The resource itself only offers contents and params right now. It resolved
all include calls it can find and creates the aggregated config object.
This is limited in functionality. One last (set of) PR(s) is needed to
add an interface that makes querying this config file easier. It is due
to the file's inherent complexity that I want to explore which methods
are needed to be effective. In the meantime, this resource offers accessors
to the underlying data that are stable.
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
* make postgres resource working in mock runner (for inspec check)
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
* keep nil for empty states
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
For cleanliness and ease of testing, I've moved the logic that
parses the server version from the compliance config to a
separate method.
Signed-off-by: Adam Leff <adam@leff.co>
* showing how to shellout in docs
Signed-off-by: Richard Shade <rshade@rightscale.com>
* adding basic example
Signed-off-by: Richard Shade <rshade@rightscale.com>
* cleanup
Signed-off-by: Richard Shade <rshade@rightscale.com>
* adding in mysql socket, as this doesn't work with non-default installs
Signed-off-by: Richard Shade <rshade@rightscale.com>
* updating per peer review to make socket not a req, and adding port
Signed-off-by: Richard Shade <rshade@rightscale.com>
* updating docs
Signed-off-by: Richard Shade <rshade@rightscale.com>
* Fix to_s on directory resource
The `to_s` method on the `directory` resource is not defined
in the correct class, leading `directory` resources to be printed
as the parent resource (`file`) instead.
Signed-off-by: Adam Leff <adam@leff.co>
* Directory existence should check to see if it's a directory
Signed-off-by: Adam Leff <adam@leff.co>
Net::HTTP does not gracefully handle HTTP options/headers
that have nil values. This updates Fetchers::Url to verify
that all headers we attempt to configure have non-nil,
non-empty values.
This originally surfaced via the audit cookbook with the
chef-automate fetcher in use without the data_collector
token being set.
Signed-off-by: Adam Leff <adam@leff.co>
* Adding toml resource
This adds a `toml` resource that inherits from the json resource and
behaves the same way as the JSON and YAML resources.
Signed-off-by: Nolan Davidson <ndavidson@chef.io>
* s/package/service/ on service unit test descriptions
Signed-off-by: Kristian Vlaardingerbroek <kvlaardingerbroek@schubergphilis.com>
* Add support for CoreOS to the service resource
Signed-off-by: Kristian Vlaardingerbroek <kvlaardingerbroek@schubergphilis.com>
* Remove some apparently unused test setup to remove some warnings.
* Initialize some instance variables before use to silence warnings.
* Remove an unused variable to remove a warning.
* Remove some indirection.
* Silence logger during tests.
* Check if an instance variable was defined before referencing to remove a warning.
* Define duplicated constant once in root rakefile.
* Initialize an instance variable to remove a warning.
* Remove PROJECT_DIR to reduce coupling.
Signed-off-by: Pete Higgins <pete@peterhiggins.org>
The is_automate_server_pre_080? and is_automate_server_080_and_later?
methods needed some fixing. The Compliance configuration could have
a "version" key that was not nil but was an empty hash, indicating
that it came from a pre-0.8.x Automate server. What we really need
to look for is config['version']['version'] being nil?.
Signed-off-by: Adam Leff <adam@leff.co>
Due to limitations in Thor it is not possible to set an argument to be both optional and its value to be mandatory. E.g. the user supplying the --password argument is optional and not always required, but whenever it is used, it requires a value. Handle options that were defined with mandatory values in a way that fails with an `ArgumentError` if the value is missing, i.e.:
```
> inspec exec examples/profile --password
ArgumentError: Please provide a value for --password. For example: --password=hello.
```
It works without `--password` or with `--password=arg`. Also handled for `--sudo-password`.
Fixes: https://github.com/chef/inspec/issues/1901
As suggested: https://github.com/chef/inspec/pull/1904
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
This is currently failing because both `alias` and `alias_method` create method imprints in the FileProvider. This leads to a failure where the TarProvider assumes it doesn't implement `binread`, which in fact it does, since it just calls `read`.
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
* Add TCP reachability support on Linux for host resource
This enhances the `host` resource on Linux targets by using netcat
(if installed) to perform TCP reachability checks.
Signed-off-by: Adam Leff <adam@leff.co>
* documentation updates
Signed-off-by: Adam Leff <adam@leff.co>
* Appease rubocop
Signed-off-by: Adam Leff <adam@leff.co>
On Windows, `inspec archive` would sometimes produce incorrect archive files. These would look fine, as tgz files, but would not execute correctly. This would lead to bewildering error messages like this one:
```
Unable to parse inspec.yml: line 1, control characters are not allowed
```
Fix it by treating the files as binary before writing them to get around any encoding issues, since the stream handler is a raw io object anyway.
Closely related to https://github.com/chef/inspec/pull/1906
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
On Windows, we ran into the problem that the execution of inherited profiles would (sometimes) not work. This was due to the use of `File.read` and `File.write` and handling inside the file provider, which works in most cases (especially *nix systems), but does not behave as expected on Windows. A better and more correct way of treating these files is via binary read and write mode, which changes the underlying encoding of both strings that are passed along.
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
Generated duplicate messages due to the way that examples are aggregated in RSpec. Make sure we never show any duplicate test result messages, as they offer not value to any user.
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
The Compliance::API.version method could potentially return
a hash containing no "version" key but would return an empty
hash upon any expected failure. Downstream callers of the
Compliance::API.version method were looking for a "version"
key to always be present when, in some cases, it would not be.
This change ensures that if a version is not available, there
is no "version" key in the hash, and downstream callers of this
method have been changed to check for nil instead of empty.
Signed-off-by: Adam Leff <adam@leff.co>
* add bitbucket repo url handling
Signed-off-by: Mike Stevenson <Mike.Stevenson@us.logicalis.com>
* backout changes to .gitignore
* adding unit tests for bitbucket url transformers
Signed-off-by: Mike Stevenson <Mike.Stevenson@us.logicalis.com>
* fixing some indents
Signed-off-by: Mike Stevenson <Mike.Stevenson@us.logicalis.com>
* fix some indents
Signed-off-by: Mike Stevenson <Mike.Stevenson@us.logicalis.com>
Calling the `digest` library directly unfortunately causes issues in FIPS 140-2 mode:
sha512.c(81): OpenSSL internal error, assertion failed: Low level API call to digest SHA512 forbidden in FIPS mode!
Switching to `OpenSSL` as the caller resolve these issues
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
When running `inspec exec` without the `target` option but against remote endpoints OR when executing it with the `localhost://` target AND having `--sudo` active it would abort the execution. `--target` is a helper to set the Train parameters for `backend`, `host`, `user`, `port`, and potentially `password`. The detection would fail on providing any of these separately without specifying `--target`. The same holds true for the `localhost` train backend or just `localhost://` target.
This type of detection has since moved to Train. The driving reason was to have this very useful check for localhost vs sudo run for any type of inspec (or for that matter: train) execution.
This PR depends on https://github.com/chef/train/pull/179 and the next release of train.
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
