Commit graph

1537 commits

Author SHA1 Message Date
Artem Sidorenko
aa725fe2df Linux Mint support for service resource 2016-10-08 23:34:56 +02:00
Dominik Richter
4b032a2b42 1.1.0 2016-10-05 15:28:22 +02:00
Dominik Richter
4d8a272d30 Merge pull request #1192 from cvent/shell
Add shell options
2016-10-05 15:11:24 +02:00
Alex Pop
10116724fc Missing registry keys should not exist 2016-10-05 14:55:04 +02:00
Dominik Richter
f6ddbea363 use mock backend for inspec vendor/check/json
we dont run these against a real backend
2016-10-05 14:29:08 +02:00
Dominik Richter
441967510f bugfix: support nil entries in filter table 2016-10-05 13:04:00 +02:00
Dominik Richter
2ee7988d18 bugfix: always use the mock backend for inspec archive 2016-10-05 12:54:35 +02:00
Dominik Richter
c93ae2d323 bugfix: use correct logger in cli 2016-10-05 11:24:35 +02:00
Morley, Jonathan
efc7eba050 Add shell options 2016-09-30 15:18:14 -04:00
Victoria Jeffrey
47c6427082 print profile info before test results (inherited profiles) 2016-09-27 10:39:35 -04:00
Christoph Hartmann
6113bb82a8 1.0.0 2016-09-26 15:59:54 +02:00
Steven Danna
7aa4c6da8e Fix require_controls DSL method
Previous, require_controls was including all controls from the named
profile, despite the documented behavior being that it only includes
controls explicitly pulled in by the user.  The cause was two-fold:

1) A previous refactor meant that we weren't removing the rule from the
correct context, and

2) We weren't descending down the dependency tree when filtering rules.

This commit fixes the require_controls DSL method and adds a test to
help prevent future regressions.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-26 15:20:56 +02:00
Steven Danna
57ff8c5e3c
Fix minor typo in sys_info documentation
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-26 10:56:16 +01:00
Steven Danna
f23a0d1098
Bump lockfile version to 1.0
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-26 09:51:04 +01:00
Steven Danna
76ef897d80 Improve error messages from compliance fetcher
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-26 01:57:58 +02:00
Christoph Hartmann
2aab753d9b return empty array for known privileges 2016-09-26 01:48:59 +02:00
Christoph Hartmann
dab8ff5c13 replace wmi win32_useraccount with adsi users 2016-09-26 01:31:44 +02:00
Christoph Hartmann
3bc7fa3a39 remove whitespace 2016-09-26 01:29:18 +02:00
Michał Sochoń
cdf6f647ac Update parse_config.rb
Extend example section.
2016-09-25 14:02:40 +02:00
Christoph Hartmann
1768d952a4 1.0.0.beta3 2016-09-25 13:27:25 +02:00
Christoph Hartmann
3757ee2483 add variables to each loops 2016-09-23 18:32:47 +02:00
Alex Pop
13da437dcc Show skip_message and correct title 2016-09-23 07:47:21 +01:00
Christoph Hartmann
f7ec24a337 implement filter table for group/groups resource 2016-09-23 00:53:24 +02:00
Christoph Hartmann
71d119f88d fix minor typos in user resource 2016-09-23 00:31:32 +02:00
Steven Danna
50b27c4b32 Avoid spurious downloads during dependency management
Before, a URL based source might be downloaded multiple times during the
dependency fetching and lockfile creation. This commit tries to avoid
this by:

1) Memoizing data about the archive to avoid re-fetching the archive

2) Adding a CachedFetcher wrapper around the fetcher class to help
ensure that callers always consult the cache before fetching.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-22 18:36:00 +02:00
Christoph Hartmann
0e7c534ea7 1.0.0.beta2 2016-09-22 11:33:43 +02:00
Steven Danna
d29e8768ca Rename --no-write-lockfile to --no-create-lockfile
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-22 10:08:32 +02:00
Steven Danna
2f3a916080 Always write lockfiles for local top-level profiles
This commit threads through some state related to whether or not a
profile is "local", that is whether it is a directory on disk.  If it
is, we then write out the lockfile to disk.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-22 10:08:32 +02:00
Christoph Hartmann
70fa1dde73 Merge pull request #1113 from chef/ssd/customcache
Add `--cache` option to `inspec exec`
2016-09-21 15:19:18 +02:00
Steven Danna
2d28c786c3
Add --cache option to inspec exec
This allows users to run:

  inspec exec ./ --cache PATH

which will use `PATH` as the dir to retrieve and store remote
dependencies.  The hope is that this can eventually be used with
`inspec vendor PATH` to package up a profile for offline use.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-21 14:10:27 +01:00
Christoph Hartmann
85aae8d29f fix double-space in pip to_s resource 2016-09-21 12:02:36 +02:00
Steven Danna
8d63db9a2b
Change :shasum key to :sha256 for future upgrade
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-21 10:51:04 +01:00
Steven Danna
6814d6ad2b
Fail if a remote source content doesn't match lockfile
If a URL based source does not match the shasum recorded in the
lockfile, it likely means a new version has been pushed to the remote
source. In this case, we fail to help ensure that when using a lockfile
we always run the same code as when the lockfile was created.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-21 10:15:52 +01:00
Anirudh Gupta
a355af670f fixup! fixing the debian package manager - when the package is removed but not purged 2016-09-21 13:41:59 +05:30
Anirudh Gupta
024027a3a1 fixing the debian package manager - when the package is removed but not purged 2016-09-21 13:11:23 +05:30
Anirudh Gupta
1cfa3252ce making the examples in the code consistent with rst docs 2016-09-21 11:33:17 +05:30
Alex Pop
161386f50d Use parenthesis when passing regular expressions 2016-09-21 00:51:23 +02:00
David Pell
155995adfd In ApacheConf#include_files, check for abs paths
If the path is absolute, just use what was passed, otherwise build an
absolute path using `@conf_dir`.

Fixes #1013
2016-09-20 09:11:09 -04:00
Alex Pop
e1faebd527 Include code description in the output of failed controls 2016-09-20 10:10:08 +01:00
Alex Pop
624849d418 removed unsupported legacy login and replaced it with the current username/password login option. a bit of refactoring around error checking and error/success output content 2016-09-19 23:08:42 +02:00
Steven Danna
b2146d8758 Allow users to reference resources from dependencies
All resources from deps are added into the control_eval_context used by
the current profile. However, if there is a name conflict, the last
loaded resource wins. The new `require_resource` dsl method allows the
user to do the following:

    require_resource(profile: 'profile_name',
                     resource: 'other',
                    as: 'renamed')

    describe renamed do
      ...
    end

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-19 19:08:43 +02:00
Christoph Hartmann
1796b91846 1.0.0-beta1 2016-09-19 17:51:25 +02:00
Dominik Richter
6792550f8c adopt new json formatting 2016-09-19 13:45:03 +02:00
Victoria Jeffrey
ecac8ae9cb print profile summary and test summary 2016-09-18 21:53:16 -04:00
Dominik Richter
6234e9c1eb Merge pull request #1084 from chef/ap/ssl-hostname
ssl resource to use inspec.backend.hostname and require train 0.19.1
2016-09-16 14:05:28 +02:00
Christoph Hartmann
b4a3debeec 0.35.0 2016-09-16 12:00:07 +02:00
Alex Pop
8a470c16f1 ssl resource to use inspec.backend.hostname and require train 0.19.1 2016-09-16 10:41:22 +01:00
Steven Danna
be1a61f2e5 Process transitive dependencies from lock file
This is a regression introduced by the changes from string to symbol
keys in v0.34.0. It seems that our test cookbook that had a nested
dependency example wasn't actually wired up to run.

This adds a basic functional test and corrects the typo.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-15 09:41:40 +02:00
Christoph Hartmann
178156499f Merge pull request #1076 from chef/ssd/issue-1074
Ensure resources are visible inside its blocks
2016-09-14 17:48:26 +02:00
Steven Danna
8024eea8b7
Ensure resources are visible inside its blocks
The recent changes to provide isolated views of the available resources
was not extended to Rspec::ExampleGroups. This ensures that
ExampleGroups have access to the same resources as the enclosing
Inspec::Rule.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-14 16:27:59 +01:00
Steven Danna
f2e587f6d5
Skip controls from profile's that don't support the current platform
Any controls included from profiles that don't support our current
platform are now marked as skipped.

Fixes #1049
2016-09-14 09:57:53 +01:00
Steven Danna
8f10ee53c5 Provide inspec.yml shortcut syntax
- Allow users to elide the `name` attributes
- Assume a default source of supermarket

Fixes #1048

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-14 08:46:06 +02:00
Christoph Hartmann
ad2faecffd 0.34.1 2016-09-13 17:17:51 +02:00
Christoph Hartmann
60360f267d move force encoding to binary only, so that it does not affect the use of inspec in lib mode 2016-09-13 16:18:40 +02:00
Christoph Hartmann
b591f0c6ca 0.34.0 2016-09-12 19:36:09 +02:00
Christoph Hartmann
9c7d06c167 use simple config for security policy resource 2016-09-12 12:20:57 +02:00
Steven Danna
b48b9edae9
Improve duplicate and cycle detection in resolver
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-12 10:57:55 +01:00
Christoph Hartmann
a2143b8249 identify enabled/disabled accounts for windows 2016-09-12 11:40:25 +02:00
Steven Danna
1836e6daeb
Add Inspec::Fetcher#relative_target for compatibility
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-12 09:54:57 +01:00
Steven Danna
4d2d0f2b67
Typo supermarket -> compliance
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-09 14:46:36 +01:00
Steven Danna
120b3d895a
Allow supermarket:// and compliance:// in inspec.yml
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-09 14:14:37 +01:00
Steven Danna
85cbe713d7
Add GitFetcher and rework Fetchers+SourceReaders
This adds a new git fetcher. In doing so, it also refactors how the
fetchers work a bit to better support fetchers that need to resolve
user-provided sources to fully specified sources appropriate for a
lockfile.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-09 14:14:36 +01:00
Steven Danna
f431794917
Clean up Inspec::Profile initialize to make it clear what options we use 2016-09-09 14:14:36 +01:00
Christoph Hartmann
e61f71143d add unit tests 2016-09-09 12:43:03 +02:00
Christoph Hartmann
82a4e21cf7 add sys_info resource to get information about the hostname 2016-09-09 10:36:02 +02:00
Christoph Hartmann
fb416bfdf8 added further comments highlight that the users research is focussed on local users 2016-09-09 09:31:38 +02:00
Christoph Hartmann
23cfc3c4bd fix for solaris 2016-09-09 09:31:38 +02:00
Christoph Hartmann
78a47aa43b improve windows implementation 2016-09-09 09:31:38 +02:00
Christoph Hartmann
74c3904844 improve performance for single user requests 2016-09-09 09:31:37 +02:00
Christoph Hartmann
94100d98b0 full implementation for filtable for linux and mac 2016-09-09 09:31:37 +02:00
Kartik Null Cating-Subramanian
42fd3fc51a first iteration fitlertable for user resource 2016-09-09 09:31:37 +02:00
Christoph Hartmann
fe58fa16bb 0.33.2 2016-09-07 13:03:15 +02:00
Christoph Hartmann
80fd288f44 Merge pull request #1020 from chef/chris-rock/iis_direct_matcher
allow direct access to iis configuration parameters
2016-09-07 11:34:47 +02:00
Christoph Hartmann
1bd55f8cc4 allow direct access to iis configuration parameters 2016-09-07 11:19:34 +02:00
Alex Pop
f65ceeb900 handled hostname differently for WinRM::Connection
parallelize protocol checks to speed up the scan
2016-09-07 11:04:01 +02:00
Christoph Hartmann
123ddd2a6c 0.33.1 2016-09-07 10:50:48 +02:00
Steven Danna
210dbc9425 Remove SourceReader::Inspec#prepare_load_path
We already monkeypatch require so that it is redirected through the
require_loader.  All of the tests pass with this removal.  We might
cause some breakage with this removal that we aren't testing, but given
that we are mucking with `require` it seems preferable to have one
mechanism by which we do that and solve any bugs with that single path.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-07 10:35:58 +02:00
Steven Danna
74e712854e Pass attributes from command line into profile context
We broke attributes with the dependency work. Minimally fix them. TODO:
Maximally fix them.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-07 10:29:47 +02:00
Christoph Hartmann
59989d7f83 0.33.0 2016-09-05 17:43:19 +02:00
Christoph Hartmann
0a34ffef5a always display error message 2016-09-05 17:23:14 +02:00
Alex Pop
8dcd71374b Raise error when an invalid URI is received 2016-09-05 14:44:01 +01:00
Christoph Hartmann
c3c648eeb9 fix integration tests for usage with winrm v2 2016-09-05 13:36:48 +02:00
Christoph Hartmann
3346d7e1a9 support /etc/init.d directory for run level configuration 2016-09-05 11:08:21 +02:00
Steven Danna
30a23b1b85
Minor code-review change to ControlEvalContext
- Add comment describing describe
- Fixup to_s output to be more accurate

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-05 09:28:50 +01:00
Steven Danna
9bb65bd60c Use per-profile execution contexts for library loading
Previously, libraries were loaded by instance_eval'ing them against
the same execution context used for control files.  All resources were
registered against a single global registry when the `name` dsl method
was invoked.  To obtain seperation of resources, we would mutate the
instance variable holding the globale registry and then change it back
at the end.

Now, we instance_eval library files inside an anonymous class.  This
class has its own version of `Inspec.resource` that returns another
class with the resource DSL method and the profile-specific resource
registry.
2016-09-04 20:55:20 +02:00
Steven Danna
5fdf659df1 Load all dependent libraries, even if include_context isn't called
The goal of these changes is to ensure that the libraries from
dependencies are loaded even if their controls are never included.  To
facilitate this, we break up the loading into seperate steps, and move
the loading code into the Profile which has acceess to the dependency
information.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-04 20:55:20 +02:00
Steven Danna
384ccb610c Initial attempt at isolating resources between dependencies
Previously, all resources were loaded into a single resource registry.
Now, each profile context has a resource registry, when a profile's
library is loaded into the profile context, we update the
profile-context-specific resource registry.  This local registry is
then used to populate the execution context that the rules are
evaluated in.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-04 20:55:20 +02:00
Christoph Hartmann
a116406b4e Merge pull request #1014 from jeremymv2/fix_apache_conf
Fix apache conf
2016-09-04 20:18:16 +02:00
Jeremy J. Miller
898fe125f2 keep os logic in apache resource 2016-09-04 13:27:14 -04:00
Victoria Jeffrey
0667c334e9 fix inherited profile cli report for realz this time 2016-09-04 18:28:01 +02:00
Victoria Jeffrey
99ce09c4ac fix inherited profile cli report 2016-09-04 18:28:01 +02:00
Jeremy J. Miller
5774dacfea use inspec.os.debian? 2016-09-02 13:57:35 -04:00
Jeremy J. Miller
3919d33ccb fixing apache_conf.conf_dir 2016-09-02 13:44:16 -04:00
Alex Pop
f1b1794ee5 fix os exception 2016-09-02 15:24:50 +01:00
Victoria Jeffrey
5d5aa6354d fix and add test 2016-09-01 20:39:52 -04:00
Victoria Jeffrey
a779d1813d print exception msg for tests in anonymous describe block 2016-09-01 20:39:52 -04:00
Victoria Jeffrey
662de80d1d include status icon in printed tests even when only one 2016-09-01 20:39:52 -04:00
Victoria Jeffrey
1d15e8bc4b only print no tests executed when no tests have been executed 2016-09-01 20:39:52 -04:00
Martin Hegarty
e6eb6d8d36 Allow for windows service name with spaces 2016-08-31 15:01:07 +01:00
Jeremy J. Miller
0d817017bb changed regex for integer to allow 0 2016-08-29 19:39:39 -04:00
Jeremy J. Miller
53dbaa9c3e add test 2016-08-29 15:57:46 -04:00
Steven Danna
4941ec69fd
Minor refactor and explanatory comments
This is a minor refactor that I did while studying our loading code in
preparation for some deeper changes to how content loading works. The
overall goal of the refactor is to remove a few places where we were
passing a generic options hash and then only accessing a single item.

The comment hopefully clarifies to new developers in the code base how
content loading works at a high level.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-29 10:23:15 +01:00
Christoph Hartmann
202d4e0f97 0.32.0 2016-08-26 11:45:00 +02:00
Victoria Jeffrey
d6ee153aaa print controls, then tests. print describe block header then each test 2016-08-26 10:12:56 +02:00
Victoria Jeffrey
1c31e3779e print individual tests when in describe block 2016-08-26 10:12:24 +02:00
Christoph Hartmann
dd06709d6e switch from deprecated script resource to powershell resource for user resource 2016-08-26 09:33:35 +02:00
Kartik Null Cating-Subramanian
89976219b9 Add windows user SID as 'UID' in user resource. Fix #960 2016-08-26 09:27:03 +02:00
Christoph Hartmann
8de1b9fe7b Merge pull request #978 from nvtkaszpir/patch-1
Update port.rb Documentation
2016-08-26 09:12:35 +02:00
Kartik Null Cating-Subramanian
1243d9475d Rubocoooop! 2016-08-25 14:22:15 -04:00
Michał Sochoń
3c106096b9 Update port.rb 2016-08-25 19:57:41 +02:00
Michał Sochoń
8b6107c5b9 Update port.rb
fix comment section, expand example section
2016-08-25 17:03:41 +02:00
Steven Danna
fd87b679be Minor refactor of Inspec::Profile#load_checks_params 2016-08-25 14:42:55 +02:00
Steven Danna
6034ece853 Initial control isolation support
The goal of this change is to provide an isolated view of the available
profiles when the user calls the include_controls or require_controls
APIs.  Namely,

- A profile should only be able to reference profiles that are part of
  its transitive dependency tree. That is, if the dependency tree for a
  profile looks like the following:

  A
  |- B --> C
  |
  |- D --> E

  Then profile B should only be able to see profile C and fail if it
  tries to reference A, D, or E.

- The same profile should be include-able at different versions from
  different parts of the tree without conflict.  That is, if the
  dependency tree for a profile looks like the following:

  A
  |- B --> C@1.0
  |
  |- D --> C@2.0

  Then profile B should see the 1.0 version of C and profile D should
  see the 2.0 profile C with respect to the included controls.

To achieve these goals we:

- Ensure that we construct ProfileContext objects with respect to the
  correct dependencies in Inspec::DSL.

- Provide a method of accessing all transitively defined rules on a
  ProfileContext without pushing all of the rules onto the same global
  namespace.

This does not yet handle attributes or libraries.
2016-08-25 14:42:55 +02:00
Christoph Hartmann
1300900693 add unit test for local fetcher with windows path support 2016-08-24 16:23:27 +02:00
Annie Hedgpeth
fe5c7c49a4 Attempt at a bug fix to read backslashes as forward slashes in local fetcher 2016-08-24 15:11:20 +02:00
Christoph Hartmann
3182978e85 fix lint 2016-08-24 14:40:26 +02:00
Kartik Null Cating-Subramanian
db032e437e Speed up windows package lookup - maybe 2016-08-24 14:33:56 +02:00
Steven Danna
ed179ac088
Only redirect logging to STDERR if format=json
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-24 09:12:59 +01:00
Steven Danna
80fe61b8cd
Expand relative paths based on profile location
Also: Log to STDERR by default

NB: This will result in absolute paths being rendered to lock files. We
think that is OK for now since we are going to build some UX around
path-based dependencies and lock files.  Namely, we are going to tell
people it is a bad idea.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-24 09:12:56 +01:00
Anirudh Gupta
4041f1898e can check windows service startup mode now 2016-08-24 02:01:10 +05:30
username-is-already-taken2
52c52d565f Update host.rb
Resolved an issue checking ports on windows

The previous version wasn't really checking if a port was accessible as we were only validating if the ping succeeded. Using TcpTestSucceeded to determine if the connection worked or not.
2016-08-23 17:15:33 +02:00
Steven Danna
366e65b198
Add the start of tests for the Resolver class
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-23 14:50:12 +01:00
Steven Danna
d64b72d71d
Replace Molinillo-based resolver
The Molinillo library is a good library for systems that need a
constraint solver that will solve dependency problems requiring a single
version of each named dependency.

In our case, the eventual goal is to allow libraries to have conflicting
transitive dependencies at runtime. Isolation will be provided by
restricting all calls within a given profile to scope which can only see
that profile's dependencies.

To facilitate working on the isolation feature, I've replaced the
Molinillo-based resolver with a minimal resolver which will allow us to
load multiple versions of the same library.

Since we will likely want a good amount of logging around this feature
in the future, I've added a Inspec::Log singleton-style class, replacing
the previous Inpsec::Log which appeared unused in the code base.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-23 14:27:57 +01:00
Steven Danna
d9b6210d30
Remove unused url functions from fetchers
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-23 13:54:56 +01:00
Steven Danna
02d611e68c
Add archive_path helper to Tar and Url fetchers
Eventually I think we'll want this as part of the fetcher API generally.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-23 13:54:56 +01:00
Steven Danna
a6ec345eac
Don't set nil cwd in inspec/profile 2016-08-23 13:54:56 +01:00
Steven Danna
3049eb1388
Add comments based on code review and plans for future work
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-23 13:54:56 +01:00
Steven Danna
9c1b82e7d4
Add prototype of inspec.lock
This adds a basic prototype of inspec.lock. When the lockfile exists on
disk, the dependencies tree is constructed using the information in the
lock file rather than using the resolver.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-23 13:54:55 +01:00
Christoph Hartmann
13e9a69701 Merge pull request #945 from chef/os_helpers
Add darwin helper
2016-08-23 13:55:58 +02:00
Tim Smith
d953986d25 Add darwin helper
Signed-off-by: Tim Smith <tsmith@chef.io>
2016-08-23 10:37:52 +02:00
Kartik Null Cating-Subramanian
039c760545 Fixup behavior and add functional tests 2016-08-23 03:07:23 +02:00
Kartik Null Cating-Subramanian
01763d43ed Fix command evaluation for inspec shell -c 2016-08-23 03:07:23 +02:00
Christoph Hartmann
2ac94cb947 0.31.0 2016-08-19 20:05:56 +02:00
Kartik Null Cating-Subramanian
83d9deda4f inspec shell documentation 2016-08-19 19:29:32 +02:00
Kartik Null Cating-Subramanian
33ae22d313 Support controls and describe blocks in InSpec shell 2016-08-19 19:07:23 +02:00
Steven Danna
bde8aa6768 Add basic class descriptions
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-19 09:47:40 +02:00
Steven Danna
f97924901e Ensure we expand requirements with respect to cwd
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-19 09:47:40 +02:00
Steven Danna
d779dd53ae Move all dependency related classes into inspec/dependencies
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-19 09:47:40 +02:00
Steven Danna
2041a08aa2 Fetch deps based on urls
This extends the dependency feature to include support for url-based
dependencies.  It takes some deviations from the current support for
URLs that we'll likely want to make more consistent.

By default, we store downloaded archives in the cache rather than the
unpacked archive. However, to facilitate debugging, we will prefer the
unpacked archive if we find it in the cache.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-19 09:47:40 +02:00
Steven Danna
afc581b613 Cleanup dependency class organization
- Move classes into their own files
- Remove classes that aren't used

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-19 09:47:40 +02:00
Christoph Hartmann
af04a0f5ba implement workaround for thor 2016-08-18 20:50:49 +02:00
Victoria Jeffrey
b98c3e243e give accurate information for inspec compliance login --help 2016-08-18 20:00:27 +02:00
Christoph Hartmann
cf784ded7c update exit codes 2016-08-18 19:40:08 +02:00
Victoria Jeffrey
c3d245fafd fail gracefully on inspec compliance profiles when bad token is provided 2016-08-18 19:35:29 +02:00
Victoria Jeffrey
24a2c5c356 return token stored message on login 2016-08-18 16:47:34 +02:00
Christoph Hartmann
502aef54fd use bundler instead of gem, to speed up integration testing for different versions 2016-08-18 16:32:45 +02:00
Steven Danna
34ae3122e9 Fix recursive deps for path-based deps
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-18 16:02:16 +02:00
Victoria Jeffrey
bdb1d913d9 Remove false username/passwd msg from inspec compliance login 2016-08-17 17:15:52 +02:00
Victoria Jeffrey
b75b8ab4a9 inspec compliance version fails gracefully when server config info is missing 2016-08-17 17:00:53 +02:00
Christoph Hartmann
96754cac6c fix integration tests for Chef Compliance 2016-08-17 13:51:26 +02:00
Chris Evett
3df98b7a19 add iis_site tests and refactor post code review 2016-08-17 06:57:48 -04:00
Chris Evett
4d63afc1f8 add documentation to resources.rst for iis_site and fix comment 2016-08-17 06:57:48 -04:00
Chris Evett
7f9fbc6cce add iis_site resource 2016-08-17 06:57:48 -04:00
Christoph Hartmann
c23263f3d0 handle xinetd config with only one entry 2016-08-16 17:23:22 +02:00
Steven Danna
b5cd64d16a Ignore comment lines in /etc/passwd
Most passwd/shadow implementations treat lines that start with '#' as
comments. For example, the implementation in OS X:

     if (buf[0] == '#') {
          /* skip comments for Rhapsody. */
          continue;
     }

https://opensource.apple.com/source/remote_cmds/remote_cmds-41/rpc_yppasswdd.tproj/passwd.c

Fixes #725

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-16 10:54:52 +02:00
Victoria Jeffrey
6f198f539b cleanup 2016-08-16 10:01:10 +02:00
Victoria Jeffrey
cf771ab967 ssh_config parse should be case insensitive 2016-08-16 10:01:10 +02:00
Dominik Richter
c4282ab6b2 add ssl resource (early access) 2016-08-15 07:49:41 -07:00
Dominik Richter
5f1d83f196 Merge pull request #912 from chef/ap/port-win-process
Windows ports with pid and process name
2016-08-12 20:59:28 +02:00
Alex Pop
353dcf10ec make netstat default for getting ports and get only listening ones 2016-08-12 16:02:56 +01:00
Dominik Richter
b8569e6923 0.30.0 2016-08-12 16:23:38 +02:00
Christoph Hartmann
57bdd3464c add feature to fetch children from registry key 2016-08-12 14:51:23 +02:00
Christoph Hartmann
1faa68732e use powershell function for registry key 2016-08-12 14:51:23 +02:00
Christoph Hartmann
571bc14742 support hash params as options for registry key 2016-08-12 14:51:23 +02:00
Dominik Richter
e637067c43 auto-genreate inspec cli docs 2016-08-12 13:40:59 +02:00
Steven Danna
90be4acab1
Fix rubocop violation, lock rack to avoid dependency madness
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-11 16:41:05 +01:00
Dominik Richter
cac89dc6dd add missing errors file to collect inspec error classes 2016-08-10 22:41:32 +02:00
Dominik Richter
7e569669aa introduce dependency resolution
This commit is the foundation of the dependency resolution as described in https://github.com/chef/inspec/issues/888 .

It currently only works with local dependencies, as seen in the example inheritance profile.

Tests and full resolution are coming next on the path to an MVP implementation.
2016-08-10 22:41:32 +02:00
Steven Danna
c71f5cdb30 Improve detection of postgresql conf dir and data dir
Redhat conf_dir detection was regressed in 57d7275 which inadvertently
removed the setting of @conf_dir. Any attempt to use the postgres
resource on RHEL would rain an exception:

    inspec> postgres.data_dir
    TypeError: no implicit conversion of nil into String

Further, the redhat detection code appears to assume that RHEL always
uses versioned data directories. This however, does not appear to be the
case:

    $ cat /etc/redhat-release
    CentOS release 6.7 (Final)
    $ sudo ls /var/lib/pgsql/
    backups  data  pgstartup.log

The code now can handle both versioned and un-versioned directory
formats on RHEL. Further, it provides diagnostic warnings about
uncertainty in the discovered data directories and configuration
directories.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-10 18:44:15 +02:00
Steven Danna
b4b6792878 Add readline ignore markers to color escape codes in the shell
Previously, if you typed more than 20 characters at the prompt and
attempted pressed Ctrl+a (readline's "Move to start of line" command),
your prompt would appear at the ~11th character from the start of the
line, unable to go further back.

This was a result readline counting the terminal escape sequences we use
for color output as part of the line.

Wrapping these sequences in \001 and \002 instructs readline to ignore
them when doing calculations regarding line-length, resolving the
problem.
2016-08-10 14:26:56 +02:00
Steven Danna
afddebaf3f
Add inspec env command to configure shell tab-completion
This adds a new subcommand:

   inspec env [SHELL]

which outputs a shell-appropriate completion script that the user can
source into their shell:

   eval "$(inspec env SHELL)"

Currently, we provide completions for ZSH and Bash. The completion
scripts are generated from the data Thor collects.

If the user doesn't provide SHELL we attempt to detect what the user's
shell may be using a number of methods.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-10 02:07:53 +01:00
Christoph Hartmann
85bba1a809 0.29.0 2016-08-08 13:32:36 +02:00
Dominik Richter
16bd6a14d5 revert control_summary field in output
(1) The field is not yet optimal, the calculations are great!
(2) Changing this field should go together with all other breaking json changes, especially if https://github.com/chef/inspec/pull/811 results in a change.
2016-08-08 11:54:27 +02:00
Victoria Jeffrey
6c91183995 count controls in the summary output. Fix #852 2016-08-05 11:43:29 -04:00
Kartik Null Cating-Subramanian
c5556e65f8 Cleanup to fix some formatting. Fix #872 2016-08-05 09:41:47 -04:00
Kartik Null Cating-Subramanian
742037c29d Generate test labels for multi-test controls: Fix #812 2016-08-05 09:41:47 -04:00
Steven Danna
13ebea48e1 Allow port to be specified as a string
This allows the user to write:

   describe port(22) do
     it { should be_listening }
   end

as well as

   describe port('22') do
     it { should be_listening }
   end

without hitting an error.

Fixes #867

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-05 14:01:08 +02:00
Christoph Hartmann
b3652bf85d improve code style for parse_config thanks @stevendanna
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2016-08-05 12:29:34 +02:00
Christoph Hartmann
d9a1a500d0 add params and content method to parse_config 2016-08-05 12:13:56 +02:00
Steven Danna
57d7275857
Update inspec for os[:family] change in Train
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-04 13:32:35 +01:00
Steven Danna
28946f5fde
Use systemctl's helper command to determine enabled & active status
The output of `systemctl show SERVICENAME` can be misleading in the
case of non-native services (i.e. services configured via an init script
and integrated with systemd via a shim) or for more sophisticated unit
types.

For example, the UnitFileState of ntp is "bad":

    > systemctl show ntp | grep UnitFileState
    UnitFileState=bad

despite systemd reporting it as enabled:

   > systemctl is-enabled ntp
   ntp.service is not a native service, redirecting to
   systemd-sysv-install
   Executing /lib/systemd/systemd-sysv-install is-enabled ntp
   enabled

Further, the old parsing code would have missed unit files in the
following states that are technically enabled:

   enabled-runtime, indirect, generated, and transient

Using the `is-enabled` commands ensures that we report the same enabled
status that systemd reports, without having to update our own parsing in
the event that new unit states are added. Additionally, as shown above,
it handles the sysv compatibility helper.

Similarly, the is-active helper command ensures that we always report
the same active/not-active status as systemd would natively. For
instance, a quick reading of `src/systemctl/systemctl.c` in the systemd
source shows that systemctl reports units as active if they are in the
state `UNIT_ACTIVE` or `UNIT_RELOADING`.

Fixes #749

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-03 13:31:09 +01:00
Christoph Hartmann
bd3a7ee7df 0.28.1 2016-08-03 12:56:36 +02:00
Dominik Richter
70dd639471 move base_cli to lib/inspec
It is not a disconnected library, but a core component of inspec. Fix its location.
2016-07-26 20:11:25 +02:00
Dominik Richter
69f9c0ff59 fix color code barriers 2016-07-22 12:41:00 +02:00
Dominik Richter
3059a18c56 0.28.0 2016-07-21 15:27:41 +02:00
Dominik Richter
c2f34932ad add port resource for windows 2008
using `netstat -an`
2016-07-21 14:58:43 +02:00
Chris Evett
925da00b3d fixing rubocop error 2016-07-17 14:22:04 -04:00
Chris Evett
85988aab9c add mssql resource 2016-07-17 14:18:25 -04:00
Dominik Richter
255d8fcd68 prevent circular loading of resource library 2016-07-16 05:15:23 +02:00
Dominik Richter
b9a2ec9b40 0.27.1 2016-07-15 16:27:14 +02:00
Alex Pop
ba4b9c26c5 fix symbols and strings inconsistency 2016-07-13 11:53:04 +01:00
Patrick Münch
7d986c2d17 FIX #823 wrong postgres path detection
Signed-off-by: Patrick Münch <patrick.muench1111@gmail.com>
2016-07-12 19:59:08 +02:00
Christoph Hartmann
c94751fcf9 0.27.0 2016-07-10 21:16:15 -05:00
Dominik Richter
68cf88f701 add suid sgid and sticky support for file resource 2016-07-10 23:08:42 +02:00
Dominik Richter
c6644ebdfe check service running by ActiveState
See http://unix.stackexchange.com/questions/159174/differences-between-inactive-vs-disabled-and-active-vs-enabled-services
2016-07-06 12:57:04 +02:00
Christoph Hartmann
8a17cb6b5b update readme for bundles 2016-06-29 08:14:36 +02:00
Dominik Richter
5da73db6a3 api: report source location with field identifiers
Mixing types in an array without specifying what these fields point to is not just confusing, but also causes issues with endpoints that may consume this data and dont process mixed types. We strive to have a stable api for 1.0 and this is a sin that was left after the major overhaul. Time to fix it.
2016-06-28 12:03:20 +02:00
Christoph Hartmann
9bdb01f1d5 improve wmi resource 2016-06-19 23:40:45 +02:00
Christoph Hartmann
f87f25fb07 add boolean support for cmp matcher 2016-06-18 20:33:08 +02:00
Dominik Richter
8660d5d81c feedback round with @chris-rock 2016-06-16 20:37:51 +02:00