Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-15 01:17:08 +00:00
Code Issues Projects Releases Packages Wiki Activity
2617 commits 449 branches 1895 tags 73 MiB
Commit graph

1311 commits

Author SHA1 Message Date
Steven Danna
13ebea48e1 Allow port to be specified as a string 
This allows the user to write:

   describe port(22) do
     it { should be_listening }
   end

as well as

   describe port('22') do
     it { should be_listening }
   end

without hitting an error.

Fixes #867

Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-05 14:01:08 +02:00
Christoph Hartmann
b3652bf85d improve code style for parse_config thanks @stevendanna 
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
 2016-08-05 12:29:34 +02:00
Christoph Hartmann
d9a1a500d0 add params and content method to parse_config 2016-08-05 12:13:56 +02:00
Steven Danna
57d7275857
Update inspec for os[:family] change in Train 
Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-04 13:32:35 +01:00
Steven Danna
28946f5fde
Use systemctl's helper command to determine enabled & active status 
The output of `systemctl show SERVICENAME` can be misleading in the
case of non-native services (i.e. services configured via an init script
and integrated with systemd via a shim) or for more sophisticated unit
types.

For example, the UnitFileState of ntp is "bad":

    > systemctl show ntp | grep UnitFileState
    UnitFileState=bad

despite systemd reporting it as enabled:

   > systemctl is-enabled ntp
   ntp.service is not a native service, redirecting to
   systemd-sysv-install
   Executing /lib/systemd/systemd-sysv-install is-enabled ntp
   enabled

Further, the old parsing code would have missed unit files in the
following states that are technically enabled:

   enabled-runtime, indirect, generated, and transient

Using the `is-enabled` commands ensures that we report the same enabled
status that systemd reports, without having to update our own parsing in
the event that new unit states are added. Additionally, as shown above,
it handles the sysv compatibility helper.

Similarly, the is-active helper command ensures that we always report
the same active/not-active status as systemd would natively. For
instance, a quick reading of `src/systemctl/systemctl.c` in the systemd
source shows that systemctl reports units as active if they are in the
state `UNIT_ACTIVE` or `UNIT_RELOADING`.

Fixes #749

Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-03 13:31:09 +01:00
Christoph Hartmann
bd3a7ee7df 0.28.1 2016-08-03 12:56:36 +02:00
Dominik Richter
70dd639471 move base_cli to lib/inspec 
It is not a disconnected library, but a core component of inspec. Fix its location.
 2016-07-26 20:11:25 +02:00
Dominik Richter
69f9c0ff59 fix color code barriers 2016-07-22 12:41:00 +02:00
Dominik Richter
3059a18c56 0.28.0 2016-07-21 15:27:41 +02:00
Dominik Richter
c2f34932ad add port resource for windows 2008 
using `netstat -an`
 2016-07-21 14:58:43 +02:00
Chris Evett
925da00b3d fixing rubocop error 2016-07-17 14:22:04 -04:00
Chris Evett
85988aab9c add mssql resource 2016-07-17 14:18:25 -04:00
Dominik Richter
255d8fcd68 prevent circular loading of resource library 2016-07-16 05:15:23 +02:00
Dominik Richter
b9a2ec9b40 0.27.1 2016-07-15 16:27:14 +02:00
Alex Pop
ba4b9c26c5 fix symbols and strings inconsistency 2016-07-13 11:53:04 +01:00
Patrick Münch
7d986c2d17 FIX #823 wrong postgres path detection 
Signed-off-by: Patrick Münch <patrick.muench1111@gmail.com>
 2016-07-12 19:59:08 +02:00
Christoph Hartmann
c94751fcf9 0.27.0 2016-07-10 21:16:15 -05:00
Dominik Richter
68cf88f701 add suid sgid and sticky support for file resource 2016-07-10 23:08:42 +02:00
Dominik Richter
c6644ebdfe check service running by ActiveState 
See http://unix.stackexchange.com/questions/159174/differences-between-inactive-vs-disabled-and-active-vs-enabled-services
 2016-07-06 12:57:04 +02:00
Christoph Hartmann
8a17cb6b5b update readme for bundles 2016-06-29 08:14:36 +02:00
Dominik Richter
5da73db6a3 api: report source location with field identifiers 
Mixing types in an array without specifying what these fields point to is not just confusing, but also causes issues with endpoints that may consume this data and dont process mixed types. We strive to have a stable api for 1.0 and this is a sin that was left after the major overhaul. Time to fix it.
 2016-06-28 12:03:20 +02:00
Christoph Hartmann
9bdb01f1d5 improve wmi resource 2016-06-19 23:40:45 +02:00
Christoph Hartmann
f87f25fb07 add boolean support for cmp matcher 2016-06-18 20:33:08 +02:00
Dominik Richter
8660d5d81c feedback round with @chris-rock 2016-06-16 20:37:51 +02:00
Dominik Richter
211a2e25fb align inspec detect output 2016-06-16 13:00:09 +02:00
Dominik Richter
0fec9cca13 enhance cli output for inspec check 2016-06-16 13:00:09 +02:00
Christoph Hartmann
e5903679b9 0.26.0 2016-06-16 12:50:48 +02:00
Dominik Richter
e3b20e88b7 provide target info in cli output 2016-06-16 12:26:46 +02:00
Dominik Richter
c34fd350cf multi-profile reporting in cli formatter 2016-06-16 00:08:50 +02:00
Dominik Richter
4fbdee84cf use utf-8 characters for default cli formatter 
see https://github.com/chef/inspec/issues/532
 2016-06-15 19:27:56 +02:00
Stephan Renatus
0a00d21113 integer?("0300") should not be true 2016-06-15 18:34:42 +02:00
Dominik Richter
f93084520f introduce cli report formatter 2016-06-15 17:11:29 +02:00
Christoph Hartmann
2d64face12 0.25.0 2016-06-14 03:16:40 +02:00
Christoph Hartmann
f1faf47112 introduce secrets backend 2016-06-14 02:49:47 +02:00
Christoph Hartmann
c7a49056c4 feature: attribute handling 2016-06-14 02:49:03 +02:00
Dominik Richter
c9403a8d7b 0.24.0 2016-06-03 23:06:51 +02:00
Dominik Richter
2db8d83d56 support intra-libraries file referencing + loading 
solves https://github.com/chef/inspec/issues/779
 2016-06-03 22:54:35 +02:00
Christoph Hartmann
d19dd89c1e 0.23.0 2016-05-31 09:57:15 +02:00
Dominik Richter
302a718b48 list arbitrary ports and query it 
utilizing filter table to make port more flexible and useful.
 2016-05-31 03:14:07 +02:00
Dominik Richter
02dae2c3c5 add simple style for filter table data 
for quick flattening, filtering, and non-nil results. this also simplifies some interal calls and structure
 2016-05-31 03:01:03 +02:00
Christoph Hartmann
9e753a5dbc add helper methods for os resource 2016-05-31 00:01:26 +02:00
Dominik Richter
d6345ffd17 add resource to filter table blocks 
i.e. get access to the original resource for more information and calls.
 2016-05-30 23:31:14 +02:00
Christoph Hartmann
ebf9b95356 0.22.1 2016-05-18 19:04:04 +02:00
Dominik Richter
b54b4309da fix reporter/formatter disagreements 
reporters didnt stick to the formatters that were configured but looked for an old json one. this MR ensures that the formatter that is configured is pulled out to generate the report
 2016-05-18 18:25:41 +02:00
Christoph Hartmann
820a942fa3 0.22.0 2016-05-16 20:12:52 +02:00
Christoph Hartmann
7515b488fd Merge pull request #754 from jeremymv2/sudo_command 
add sudo_command option
 2016-05-16 15:32:29 +02:00
Anirudh Gupta
c9dbbfd5dc modification in command resource example 2016-05-16 11:53:21 +05:30
Jeremy J. Miller
cfcc06a379 fix spelling 2016-05-15 11:04:23 -04:00
Jeremy J. Miller
9795879628 add sudo_command option 2016-05-15 07:22:18 -04:00
Dominik Richter
00921d9f97 0.21.6 2016-05-13 20:51:32 +02:00
Dominik Richter
67f7a5936c catch corner-case with symbols on test-objects 2016-05-13 20:39:17 +02:00
Alex Pop
4241cbf7ce can-t go in else when nil either 2016-05-13 19:22:09 +01:00
Alex Pop
6a9f015527 prevent nil.include? 2016-05-13 19:03:33 +01:00
Dominik Richter
4152101679 0.21.5 2016-05-13 19:29:46 +02:00
Dominik Richter
603e3e21b3 fix construction of ruby objects on string and array handlers 2016-05-13 19:07:43 +02:00
Dominik Richter
b837f8c8ec 0.21.4 2016-05-13 12:58:35 +02:00
Dominik Richter
2323ec52d2 add polyfill for ruby 1.9.3. struct 2016-05-13 11:57:06 +02:00
Dominik Richter
dde4433933 use struct for processes list 
we know all the fields + struct is fully compatible to the curren hash implementation
 2016-05-13 11:22:56 +02:00
Christoph Hartmann
987c42ed99 0.21.3 2016-05-12 00:27:30 +02:00
Christoph Hartmann
f3b41ccea9 deprecate arrray matcher 2016-05-12 00:14:54 +02:00
Christoph Hartmann
1f470971d2 Revert "Add all_match to matchers" 
This reverts commit 29cf4522e4.
 2016-05-11 23:47:24 +02:00
Christoph Hartmann
48d8694789 Revert "fix contain_match, add none_match" 
This reverts commit 54b397f3a5.
 2016-05-11 23:47:24 +02:00
Christoph Hartmann
5939e5b2f9 Merge pull request #739 from chef/ap/port-not-nil 
Return empty array instead of nil for port methods
 2016-05-11 23:32:43 +02:00
Alex Pop
2a9d9b5481 return empty array instead of nil to be .each friendly 2016-05-11 22:21:22 +01:00
Christoph Hartmann
03b1ecfac5 Merge pull request #735 from tpcwang/escape-windows-osenv 
Escape os_env command on Windows to handle env variables containing parentheses.
 2016-05-11 23:09:34 +02:00
Christoph Hartmann
21a91f964c 0.21.2 2016-05-11 14:16:24 +02:00
Alex Pop
54b397f3a5 fix contain_match, add none_match 
update matchers doc and add more integration tests
allow non-string data types and non-arrays
 2016-05-11 12:47:36 +01:00
tpcwang
c8d2991589 Escape os_env command on Windows to handle env variables containing parentheses. 
Update the mock file to match the new command
 2016-05-11 01:09:06 -07:00
Christoph Hartmann
7e514c8735 0.21.1 2016-05-10 22:43:34 +02:00
Christoph Hartmann
9fd9f8aa69 Merge pull request #733 from chef/vj/add-label-for-processes 
Expose label for processes only on linux
 2016-05-10 22:39:02 +02:00
Victoria Jeffrey
1811eb6666 Expose label for processes only on linux 2016-05-10 13:59:13 -04:00
Victoria Jeffrey
29cf4522e4 Add all_match to matchers 2016-05-10 10:00:55 -04:00
Christoph Hartmann
1c2fd97a39 fix: remove non-existent class 2016-05-10 13:18:33 +02:00
Christoph Hartmann
a83088edea 0.21.0 2016-05-10 11:09:57 +02:00
Alex Pop
91b83b45a5 remove redundant space when missing expectation 2016-05-09 15:20:29 +01:00
Alex Pop
9ded3b8835 Provide service params as a mash, empty unless systemd for now 2016-05-09 14:54:09 +02:00
Christoph Hartmann
d2a8ba0022 add human-readable output for detect, as well as a --format json 2016-05-09 13:24:49 +02:00
Dominik Richter
5d925b2851 api: make processes return integers for pid/vsz/rss 2016-05-06 16:49:21 +02:00
Alex Pop
9a83814f35 update mount example with include 2016-05-06 14:27:42 +01:00
Christoph Hartmann
6e93a13000 show error if user is not logged in to compliance server 2016-05-06 13:47:22 +02:00
Alex Pop
c518b9edc2 expose systemd service properties via .info 2016-05-06 13:36:42 +02:00
Christoph Hartmann
8258d111ef rename json to minijson and fulljson to json 2016-05-06 13:27:42 +02:00
Dominik Richter
b14495051a prevent duplicate profile-loading 
this happens when the profile is run (exec) and also interpreted (via profile.params). It will load 2 profile context calls (both via Runner) which in turn gets 2 rounds of interpreter+runner executions. This is an issue with auto-generated IDs, due to their random component, which changes in this case
 2016-05-06 13:14:40 +02:00
Dominik Richter
20d08a63b5 inspec --format [json|fulljson|rspecjson] overhaul 
Full rewrite of all formatters. Create a minimal JSON, a full JSON, and a fallback RSpec formatter. The latter is only needed for corner cases and should not really be used. The former 2 are for (1) running `inspec json` followed by `inspec exec` (`--format json`) and (2) running just `inspec exec --format fulljson`.
 2016-05-06 13:14:40 +02:00
Dominik Richter
a809097d12 simplify full_id generation 2016-05-06 13:14:40 +02:00
Dominik Richter
8ba859fe92 remove legacy global DSL code 2016-05-06 13:14:40 +02:00
Dominik Richter
4d28fd8f31 remove inspec [exec|json|...] --id flag 2016-05-06 13:14:40 +02:00
Dominik Richter
b9543241eb export #tests() from OrTest object 
make these inner tests accessible
 2016-05-06 02:10:33 +02:00
Dominik Richter
67fccc1246 expose deprecated fields in passwd 2016-05-04 15:27:58 +02:00
Dominik Richter
fc718267c4 extend filter table to handle soft variable lookup 2016-05-04 15:27:58 +02:00
Dominik Richter
fb91b788a6 use filtertable with passwd resource 2016-05-04 15:27:58 +02:00
Alex Pop
f78afe0d75 Use only strings in resource examples, docs and tests 2016-05-03 23:27:18 +01:00
Victoria Jeffrey
33e35a1e94 use strings instead of symbols 2016-05-03 15:39:34 -04:00
Anirudh Gupta
738ef69bcf prefixed hpux to cmd file name 2016-05-03 21:38:39 +05:30
Anirudh Gupta
d839f218bf hpux support for basic port properties 2016-05-03 14:30:59 +05:30
Dominik Richter
f30b6fb6f5 bugfix: handle train errors in inspec execution 2016-05-02 08:34:45 -04:00
Alex Pop
e24772e4b7 releasing 0.20.1 2016-04-30 02:02:29 +01:00
Alex Pop
56d856531b support basename parameter and add tests 2016-04-29 13:40:32 -04:00
Dominik Richter
6b5b592c03 0.20.0 2016-04-29 09:13:10 -04:00
Dominik Richter
8ee6a14bc5 validate target backend 2016-04-28 20:44:36 -04:00
Dominik Richter
83b4dfbf4d use the source_path instead of path for file internal reporting 2016-04-28 20:11:21 -04:00
Dominik Richter
3e8974d243 update to new train interface 2016-04-28 19:55:34 -04:00
Alex Pop
3ab53e940d make file resource follow links and provide method to get to the original link object 2016-04-28 19:55:34 -04:00
Christoph Hartmann
46f38b51d0 add integration tests for compliance plugin 2016-04-29 01:12:53 +02:00
Christoph Hartmann
8678ab6625 fix compliance plugin 2016-04-29 00:39:25 +02:00
Dominik Richter
6f612dc948 WIP add block support to where conditionals (1) passwd.users { != 2 } (2) add tests 2016-04-28 23:10:52 +02:00
Dominik Richter
0c8e891ee1 add #entries to filter table + remodel configuration 2016-04-28 22:46:39 +02:00
Dominik Richter
048a1584b9 encapsulated filters 2016-04-28 22:46:39 +02:00
Dominik Richter
652f10ad9a use Inspec::Filter in xinetd resource 2016-04-28 22:46:39 +02:00
Dominik Richter
d86161c616 add general filter utility for resources 2016-04-28 22:46:39 +02:00
Dominik Richter
01caf05020 add cmd for executing calls against the inspec api 2016-04-27 06:31:01 -07:00
Christoph Hartmann
ab9f5f9c1a Merge pull request #682 from Anirudh-Gupta/hpux 
Hpux
 2016-04-27 06:29:05 -07:00
Anirudh Gupta
1330e09df5 added file permission by user check for hp-ux 2016-04-26 14:53:28 +05:30
Christoph Hartmann
2242790528 Merge pull request #678 from Anirudh-Gupta/hpux 
added hpux user and package resource support
 2016-04-25 07:22:19 -05:00
Dominik Richter
d0760662ce bugfix: restore pax_global_header fetcher filter 
The original tests were deactivated. Reactivate and fix the implementation.

TODO: verify that this matches expectations
 2016-04-24 02:38:22 -04:00
Alex Pop
ce7b06da35 releasing inspec 0.19.3 2016-04-22 17:13:04 +01:00
Dominik Richter
bc724c81ff fix legacy supports call 
as reported by Jeremy Miller and Alex Pop
 2016-04-22 11:15:57 -04:00
Anirudh Gupta
75534fdaa5 added hpux user and package resource support 2016-04-21 14:01:56 +05:30
Dominik Richter
3778f7968e v0.19.2 2016-04-21 02:30:42 -04:00
Alex Pop
1254bce74f keeping rubocop happy 2016-04-20 12:03:20 -04:00
Alex Pop
0b1c37362b fix indenting for loops and or 2016-04-20 12:03:20 -04:00
Alex Pop
9f156bb36b update file resource example to use cmd matcher for better failure output in octal 2016-04-20 11:57:34 -04:00
Alex Pop
7a3b4736b8 fix the shadow password example now that cmp can handle arrays 2016-04-20 11:57:34 -04:00
Alex Pop
b38e71b6f2 allow integers to be cmp regexed 2016-04-20 11:57:31 -04:00
Dominik Richter
9b199c9223 add regexp to cmp matcher 
i.e. `123 should { cmp /2+/ }`
 2016-04-20 11:57:31 -04:00
Dominik Richter
07f17a3f8d bugfix: fix formatting of cmp expectations 
E.g. for regex it will print a very cryptic `(?-mix:123)` for `/123/` instead of the pure regex
 2016-04-20 02:11:00 -04:00
Dominik Richter
9da23f9cbc remodel bash and shell wrappers 2016-04-18 11:48:42 -04:00
Stephan Renatus
f7272f746c 0.19.1 2016-04-18 11:39:52 +02:00
Dominik Richter
0631779412 configure command execution shells to sh/bash/zsh 2016-04-18 01:09:37 -04:00
Dominik Richter
fa6143d6d4 be descriptive on shadow.entries 
When used in combination: `shadow[.filter(...)].entries.each { |entry| ... }`, these entries would not  be very descriptive at all. You would basically only retrieve the full filter chain e.g. 20 times, without any information about what entry you are currently looking at. This fixes it, by providing the entry identified by the user name
 2016-04-17 19:12:14 -04:00
Dominik Richter
0cb03e8726 bugfix: print cmp expectations 2016-04-17 18:50:21 -04:00
Dominik Richter
53f855e681 0.19.0 2016-04-17 14:19:37 -04:00
Thomas Cate
e6d98968c9 first pass at working legacy-grub/grub2 config 2016-04-17 10:46:35 -04:00
Thomas Cate
0f8aff0b91 added default and per kernel checking 2016-04-17 10:46:35 -04:00
Thomas Cate
3051ead64d added tests for grub_conf resource 2016-04-17 10:46:29 -04:00
Thomas Cate
19333f0ece handle unsupported OSs 2016-04-17 10:46:29 -04:00
Thomas Cate
1b1690a3e3 improve examples 2016-04-17 10:46:29 -04:00
Thomas Cate
3559ba4aeb convert single entry arrays to strings 2016-04-17 10:46:24 -04:00
Thomas Cate
fc811518e8 remove troubleshooting output 2016-04-17 10:45:22 -04:00
Thomas Cate
96536db318 first pass at a grub_config resource 2016-04-17 10:45:22 -04:00
Dominik Richter
2a0ccbfd76 fail on unsupported os/platform 2016-04-17 00:04:37 -04:00
Dominik Richter
ebd094fbb0 bugfix: rspec world handling on rspec 3.5 
This accessor is designed to work with rspec 3.0 - 3.5 (and potentially up).
 2016-04-16 20:33:01 -04:00
Christoph Hartmann
27357c8630 update documentation for json resource 2016-04-16 20:16:32 -04:00
Dominik Richter
f54195408f simplify key symbolization in metadata 2016-04-16 18:47:59 -04:00
Dominik Richter
14995534cd skip profiles if the platform isnt supported 2016-04-16 15:34:23 -04:00
Dominik Richter
a1188b26ce add supports_runtime? to metadata 2016-04-16 15:25:59 -04:00
Dominik Richter
5d58fa267b feature: cmp < / > / <= / >= / == / != sth matcher 2016-04-15 19:19:15 -04:00
Alex Pop
dec217a8ce prevent its(:to_i) from generated tests 2016-04-15 01:03:39 -04:00
Satish Puranam
07315ce5d2 Cleanup code meet lint guidelines 2016-04-14 13:39:03 -04:00
Satish Puranam
b0bc88f637 Cleanup, remove redundant checking of os family 2016-04-13 19:08:14 -04:00