Commit graph

1189 commits

Author SHA1 Message Date
Christoph Hartmann
0e0b808e9b enforce utf encoding for cli output (#3376)
* enforce utf encoding for cli output
* add profile with wrong character set

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2018-09-10 14:37:43 -04:00
Jared Quick
30e43c294d
Remove any inspec.lock file before testing vendoring. (#3377)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-10 10:15:16 -04:00
Jerry Aldrich
9d031053ea Various improvements to vendor command (#3286)
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-09-06 23:28:08 -04:00
Jared Quick
76b453eee9
Allow target-id passthrough (#3320)
* Allow uuid passthrough
* Update flag to be target-id.
* Updated to use proper formatting for header.
* Fix empty line after cli banner.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-05 15:07:34 -04:00
Noel Georgi
34ae5aac40 Add HTTP basic auth for URL based inspec deps (#3341)
* Add HTTP basic auth for URL based inspec deps
* Add tests

Signed-off-by: Noel Georgi <git@frezbo.com>
2018-08-30 12:57:50 -04:00
Noel Georgi
9b5aaa4f87 Support erb rendering (#3338)
* Support erb rendering

Fixes: https://github.com/inspec/inspec/issues/3337

* Add UT's and docs

Signed-off-by: Noel Georgi <git@frezbo.com>
2018-08-30 12:56:06 -04:00
Jared Quick
6120497db1
Convert legacy supports to their platform counterparts (#3333)
* Convert legacy supports to their platform counterparts.
* Fix rubocop lint.
* Update json schema for platform supports.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-08-30 09:11:55 -04:00
Josh Hudson
2d44b6e5e0 Cached profiles with Compliance Fetcher (#3221)
* Leverage existance check in Compliance::Fetcher.resolve to not re-download locally cached profiles
* Move logic from Compliance::API.exist? to Compliance::API.profiles to reuse code in cases where we need to access profiles' metadata directly.
* Declare @upstream_sha256 if target is a string
* Handle other fetchers that don't support upstream_sha256 within Inspec::CachedFetcher.initialize
* Add initialize for Compliance::Fetcher to not pollute Fetchers::Url with its logic
* Add Compliance::Fetcher.sha256 to leverage upstream_sha256 instead of relying on inherited method from Fetchers::Url
* Revert changes to cached fetcher that are unnecessary after refactor
* Pacify the god of ruby syntax
* Move Compliance::API.profiles filtering logic to end of method to leverage normalization of mapped_profiles
* Add and update unit tests to support caching with Compliance::Fetcher.upstream_sha256

Signed-off-by: Josh Hudson <jhudson@chef.io>
2018-08-28 09:11:38 -04:00
Jerry Aldrich
7098631d3e Infer --sudo when --sudo-password is used (#3313)
This does the following:
  - Adds `--sudo` if using `--sudo-password`
  - Warns the user if using `--sudo-password` without `--sudo`
  - Adds unit tests for `Inspec::BaseCLI#opts`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-08-23 13:47:26 -04:00
Jared Quick
9f3e1c33a8
Suppress logs for json-automate reporter (#3324)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-08-23 13:43:48 -04:00
Vern Burton
a7ab4b8b5f Add cloudlinux under redhat family (#2935)
* adding cloudlinux into the mocker under the redhat family as it is found inside of train, and creating tests for cloudlinux that mirror the centos/redhat tests.
* adding cloudlinux under the select_service_mgmt method so that it can be matched.

Signed-off-by: Vern Burton <me@vernburton.com>
2018-08-22 15:58:38 -04:00
Clinton Wolfe
d24e0f0ec9 Plugins V2 API: CLI Command Plugin Type, Again (#3296)
Plugins V2 API: CLI Command Plugin Type

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-08-16 20:22:28 -04:00
Clinton Wolfe
811318f2f8 Plugins API v2: Loader, Base API, and Test Harness (#3278)
* Functional tests for userdir option
* Accepts --config-dir CLI option
* Actually loads a config file from the config dir, more cases to test
* Able to load config and verify contents from config-dir
* Functional tests to ensure precedence for config options
* Enable setting config dir via env var
* .inspec, not .inspec.d
* Begin converting PluginCtl to PluginLoader/Registry
* Able to load and partially validate the plugins.json file
* More work on the plugin loader
* Break the world, move next gen stuff to plugin/
* Be sure to require base cli in bundled plugins
* Move test file
* Revert changes to v1 plugin, so we can have a separate one
* Checkpoint commit
* Move v2 plugin work to v2 area
* Move plugins v1 code into an isolated directory
* rubocop fixes
* Rip out the stuff about a user-dir config file, just use a plugin file
* Two psuedocode test file
* Working base API, moock plugin type, and loader.
* Adjust load path to be more welcoming
* Silence circular depencency warning, which was breaking a unit test
* Linting
* Fix plugin type registry, add tests to cover
* Feedback from Jerry

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-08-16 18:16:32 -04:00
Jared Quick
34ac059972
Allow the jsonAutomate report to be executed from cli (#3285)
* Allow the jsonMerged report to be executed from cli.
* Renamed reporter to json-automate and added in comments.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-08-14 20:07:59 -04:00
Miah Johnson
3a9ed68c72
Merge pull request #3267 from inspec/miah/3158-3
Update `only_if` to allow user specified messages.
2018-08-10 09:38:55 -07:00
Miah Johnson
e710b5b633 Remove conditional checks for true and reverse if conditional on
Inline if_false_message into test.

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-08-09 12:12:47 -07:00
Robert Van Kleeck
5264cb5fdf add iis_app_pool resource (#2400)
* add iis_app_pool resource
* add sign off
* remove training whitespace
* code cleanup and simplify timeout checks
* add mock tests

Signed-off-by: Rob Van Kleeck <rvankleeck@salesforce.com>
2018-08-09 09:19:49 -04:00
Henry Muru Paenga
f605051f53 Add new resource: aws_ecs_cluster (#3213)
Signed-off-by: Henry Muru Paenga <meringu@gmail.com>
2018-08-09 09:19:27 -04:00
Jared Quick
71003cd564
Error cleanly if a reporter errors while rendering (#3280)
* Error cleanly if a reporter error while rendering.
* Add functional test for automate reporter.
* Remove authors.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-08-09 09:18:10 -04:00
Noel Georgi
9d3beb8d41 Adding docker plugin support (#3074)
* Fixing tests and squashing
* Updating as per some PR comments
* PR comments

Signed-off-by: Noel Georgi <18496730+frezbo@users.noreply.github.com>
2018-08-09 08:20:32 -04:00
Ksenia
d2ae5c0d68 Fix issue#3269. Add 17 hexadecimal characters support aws_route_table (#3277)
Add support in aws_route_table to allow 17 hexadecimal characters
2018-08-09 08:16:03 -04:00
Miah Johnson
782be81807 Allow passing a message to set_skip_rule. Previously, the value passed
to set_skip_rule could be a boolean, or a message. Now value should
always be a boolean, and if a message is needed one can be passed and
will be set.
Allow only_if to take a message during control_eval DSL.
Add test for only_if(message).

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-08-07 11:37:59 -07:00
pete higgins
4ed7362f0c Enable inspec archive, check, and json to run as unpriveleged user (#3263)
* Add --vendor-cache flag for archive, check, and json commands.
* Remove unused ignore_supports flag for Inspec::Runner.

This flag was only set in two code paths that did not call
Inspec::Runner so setting it did not have any effect.

Signed-off-by: Pete Higgins <pete@peterhiggins.org>
2018-08-07 12:12:41 -04:00
Jared Quick
73a40139a6 Add a merged json report for A2 (#3261)
* Provide a json_merge report used by A2 that merges all child profiles.

Signed-off-by: Jared Quick <jquick@chef.io>

* Merge profile controls from child up until we find something usable.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add testng for json_merged report.

Signed-off-by: Jared Quick <jquick@chef.io>

* Push the profile population to be later in the report.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-08-03 16:07:01 +02:00
Noel Georgi
b93da53237 Escaping package names for windows packages (#3259)
* Escaping package names for windows packages
* Fixing missed package_name ref
* Updating Mock SHA
* Removing unwanted file
* Linting fix

Signed-off-by: Noel Georgi <18496730+frezbo@users.noreply.github.com>
2018-08-02 14:40:14 -04:00
Jared Quick
6e59ef176b
Populate report code for merged controls (#3264)
* Populate the code section for all profiles where we merge controls.
* Fix rubocop issues.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-08-02 14:39:11 -04:00
Jerry Aldrich
f2d64938b7 windows_feature resource: Add DISM support (#3224)
* windows_feature resource: Add DISM support

This modifies the `windows_feature` resource to fallback to DISM when
the `Get-WindowsFeature` command is not available.

* Allow specifying `:dism` or `:powershell`
* Replace stacktrace with smaller error message
* Add notes/todo about raise behavior
* Remove duplicated platform check

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-07-25 16:00:06 -04:00
Jerry Aldrich
2245bba021 cli: Downcase supermarket tool name to match URL (#3242)
* cli: Downcase supermarket tool name to match URL

This downcases the user provided tool name. Without this fetching the
profile will fail because the Supermarket API downcases in the URL.

* Add another downcase
* Add handling for `supermarket://owner_but_no_name`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-07-25 15:59:19 -04:00
Jerry Aldrich
c1d7b2cfa3 alpine resource: Fix small style issues (#3238)
* Constrain RuboCop disables to single method
* Add comment to Alpine package command
* Use single quotes for Alpine package command
* Change `it` statement to be readable

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-07-25 15:57:51 -04:00
Jared Quick
faf3d1588e
Fix the unit tests by pining to a older openssl cookbook. (#3251)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-07-25 13:08:12 -04:00
Dan Webb
a0fffa5286 Add Alpine package provider (#3215)
- Add Alpine tests
- Stub apk grep command for alpine
- Resolve (disable for now) rubocop ABC/CyclomaticComplexity/PerceivedComplexity

Signed-off-by: Dan Webb <dan.webb@damacus.io>
2018-07-19 15:07:36 -04:00
James Stocks
ca833afacf Generate describe code for an array of strings (#3227)
Context:
When testing a Windows registry key with a period character in it e.g. `explorer.exe` it is not possible to use `its("explorer.exe")` because the period would be interpreted as method chaining.
In this case, you must instead use `its(["explorer", "exe"])`
See https://github.com/inspec/inspec/issues/1281

This commit fixes `to_ruby`in `Inspec::Describe` so that it produces an array in the generated Inspec code instead of a string.

Signed-off-by: James Stocks <jstocks@chef.io>
2018-07-19 15:00:21 -04:00
Miah Johnson
bfd569fe99 Ensure resources fail that target something that isn't supported (#3231)
* Use fail_resource rather than skip_resource when the platform is not
supported by the resource.

* Update tests to handle failing on unsupported platforms.
Update functional tests.

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-07-19 08:16:54 -04:00
Jerry Aldrich
706493f2f3 command resource: Allow redacting #to_s (#3207)
* command resource: Allow redacting `#to_s`
* Respond to feedback

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-07-16 08:20:57 -04:00
Stanislav Voroniy
a16877f427 A number of bug fixes and new features for oracledb_session resource (#3170)
Signed-off-by: Stanislav Voroniy <stas@voroniy.com>
2018-07-09 13:57:45 -04:00
Clinton Wolfe
92e96ebedb Accept regexes for --controls option to inspec exec (#3179)
* Functional tests for regex control selection
* Implementation for regex-based control filtering

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-07-05 15:44:30 -04:00
Miah Johnson
a084187b21 When a profile is created with init, the last item after a / is the (#3175)
profile name. eg "with/slash" would result in a profile created in the
"with" directory named "slash"

Add test for inspec init, and updated other for new output.

Clean up profiles created during testing and place them in temporary
directories.

Describe our test a bit better.
Check that the profile was created in the right location.
Check that the profile is named correctly.

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-07-05 15:37:18 -04:00
Noel Georgi
6fe13ce1eb Updating inspec with bastion options (#3180)
* Updating inspec with bastion options as per https://github.com/inspec/train/pull/310
* Updating train pin
* Adding --password to pass the test
* Revert "Updating train pin"
* PR changes

Signed-off-by: Noel Georgi <18496730+frezbo@users.noreply.github.com>
2018-07-05 15:37:04 -04:00
Jerry Aldrich
a56539bc62 Fix some issues with the vendor functional tests (#3196)
* Sort `Dir.entries` in functional test

Ruby's `Dir.entries` differs between OS's. This ensures the same order
is used when comparing two arrays.

* Remove unused variable `exec_out`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-07-05 14:19:41 -04:00
Miah Johnson
ef6cb0d85b This functional test was validating that a randomly named directory (#3198)
Fix vendor functional test to not validate a repo hash that can change.
2018-07-05 13:54:53 -04:00
Clinton Wolfe
2ac5581d32 Document exit codes for 'inspec exec' and add --no-distinct-exit option (#3178)
* Add long description to inspec exec command, mentioning exit codes
* Modify website doc builder code to use long description if available
* Functional test for --distinct-exit flag
* Implement --distinct-exit option
* Inspec shell also needs the option

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-29 08:43:34 -04:00
Jared Quick
52694d4031 Add parent_profile field in json output (#3164)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-06-26 13:04:31 -04:00
Jerry Aldrich
737df411ef apache_conf resource: Strip quotes from values (#3142)
* apache_conf resource: Strip quotes from values
* Update regex to capture all vars between quotes
* Change `x` and `y` to proper variable names

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-06-26 07:48:48 -04:00
Clinton Wolfe
ed44b34509 Add functional tests for nested attributes (#3157)
* A functional test for attributes
* Add tests for nested attrs in yaml
* remove commented-out tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-26 07:48:20 -04:00
Clinton Wolfe
44c0fd2e4f
Accept symbols and downcased criteria in aws_iam_policy have_statement matcher (#3129)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-21 14:19:56 -04:00
Jared Quick
12890408bb
Fix control merging when overriding child controls (#3155)
* Fix the control merging issues when overriding child controls.
* Fix rubocop issue and vendor compression.
* Add in lock file for vendor profile

Signed-off-by: Jared Quick <jquick@chef.io>
2018-06-21 13:37:47 -04:00
Jerry Aldrich
cf9ce1bfdc auditd resource: Add handling for sudo/no command (#3151)
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-06-20 21:27:53 -04:00
Jared Quick
7db83446ba
Add insecure option to the automate report json (#3124)
* Add insecure option to the automate report json.
* Add in automate and compliance json documentation.
* Fix typo.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-06-14 14:05:21 -04:00
Clinton Wolfe
7aa60852e6 Add list properties back to shadow (#3140)
* Un-deprecate plural properties on shadow; deprecate the singular versions
* Update filtertable interface to current
* A weak attempt at making the docs coherent
* Doc feedback per Jerry

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-14 13:42:00 -04:00
Jared Quick
4e54475cec
Fix tests for ruby 2.5 (#3125)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-06-11 11:25:16 -04:00