* Add hotfix resource for Windows
Signed-off-by: Matt Ray <matthewhray@gmail.com>
* Renamed hotfix to windows_hotfix
Added additional unit test checking for KB that is not present on a box
Signed-off-by: Matt Ray <matthewhray@gmail.com>
* Integration test to spot-check for hotfixes
Queries the Windows operating system via Powershell for a list of all
installed hotfixes and spot-checks every 10th one with the
windows_hotfix resource. Checking hundreds is time-consuming. Also
checks to ensure a non-installed hotfix is not present.
Signed-off-by: Matt Ray <matthewhray@gmail.com>
* add example for checking last permissions octet
Signed-off-by: Thomas Cate <tcate@chef.io>
* Correctly describe the last permissions bit for file resource
Signed-off-by: Thomas Cate <tcate@chef.io>
* Added auditd resource and documentation.
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Added unit tests for auditd resource and updated auditd_rules_test to match new entries in auditctl
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Removed all legacy code for audit < 2.3. Removed parens to create consistency.
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Updated method names and removed unnecessary content based on review
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Adding support for fstab
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* New Resource - etc_fstab
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* New Resource - etc_fstab
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to new resource - etc_fstab
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to new resource - etc_fstab
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to new resource - etc_fstab
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to docs of new resource etc_fstab
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Modifications to new resource etc_fstab
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* wip: extend nginx_conf for http+servers+locations
... well `http` entries really, but we couldnt just call it `https`.
the goal is to `nginx_conf.http` / `nginx_conf.servers` / `nginx_conf.locations` and then also have these calls cascaded down to simplify the access to these fields. the current pattern is rather tedious since we need to check for nil everywhere.
* add test for new nginx accessors
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
* add docs for nginx-conf
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
* fix all incorrect NGINX spellings in docs
* prevent edge-cases where nginx params are nil
for location, http, and servers
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
* more descriptive to_s for nginx servers
as suggested by @adamleff, thank you!
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
* add more descriptive to_s for nginx location
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
* Provisioner script to setup resource tests for setgid/setuid/sticky bit tests. This appears to be the correct mechanism per docker_run, but I don't see any other provisioner scripts, so I suspect there is a different Chef-internal mechanism at play here.
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* TDD Red for setgid/setuid/sticky File matchers
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add documentation for file resource sgid, sticky, and suid matchers
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add matchers to File for setgid, setuid, and sticky by aliasing existing predicates; TDD green
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Rubocop prefers alias to alias_method.
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Lint before pushing, of course
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Correct spelling of setgid and setuid matchers in docs
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add be_setgid, be_setuid, be_sticky matcher integration tests for File.
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Revert "Provisioner script to setup resource tests for setgid/setuid/sticky bit tests. This appears to be the correct mechanism per docker_run, but I don't see any other provisioner scripts, so I suspect there is a different Chef-internal mechanism at play here."
This reverts commit 42e672f3b1.
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Revert "TDD Red for setgid/setuid/sticky File matchers"
This reverts commit a4f891fc7e.
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
The current docs refer to a method called `link_target` which does not
exist. `link_path` provides the functionality.
Signed-off-by: Adam Leff <adam@leff.co>
* Add support for XML files
Signed-off-by: Morley, Jonathan <jmorley@cvent.com>
* Use REXML instead of nokogiri
Signed-off-by: Morley, Jonathan <jmorley@cvent.com>
* Added aide_conf resource and subsequent files
* Updated to match on all selection lines
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Changed to use CommentParser and fixed typo
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Fix typo in test file
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Updated to address PR feedback
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* check the proper field for dpkg installation state fixes#2006
Signed-off-by: Mathieu Sauve-Frankel <msf@kisoku.net>
* Properly handle held packages on dpkg-flavored OS
InSpec was looking at the wrong field in `dpkg -s` output to determine
whether a package was installed or not. An installed, held package was
incorrectly reported as uninstalled.
This adds the proper unit tests and also adds a `be_held` matcher.
Thanks to @kisoku for the initial work in #2007.
Signed-off-by: Adam Leff <adam@leff.co>
* Changes resources/filename to match resource name
Signed-off-by: kgarmoe <kgarmoe@chef.io>
* Deletes original resource files.
Signed-off-by: kgarmoe <kgarmoe@chef.io>
* Fix host resolution on Darwin, use dig wherever possible
The `host` and `dig` commands do not return non-zero if a query returns NXDOMAIN
or NOERROR, but the DarwinHostProvider was expecting it when deciding whether to
fall back to IPv4 if a IPv6 query failed. Therefore, the `host` resource would
not function properly when resolving hostnames on Darwin. The logic has been
changed to use `dig` short output and query for both v6 and v4 addresses.
Additionally, the LinuxHostProvider has been modified to prefer `dig` if it's
available to keep behavior similar between Darwin and Linux whenever possible.
This has the added benefit of providing v6 and v4 resolution if possible where
`getent hosts` only returns v6 if v6 records exist.
Signed-off-by: Adam Leff <adam@leff.co>
* Fix up methods, add command mock, do string matching in ruby instead of command
Fixes#1643Fixes#1673
Signed-off-by: Aaron Lippold <lippold@gmail.com>
* Update iptables docs
* Correct nomenclature and be a bit more specific for existing exampls
* Provide an example of allowing a specified port in.
* Update iptables.md.erb
* showing how to shellout in docs
Signed-off-by: Richard Shade <rshade@rightscale.com>
* adding basic example
Signed-off-by: Richard Shade <rshade@rightscale.com>
* cleanup
Signed-off-by: Richard Shade <rshade@rightscale.com>
* adding in mysql socket, as this doesn't work with non-default installs
Signed-off-by: Richard Shade <rshade@rightscale.com>
* updating per peer review to make socket not a req, and adding port
Signed-off-by: Richard Shade <rshade@rightscale.com>
* updating docs
Signed-off-by: Richard Shade <rshade@rightscale.com>
* Add TCP reachability support on Linux for host resource
This enhances the `host` resource on Linux targets by using netcat
(if installed) to perform TCP reachability checks.
Signed-off-by: Adam Leff <adam@leff.co>
* documentation updates
Signed-off-by: Adam Leff <adam@leff.co>
* Appease rubocop
Signed-off-by: Adam Leff <adam@leff.co>
The `interface` resource currently refers to methods that don't
yet exist. Fixing the docs for now and will add the features
later.
Signed-off-by: Adam Leff <adam@leff.co>
This adds supports for connecting to MS SQL instances using Window
authentication rather than SQL authentication. By leaving either the
user or password parameters blank causes the sqlcmd to leave off the -U
and -P params. This will cause sqlcmd to authenticate as the current
Windows user.
Signed-off-by: Nolan Davidson <ndavidson@chef.io>
As originally proposed in #1570, the documentation of
the `processes` resource could be clearer in its ability
to accept a regular expression. The original doc-only PR
was missing a DCO sign-off and had one required change
before it was able to be merged. The PR unfortunately
became stale.
Adopting the PR and merging under the obvious-fix /
doc-only-fix rule.
Signed-off-by: Adam Leff <adam@leff.co>
Switched the oracle_session resource to take an option hash and allow
for configuring hostname, DB_SID, and sqlplus binary path.
Added unit tests.
Signed-off-by: Nolan Davidson <ndavidson@chef.io>
This adds an oracle_session resource similar to the existing resource
for MySQL and MSSQL. It assumes the sqlplus tool is installed and in
the path of the user InSpec connects as.
Signed-off-by: Nolan Davidson <ndavidson@chef.io>
Currently, the `http` resource only operates on the node on which
`inspec exec` is run, even if the user uses the `--target` flag.
This has caused some confusion in the community.
Until this can be fixed, this change adds a warning to the documentation.
Signed-off-by: Adam Leff <adam@leff.co>
The `protocols` matcher section on the `ssl` resource
doc page fell victim to some copy/paste. This change
updates the text to the correct description.
Signed-off-by: Adam Leff <adam@leff.co>
If a repo did not exist, running matchers against it (such as `exist`)
were failing due to a bug in `#to_s` when fetching the repo name. The
`info` method would return nil and we'd still try to treat it as a hash.
This change ensures that info is always a hash, possibly empty if the
repo doesn't exist, and uses the repo name provided by the user rather
than shortening it to be consistent with our other resources which don't
manipulate the user input in the formatter.
Also added a method_missing to allow users to interrogate repo options,
such as baseurl or gpgcheck.
Signed-off-by: Adam Leff <adam@leff.co>
As raised in #1526, adding an additional example showing how
a user can use the `where` accessor to find commands matching
a pattern and write a test using the results.
Signed-off-by: Adam Leff <adam@leff.co>
The following new resources have been added; however, they
presently only support FreeBSD and similar.
* `zfs_dataset`: tests if a named ZFS dataset is present
and/or has certain properties.
* `zfs_pool`: tests if a named ZFS pool is present and/or
has certain properties.
Additionally, the `mount` resource has been reworked to
include support for FreeBSD; while the existing class
was renamed to LinuxMountParser.
Unit-tests were added for all of the above.
Signed-off-by: Joseph Benden <joe@benden.us>
The crontab resource parses a particular user's crontab file into
individual entries and allows the user to assert information about
each entry as needed.
Signed-off-by: Adam Leff <adam@leff.co>
* Fixes the npm package example to state 'npm' vs 'gem'
* Fixes powershell resource to specify the resource instead of 'script'
* Updates the example to rename variable 'script'
While ruby would allow the local variable and the presence of the InSpec method at the same time I think that it is bad form. Other resource examples also use 'script'.
* Changes pip to show generic example
Other package like resources show a generic example in the default.
Signed-off-by: Franklin Webber <franklin@chef.io>
The html rendered from markdown would look like:
`<h3>be<em>grouped</em>into</h3>`
When there is only one `_` the html rendered correctly:
`<h3>be_directory</h3>`
This change escapes the `_` when there are multiple.
* New markdown: `### be\_grouped\_into`
* New html: `<h3>be_grouped_into</h3>`
resource matchers fixed:
* be_block_device
* be_character_device
* be_grouped_into
* be_linked_to
* be_owned_by
* have_app_pool
* have_property_value
resource fixed:
* parse_config_file
Signed-off-by: Nathen Harvey <nharvey@chef.io>