Commit graph

5002 commits

Author SHA1 Message Date
Dominik Richter
e0e5aee6a4 bugfix: sudo-detection for target execution
When running `inspec exec` without the `target` option but against remote endpoints OR when executing it with the `localhost://` target AND having `--sudo` active it would abort the execution. `--target` is a helper to set the Train parameters for `backend`, `host`, `user`, `port`, and potentially `password`. The detection would fail on providing any of these separately without specifying `--target`. The same holds true for the `localhost` train backend or just `localhost://` target.

This type of detection has since moved to Train. The driving reason was to have this very useful check for localhost vs sudo run for any type of inspec (or for that matter: train) execution.

This PR depends on https://github.com/chef/train/pull/179 and the next release of train.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-30 18:15:44 -05:00
Christoph Hartmann
1f647e1100 Merge pull request #1865 from chef/dr/unsupported-os-powershell
bugfix: do not send nil to command on unsupported OS
2017-05-30 18:14:44 -05:00
Christoph Hartmann
58ec231868 Merge pull request #1861 from chef/dr/uri-fix
bugfix: non-url servers with compliance login
2017-05-30 18:13:28 -05:00
Seth Thoenen
868f4872fe Add warningaction to test-netconnection
Signed-off-by: Seth Thoenen <seththoenen@gmail.com>
2017-05-30 15:28:04 -05:00
Dominik Richter
ba149a9e1a bugfix: do not send nil to command on unsupported OS
Unsupported operating systems AND the mockloader when using inspec analysis tools may lead to powershell being called with the command being `nil`, because the resource skips during the initialize phase. Instead, propagate an empty string so that `command` has a valid input and then skip the resource.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-30 12:36:32 -04:00
Nathan L Smith
0f96c88d88 Add docs for http resource options
Signed-off-by: Nathan L Smith <smith@chef.io>
2017-05-30 11:33:59 -05:00
Dominik Richter
a0e8be2568 bugfix: non-url servers with compliance login
Non-url URIs may have lead to broader crashes than initially fixed. Overwrite all URL resolvers in the plugin to work with these non-schema URLs.

Fixes #1473

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-30 12:04:21 -04:00
username-is-already-taken2
b423e300ef Amended command.rb to resolve issue 1839
Signed-off-by: username-is-already-taken2 <gary.bright@niu-solutions.com>
2017-05-30 14:56:31 +01:00
Alex Pop
3171f46c7d Commenting out the contain_duplicates deprecation until we have a good alternative.
Signed-off-by: Alex Pop <apop@chef.io>
2017-05-30 13:41:44 +01:00
Christoph Hartmann
58baf5f378 Merge pull request #1838 from chef/adamleff/fix-docs-task
Allow docs Rake task to be run from outside www dir
2017-05-29 16:14:25 -04:00
Adam Leff
24e2ffb7e0 Allow docs Rake task to be run from outside www dir
The docs Rake task requires classes defined in the "shared"
Rake tasks file. However, only the www Rakefile includes the
"shared" tasks file.

Since the "docs" Rake task is what needs it, I'm adding a require
there to ensure it works from outside the www directory.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-29 16:00:19 -04:00
Christoph Hartmann
e87350da88 Merge pull request #1820 from chef/nls/hab-updates
Improvements to Habitat plan
2017-05-29 15:57:43 -04:00
Nathan L Smith
6324a6d289 Improvements to Habitat plan
These are kind of all over the place, but should improve things:

* Use the new `pkg_version` mechanism to set the version, and fail if
  the VERSION file is not present
* Use inspec.io for the upstream url
* Remove pkg_source and it's associated callbacks; they aren't required
  any more
* Alphabetize the deps list
* Remove duplicate coreutils from build deps
* Move environment variable setting to `do_prepare`
* Delete all binstubs in bin that aren't inspec
* Put the generated Gemfile in $CACHE_PATH so it doesn't stomp on the
  developer's Gemfile
* Insert the SSL_CERT_FILE env var in the binstub (Fixes #1582)
* Use install instead of cp to drop off Gemfile.lock
* Build using `path: '$SRC_PATH'` instead of `'= $pkg_version'` in the Gemfile
* Disable `do_strip` to decrease build time and because we don't need it

Works for me on Habitat 0.23.

Since all the "building" is done now in `do_install`, it would be
possible to define a `do_check` that runs `inspec exec` on profiles to
verify inspec is working by running inspec.

Signed-off-by: Nathan L Smith <smith@chef.io>
2017-05-29 15:41:26 -04:00
Christoph Hartmann
5038b29616 Merge pull request #1826 from chef/adamleff/no-more-stderr
Habitat Profiles: redirect stderr to stdout
2017-05-29 15:40:44 -04:00
Adam Leff
266f061b9e Habitat Profiles: redirect stderr to stdout
Due to habitat-sh/habitat#2395, we shouldn't try to log stderr output
to a file for now. While this makes for a less-than-awesome UX, it's
better than a process locking up due to a buffer filling up!

This change redirects stderr from InSpec to stdout and adds some
helpful troubleshooting messages. Should InSpec be able to generate
unique exit codes for when controls fail (vs. a Ruby eval failure)
then we can fix this up some more, too.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-29 15:31:26 -04:00
Christoph Hartmann
93f1c55782 Merge pull request #1833 from chef/adamleff/fix-interface-docs
Update interface resource docs
2017-05-29 15:30:53 -04:00
Adam Leff
333c7f15aa Updating docs to show the interface name is required
Signed-off-by: Adam Leff <adam@leff.co>
2017-05-29 15:20:50 -04:00
Adam Leff
9182ba8574 Update interface resource docs
The `interface` resource currently refers to methods that don't
yet exist. Fixing the docs for now and will add the features
later.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-29 15:20:50 -04:00
Christoph Hartmann
c9a7f65386 Merge pull request #1835 from chef/schisamo/http-resource-default-timeouts
Bump default timeouts for `http` resource
2017-05-29 15:20:11 -04:00
Seth Chisamore
798aebf672 Bump default timeouts for http resource
This changes the default read and open timeouts to be 60 seconds which
matches the defaults for `Net::HTTP` backend which Faraday uses by
default:
https://ruby-doc.org/stdlib-2.4.1/libdoc/net/http/rdoc/Net/HTTP.html#read_timeout-attribute-method
https://ruby-doc.org/stdlib-2.4.1/libdoc/net/http/rdoc/Net/HTTP.html#open_timeout-attribute-method

The current timeout values are too small which causes tests to be
flakey.

Signed-off-by: Seth Chisamore <schisamo@chef.io>
2017-05-29 15:07:49 -04:00
Christoph Hartmann
45afca2e98 Merge pull request #1844 from cattywampus/cattywampus/gem-not-installed
Fix assert that a gem is not installed
2017-05-29 15:06:36 -04:00
Dominik Richter
b1419b84bf Merge pull request #1851 from username-is-already-taken2/gb/patch_1571
Amended the processes resource to skip on windows
2017-05-28 10:35:29 -04:00
Christoph Hartmann
da0b98f4d2 Merge pull request #1852 from aaronlippold/dr/postgres
bugfix: postgres relative path includes
2017-05-27 19:35:22 -04:00
Dominik Richter
9b959b15f3 Merge pull request #1853 from chef/adamleff/raise-if-profile-url-is-bad
Raise exception if profile target URL cannot be parsed
2017-05-26 17:24:52 -05:00
Adam Leff
88581ae3dd
Raise exception if profile target URL cannot be parsed
When attempting to parse the profile out of the target URL, we
were not raising an exception if we failed to do so. Such a situation
could arise if a user's inspec config.json is incorrect either due to
manual editing or failure to re-login after an upgrade past Automate
0.8.0.

This change provides a clear exception if this occurs and also adds
tests for the compliance_profile_name method.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-26 14:30:37 -05:00
Aaron Lippold
dbd3b5c23d bugfix: postgres relative path includes
Postgres configuration doesnt always include absolute paths. When using relative paths it will fail!

Also: We treat the include as either a string or an array; when the first condition succeeds and you get a string and the second fails you get a array => ruby tries to add a string with an array and fails. This is now fixed as well.

Fixes: https://github.com/chef/inspec/issues/1780
Fixes: https://github.com/chef/inspec/issues/1738

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-05-26 14:49:24 -04:00
username-is-already-taken2
f1057ac754 Amended the process resource to skip on windows
Signed-off-by: username-is-already-taken2 <gary.bright@niu-solutions.com>
2017-05-26 16:33:30 +01:00
gbright
b17f0de7cf Amended to resolve issue 1839
Signed-off-by: username-is-already-taken2 <gary.bright@niu-solutions.com>
2017-05-25 21:02:01 +01:00
Dominik Richter
efa871ab5e fix ieq mistakes 2017-05-24 10:08:44 -05:00
Christoph Hartmann
4fde631ed5 update readme
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-22 18:50:49 -05:00
Christoph Hartmann
faa2840c1f update readme
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-22 18:49:27 -05:00
Christoph Hartmann
1ec156962a Merge pull request #45 from chef/getusersfinalfinal
Add list_users
2017-05-22 18:32:32 -05:00
Christoph Hartmann
ab59dd4c3e Merge pull request #48 from chef/MinorCleanup
Remove Unneeded Require Statement
2017-05-22 18:29:57 -05:00
Christoph Hartmann
426a4af22e Merge pull request #35 from chef/issue24
[ISSUE-24] - Use terraform environment to avoid integration tests collisions
2017-05-22 18:27:52 -05:00
Keith Walters
215ef38ee9 Fix installed? check for gem resource
The gem resource used to determine if a gem is installed based on the exit
status of the `gem` command, however that command will return zero
if the package was found or not. This patch checks to ensure that the
`gem list` command actually includes the gem name or is empty to
determine if the gem is in fact installed.

If the gem command returns something other than a `0` exit code, then
it'll skip the resource.

Signed-off-by: Keith Walters <keith.walters@cattywamp.us>
2017-05-22 15:34:01 -05:00
Adam Leff
9e71c94b83 Merge pull request #1842 from chef/adamleff/release-1.25.1
Release 1.25.1
2017-05-19 21:23:12 -04:00
Adam Leff
e06359fc40
Release 1.25.1
Signed-off-by: Adam Leff <adam@leff.co>
2017-05-19 21:22:30 -04:00
Adam Leff
91d51b371a Merge pull request #1841 from chef/fix-method
Fixing typo on method name
2017-05-19 21:19:27 -04:00
Adam Leff
81bfdf2d55
Fix is_automate_server_080_and_later? call
Method name was incorrect (missing `?`) and also was missing
the required config parameter.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-19 21:07:58 -04:00
Seth Thomas
9f30fe1726 Fixing typo on method name
Signed-off-by: Seth Thomas <sthomas@chef.io>
2017-05-19 19:58:46 -04:00
Adam Leff
6c53188e85 Merge pull request #1832 from chef/chris-rock/version-error
throw an error during inspec check if the version is not correct
2017-05-18 09:30:33 -04:00
Christoph Hartmann
b0ab35d941
throw an error during inspec check if the version is not correct
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-18 09:13:37 -04:00
Adam Leff
35dda621d7 Merge pull request #1824 from chef/adamleff/release-1.25.0
Release InSpec 1.25.0
2017-05-17 13:37:11 -04:00
Adam Leff
87e3c6c3a9
Release InSpec 1.25.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-05-17 13:36:15 -04:00
Adam Leff
60825a3ec2 Merge pull request #1822 from chef/chris-rock/version-as-json
return version as json
2017-05-17 09:53:49 -04:00
Adam Leff
0d91fefd6a
Added functional tests for inspec version --format json
Signed-off-by: Adam Leff <adam@leff.co>
2017-05-17 09:41:38 -04:00
Christoph Hartmann
1aa223c99b return version as json
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-17 15:21:40 +02:00
Christoph Hartmann
3140eeae35 Merge pull request #1819 from chef/chris-rock/compliance-plugin
support new automate compliance backend
2017-05-17 15:15:56 +02:00
Christoph Hartmann
5cc288d5df support new automate 0.8.0
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-17 15:02:08 +02:00
Christoph Hartmann
8b015f521a Merge pull request #1816 from chef/dr/source
bugfix: read source code if profile is in tgz/zip
2017-05-16 13:32:13 +02:00