helper
methods. Additionally, we use the new Exceptions to properly raise errors
which are naturally caught by Inspec::Profile, etc.

Signed-off-by: Adam Leff <adam@leff.co>

* Make `resource_base_name` method private

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-27 11:13:02 -05:00
Clinton Wolfe
245efc4230
Add aws_iam_access_keys resource (#112)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-11-22 14:17:36 -05:00
Clinton Wolfe
fdd04e31c6
Add aws_cloudwatch_alarm resource (#119)
Adds aws_cloudwatch_alarm resource.
2017-11-22 14:04:13 -05:00
ChefRycar
84b34b9a4d Updating aws_iam_user with exists? function. (#115)
* Updating aws_iam_user with exists? function. Solves #114

Signed-off-by: Nick Rycar <rycar@chef.io>

* Disabling class length rubocop rule.

Signed-off-by: Nick Rycar <rycar@chef.io>
2017-11-22 14:30:18 +01:00
Clinton Wolfe
351b200a88 Add Cloudwatch Log Metric Filter resource (#116)
* Full docs, first draft; integration tests; started on unit tests
* Integration tests pass
* Docs update 
* More consistent syntax in examples
* Alter fetch phase to perform fetch, handle results, and unpack into instance vars, more like other resources
2017-11-22 12:32:19 +01:00
eramoto
a948900f88 Remove meaningless stdout message (#2313)
Stops to output the meaningless message to standard output when testing.
Obvious fix.

Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
2017-11-17 15:56:36 -05:00
Clinton Wolfe
ab2170f717 Add aws_sns_topic resource (#120)
* Docs first draft, integration tests, and constructor unit tests for SNS topic

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Skeleton of SNS topic

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Constructor arg validation works

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Passing unit tests for recall

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Subscription Count property, works

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Subscription, not subscriber

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Integration tests pass; also wildard ARNs are not allowed

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rubocop changes

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Doc updates per kagarmoe

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-11-17 01:44:43 +07:00
Seth Chisamore
396752ba26 Add basic param handling to remote HTTP worker (#2286)
http resource: Add basic param handling to remote HTTP worker
2017-11-16 12:16:23 -05:00
eramoto
f9ee7596f5 Fix gid filtering for etc_group resource (#2297)
'etc_group' resource stores 'gid' as integer but the 'where' method
compares 'gid' as string.
By this fix, the 'where' method always converts the stored data to string
when comparing. And it can also look for groups without members.

Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
2017-11-14 05:03:50 +01:00
Adam Leff
18faaa42de
Bumping train to 0.29.1 (#2306)
* Bumping train to 0.29

Train 0.29 includes some bug fixes and a refactor of the File classes

Signed-off-by: Adam Leff <adam@leff.co>

* Correct unit test for undefined platform

Train requires that a hash is supplied when mocking an OS. Because
an OS of "unsupported" rather than "undefined" was chosen in a unit
test, a nil was passed to train and it caused a failure.

Signed-off-by: Adam Leff <adam@leff.co>

* Ensure 0.29.1 or later gets picked up, but 0.30 is also acceptable

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-13 16:02:27 -05:00
Wei He
f20748c88f fix port resource (parse_ss_line) (#2305)
Signed-off-by: Wing924 <weihe924stephen@gmail.com>
2017-11-13 18:06:01 +01:00
Clinton Wolfe
656423d7f2 Issue warning during check if profile name contains slash (#2231)
* Add failing unit test for deprecation warning on profiles with slashes in their name

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Issue warning during validation if name contains a slash

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Slug profile names generated from target paths to prevent breaking unit tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rubocop whinges

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Update functional test watching for default profile name

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Make deprecation warning more descriptive

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rubocop whinges

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Set title with original test path if no profile name or title provided

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rubocop whinges

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-11-09 12:32:54 +01:00
Adam Leff
86079ca3c7 Properly compare profile version strings as SemVer (#2280)
When configuring a profile dependency, if the dependent profile had a
hyphen in it, it would not properly match the default version constraint
of `>= 0`. This is because a hyphen indicates the version is a pre-release
version and proper version matching would require the constraint to also
be listed with a pre-release version string.

The proper solution is to use the `+` character instead which indicates
a build number, which is what the hyphen was meant to convey. In the
meantime, this change properly compares version strings as SemVer and
also adds tests.

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-09 12:29:41 +01:00
Adam Leff
afd23444c9 Eliminate deprecation warnings on resource skipped messages (#2296)
PR #2216 introduced some new tests that use the old syntax that was
deprecated in #2235. This gets them in line and eliminates the
deprecation warnings.

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-09 12:25:11 +01:00
Adam Leff
0a11280444
nginx resource: support quoted identifiers (#2292)
An nginx config may contain configuration settings that are quoted, such
as a map entry:

"~^\/opcache-api" 1;

The `nginx_conf` resource was failing to properly parse these.

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-08 12:42:37 -05:00
Adam Leff
9e9025c138 Switch to tomlrb for TOML parsing (#2295)
The `toml` gem has a very strict version dependency on an old version
of parslet. This change switches us to use `tomlrb` instead which has
no direct dependencies. This will allow us to bump up to a later version
of parslet that has better error handling and insight into parser errors.

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-08 11:41:00 +01:00
Jerry Aldrich III
43b71ff132 Add non-halting exception support to resources (#2235)
* Add non-halting exception support to resources

This adds two `Inspec::Exceptions` that can be used within resources to
either skip or fail a test without halting execution.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-11-06 13:28:53 -05:00
Markus Grobelin
221db7e132 mount resource: fix for Device-/Sharenames and Mountpoints including … (#2257)
* mount resource: fix for Device-/Sharenames and Mountpoints including whitespaces

Device-/Sharenames and Mountpoints on Linux may include whitespaces (\040), e.g. /etc/fstab entry like:

```//fileserver.corp.internal/Research\040&\040Development /mnt/Research\040&\040Development cifs OTHER_OPTS```

... results in a mount line like:

```//fileserver.corp.internal/Research & Development on /mnt/Research & Development type cifs (OTHER_OPTS)```

The Linux mount command replaces \040 with whitspace automatically, so this should be tributed.

I used a control like this:

```
    describe mount('/mnt/Research & Development') do
      it { should be_mounted }
      its('device') { should eq  '//fileserver.corp.internal/Research & Development' }
    end
```

Before:

```
  ×  whitespaces-1: Mount with whitespace within sharename and mountpoint. (1 failed)
     ✔  Mount /mnt/Research & Development should be mounted
     ×  Mount /mnt/Research & Development device should eq "//fileserver.corp.internal/Research & Development"

     expected: "//fileserver.corp.internal/Research & Development"
          got: "//fileserver.corp.internal/Research"

     (compared using ==)
```

After:

```
  ✔  whitespaces-01: Mount with whitespace within sharename and mountpoint.
     ✔  Mount /mnt/Research & Development should be mounted
     ✔  Mount /mnt/Research & Development device should eq "//fileserver.corp.internal/Research & Development"
```

Signed-off-by: Markus Grobelin <grobi@koppzu.de>

* mounts_with_whitespaces: make lint happy

Signed-off-by: Markus Grobelin <grobi@koppzu.de>

* mount resource: added parentheses as suggested by https://github.com/chef/inspec/pull/2257/files

Signed-off-by: Markus Grobelin <grobi@koppzu.de>

* mount resource: fix for Device-/Sharenames and Mountpoints including whitespaces
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
2017-11-01 12:01:21 +01:00
Chris Redekop
c8d4244ef4 Add has_roles to aws_ec2_instance (#90)
* Rename EC2-instance resources

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Add interim updates

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* testing for issue 82

Signed-off-by: Simon Varlow <simon.varlow@d2l.com>

* completed integration for EC2 roles

Signed-off-by: Simon Varlow <simon.varlow@d2l.com>

* adding in the beginning of the unit test for issue 82

Signed-off-by: Simon Varlow <simon.varlow@d2l.com>

* Fix unit tests

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Add has_roles? examples

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Remove redundant gsub

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* corrected OpenStruct format

Signed-off-by: Simon Varlow <simon.varlow@d2l.com>

* setting up variable for InstanceProfile

Signed-off-by: Simon Varlow <simon.varlow@d2l.com>

* Updated the unit test so all variables are at the top

Signed-off-by: Simon Varlow <simon.varlow@d2l.com>

* Fixed Rubocop issues that were detected

Signed-off-by: Simon Varlow <simon.varlow@d2l.com>

* Updating README.md to include changes to aws_ec2

Signed-off-by: Simon Varlow <simon.varlow@d2l.com>

* Add failing IT for has_roles?

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Add negative IT and fix uncovered issue

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Fix Rubocop issue

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Fix integration test

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Fix Rubocop issues and unit tests

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Pin AWS dependency to '~> 2'

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
2017-10-26 15:56:32 -04:00
Steffanie Freeman
1a31425e81 Issue #46 Lazily load attributes in aws_iam_users (#89)
* Initial Commit

Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>

* aws_iam_user uses lazy loading

Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>

* Disassociates convert call from list_users

Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>

* A real-world working AwsIamUsers (#71)

* Add aws_iam_users

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Adding Filter table and Collect User Details to aws_iam_users.rb

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Adding Filter table and Collect User Details to aws_iam_users.rb

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Adding Filter table and Collect User Details to aws_iam_users.rb

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Get an aws_iam_users integration test to pass

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Fix RuboCop issues and tests

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Improving code based on PR feedback

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* AWS IAM Users unit tests work with new lazy loading feature

Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>

* Fixes tests

Signed-off-by: aduric <adnan.duric@d2l.com>

* Users should only hold the returned user references, transfering responsibility to each user to fetch any details

Signed-off-by: aduric <adnan.duric@d2l.com>

* Create user details provider class

Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>

* Using details provider factory to delegate creation of detail providers, and updates tests

Signed-off-by: aduric <adnan.duric@d2l.com>

* Rubocop fixes

Signed-off-by: aduric <adnan.duric@d2l.com>

* Rename user details provider factory to initializer, and remove unnecessary instance variables

Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
2017-10-26 15:22:15 -04:00
Jerry Aldrich III
91403d8c81 Add Chef Automate support to inspec compliance login (#2203)
* Merge `login` and `login_automate` commands

This provides a single interface for logging into either Chef Automate
or Chef Compliance servers. Server type is evaluated at run time via
HTTP responses from designated endpoints.

This also moves the login logic from `Compliance::ComplianceCLI` to a
separate set of modules in `Compliance::API`. This removes logic from
Thor and allows for more in depth Unit testing.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Remove empty line below class definition

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Add message to `raise CannotDetermineServerType`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Refactor `token_info` assignment

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Remove unnecessary rubocop disable

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Modify `Login` module namespacing

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Remove mentions of login_automate and --usertoken

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Modify `determine_server_type` to return a symbol

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Add support for `login_automate` and `--usertoken`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Fix encoding typo

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Address PR feedback

This does the following:
  - Moves `CannotDetermineServerType` error to `.login`
  - Changes methods that store configuration to return the configuration
  - Moves user output to one location in `.login`
  - Makes other small improvements

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-10-26 17:32:47 +02:00
Markus Grobelin
2251270929 cran resource: check for R module installation (#2255)
* Added CRAN resource to check R modules

control 'cran-1' do
  impact 1.0
  desc '
    Ensure R module DBI is installed.
  '

  describe cpan('DBI') do
    it { should be_installed }
    its('version') { should cmp >= '3.0' }
  end
end

Signed-off-by: Markus Grobelin <grobi@koppzu.de>

* cran resource: made lint happy, added negative unit test, removed unused arg perl_lib_path

Signed-off-by: Markus Grobelin <grobi@koppzu.de>
2017-10-25 16:14:29 +02:00
Markus Grobelin
c626dfdbd9 cpan resource: check for Perl module installation (#2254)
* Added CPAN resource to check Perl modules

control 'cpan-1' do
  impact 1.0
  desc '
    Ensure Perl modules DBI and DBD::Pg are installed.
  '

  describe cpan('DBI') do
    it { should be_installed }
  end

  describe cpan('DBD::Pg') do
    it { should be_installed }
    its('version') { should cmp >= '3.0' }
  end
end

Signed-off-by: Markus Grobelin <grobi@koppzu.de>

* cpan resource: fixed unit test for non-installed module

Signed-off-by: Markus Grobelin <grobi@koppzu.de>
2017-10-25 16:01:26 +02:00
Dominik Richter
39d743b12e Include ref when writing out inspec control objects (#2259)
* support ref for inspec control objects

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* lint

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-10-24 17:50:23 -04:00
Adam Leff
8dc48533aa new resource: elasticsearch resource, test cluster/node state (#2261)
* new resource: elasticsearch resource, test cluster/node state

This is a new resource for testing an Elasticsearch cluster. It operates
by fetching the `_nodes` endpoint from a given Elasticsearch node and
collects data about each node in a cluster, even if there's only a
single node.

This work is based on inspiration from an initial PR #1956 submitted by
@rx294.

Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>
Signed-off-by: Adam Leff <adam@leff.co>

* Reduce mock data on non-default tests

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-20 17:28:48 -04:00
David Alexander
6ed4068fd1 Extend Windows ACL matchers (#1744)
* Adds alias for 'ListDirectory' permission

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Works with Ruby array of permissions as long as possible

Converts to PowerShell array just before use.

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Abstracts user-provided permissions to router method

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Adds FullControl as a specifiable permission

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Adds specific permission 'modify'

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Fixes #1743

Limits Windows' broad "read" permission to if it can read all of the
above, instead of just the first:

- File contents
- File attributes
- File extended attributes
- File permissions

This better aligns with how Windows names the permissions.

  'read' -> Read instead of 'read' -> ReadData

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* 'Execute' Windows ACL has alias of 'Traverse'

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Adds 'Delete' permission

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Adds `should allow('perm').by_user('me')` matcher

Provides hooks for later use with Windows ACL matching

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Adds remaining Windows ACL hooks

Skips ReadAndExecute on intentionally since it just aliases the combo of
2 permissions into one new one.

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* [Rubocop] Reduces ABC / Cyclomatic complexity

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Reduces global scope with `allows()` -> `be_allowed()`

RSpec inferred matchers work nicely here. This changes the `by_user()`
and `by()` chained matchers to just be an options hash on the underlying
`allowed?()` method.

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Fixes integration tests with rename `allows()` -> `be_allowed()`

Signed-off-by: David Alexander <opensource@thelonelyghost.com>
2017-10-17 15:01:51 +02:00
username-is-already-taken2
fd558b63ac Corrected some unit test warnings (#2242)
Signed-off-by: username-is-already-taken2 <gary.bright@niu-solutions.com>
2017-10-17 14:49:26 +02:00
Jerry Aldrich III
62dc14a09c Fix only_if behavior when used outside controls (#2216)
* Fix `only_if` behavior when used outside controls

This renames `@skip_profile` to `@skip_file` and modifies the scope of
`only_if` (used outside of a control) to only apply to the control file
that contains it instead of the entire profile.

This does this by exposing `@skip_file` from the control context so that
it can be set back to `false` between loading control files in the
profile context.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Modify `get_checks` to accept a rule index

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Modify `only_if` to work regardless of location

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Disable Cyclomatic/Perceived Complexity in Rubocop

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Add comment for `skip_file` in `load_control_file`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-10-17 14:47:30 +02:00
narkaTee
4f005d8510 Fix port ressource ss line parsing (#2243)
Fixes the 'ss -tulpen' command parsing when multiple processes use the
same fd.

Signed-off-by: Jan Ullrich <narkat@gmail.com>
2017-10-17 14:45:37 +02:00
Christoph Hartmann
d21e2af15f rename file for aws_ec2 resource
* rename to aws_ec2_instance

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-10-11 16:18:20 -04:00
Adam Leff
5114173e50 Support PAX-formatted tar files, standardize file lists (#2225)
* Support PAX-formatted tar files, standardize file lists

When a tar file is generated in PAX format, the files have an additional
relative path prefix added to them. For example, instead of:

inspec.yml

... the file is listed as:

./inspec.yml

And the source reader plugin looks only for a "inspec.yml" file to
determine the profile format.

This change addresses this issue by normalizing the file paths in the
TarReader and accounting for the additional "./" prefix that may exist
whenever the tar file is walked looking for a file to read its content.

Signed-off-by: Adam Leff <adam@leff.co>

* Remove pax from unit test, will move to functional

Signed-off-by: Adam Leff <adam@leff.co>

* Add function test for the pax header tar file

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-10 10:36:57 +01:00
Keith Walters
2a8d6e0e91 Uses netstat to detect open ports on AIX (#2210)
* Uses netstat to detect open ports on AIX

Signed-off-by: Keith Walters <keith.walters@cattywamp.us>

* Adds unit tests for AIX port resource

Signed-off-by: Keith Walters <keith.walters@cattywamp.us>
2017-10-10 10:54:18 +02:00
Jared Quick
f9e0aaadba ssl resource: properly raise error when unable to determine if port is enabled (#2205)
* Move raise condition for host into enabled method

This is related to #1205. This will fix the ssl resource for now until
we redo the exceptions. Still looking around the code and need to build
some unit tests for the ssl resource.

My fix here is to move the raise condition till later in the flow,
specifically the enabled? method. This lets the raise get caught
accordingly without killing the other tests.

Signed-off-by: Jared Quick <jquick@chef.io>

* Remove authors from ssl resource test

Signed-off-by: Jared Quick <jquick@chef.io>
2017-10-06 19:38:22 +02:00
Adam Leff
939ee5ecfc processes resource: support busybox ps (#2222)
This change enhances the processes resource to support the busybox
ps command which is common on Alpine, for example. The way we
map ps fields to the structs needed by FilterTable have also been
refactored to be more flexible so we can support multiple formats
in the future.

Also, the processes resource now allows the grep argument to be optional
thus allowing a user to query all resources without passing in a
match-all regex.

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-06 19:32:39 +02:00
Adam Leff
9d8c53cf31 Support symbol keys in ObjectTraverser (#2221)
As detected in #2036, it is not possible to extract values from
a YAML file if the key is a symbol. This change refactors ObjectTraverser
to support symbol keys before attempting to stringify them.

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-06 19:24:31 +02:00
Jared Quick
7bb7767dae Add nil check for sshd config file (#2217)
* Add nil check for sshd config file

This fixes #1778. There was a issue where if the user did not have read
permissions on /etc/ssh/sshd_config it would error out on the empty?
check. The fix here is to also look for nil on the file content. Along
with this I refactored the inspec file empty? check as it does not exist
and was also erroring during my testing.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add emptyfile test object and refactor tests

Signed-off-by: Jared Quick <jquick@chef.io>
2017-10-06 15:41:48 +02:00
Adam Leff
21ba43d6a5 http resource: properly execute tests on remote target (#2209)
Currently, the http resource always executes locally, even when scanning
a remote machine with `--target` which leads to undesireable behavior.

This change adds the ability to remotely execute tests with curl. This
behavior is currently opt-in with the `enable_remote_worker` flag, but
will become the default behavior in InSpec 2.0. Deprecation warnings
are emitted if the user is scanning a remote target but has not opted
in to the new behavior.

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-04 22:44:09 +02:00
Jared Quick
01d97498d1 Add output for port/protocol for host resource. (#2202)
* Added output for port/protocol for host resource.

Signed-off-by: Jared Quick <jquick@chef.io>

* refactor with explicit return

This fixes #2085. Port and protocol are now shown in output of the host
resource if defined.

Signed-off-by: Jared Quick <jquick@chef.io>

* refactor with string building return

Signed-off-by: Jared Quick <jquick@chef.io>
2017-10-04 22:42:56 +02:00
dromazmj
7fc7942ab1 firewalld resource: inspect the status and configuration of firewalld (#2074)
* New Resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resourec - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource firewalld

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Modifications to new resource - firewalld

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Changing firewalld_command method to prepend the command with 'firewall-cmd' to reduce code reuse.

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Modifications made
	* installed? method now tells by checking if firewall-cmd is a command on the system
	* The firewalld_command method now strips the stdout of the return
	* added another test for testing multiple active zones

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Fixing rake lint issue

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Fixing match and returning boolean for seeing if firewalld is running

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Fixing lint issues

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Empty commit to rerun.  Accidentally updated branch.

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Rerunning test, accidentally updated branch. needs sign off commit

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
2017-09-27 14:05:35 +02:00
dromazmj
b23a58b573 etc_hosts_allow and etc_hosts_deny resources: test the content of the tcpwrappers configuration files (#2073)
* New Resource-combined etc_hosts_allow etc_hosts_deny

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
2017-09-25 13:49:04 -04:00
Matt Ray
e23249d635 windows_hotfix resource: test whether a Windows HotFix is installed (#2178)
* Add hotfix resource for Windows

Signed-off-by: Matt Ray <matthewhray@gmail.com>

* Renamed hotfix to windows_hotfix

Added additional unit test checking for KB that is not present on a box

Signed-off-by: Matt Ray <matthewhray@gmail.com>

* Integration test to spot-check for hotfixes

Queries the Windows operating system via Powershell for a list of all
installed hotfixes and spot-checks every 10th one with the
windows_hotfix resource. Checking hundreds is time-consuming. Also
checks to ensure a non-installed hotfix is not present.

Signed-off-by: Matt Ray <matthewhray@gmail.com>
2017-09-25 19:09:22 +02:00
Jerry Aldrich III
125e0915b2 Modify DirProvider to allow special characters (#2174)
This modifies `Inspec::DirProvider` to allow special characters in the
file glob by escaping those characters via `Shellwords.shellescape`.

This fixes #2111 (`inspec check` on path with special characters)

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-09-23 09:16:25 +02:00
Dominik Richter
e2004a436f forgiving default attributes (#2177)
* forgiving default attributes

When default attributes arent specified provide one that is much more forgiving.
See this https://github.com/chef/inspec/issues/2176

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-09-22 08:57:51 -04:00
Jerry Aldrich III
cbcca9f39e Modify Upstart enabled check to use config file (#2163)
This modifies the enabled check for the `service` resource to use the
service's config file instead of `initctl show-config`.

`initctl show-config` does not accurately show the state of a service if
that service's config file is modified while the service is running.

This fixes #1834.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-09-21 12:21:34 -04:00
Adam Leff
e400b8dd4c Support false for attribute value (#2168)
The logic in `Inspec::Attribute` prohibited the use of `false` (FalseClass) as
a valid attribute. If the attribute value supplied was `false`, then it would fall
back to the default value.

This change properly allows the use of `false` as a value, adds the initial tests
for Inspec::Attribute, and also uses better attr_writer semantics for writing/storing
the value.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-21 12:17:44 -04:00
Adam Leff
adf25ae783 Support array syntax for registry_key resource (#2160)
Users cannot query for registry keys that have periods in them because of
how rspec-its works. This change enables Array-style syntax for the
registry_key resource so users can use that as a workaround.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-19 18:26:53 +02:00
malovdm1
3e16a099c5 quote username and hostname in mssql_session (#2151)
Signed-off-by: Malovany, Dmytro (Ext) <dmytro.malovany@novartis.com>
2017-09-18 21:49:20 +02:00
Jennifer Burns
ec18dce62b auditd resource: test active auditd configuration against the audit daemon (#2133)
* Added auditd resource and documentation.

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Added unit tests for auditd resource and updated auditd_rules_test to match new entries in auditctl

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Removed all legacy code for audit < 2.3. Removed parens to create consistency.

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Updated method names and removed unnecessary content based on review

Signed-off-by: Jennifer Burns <jburns@mitre.org>
2017-09-18 21:47:18 +02:00
Jerry Aldrich III
9773e1cd94 Add wildcard/multiple server support to nginx_conf resource (#2141)
* Add wildcard/multiple server support to nginx_conf

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* separate the merge function for maps in nginx_conf

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-09-15 16:37:57 -04:00
Alex Pop
35becd7e0f Support profile versions for automate profiles storage (#2128)
* Support profile versions for automate profiles storage

Signed-off-by: Alex Pop <apop@chef.io>

* Add unit tests for inspec-compliance bundle

Signed-off-by: Alex Pop <apop@chef.io>

* Refactor target_url method, fix tests, fix rubocop errors

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-13 16:53:36 -04:00
Adam Leff
d4790f7f5a Ignore linked container names when parsing docker containers (#2134)
* Ignore linked container names when parsing docker containers

If a container is linked to another container, the normal `docker ps` output
does not include this information. However, when pulling the `.Names` field
with `docker ps --format`, the linked container is listed in the name. This
is confusing for users trying to use InSpec to audit a container.

This change strips any linked container names from the actual container name.

Signed-off-by: Adam Leff <adam@leff.co>

* Linked container names aren't guaranteed to be last depending on how they were linked

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-13 08:16:53 -04:00
Rony Xavier
7d2da0c199 nginx resource: audit the nginx binary and how it was compiled (#1958)
* nginx base resource

Signed-off-by: Aaron Lippold <lippold@gmail.com>
Signed-off-by: Rony Xavier <rx294@gmail.com>
2017-09-13 08:15:09 -04:00
dromazmj
70548ab754 etc_fstab resource: test contents of the /etc/fstab file (#2064)
* Adding support for fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to docs of new resource etc_fstab

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Modifications to new resource etc_fstab

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
2017-09-11 15:55:03 +02:00
Jerry Aldrich III
a9d0d65c54 Add attributes file readability error handling (#2127)
* Add attributes file readability error handling

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-09-08 08:43:33 -04:00
Dominik Richter
19ab22f5e2 add nginx_conf accessors for http, servers, and locations (#2119)
* wip: extend nginx_conf for http+servers+locations

... well `http` entries really, but we couldnt just call it `https`.

the goal is to `nginx_conf.http` / `nginx_conf.servers` / `nginx_conf.locations` and then also have these calls cascaded down to simplify the access to these fields. the current pattern is rather tedious since we need to check for nil everywhere.

* add test for new nginx accessors

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* add docs for nginx-conf

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* fix all incorrect NGINX spellings in docs

* prevent edge-cases where nginx params are nil

for location, http, and servers

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* more descriptive to_s for nginx servers

as suggested by @adamleff, thank you!

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* add more descriptive to_s for nginx location

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-09-06 08:19:04 -04:00
ChadScott
09b145122d Modify linux regular expression to handle process names with spaces (#2117)
* Modify linux regular expression to handle process names with spaces

Signed-off-by: Chad Scott <cscott@chadikins.com>

* Add mocks, tests, etc.

Signed-off-by: Chad Scott <cscott@chadikins.com>
2017-09-05 14:36:55 +02:00
dromazmj
cb5b475bb1 etc_hosts resource: test the contents of the /etc/hosts file (#2065)
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
2017-08-31 09:51:39 -04:00
Jonathan Morley
3e7d47505c Add support for XML files (#2107)
* Add support for XML files

Signed-off-by: Morley, Jonathan <jmorley@cvent.com>

* Use REXML instead of nokogiri

Signed-off-by: Morley, Jonathan <jmorley@cvent.com>
2017-08-31 09:56:14 +02:00
Adam Leff
e2fa0b5e73 port resource: support ss instead of netstat (#2110)
* port resource: support ss instead of netstat

`netstat` is officially deprecated and is replaced with `ss`. This PR
changes the port resource to use `ss` if it's available on the target
system.

Signed-off-by: Adam Leff <adam@leff.co>

* Disable Metrics/ClassLength cop on the LinuxPorts class

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-31 09:53:08 +02:00
Anthony Shaw
d5f33f0b99 pip resource: support non-default pip locations, such as virtualenvs (#2097)
* Update pip resource for #516 allow user to set path to pip executable

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* support virtualenv path, pip file exec and better logic

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* add tests for the change to the pip path and resource

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* tests are case sensitive, although command line is not

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* use a path verification method instead of a class method

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* use guard clauses instead of conditionals

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* change the control flow to return nil when commands are not available

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* fix the return values when custom pip path is not valid

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* Refactor pip path detection to fix unit tests

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-30 22:04:22 +02:00
Adam Leff
c383175417 Support mixed-case group entries (#2101)
* Support mixed-case group entries

The `group` resource downcased the input parameter unless the target
was a Windows node. However, it's completely legitimate for a Unix-y
node to have mixed case group and passwd entries.

This change does have the potential to break people that did not carefully
match their case when searching for a group, but we're currently blocking
people from using the group resource properly if they have mixed-case
entries.

Signed-off-by: Adam Leff <adam@leff.co>

* Fix unit tests

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-30 22:02:45 +02:00
Jennifer Burns
3b2bf52b1d auditd_rules resource: fix get_keys error on lines that have no keys (#2103)
* Added line to fix bug when no key in file rule and updated test to validate bug fix

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Updated to consider corner case

Signed-off-by: Jennifer Burns <jburns@mitre.org>
2017-08-29 07:11:14 +02:00
Jennifer Burns
2cef15aec3 aide_conf resource: test configuration of the AIDE file integrity tool (#2063)
* Added aide_conf resource and subsequent files

* Updated to match on all selection lines

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Changed to use CommentParser and fixed typo

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Fix typo in test file

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Updated to address PR feedback

Signed-off-by: Jennifer Burns <jburns@mitre.org>
2017-08-25 22:13:43 +02:00
Adam Leff
367d42fb3a Properly handle held packages on dpkg-flavored OS (#2087)
* check the proper field for dpkg installation state fixes #2006

Signed-off-by: Mathieu Sauve-Frankel <msf@kisoku.net>

* Properly handle held packages on dpkg-flavored OS

InSpec was looking at the wrong field in `dpkg -s` output to determine
whether a package was installed or not. An installed, held package was
incorrectly reported as uninstalled.

This adds the proper unit tests and also adds a `be_held` matcher.

Thanks to @kisoku for the initial work in #2007.

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-18 17:29:23 +02:00
Stephan Renatus
bd165471e8 [docker_container] fix repo property (#2083)
With last weeks tag fix, `ourorg/container` ended up having its `repo` reported as `container`.
With this it'll be `ourorg/container` again.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
2017-08-17 16:48:46 +02:00
Chris Redekop
c77d442007 Add has_mfa_enabled? to aws_iam_root_account (#80)
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
2017-08-16 11:53:44 +02:00
Matt Kulka
0fc870de30 Fix docker_container.tag to properly fetch from image name (#2052)
Fixes #2051

Images with repos containing port numbers will have multiple colons.

Signed-off-by: Matt Kulka <mkulka@parchment.com>
2017-08-10 14:57:45 +02:00
Chris Redekop
033bc13aa0 A real-world working AwsIamUsers (#71)
* Add aws_iam_users

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Adding Filter table and Collect User Details to aws_iam_users.rb

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Adding Filter table and Collect User Details to aws_iam_users.rb

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Adding Filter table and Collect User Details to aws_iam_users.rb

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Get an aws_iam_users integration test to pass

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Fix RuboCop issues and tests

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Improving code based on PR feedback

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
2017-08-08 15:50:35 +02:00
Rony Xavier
041f64a87f New 'be_in' matcher for matching against values in a list (#2022)
* New matcher 'be_in'
Fixes #2018

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* small fixes to wording.

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Added code to use be_in for with the following use case:
describe nginx do
   its(module_list) { should be_in AUTHORIZED_MODULE_LIST }
end
Fixes #2018

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updates to the matcher
Fixes #2018

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added tests for the be_in matcher

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Requested updates completed

Signed-off-by: Rony Xavier <rx294@nyu.edu>
2017-08-07 16:05:22 +02:00
Dominik Richter
805a0eeb89 catch newline issues in xinet.d (#2043)
The fix is already provided here: https://github.com/chef/inspec/pull/2040

This PR only adds a unit test to catch it

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-08-02 16:43:55 +02:00
Dominik Richter
a4bd38915c bugfix: empty file strings from archive readers (#2027)
* bugfix: empty file strings from archive readers

Empty files in archives are sometimes possible (we just ran into this with TGZ), but is never a valid file to extract. So remove it and discount it altogether. Changed structure to support testing of these global calls.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* lint and rebuild

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-07-24 09:37:13 -07:00
Adam Leff
9580732814 Source reader should not hand back files with nil contents (#2003)
If a profile has a data files directory that looks like this:

```
files/platforms/one/data.json
files/platforms/two/data.json
files/platforms/three/data.json
```

... the source reader will return the directories in the list of files but with
nil contents. This causes an issue when Inspec::Profile tries to create a sha256
checksum of the profile contents only to try to cast nil to a string when
building the null-delimited profile contents string.

Files that are empty will have an empty string as its contents, so it's safe to
assume that file entries with nil contents are actually a directory and have no
affect on the profile's checksum. Therefore, this change will eliminate any file
entries in responses from the source readers where the contents are nil.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-11 21:33:55 +02:00
Adam Leff
1ea06ac3ea Change host resource to use getent ahosts on Linux (#2002)
* Change host resource to use getent ahosts on Linux

In InSpec 1.31, we changed the `host` resource to use `dig` instead of `getent
hosts` for name resolution because `getent hosts` does not return all entries
(only the first v6 entry if it exists, then the first v4 entry) and we wanted to
keep the Darwin and Linux implementation as close as possible. Unfortunately,
this affected users' ability to do resolution checks for entried stored in their
/etc/hosts file.

This change goes back to using `getent` for Linux and changes to `getent ahosts`
which returns both v4 and v6 records. Additionally, the Darwin provider's dig
implementation was reordered to return v4 addresses before v6 addresses to be
consistent with how `getent ahosts` returns records.

Signed-off-by: Adam Leff <adam@leff.co>

* Update unit tests for resolve_with_getent with proper output

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-11 21:32:52 +02:00
Adam Leff
1fdea330d3 host resource: fix netcat detection (#1995)
The logic used to determine whether a viable netcat binary exists is wrong and
prevents Linux hosts from doing TCP reachability checks.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 16:23:57 -04:00
Adam Leff
7bba235014 Add support for ncat in host resource for CoreOS (#1993)
CoreOS is considered a member of the Linux family, and the `host` resource tries
to use `nc` on Linux hosts to test TCP reachability. Unfortunately, `nc` is not
available on CoreOS, but `ncat` is.

This change attempts to use `nc` first, then `ncat` if it's available.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 13:19:16 -04:00
Steffanie Freeman
660ab99d98 Run linter on unit tests (#51)
* Run linter on unit tests

Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>

* Bring remaining unit tests up to spec with rubocop

Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
2017-07-05 22:31:27 +02:00
Adam Leff
c280e9a816 Fix host resolution on Darwin, use dig wherever possible (#1986)
* Fix host resolution on Darwin, use dig wherever possible

The `host` and `dig` commands do not return non-zero if a query returns NXDOMAIN
or NOERROR, but the DarwinHostProvider was expecting it when deciding whether to
fall back to IPv4 if a IPv6 query failed. Therefore, the `host` resource would
not function properly when resolving hostnames on Darwin. The logic has been
changed to use `dig` short output and query for both v6 and v4 addresses.

Additionally, the LinuxHostProvider has been modified to prefer `dig` if it's
available to keep behavior similar between Darwin and Linux whenever possible.
This has the added benefit of providing v6 and v4 resolution if possible where
`getent hosts` only returns v6 if v6 records exist.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-05 10:45:30 -04:00
Aaron Lippold
cc7ed38d09 kernel_module resource: added blacklisting, enabled, disabled, docs and unit tests (#1798)
* Fix up methods, add command mock, do string matching in ruby instead of command

Fixes #1643
Fixes #1673

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-05 11:41:44 +02:00
Aaron Lippold
224935e9cf New postgres_hba_conf resource (#1964)
* Created pg_hba_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Created pg_hba_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Corrections

* updated to parse auth-options

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* updated `conf_path` instance var to `conf_file` for consistancy.

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* pg_hba_conf - updated the parse_line method
added test and doc files

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated few bugs on pg_hba_conf
updated test files and docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Made updates based on the reccomendations

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* PR commit

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* PR Commit

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Update Gemfile.lock

* PR Commit

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated doc file for postgres_hba_conf resource to use
'cmp' matcher instead of 'eq'

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Made requested changes, except for SimpleConfig - will address that later.

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-03 20:13:51 +02:00
Aaron Lippold
57864f1488 New postgres_ident_conf resource (#1963)
* Initial commit of pg_ident_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Initial commit of pg_ident_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Small updates to organization of code

Signed-off-by: Aaron Lippold <lippold@gmail.com>
Signed-off-by: Rony Xaiver <rx294@nyu.edu>

* updated `conf_path` instance var to `conf_file` since we are returning
a file.

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Updated few bugs on pg_ident_conf
added test files and docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added mock folders

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added mock folders

Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Added mock folders

Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Added OS check

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added mock file

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added mock folders

Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>

* added windows mock file

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Changed resource name from pg_ident_conf to postgres_ident_conf

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Completed corrections reccomended on PR

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* removed copyright information

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-03 20:01:40 +02:00
Aaron Lippold
1b58763aff updated postgres_session resource properly escape queries (#1939)
* fixed a small courner case in the error detection - error: vs error
fixed resource to use 'shellwords' module to escape the query
requested chances in method architecture for testing
added unit tests

Fixes: #1814

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* updated resource and tests with requested review changes

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* removed unneeded call to `escaped_query` in the `create_sql_cmd`.

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* removed license info

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-03 08:10:27 +02:00
Christoph Hartmann
0839be50d6 oracle_session and mssql_session improvement (#1857)
* improve database parsing
* support sqlcli
* ensure headers are downcast
* externalize database helper
* use password as argument
* feedback from @adamleff
* inline docs update + linting
* stay backwards compatible
* implement tests
2017-06-29 11:01:32 -04:00
Steffanie Freeman
29b4fbebe4 Add to_s method to aws_iam_password_policy (#61)
* Add to_s method to aws_iam_password_policy

Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>

* Use single quoted string and remove unnecessary substring

Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
2017-06-29 03:03:20 -07:00
Steffanie Freeman
99baa9b2ab Add to_s method to aws_iam_user (#60)
Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
2017-06-28 05:46:59 -07:00
Adam Leff
a6582bea9b Remove any "All Rights Reserved" references (#1969)
* Remove any "All Rights Reserved" references

InSpec is licensed and released under the Apache 2.0 license. This
change removes all reference to legacy code files that still had
any Copyright or License lines referring to "All Rights Reserved".

Signed-off-by: Adam Leff <adam@leff.co>

* fix functional tests

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-06-28 04:14:19 -07:00
Jerry Aldrich III
cc6f1e90ca Add rpm_dbpath support to the package resource (#1960)
Signed-off-by: Jerry Aldrich III <jerry@chef.io>
2017-06-28 03:21:15 -07:00
Dominik Richter
56549aed82 add nginx_conf resource (#1889)
The resource itself only offers contents and params right now. It resolved
all include calls it can find and creates the aggregated config object.

This is limited in functionality. One last (set of) PR(s) is needed to
add an interface that makes querying this config file easier. It is due
to the file's inherent complexity that I want to explore which methods
are needed to be effective. In the meantime, this resource offers accessors
to the underlying data that are stable.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-26 06:37:41 -07:00
Aaron Lippold
3bb98fa1e8 Fixes the postgres_conf parsing of complex paramerters (#1938)
Fixes #1671

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-06-23 08:31:27 -07:00
Adam Leff
f7c8c646a9 Extract Compliance::API version parsing to separate method (#1931)
For cleanliness and ease of testing, I've moved the logic that
parses the server version from the compliance config to a
separate method.

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-23 08:29:50 -07:00
Adam Leff
1601b23e8d Don't send HTTP headers that have nil values (#1948)
Net::HTTP does not gracefully handle HTTP options/headers
that have nil values. This updates Fetchers::Url to verify
that all headers we attempt to configure have non-nil,
non-empty values.

This originally surfaced via the audit cookbook with the
chef-automate fetcher in use without the data_collector
token being set.

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-21 19:09:13 -05:00
Dominik Richter
3f68835c74 reject nil as a command input (#1863)
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-19 11:07:36 -04:00
Nolan Davidson
52cc27dd06 Adding toml resource (#1924)
* Adding toml resource

This adds a `toml` resource that inherits from the json resource and
behaves the same way as the JSON and YAML resources.

Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-06-15 16:54:12 -04:00
Kristian Vlaardingerbroek
ced4ca1858 Add support for CoreOS to the service resource (#1928)
* s/package/service/ on service unit test descriptions

Signed-off-by: Kristian Vlaardingerbroek <kvlaardingerbroek@schubergphilis.com>

* Add support for CoreOS to the service resource

Signed-off-by: Kristian Vlaardingerbroek <kvlaardingerbroek@schubergphilis.com>
2017-06-15 13:19:58 -04:00
pete higgins
89e30f8d31 Reduce warnings (#1917)
* Remove some apparently unused test setup to remove some warnings.
* Initialize some instance variables before use to silence warnings.
* Remove an unused variable to remove a warning.
* Remove some indirection.
* Silence logger during tests.
* Check if an instance variable was defined before referencing to remove a warning.
* Define duplicated constant once in root rakefile.
* Initialize an instance variable to remove a warning.
* Remove PROJECT_DIR to reduce coupling.

Signed-off-by: Pete Higgins <pete@peterhiggins.org>
2017-06-15 12:10:47 -04:00
Adam Leff
148d26dc86 Fix directory name for the inspec-habitat unit tests (#1923)
Silly Adam and his silly typos.

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-13 10:05:47 +02:00
Adam Leff
6668bf15ea Fix detection of Automate pre-0.8.x in Compliance::API (#1922)
The is_automate_server_pre_080? and is_automate_server_080_and_later?
methods needed some fixing. The Compliance configuration could have
a "version" key that was not nil but was an empty hash, indicating
that it came from a pre-0.8.x Automate server. What we really need
to look for is config['version']['version'] being nil?.

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-13 10:05:09 +02:00
Miles Tjandrawidjaja
a1dc5e981e [ISSUE-39] - Cover Recommendation 1.12 (#49)
* Adding resource aws_iam_root_user

Signed-off-by: Miles Tjandrawidjaja <miles@tjandrawidjaja.com>

* Adding to_s method to class aws_iam_root_user

Signed-off-by: Miles Tjandrawidjaja <miles@tjandrawidjaja.com>

* Cleaner to_s result for aws_iam_root_user

Signed-off-by: Miles Tjandrawidjaja <miles@tjandrawidjaja.com>
2017-06-13 07:44:11 +02:00
Miles Tjandrawidjaja
5c319ff056 [ISSUE-36] - Cover Recommendation 1.10 (#47)
* Add query for password_reuse_prevention to iam_password_policy

Signed-off-by: Miles Tjandrawidjaja <miles@tjandrawidjaja.com>

* Use mock over stub, and more concise language for tests in aws_iam_password_policy

Signed-off-by: Miles Tjandrawidjaja <miles@tjandrawidjaja.com>

* Rename method prevent_password_reuse to prevents_password_reuse

Signed-off-by: Miles Tjandrawidjaja <miles@tjandrawidjaja.com>
2017-06-13 07:41:43 +02:00
Chris Redekop
15459ca295 Add access_keys method to aws_iam_user (#44)
* Add access_keys method to aws_iam_user

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Fix unit test that accessed AWS

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Incorporate PR feedback

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Fix unit tests

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Update tests based on PR feedback

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Rebase to master

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
2017-06-13 07:36:43 +02:00
username-is-already-taken2
a4e5daa710 Updated unit tests for minitest6 and improved coverage (#1910)
Signed-off-by: username-is-already-taken2 <gary.bright@niu-solutions.com>
2017-06-11 12:22:28 +02:00
Adam Leff
4270eb8e80 Update minitest nil assertions (#1916)
`must_equal nil` will fail in MiniTest 6. Changing those to `must_be_nil`
quiets down all the warnings we currently see and preps us for Minitest 6.

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-11 12:16:10 +02:00
Adam Leff
12a495c631 Add TCP reachability support on Linux for host resource (#1915)
* Add TCP reachability support on Linux for host resource

This enhances the `host` resource on Linux targets by using netcat
(if installed) to perform TCP reachability checks.

Signed-off-by: Adam Leff <adam@leff.co>

* documentation updates

Signed-off-by: Adam Leff <adam@leff.co>

* Appease rubocop

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-09 18:18:51 +02:00
Juan Carlos Castillo Cano
1c98ff13f6 Support special cases for crontab resource
Signed-off-by: Juan Carlos Castillo Cano <jccastillocano@gmail.com>
2017-06-06 15:12:12 +02:00
Adam Leff
dda24b9f98 Fix compliance uploads when version is not present
The Compliance::API.version method could potentially return
a hash containing no "version" key but would return an empty
hash upon any expected failure. Downstream callers of the
Compliance::API.version method were looking for a "version"
key to always be present when, in some cases, it would not be.

This change ensures that if a version is not available, there
is no "version" key in the hash, and downstream callers of this
method have been changed to check for nil instead of empty.

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-06 14:49:25 +02:00
Dominik Richter
871c6266c9 Merge pull request #1878 from username-is-already-taken2/gb/update_processes
Add windows support to the `processes` resource
2017-06-06 14:42:14 +02:00
username-is-already-taken2
9d9baeb09f Added windows support to the processes resource
Signed-off-by: username-is-already-taken2 <digitalgaz@hotmail.com>
2017-06-05 23:41:02 +01:00
stubblyhead
ba0a1ea7a7 add bitbucket repo url handling (#1866)
* add bitbucket repo url handling

Signed-off-by: Mike Stevenson <Mike.Stevenson@us.logicalis.com>

* backout changes to .gitignore

* adding unit tests for bitbucket url transformers

Signed-off-by: Mike Stevenson <Mike.Stevenson@us.logicalis.com>

* fixing some indents

Signed-off-by: Mike Stevenson <Mike.Stevenson@us.logicalis.com>

* fix some indents

Signed-off-by: Mike Stevenson <Mike.Stevenson@us.logicalis.com>
2017-06-05 16:02:56 +02:00
Dominik Richter
562f6ad732 add the Nginx parser
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-03 17:25:00 +02:00
Christoph Hartmann
687f1a5827 update unit tests
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-31 00:21:05 -05:00
Dominik Richter
ba149a9e1a bugfix: do not send nil to command on unsupported OS
Unsupported operating systems AND the mockloader when using inspec analysis tools may lead to powershell being called with the command being `nil`, because the resource skips during the initialize phase. Instead, propagate an empty string so that `command` has a valid input and then skip the resource.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-30 12:36:32 -04:00
Seth Chisamore
798aebf672 Bump default timeouts for http resource
This changes the default read and open timeouts to be 60 seconds which
matches the defaults for `Net::HTTP` backend which Faraday uses by
default:
https://ruby-doc.org/stdlib-2.4.1/libdoc/net/http/rdoc/Net/HTTP.html#read_timeout-attribute-method
https://ruby-doc.org/stdlib-2.4.1/libdoc/net/http/rdoc/Net/HTTP.html#open_timeout-attribute-method

The current timeout values are too small which causes tests to be
flakey.

Signed-off-by: Seth Chisamore <schisamo@chef.io>
2017-05-29 15:07:49 -04:00
Christoph Hartmann
45afca2e98 Merge pull request #1844 from cattywampus/cattywampus/gem-not-installed
Fix assert that a gem is not installed
2017-05-29 15:06:36 -04:00
Adam Leff
88581ae3dd
Raise exception if profile target URL cannot be parsed
When attempting to parse the profile out of the target URL, we
were not raising an exception if we failed to do so. Such a situation
could arise if a user's inspec config.json is incorrect either due to
manual editing or failure to re-login after an upgrade past Automate
0.8.0.

This change provides a clear exception if this occurs and also adds
tests for the compliance_profile_name method.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-26 14:30:37 -05:00
Keith Walters
215ef38ee9 Fix installed? check for gem resource
The gem resource used to determine if a gem is installed based on the exit
status of the `gem` command, however that command will return zero
if the package was found or not. This patch checks to ensure that the
`gem list` command actually includes the gem name or is empty to
determine if the gem is in fact installed.

If the gem command returns something other than a `0` exit code, then
it'll skip the resource.

Signed-off-by: Keith Walters <keith.walters@cattywamp.us>
2017-05-22 15:34:01 -05:00
Christoph Hartmann
b0ab35d941
throw an error during inspec check if the version is not correct
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-18 09:13:37 -04:00
Dominik Richter
b23c197202 bugfix: read source code if profile is in tgz/zip
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-16 13:19:25 +02:00
Dominik Richter
d44b751603 add sha256 checksum to json
Fixes https://github.com/chef/inspec/issues/1658

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-11 09:52:28 +02:00
sfreeman
beedecf247 Add list_users
Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
2017-05-10 15:41:03 -04:00
Nolan Davidson
8f0756812c Add support for Windows auth in mssql_resourcet
This adds supports for connecting to MS SQL instances using Window
authentication rather than SQL authentication.  By leaving either the
user or password parameters blank causes the sqlcmd to leave off the -U
and -P params.  This will cause sqlcmd to authenticate as the current
Windows user.

Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-05-09 17:17:07 +02:00
Adam Leff
a21bdc4a04 Handle parse errors for attrs/secrets
Inspired by #1640, this change cleans up the logic used when
reading in secrets files, provides clearer warnings when the
secrets files can't be parsed, and adds tests for those methods.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-09 13:44:33 +02:00
Dominik Richter
00682eb2d2 Merge pull request #1751 from nsdavidson/add-oracle-session
Add an oracle_session resource
2017-05-09 13:21:53 +02:00
Nolan Davidson
ba6745444e Renaming oracle_session to oracledb_session
Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-05-05 13:11:07 -04:00
Nolan Davidson
fbe7b8ddf8 Refactor to options hash and add unit tests
Switched the oracle_session resource to take an option hash and allow
for configuring hostname, DB_SID, and sqlplus binary path.

Added unit tests.

Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-05-05 09:29:38 -04:00
Dominik Richter
5d1765c9bb add inspec.profile.file(...) for profile files
Fixes https://github.com/chef/inspec/issues/1396

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-03 20:39:27 +02:00
Chris Redekop
0ab4ae7d6e Update resource based on PR feedback
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
2017-05-02 14:54:57 +00:00
Chris Redekop
37bcce6618 Add defensive programming
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
2017-05-02 14:54:57 +00:00
Christoph Hartmann
11905af32a Merge pull request #32 from chef/issue31
add password expiry and password expiry time to iam_password_policy
2017-05-02 11:23:44 +02:00
Chris Redekop
891f075d13 Update resource based on PR feedback
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
2017-04-28 10:52:42 +00:00
Viktor Yakovlyev
19f752f778 add 1.11, password expiry and password expiry time in days, fix examples
Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>

check for unset password expiry

Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>

pr changes

Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>
2017-04-28 10:52:42 +00:00
sfreeman
c43c863109 Added user provider
Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
2017-04-27 16:17:43 -04:00
Dominik Richter
1dafe50bd9 rename SimpleConfig / parse_config / parse_config_file options
See https://github.com/chef/inspec/issues/1709
Fixes https://github.com/chef/inspec/issues/1709

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-26 23:18:40 +02:00
Dominik Richter
8e5fbb9e02 provide inspec.version information
as a friendly shortcut and a native call within profiles

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-26 13:07:32 +02:00
Dominik Richter
8b7ef09f85 provide the inspec keyword
Instead of my favorite shortcut of `os.inspec` just finally add it as a global keyword.

Preparation for https://github.com/chef/inspec/issues/1396

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-26 12:30:31 +02:00
Dominik Richter
50e1c76fce print and prettyprint the inspec backend class
This is always bothersome when debugging code and drilling down objects, since it will just a return a two-layer anonymous class with no help at all.
Instead print a nice name and even give a bit of information on pretty-printing (which pry does naturally)

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-26 12:04:01 +02:00
Dominik Richter
c5101e5ef0 pretty-print multiline control descriptions
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-25 17:12:30 +02:00
Dominik Richter
37a2e45cd1 bugfix: unindent description misbehaviors
Unindent has been misbehaving for control `desc`riptions by completely removing newlines. This is now fixed and the unindentation mechanism improved to behave as expected.

Removing empty lines at the beginning and end of string remains unchanged.
Tabs are not treated as multi-space indentations; supporting them as 8-space chars would require additional effort (please comment if this is important to you)

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-25 13:21:38 +02:00
Dominik Richter
37a778173d inspec control.to_ruby to respect newlines
I.e. instead of printing them as:

```
desc "hello\nworld"
```

it would instead do:

```
desc "hello
world"
```

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-25 10:34:45 +02:00
Christoph Hartmann
218bda9c34 Docker resource (#1566)
* add docker, docker_container, and docker_image resources

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-04-24 10:47:03 -04:00
Tor Magnus Rakvåg
8ad02f4d04 added test for guest user
Signed-off-by: Tor Magnus Rakvåg <tm@intility.no>
2017-04-21 09:45:58 +02:00
Tor Magnus Rakvåg
96bb596bc4 fetch user groups while building user object
Signed-off-by: Tor Magnus Rakvåg <tm@intility.no>
2017-04-20 16:02:21 +02:00
Chris Redekop
3cdb639a0c Uncomment unit tests
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
2017-04-18 15:03:31 +02:00
Chris Redekop
fcb8d17feb Incorporate PR feedback
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
2017-04-18 15:03:31 +02:00
Chris Redekop
d428a96bab Add a new access-key resource
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
2017-04-18 15:03:31 +02:00
Ryan Gerstenkorn
5e0cab08a0 Add OSX support for host resource (#1608)
* Add OSX support for host resource

Signed-off-by: Ryan Gerstenkorn <ryan_gerstenkorn@fastmail.fm>
2017-04-13 11:32:04 -04:00
Christoph Hartmann
29e286fee6 Merge pull request #1639 from chef/dr/rabbitmq_config
add `rabbitmq_config` resource
2017-04-12 21:19:15 +02:00
Dominik Richter
02e435b6d0 add rabbitmq config resource
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-12 20:51:12 +02:00
Adam Leff
da56a08f74 Fix gem resource on Windows
RubyGems on windows comes with a batch file that wraps the `gem` command
so it executes correctly. This change uses that batch file for windows
for our `gem` resource, and also properly handles when we receive no output
from the command.

Signed-off-by: Adam Leff <adam@leff.co>
2017-04-12 17:34:16 +02:00
Viktor Yakovlyev
ff72e81915 Add iam password policy
Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>

wire up mock resource twice

Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>

cleaning up as per pr feedback

Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>

style fixes

Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>

fix indent in test

Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>

remove unneeded line

Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>

use minitest mock instead of object

Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>
2017-04-11 14:16:21 -04:00
Adam Leff
a8ffe449ff
Add helper methods, tests for registry key path building
Broke out some of the conditional logic in the `#initialize`
method into helper methods and added tests.

Signed-off-by: Adam Leff <adam@leff.co>
2017-04-07 10:09:51 -04:00
Doc Walker
692e660140 Fix #1617 Add dh_params resource (#1618)
* Fix #1617 Add dh_params resource

Signed-off-by: Doc Walker <4-20ma@wvfans.net>
2017-04-04 10:34:09 -04:00
Adam Leff
68a930f141 Merge pull request #1406 from carldjohnston/apache_conf-symlinks
Allow apache_conf to include symlinked configuration files
2017-04-03 10:38:22 -04:00
Ryan Larson
0e187f6117 Feature/fix ability to pass in supermarket url (#1595)
* Enable customization of supermarket_url

It looks like this was originally supposed to work, but at some point
the default value was put in the method body rather than in the method
parameters.

This change allows you to configure the supermarket_url in test kitchen
like so:

```
verifier:
  inspec_tests:
  - name: linux-hardening
    supermarket: som3guy/apache-disa-stig
    supermarket_url: https://my.supermarket.com
```

Signed-off-by: Ryan Larson <ryan.mango.larson@gmail.com>
2017-03-29 12:42:24 -04:00
Adam Leff
7df9674e42 Remove method_missing, provide methods for repo metadata
Instead of method_missing, methods for each output item from
`yum repolist` are provided.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-29 10:42:25 +02:00
Adam Leff
1cf80737ad Yum resource fix for non-existent repos and repo info
If a repo did not exist, running matchers against it (such as `exist`)
were failing due to a bug in `#to_s` when fetching the repo name. The
`info` method would return nil and we'd still try to treat it as a hash.

This change ensures that info is always a hash, possibly empty if the
repo doesn't exist, and uses the repo name provided by the user rather
than shortening it to be consistent with our other resources which don't
manipulate the user input in the formatter.

Also added a method_missing to allow users to interrogate repo options,
such as baseurl or gpgcheck.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-29 10:42:25 +02:00
Adam Leff
e1c664272e Break out profile vendor activities into separate class
Per PR feedback, `Inspec::ProfileVendor` is created to centralize
the logic and data of vendoring profile dependencies. The `BaseCLI`
class and the `Habitat::Profile` class have been modified to use it

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-29 10:22:20 +02:00
Adam Leff
8269d0da9e Support vendored profiles in Habitat-packaged profiles
This change adds support in Habitat-packaged profiles for
profiles that depend on other profiles. When `inspec habitat
profile create` or `inspec habitat profile upload` is run,
it will see if the profile's dependencies have been vendored
yet, and if not, it will vendor them before creating the
habitat artifact.

For the git and URL fetchers, more explicit creation of the
target directories for the vendored profiles is done. This
is implicitly done via normal CLI interactions a user may
go through, but in our case, we want to ensure those directories
are there before the fetchers try to write out content.

By adding this support, we also fix a bug experienced in Habitat
where a profile that was packaged before an `inspec exec` was run
for the profile would cause a failure in Habitat. This is caused
by `inspec exec` doing a vendor of the dependencies if necessary
and generating the inspec.lock file. In Habitat, the package dir
is not writable by the hab user and InSpec would fail to run due
to an inability to write out an inspec.lock.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-29 10:22:20 +02:00
Adam Leff
8e693a4ad9 Fix port resource for invalid IP address in netstat output
Netstat will sometimes output an IPv6 address that is not
formatted correctly; the address is either truncated or uses
or implies the `::` shorthand notation twice. This yields an
invalid IPv6 address and causes IPAddr.new to choke.

This change guards against invalid IP addresses and ensures they
do not end up in the port resource's entries list.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-29 08:33:50 +02:00
joe.nuspl
1ab80ea052 Extend gem to take an optional gem_binary
Allows one to test whether gems are installed into an omnibus environment.

Signed-off-by: Joe Nuspl <nuspl@nvwls.com>
2017-03-24 22:28:42 -07:00
Adam Leff
73e3bfda7a Merge pull request #1544 from chef/adamleff/hash-values-in-simpleconfig
Provide a method-based accessor for SimpleConfig hashes
2017-03-22 15:46:58 -04:00
Christoph Hartmann
7c11ff9280 add tag object (#1590)
* add tag object

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>

* add tests for to_hash function in tag

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-03-22 13:41:44 -04:00
Christoph Hartmann
d2f000e435 refactor x509 resources and rsa key
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-03-22 11:44:32 +01:00
Richard Nixon
f66f0b3a18 Initial support for x509_certificate and rsa_key
* Includes unit tests
* Includes 2 new resources
* Includes documentation

Signed-off-by: Richard Nixon <richard.nixon@btinternet.com>
2017-03-22 10:00:48 +01:00
Adam Leff
ea7c0c493e Provide a method-based accessor for SimpleConfig hashes
When SimpleConfig parses a config file that has sections, such as a mysqld
config file, the values within that section are returned via a Hash. However,
we do not provide an easy way to write tests for those deep hash values:

```
describe mysql_conf('/tmp/my.cnf') do
  its('mysqld.expire_logs_days') { should cmp 10 }
end

  MySQL Configuration
     ∅  undefined method `expire_logs_days' for #<Hash:0x007fe463795a00>
```

This change provides a method-based accessor for Hashes that are built via
SimpleConfig.

```
describe mysql_conf('/tmp/my.cnf') do
  its('mysqld.expire_logs_days') { should cmp 10 }
end

  MySQL Configuration
     ✔  mysqld.expire_logs_days should cmp == 10
```

Fixes #1541 by changing the way the attributes are fetched.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-15 14:49:16 -05:00
sfreeman
d9221bb925 Add ability to choose a user by username
Add has MFA enabled member
Add "has console password" member

Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
2017-03-15 15:49:13 -04:00
Adam Leff
4f2b66302d Fix ObjectTraverser when accessing array values
When attempting to access array values via the `json` resource:

```
describe json('/tmp/test.json') do
      its(['array',0]) { should eq "zero" }
end
```

... the resulting data would be an array of the size of the original array
with all the values replaced with nils:

```
     expected: "zero"
          got: [nil, nil, nil]
```

This was due to a bug in the ObjectTraverser mixin that mapped array values
back through `extract_value` rather than properly handling the passed-in
key(s). This worked fine for the specific data format created by the `csv`
resource but did not work `json` or any other resource that subclassed the
`JsonConfig` resource.

This change fixes the logic when dealing with an array when it's encountered,
and fixes up the `csv` resource with its own `value` method.

This change also adds tests for ObjectTraverser.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-15 11:35:55 +01:00
Adam Leff
dfce561276 Provide better error message when inspec.yml is invalid
Currently, if the inspec.yml for a profile is invalid (such as including
an improperly-defined multi-line string), InSpec will throw an exception
from the YAML parser that does not given a clear indication that the
issue was encountered while parsing the inspec.yml file.

This change introduces a better exception message to clue the user into
where the problem actually lies.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-09 18:03:01 +01:00
Adam Leff
037f08beb2 Fixing port check with v4 IPs in a v6 netstat line
On Linux, netstat may show a tcp6/udp6 protocol line but include a
v4 address. This happens with AF_INET6 sockets that can accept
both v4 and v6 traffic. The port check was not properly handling
this situation and trying to pass a v4 address to URI bracketed as
if it was a v6 address.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-06 22:03:41 -07:00
Adam Leff
f4b1a350ce Merge pull request #1501 from jbenden/jbenden/freebsd-zfs
Add FreeBSD support for ZFS datasets and pools
2017-03-01 13:06:44 -05:00
Adam Leff
91396d2029 Merge pull request #1488 from chef/adamleff/fix-multiple-flat-profiles
Generate default profile names, fix bug when using multiple flat profiles
2017-02-24 16:59:31 -05:00
Carl Johnston
3bdf1563e8 Added unit tests for apache_conf inclusion of symlinked files.
Same test added to both Ubuntu and Centos for consistency.

Signed-off-by: Carl Johnston <carldjohnston@gmail.com>
2017-02-24 16:13:22 +11:00
Adam Leff
0342cca62e Adding a Habitat profile artifact creator
Two new commands have been created:

 * inspec habitat profile create /path/to/profile
 * inspec habitat profile upload /path/to/profile

The `create` command creates a Habitat artifact that contains the contents
of the Habitat profile found at the provided path. This will be used later
in some Habitat + InSpec integrations.

The `upload` command does the same create process but then uploads the
resulting artifact to the Habitat Depot.

Signed-off-by: Adam Leff <adam@leff.co>
2017-02-23 18:25:22 -05:00
Joseph Benden
1fdecc6680 Add FreeBSD support for ZFS datasets and pools
The following new resources have been added; however, they
presently only support FreeBSD and similar.

* `zfs_dataset`: tests if a named ZFS dataset is present
  and/or has certain properties.
* `zfs_pool`: tests if a named ZFS pool is present and/or
  has certain properties.

Additionally, the `mount` resource has been reworked to
include support for FreeBSD; while the existing class
was renamed to LinuxMountParser.

Unit-tests were added for all of the above.

Signed-off-by: Joseph Benden <joe@benden.us>
2017-02-22 10:29:49 -07:00
Viktor Yakovlyev
bdd86542b0 add negative case test for exists?
Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>
2017-02-16 14:33:21 -05:00
Viktor Yakovlyev
f0773ccc75 fix tests
Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>
2017-02-16 14:27:35 -05:00
Alex Pop
88975bff2a Switch package resource to os.redhat detection and use two spaces as fileds delimited
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-15 11:07:10 +00:00
Alex Pop
fae96f6249 Add RedHat support for packages resource
Fix dpkg trimming of first line
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-15 11:07:10 +00:00
Chris Redekop
9d8afa5440 add tests for :instance and :exists
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
2017-02-14 18:38:15 +01:00
Chris Redekop
1842cc2fd9 add another id-method test
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
2017-02-14 18:38:11 +01:00
Chris Redekop
5d00aac059 Add unit test skeleton with Minitest dependency
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
2017-02-14 18:38:06 +01:00
Adam Leff
d0bc085412 Generate default profile names, fix bug when using two-or-more flat profiles
When running InSpec with multiple profiles, and two or more of the profiles
are read in using the "Flat" SourceReader (i.e. they are not actual profiles
with a metadata file like inspec.yml, but rather just a folder containing
.rb files with controls and tests in them), InSpec would throw a NilClass
error when building the necessary objects for the formatter.

The cause was in `#profile_contains_example` in the formatter code which
checks to see if the profile name is the same as the profile_id in the given
example. However, if both of those were nil, it would potentially match the
wrong Flat-read profile.

This change fixes this in two ways: refusing to match if the profile name
or example profile ID is nil, and adding a default name to a profile if
it doesn't have a title or name. This will solve the matching issue and also
clean up the formatter output so users can more easily tell what tests
are from which profile/path.

Signed-off-by: Adam Leff <adam@leff.co>
2017-02-13 13:07:41 -05:00
Adam Leff
417b791baa Adding new crontab resource
The crontab resource parses a particular user's crontab file into
individual entries and allows the user to assert information about
each entry as needed.

Signed-off-by: Adam Leff <adam@leff.co>
2017-02-10 09:33:31 -05:00
Alex Pop
ce927e657a Skip packages resource for unsupported OS
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-10 10:34:01 +00:00
jtimberman
d7fad68541 add "packages" resource
This pull request adds a packages resource so that we can check for pattern matches against all the packages on a system. This initially implements only dpkg support for debian-based platforms so we can cover this use case:

```ruby
describe packages(/^xserver-xorg.*/) do
  its("list") { should be_empty }
end
```

This uses FilterTable so we can supply additional queries, too.

```ruby
describe packages(/vi.+/).where { status != 'installed' } do
  its('statuses') { should be_empty }
end
```

Users can specify the name as a string or a regular expression. If it is a string, we will escape it and convert it to a regular expression to use in matching against the full returned list of packages. If it is a regular expression, we take that as is and use it to filter the results.

While some package management systems such as `dpkg` can take a shell glob argument to filter their results, we eschew this and require a regular expression to match multiple package names because we will need this to work across other platforms in the future. This means that the following:

```ruby
packages("vim")
```

Will return *all* the "vim" packages on the system. The `packages` resource will take `"vim"`, turn it into `/vim/`, and greedily match anything with "vim" in the name. To match only a single package named `vim`, it needs to be an anchored regular expression.

```ruby
packages(/^vim$/)
```

Signed-off-by: Joshua Timberman <joshua@chef.io>

Use entries instead of list

Added a few more tests and non installed package in output
Signed-off-by: Alex Pop <apop@chef.io>

fix lint

Signed-off-by: Alex Pop <apop@chef.io>

Signed-off-by: Joshua Timberman <joshua@chef.io>
2017-02-07 10:29:11 +00:00
Alex Pop
52842de552 Provide a way to force it vs its for any argument
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-03 19:26:02 +00:00
Alex Pop
920ff068e6 Allow setting of the tests array
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-03 15:03:09 +00:00
Alex Pop
83e44f9d2a add another variable handling example test
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-03 08:28:46 +00:00
Alex Pop
f7444ed372 update the tests to reflect the list->entries migration and where support
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-03 08:28:46 +00:00
Christoph Hartmann
58585e3455 switch to faraday as http backend
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-02-02 22:13:36 +01:00
Alex Pop
495185b581 derive xinetd protocol from socket_type when not defined in the config file
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-01 11:19:24 +00:00
Alex Pop
6f3a9d22d7 define protocol as done in CentOS
Signed-off-by: Alex Pop <apop@chef.io>
2017-01-31 14:47:21 +00:00
Alex Pop
a3de32ad04 Fix xinetd parsing of services from the same file. Expose resource.protocols
Signed-off-by: Alex Pop <apop@chef.io>
2017-01-31 12:40:29 +00:00
Alex Pop
80ad877e02 Wrap regex in parenthesis no matter of the matcher used, ex: match, cmp
Signed-off-by: Alex Pop <apop@chef.io>
2017-01-30 11:51:06 +00:00
Alex Pop
5a087bd256 Add matchers and expectations to all object tests
Signed-off-by: Alex Pop <apop@chef.io>
2017-01-30 11:21:57 +00:00
Alex Pop
11429a54d3 Add Inspec::Variable test to a control
Signed-off-by: Alex Pop <apop@chef.io>
2017-01-30 11:01:02 +00:00
Alex Pop
ce90f0aa30 Add Inspec::List and Inspec::Control tests
Signed-off-by: Alex Pop <apop@chef.io>
2017-01-30 11:01:02 +00:00
Alex Pop
660b997342 Add negate! support for the describe.one object
Signed-off-by: Alex Pop <apop@chef.io>
2017-01-30 11:01:02 +00:00
Christoph Hartmann
78b7a2c680 Merge pull request #1435 from postgred/kernel_module_version
Version method for kernel_module
2017-01-27 17:49:23 +01:00
Andrey Aleksandrov
3783357e50
Add version method to kernel_module
Signed-off-by: Andrey Aleksandrov <postgred@gmail.com>
2017-01-27 13:33:41 +03:00
Christoph Hartmann
976e5d85e4 improve http header handling
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-01-26 17:16:37 +01:00
Guilhem Lettron
51ca98c468 Add an http test method
Signed-off-by: Guilhem Lettron <g.lettron@criteo.com>
2017-01-26 12:02:54 +01:00
Christoph Hartmann
efab62ef00 optimize regular expression for postgres config parsing
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-01-05 13:16:47 +01:00
Jeremy J. Miller
72b0c0dd2e control and lib eval unit tests
Signed-off-by: Jeremy J. Miller <jm@chef.io>
2017-01-04 11:33:14 -05:00
Wei, He
370269c2dd Yum.repo should show correct name
https://github.com/chef/inspec/issues/1390

Signed-off-by: Wei, He <weihe924stephen@gmail.com>
2017-01-04 11:10:38 +09:00
Dominik Richter
74ed60ce5f Merge pull request #1387 from jvrplmlmn/package-brew-unit-test
Unit test the 'package' resource for OSX (with brew)
2017-01-03 12:24:46 +01:00
Javier Palomo Almena
07b41eb9df Fix wrong description for the Solaris cases in the unit tests of the 'package' resource
Obvious fix.

Signed-off-by: Javier Palomo Almena <javier.palomo.almena@gmail.com>
2017-01-02 18:06:59 +01:00
Javier Palomo Almena
8ab8fcdda5 Unit test the package resource for Darwin
Signed-off-by: Javier Palomo Almena <javier.palomo.almena@gmail.com>
2017-01-02 17:57:41 +01:00
Javier Palomo Almena
3f1986eb6f Mock 'brew info --json=v1 curl' to facilitate unit testing the package resource for the darwin platform
Signed-off-by: Javier Palomo Almena <javier.palomo.almena@gmail.com>
2017-01-02 17:57:20 +01:00
Makoto Nozaki
42cffeea61 Fix variable name. Add test.
Signed-off-by: Makoto Nozaki <makoto.nozaki@twosigma.com>
2016-12-15 08:00:56 -05:00
Christoph Hartmann
8346d2acfd Merge pull request #1333 from Wing924/fix_regexp_in_processes
fix bug: RegExp in processes resource can't match long-run process #1332
2016-11-30 10:13:38 +01:00
Wei, He
fd04daf77c add testcase for #1332
Signed-off-by: Wei, He <weihe924stephen@gmail.com>
2016-11-30 13:25:44 +09:00
Juan Carlos Castillo Cano
58ef61f1f4 Show process name during inspec output
Signed-off-by: Juan Carlos Castillo Cano <jccastillocano@gmail.com>
2016-11-29 11:00:43 +00:00
Christoph Hartmann
a990d20fcd Merge pull request #1306 from username-is-already-taken2/digitalgaz/windows_task
Adding windows_task resource
2016-11-25 11:46:42 -07:00
username-is-already-taken2
e6e47eec4c Added unit tests, only took most of the night :) 2016-11-20 20:07:59 +00:00
Christoph Hartmann
e3347f0ef0 ensure metadata release entry is a string, even if yml thinks it is a float
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2016-11-20 12:38:27 -07:00
Jeremy J. Miller
5494ec0c60 refactored file resource unit tests
Signed-off-by: Jeremy J. Miller <jm@chef.io>
2016-10-26 15:57:30 +02:00
Alex Pop
70416a35b4 use command instead of comm and set user column width on linux
Signed-off-by: Alex Pop <apop@chef.io>
2016-10-17 15:39:13 +01:00
Anirudh Gupta
8efec7ac6c fix processes resource for os's where username is long to avoid truncation 2016-10-17 11:46:16 +01:00
Alex Pop
5d51b7a0aa dot inspect actual value to match the expected string one 2016-10-13 07:13:51 -07:00
Alex Pop
6719cf544d add tests for cmp output 2016-10-10 05:40:22 -07:00
Artem Sidorenko
77738dd895 Some further tests for Mint 2016-10-08 23:34:56 +02:00
Artem Sidorenko
aa725fe2df Linux Mint support for service resource 2016-10-08 23:34:56 +02:00
Dominik Richter
441967510f bugfix: support nil entries in filter table 2016-10-05 13:04:00 +02:00
Steven Danna
7aa4c6da8e Fix require_controls DSL method
Previous, require_controls was including all controls from the named
profile, despite the documented behavior being that it only includes
controls explicitly pulled in by the user.  The cause was two-fold:

1) A previous refactor meant that we weren't removing the rule from the
correct context, and

2) We weren't descending down the dependency tree when filtering rules.

This commit fixes the require_controls DSL method and adds a test to
help prevent future regressions.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-26 15:20:56 +02:00
Steven Danna
f23a0d1098
Bump lockfile version to 1.0
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-26 09:51:04 +01:00
Christoph Hartmann
dab8ff5c13 replace wmi win32_useraccount with adsi users 2016-09-26 01:31:44 +02:00
Alex Pop
13da437dcc Show skip_message and correct title 2016-09-23 07:47:21 +01:00
Christoph Hartmann
f7ec24a337 implement filter table for group/groups resource 2016-09-23 00:53:24 +02:00
Steven Danna
8d63db9a2b
Change :shasum key to :sha256 for future upgrade
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-21 10:51:04 +01:00
Steven Danna
6814d6ad2b
Fail if a remote source content doesn't match lockfile
If a URL based source does not match the shasum recorded in the
lockfile, it likely means a new version has been pushed to the remote
source. In this case, we fail to help ensure that when using a lockfile
we always run the same code as when the lockfile was created.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-21 10:15:52 +01:00
David Pell
155995adfd In ApacheConf#include_files, check for abs paths
If the path is absolute, just use what was passed, otherwise build an
absolute path using `@conf_dir`.

Fixes #1013
2016-09-20 09:11:09 -04:00