* Require Ruby 2.3 and later
Ruby 2.1 is EOL, and Ruby 2.2 is on security fixes only. This moves
InSpec to support the current "normal maintenance" versions of Ruby
like Chef does and also bumps the versions used in Travis tests.
Signed-off-by: Adam Leff <adam@leff.co>
* Remove Ruby 2.2 from appveyor
Signed-off-by: Adam Leff <adam@leff.co>
* Bumping train to 0.29
Train 0.29 includes some bug fixes and a refactor of the File classes
Signed-off-by: Adam Leff <adam@leff.co>
* Correct unit test for undefined platform
Train requires that a hash is supplied when mocking an OS. Because
an OS of "unsupported" rather than "undefined" was chosen in a unit
test, a nil was passed to train and it caused a failure.
Signed-off-by: Adam Leff <adam@leff.co>
* Ensure 0.29.1 or later gets picked up, but 0.30 is also acceptable
Signed-off-by: Adam Leff <adam@leff.co>
The `toml` gem has a very strict version dependency on an old version
of parslet. This change switches us to use `tomlrb` instead which has
no direct dependencies. This will allow us to bump up to a later version
of parslet that has better error handling and insight into parser errors.
Signed-off-by: Adam Leff <adam@leff.co>
Train 0.27.0 has a dependency on net-ssh `~> 4.2` which causes issues
with certain Chef installs that only support 4.1.0 or 3.x versions of
net-ssh, causing gem conflicts. This bumps InSpec to use Train 0.28.0
which has a looser dependency on net-ssh and also properly addresses
a net-ssh deprecation introduced in net-ssh 4.2.0.
Signed-off-by: Adam Leff <adam@leff.co>
Train 0.27.0 includes a fix to properly support net-ssh 4.2 which
had a deprecation issue for the `paranoid` ssh connection option.
Signed-off-by: Adam Leff <adam@leff.co>
Bumping InSpec's minor version to 1.33 because a recent PR added
new functionality. Also bumping train to 0.26 to pick up a recent
bug fix.
Signed-off-by: Adam Leff <adam@leff.co>
When running `inspec exec` without the `target` option but against remote endpoints OR when executing it with the `localhost://` target AND having `--sudo` active it would abort the execution. `--target` is a helper to set the Train parameters for `backend`, `host`, `user`, `port`, and potentially `password`. The detection would fail on providing any of these separately without specifying `--target`. The same holds true for the `localhost` train backend or just `localhost://` target.
This type of detection has since moved to Train. The driving reason was to have this very useful check for localhost vs sudo run for any type of inspec (or for that matter: train) execution.
This PR depends on https://github.com/chef/train/pull/179 and the next release of train.
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
The version of addressable that was pinned in the gemspec was
too new and conflicted with some of chef's dependencies. Loosening
it will allow us to include InSpec in the chef omnibus packages.
Signed-off-by: Adam Leff <adam@leff.co>
In #1454, we welcomed a newly-revamped JUnit formatter which has
a dependency on Nokogiri. Unfortunately, this had led us to problems
getting InSpec included in Chef omnibus builds (see chef/chef#5937)
because Chef is using Ruby 2.4.1 and the Nokogiri maintainers have
not yet released a windows binary gem that supports Ruby 2.4.x.
This has led to breaking builds in Chef's CI platform and would
block the acceptance of chef/chef#5937.
This change replaces Nokogiri use with REXML instead. While REXML
can be slower than Nokogiri, it does not require native extensions
and is supported on all Chef platforms.
Signed-off-by: Adam Leff <adam@leff.co>
* Enable customization of supermarket_url
It looks like this was originally supposed to work, but at some point
the default value was put in the method body rather than in the method
parameters.
This change allows you to configure the supermarket_url in test kitchen
like so:
```
verifier:
inspec_tests:
- name: linux-hardening
supermarket: som3guy/apache-disa-stig
supermarket_url: https://my.supermarket.com
```
Signed-off-by: Ryan Larson <ryan.mango.larson@gmail.com>
InSpec now depends on nokogiri which has a dependency of Ruby 2.1 or
later. If someone tries to `gem install inspec` using Ruby 2.0, it
will fail on the nokogiri dependency rather than InSpec itself.
Additionally, Ruby 2.0 is already EOL.
Signed-off-by: Adam Leff <adam@leff.co>
Two new commands have been created:
* inspec habitat profile create /path/to/profile
* inspec habitat profile upload /path/to/profile
The `create` command creates a Habitat artifact that contains the contents
of the Habitat profile found at the provided path. This will be used later
in some Habitat + InSpec integrations.
The `upload` command does the same create process but then uploads the
resulting artifact to the Habitat Depot.
Signed-off-by: Adam Leff <adam@leff.co>
The Molinillo library is a good library for systems that need a
constraint solver that will solve dependency problems requiring a single
version of each named dependency.
In our case, the eventual goal is to allow libraries to have conflicting
transitive dependencies at runtime. Isolation will be provided by
restricting all calls within a given profile to scope which can only see
that profile's dependencies.
To facilitate working on the isolation feature, I've replaced the
Molinillo-based resolver with a minimal resolver which will allow us to
load multiple versions of the same library.
Since we will likely want a good amount of logging around this feature
in the future, I've added a Inspec::Log singleton-style class, replacing
the previous Inpsec::Log which appeared unused in the code base.
Signed-off-by: Steven Danna <steve@chef.io>
Developers use the github repo to get full access to the development of this gem. The fixed (non git-ls-files) approach to packaging files has led to a 30mb gem recently, this will prevent that from happening again.
This commit is the foundation of the dependency resolution as described in https://github.com/chef/inspec/issues/888 .
It currently only works with local dependencies, as seen in the example inheritance profile.
Tests and full resolution are coming next on the path to an MVP implementation.
Currently, #readable?, #writeable?, and #executable? will incorrectly
return true if the file does not exist.
In addition, I took the opportunity to refactor the File resource to
make it easier to write unit tests and supplied a full unit test
suite for this resource.