Commit graph

617 commits

Author SHA1 Message Date
Dominik Richter
70dd639471 move base_cli to lib/inspec
It is not a disconnected library, but a core component of inspec. Fix its location.
2016-07-26 20:11:25 +02:00
Dominik Richter
c2f34932ad add port resource for windows 2008
using `netstat -an`
2016-07-21 14:58:43 +02:00
Dominik Richter
68cf88f701 add suid sgid and sticky support for file resource 2016-07-10 23:08:42 +02:00
Dominik Richter
c6644ebdfe check service running by ActiveState
See http://unix.stackexchange.com/questions/159174/differences-between-inactive-vs-disabled-and-active-vs-enabled-services
2016-07-06 12:57:04 +02:00
Dominik Richter
5da73db6a3 api: report source location with field identifiers
Mixing types in an array without specifying what these fields point to is not just confusing, but also causes issues with endpoints that may consume this data and dont process mixed types. We strive to have a stable api for 1.0 and this is a sin that was left after the major overhaul. Time to fix it.
2016-06-28 12:03:20 +02:00
Christoph Hartmann
9bdb01f1d5 improve wmi resource 2016-06-19 23:40:45 +02:00
Christoph Hartmann
f87f25fb07 add boolean support for cmp matcher 2016-06-18 20:33:08 +02:00
Dominik Richter
8660d5d81c feedback round with @chris-rock 2016-06-16 20:37:51 +02:00
Dominik Richter
211a2e25fb align inspec detect output 2016-06-16 13:00:09 +02:00
Dominik Richter
e3b20e88b7 provide target info in cli output 2016-06-16 12:26:46 +02:00
Dominik Richter
c34fd350cf multi-profile reporting in cli formatter 2016-06-16 00:08:50 +02:00
Dominik Richter
4fbdee84cf use utf-8 characters for default cli formatter
see https://github.com/chef/inspec/issues/532
2016-06-15 19:27:56 +02:00
Stephan Renatus
0a00d21113 integer?("0300") should not be true 2016-06-15 18:34:42 +02:00
Dominik Richter
f93084520f introduce cli report formatter 2016-06-15 17:11:29 +02:00
Christoph Hartmann
f1faf47112 introduce secrets backend 2016-06-14 02:49:47 +02:00
Dominik Richter
2db8d83d56 support intra-libraries file referencing + loading
solves https://github.com/chef/inspec/issues/779
2016-06-03 22:54:35 +02:00
Dominik Richter
302a718b48 list arbitrary ports and query it
utilizing filter table to make port more flexible and useful.
2016-05-31 03:14:07 +02:00
Dominik Richter
02dae2c3c5 add simple style for filter table data
for quick flattening, filtering, and non-nil results. this also simplifies some interal calls and structure
2016-05-31 03:01:03 +02:00
Christoph Hartmann
e9ca7107b0 add tests for os resource 2016-05-31 00:01:26 +02:00
Dominik Richter
d6345ffd17 add resource to filter table blocks
i.e. get access to the original resource for more information and calls.
2016-05-30 23:31:14 +02:00
Christoph Hartmann
ba95e461d3 run integration tests in docker 2016-05-16 18:25:17 +02:00
Anirudh Gupta
4a9d9a4757 fixed 'it' statements under file_test 2016-05-16 19:24:14 +05:30
Dominik Richter
67f7a5936c catch corner-case with symbols on test-objects 2016-05-13 20:39:17 +02:00
Dominik Richter
603e3e21b3 fix construction of ruby objects on string and array handlers 2016-05-13 19:07:43 +02:00
Dominik Richter
dde4433933 use struct for processes list
we know all the fields + struct is fully compatible to the curren hash implementation
2016-05-13 11:22:56 +02:00
Christoph Hartmann
1f470971d2 Revert "Add all_match to matchers"
This reverts commit 29cf4522e4.
2016-05-11 23:47:24 +02:00
Christoph Hartmann
48d8694789 Revert "fix contain_match, add none_match"
This reverts commit 54b397f3a5.
2016-05-11 23:47:24 +02:00
Christoph Hartmann
5939e5b2f9 Merge pull request #739 from chef/ap/port-not-nil
Return empty array instead of nil for port methods
2016-05-11 23:32:43 +02:00
Alex Pop
2a9d9b5481 return empty array instead of nil to be .each friendly 2016-05-11 22:21:22 +01:00
Christoph Hartmann
03b1ecfac5 Merge pull request #735 from tpcwang/escape-windows-osenv
Escape os_env command on Windows to handle env variables containing parentheses.
2016-05-11 23:09:34 +02:00
Alex Pop
54b397f3a5 fix contain_match, add none_match
update matchers doc and add more integration tests
allow non-string data types and non-arrays
2016-05-11 12:47:36 +01:00
tpcwang
c8d2991589 Escape os_env command on Windows to handle env variables containing parentheses.
Update the mock file to match the new command
2016-05-11 01:09:06 -07:00
Christoph Hartmann
9fd9f8aa69 Merge pull request #733 from chef/vj/add-label-for-processes
Expose label for processes only on linux
2016-05-10 22:39:02 +02:00
Victoria Jeffrey
1811eb6666 Expose label for processes only on linux 2016-05-10 13:59:13 -04:00
Victoria Jeffrey
29cf4522e4 Add all_match to matchers 2016-05-10 10:00:55 -04:00
Alex Pop
9ded3b8835 Provide service params as a mash, empty unless systemd for now 2016-05-09 14:54:09 +02:00
Christoph Hartmann
d2a8ba0022 add human-readable output for detect, as well as a --format json 2016-05-09 13:24:49 +02:00
Dominik Richter
5d925b2851 api: make processes return integers for pid/vsz/rss 2016-05-06 16:49:21 +02:00
Christoph Hartmann
6e905c8162 update functional tests 2016-05-06 13:47:22 +02:00
Alex Pop
c518b9edc2 expose systemd service properties via .info 2016-05-06 13:36:42 +02:00
Christoph Hartmann
8258d111ef rename json to minijson and fulljson to json 2016-05-06 13:27:42 +02:00
Dominik Richter
b14495051a prevent duplicate profile-loading
this happens when the profile is run (exec) and also interpreted (via profile.params). It will load 2 profile context calls (both via Runner) which in turn gets 2 rounds of interpreter+runner executions. This is an issue with auto-generated IDs, due to their random component, which changes in this case
2016-05-06 13:14:40 +02:00
Dominik Richter
20d08a63b5 inspec --format [json|fulljson|rspecjson] overhaul
Full rewrite of all formatters. Create a minimal JSON, a full JSON, and a fallback RSpec formatter. The latter is only needed for corner cases and should not really be used. The former 2 are for (1) running `inspec json` followed by `inspec exec` (`--format json`) and (2) running just `inspec exec --format fulljson`.
2016-05-06 13:14:40 +02:00
Dominik Richter
a809097d12 simplify full_id generation 2016-05-06 13:14:40 +02:00
Dominik Richter
fc718267c4 extend filter table to handle soft variable lookup 2016-05-04 15:27:58 +02:00
Dominik Richter
fb91b788a6 use filtertable with passwd resource 2016-05-04 15:27:58 +02:00
Alex Pop
f78afe0d75 Use only strings in resource examples, docs and tests 2016-05-03 23:27:18 +01:00
Anirudh Gupta
738ef69bcf prefixed hpux to cmd file name 2016-05-03 21:38:39 +05:30
Anirudh Gupta
d839f218bf hpux support for basic port properties 2016-05-03 14:30:59 +05:30
Alex Pop
56d856531b support basename parameter and add tests 2016-04-29 13:40:32 -04:00
Dominik Richter
83b4dfbf4d use the source_path instead of path for file internal reporting 2016-04-28 20:11:21 -04:00
Dominik Richter
0c8e891ee1 add #entries to filter table + remodel configuration 2016-04-28 22:46:39 +02:00
Dominik Richter
048a1584b9 encapsulated filters 2016-04-28 22:46:39 +02:00
Dominik Richter
652f10ad9a use Inspec::Filter in xinetd resource 2016-04-28 22:46:39 +02:00
Dominik Richter
01caf05020 add cmd for executing calls against the inspec api 2016-04-27 06:31:01 -07:00
Christoph Hartmann
ab9f5f9c1a Merge pull request #682 from Anirudh-Gupta/hpux
Hpux
2016-04-27 06:29:05 -07:00
Anirudh Gupta
045d8c6572 added file permission by user check for hp-ux 2016-04-26 15:08:01 +05:30
Anirudh Gupta
1330e09df5 added file permission by user check for hp-ux 2016-04-26 14:53:28 +05:30
Christoph Hartmann
2242790528 Merge pull request #678 from Anirudh-Gupta/hpux
added hpux user and package resource support
2016-04-25 07:22:19 -05:00
Dominik Richter
d0760662ce bugfix: restore pax_global_header fetcher filter
The original tests were deactivated. Reactivate and fix the implementation.

TODO: verify that this matches expectations
2016-04-24 02:38:22 -04:00
Dominik Richter
bc724c81ff fix legacy supports call
as reported by Jeremy Miller and Alex Pop
2016-04-22 11:15:57 -04:00
Anirudh Gupta
75534fdaa5 added hpux user and package resource support 2016-04-21 14:01:56 +05:30
Alex Pop
34a22a290e add more cmp matcher tests 2016-04-20 11:57:31 -04:00
Dominik Richter
9da23f9cbc remodel bash and shell wrappers 2016-04-18 11:48:42 -04:00
Dominik Richter
0631779412 configure command execution shells to sh/bash/zsh 2016-04-18 01:09:37 -04:00
Thomas Cate
0f8aff0b91 added default and per kernel checking 2016-04-17 10:46:35 -04:00
Thomas Cate
3051ead64d added tests for grub_conf resource 2016-04-17 10:46:29 -04:00
Dominik Richter
2a0ccbfd76 fail on unsupported os/platform 2016-04-17 00:04:37 -04:00
Dominik Richter
f54195408f simplify key symbolization in metadata 2016-04-16 18:47:59 -04:00
Dominik Richter
14995534cd skip profiles if the platform isnt supported 2016-04-16 15:34:23 -04:00
Dominik Richter
a1188b26ce add supports_runtime? to metadata 2016-04-16 15:25:59 -04:00
Dominik Richter
5d58fa267b feature: cmp < / > / <= / >= / == / != sth matcher 2016-04-15 19:19:15 -04:00
Christoph Hartmann
3007aef248 add function tests for compliance command 2016-04-13 16:55:14 -04:00
Jacob McCann
9dbf5354e5 Add 'static' value as enabled to systemd service enabled check 2016-04-13 14:44:28 -05:00
Dominik Richter
046e6ce501 bugfix: non-profile execution with json formatter 2016-04-11 11:17:26 -04:00
Dominik Richter
fb54c4ea24 api: inspec.yml supports now adds tests w/o running
Instead of just removing all tests because of OS support, supports now acts by adding all tests to the execution context, but doesnt actually execute them. Instead tests are set to skip before they get to the actual execution context
2016-04-06 11:28:52 +02:00
Dominik Richter
c55fb0b587 prevent only_ifs from getting overwritten 2016-04-06 10:46:36 +02:00
Dominik Richter
a72fee6623 add only_if for controls 2016-04-06 10:46:36 +02:00
Dominik Richter
c73afd4c1c overhault rule/control internals
instead of keeping them as flat variables, prefix all internals with `__` to create consistency. Also add accessors on the class-level to expose these values in all rules. This way we keep all variable-names in one location and get some safety on access.
2016-04-06 10:46:36 +02:00
Dominik Richter
598e8be07f don't remove controls with only_if
instead mark them as skipped, but don't just remove them.

This also introduced a number of tests around only_if on the global level
2016-04-06 10:15:53 +02:00
Alex Pop
070c5bb0e9 update tests with 5 examples 2016-04-04 14:19:13 +01:00
Dominik Richter
2cad553de8 add advanced passwd filters (experimental) 2016-03-31 02:03:20 +02:00
Christoph Hartmann
bc3be2f302 fix functional tests 2016-03-28 01:15:48 +02:00
Christoph Hartmann
a0529075d3 add integration tests 2016-03-26 22:49:32 +01:00
Dominik Richter
ee170cc526 support --controls for json 2016-03-25 01:58:59 +01:00
Dominik Richter
17840e0299 split up functional tests 2016-03-25 01:32:03 +01:00
Christoph Hartmann
f4180780d1 document tags and refs 2016-03-25 00:58:27 +01:00
Alex Pop
53c7683ff7 update tests based on resource changes 2016-03-24 21:50:51 +01:00
Alex Pop
3c3d711dfd bugfix: fix rare inspec shell missing all resources
In some instances, when running inspec shell, you dont get any resources inside of it. i.e. `inspec shell` and then `os` will lead to

```ruby
NameError: undefined local variable or method `os' for
from (pry):1:in `add_content'
```

This is because of instance_eval loading withing the given source/line
information and not attaching to the profile context which actually has
all the resources. Fix it by making sure that inspec shell always
attaches to the profile context with resources by providing nil for
source and line information.
2016-03-24 20:37:46 +01:00
Christoph Hartmann
cd57b26bd0 wmi unit test 2016-03-20 11:53:56 +01:00
Christoph Hartmann
7e7196db77 add wmi integration tests 2016-03-20 11:53:56 +01:00
Christoph Hartmann
4c5a3ed412 add vbscript unit test 2016-03-19 19:04:31 +01:00
Christoph Hartmann
e8aa426846 add vbscript integration test 2016-03-19 19:04:31 +01:00
Christoph Hartmann
f50255486b add support for addresses in port resource 2016-03-19 11:48:14 +01:00
Dominik Richter
a9632d53d4 fix inspec shell and continuously test it 2016-03-19 09:13:23 +01:00
Christoph Hartmann
32a065239c update unit test, add integration test 2016-03-18 15:47:00 +01:00
Christoph Hartmann
1d043bfebc move kitchen integration tests to top-level 2016-03-18 11:30:54 +01:00
Christoph Hartmann
8433b55fc4 do not install postgres on ubuntu 15.10 2016-03-18 11:30:54 +01:00
Christoph Hartmann
ea085ef7c0 place empty iso in tmp directory 2016-03-18 11:30:54 +01:00
Dominik Richter
c78a7dfbde add functional tests for fulljson 2016-03-18 02:42:53 +01:00
Dominik Richter
76fe4483d4 feature: add tags and refs 2016-03-18 01:42:26 +01:00
Dominik Richter
9e6e2bd4f7 add inspec exec tests with json formatter 2016-03-18 00:29:10 +01:00
Dominik Richter
b7e438eabc add a mock fetcher 2016-03-17 23:37:09 +01:00
Dominik Richter
ca5f7b822b add tests for resource plugin 2016-03-17 15:58:20 +01:00
Dominik Richter
f7c2fa4392 functional tests for inspec detect + version + exec 2016-03-17 10:21:38 +01:00
Dominik Richter
6853284e31 validate inspec json generation 2016-03-17 10:21:38 +01:00
Dominik Richter
bfd88df27a verify that archive creates valid zip and tar files 2016-03-17 10:21:38 +01:00
Dominik Richter
0218f1f3ca feature: --output on archive 2016-03-17 10:21:38 +01:00
Dominik Richter
e3991a2025 bugfix: inspec archive with profile path for inheritance 2016-03-16 20:32:02 +01:00
Dominik Richter
26c34c3487 WIP profile check on inheritance profiles 2016-03-16 20:32:02 +01:00
Dominik Richter
89d7f0b593 give them hell!
parallelize minitest runs for functional tests
2016-03-16 08:28:09 +01:00
Dominik Richter
0a4567d49f add simple command tests for inspec check 2016-03-16 08:23:47 +01:00
Dominik Richter
387415859e rename internal File -> FileResource 2016-03-09 10:48:48 +01:00
Adam Leff
577688a3a0 Placing all resources in the Inspec::Resources namespace
Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix.

Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes.

I strongly recommend viewing this diff with `git diff --ignore-space-change`
to see the *real* changes. :)
2016-03-08 13:40:16 -05:00
Dominik Richter
ccf2694940 bugfix: inheritance of local profiles 2016-03-08 14:59:14 +01:00
Dominik Richter
e617f74bcd filter xinetd fields by regex 2016-02-26 14:46:51 +01:00
Dominik Richter
4a39275fc0 add xinetd_conf resource 2016-02-26 13:19:16 +01:00
Dominik Richter
e9ffc85b53 test for empty global describe block 2016-02-25 14:30:27 +01:00
Dominik Richter
3ae50adae9 feature: conditional OR via describe.one
```
describe.one do
  describe command("uname -r").stdout do
    it { should_not match /x86_64/ }
  end
  describe test_sth_for_x64_processors do
    ...
  end
end
```
2016-02-25 14:30:23 +01:00
Dominik Richter
2fc0994f4c add cmp int->string tests 2016-02-23 22:31:10 +01:00
Christoph Hartmann
ee7adc24ec add unit tests 2016-02-22 18:24:16 +01:00
Stephan Renatus
2da97df5f0 test: read mock-archives in binary mode
this doesn't hurt in *nix, but makes tests pass on windows.
2016-02-22 13:47:33 +01:00
Stephan Renatus
c891686d72 tests: create a temporary name, not a Tempfile
rubyzip also does use Tempfile under the hood, this causes trouble.
2016-02-22 13:41:12 +01:00
Stephan Renatus
c24a504cb6 tests: clarify kind_of's 2016-02-22 12:06:42 +01:00
Stephan Renatus
8d572934eb tests: make this work on non-linux 2016-02-22 12:06:42 +01:00
Stephan Renatus
e67576b1cd tests: make non-existant files explicit 2016-02-22 12:06:42 +01:00
Dominik Richter
33b2876d7c fix tests and lint 2016-02-22 12:06:42 +01:00
Dominik Richter
d065794d96 remove old target interface 2016-02-22 12:06:42 +01:00
Dominik Richter
1e1e473cb0 replace target-helper with fetcher+reader 2016-02-22 11:24:35 +01:00
Dominik Richter
202a781f6a fail on incorrect metadata of url download 2016-02-22 11:24:35 +01:00
Dominik Richter
c79d9f7777 add flat source reader 2016-02-22 11:24:35 +01:00
Dominik Richter
c9d1272f49 add relative fetcher
This helps reduce any folder structures, weather on disk or in archives, to their relative root paths; i.e. ignore all file-prefixes that are given and go directly to the underlying files, relative to the common folders that contain it
2016-02-22 11:24:35 +01:00
Dominik Richter
f023d02bbb add inspec source reader 2016-02-22 11:24:35 +01:00
Dominik Richter
125ee53041 create source_reader plugin structure 2016-02-22 11:24:35 +01:00
Dominik Richter
d293550375 chain fetchers together 2016-02-22 11:24:35 +01:00
Dominik Richter
7b073fe153 add url fetcher 2016-02-22 11:24:35 +01:00
Dominik Richter
bd77602695 bugfix: prevent test helper from prematurely deleting tmp-files 2016-02-22 11:24:35 +01:00
Dominik Richter
4e830ffc24 add tar fetcher 2016-02-22 11:24:35 +01:00
Dominik Richter
1c29667523 add zip fetcher 2016-02-22 11:24:35 +01:00
Dominik Richter
a83e29cc01 add local fetcher 2016-02-22 11:24:35 +01:00
Dominik Richter
27f7aa7796 create new fetcher system 2016-02-22 11:24:35 +01:00
Dominik Richter
1e096c7181 add shadow resource for /etc/shadow 2016-02-19 14:26:04 +01:00
Christoph Hartmann
3f6b89e24d extend github url support 2016-02-19 09:12:25 +01:00
Dominik Richter
1fa957c8ca ensure deprecated methods still work 2016-02-18 16:25:02 +01:00
Dominik Richter
83fcc35d2a expose all fields + deprecate singular accessors 2016-02-18 16:10:42 +01:00
Christoph Hartmann
26276ca991 use ruby zip and tar for unit tests 2016-02-18 14:27:16 +01:00
Dominik Richter
b8cce5d3c7 create zip for test helper in ruby
The zip command is not always there. (e.g. i dont have it on my box). just use the available zip library
2016-02-18 14:25:55 +01:00
Dominik Richter
b872c04616 bugfix: url helper loading zip and tar 2016-02-18 14:25:55 +01:00
Dominik Richter
509088ba5d share test helpers for loading profile archives 2016-02-18 14:25:55 +01:00
Dominik Richter
e354854fc9 bugfix: dont skip url target unit test 2016-02-18 14:25:55 +01:00