Commit graph

712 commits

Author SHA1 Message Date
Adam Leff
12a495c631 Add TCP reachability support on Linux for host resource (#1915)
* Add TCP reachability support on Linux for host resource

This enhances the `host` resource on Linux targets by using netcat
(if installed) to perform TCP reachability checks.

Signed-off-by: Adam Leff <adam@leff.co>

* documentation updates

Signed-off-by: Adam Leff <adam@leff.co>

* Appease rubocop

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-09 18:18:51 +02:00
Juan Carlos Castillo Cano
1c98ff13f6 Support special cases for crontab resource
Signed-off-by: Juan Carlos Castillo Cano <jccastillocano@gmail.com>
2017-06-06 15:12:12 +02:00
Adam Leff
dda24b9f98 Fix compliance uploads when version is not present
The Compliance::API.version method could potentially return
a hash containing no "version" key but would return an empty
hash upon any expected failure. Downstream callers of the
Compliance::API.version method were looking for a "version"
key to always be present when, in some cases, it would not be.

This change ensures that if a version is not available, there
is no "version" key in the hash, and downstream callers of this
method have been changed to check for nil instead of empty.

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-06 14:49:25 +02:00
Dominik Richter
871c6266c9 Merge pull request #1878 from username-is-already-taken2/gb/update_processes
Add windows support to the `processes` resource
2017-06-06 14:42:14 +02:00
username-is-already-taken2
9d9baeb09f Added windows support to the processes resource
Signed-off-by: username-is-already-taken2 <digitalgaz@hotmail.com>
2017-06-05 23:41:02 +01:00
stubblyhead
ba0a1ea7a7 add bitbucket repo url handling (#1866)
* add bitbucket repo url handling

Signed-off-by: Mike Stevenson <Mike.Stevenson@us.logicalis.com>

* backout changes to .gitignore

* adding unit tests for bitbucket url transformers

Signed-off-by: Mike Stevenson <Mike.Stevenson@us.logicalis.com>

* fixing some indents

Signed-off-by: Mike Stevenson <Mike.Stevenson@us.logicalis.com>

* fix some indents

Signed-off-by: Mike Stevenson <Mike.Stevenson@us.logicalis.com>
2017-06-05 16:02:56 +02:00
Dominik Richter
562f6ad732 add the Nginx parser
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-03 17:25:00 +02:00
Christoph Hartmann
687f1a5827 update unit tests
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-31 00:21:05 -05:00
Dominik Richter
ba149a9e1a bugfix: do not send nil to command on unsupported OS
Unsupported operating systems AND the mockloader when using inspec analysis tools may lead to powershell being called with the command being `nil`, because the resource skips during the initialize phase. Instead, propagate an empty string so that `command` has a valid input and then skip the resource.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-30 12:36:32 -04:00
Seth Chisamore
798aebf672 Bump default timeouts for http resource
This changes the default read and open timeouts to be 60 seconds which
matches the defaults for `Net::HTTP` backend which Faraday uses by
default:
https://ruby-doc.org/stdlib-2.4.1/libdoc/net/http/rdoc/Net/HTTP.html#read_timeout-attribute-method
https://ruby-doc.org/stdlib-2.4.1/libdoc/net/http/rdoc/Net/HTTP.html#open_timeout-attribute-method

The current timeout values are too small which causes tests to be
flakey.

Signed-off-by: Seth Chisamore <schisamo@chef.io>
2017-05-29 15:07:49 -04:00
Christoph Hartmann
45afca2e98 Merge pull request #1844 from cattywampus/cattywampus/gem-not-installed
Fix assert that a gem is not installed
2017-05-29 15:06:36 -04:00
Adam Leff
88581ae3dd
Raise exception if profile target URL cannot be parsed
When attempting to parse the profile out of the target URL, we
were not raising an exception if we failed to do so. Such a situation
could arise if a user's inspec config.json is incorrect either due to
manual editing or failure to re-login after an upgrade past Automate
0.8.0.

This change provides a clear exception if this occurs and also adds
tests for the compliance_profile_name method.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-26 14:30:37 -05:00
Keith Walters
215ef38ee9 Fix installed? check for gem resource
The gem resource used to determine if a gem is installed based on the exit
status of the `gem` command, however that command will return zero
if the package was found or not. This patch checks to ensure that the
`gem list` command actually includes the gem name or is empty to
determine if the gem is in fact installed.

If the gem command returns something other than a `0` exit code, then
it'll skip the resource.

Signed-off-by: Keith Walters <keith.walters@cattywamp.us>
2017-05-22 15:34:01 -05:00
Christoph Hartmann
b0ab35d941
throw an error during inspec check if the version is not correct
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-18 09:13:37 -04:00
Dominik Richter
b23c197202 bugfix: read source code if profile is in tgz/zip
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-16 13:19:25 +02:00
Dominik Richter
d44b751603 add sha256 checksum to json
Fixes https://github.com/chef/inspec/issues/1658

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-11 09:52:28 +02:00
sfreeman
beedecf247 Add list_users
Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
2017-05-10 15:41:03 -04:00
Nolan Davidson
8f0756812c Add support for Windows auth in mssql_resourcet
This adds supports for connecting to MS SQL instances using Window
authentication rather than SQL authentication.  By leaving either the
user or password parameters blank causes the sqlcmd to leave off the -U
and -P params.  This will cause sqlcmd to authenticate as the current
Windows user.

Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-05-09 17:17:07 +02:00
Adam Leff
a21bdc4a04 Handle parse errors for attrs/secrets
Inspired by #1640, this change cleans up the logic used when
reading in secrets files, provides clearer warnings when the
secrets files can't be parsed, and adds tests for those methods.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-09 13:44:33 +02:00
Dominik Richter
00682eb2d2 Merge pull request #1751 from nsdavidson/add-oracle-session
Add an oracle_session resource
2017-05-09 13:21:53 +02:00
Nolan Davidson
ba6745444e Renaming oracle_session to oracledb_session
Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-05-05 13:11:07 -04:00
Nolan Davidson
fbe7b8ddf8 Refactor to options hash and add unit tests
Switched the oracle_session resource to take an option hash and allow
for configuring hostname, DB_SID, and sqlplus binary path.

Added unit tests.

Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-05-05 09:29:38 -04:00
Dominik Richter
5d1765c9bb add inspec.profile.file(...) for profile files
Fixes https://github.com/chef/inspec/issues/1396

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-03 20:39:27 +02:00
Chris Redekop
0ab4ae7d6e Update resource based on PR feedback
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
2017-05-02 14:54:57 +00:00
Chris Redekop
37bcce6618 Add defensive programming
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
2017-05-02 14:54:57 +00:00
Christoph Hartmann
11905af32a Merge pull request #32 from chef/issue31
add password expiry and password expiry time to iam_password_policy
2017-05-02 11:23:44 +02:00
Chris Redekop
891f075d13 Update resource based on PR feedback
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
2017-04-28 10:52:42 +00:00
Viktor Yakovlyev
19f752f778 add 1.11, password expiry and password expiry time in days, fix examples
Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>

check for unset password expiry

Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>

pr changes

Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>
2017-04-28 10:52:42 +00:00
sfreeman
c43c863109 Added user provider
Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
2017-04-27 16:17:43 -04:00
Dominik Richter
1dafe50bd9 rename SimpleConfig / parse_config / parse_config_file options
See https://github.com/chef/inspec/issues/1709
Fixes https://github.com/chef/inspec/issues/1709

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-26 23:18:40 +02:00
Dominik Richter
8e5fbb9e02 provide inspec.version information
as a friendly shortcut and a native call within profiles

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-26 13:07:32 +02:00
Dominik Richter
8b7ef09f85 provide the inspec keyword
Instead of my favorite shortcut of `os.inspec` just finally add it as a global keyword.

Preparation for https://github.com/chef/inspec/issues/1396

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-26 12:30:31 +02:00
Dominik Richter
50e1c76fce print and prettyprint the inspec backend class
This is always bothersome when debugging code and drilling down objects, since it will just a return a two-layer anonymous class with no help at all.
Instead print a nice name and even give a bit of information on pretty-printing (which pry does naturally)

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-26 12:04:01 +02:00
Dominik Richter
c5101e5ef0 pretty-print multiline control descriptions
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-25 17:12:30 +02:00
Dominik Richter
37a2e45cd1 bugfix: unindent description misbehaviors
Unindent has been misbehaving for control `desc`riptions by completely removing newlines. This is now fixed and the unindentation mechanism improved to behave as expected.

Removing empty lines at the beginning and end of string remains unchanged.
Tabs are not treated as multi-space indentations; supporting them as 8-space chars would require additional effort (please comment if this is important to you)

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-25 13:21:38 +02:00
Dominik Richter
37a778173d inspec control.to_ruby to respect newlines
I.e. instead of printing them as:

```
desc "hello\nworld"
```

it would instead do:

```
desc "hello
world"
```

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-25 10:34:45 +02:00
Christoph Hartmann
218bda9c34 Docker resource (#1566)
* add docker, docker_container, and docker_image resources

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-04-24 10:47:03 -04:00
Tor Magnus Rakvåg
8ad02f4d04 added test for guest user
Signed-off-by: Tor Magnus Rakvåg <tm@intility.no>
2017-04-21 09:45:58 +02:00
Tor Magnus Rakvåg
96bb596bc4 fetch user groups while building user object
Signed-off-by: Tor Magnus Rakvåg <tm@intility.no>
2017-04-20 16:02:21 +02:00
Chris Redekop
3cdb639a0c Uncomment unit tests
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
2017-04-18 15:03:31 +02:00
Chris Redekop
fcb8d17feb Incorporate PR feedback
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
2017-04-18 15:03:31 +02:00
Chris Redekop
d428a96bab Add a new access-key resource
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
2017-04-18 15:03:31 +02:00
Ryan Gerstenkorn
5e0cab08a0 Add OSX support for host resource (#1608)
* Add OSX support for host resource

Signed-off-by: Ryan Gerstenkorn <ryan_gerstenkorn@fastmail.fm>
2017-04-13 11:32:04 -04:00
Christoph Hartmann
29e286fee6 Merge pull request #1639 from chef/dr/rabbitmq_config
add `rabbitmq_config` resource
2017-04-12 21:19:15 +02:00
Dominik Richter
02e435b6d0 add rabbitmq config resource
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-12 20:51:12 +02:00
Adam Leff
da56a08f74 Fix gem resource on Windows
RubyGems on windows comes with a batch file that wraps the `gem` command
so it executes correctly. This change uses that batch file for windows
for our `gem` resource, and also properly handles when we receive no output
from the command.

Signed-off-by: Adam Leff <adam@leff.co>
2017-04-12 17:34:16 +02:00
Viktor Yakovlyev
ff72e81915 Add iam password policy
Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>

wire up mock resource twice

Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>

cleaning up as per pr feedback

Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>

style fixes

Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>

fix indent in test

Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>

remove unneeded line

Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>

use minitest mock instead of object

Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>
2017-04-11 14:16:21 -04:00
Adam Leff
a8ffe449ff
Add helper methods, tests for registry key path building
Broke out some of the conditional logic in the `#initialize`
method into helper methods and added tests.

Signed-off-by: Adam Leff <adam@leff.co>
2017-04-07 10:09:51 -04:00
Doc Walker
692e660140 Fix #1617 Add dh_params resource (#1618)
* Fix #1617 Add dh_params resource

Signed-off-by: Doc Walker <4-20ma@wvfans.net>
2017-04-04 10:34:09 -04:00
Adam Leff
68a930f141 Merge pull request #1406 from carldjohnston/apache_conf-symlinks
Allow apache_conf to include symlinked configuration files
2017-04-03 10:38:22 -04:00
Ryan Larson
0e187f6117 Feature/fix ability to pass in supermarket url (#1595)
* Enable customization of supermarket_url

It looks like this was originally supposed to work, but at some point
the default value was put in the method body rather than in the method
parameters.

This change allows you to configure the supermarket_url in test kitchen
like so:

```
verifier:
  inspec_tests:
  - name: linux-hardening
    supermarket: som3guy/apache-disa-stig
    supermarket_url: https://my.supermarket.com
```

Signed-off-by: Ryan Larson <ryan.mango.larson@gmail.com>
2017-03-29 12:42:24 -04:00
Adam Leff
7df9674e42 Remove method_missing, provide methods for repo metadata
Instead of method_missing, methods for each output item from
`yum repolist` are provided.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-29 10:42:25 +02:00
Adam Leff
1cf80737ad Yum resource fix for non-existent repos and repo info
If a repo did not exist, running matchers against it (such as `exist`)
were failing due to a bug in `#to_s` when fetching the repo name. The
`info` method would return nil and we'd still try to treat it as a hash.

This change ensures that info is always a hash, possibly empty if the
repo doesn't exist, and uses the repo name provided by the user rather
than shortening it to be consistent with our other resources which don't
manipulate the user input in the formatter.

Also added a method_missing to allow users to interrogate repo options,
such as baseurl or gpgcheck.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-29 10:42:25 +02:00
Adam Leff
e1c664272e Break out profile vendor activities into separate class
Per PR feedback, `Inspec::ProfileVendor` is created to centralize
the logic and data of vendoring profile dependencies. The `BaseCLI`
class and the `Habitat::Profile` class have been modified to use it

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-29 10:22:20 +02:00
Adam Leff
8269d0da9e Support vendored profiles in Habitat-packaged profiles
This change adds support in Habitat-packaged profiles for
profiles that depend on other profiles. When `inspec habitat
profile create` or `inspec habitat profile upload` is run,
it will see if the profile's dependencies have been vendored
yet, and if not, it will vendor them before creating the
habitat artifact.

For the git and URL fetchers, more explicit creation of the
target directories for the vendored profiles is done. This
is implicitly done via normal CLI interactions a user may
go through, but in our case, we want to ensure those directories
are there before the fetchers try to write out content.

By adding this support, we also fix a bug experienced in Habitat
where a profile that was packaged before an `inspec exec` was run
for the profile would cause a failure in Habitat. This is caused
by `inspec exec` doing a vendor of the dependencies if necessary
and generating the inspec.lock file. In Habitat, the package dir
is not writable by the hab user and InSpec would fail to run due
to an inability to write out an inspec.lock.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-29 10:22:20 +02:00
Adam Leff
8e693a4ad9 Fix port resource for invalid IP address in netstat output
Netstat will sometimes output an IPv6 address that is not
formatted correctly; the address is either truncated or uses
or implies the `::` shorthand notation twice. This yields an
invalid IPv6 address and causes IPAddr.new to choke.

This change guards against invalid IP addresses and ensures they
do not end up in the port resource's entries list.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-29 08:33:50 +02:00
joe.nuspl
1ab80ea052 Extend gem to take an optional gem_binary
Allows one to test whether gems are installed into an omnibus environment.

Signed-off-by: Joe Nuspl <nuspl@nvwls.com>
2017-03-24 22:28:42 -07:00
Adam Leff
73e3bfda7a Merge pull request #1544 from chef/adamleff/hash-values-in-simpleconfig
Provide a method-based accessor for SimpleConfig hashes
2017-03-22 15:46:58 -04:00
Christoph Hartmann
7c11ff9280 add tag object (#1590)
* add tag object

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>

* add tests for to_hash function in tag

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-03-22 13:41:44 -04:00
Christoph Hartmann
d2f000e435 refactor x509 resources and rsa key
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-03-22 11:44:32 +01:00
Richard Nixon
f66f0b3a18 Initial support for x509_certificate and rsa_key
* Includes unit tests
* Includes 2 new resources
* Includes documentation

Signed-off-by: Richard Nixon <richard.nixon@btinternet.com>
2017-03-22 10:00:48 +01:00
Adam Leff
ea7c0c493e Provide a method-based accessor for SimpleConfig hashes
When SimpleConfig parses a config file that has sections, such as a mysqld
config file, the values within that section are returned via a Hash. However,
we do not provide an easy way to write tests for those deep hash values:

```
describe mysql_conf('/tmp/my.cnf') do
  its('mysqld.expire_logs_days') { should cmp 10 }
end

  MySQL Configuration
     ∅  undefined method `expire_logs_days' for #<Hash:0x007fe463795a00>
```

This change provides a method-based accessor for Hashes that are built via
SimpleConfig.

```
describe mysql_conf('/tmp/my.cnf') do
  its('mysqld.expire_logs_days') { should cmp 10 }
end

  MySQL Configuration
     ✔  mysqld.expire_logs_days should cmp == 10
```

Fixes #1541 by changing the way the attributes are fetched.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-15 14:49:16 -05:00
sfreeman
d9221bb925 Add ability to choose a user by username
Add has MFA enabled member
Add "has console password" member

Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
2017-03-15 15:49:13 -04:00
Adam Leff
4f2b66302d Fix ObjectTraverser when accessing array values
When attempting to access array values via the `json` resource:

```
describe json('/tmp/test.json') do
      its(['array',0]) { should eq "zero" }
end
```

... the resulting data would be an array of the size of the original array
with all the values replaced with nils:

```
     expected: "zero"
          got: [nil, nil, nil]
```

This was due to a bug in the ObjectTraverser mixin that mapped array values
back through `extract_value` rather than properly handling the passed-in
key(s). This worked fine for the specific data format created by the `csv`
resource but did not work `json` or any other resource that subclassed the
`JsonConfig` resource.

This change fixes the logic when dealing with an array when it's encountered,
and fixes up the `csv` resource with its own `value` method.

This change also adds tests for ObjectTraverser.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-15 11:35:55 +01:00
Adam Leff
dfce561276 Provide better error message when inspec.yml is invalid
Currently, if the inspec.yml for a profile is invalid (such as including
an improperly-defined multi-line string), InSpec will throw an exception
from the YAML parser that does not given a clear indication that the
issue was encountered while parsing the inspec.yml file.

This change introduces a better exception message to clue the user into
where the problem actually lies.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-09 18:03:01 +01:00
Adam Leff
037f08beb2 Fixing port check with v4 IPs in a v6 netstat line
On Linux, netstat may show a tcp6/udp6 protocol line but include a
v4 address. This happens with AF_INET6 sockets that can accept
both v4 and v6 traffic. The port check was not properly handling
this situation and trying to pass a v4 address to URI bracketed as
if it was a v6 address.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-06 22:03:41 -07:00
Adam Leff
f4b1a350ce Merge pull request #1501 from jbenden/jbenden/freebsd-zfs
Add FreeBSD support for ZFS datasets and pools
2017-03-01 13:06:44 -05:00
Adam Leff
91396d2029 Merge pull request #1488 from chef/adamleff/fix-multiple-flat-profiles
Generate default profile names, fix bug when using multiple flat profiles
2017-02-24 16:59:31 -05:00
Carl Johnston
3bdf1563e8 Added unit tests for apache_conf inclusion of symlinked files.
Same test added to both Ubuntu and Centos for consistency.

Signed-off-by: Carl Johnston <carldjohnston@gmail.com>
2017-02-24 16:13:22 +11:00
Adam Leff
0342cca62e Adding a Habitat profile artifact creator
Two new commands have been created:

 * inspec habitat profile create /path/to/profile
 * inspec habitat profile upload /path/to/profile

The `create` command creates a Habitat artifact that contains the contents
of the Habitat profile found at the provided path. This will be used later
in some Habitat + InSpec integrations.

The `upload` command does the same create process but then uploads the
resulting artifact to the Habitat Depot.

Signed-off-by: Adam Leff <adam@leff.co>
2017-02-23 18:25:22 -05:00
Joseph Benden
1fdecc6680 Add FreeBSD support for ZFS datasets and pools
The following new resources have been added; however, they
presently only support FreeBSD and similar.

* `zfs_dataset`: tests if a named ZFS dataset is present
  and/or has certain properties.
* `zfs_pool`: tests if a named ZFS pool is present and/or
  has certain properties.

Additionally, the `mount` resource has been reworked to
include support for FreeBSD; while the existing class
was renamed to LinuxMountParser.

Unit-tests were added for all of the above.

Signed-off-by: Joseph Benden <joe@benden.us>
2017-02-22 10:29:49 -07:00
Viktor Yakovlyev
bdd86542b0 add negative case test for exists?
Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>
2017-02-16 14:33:21 -05:00
Viktor Yakovlyev
f0773ccc75 fix tests
Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>
2017-02-16 14:27:35 -05:00
Alex Pop
88975bff2a Switch package resource to os.redhat detection and use two spaces as fileds delimited
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-15 11:07:10 +00:00
Alex Pop
fae96f6249 Add RedHat support for packages resource
Fix dpkg trimming of first line
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-15 11:07:10 +00:00
Chris Redekop
9d8afa5440 add tests for :instance and :exists
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
2017-02-14 18:38:15 +01:00
Chris Redekop
1842cc2fd9 add another id-method test
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
2017-02-14 18:38:11 +01:00
Chris Redekop
5d00aac059 Add unit test skeleton with Minitest dependency
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
2017-02-14 18:38:06 +01:00
Adam Leff
d0bc085412 Generate default profile names, fix bug when using two-or-more flat profiles
When running InSpec with multiple profiles, and two or more of the profiles
are read in using the "Flat" SourceReader (i.e. they are not actual profiles
with a metadata file like inspec.yml, but rather just a folder containing
.rb files with controls and tests in them), InSpec would throw a NilClass
error when building the necessary objects for the formatter.

The cause was in `#profile_contains_example` in the formatter code which
checks to see if the profile name is the same as the profile_id in the given
example. However, if both of those were nil, it would potentially match the
wrong Flat-read profile.

This change fixes this in two ways: refusing to match if the profile name
or example profile ID is nil, and adding a default name to a profile if
it doesn't have a title or name. This will solve the matching issue and also
clean up the formatter output so users can more easily tell what tests
are from which profile/path.

Signed-off-by: Adam Leff <adam@leff.co>
2017-02-13 13:07:41 -05:00
Adam Leff
417b791baa Adding new crontab resource
The crontab resource parses a particular user's crontab file into
individual entries and allows the user to assert information about
each entry as needed.

Signed-off-by: Adam Leff <adam@leff.co>
2017-02-10 09:33:31 -05:00
Alex Pop
ce927e657a Skip packages resource for unsupported OS
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-10 10:34:01 +00:00
jtimberman
d7fad68541 add "packages" resource
This pull request adds a packages resource so that we can check for pattern matches against all the packages on a system. This initially implements only dpkg support for debian-based platforms so we can cover this use case:

```ruby
describe packages(/^xserver-xorg.*/) do
  its("list") { should be_empty }
end
```

This uses FilterTable so we can supply additional queries, too.

```ruby
describe packages(/vi.+/).where { status != 'installed' } do
  its('statuses') { should be_empty }
end
```

Users can specify the name as a string or a regular expression. If it is a string, we will escape it and convert it to a regular expression to use in matching against the full returned list of packages. If it is a regular expression, we take that as is and use it to filter the results.

While some package management systems such as `dpkg` can take a shell glob argument to filter their results, we eschew this and require a regular expression to match multiple package names because we will need this to work across other platforms in the future. This means that the following:

```ruby
packages("vim")
```

Will return *all* the "vim" packages on the system. The `packages` resource will take `"vim"`, turn it into `/vim/`, and greedily match anything with "vim" in the name. To match only a single package named `vim`, it needs to be an anchored regular expression.

```ruby
packages(/^vim$/)
```

Signed-off-by: Joshua Timberman <joshua@chef.io>

Use entries instead of list

Added a few more tests and non installed package in output
Signed-off-by: Alex Pop <apop@chef.io>

fix lint

Signed-off-by: Alex Pop <apop@chef.io>

Signed-off-by: Joshua Timberman <joshua@chef.io>
2017-02-07 10:29:11 +00:00
Alex Pop
52842de552 Provide a way to force it vs its for any argument
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-03 19:26:02 +00:00
Alex Pop
920ff068e6 Allow setting of the tests array
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-03 15:03:09 +00:00
Alex Pop
83e44f9d2a add another variable handling example test
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-03 08:28:46 +00:00
Alex Pop
f7444ed372 update the tests to reflect the list->entries migration and where support
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-03 08:28:46 +00:00
Christoph Hartmann
58585e3455 switch to faraday as http backend
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-02-02 22:13:36 +01:00
Alex Pop
495185b581 derive xinetd protocol from socket_type when not defined in the config file
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-01 11:19:24 +00:00
Alex Pop
6f3a9d22d7 define protocol as done in CentOS
Signed-off-by: Alex Pop <apop@chef.io>
2017-01-31 14:47:21 +00:00
Alex Pop
a3de32ad04 Fix xinetd parsing of services from the same file. Expose resource.protocols
Signed-off-by: Alex Pop <apop@chef.io>
2017-01-31 12:40:29 +00:00
Alex Pop
80ad877e02 Wrap regex in parenthesis no matter of the matcher used, ex: match, cmp
Signed-off-by: Alex Pop <apop@chef.io>
2017-01-30 11:51:06 +00:00
Alex Pop
5a087bd256 Add matchers and expectations to all object tests
Signed-off-by: Alex Pop <apop@chef.io>
2017-01-30 11:21:57 +00:00
Alex Pop
11429a54d3 Add Inspec::Variable test to a control
Signed-off-by: Alex Pop <apop@chef.io>
2017-01-30 11:01:02 +00:00
Alex Pop
ce90f0aa30 Add Inspec::List and Inspec::Control tests
Signed-off-by: Alex Pop <apop@chef.io>
2017-01-30 11:01:02 +00:00
Alex Pop
660b997342 Add negate! support for the describe.one object
Signed-off-by: Alex Pop <apop@chef.io>
2017-01-30 11:01:02 +00:00
Christoph Hartmann
78b7a2c680 Merge pull request #1435 from postgred/kernel_module_version
Version method for kernel_module
2017-01-27 17:49:23 +01:00
Andrey Aleksandrov
3783357e50
Add version method to kernel_module
Signed-off-by: Andrey Aleksandrov <postgred@gmail.com>
2017-01-27 13:33:41 +03:00
Christoph Hartmann
976e5d85e4 improve http header handling
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-01-26 17:16:37 +01:00
Guilhem Lettron
51ca98c468 Add an http test method
Signed-off-by: Guilhem Lettron <g.lettron@criteo.com>
2017-01-26 12:02:54 +01:00
Christoph Hartmann
efab62ef00 optimize regular expression for postgres config parsing
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-01-05 13:16:47 +01:00
Jeremy J. Miller
72b0c0dd2e control and lib eval unit tests
Signed-off-by: Jeremy J. Miller <jm@chef.io>
2017-01-04 11:33:14 -05:00
Wei, He
370269c2dd Yum.repo should show correct name
https://github.com/chef/inspec/issues/1390

Signed-off-by: Wei, He <weihe924stephen@gmail.com>
2017-01-04 11:10:38 +09:00
Dominik Richter
74ed60ce5f Merge pull request #1387 from jvrplmlmn/package-brew-unit-test
Unit test the 'package' resource for OSX (with brew)
2017-01-03 12:24:46 +01:00
Javier Palomo Almena
07b41eb9df Fix wrong description for the Solaris cases in the unit tests of the 'package' resource
Obvious fix.

Signed-off-by: Javier Palomo Almena <javier.palomo.almena@gmail.com>
2017-01-02 18:06:59 +01:00
Javier Palomo Almena
8ab8fcdda5 Unit test the package resource for Darwin
Signed-off-by: Javier Palomo Almena <javier.palomo.almena@gmail.com>
2017-01-02 17:57:41 +01:00
Javier Palomo Almena
3f1986eb6f Mock 'brew info --json=v1 curl' to facilitate unit testing the package resource for the darwin platform
Signed-off-by: Javier Palomo Almena <javier.palomo.almena@gmail.com>
2017-01-02 17:57:20 +01:00
Makoto Nozaki
42cffeea61 Fix variable name. Add test.
Signed-off-by: Makoto Nozaki <makoto.nozaki@twosigma.com>
2016-12-15 08:00:56 -05:00
Christoph Hartmann
8346d2acfd Merge pull request #1333 from Wing924/fix_regexp_in_processes
fix bug: RegExp in processes resource can't match long-run process #1332
2016-11-30 10:13:38 +01:00
Wei, He
fd04daf77c add testcase for #1332
Signed-off-by: Wei, He <weihe924stephen@gmail.com>
2016-11-30 13:25:44 +09:00
Juan Carlos Castillo Cano
58ef61f1f4 Show process name during inspec output
Signed-off-by: Juan Carlos Castillo Cano <jccastillocano@gmail.com>
2016-11-29 11:00:43 +00:00
Christoph Hartmann
a990d20fcd Merge pull request #1306 from username-is-already-taken2/digitalgaz/windows_task
Adding windows_task resource
2016-11-25 11:46:42 -07:00
username-is-already-taken2
e6e47eec4c Added unit tests, only took most of the night :) 2016-11-20 20:07:59 +00:00
Christoph Hartmann
e3347f0ef0 ensure metadata release entry is a string, even if yml thinks it is a float
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2016-11-20 12:38:27 -07:00
Jeremy J. Miller
5494ec0c60 refactored file resource unit tests
Signed-off-by: Jeremy J. Miller <jm@chef.io>
2016-10-26 15:57:30 +02:00
Alex Pop
70416a35b4 use command instead of comm and set user column width on linux
Signed-off-by: Alex Pop <apop@chef.io>
2016-10-17 15:39:13 +01:00
Anirudh Gupta
8efec7ac6c fix processes resource for os's where username is long to avoid truncation 2016-10-17 11:46:16 +01:00
Alex Pop
5d51b7a0aa dot inspect actual value to match the expected string one 2016-10-13 07:13:51 -07:00
Alex Pop
6719cf544d add tests for cmp output 2016-10-10 05:40:22 -07:00
Artem Sidorenko
77738dd895 Some further tests for Mint 2016-10-08 23:34:56 +02:00
Artem Sidorenko
aa725fe2df Linux Mint support for service resource 2016-10-08 23:34:56 +02:00
Dominik Richter
441967510f bugfix: support nil entries in filter table 2016-10-05 13:04:00 +02:00
Steven Danna
7aa4c6da8e Fix require_controls DSL method
Previous, require_controls was including all controls from the named
profile, despite the documented behavior being that it only includes
controls explicitly pulled in by the user.  The cause was two-fold:

1) A previous refactor meant that we weren't removing the rule from the
correct context, and

2) We weren't descending down the dependency tree when filtering rules.

This commit fixes the require_controls DSL method and adds a test to
help prevent future regressions.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-26 15:20:56 +02:00
Steven Danna
f23a0d1098
Bump lockfile version to 1.0
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-26 09:51:04 +01:00
Christoph Hartmann
dab8ff5c13 replace wmi win32_useraccount with adsi users 2016-09-26 01:31:44 +02:00
Alex Pop
13da437dcc Show skip_message and correct title 2016-09-23 07:47:21 +01:00
Christoph Hartmann
f7ec24a337 implement filter table for group/groups resource 2016-09-23 00:53:24 +02:00
Steven Danna
8d63db9a2b
Change :shasum key to :sha256 for future upgrade
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-21 10:51:04 +01:00
Steven Danna
6814d6ad2b
Fail if a remote source content doesn't match lockfile
If a URL based source does not match the shasum recorded in the
lockfile, it likely means a new version has been pushed to the remote
source. In this case, we fail to help ensure that when using a lockfile
we always run the same code as when the lockfile was created.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-21 10:15:52 +01:00
David Pell
155995adfd In ApacheConf#include_files, check for abs paths
If the path is absolute, just use what was passed, otherwise build an
absolute path using `@conf_dir`.

Fixes #1013
2016-09-20 09:11:09 -04:00
Steven Danna
b2146d8758 Allow users to reference resources from dependencies
All resources from deps are added into the control_eval_context used by
the current profile. However, if there is a name conflict, the last
loaded resource wins. The new `require_resource` dsl method allows the
user to do the following:

    require_resource(profile: 'profile_name',
                     resource: 'other',
                    as: 'renamed')

    describe renamed do
      ...
    end

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-19 19:08:43 +02:00
Christoph Hartmann
17ce99df7f use Gem::Version instead of a regular expression for a test version bump 2016-09-19 18:58:30 +02:00
Christoph Hartmann
178156499f Merge pull request #1076 from chef/ssd/issue-1074
Ensure resources are visible inside its blocks
2016-09-14 17:48:26 +02:00
Steven Danna
8024eea8b7
Ensure resources are visible inside its blocks
The recent changes to provide isolated views of the available resources
was not extended to Rspec::ExampleGroups. This ensures that
ExampleGroups have access to the same resources as the enclosing
Inspec::Rule.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-14 16:27:59 +01:00
Steven Danna
f2e587f6d5
Skip controls from profile's that don't support the current platform
Any controls included from profiles that don't support our current
platform are now marked as skipped.

Fixes #1049
2016-09-14 09:57:53 +01:00
Steven Danna
8f10ee53c5 Provide inspec.yml shortcut syntax
- Allow users to elide the `name` attributes
- Assume a default source of supermarket

Fixes #1048

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-14 08:46:06 +02:00
Christoph Hartmann
9c7d06c167 use simple config for security policy resource 2016-09-12 12:20:57 +02:00
Steven Danna
b48b9edae9
Improve duplicate and cycle detection in resolver
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-12 10:57:55 +01:00
Christoph Hartmann
a2143b8249 identify enabled/disabled accounts for windows 2016-09-12 11:40:25 +02:00
Steven Danna
85cbe713d7
Add GitFetcher and rework Fetchers+SourceReaders
This adds a new git fetcher. In doing so, it also refactors how the
fetchers work a bit to better support fetchers that need to resolve
user-provided sources to fully specified sources appropriate for a
lockfile.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-09 14:14:36 +01:00
Steven Danna
3777f06927
Remove some warnings during the test run 2016-09-09 14:14:36 +01:00
Christoph Hartmann
e61f71143d add unit tests 2016-09-09 12:43:03 +02:00
Christoph Hartmann
73f93c2756 fix powershell based unit tests 2016-09-05 13:36:48 +02:00
Steven Danna
9bb65bd60c Use per-profile execution contexts for library loading
Previously, libraries were loaded by instance_eval'ing them against
the same execution context used for control files.  All resources were
registered against a single global registry when the `name` dsl method
was invoked.  To obtain seperation of resources, we would mutate the
instance variable holding the globale registry and then change it back
at the end.

Now, we instance_eval library files inside an anonymous class.  This
class has its own version of `Inspec.resource` that returns another
class with the resource DSL method and the profile-specific resource
registry.
2016-09-04 20:55:20 +02:00
Steven Danna
5fdf659df1 Load all dependent libraries, even if include_context isn't called
The goal of these changes is to ensure that the libraries from
dependencies are loaded even if their controls are never included.  To
facilitate this, we break up the loading into seperate steps, and move
the loading code into the Profile which has acceess to the dependency
information.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-04 20:55:20 +02:00
Steven Danna
384ccb610c Initial attempt at isolating resources between dependencies
Previously, all resources were loaded into a single resource registry.
Now, each profile context has a resource registry, when a profile's
library is loaded into the profile context, we update the
profile-context-specific resource registry.  This local registry is
then used to populate the execution context that the rules are
evaluated in.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-04 20:55:20 +02:00
Christoph Hartmann
a116406b4e Merge pull request #1014 from jeremymv2/fix_apache_conf
Fix apache conf
2016-09-04 20:18:16 +02:00
Victoria Jeffrey
99ce09c4ac fix inherited profile cli report 2016-09-04 18:28:01 +02:00
Jeremy J. Miller
d5b2e4bf53 removed testing artifact 2016-09-02 22:04:06 -04:00
Jeremy J. Miller
03cb244e84 removed superflous Listen 80 2016-09-02 22:02:47 -04:00
Jeremy J. Miller
c0d105671e better description for tests 2016-09-02 22:00:12 -04:00
Jeremy J. Miller
1b92d15d8f added unit tests 2016-09-02 21:55:28 -04:00
Victoria Jeffrey
5d5aa6354d fix and add test 2016-09-01 20:39:52 -04:00
Steven Danna
3a6e610de9 Allow functional tests to pass on OSX
A few minor issues were causing 3 functional test failures on OS X.
These were not program errors but where rather the result of the
profiles under test assuming a linux environment.

Since many of the developers who will work on this project in the future
will be running OS X, let's ensure they can run the functional tests
easily.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-26 15:25:59 +02:00
Christoph Hartmann
efb2e08a16 add tests for users with sid on windows 2016-08-26 09:40:24 +02:00
Christoph Hartmann
64a5a4d082 switch from os-hardening to ssh-hardening profile 2016-08-25 14:42:55 +02:00
Steven Danna
6034ece853 Initial control isolation support
The goal of this change is to provide an isolated view of the available
profiles when the user calls the include_controls or require_controls
APIs.  Namely,

- A profile should only be able to reference profiles that are part of
  its transitive dependency tree. That is, if the dependency tree for a
  profile looks like the following:

  A
  |- B --> C
  |
  |- D --> E

  Then profile B should only be able to see profile C and fail if it
  tries to reference A, D, or E.

- The same profile should be include-able at different versions from
  different parts of the tree without conflict.  That is, if the
  dependency tree for a profile looks like the following:

  A
  |- B --> C@1.0
  |
  |- D --> C@2.0

  Then profile B should see the 1.0 version of C and profile D should
  see the 2.0 profile C with respect to the included controls.

To achieve these goals we:

- Ensure that we construct ProfileContext objects with respect to the
  correct dependencies in Inspec::DSL.

- Provide a method of accessing all transitively defined rules on a
  ProfileContext without pushing all of the rules onto the same global
  namespace.

This does not yet handle attributes or libraries.
2016-08-25 14:42:55 +02:00
Christoph Hartmann
1300900693 add unit test for local fetcher with windows path support 2016-08-24 16:23:27 +02:00
Annie Hedgpeth
fe5c7c49a4 Attempt at a bug fix to read backslashes as forward slashes in local fetcher 2016-08-24 15:11:20 +02:00
Christoph Hartmann
956d3b7292 add unit test for new package resource 2016-08-24 14:40:26 +02:00
Anirudh Gupta
4041f1898e can check windows service startup mode now 2016-08-24 02:01:10 +05:30
Steven Danna
366e65b198
Add the start of tests for the Resolver class
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-23 14:50:12 +01:00
Christoph Hartmann
95029203cd unique controls for dependency tests 2016-08-19 09:47:41 +02:00
Steven Danna
d779dd53ae Move all dependency related classes into inspec/dependencies
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-19 09:47:40 +02:00
Steven Danna
2041a08aa2 Fetch deps based on urls
This extends the dependency feature to include support for url-based
dependencies.  It takes some deviations from the current support for
URLs that we'll likely want to make more consistent.

By default, we store downloaded archives in the cache rather than the
unpacked archive. However, to facilitate debugging, we will prefer the
unpacked archive if we find it in the cache.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-19 09:47:40 +02:00
Steven Danna
34ae3122e9 Fix recursive deps for path-based deps
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-18 16:02:16 +02:00
Christoph Hartmann
1d8f8bb3e3 restructure unit tests 2016-08-18 13:47:43 +02:00
Christoph Hartmann
c23263f3d0 handle xinetd config with only one entry 2016-08-16 17:23:22 +02:00
Steven Danna
b5cd64d16a Ignore comment lines in /etc/passwd
Most passwd/shadow implementations treat lines that start with '#' as
comments. For example, the implementation in OS X:

     if (buf[0] == '#') {
          /* skip comments for Rhapsody. */
          continue;
     }

https://opensource.apple.com/source/remote_cmds/remote_cmds-41/rpc_yppasswdd.tproj/passwd.c

Fixes #725

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-16 10:54:52 +02:00
Victoria Jeffrey
6f198f539b cleanup 2016-08-16 10:01:10 +02:00
Victoria Jeffrey
cf771ab967 ssh_config parse should be case insensitive 2016-08-16 10:01:10 +02:00
Alex Pop
353dcf10ec make netstat default for getting ports and get only listening ones 2016-08-12 16:02:56 +01:00
Steven Danna
afddebaf3f
Add inspec env command to configure shell tab-completion
This adds a new subcommand:

   inspec env [SHELL]

which outputs a shell-appropriate completion script that the user can
source into their shell:

   eval "$(inspec env SHELL)"

Currently, we provide completions for ZSH and Bash. The completion
scripts are generated from the data Thor collects.

If the user doesn't provide SHELL we attempt to detect what the user's
shell may be using a number of methods.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-10 02:07:53 +01:00
Steven Danna
13ebea48e1 Allow port to be specified as a string
This allows the user to write:

   describe port(22) do
     it { should be_listening }
   end

as well as

   describe port('22') do
     it { should be_listening }
   end

without hitting an error.

Fixes #867

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-05 14:01:08 +02:00
Christoph Hartmann
d9a1a500d0 add params and content method to parse_config 2016-08-05 12:13:56 +02:00
Steven Danna
57d7275857
Update inspec for os[:family] change in Train
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-04 13:32:35 +01:00
Dominik Richter
c2f34932ad add port resource for windows 2008
using `netstat -an`
2016-07-21 14:58:43 +02:00
Dominik Richter
c6644ebdfe check service running by ActiveState
See http://unix.stackexchange.com/questions/159174/differences-between-inactive-vs-disabled-and-active-vs-enabled-services
2016-07-06 12:57:04 +02:00
Christoph Hartmann
9bdb01f1d5 improve wmi resource 2016-06-19 23:40:45 +02:00
Dominik Richter
f93084520f introduce cli report formatter 2016-06-15 17:11:29 +02:00
Dominik Richter
2db8d83d56 support intra-libraries file referencing + loading
solves https://github.com/chef/inspec/issues/779
2016-06-03 22:54:35 +02:00
Dominik Richter
302a718b48 list arbitrary ports and query it
utilizing filter table to make port more flexible and useful.
2016-05-31 03:14:07 +02:00
Dominik Richter
02dae2c3c5 add simple style for filter table data
for quick flattening, filtering, and non-nil results. this also simplifies some interal calls and structure
2016-05-31 03:01:03 +02:00
Christoph Hartmann
e9ca7107b0 add tests for os resource 2016-05-31 00:01:26 +02:00
Dominik Richter
d6345ffd17 add resource to filter table blocks
i.e. get access to the original resource for more information and calls.
2016-05-30 23:31:14 +02:00
Anirudh Gupta
4a9d9a4757 fixed 'it' statements under file_test 2016-05-16 19:24:14 +05:30
Dominik Richter
67f7a5936c catch corner-case with symbols on test-objects 2016-05-13 20:39:17 +02:00
Dominik Richter
603e3e21b3 fix construction of ruby objects on string and array handlers 2016-05-13 19:07:43 +02:00
Dominik Richter
dde4433933 use struct for processes list
we know all the fields + struct is fully compatible to the curren hash implementation
2016-05-13 11:22:56 +02:00
Alex Pop
2a9d9b5481 return empty array instead of nil to be .each friendly 2016-05-11 22:21:22 +01:00
Victoria Jeffrey
1811eb6666 Expose label for processes only on linux 2016-05-10 13:59:13 -04:00
Alex Pop
9ded3b8835 Provide service params as a mash, empty unless systemd for now 2016-05-09 14:54:09 +02:00
Dominik Richter
5d925b2851 api: make processes return integers for pid/vsz/rss 2016-05-06 16:49:21 +02:00
Alex Pop
c518b9edc2 expose systemd service properties via .info 2016-05-06 13:36:42 +02:00
Dominik Richter
b14495051a prevent duplicate profile-loading
this happens when the profile is run (exec) and also interpreted (via profile.params). It will load 2 profile context calls (both via Runner) which in turn gets 2 rounds of interpreter+runner executions. This is an issue with auto-generated IDs, due to their random component, which changes in this case
2016-05-06 13:14:40 +02:00
Dominik Richter
20d08a63b5 inspec --format [json|fulljson|rspecjson] overhaul
Full rewrite of all formatters. Create a minimal JSON, a full JSON, and a fallback RSpec formatter. The latter is only needed for corner cases and should not really be used. The former 2 are for (1) running `inspec json` followed by `inspec exec` (`--format json`) and (2) running just `inspec exec --format fulljson`.
2016-05-06 13:14:40 +02:00
Dominik Richter
a809097d12 simplify full_id generation 2016-05-06 13:14:40 +02:00
Dominik Richter
fc718267c4 extend filter table to handle soft variable lookup 2016-05-04 15:27:58 +02:00
Dominik Richter
fb91b788a6 use filtertable with passwd resource 2016-05-04 15:27:58 +02:00
Alex Pop
f78afe0d75 Use only strings in resource examples, docs and tests 2016-05-03 23:27:18 +01:00
Anirudh Gupta
738ef69bcf prefixed hpux to cmd file name 2016-05-03 21:38:39 +05:30
Anirudh Gupta
d839f218bf hpux support for basic port properties 2016-05-03 14:30:59 +05:30
Alex Pop
56d856531b support basename parameter and add tests 2016-04-29 13:40:32 -04:00
Dominik Richter
0c8e891ee1 add #entries to filter table + remodel configuration 2016-04-28 22:46:39 +02:00
Dominik Richter
048a1584b9 encapsulated filters 2016-04-28 22:46:39 +02:00
Dominik Richter
652f10ad9a use Inspec::Filter in xinetd resource 2016-04-28 22:46:39 +02:00
Christoph Hartmann
ab9f5f9c1a Merge pull request #682 from Anirudh-Gupta/hpux
Hpux
2016-04-27 06:29:05 -07:00
Anirudh Gupta
045d8c6572 added file permission by user check for hp-ux 2016-04-26 15:08:01 +05:30
Anirudh Gupta
1330e09df5 added file permission by user check for hp-ux 2016-04-26 14:53:28 +05:30
Christoph Hartmann
2242790528 Merge pull request #678 from Anirudh-Gupta/hpux
added hpux user and package resource support
2016-04-25 07:22:19 -05:00
Dominik Richter
d0760662ce bugfix: restore pax_global_header fetcher filter
The original tests were deactivated. Reactivate and fix the implementation.

TODO: verify that this matches expectations
2016-04-24 02:38:22 -04:00
Dominik Richter
bc724c81ff fix legacy supports call
as reported by Jeremy Miller and Alex Pop
2016-04-22 11:15:57 -04:00
Anirudh Gupta
75534fdaa5 added hpux user and package resource support 2016-04-21 14:01:56 +05:30
Dominik Richter
9da23f9cbc remodel bash and shell wrappers 2016-04-18 11:48:42 -04:00
Dominik Richter
0631779412 configure command execution shells to sh/bash/zsh 2016-04-18 01:09:37 -04:00
Thomas Cate
0f8aff0b91 added default and per kernel checking 2016-04-17 10:46:35 -04:00
Thomas Cate
3051ead64d added tests for grub_conf resource 2016-04-17 10:46:29 -04:00
Dominik Richter
f54195408f simplify key symbolization in metadata 2016-04-16 18:47:59 -04:00
Dominik Richter
14995534cd skip profiles if the platform isnt supported 2016-04-16 15:34:23 -04:00
Dominik Richter
a1188b26ce add supports_runtime? to metadata 2016-04-16 15:25:59 -04:00
Jacob McCann
9dbf5354e5 Add 'static' value as enabled to systemd service enabled check 2016-04-13 14:44:28 -05:00
Dominik Richter
fb54c4ea24 api: inspec.yml supports now adds tests w/o running
Instead of just removing all tests because of OS support, supports now acts by adding all tests to the execution context, but doesnt actually execute them. Instead tests are set to skip before they get to the actual execution context
2016-04-06 11:28:52 +02:00
Dominik Richter
c55fb0b587 prevent only_ifs from getting overwritten 2016-04-06 10:46:36 +02:00
Dominik Richter
a72fee6623 add only_if for controls 2016-04-06 10:46:36 +02:00
Dominik Richter
c73afd4c1c overhault rule/control internals
instead of keeping them as flat variables, prefix all internals with `__` to create consistency. Also add accessors on the class-level to expose these values in all rules. This way we keep all variable-names in one location and get some safety on access.
2016-04-06 10:46:36 +02:00
Dominik Richter
598e8be07f don't remove controls with only_if
instead mark them as skipped, but don't just remove them.

This also introduced a number of tests around only_if on the global level
2016-04-06 10:15:53 +02:00
Dominik Richter
2cad553de8 add advanced passwd filters (experimental) 2016-03-31 02:03:20 +02:00
Alex Pop
3c3d711dfd bugfix: fix rare inspec shell missing all resources
In some instances, when running inspec shell, you dont get any resources inside of it. i.e. `inspec shell` and then `os` will lead to

```ruby
NameError: undefined local variable or method `os' for
from (pry):1:in `add_content'
```

This is because of instance_eval loading withing the given source/line
information and not attaching to the profile context which actually has
all the resources. Fix it by making sure that inspec shell always
attaches to the profile context with resources by providing nil for
source and line information.
2016-03-24 20:37:46 +01:00
Christoph Hartmann
cd57b26bd0 wmi unit test 2016-03-20 11:53:56 +01:00
Christoph Hartmann
4c5a3ed412 add vbscript unit test 2016-03-19 19:04:31 +01:00
Christoph Hartmann
e8aa426846 add vbscript integration test 2016-03-19 19:04:31 +01:00
Christoph Hartmann
f50255486b add support for addresses in port resource 2016-03-19 11:48:14 +01:00
Christoph Hartmann
32a065239c update unit test, add integration test 2016-03-18 15:47:00 +01:00
Dominik Richter
76fe4483d4 feature: add tags and refs 2016-03-18 01:42:26 +01:00
Dominik Richter
b7e438eabc add a mock fetcher 2016-03-17 23:37:09 +01:00
Dominik Richter
ca5f7b822b add tests for resource plugin 2016-03-17 15:58:20 +01:00
Dominik Richter
387415859e rename internal File -> FileResource 2016-03-09 10:48:48 +01:00
Dominik Richter
ccf2694940 bugfix: inheritance of local profiles 2016-03-08 14:59:14 +01:00
Dominik Richter
e617f74bcd filter xinetd fields by regex 2016-02-26 14:46:51 +01:00
Dominik Richter
4a39275fc0 add xinetd_conf resource 2016-02-26 13:19:16 +01:00
Dominik Richter
e9ffc85b53 test for empty global describe block 2016-02-25 14:30:27 +01:00
Dominik Richter
3ae50adae9 feature: conditional OR via describe.one
```
describe.one do
  describe command("uname -r").stdout do
    it { should_not match /x86_64/ }
  end
  describe test_sth_for_x64_processors do
    ...
  end
end
```
2016-02-25 14:30:23 +01:00
Christoph Hartmann
ee7adc24ec add unit tests 2016-02-22 18:24:16 +01:00
Stephan Renatus
2da97df5f0 test: read mock-archives in binary mode
this doesn't hurt in *nix, but makes tests pass on windows.
2016-02-22 13:47:33 +01:00
Stephan Renatus
c24a504cb6 tests: clarify kind_of's 2016-02-22 12:06:42 +01:00
Stephan Renatus
8d572934eb tests: make this work on non-linux 2016-02-22 12:06:42 +01:00
Stephan Renatus
e67576b1cd tests: make non-existant files explicit 2016-02-22 12:06:42 +01:00
Dominik Richter
33b2876d7c fix tests and lint 2016-02-22 12:06:42 +01:00
Dominik Richter
d065794d96 remove old target interface 2016-02-22 12:06:42 +01:00
Dominik Richter
1e1e473cb0 replace target-helper with fetcher+reader 2016-02-22 11:24:35 +01:00
Dominik Richter
202a781f6a fail on incorrect metadata of url download 2016-02-22 11:24:35 +01:00
Dominik Richter
c79d9f7777 add flat source reader 2016-02-22 11:24:35 +01:00
Dominik Richter
c9d1272f49 add relative fetcher
This helps reduce any folder structures, weather on disk or in archives, to their relative root paths; i.e. ignore all file-prefixes that are given and go directly to the underlying files, relative to the common folders that contain it
2016-02-22 11:24:35 +01:00
Dominik Richter
f023d02bbb add inspec source reader 2016-02-22 11:24:35 +01:00
Dominik Richter
125ee53041 create source_reader plugin structure 2016-02-22 11:24:35 +01:00
Dominik Richter
d293550375 chain fetchers together 2016-02-22 11:24:35 +01:00
Dominik Richter
7b073fe153 add url fetcher 2016-02-22 11:24:35 +01:00
Dominik Richter
4e830ffc24 add tar fetcher 2016-02-22 11:24:35 +01:00
Dominik Richter
1c29667523 add zip fetcher 2016-02-22 11:24:35 +01:00
Dominik Richter
a83e29cc01 add local fetcher 2016-02-22 11:24:35 +01:00
Dominik Richter
1e096c7181 add shadow resource for /etc/shadow 2016-02-19 14:26:04 +01:00
Christoph Hartmann
3f6b89e24d extend github url support 2016-02-19 09:12:25 +01:00
Dominik Richter
1fa957c8ca ensure deprecated methods still work 2016-02-18 16:25:02 +01:00
Dominik Richter
83fcc35d2a expose all fields + deprecate singular accessors 2016-02-18 16:10:42 +01:00
Christoph Hartmann
26276ca991 use ruby zip and tar for unit tests 2016-02-18 14:27:16 +01:00
Dominik Richter
b8cce5d3c7 create zip for test helper in ruby
The zip command is not always there. (e.g. i dont have it on my box). just use the available zip library
2016-02-18 14:25:55 +01:00
Dominik Richter
b872c04616 bugfix: url helper loading zip and tar 2016-02-18 14:25:55 +01:00
Dominik Richter
509088ba5d share test helpers for loading profile archives 2016-02-18 14:25:55 +01:00
Dominik Richter
e354854fc9 bugfix: dont skip url target unit test 2016-02-18 14:25:55 +01:00
Dominik Richter
33f58b3348 add tests for runlevel testing 2016-02-14 18:37:20 +01:00
Dominik Richter
36cbafc438 add runlevel helper object to services 2016-02-14 18:23:58 +01:00
Dominik Richter
0934948a1a support runlevels for system V + service matching
Bugfix: there were services that would get matched because of the way the regex was constructed, i.e. if the user inserted `.` or `*` or anything regexy. Even if the service only had part of the name you were interested in, it would match (e.g. `sshd` would find `my_sshdaemon`).

Apart from this, runlevels are now detected for SystemV. This is exposed in `#info`
2016-02-13 02:11:51 +01:00
Stephan Renatus
e184347c6d iptables unit test: add comment examples
this is not broken; but it should stay not broken ;)
2016-02-10 09:57:32 +01:00
Stephan Renatus
4b6eced92a auditd_rules: access by key, tests + documentation 2016-02-09 11:51:52 +01:00
Stephan Renatus
cd5f47ed33 auditd_rules: unit tests, meet the real world 2016-02-09 11:51:52 +01:00
Stephan Renatus
664561aa80 auditd_rules: status querying (old/new) and unit tests
TODO: unit tests for the legacy format
2016-02-09 11:51:52 +01:00
Stephan Renatus
b18936d704 move simple_config_test.rb to utils/ 2016-02-09 11:51:52 +01:00
Stephan Renatus
57db5a9414 unit test FilterArray, make retrieved values unique 2016-02-09 11:51:52 +01:00
Stephan Renatus
4afb22565e auditd_rules: teach old dog new tricks 2016-02-09 11:51:52 +01:00
Stephan Renatus
2afc29e48f auditd_rules: stash legacy behaviour away 2016-02-09 11:51:52 +01:00
Dominik Richter
ac6d7fb76f fix unit tests for winrm 1.6.1 command scheme 2016-02-09 11:05:36 +01:00
Dominik Richter
e56321f6c7 semantics: rename CLI plugins registry -> subcommands
Basically make sure everyone understands these are only subcommands. we might consider adding plugins for options or existing commands instead of new subcommands. this just ensures everyone knows what registry is for
2016-02-09 01:20:38 +01:00
Christoph Hartmann
b7a88dbd7a fix linting and unit test 2016-02-05 16:57:51 +01:00
Christoph Hartmann
3d7ee9d95b add unit test for cli plugin 2016-02-05 14:06:55 +01:00
Stephan Renatus
688709356c upstart_service: add version mock for ubuntu 2016-02-05 13:49:18 +01:00
Christoph Hartmann
86ee6a1298 extend unit tests 2016-02-04 18:46:23 +01:00
Christoph Hartmann
d7cb5a9ae0 adapt unit tests 2016-02-04 18:05:40 +01:00
Christoph Hartmann
81de512fbf fix order of logging messages 2016-02-03 22:20:02 +01:00
Stephan Renatus
828d6ad443 Inspec::Profile fix @metadata 2016-02-03 16:47:49 +01:00
Stephan Renatus
1c76d723ff Update tests 2016-02-03 15:42:33 +01:00
Dominik Richter
34bc94d13f mock resource operating systems for tests 2016-01-29 21:55:08 +01:00
Christoph Hartmann
62844eee0c add unit tests 2016-01-28 18:30:38 +01:00
Christoph Hartmann
678ee2b473 parse port information on solaris 10 and 11 via netstat 2016-01-28 18:30:38 +01:00
Stephan Renatus
b69dac698b resources/launchd_service: add test
indicating that parsing is broken for non-running enabled services
2016-01-25 16:29:08 +01:00
Dominik Richter
88d2b26387 bugfix: write given ID to metadata json
Whenever the user provides an ID under which the profile is scoped, write it out to JSON during generation.
2016-01-25 15:48:56 +01:00
Christoph Hartmann
b30720f926 Merge pull request #380 from chef/sr/service-override
add service overrides for picking specific service managers, add runit_service
2016-01-21 13:35:23 +01:00
Stephan Renatus
7a308806aa unit tests: add systemd_service instance with overridden service_ctl 2016-01-21 11:41:48 +01:00
Dominik Richter
d10207caca warn about legacy supports fields in metadata
I.e.: Prevent users from writing `supports: linux` and similar. These are deprecated and will be removed. Also improve the warning to indicate what the user should do instead. Finally add tests to make sure we get all these.
2016-01-21 11:05:26 +01:00
Dominik Richter
cac102aeac add profile tests (non-legacy) 2016-01-20 21:57:23 +01:00
Stephan Renatus
5c0cdb31c9 *_service: add unit tests
NB I've just added default duplicates to one instance (i.e., there's
only one `systemd_service`), since there's no os-specific magic in them.
Also these tests only verify that the default choice is equivalent to
`service` on the tested distribution.
2016-01-20 15:54:36 +01:00
Stephan Renatus
0e410df69d add *_service overrides, allowing for different control binaries 2016-01-20 15:33:18 +01:00