Commit graph

4166 commits

Author SHA1 Message Date
Dominik Richter
7c377a0ab0 0.14.0 2016-02-22 12:53:27 +01:00
Stephan Renatus
01d7d5bf8a fetchers/tar: slight simplification 2016-02-22 12:06:42 +01:00
Stephan Renatus
356995bd7b plugins/fetcher: remove attr_reader shadowing 2016-02-22 12:06:42 +01:00
Dominik Richter
33b2876d7c fix tests and lint 2016-02-22 12:06:42 +01:00
Dominik Richter
d44af5dcc7 bugfix: dont set ID for profile params too early 2016-02-22 12:06:42 +01:00
Dominik Richter
37ec3cf6f2 migrate load-path hooking for legacy modes 2016-02-22 12:06:42 +01:00
Dominik Richter
d065794d96 remove old target interface 2016-02-22 12:06:42 +01:00
Dominik Richter
82195d82d6 make url fetcher less restrictive on file-endings 2016-02-22 12:06:42 +01:00
Dominik Richter
5cabb7d273 migrate inspec-supermarket target to fetcher 2016-02-22 12:06:37 +01:00
Dominik Richter
9c3f336d06 migrate inspec-compliance target to fetcher 2016-02-22 11:24:36 +01:00
Dominik Richter
e4c3c9370b fix detection with new profile/runner scheme 2016-02-22 11:24:36 +01:00
Dominik Richter
07ae2afd3b bugfix: generate archive in current folder
instead of e.g. the rubygems location somewhere on the system
2016-02-22 11:24:36 +01:00
Dominik Richter
1e1e473cb0 replace target-helper with fetcher+reader 2016-02-22 11:24:35 +01:00
Dominik Richter
202a781f6a fail on incorrect metadata of url download 2016-02-22 11:24:35 +01:00
Dominik Richter
c79d9f7777 add flat source reader 2016-02-22 11:24:35 +01:00
Dominik Richter
c9d1272f49 add relative fetcher
This helps reduce any folder structures, weather on disk or in archives, to their relative root paths; i.e. ignore all file-prefixes that are given and go directly to the underlying files, relative to the common folders that contain it
2016-02-22 11:24:35 +01:00
Dominik Richter
f023d02bbb add inspec source reader 2016-02-22 11:24:35 +01:00
Dominik Richter
125ee53041 create source_reader plugin structure 2016-02-22 11:24:35 +01:00
Dominik Richter
1825fd1fef separate reusable plugin registry with sorting 2016-02-22 11:24:35 +01:00
Dominik Richter
d293550375 chain fetchers together 2016-02-22 11:24:35 +01:00
Dominik Richter
7b073fe153 add url fetcher 2016-02-22 11:24:35 +01:00
Dominik Richter
4e830ffc24 add tar fetcher 2016-02-22 11:24:35 +01:00
Dominik Richter
1c29667523 add zip fetcher 2016-02-22 11:24:35 +01:00
Dominik Richter
a83e29cc01 add local fetcher 2016-02-22 11:24:35 +01:00
Dominik Richter
27f7aa7796 create new fetcher system 2016-02-22 11:24:35 +01:00
Dominik Richter
ee82c3a2ff bugfix: handle edge-cases in upstart service
e.g. when a service could not be found and command outputs become empty / matchers dont hit'
2016-02-22 09:52:16 +01:00
Dominik Richter
1147d30679 bugfix: make sure version is always a string 2016-02-22 09:26:48 +01:00
Dominik Richter
c7312be8ec force encoding to utf-8 2016-02-22 05:18:41 +01:00
Christoph Hartmann
e466ec4e90 0.13.0 2016-02-19 14:50:03 +01:00
Dominik Richter
1e096c7181 add shadow resource for /etc/shadow 2016-02-19 14:26:04 +01:00
Christoph Hartmann
3f6b89e24d extend github url support 2016-02-19 09:12:25 +01:00
Christoph Hartmann
3a2488cade fix mime-type map 2016-02-19 09:11:38 +01:00
Christoph Hartmann
9e2dc30fb5 minor typo fix 2016-02-18 21:12:25 +01:00
Dominik Richter
1fa957c8ca ensure deprecated methods still work 2016-02-18 16:25:02 +01:00
Dominik Richter
83fcc35d2a expose all fields + deprecate singular accessors 2016-02-18 16:10:42 +01:00
Dominik Richter
d9427b3aac add filter to passwd 2016-02-18 16:10:42 +01:00
Christoph Hartmann
26276ca991 use ruby zip and tar for unit tests 2016-02-18 14:27:16 +01:00
Dominik Richter
17d4e1dc3c simplify url-construction of inspec-compliance 2016-02-18 14:25:55 +01:00
Dominik Richter
b872c04616 bugfix: url helper loading zip and tar 2016-02-18 14:25:55 +01:00
Dominik Richter
6bc57b2d92 bugfix: stop reading fro mzip when file is found 2016-02-18 14:25:55 +01:00
Dominik Richter
03bf732d82 add cmp for Arrays 2016-02-18 13:58:37 +01:00
Dominik Richter
2bbbb29a9b simplify cmp matcher checks 2016-02-18 12:07:40 +01:00
Stephan Renatus
453cd420fb fix service_ctl override logic 2016-02-17 12:55:09 +01:00
Stephan Renatus
d2469d9519 inspec-compliance: ensure file permissions when saving config 2016-02-17 10:46:06 +01:00
Dominik Richter
294db6744f 0.12.0 2016-02-15 11:54:14 +01:00
Christoph Hartmann
96d02ba4a2 add inspec profile as example 2016-02-14 21:27:40 +01:00
Christoph Hartmann
b967af3c89 rename generate to init 2016-02-14 21:26:37 +01:00
Christoph Hartmann
f281f9c351 implement generate cli command 2016-02-14 19:38:58 +01:00
Dominik Richter
36cbafc438 add runlevel helper object to services 2016-02-14 18:23:58 +01:00
Dominik Richter
0934948a1a support runlevels for system V + service matching
Bugfix: there were services that would get matched because of the way the regex was constructed, i.e. if the user inserted `.` or `*` or anything regexy. Even if the service only had part of the name you were interested in, it would match (e.g. `sshd` would find `my_sshdaemon`).

Apart from this, runlevels are now detected for SystemV. This is exposed in `#info`
2016-02-13 02:11:51 +01:00
Dominik Richter
2426d30870 bugfix: verify the resolver type first 2016-02-11 15:40:35 +01:00
Dominik Richter
137bee74ca add content resolver to dir helper 2016-02-10 23:46:55 +01:00
Dominik Richter
3efd0961f0 make sure archive resolvers return one file only 2016-02-10 22:49:51 +01:00
Dominik Richter
19a0a18db1 sync archive+tar+zip helpers to new dir-resolver 2016-02-10 22:30:13 +01:00
Dominik Richter
6bd757c585 improve documentation on target resolvers 2016-02-10 20:36:54 +01:00
Dominik Richter
d272024b01 rework resolver connection
I.e. we want to get access to the actual directory handler, with full exposure of the underlying directory resolver. e.g. Get the InspecProfileDirectory handler (which provides access to tests, metadata, libraries), but be able to get all data with that alone (e.g. an ArchiveHelper for ZIP which reads all files/folders from zip)
2016-02-10 20:36:43 +01:00
Dominik Richter
293b1a4c25 unify all directory resolvers 2016-02-10 12:20:28 +01:00
Dominik Richter
2d92e164c2 create plugin interface for directory resolvers 2016-02-10 11:15:08 +01:00
Stephan Renatus
ac2584f51d iptables: strip lines if iptables -S output
As it turns out, some of the lines on CentOS 6 had a trailing space in it.

Fixes #420.
2016-02-10 09:57:32 +01:00
Stephan Renatus
cdad6e63c3 iptables: some simplifications 2016-02-10 09:57:32 +01:00
Dominik Richter
d55aeddbdf 0.11.0 2016-02-09 17:54:38 +01:00
Christoph Hartmann
0f14ebb1d1 simplify value extraction for apache resource without any magic 2016-02-09 17:35:33 +01:00
Christoph Hartmann
a3eda1fcee implement method missing for apache_conf resource 2016-02-09 17:35:33 +01:00
Christoph Hartmann
796af68a69 Fix supermarket cli registration 2016-02-09 15:22:29 +01:00
Dominik Richter
971d651551 change version constraints
Move to a more mathematical representation of version numbers comparisons. The existing one is semantically correct, but may lead to slight confusion.
2016-02-09 11:51:52 +01:00
Stephan Renatus
e5b88fc486 auditd_rules: suppress warning for centos 5; improve docs wording 2016-02-09 11:51:52 +01:00
Stephan Renatus
405b3e3fa4 rubocop fixes 2016-02-09 11:51:52 +01:00
Stephan Renatus
4b6eced92a auditd_rules: access by key, tests + documentation 2016-02-09 11:51:52 +01:00
Stephan Renatus
cd5f47ed33 auditd_rules: unit tests, meet the real world 2016-02-09 11:51:52 +01:00
Stephan Renatus
664561aa80 auditd_rules: status querying (old/new) and unit tests
TODO: unit tests for the legacy format
2016-02-09 11:51:52 +01:00
Stephan Renatus
57db5a9414 unit test FilterArray, make retrieved values unique 2016-02-09 11:51:52 +01:00
Stephan Renatus
5270f21da9 move FilterArray to utils, add retrieving values 2016-02-09 11:51:52 +01:00
Stephan Renatus
4afb22565e auditd_rules: teach old dog new tricks 2016-02-09 11:51:52 +01:00
Stephan Renatus
2afc29e48f auditd_rules: stash legacy behaviour away 2016-02-09 11:51:52 +01:00
Dominik Richter
0421b6dc1a exit early 2016-02-09 11:04:50 +01:00
Dominik Richter
c966e94835 typos 2016-02-09 11:04:34 +01:00
Dominik Richter
e56321f6c7 semantics: rename CLI plugins registry -> subcommands
Basically make sure everyone understands these are only subcommands. we might consider adding plugins for options or existing commands instead of new subcommands. this just ensures everyone knows what registry is for
2016-02-09 01:20:38 +01:00
Dominik Richter
7ccf0fa364 avoid automatic plugin loading throughout the library
only load plugins through the binary, never through the library. This avoids issue we have in accidentally loading plugins in tests and integration work. They should only be loaded when users request them.
2016-02-09 00:55:02 +01:00
Dominik Richter
1ae0bc2e60 clarify the role of the plugin API at the moment 2016-02-09 00:25:25 +01:00
Christoph Hartmann
b33129fbf5 implement supermarket extension 2016-02-08 20:06:07 +01:00
Dominik Richter
dc028a3877 fix loading order of plugins 2016-02-07 23:47:10 +01:00
Christoph Hartmann
c6c9d0278c 0.10.1 2016-02-05 18:52:44 +01:00
Dominik Richter
bb264897f4 wrap basecli in inspec module
Take care of a rare error which has Inspec undefined
2016-02-05 18:25:40 +01:00
Christoph Hartmann
be7aa8f0c4 0.10.0 2016-02-05 17:18:07 +01:00
Christoph Hartmann
b7a88dbd7a fix linting and unit test 2016-02-05 16:57:51 +01:00
Christoph Hartmann
f826c07af5 minor improvements 2016-02-05 14:55:12 +01:00
Christoph Hartmann
7e88f56917 move plugin to bundles 2016-02-05 14:48:55 +01:00
Christoph Hartmann
a55a4869d9 extract base cli class 2016-02-05 14:20:32 +01:00
Christoph Hartmann
7494854c60 implement profile upload 2016-02-05 14:18:05 +01:00
Christoph Hartmann
368f6ed56a refactor compliance plugin 2016-02-05 14:18:05 +01:00
Christoph Hartmann
2cb3d6f90f bugfix: rescue url error in url target helper 2016-02-05 14:15:57 +01:00
Christoph Hartmann
6c1b9fff9d do not try to load a profile if we have no token available 2016-02-05 14:15:57 +01:00
Christoph Hartmann
7f57b12258 refactor cli 2016-02-05 14:15:57 +01:00
Christoph Hartmann
823e30e9cf re-introduce compliance exec 2016-02-05 14:14:34 +01:00
Christoph Hartmann
0958327f06 improve url target helper, match github url with trailing / 2016-02-05 14:14:34 +01:00
Christoph Hartmann
6cf8ecf304 add target helper for compliance plugin, extract API methods from CLI 2016-02-05 14:14:34 +01:00
Christoph Hartmann
0b59dab9ea initial version of compliance plugin 2016-02-05 14:13:22 +01:00
Christoph Hartmann
bab7eb1986 improve styling 2016-02-05 14:06:55 +01:00
Christoph Hartmann
589db0bcd0 add registry for cli plugins 2016-02-05 14:06:55 +01:00
Stephan Renatus
f63a8ad1d5 upstart_service: add version fallback, fix regexp
before this regexp change, a service called "running" (hello integration
tests) would always be "running" ;)
2016-02-05 13:49:18 +01:00
Christoph Hartmann
e6ff20f91e add metadata warnings in structured hash 2016-02-04 18:46:11 +01:00
Christoph Hartmann
d7cb5a9ae0 adapt unit tests 2016-02-04 18:05:40 +01:00
Christoph Hartmann
ea63a39b40 improve code style 2016-02-04 17:01:38 +01:00
Christoph Hartmann
14a3100e41 simplify result value from profile check 2016-02-04 16:47:33 +01:00
Christoph Hartmann
7e19c5eec6 fix ignore errors option use in archive method 2016-02-04 16:41:59 +01:00
Christoph Hartmann
1796c3271b generate hash output for check and use it in inspec cli 2016-02-04 16:41:14 +01:00
Christoph Hartmann
6b7e5818fb expose source location in rule 2016-02-04 16:38:57 +01:00
Christoph Hartmann
d50b634879 bugfix: fix control tests 2016-02-04 16:38:57 +01:00
Christoph Hartmann
826d059b19 optimize json logger for line delimited JSON 2016-02-04 16:38:57 +01:00
Christoph Hartmann
907a4e1f33 add json stream logger for inspec check 2016-02-04 16:38:57 +01:00
Dominik Richter
ecb78e3a19 establish plugin loading dock 2016-02-04 14:43:51 +01:00
Stephan Renatus
e8c7452acf Inspec::Profile: document that it always reads with ignore_supports 2016-02-03 16:47:52 +01:00
Stephan Renatus
828d6ad443 Inspec::Profile fix @metadata 2016-02-03 16:47:49 +01:00
Stephan Renatus
cc60fa1e23 tar/zip: return empty-string if an entry is empty; zip: return ref 2016-02-03 14:38:46 +01:00
Stephan Renatus
1510f330a9 read and return metadata from archives, too
Note that this adds `ref: some/where/in/tarball/file` to the file
contents hash; it wasn't there before but it may be useful for error
reporting nonetheless.
2016-02-03 14:38:46 +01:00
Stephan Renatus
f335865377 WIP: kill all the checks that fail with tarballs.
current output:

    $ inspec check test/unit/mock/profiles/complete-profile.tgz
    I, [2016-02-03T10:22:21.377650 #13207]  INFO -- : Checking profile in test/unit/mock/profiles/complete-profile.tgz
    I, [2016-02-03T10:22:21.377745 #13207]  INFO -- : Found 1 rules.
    I, [2016-02-03T10:22:21.377771 #13207]  INFO -- : Rule definitions OK.
2016-02-03 14:38:46 +01:00
Stephan Renatus
889be88543 remove stray require 2016-02-03 14:04:55 +01:00
Stephan Renatus
79d171fb2c rubocop 2016-02-03 14:04:55 +01:00
Stephan Renatus
45f0cbff03 inspec/rspec: decouple reporting and formatting
If reporting is requested, register a "reporting formatter", i.e.,
Inspec::RSpecReporter, that does the same things JsonFormatter does, but
suppresses output.

When the report is then requested, it returns the output hash that
JsonFormatter aggregates.
2016-02-03 14:04:55 +01:00
Stephan Renatus
6789e089d7 Inspec::Runner: provide a report 2016-02-03 14:04:55 +01:00
Stephan Renatus
ff682532cf fix warning in #find_files[_or_error] 2016-02-01 16:32:47 +01:00
Dominik Richter
34bc94d13f mock resource operating systems for tests 2016-01-29 21:55:08 +01:00
Dominik Richter
4c1b6f7509 remove os check exposure in file resource 2016-01-29 21:55:08 +01:00
Christoph Hartmann
9cfc69cf15 0.9.11 2016-01-29 18:34:12 +01:00
Stephan Renatus
6fbd28c2bb runit_service: fix resource, improve integration tests
Turns out using `/usr/bin/yes` to imitate a daemon process is a TERRIBLE idea.
2016-01-29 17:03:05 +01:00
Christoph Hartmann
317b0cae9d lint check in user resource 2016-01-28 21:11:13 +01:00
Christoph Hartmann
6ccfbe5e95 bugfix: use freebsd netstat parser instead of linux netstat parser for solaris 2016-01-28 21:08:52 +01:00
Christoph Hartmann
35899ebce6 optimize style in user resource 2016-01-28 18:30:39 +01:00
Christoph Hartmann
202190ea56 fix user resource unit test 2016-01-28 18:30:39 +01:00
Christoph Hartmann
ef3dbbb35c improvement: make port parsing on solaris more reliable 2016-01-28 18:30:38 +01:00
Christoph Hartmann
678ee2b473 parse port information on solaris 10 and 11 via netstat 2016-01-28 18:30:38 +01:00
Christoph Hartmann
59f3214817 use id -a for solaris 2016-01-28 18:30:38 +01:00
Christoph Hartmann
bd1e5e4085 service resource for solaris 10 and 11 2016-01-28 18:30:38 +01:00
Christoph Hartmann
913191fb9e package resource for solaris 10 and 11 2016-01-28 18:30:38 +01:00
Christoph Hartmann
dd59dd9a5a use os.linux and os.windows where possible 2016-01-28 18:30:38 +01:00
Christoph Hartmann
a5f526b368 use freebsd file permission checks for solaris 2016-01-28 18:30:38 +01:00
Christoph Hartmann
2fd6aea357 extend etc_group support for all unix systems 2016-01-28 18:30:38 +01:00
Christoph Hartmann
058ec27d64 0.9.10 2016-01-25 17:45:43 +01:00
Stephan Renatus
56f22a1d2a resource/postgres_session: add integration tests, change error handling
this makes it work (tested with default-ubuntu-1404), but doesn't
improve the error handling (i.e., the skip_resource doesn't really
prevent the failure)
2016-01-25 16:44:53 +01:00
Stephan Renatus
9821c4c754 resource/launchd_service: correctly match non-running services 2016-01-25 16:29:08 +01:00
Christoph Hartmann
5506319ad8 Merge pull request #389 from chef/dr/write-id-to-json
bugfix: write given ID to metadata json
2016-01-25 07:22:19 -08:00
Dominik Richter
88d2b26387 bugfix: write given ID to metadata json
Whenever the user provides an ID under which the profile is scoped, write it out to JSON during generation.
2016-01-25 15:48:56 +01:00
Christoph Hartmann
cc0db43813 optimize the error output for missing registry keys to nil 2016-01-25 13:55:47 +01:00
Christoph Hartmann
b30720f926 Merge pull request #380 from chef/sr/service-override
add service overrides for picking specific service managers, add runit_service
2016-01-21 13:35:23 +01:00
Stephan Renatus
ef77e01229 service resources: fix service_ctl default/override handling 2016-01-21 11:35:34 +01:00
Dominik Richter
d10207caca warn about legacy supports fields in metadata
I.e.: Prevent users from writing `supports: linux` and similar. These are deprecated and will be removed. Also improve the warning to indicate what the user should do instead. Finally add tests to make sure we get all these.
2016-01-21 11:05:26 +01:00
Stephan Renatus
492c7f8146 runit_service: cleanup; fix "non-running-runit-service" test + recipe 2016-01-21 09:05:29 +01:00
Stephan Renatus
c761b8b40d service resources: further simplifications, debian/centos handling
I've recovered the debian/centos special handling of the `service`
binary, although I doubt that it's necessary.
2016-01-21 08:22:04 +01:00
Dominik Richter
cac102aeac add profile tests (non-legacy) 2016-01-20 21:57:23 +01:00
Stephan Renatus
3f39b35502 add runit_service resource, fix service_ctl handling 2016-01-20 17:54:16 +01:00
Stephan Renatus
709e4ca9e0 some code simplifications 2016-01-20 16:05:20 +01:00
Stephan Renatus
0e410df69d add *_service overrides, allowing for different control binaries 2016-01-20 15:33:18 +01:00
Dominik Richter
20b138778e bugfix: expose tests for docker unit-tests 2016-01-19 15:48:06 +01:00
Dominik Richter
c713a0af87 lint 2016-01-19 15:48:06 +01:00
Dominik Richter
22c6fa871d add code docs to rspec runner 2016-01-19 15:48:06 +01:00
Dominik Richter
611487e956 clearly identify legacy profile tests and fix identification 2016-01-19 15:48:06 +01:00
Dominik Richter
8c464965c1 extract example group creation
and restore profile tests that had been completely mocked until now
2016-01-19 15:48:06 +01:00
Dominik Richter
dd2d93fd6f completely separate rspec runner parts 2016-01-19 15:48:06 +01:00
Dominik Richter
21a92a0c4e isolate rspec-dsl in profile context 2016-01-19 15:48:06 +01:00
Dominik Richter
b991dd03bb flatten creation of profile context 2016-01-19 15:48:06 +01:00
Dominik Richter
21d9ae7e1d move resource dsl creation to resource plugin 2016-01-19 15:48:06 +01:00
Jason Reed
1807c688b8 Fix typo 2016-01-19 09:07:24 -05:00
Dominik Richter
b0ffe684ab freeze those versions 2016-01-15 21:41:20 +01:00
Christoph Hartmann
e9b94d55d1 0.9.9 2016-01-15 15:20:04 -05:00
Dominik Richter
acbc345321 make metadata.rb legacy mode consistent for supports
Before introducing InSpec profiles in https://github.com/chef/inspec/pull/252 we had `metadata.rb` keep all information. This included an undisclosed field called `supports`. However, this field was never actually used in practice. So for legacy profiles, this means that `supports` was ignored. In order to keep old profiles running in exactly the way they were before, ignore this field when reading from metadata.rb
2016-01-15 18:58:18 +01:00
Christoph Hartmann
b9978b5606 new rubocop fixes 2016-01-14 23:15:10 -05:00
Christoph Hartmann
46d85c2cbc fail test if lsof is not available 2016-01-14 23:03:51 -05:00
Jeremy W. Chalfant
9e40e6d9f3 my rubocop is different 2016-01-14 23:03:26 -05:00
Jeremy W. Chalfant
0681562fcd rubocop is nuts 2016-01-14 23:03:26 -05:00
Jeremy W. Chalfant
98a7e6303e fix remaining rubocop complaints 2016-01-14 23:03:26 -05:00
Jeremy W. Chalfant
2fc8ba1b83 fix lint complaint 2016-01-14 23:03:26 -05:00
Jeremy W. Chalfant
2d8c892298 use formmated lsof output to ensure accuracy and consistency across platforms 2016-01-14 23:03:26 -05:00
Jeremy W. Chalfant
adbc5b8ef4 sanity check and AIX tests 2016-01-14 23:03:26 -05:00
Jeremy W. Chalfant
2e7ab9bad7 fix rubocop complaint 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
388937e9b4 add aix user support 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
3b87e385d7 my rubocop is different 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
6cd801fbb9 rubocop is nuts 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
94a286929f fix remaining rubocop complaints 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
420aef7cb9 fix lint complaint 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
c8c676e1d6 use formmated lsof output to ensure accuracy and consistency across platforms 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
f31a9f35b5 sanity check and AIX tests 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
5a6b1bbddf fix rubocop complaint 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
fbe79d1bc4 add aix user support 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
b167854c18 my rubocop is different 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
bbed0e7164 rubocop is nuts 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
88656c9ea8 fix remaining rubocop complaints 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
2aceba417c fix lint complaint 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
d5a7bad414 superflous chomp 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
b6649dd581 use formmated lsof output to ensure accuracy and consistency across platforms 2016-01-14 23:03:24 -05:00
Jeremy W. Chalfant
55d7faec8a sanity check and AIX tests 2016-01-14 23:03:24 -05:00
Jeremy W. Chalfant
a0bbb175c2 AIX packages 2016-01-14 23:03:24 -05:00
Jeremy W. Chalfant
1d99afe623 fix rubocop complaint 2016-01-14 23:03:24 -05:00
Jeremy W. Chalfant
3168e4d100 add aix user support 2016-01-14 23:03:24 -05:00
Jeremy W. Chalfant
d51d86e6d8 disable cops 2016-01-14 23:03:24 -05:00
Jeremy W. Chalfant
6bdb06fbe9 move lsof parsing to seperate method 2016-01-14 23:03:24 -05:00
Jeremy W. Chalfant
c982daaf6e my rubocop is different 2016-01-14 23:03:24 -05:00
Jeremy W. Chalfant
3211071b9f simplify lsof call 2016-01-14 23:03:24 -05:00
Jeremy W. Chalfant
221d27423e rubocop is nuts 2016-01-14 23:03:24 -05:00
Jeremy W. Chalfant
f817840d38 fix remaining rubocop complaints 2016-01-14 23:03:24 -05:00
Jeremy W. Chalfant
3a90ea3a74 fix lint complaint 2016-01-14 23:03:23 -05:00
Jeremy W. Chalfant
2c5cb06990 superflous chomp 2016-01-14 23:03:23 -05:00
Jeremy W. Chalfant
b9ce468886 add AIX service support 2016-01-14 23:03:23 -05:00
Jeremy W. Chalfant
d855602efe use formmated lsof output to ensure accuracy and consistency across platforms 2016-01-14 23:03:23 -05:00
Jeremy W. Chalfant
aef7f6de39 sanity check and AIX tests 2016-01-14 23:00:10 -05:00
Jeremy W. Chalfant
bc503f080d rename etc_group to etc_group_spec and etc_group test success on AIX 2016-01-14 23:00:10 -05:00
Jeremy W. Chalfant
db43739951 AIX packages 2016-01-14 23:00:10 -05:00
Jeremy W. Chalfant
506b0ea996 fix rubocop complaint 2016-01-14 23:00:10 -05:00
Jeremy W. Chalfant
26afecf857 add aix user support 2016-01-14 23:00:09 -05:00
Mark Harrison
f5780b69a4 Correctly detect UDP ports on linux
netstat on UDP lines doesn't display a port state (e.g. LISTEN), so make this
field optional when parsing the netstat line.
2016-01-14 22:53:38 -05:00
Christoph Hartmann
454a7e466d bugfix: only skip regkey if required 2016-01-14 22:39:17 -05:00
Dominik Richter
375f65c903 casecmp == 0 if both entries are the same 2016-01-15 04:18:48 +01:00
Dominik Richter
4092691a78 lint 2016-01-15 04:07:25 +01:00
Stephan Renatus
5c17f8b643 regexp github url targets, add tests for Inspec::Targests::UrlHelper
replacing occuring http:// with https:// is probably ok, github
redirects to https anyways
2016-01-14 12:05:58 -05:00
Jacob McCann
f25ab3a373 Fix systemd service enabled check 2016-01-11 15:32:33 -06:00
Christoph Hartmann
ab88c23ab6 0.9.8 2016-01-11 12:48:36 -05:00
Stephan Renatus
ee62499fc0 bugfix: ignore supports when generating a profile's json representation
without this, `inspec json PATH` does never contain rules != {}, because
of the usage of the mock backend
2016-01-11 09:16:06 +01:00
Christoph Hartmann
a1ddbe4cf2 explicitly ignore supports for inspec check 2016-01-10 23:59:57 -05:00
Stephan Renatus
a26dbe146d fix reading profiles bug
For reading the profiles metadata, we're using the train mock backend
through Inspec::Runner. The new `supports` feature never agrees with the
mock backend.

Now, it we figure out if this is a mock class and then just say that it
supports whatever we're asking for.

Tl;dr: there's probably a more beautiful solution to this.

Added a test case, but it fails -- while the command line interface
works fine.
2016-01-07 15:16:49 -08:00
Stephan Renatus
3ce8cd7d16 support old "supports" field in metadata
current compliance-profiles still have

```yaml
supports:
  - linux
```

and we might want to be a little backwards compatible, too.
2016-01-05 22:50:56 +01:00
Dominik Richter
26c0cd0871 lint 2016-01-03 09:49:40 +01:00
Dominik Richter
8953278204 unfortunately Enumerator#last is not supported 2016-01-03 09:40:17 +01:00
Christoph Hartmann
e1d7d30919 add deprecation warning for serverspec users 2016-01-03 00:03:24 +01:00
Christoph Hartmann
a72ba94f10 handle mount results with multiple entries 2016-01-03 00:03:24 +01:00
Christoph Hartmann
9930773f37 restrict mount functionality to linux 2016-01-03 00:03:24 +01:00
Christoph Hartmann
a5acb03e49 add mount resource 2016-01-03 00:03:24 +01:00
Christoph Hartmann
772df929f6 implement be_mounted.with for file resources 2016-01-03 00:03:24 +01:00
Christoph Hartmann
19ed6be39f more fine-grained utils parser 2016-01-02 22:41:58 +01:00
Christoph Hartmann
3be9ea18cc use 1.8 syntax for dash key values to be compatible with older ruby versions 2016-01-02 22:29:31 +01:00
Christoph Hartmann
c11c36058a separate os check 2016-01-02 21:25:22 +01:00
Dominik Richter
d6f48d3534 catch empty support clause 2015-12-31 17:57:59 +01:00
Dominik Richter
af8e4e93ca add supports keyword to profiles 2015-12-31 17:54:13 +01:00
Dominik Richter
2e0da6e9e8 unify metadata resolution 2015-12-31 12:49:18 +01:00
Dominik Richter
3db2dd756d resolve metadata from profile targets 2015-12-31 12:49:18 +01:00
Dominik Richter
e7b7f166cf dry folder resolver 2015-12-31 12:49:18 +01:00
Dominik Richter
96c9794cbf bugfix: reload inspec DSL after loading libraries 2015-12-29 19:27:00 +01:00
Dominik Richter
526932584d fix metadata validation 2015-12-28 13:35:38 +01:00
Dominik Richter
cfa2b9a39c fix metadata reading and parsing 2015-12-28 13:16:09 +01:00
Dominik Richter
cdc95df5ca keep metadata checks in metadata.rb 2015-12-28 13:07:21 +01:00
Dominik Richter
aef0cabde8 fix method length in inspec.check 2015-12-28 13:01:27 +01:00
Christoph Hartmann
0ab46ff5b1 rename metadata.yml to inspec.yml 2015-12-28 12:53:42 +01:00
Christoph Hartmann
1d4295ee4d remove owner/name restriction 2015-12-28 12:53:42 +01:00
Christoph Hartmann
06c1265b38 add support for .tgz extension. Thanks @srenatus 2015-12-28 12:53:42 +01:00
Christoph Hartmann
31c8509092 lint profile implementation 2015-12-28 12:53:42 +01:00
Christoph Hartmann
27150e5341 feature: generate profile archive 2015-12-28 12:53:42 +01:00
Christoph Hartmann
9da0e32f3d bugfix: only add path to load path if the test is located on filesystem 2015-12-28 12:53:42 +01:00
Christoph Hartmann
ebe54efd67 feature: load tests from zip and tar.gz 2015-12-28 12:53:42 +01:00
Christoph Hartmann
43c778078c feature: add support for metadata.yml 2015-12-28 12:53:42 +01:00
Christoph Hartmann
9e8e64319e improvement: better detection of directory types 2015-12-28 12:53:42 +01:00
Christoph Hartmann
bb97044338 bugfix: fix profile check 2015-12-28 12:53:38 +01:00
Christoph Hartmann
9fda6d3e89 bugfix: use skip_control instead of skip_rule as default 2015-12-28 12:07:57 +01:00
Christoph Hartmann
e122e48ae5 change profile directory from 'test' to 'controls' 2015-12-28 12:07:57 +01:00
Dominik Richter
7473dea1f2 ignore auto-generated controls during verify check 2015-12-23 11:11:49 +01:00
Dominik Richter
b2e0fac625 change check errors on summary+title to warnings 2015-12-23 09:18:59 +01:00
Dominik Richter
d2509f745e reference correct fields from metadata in inspec check 2015-12-23 09:18:59 +01:00
Dominik Richter
25706b3612 0.9.7 2015-12-21 16:31:48 +01:00
Christoph Hartmann
ca33ac9288 Merge pull request #321 from jeremymv2/security_policy_fixes
Fixing issue with security policy always returning nil
2015-12-17 17:55:01 +01:00
Jeremy J. Miller
f1e8483cd8 Removed extra whitespace 2015-12-17 08:56:43 -05:00
Stephan Renatus
3a1dcb7669 teach cmp matcher octal tricks 2015-12-16 11:32:31 +01:00
Jeremy J. Miller
af55cb41d8 Added ensure block to always delete file 2015-12-15 14:40:57 -05:00
Jeremy J. Miller
652392918d Fixing issue with security policy always returning nil 2015-12-15 10:29:54 -05:00
Stephan Renatus
a5a780f920 reset rspec configuration when initializing Inspec::Runner
fixes https://github.com/chef/kitchen-inspec/issues/15
2015-12-15 14:00:53 +01:00
troyready
29f954f7f3 add release to el pkg version & catch missing linebreaks
Package release info (e.g. '19.el7') is often required to determine if
a system has been properly patched.

Lines like the following from rpm are messing up the version returned
by the package resource:
"...\nVersion     : 1.8.6p3                           Vendor: Red Hat, Inc.\n..."
Correcting this with a new conditional check.
2015-12-11 13:05:22 -08:00
Dominik Richter
cc67d8d4c0 0.9.6 2015-12-11 18:34:15 +01:00
Dominik Richter
494ed708d4 Merge pull request #318 from chef/chris-rock/cmp-matcher
matcher for less-restrictive comparison
2015-12-11 17:58:47 +01:00
Christoph Hartmann
0185751ff5 lint exception 2015-12-11 17:48:05 +01:00
Christoph Hartmann
52cd0b38d1 update style of float? detection 2015-12-11 17:26:46 +01:00
Christoph Hartmann
31f8863701 update failure message for cmp matcher 2015-12-11 17:19:28 +01:00
Christoph Hartmann
53728ee03a lint fix 2015-12-11 17:17:01 +01:00
Christoph Hartmann
9f0755be99 add new cmp matcher that eases the comparison for values 2015-12-11 17:02:48 +01:00
Christoph Hartmann
b2c457cf22 lint: remove redundant return 2015-12-11 15:39:49 +01:00
Christoph Hartmann
6badbf4dc9 bugfix: abort registry_key resource if the os is not supported 2015-12-11 15:39:49 +01:00
Christoph Hartmann
90e1eb9e39 bugfix: always ensure the script resource is properly initialized, even if the os is not supported 2015-12-11 15:39:49 +01:00
Christoph Hartmann
7422306ba7 lint fix 2015-12-11 14:34:28 +01:00
Christoph Hartmann
95c7ba8fe5 simplify prompt color setting 2015-12-11 14:29:31 +01:00
Christoph Hartmann
100df85b27 improve shell prompt and help 2015-12-11 14:03:36 +01:00
Stephan Renatus
652d51e9dc [resource/port] add port(addr, port) variant 2015-12-08 20:33:36 +01:00
Stephan Renatus
8532dd7034 [resource/port] change attribute names to plural, indicating arrays
see discussion in #256
2015-12-08 20:33:36 +01:00
Adam Leff
c146a76679 File permission checks should return false unless file exists
Currently, #readable?, #writeable?, and #executable? will incorrectly
return true if the file does not exist.

In addition, I took the opportunity to refactor the File resource to
make it easier to write unit tests and supplied a full unit test
suite for this resource.
2015-12-08 19:57:34 +01:00
Stephan Renatus
7a1cd660c3 [resources/processes] add users, states attribute; update docs
processes('bash').user does not actually make much sense for a resource
that is a list -- different entries can belong to different users.
Analogous for processes('bash').state.

The attributes 'users' and 'states' expose the unique values
corresponding to that property of entries in the process list.

Fixes #295.
2015-12-08 13:06:27 +01:00
Stephan Renatus
bf15c05f7f Merge pull request #299 from chef/chris-rock/os-resource
support string and symbol for os resource
2015-12-07 12:22:58 +01:00
Stephan Renatus
33f2fe3dde hide summary output when running interactively (inspec shell) 2015-12-07 11:12:41 +01:00
Stephan Renatus
17a80d32a9 remove second welcome 2015-12-07 11:12:41 +01:00
Stephan Renatus
c6fd8c5880 mention help [resource] 2015-12-07 11:12:41 +01:00
Christoph Hartmann
dcb09802d3 support string and symbol for os resource 2015-12-07 11:11:55 +01:00
Stephan Renatus
79f48afa6c [resources/apache_conf]: add tests, fix bug
before, the resource would throw an exception when include_files
returned nil (i.e., [].flatten!)

added basic unit tests capturing the include_files behaviour
2015-12-07 10:50:48 +01:00
Christoph Hartmann
7c393a1891 Merge pull request #291 from chef/sr/fix-find_files
revert to old find_files interface
2015-12-04 14:41:36 +01:00
Stephan Renatus
324ba14a6b fix optional type argument handling 2015-12-04 14:27:32 +01:00
Stephan Renatus
390e0fcca7 restore old find_files interface
- fixes #276
- basic test for find_files
2015-12-04 14:15:45 +01:00
Adam Leff
e0c356dae7 Adding support for Wind River Linux
WRL is used as the OS on Cisco Nexus devices and acts like a Red
Hat variant. These changes add support for WRL.
2015-12-03 17:41:11 -05:00
Christoph Hartmann
766fe47b87 add inline documentation 2015-12-01 10:56:47 +01:00
Christoph Hartmann
6a6cff1526 feature: add help command for resources 2015-12-01 10:56:47 +01:00
Christoph Hartmann
2c8a8ccb25 improvement: add etc_group support for centos and add integration test 2015-12-01 10:40:12 +01:00
Dominik Richter
762562b967 0.9.5 2015-11-25 15:43:31 +01:00
Dominik Richter
468159772f 0.9.4 2015-11-24 20:04:31 +01:00
Christoph Hartmann
a822dcee1a optimize code structure 2015-11-24 18:39:32 +01:00
Christoph Hartmann
0bd7f557d5 bugfix: do manual split of id result because we cannot use whitespace 2015-11-24 18:35:10 +01:00
Christoph Hartmann
be62b76dc2 improvement: add checks to ensure the requested file is available 2015-11-24 16:46:17 +01:00
Christoph Hartmann
60e2a3512f add init resource 2015-11-24 16:46:17 +01:00
Christoph Hartmann
0657525f4d lint json resource 2015-11-24 16:46:17 +01:00
Christoph Hartmann
62ecdf6a1f rewrite extraction of values 2015-11-24 16:46:17 +01:00
Christoph Hartmann
b70ba447b2 simplify method returns 2015-11-24 10:41:46 +01:00
Christoph Hartmann
129395141b bugfix: make registry_key case-insensitive for properties 2015-11-23 16:26:17 +01:00
Dominik Richter
75d8b9388b 0.9.3 2015-11-20 23:33:18 +01:00
Seth Chisamore
606f618fc7 ensure all test directories are on the runner $LOAD_PATH
This change builds on chef/kitchen-inspec#12. All test directories should
be on the `$LOAD_PATH` when `Inspec::Runner` executes the test suites with
`RSpec::Core::Runner`. This will allow things like `require 'spec_helper'`
to work as expected.
2015-11-20 00:14:57 -05:00
Seth Chisamore
beade346bf Add Windows support to the os_env resource
This change allows checks like:

```
describe os_env('PATH') do
  its('split') { should include('C:\wix') }
end
```
2015-11-19 15:41:00 +01:00
Dominik Richter
a04ff021c6 bugfix: support multiple computed calls to describe
fixes #246
2015-11-19 14:28:42 +01:00
Christoph Hartmann
b899430541 bugfix: add attribute reader to make the command accessible to script resource 2015-11-17 22:40:07 +01:00
Christoph Hartmann
cb95951e03 simplify script resource 2015-11-17 22:28:11 +01:00
Christoph Hartmann
cd35d82326 improvement: reimplement registry key resource 2015-11-17 22:28:11 +01:00
Christoph Hartmann
c6166e335b lint: fix lint error 2015-11-17 12:29:33 +01:00
Christoph Hartmann
850af710b0 improvement: add v6 protocol detection, it netstat does not deliver the information 2015-11-17 12:15:49 +01:00
Christoph Hartmann
9e3dccbfa3 improvement: restrice rescue to URI parse error 2015-11-17 12:14:05 +01:00
Christoph Hartmann
a4c47e1cd7 bugfix: fix regular expression to leave port colon 2015-11-17 12:12:59 +01:00
Christoph Hartmann
0de7549a64 lint: remove trailing whitespace 2015-11-16 21:44:12 +01:00
Christoph Hartmann
7898c1d29c improvement: optimize regular expression, catch parse errors and ignore header lines 2015-11-16 20:33:49 +01:00
Christoph Hartmann
83e6f46724 add centos support for port 2015-11-16 20:32:43 +01:00
Dominik Richter
17ce88b63d api: don't force root on os_env 2015-11-13 12:10:22 +01:00
Dominik Richter
069075b48a lint 2015-11-13 10:46:04 +01:00
Christoph Hartmann
7b179872bd extend upstart implementation to support systemv services 2015-11-13 09:54:30 +01:00
Dominik Richter
6cbe3466fb update rubocop 0.35.1 2015-11-13 01:03:15 +01:00
Dominik Richter
007594eef7 lint 2015-11-13 00:48:52 +01:00
Dominik Richter
b47409fd73 0.9.2 2015-11-05 18:40:24 +01:00
Dominik Richter
faa0b41803 bugfix: correct add_content call to new param structure
this was breaking inspec shell
2015-11-05 18:35:38 +01:00
Dominik Richter
b31501ab93 0.9.1 2015-11-04 00:51:16 +01:00
Dominik Richter
6c36720bd1 0.9.0 2015-11-03 03:04:57 +01:00
Dominik Richter
6e548364f4 bugfix: dont skip controls during json generation 2015-11-03 01:10:05 +01:00
Dominik Richter
ea66947b36 dont warn on command not existing on mock backend 2015-11-03 00:35:45 +01:00
Dominik Richter
6e8c4f02a1 fix typo 2015-11-03 00:35:45 +01:00
Christoph Hartmann
9d32bc7f81 improvement: fail properly if os is not supported 2015-11-02 22:58:20 +00:00
Christoph Hartmann
b1153685a4 bugfix: relax fail for command.exist? for inspec check command 2015-11-02 22:52:04 +00:00
Dominik Richter
7a07c02b4d alias rule instead of recreating it 2015-11-02 22:43:20 +01:00
Dominik Richter
ccabe55608 api: change require/include_rules -> require/include_controls 2015-11-02 22:26:20 +01:00
Dominik Richter
f976730a27 api: make control the default keyword 2015-11-02 22:26:20 +01:00
Dominik Richter
9aec339d9f disable class length metrics on profile context for now 2015-11-02 17:47:04 +01:00
Dominik Richter
de8437caa6 feature: introduce group title for files 2015-11-02 17:31:56 +01:00
Dominik Richter
93ee171dfa bugfix: use full path when resolving files 2015-11-02 16:43:39 +01:00
Dominik Richter
31d42b0212 lint: ignore line length on runner for now 2015-11-02 15:06:48 +01:00
Dominik Richter
421d7ecaa9 feature: auto-load libraries in profiles 2015-11-02 15:06:48 +01:00
Dominik Richter
f410ee3dba simplify folder resolver 2015-11-02 15:06:48 +01:00
Dominik Richter
22bf549e0b api: change library loading from /lib -> /libraries 2015-11-02 15:06:48 +01:00
Christoph Hartmann
d470803c37 improve command.exist? for more operating systems 2015-11-02 12:06:42 +01:00
Dominik Richter
13a6538acf temporarily disable rubocop metric on profile 2015-11-02 10:06:35 +01:00
Christoph Hartmann
ea47c5add8 use new internal structure for inspect check 2015-11-02 09:59:15 +01:00
Christoph Hartmann
4a676f55c3 remove dup method users, use usernames, fix example 2015-11-02 00:22:08 +01:00
Dominik Richter
d328919370 simplify resiliance 2015-11-01 23:48:29 +01:00
Christoph Hartmann
cdab39079a improvement: make os_env command more robust 2015-11-01 23:22:01 +01:00
Christoph Hartmann
1be689b77e remove exit_status and only call split if we have a string 2015-11-01 23:21:08 +01:00
Christoph Hartmann
324fa4881f do not offer stderr method via os_env 2015-11-01 23:14:12 +01:00
Christoph Hartmann
1941606b9e deactivate group policy for now 2015-11-01 22:39:30 +01:00
Christoph Hartmann
9e53556379 fix os_env example 2015-10-31 11:55:10 +01:00
Dominik Richter
24451469ca api: method_missing doesnt resolve hashmaps
Since #its has its(pun) own way of handling calls with a dot-notation, the full call is never passed to the resource. For example:

```ruby
describe json('file') do
  its('a.b.c') { should eq 123 }
end
```

This is resolved to calling `json('file').a.b.c` and thus doesnt work as an intended `json('file').send('a.b.c'). For now use
regular its-behavior of calling `json('file').params ...  its(%w{a b c}) { should ... }`.

Its' behavior must be improved.
2015-10-27 16:35:43 +01:00
Dominik Richter
8daf8dfa86 lint 2015-10-27 03:07:38 +01:00
Dominik Richter
59a8ca6639 construct profile in legacy structure
This is a temporary commit to achieve compliance with other components. It will be overturned before the final release.
2015-10-27 02:29:11 +01:00
Dominik Richter
5720aa3294 bugfix: detect filename+line for all example blocks 2015-10-27 02:29:11 +01:00
Dominik Richter
32e5e3ec29 move to symbols-based fields in profile params 2015-10-27 02:29:11 +01:00
Christoph Hartmann
cdb30c356f add apache base config 2015-10-27 02:20:29 +01:00
Dominik Richter
b280203d03 consistently set an empty logger in non-verbose mode 2015-10-26 18:27:46 +01:00
Dominik Richter
471a723b83 restore parse_passwd_line to be public, thanks @chris-rock 2015-10-26 17:16:05 +01:00
Dominik Richter
d5973d1189 bugfix: harmonize postgres session handling 2015-10-26 16:59:46 +01:00
Dominik Richter
e76b83a24e bugfix: mysql conf and session handling 2015-10-26 16:58:42 +01:00
Dominik Richter
5485111907 bugfix: support missing conf path for postgres_conf 2015-10-26 16:50:49 +01:00
Dominik Richter
414bf6b1fa bugfix: handle empty processes result 2015-10-26 16:49:26 +01:00
Dominik Richter
ec6d1e680a support postgres_session resource 2015-10-26 16:47:45 +01:00
Dominik Richter
ee0e9fc7c1 mock outer dsl attributes method 2015-10-26 16:44:20 +01:00
Dominik Richter
1613add894 bugfix: group policy needs a name for init 2015-10-26 16:40:21 +01:00
Dominik Richter
6dc0a3b638 rename inetd_config -> inetd_conf
be consistent with the filename
2015-10-26 16:21:51 +01:00
Dominik Richter
0ac3c412aa bugfix: support empty content in simpleconfig 2015-10-26 16:16:42 +01:00
Dominik Richter
03fe892899 bugfix: handle empty parseconfig options 2015-10-26 16:13:48 +01:00
Dominik Richter
69be6acae8 bugfix: fail on missing access to /etc/group 2015-10-26 16:11:28 +01:00
Dominik Richter
95242bf9c2 add content parser tests 2015-10-26 15:50:57 +01:00
Dominik Richter
9d1dcef469 bugfix: remove '/' prefix from folder 2015-10-26 13:06:44 +01:00
Dominik Richter
090281fb0b lint 2015-10-26 12:34:35 +01:00
Dominik Richter
b58a4b3f43 rename vulcanosec -> inspec 2015-10-26 12:34:15 +01:00
Christoph Hartmann
4bcfc76f27 simplify auditd name 2015-10-26 12:15:29 +01:00
Dominik Richter
05eb8df687 lint 2015-10-26 12:09:43 +01:00
Dominik Richter
76f7282e2c add yard header to profile#check 2015-10-26 12:07:03 +01:00
Dominik Richter
83082b2e7b feature: bring back profile check 2015-10-26 11:58:41 +01:00
Dominik Richter
b0bef37b06 support chef audit folder structure 2015-10-26 11:53:09 +01:00
Dominik Richter
9c1f258707 dont fail on missing rule body source 2015-10-26 11:46:43 +01:00
Dominik Richter
9703f3c747 bugfix: provide source code for rules in json 2015-10-26 11:46:43 +01:00
Dominik Richter
80b8b319d9 api: auto-include library files for inspec profile 2015-10-26 11:46:43 +01:00
Dominik Richter
07e3d749be skip empty file content 2015-10-26 11:46:43 +01:00
Dominik Richter
8f0c9c890e bugfix: fix path prefix in folder resolution 2015-10-26 11:46:43 +01:00
Dominik Richter
73b7b3c99a bugfix: point to metadata.rb instead of vmetadata.rb 2015-10-26 11:46:43 +01:00
Dominik Richter
45f7057f30 lint 2015-10-26 04:39:16 +01:00
Dominik Richter
c326e08739 remove old verify code 2015-10-26 00:35:18 +01:00
Dominik Richter
93b4db01ca add rules to profile information 2015-10-26 00:35:18 +01:00
Dominik Richter
a62ce0e14b create json from profile metadata 2015-10-26 00:35:18 +01:00
Christoph Hartmann
24e23f3db4 bugfix: fix regular expression for apt 2015-10-25 22:32:50 +01:00
Christoph Hartmann
b7777d265e improve fail warning. thanks @arlimus 2015-10-25 21:47:27 +01:00
Christoph Hartmann
d75e16546c improvement: file resource check precondition and add file permission check 2015-10-25 21:35:35 +01:00
Christoph Hartmann
98d5a40686 generalize matcher 2015-10-25 21:33:36 +01:00
Christoph Hartmann
3c76ed6e37 integration test for file 2015-10-24 11:15:53 +02:00
Christoph Hartmann
25783ea283 fail with warning, if users use contain matcher 2015-10-24 11:15:53 +02:00
Christoph Hartmann
a407e3b6ce bugfix: parse " with apt urls 2015-10-24 11:15:52 +02:00
Christoph Hartmann
0bbb70302d bugfix: fix kernel_module in combination with CentOS 5 & sudo 2015-10-23 13:57:37 +02:00
Christoph Hartmann
66a2be7f33 improvement: add complete linux support for kernel_module 2015-10-23 13:57:03 +02:00
Christoph Hartmann
4574c07954 improvement: support all linux os for kernel_parameter 2015-10-23 13:30:14 +02:00
Christoph Hartmann
c177a511fa add opensuse support for user resource 2015-10-23 12:14:00 +02:00
Christoph Hartmann
20afebc1a6 improvement: support package for opensuse 2015-10-23 12:14:00 +02:00
Christoph Hartmann
022ec31529 bugfix: rpm does not return exit code if package is not available, work around that 2015-10-23 12:14:00 +02:00
Christoph Hartmann
86bdb9903b bugfix: only return true and false for package installed? 2015-10-23 12:14:00 +02:00
Christoph Hartmann
773bd0e971 improvement: add opensuse support for service resource 2015-10-23 12:14:00 +02:00
Christoph Hartmann
28c497a492 bugfix: support for sudo and service on debian 2015-10-23 12:14:00 +02:00
Christoph Hartmann
807ee03e8b bugfix: fix regular expression to detect services on freebsd 2015-10-23 12:14:00 +02:00
Christoph Hartmann
eca6476ced bugfix: use absolute path for SysV service to work well with sudo on CentOS 5 2015-10-23 12:14:00 +02:00
Christoph Hartmann
836697585b bugfix: Ubuntu 10.04 initctl does not support show-config 2015-10-23 12:14:00 +02:00
Christoph Hartmann
579e465b88 0.8.0 2015-10-21 21:49:07 +02:00
Christoph Hartmann
e3cc942f60 bugfix: always return false instead of nil in case a service could not be determined 2015-10-21 20:54:46 +02:00
Christoph Hartmann
3d2bca2eaf add centos support to service resource 2015-10-21 20:54:46 +02:00
Christoph Hartmann
571de7fc68 fix typos in os skip message 2015-10-21 20:54:46 +02:00
Christoph Hartmann
17279f9ef8 add centos support 2015-10-21 20:54:46 +02:00
Christoph Hartmann
20bbb4c960 add more usage headers 2015-10-21 19:30:01 +02:00
Christoph Hartmann
035e39ee8c simplify yum implementation 2015-10-20 19:57:00 +02:00
Dominik Richter
cea48ceb5a remove leftover comments 2015-10-19 12:07:14 +02:00
Dominik Richter
20dae26925 split methods for processing rules and checks after loading 2015-10-19 09:49:40 +02:00
Dominik Richter
08707eb2d2 temporarily attach the dsl to all example objects
TODO: Remove this!! It is very dangerous to do this here. The goal of this is to make the audit DSL available to all describe blocks. Right now, these blocks are executed outside the scope of this run, thus not gaining ony of the DSL pieces. To circumvent this, the full DSL is attached to the examples
2015-10-18 19:50:12 +02:00
Dominik Richter
d66f874e1c feature: support expect keyword in rules 2015-10-18 19:14:22 +02:00
Dominik Richter
2cebd3fc31 allow loading without file and line info
i.e. dynamic loading only
2015-10-18 19:11:56 +02:00
Dominik Richter
c6cc45c28e bugfix: add rspec core dsl to profile context 2015-10-18 19:11:56 +02:00
Christoph Hartmann
89f003f61b bugfix: add missing uri import 2015-10-17 19:33:52 +02:00
Dominik Richter
c01e1f2c74 lint: make sure variables are defined 2015-10-17 00:03:41 +02:00
Dominik Richter
df07e768d0 lint: replace obsolete URI.regexp 2015-10-17 00:03:37 +02:00
Dominik Richter
9224d5db58 bugfix: support ruby 1.9.3 2015-10-15 23:28:37 +02:00
Dominik Richter
56b88cba1d create factory for backend creation 2015-10-15 22:42:06 +02:00
Dominik Richter
6a51a5be00 remove rake tasks for runner tests
they are now found in train
2015-10-15 14:36:34 +02:00
Dominik Richter
132019a6d9 move backend creation to profile context
keeping it in the runner will create conflicts with rspec runners
2015-10-14 23:44:15 +02:00
Dominik Richter
be614e9056 migrate backend to Train project 2015-10-14 23:13:49 +02:00
Christoph Hartmann
693af465f6 fix lint issue 2015-10-12 13:23:11 +02:00
Christoph Hartmann
03f07e1a3e add to_s methods to resources, fixes #98 2015-10-12 13:01:58 +02:00
Christoph Hartmann
c5924b697c 0.7.0 2015-10-12 12:11:53 +02:00
Christoph Hartmann
f5448e919b remove p 2015-10-12 11:10:32 +02:00
Christoph Hartmann
c1f105bab8 improve iptables resource 2015-10-12 10:34:24 +02:00
Christoph Hartmann
ac4f0de673 simple iptables implementation 2015-10-12 10:34:24 +02:00
Christoph Hartmann
6af966e08b bugfix: return function if data is already cached 2015-10-12 00:18:58 +02:00
Christoph Hartmann
60618723ef fix typo 2015-10-10 23:29:44 +02:00
Christoph Hartmann
abb10db376 add apt implementation 2015-10-10 23:28:03 +02:00
Dominik Richter
28fb05ad97 reduce exposure of context, use backend for os detect
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-10-10 23:15:05 +02:00
Christoph Hartmann
9904e65923 run os detection in proper context 2015-10-10 01:24:39 +02:00
Christoph Hartmann
22c39bdf62 expose profile context 2015-10-10 01:24:39 +02:00
Christoph Hartmann
f4ed4cf7f5 optimize ping on windows 2015-10-09 19:21:12 +02:00
Christoph Hartmann
38ac1ea931 host resource for linux and windows 2015-10-09 19:10:10 +02:00
Christoph Hartmann
6f1181bc27 add windows support for bridge 2015-10-09 15:26:31 +02:00
Christoph Hartmann
90cf62d88e add bridge to available resources 2015-10-09 15:07:03 +02:00
Christoph Hartmann
337cd6aff8 implement bridge for linux 2015-10-09 15:06:10 +02:00
Dominik Richter
6aee38a23c feature: add interactive shell 2015-10-08 23:24:14 +02:00
Christoph Hartmann
9d92abf524 add windows support to network adapter 2015-10-08 13:01:50 +02:00
Christoph Hartmann
153c670952 introduce better network interface abstraction, add test cases 2015-10-08 13:01:50 +02:00
Christoph Hartmann
932b34e8de externalize linux handling in separate provider 2015-10-08 13:01:50 +02:00
Christoph Hartmann
4223d5b1ef implement interface for linux 2015-10-08 13:01:50 +02:00
Dominik Richter
285c83ba06 lint: dont use undefined vars
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-10-08 11:27:18 +02:00
Dominik Richter
4176d1b227 improvement: add default print method to resources 2015-10-08 11:06:20 +02:00
Christoph Hartmann
93df1656b5 simplify os detection 2015-10-07 18:46:24 +02:00
Christoph Hartmann
2499fc72f9 improve etc_group parser, keep parsed data internally instead of raw data 2015-10-07 18:45:08 +02:00
Christoph Hartmann
d2997400df add author information 2015-10-07 18:45:08 +02:00
Christoph Hartmann
94662bed12 improvement: identify groups case insensitive 2015-10-07 18:45:08 +02:00
Christoph Hartmann
b7739a84be implement group resource for windows 2015-10-07 18:45:08 +02:00
Christoph Hartmann
9fb51b44a2 modify etc_group to return complete group info 2015-10-07 18:45:08 +02:00
Christoph Hartmann
537728b41b test case where group or os is not available 2015-10-07 18:45:08 +02:00
Christoph Hartmann
8c5453a4da implement group resource for linux/unix 2015-10-07 18:45:07 +02:00
Christoph Hartmann
e57505739e improvement: return gids in etc_group as integer 2015-10-07 18:45:07 +02:00
Christoph Hartmann
3e9526d992 improvement: run etc_group on unix only 2015-10-07 18:45:07 +02:00
Christoph Hartmann
028e7f977e filter comments in /etc/group 2015-10-07 18:45:07 +02:00
Christoph Hartmann
949496776e move comment parser to utils 2015-10-07 18:45:07 +02:00
Christoph Hartmann
55e09963c8 improvement: expose os detector function in os resource 2015-10-07 18:28:34 +02:00
Christoph Hartmann
bcde1c6dc7 bugfix: fix typo 2015-10-07 18:27:58 +02:00
Christoph Hartmann
2e1c48bbd6 add windows family as helper function 2015-10-07 18:27:44 +02:00
Christoph Hartmann
01f0ae954c support OS detection and helper methods in mock backend 2015-10-07 18:27:17 +02:00
Christoph Hartmann
c85d042f53 remove inherited methods 2015-10-07 13:15:04 +02:00
Christoph Hartmann
9295a60913 add test case for script resource 2015-10-07 13:13:37 +02:00
Christoph Hartmann
05bdb44bf2 switch user resource to use new script resource 2015-10-07 13:05:04 +02:00
Christoph Hartmann
67f6ae5be2 implement run script resource for windows 2015-10-07 13:04:40 +02:00
Christoph Hartmann
8fff2ee989 add author header 2015-10-06 18:55:44 +02:00
Dominik Richter
fa4581489f ignore stderr on file content cat
reduced problems on CSH and others...
2015-10-06 15:49:19 +02:00
Dominik Richter
ba288cc86e bugfix: ensure resource registry is available to backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-10-06 14:12:32 +02:00
Dominik Richter
3439a34d16 bugfix: expose path in file resource
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-10-06 14:12:32 +02:00
Dominik Richter
5662bb7383 migrate transport runner tests 2015-10-06 00:06:13 +02:00
Dominik Richter
8005b52921 move backend creation out of runner
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-10-05 23:00:27 +02:00
Dominik Richter
56d8379fc9 move all resources to use the command resource
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-10-05 18:54:47 +02:00
Dominik Richter
76572df292 api: wrap transport and add resources to backend
What is currently available as `vulcano` inside resources (e.g. to call `vulcano.file(...)`, is now wrapped inside `vulcano.backend`. All other resources are now added to `vulcano.<RESOURCE>`, e.g. `vulcano.user`.
2015-10-05 18:48:07 +02:00
Dominik Richter
5912f0d3f1 feature: add resources to backend accessor
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-10-05 17:35:50 +02:00
Christoph Hartmann
f38ce7d5f4 bugfix: fix error, where the winrm default path is not set properly by default 2015-10-05 15:35:02 +02:00
Christoph Hartmann
d82eeb045e bugfix: use account instead of user, otherwise we get a response that falsifies the existence of a user 2015-10-05 14:57:09 +02:00
Christoph Hartmann
c5fa98c8eb bugfix: deal with non-array return values 2015-10-05 14:55:49 +02:00
Dominik Richter
5815dda5d0 api: simplify ssl configuration
* rename `--winrm-ssl` => `--ssl`, to be used by other transports as well
* rename `--winrm-self-signed` => `--self-signed`, to be used by other transports
2015-10-05 12:52:04 +02:00
Dominik Richter
6278e6924d feature: support specinfra+winrms:// backend for quick ssl config
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-10-05 12:52:04 +02:00
Christoph Hartmann
14c5c3f393 lint: remove whitespace 2015-10-05 12:28:28 +02:00
Christoph Hartmann
bb0734f8f3 cache requests 2015-10-05 11:50:49 +02:00
Christoph Hartmann
6b2064ad89 return password expiry information for linux 2015-10-05 11:50:49 +02:00
Christoph Hartmann
5dfb54e389 improve error case handling in user resource 2015-10-05 11:50:49 +02:00
Christoph Hartmann
af8bca193a add support to hash commands in mock backend 2015-10-05 11:50:49 +02:00
Christoph Hartmann
e0b66b1380 bugfix: shell and home detection for freebsd 2015-10-05 11:50:49 +02:00
Christoph Hartmann
cef7f7e785 implement home and shell for user resource on linux and freebsd 2015-10-05 11:50:49 +02:00
Christoph Hartmann
7bf78059d8 remove dub functions from passwd 2015-10-05 11:50:49 +02:00
Christoph Hartmann
57676d88a1 externalize passwd parser 2015-10-05 11:42:20 +02:00
Christoph Hartmann
535fc10b5d rewrite passwd resource to extract parser 2015-10-05 11:42:20 +02:00
Christoph Hartmann
3ff4a5d769 improve verification that a user exists 2015-10-05 11:42:20 +02:00
Christoph Hartmann
70a57de90c windows support for user resource 2015-10-05 11:42:20 +02:00
Christoph Hartmann
77f48cfcf3 move line-split to simple config 2015-10-05 11:42:20 +02:00
Christoph Hartmann
ceadaaca4a add basic support for freebsd 2015-10-05 11:42:19 +02:00
Christoph Hartmann
4c43c88778 implement basic user resource for linux and mac 2015-10-05 11:42:19 +02:00
Dominik Richter
938d13a7dc switch from open4 -> mixlib-shellout 2015-10-04 23:24:17 +02:00
Dominik Richter
fede3fb9fd use target path in configuring specinfra winrm
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-10-03 23:56:46 +02:00
Dominik Richter
369e61d0cd feature: add path to target specification
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-10-03 23:39:09 +02:00
Christoph Hartmann
b40ab55710 fix: rubucop lint 2015-10-03 14:02:34 +02:00
Christoph Hartmann
0a7dfce1e6 add author 2015-10-03 13:27:20 +02:00
Christoph Hartmann
47e0b38a10 bugfix: catch case where we retrieve an arrray 2015-10-03 13:27:20 +02:00
Christoph Hartmann
f387dbbb9e improvement: skip oneget if it is not running on windows 2015-10-03 13:27:20 +02:00
Dominik Richter
7d27b62794 simplify key assignment in conf 2015-10-02 22:41:25 +02:00
Dominik Richter
5825b4d6d4 rename --key-file to --key on cli
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-10-02 22:21:35 +02:00
Delivery Server
92b82a3cbf Merged change 24637cb4-1d10-4e45-b683-27d9e1ca9a4f
From review branch _reviews/master/bugfix-gem/3 into master

Signed-off-by: drichter <drichter@chef.io>
2015-10-02 15:37:59 +00:00
Christoph Hartmann
1eed6bcf11 use separate method to determine the pip command 2015-10-01 23:29:31 +02:00
Christoph Hartmann
54603e9545 optimize pip resource for windows 2015-10-01 23:26:56 +02:00
Christoph Hartmann
2a5736b8f9 bugfix: fix gem to string 2015-10-01 23:25:46 +02:00
Dominik Richter
ae10fefd15 fix warnings 2015-10-01 16:43:36 +02:00
Dominik Richter
12888c8dad bugfix: centos detection in docker centos:7.1.1503
It doesnt post the expected information in /etc/redhat-release:

    Derived from Red Hat Enterprise Linux 7.1 (Source)

Additionally in /etc/os-release:

    NAME="CentOS Linux"
	  VERSION="7 (Core)"
	  ...

Combine both files to fix the detection.
2015-09-30 13:44:24 +02:00
Dominik Richter
aa4593ff71 replace parseconfig with simpleconfig
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-30 12:19:55 +02:00
Dominik Richter
8b97bdbaa7 expose simpleconfig groups
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-30 12:18:09 +02:00
Dominik Richter
2d8b63cb22 feature: support simple config groups
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-30 12:00:38 +02:00
Dominik Richter
90de8763cf wrap up linting
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-30 02:20:47 +02:00
Dominik Richter
dd46027195 bugfix: require yaml in resource
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-30 01:48:59 +02:00
Dominik Richter
212f11243b simplify and fix stat handling
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-30 01:42:04 +02:00
Dominik Richter
28b3792325 let specinfra backend os support OSCommon methods
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-29 19:34:43 +02:00
Dominik Richter
3508201a5d split out unix stat
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-29 19:18:48 +02:00
Dominik Richter
15d5cc7ca0 split up specinfra backend helper
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-29 15:27:58 +02:00
Dominik Richter
1e0405bf74 allow for empty config in target_config
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-28 13:03:05 +02:00
Dominik Richter
78d98388f8 add amazon scientific and xenserver to redhat distros in detection
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-28 12:46:46 +02:00
Dominik Richter
4e15e425a4 move darwin to bsd type
see: https://en.wikipedia.org/wiki/Darwin_%28operating_system%29#/media/File:Unix_timeline.en.svg
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-28 12:14:40 +02:00
Dominik Richter
4f0c0d7f21 add unit tests to os common detection
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-28 11:52:50 +02:00
Dominik Richter
c77a0a1c81 api: make mock backend quiet by default
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-28 11:27:19 +02:00
Dominik Richter
7019b1f659 generalize and simplify os detect methods
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-28 11:15:41 +02:00
Dominik Richter
2eb94f5e2e be more explicit about detecting unix
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-28 11:06:38 +02:00
Dominik Richter
bc98b3330f feature: add helpers for OS families
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-28 11:06:38 +02:00
Dominik Richter
093600b85f split up os detection for linting
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-26 13:12:52 +02:00
Dominik Richter
d839cbc8f7 lint the profile context
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-26 12:41:13 +02:00
Dominik Richter
1efb61ab80 lint service
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-26 12:25:02 +02:00
Dominik Richter
d28c5a85fe lint mysql
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-26 12:25:02 +02:00
Dominik Richter
9885e7683b lint port resource
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-26 12:25:02 +02:00
Christoph Hartmann
94ac889ff2 fix robocop lint issues 2015-09-25 19:46:46 +02:00
Christoph Hartmann
7cea90ef3a fix lint issues 2015-09-25 19:34:25 +02:00
Dominik Richter
3fe0c90733 overhaul rule structure
* rename VulcanoBaseRule -> Vulcano::Rule
* initialize rule inside the ProfileContext
* attach all resources to ProfileContext and all rules created within
* rename rule.rb -> dsl.rb, now only containing DSL information
* rename base_rule.rb -> rule.rb, now containing everything for rule

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-25 19:16:32 +02:00
Christoph Hartmann
ec7a743f21 Merge pull request #51 from chef/ssh-transport
Verify ssh transport backend
2015-09-25 15:06:00 +02:00
Dominik Richter
6d7a46a589 bugfix: do not allocate pty on ssh by default
PTY will effectively disable stderr output, so avoid it for now.

It will come up very soon when we get back to sudo; see if fifo or other solutions might be used. Stderr is important for accurate command execution...

For reference see this wonderful explanation:

http://unix.stackexchange.com/a/134169
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-25 13:25:57 +02:00
Christoph Hartmann
ea75b361a7 bugfix: systemd is default on debian 8 2015-09-25 12:58:17 +02:00
Christoph Hartmann
007d292890 rewrite systemv service implementation, read enabled services from rc 2015-09-25 12:58:03 +02:00
Christoph Hartmann
11ffdeddad improvement: return nil, if no description for service is available 2015-09-25 12:54:08 +02:00
Christoph Hartmann
9ac2e6e00b improvement: use onestatus instead of status for freebsd, return nil as service description for freebsd 2015-09-25 12:51:25 +02:00
Christoph Hartmann
d5d517af0a improve service handling for mac and add unit tests 2015-09-25 12:51:12 +02:00
Christoph Hartmann
36ad0dd5a0 add arch linux support for service resource 2015-09-25 12:48:57 +02:00
Christoph Hartmann
f302ca7087 bugfix: fix regular expression to parse systemd results 2015-09-25 12:48:38 +02:00
Christoph Hartmann
cb3d170ce6 add centos 7 unit mock for service resource 2015-09-25 12:48:21 +02:00
Dominik Richter
c3d226e4a2 add os detection to ssh backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-25 12:37:37 +02:00
Dominik Richter
8fe3b8ad4d add ssh configuration options
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-25 12:37:35 +02:00
Christoph Hartmann
2a3c3270b3 bugfix: use volcano.os instead of os 2015-09-25 11:52:33 +02:00
Christoph Hartmann
3e16791f52 bugfix: catch case in service resource, where the OS is not supported 2015-09-25 11:52:33 +02:00
Dominik Richter
a051224462 improvement: be explicit on specinfra file content handling
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-25 09:55:48 +02:00
Dominik Richter
773548551d bugfix: specinfra file handling on bsd over ssh
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-25 01:16:39 +02:00
Dominik Richter
5ed71ef444 bugfix: error handling on file backend in specinfra 2015-09-24 22:46:02 +02:00
Dominik Richter
1e5fc59fa8 bugfix: handle selinux label (null)
Return nil instead of (null), as it is a special output of stat.
2015-09-24 10:36:21 +02:00
Dominik Richter
7a6675394c bugfix: linux file dont return selinux label ?
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-24 10:36:21 +02:00
Dominik Richter
3ed1c29039 bugfix: linux file content for folder/missing
Dont return empty strings when reading a directory or if the path doesnt exist. Instead return nil.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-24 10:36:21 +02:00
Christoph Hartmann
5151f42d7d add package unit test for unsupported os 2015-09-23 23:30:31 +02:00
Christoph Hartmann
af0591ab70 fix lint 2015-09-23 23:30:31 +02:00
Christoph Hartmann
a9c96dfbab fix: resolve unit test errors for arch and centos 2015-09-23 23:30:31 +02:00
Christoph Hartmann
968ed7a576 add todos for windows 2015-09-23 23:15:40 +02:00
Christoph Hartmann
476ac63036 return more detailed protocol information: tcp, udp, tcp6, udp6 2015-09-23 23:15:40 +02:00
Christoph Hartmann
563785d8a6 return arrays, since a port may run on multiple interfaces 2015-09-23 23:15:40 +02:00
Christoph Hartmann
a7b0520289 simplify check if port is available 2015-09-23 23:15:40 +02:00
Dominik Richter
a3e5984763 simplify a few calls
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-23 23:15:40 +02:00
Christoph Hartmann
d889f0b0b1 port resource support for FreeBSD 2015-09-23 23:08:54 +02:00
Christoph Hartmann
b47ec509fd port resource support for Windows 2015-09-23 23:08:19 +02:00
Christoph Hartmann
4eeb84945c port resource support for MacOS 2015-09-23 23:07:07 +02:00
Christoph Hartmann
c187230336 implement port resource for linux 2015-09-23 18:12:51 +02:00
Christoph Hartmann
52f7ddd899 add comment windows version determination 2015-09-23 13:24:55 +02:00
Christoph Hartmann
18e420bb31 remove windows 2003 r2, shares the same version number as windows 2003, only distinguishes via build number 2015-09-23 13:23:03 +02:00
Dominik Richter
ab155f7db6 bugfix: windows server 2008 detection
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-23 10:38:46 +02:00
Dominik Richter
1076dcbd52 remove os_ prefix from detect json syntax
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-23 10:25:05 +02:00
Dominik Richter
7ccd88f1a2 improvement: os detection on unix
provided the platform family hint == "unix" run tests for all supported unix systems
also clarify the role of linux detection as the last step

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 19:43:11 +02:00
Dominik Richter
a9c129540b bugfix: file common for linked_to? tests
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 19:43:11 +02:00
Dominik Richter
f472e8a5c0 expose os to docker backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 19:43:11 +02:00
Dominik Richter
fc14706a0a expose link_path in file resource
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 19:43:11 +02:00
Dominik Richter
5fec383788 bugfix: detect os via unames
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 16:25:17 +02:00
Dominik Richter
c3fa247e6a bugfix: local file owner
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 14:24:22 +02:00
Christoph Hartmann
6b3365682d fix comment 2015-09-22 02:27:04 +02:00
Christoph Hartmann
7ccc8baa37 improvement: switch back from OpenStruct to Hash 2015-09-22 02:27:04 +02:00
Christoph Hartmann
cf3dddf1a3 add csv support 2015-09-22 02:27:04 +02:00
Christoph Hartmann
b9d4fc6d8c add yaml resource 2015-09-22 02:27:04 +02:00
Christoph Hartmann
0e43d4ca6a add json resource 2015-09-22 02:27:04 +02:00
Dominik Richter
6be9c6822d fix issue with premature matching
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:04 +02:00
Christoph Hartmann
42a989606b implement kernel_parameter resource 2015-09-22 02:27:04 +02:00
Christoph Hartmann
ef9471e86c implement kernel_module resource 2015-09-22 02:27:04 +02:00
Dominik Richter
c56dee4d0f implement fake os method for mock backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:03 +02:00
Christoph Hartmann
8b6fccee92 implement windows_feature resource 2015-09-22 02:27:03 +02:00
Dominik Richter
bb18ce52e2 update function+test calls from exists? -> exist? 2015-09-22 02:27:03 +02:00
Dominik Richter
366bc44d0d rename command().exists? -> command().exist?
This is in line with Ruby 2.1 changes in renaming File and Dir exists? to exist?
See previous commit

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:03 +02:00
Dominik Richter
0b7eb60028 File.exists? is deprecated in ruby 2.1
See:
http://ruby-doc.org/core-2.1.0/File.html#method-c-exists-3F

Same for Dir:
http://ruby-doc.org/core-2.1.0/Dir.html#method-c-exists-3F

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:03 +02:00
Christoph Hartmann
78fea3d3a2 support package for windows 2015-09-22 02:27:03 +02:00
Christoph Hartmann
f9501577e4 improve code style 2015-09-22 02:27:03 +02:00
Christoph Hartmann
5019664d4d bugfix: catch cases, where no service is available 2015-09-22 02:27:03 +02:00
Dominik Richter
7fb41cdbee remove conditional or on release for detect util
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:03 +02:00
Dominik Richter
13f7429509 remove commented fedora code
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:03 +02:00
Dominik Richter
e78fbf1b96 move windows OS detection to backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:02 +02:00
Dominik Richter
94d748efd1 add os name to detect util
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:02 +02:00
Dominik Richter
f0215a4380 specinfra backwards compatibility for darwin/osX
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:02 +02:00
Dominik Richter
0ed2f1b535 fix inverted darwin detection
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:02 +02:00
Dominik Richter
ca753cdb83 feature: add os resource 2015-09-22 02:27:02 +02:00
Dominik Richter
50dd82e150 feature: OS detection 2015-09-22 02:27:02 +02:00
Christoph Hartmann
34889913b4 bugfix: fix simplified runner configuration 2015-09-22 02:27:02 +02:00
Dominik Richter
9de015ae2d improvement: simplify runner configuration
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:02 +02:00
Christoph Hartmann
37783385d4 implement service for FreeBSD 2015-09-22 02:27:02 +02:00
Christoph Hartmann
e06eed2178 Merge pull request #19 from chef/improvements
Improvements
2015-09-22 02:27:01 +02:00
Dominik Richter
4965bfd36d make installed? always return true/false
Dont return nil als a falsy result.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:01 +02:00
Dominik Richter
38a77efb4a fix failing tests
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:01 +02:00
Dominik Richter
535bddd944 move out local file user/group name
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:01 +02:00
Dominik Richter
bef9cbf3e7 prevent yum repo shortname matching to nil
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:01 +02:00
Dominik Richter
4d7c11b980 lazy eval ssh config params
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:01 +02:00
Dominik Richter
dcc790b8a9 simplify nested params retrieval
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:01 +02:00
Dominik Richter
55a26cfba7 align pip resource with info handling
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:01 +02:00
Dominik Richter
10926935e2 align oneget resource with info handling
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:01 +02:00
Dominik Richter
f395ebf6df lazy eval ntp conf
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:01 +02:00
Dominik Richter
508a6889d1 align npm resource with info handling
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:01 +02:00
Dominik Richter
fc9764aa36 lazy eval login.defs
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:01 +02:00
Dominik Richter
3508219428 lazy eval limits.conf
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:01 +02:00
Dominik Richter
6a6c1fd7c8 lazy eval inetd conf
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:01 +02:00
Dominik Richter
075313b10e cache gem package results
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:01 +02:00
Dominik Richter
bfad1e1509 lazy eval auditd conf
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:01 +02:00
Christoph Hartmann
341a4ba98d improvement: simplify readability of nil checks 2015-09-22 02:27:01 +02:00
Christoph Hartmann
db81929dd7 minor style improvement 2015-09-22 02:27:01 +02:00
Christoph Hartmann
c081cfac82 improve reliability of method_missing 2015-09-22 02:27:01 +02:00
Christoph Hartmann
05dd53b5b4 improvement: skip package resource if not supported on OS 2015-09-22 02:27:00 +02:00
Dominik Richter
9608e2e29b bugfix: specinfra selinux label handling
as specinfra doesnt work with respond_to?, just call the method and catch the error.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:00 +02:00
Christoph Hartmann
a88304d030 remove method missing for yum resource 2015-09-22 02:27:00 +02:00
Dominik Richter
6c29580de0 enforce file content encoding to utf8
this is also in line with specinfra compatibility

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:00 +02:00
Christoph Hartmann
046f3fe9e4 fix robocop issues 2015-09-22 02:27:00 +02:00
Dominik Richter
c06fe38981 bugfix: dont strip specinfra file content output
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:00 +02:00
Christoph Hartmann
8113df6d44 bugfix: fix sysv implementation 2015-09-22 02:27:00 +02:00
Dominik Richter
61e7559489 fix bsd stat detection
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:00 +02:00
Christoph Hartmann
2e46e0781a bugfix: fix initctl matcher to detect enabled services 2015-09-22 02:27:00 +02:00
Dominik Richter
13ce808a90 bugfix: specinfra is missing methods for freebsd
Add getter for user/group/mode for freebsd, as specinfra will execute these calls but not return anything.
2015-09-22 02:27:00 +02:00
Christoph Hartmann
7806951051 add fedora support 2015-09-22 02:27:00 +02:00
Dominik Richter
a1a0e10c5a extend linux file with bsd stat
TODO: we must start separating between the different UNIXes and maybe call this something better than LinuxFile, but for now: since most of the things will stay the same, add the bsd stat command as an alternative to the linux stat command and parse its output.
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:00 +02:00
Dominik Richter
82f89aa1db bugfix: dont fail on specinfra selinux_label on freebsd
the call shouldnt be made, but in case it is, dont just fail mit NoMethodError

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:27:00 +02:00
Christoph Hartmann
2484623220 add comments 2015-09-22 02:26:59 +02:00
Christoph Hartmann
d2e110e183 add debian support and improve regex 2015-09-22 02:26:59 +02:00
Christoph Hartmann
7239c7ced5 add service implementation for systemv 2015-09-22 02:26:59 +02:00
Christoph Hartmann
eb8c9411c7 remove comments 2015-09-22 02:26:59 +02:00
Christoph Hartmann
05e95477e3 add support for macos in service resource 2015-09-22 02:26:59 +02:00
Christoph Hartmann
6b07372bb9 bugfix: handle nil for service info 2015-09-22 02:26:59 +02:00
Christoph Hartmann
1b5e6fa7af select init system by os version for now 2015-09-22 02:26:59 +02:00
Christoph Hartmann
4479001763 add upstart implementation for service resource 2015-09-22 02:26:59 +02:00
Christoph Hartmann
b8d0edecfb add systemd implementation for service 2015-09-22 02:26:59 +02:00
Christoph Hartmann
204e6f5021 skip resource, if os is not supported 2015-09-22 02:26:59 +02:00
Christoph Hartmann
9da4e7674e use volcano.os 2015-09-22 02:26:59 +02:00
Christoph Hartmann
9aa0b1cf4a rename service_info to info 2015-09-22 02:26:59 +02:00
Christoph Hartmann
21040b9b03 implement service resource for windows 2015-09-22 02:26:59 +02:00
Dominik Richter
f18381a7d3 return nil for specinfra content on directories
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:26:59 +02:00
Dominik Richter
7137a9625b expose backend file path
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:26:58 +02:00
Dominik Richter
d16f76c9ce pull in selinux label on local backend runner
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:26:58 +02:00
Dominik Richter
b13a1b574d let specinfra support empty block device content 2015-09-22 02:26:58 +02:00
Dominik Richter
7f19111b1b bugfix: catch lstat errors on local backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:25:52 +02:00
Dominik Richter
ef9b299319 api: specinfra reports nil on non-existent files
Check the responses and make sure we dont blindly return eg: size=0 or group="" or user="" for files that dont exist.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:25:52 +02:00
Dominik Richter
4aef4821cc bugfix: target_type check for pipe
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:25:52 +02:00
Dominik Richter
b8ae2ee7a3 api: specinfra content returns nil on block_device
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:30 +02:00
Dominik Richter
d2ade9f247 bugfix: nil content on specinfra empty files
Only return nil for no content on specinfra files if the file actually has any content. ie. when we were not able to read the content then provide the answer of nil. if the file has no content, return an empty string. this leaves the error case where empty files cannot be read, which will not be signaled via content from specinfra.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:30 +02:00
Dominik Richter
d8dea86e6e api: return nil for md5/sha256/content empty
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:30 +02:00
Dominik Richter
e0b89e6ae2 bugfix: return nil on file content read errors
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:30 +02:00
Dominik Richter
2c00423c3e read symlink destination file types
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:30 +02:00
Dominik Richter
6f4f0b570c inject specinfra backend helper into file
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:30 +02:00
Dominik Richter
5f472d9735 use lstat for local backend to read symlinks
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:30 +02:00
Dominik Richter
3e16407454 rename file link_target -> link_path
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:30 +02:00
Dominik Richter
60f9e643aa api: specinfra mtime returns unix seconds
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:30 +02:00
Dominik Richter
04a8cfddf4 ignore exit code on linux stat
For now: Since stat throws exit code 1 on selinux label checks if no selinux label (or system) is present, it would signal us to disregard results. However, the results are actually complete and can be fully used, with selinux_label becoming "?".

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:29 +02:00
Dominik Richter
526518fabd api: set specinfra product_version + file_version to nil
whenever the label is empty (typically on all *nix systems) set it to nil instead of ""

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:29 +02:00
Dominik Richter
55bd535599 api: specinfra set selinux label to nil
Whenever the selinux label is empty, set it to nil instead of '?' or ''.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:29 +02:00
Dominik Richter
534a9ce57a bugfix: always return file stat 2015-09-22 02:17:29 +02:00
Dominik Richter
c86a68950a improvement: add optimized local file module
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:29 +02:00
Christoph Hartmann
6e76dd689e bugfix: set host for ssh config in specinfra 2015-09-22 02:17:28 +02:00
Dominik Richter
8f45afffcd move up specinfra property detection
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:28 +02:00
Dominik Richter
48b25e893d bugfix: specinfra re-detect backend os
By default it uses the currently running OS on initialization, instead of the OS configured via backend. Force its reinitialization by resetting all properties.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:28 +02:00
Christoph Hartmann
dfb330e7e8 use backend os detection in resources 2015-09-22 02:17:28 +02:00
Christoph Hartmann
7b5bbc8a5f patch specinfra os detection 2015-09-22 02:17:28 +02:00
Christoph Hartmann
1bf94016a7 rename Command to Cmd 2015-09-22 02:17:28 +02:00
Christoph Hartmann
43d49a348f bugfix: require specinfra backend 2015-09-22 02:17:28 +02:00
Dominik Richter
54b37b0b96 unify reporting on concurrent tests
Take control of the rspec runner loop and make sure all of our concurrent tests are executed in one reporting chain. It goes: Start reporting, concurrently run container+test+kill, stop and publish reporting.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:28 +02:00
Dominik Richter
c6f896cad3 run full docker test in parallel
With just one more issue left: the formatter is going to report multiple time, including spitting out errors multiple times. Also need to remove some of the custom formatting around the current state of containers.

As a bonus: This further improved testing speed (30% on the current environment) and will allow us to grow the supported platforms for tests easily.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:27 +02:00
Dominik Richter
37ad8f9531 run test setup concurrently + only once
Instead of having RSpec re-run its world multiple times, run it only once with all tests.

Which leaves us with one more thing to solve: we want to start tests as soon as the container is up and they are set up. At the moment, the containers come up and are set up concurrently, including test registry, but the tests themselves are in simple sequence.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:27 +02:00
Dominik Richter
eb2e18b75d remove leftover includes
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:17:27 +02:00
Dominik Richter
945dee74cc Merge pull request #10 from chef/oneget
add oneget resource
2015-09-22 02:17:27 +02:00
Christoph Hartmann
33f9dd8e87 add oneget resource 2015-09-22 02:17:21 +02:00
Christoph Hartmann
d0d9a66e4a move user default settings to backend 2015-09-22 02:15:43 +02:00
Dominik Richter
3e02e622c5 bugfix: linux file stat parameters and mount
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:43 +02:00
Christoph Hartmann
51fff9104b bugfix: use instance variable, include winrm 2015-09-22 02:15:43 +02:00
Christoph Hartmann
b03db74798 improvement: set default user at a later stage to support user@target 2015-09-22 02:15:43 +02:00
Dominik Richter
2db06783fb update find_files for all other resources
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:43 +02:00
Dominik Richter
165c08799f bugfix: deep merge mysql conf parameters
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:43 +02:00
Dominik Richter
4852842bf6 feature: add hash utility for deep_merge
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
58fa9bc6c7 update mysql_conf to work with new find_files
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
1345c1d017 update findfiles to work with new backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
f1cc7cbf9b lint utils
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
753e7775ef lint detect
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
486c5fde1c fix code complexity lint
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
0d5ee00ac5 reduce branch size complexity mysql (lint)
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
470c2ef920 wrap up core resource linting
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
903b9642e4 lint resources
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
74da29c3ed lint vulcano lib files
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
07cb7efe36 lint targets
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
46b300f409 finish linting backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
e5686ea4e2 lint backends
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
cfbd5ccfc0 lint plugins
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:42 +02:00
Dominik Richter
6e01505414 lint
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:41 +02:00
Dominik Richter
67b5ecc06e bugfix: force PTY on SSH connection
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:41 +02:00
Christoph Hartmann
1570e8e7af Merge pull request #4 from chef/docker
Start Docker + SSH backends
2015-09-22 02:15:41 +02:00
Dominik Richter
1359152fc6 add ssh channels to get command stdout/stderr/status
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:41 +02:00
Dominik Richter
0a13817639 feature: add ssh backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:41 +02:00
Dominik Richter
e3373679ec feature: add docker container backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:41 +02:00
Christoph Hartmann
238f1b2016 add pip resource to verify gem packages 2015-09-22 02:15:41 +02:00
Christoph Hartmann
bdb859b730 add npm resource to verify gem packages 2015-09-22 02:15:41 +02:00
Dominik Richter
275039dead more rubocop
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:41 +02:00
Christoph Hartmann
0171b2e2f2 add gem resource to verify gem packages 2015-09-22 02:15:41 +02:00
Christoph Hartmann
77815154eb add the be_installed matcher 2015-09-22 02:15:41 +02:00
Christoph Hartmann
9783751741 implement package resource 2015-09-22 02:15:41 +02:00
Dominik Richter
a6c47a2e39 rubocop
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:40 +02:00
Dominik Richter
dcdf8ea0e2 init linux_file owner class
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:40 +02:00
Dominik Richter
a9bd476cb5 feature: configure specinfra backend
via target or backend config; set the backend to: specinfra+exec, specinfra+ssh, specinfra+winrm, specinfra+docker etc.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:40 +02:00
Dominik Richter
03e6402f5c use LinuxFile to get type information in specinfra backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:40 +02:00
Dominik Richter
13bc7f4015 move linux file handling to separate class
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 02:15:40 +02:00
Dominik Richter
686134e06b bugfix: url handler crashing on handles?
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 01:42:26 +02:00
Dominik Richter
0125bcace8 add call tracing to mock backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 01:42:26 +02:00
Dominik Richter
0abef702fc initialize @stat in local backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 01:42:26 +02:00
Dominik Richter
ecad431bc6 move mock_command into mock, out of helper
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 01:23:08 +02:00
Dominik Richter
17386740c7 dont redefine classmethod on initialize
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 01:23:08 +02:00
Dominik Richter
f1c454aae3 typo fix on @commands
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 01:23:08 +02:00
Dominik Richter
cb5f2d4409 bugfix: inherit base methods
Don't redefine methods that aren't there yet. yes: ruby parses top down at at that point we don't have these methods yet anyway, so don't :send them to the class

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 01:23:08 +02:00
Dominik Richter
32a6f01d1f simplify mock backend association
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 01:23:08 +02:00
Dominik Richter
ea91af6da1 lint
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 01:23:08 +02:00
Dominik Richter
93a3bc8e58 dont reference backend in local command
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 01:23:08 +02:00
Dominik Richter
1d1220983a feature: local backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-22 01:23:08 +02:00
Christoph Hartmann
a7efec310b implement yum resource 2015-09-22 01:10:56 +02:00
Christoph Hartmann
7e9eb2920d add usage header for audit resource 2015-09-21 14:12:34 +02:00
Christoph Hartmann
62d0b217f9 optimize comments for audit_policy resource 2015-09-21 14:09:43 +02:00
Christoph Hartmann
e57e5f3fd6 bugfix: use new volcano backend for registry key 2015-09-21 14:09:10 +02:00
Christoph Hartmann
92ff33cbba improvement: use separate object to hold filter state, optimize users output 2015-09-21 14:07:58 +02:00
Christoph Hartmann
d40ab9a9ad bugfix: set default path for inetd_conf 2015-09-21 14:06:01 +02:00
Christoph Hartmann
0d7d01efbd bugfix: set default path for limits.conf 2015-09-21 14:04:02 +02:00
Christoph Hartmann
797d24c14a add login_def resource unit test 2015-09-21 14:01:51 +02:00
Christoph Hartmann
9358ac3035 rename env.rb to os_env.rb 2015-09-21 13:58:47 +02:00
Christoph Hartmann
672f03a0dd improve output of ntp resource for single value arrays 2015-09-21 13:58:03 +02:00
Christoph Hartmann
7295e4c16f improve handling on uid data view 2015-09-21 13:56:08 +02:00
Christoph Hartmann
852e5ae627 improvement: remove class variables from security policy implementation 2015-09-21 13:52:49 +02:00
Christoph Hartmann
53eb3b6990 bugfix: escape string before regex, fix regular expression to identify key 2015-09-21 13:52:33 +02:00
Christoph Hartmann
e9e24a6bd5 use new volcano backend for security policy 2015-09-21 13:51:27 +02:00
Christoph Hartmann
f0ac64cf31 improvement: extend mock to support simulated cmds 2015-09-21 13:43:09 +02:00
Christoph Hartmann
cdf15b9dd1 bugfix: support multiple values in ssh config like 'HostKey', improve readability by extracting the first value from array, if we have only one value 2015-09-21 13:43:09 +02:00
Christoph Hartmann
0e8651bf26 fix rubocop issues 2015-09-05 16:07:54 +02:00
Christoph Hartmann
36c9de7529 more rubocop fixes 2015-09-04 09:59:30 +02:00
Christoph Hartmann
91ea24d538 replace :: with . syntax 2015-09-04 09:15:20 +02:00
Christoph Hartmann
bbbb8380ca replace raise with fail 2015-09-03 23:24:42 +02:00
Christoph Hartmann
556bb5a0f0 remove empty lines 2015-09-03 23:20:53 +02:00
Christoph Hartmann
1773d20178 use single quotes 2015-09-03 23:18:28 +02:00
Christoph Hartmann
5c137a7ab1 remove redundant return 2015-09-03 20:45:37 +02:00
Christoph Hartmann
349d5bf9f1 harmonize method definition style 2015-09-03 20:43:58 +02:00
Christoph Hartmann
7bdcc00e94 add utf-8 header 2015-09-03 20:36:46 +02:00
Christoph Hartmann
5612752b82 use single quotes 2015-09-03 20:35:23 +02:00
Christoph Hartmann
a895d19f03 simplify mock file loading method 2015-09-03 17:53:38 +02:00
Christoph Hartmann
a206d0ef09 (re)add debug for mock backend 2015-09-03 17:51:08 +02:00
Christoph Hartmann
7db6941219 feature: add bond resource implementation 2015-09-03 17:34:11 +02:00
Christoph Hartmann
ceb68f94cf feature: extend mock framework to support file mappings 2015-09-03 17:34:11 +02:00
Dominik Richter
c9fcb2913a complete all file tests
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-03 16:17:52 +02:00
Dominik Richter
29a143a67f remove file ctime
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-03 15:43:30 +02:00
Dominik Richter
708fa8485d bugfix: reset specinfra backends between runs manually
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-03 15:32:33 +02:00
Dominik Richter
f54fa6537a use string for backend conf
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-03 14:56:08 +02:00
Dominik Richter
f618fa391b bugfix: specinfra file type detection
mask & tmask returns non-zero values, if some bits fit the file-type. this leads to overlapping results. make sure the mask result has the full mask present, then use it.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-03 14:14:57 +02:00
Dominik Richter
841198993d runner conf must use string-keys
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-03 13:43:32 +02:00
Dominik Richter
18701752a7 improvement: make runner config map work with keys and string
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-03 12:56:40 +02:00
Dominik Richter
199cb84ab3 not implemented only throws on missing methods
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-02 17:30:49 +02:00
Dominik Richter
951f63c6c8 feature: configurable formatter for test exec
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-02 16:44:14 +02:00
Dominik Richter
1c2ab098f5 specify methods all backends must implement
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-02 11:53:25 +02:00
Dominik Richter
05b4167971 start backend and file tests
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-02 04:55:22 +02:00
Dominik Richter
32964c1e4e tests for backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-02 04:19:23 +02:00
Dominik Richter
e08787d14e move file interface + helpers to backend plugin
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-02 00:50:52 +02:00
Dominik Richter
f60b7580d5 complete specinfra file backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-01 11:48:50 +02:00
Dominik Richter
a64597594e minor bugfixes
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-09-01 11:11:34 +02:00
Dominik Richter
04db46f116 add aliases for target and backend
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 19:49:39 -07:00
Dominik Richter
601abe2579 rename backend reference @vulcano -> vulcano
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 19:33:15 -07:00
Dominik Richter
b2e031c056 start serverspec migration
This project is inspired by Serverspec and all the wonderful contributions that went into it. Thank you all so much! We have used Serverspec as our audit base and have now a slightly different perspective. We hope to continue the spirit on this path. Hopefully both projects will find their way together.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 17:36:05 -07:00
Dominik Richter
d292ed6ea5 migrate directory resource
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 17:24:34 -07:00
Dominik Richter
e5daa52064 fix ssh config path
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 17:18:37 -07:00
Dominik Richter
1bbe67682e start migrating file resource
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 17:14:17 -07:00
Dominik Richter
50a5803427 rename is_file? -> file?
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 17:13:53 -07:00
Dominik Richter
431c27d4ab migrate all specinfra backends
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 17:13:07 -07:00
Dominik Richter
40784c7c8e safeguard against empty backends
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 16:31:36 -07:00
Dominik Richter
de27b3d8e9 move mock backend to new plugin structure
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 16:14:28 -07:00
Dominik Richter
a8ed53c337 move backend to new plugin structure
use the same structure as for resources

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 16:11:23 -07:00
Dominik Richter
df8a668d8c combine resoure+resources -> resource.rb
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 16:08:17 -07:00
Dominik Richter
84102b89de rename contents -> content
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 02:10:36 -07:00
Dominik Richter
5a8bcf2b93 migrate file resource
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-29 00:44:16 -07:00
Dominik Richter
1d805aca2c migrate group policy
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 16:09:35 -07:00
Dominik Richter
554accdedc reimplement command resource
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 16:08:24 -07:00
Dominik Richter
e0459c4116 migrate all of audit
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 16:04:52 -07:00
Dominik Richter
2a8b8d3394 migrate env and apache conf
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 13:02:18 -07:00
Dominik Richter
dddc9daed0 migrated inetd config and etc group
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 12:52:59 -07:00
Dominik Richter
2103a4485b migrate limits and login defs
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 12:47:37 -07:00
Dominik Richter
8004d6f129 migrate all mysql resources
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 12:41:48 -07:00
Dominik Richter
1a45f32f0b migrated all postgres resources
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 12:37:03 -07:00
Dominik Richter
83d846ac7f migrate ntp conf and parse_config
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 12:32:17 -07:00
Dominik Richter
d9d67e943a migrate passwd and processes
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 12:27:35 -07:00
Dominik Richter
dc0f61a0ef migrate registry_key + security_policy
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 11:52:22 -07:00
Dominik Richter
d7bcf6dfea move resource plugin to vulcano/plugins
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 11:49:21 -07:00
Dominik Richter
2c2d2d8d27 rename resources -> tests in the context of runner
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 10:13:05 -07:00
Dominik Richter
3bf8037638 move to a simpler plugin structure
This has been inspired in its calling structure by the wonderful work done in Vagrant. Kudos to all contributors!

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-28 10:10:03 -07:00
Dominik Richter
9e7ea1ef5d move ssh_conf to new structure
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-27 20:02:38 -07:00
Dominik Richter
90a2d45462 create new pluggable profile context
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-27 13:59:58 -07:00
Dominik Richter
a1af0ad24b start mock backend and change backend mechanics
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-27 13:59:15 -07:00
Dominik Richter
7e1f9b8a15 move resources lib
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-27 13:58:07 -07:00
Dominik Richter
38a99c065a 0.6.1
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-24 14:25:29 -07:00
Dominik Richter
22ce1d4b0d add docker backend support
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-24 10:35:03 -07:00
Christoph Hartmann
3570295007 bugfix: remove debug message 2015-08-14 01:46:43 -07:00
Christoph Hartmann
6e7d2f6bcf detect windows versions 2015-08-14 01:43:02 -07:00
Christoph Hartmann
e4de940dfe improve windows detection 2015-08-14 00:49:31 -07:00
Dominik Richter
8c82bca280 bugfix: skip resources with message
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-13 23:22:56 -07:00
Dominik Richter
1890ba9226 bugfix: correctly detect code line of block
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-13 22:51:53 -07:00
Dominik Richter
75c30d9892 bugfix: remove unnecessary only_if outer definition
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-13 22:36:50 -07:00
Dominik Richter
086d385fe0 add detect utility to get os info
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-13 17:18:17 -07:00
Dominik Richter
90ed1aed99 fix missing require winrm
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 23:45:32 -07:00
Dominik Richter
6360bf825f fix wrong variable ref
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 23:39:12 -07:00
Dominik Richter
83432ccfb4 fix typo
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 23:31:47 -07:00
Dominik Richter
1a165bc886 change the default impact to 0.5
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 23:05:26 -07:00
Dominik Richter
225b49fbd2 0.6.0
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 22:47:29 -07:00
Dominik Richter
5875864f45 move zip and tar helpers
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 22:45:42 -07:00
Dominik Richter
7a59d9ce76 feature: start github uri reader
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 22:34:37 -07:00
Christoph Hartmann
9065eaa35c add zip and tar helper 2015-08-12 21:14:48 -07:00
Dominik Richter
61794072e5 generalize folder handling
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 20:47:02 -07:00
Dominik Richter
9f0b6ebc46 add targets for chef-audit and serverspec
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 19:19:36 -07:00
Dominik Richter
6e4381f2d4 turn backend into a separate object
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 19:07:01 -07:00
Dominik Richter
9ba4fb1d00 add configurable targets and backends
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 18:48:17 -07:00
Dominik Richter
cecd86a119 improvement: unify ID generation for all tests
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 17:29:23 -07:00
Dominik Richter
7f67a088cb feature: --target option for scans
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 17:05:32 -07:00
Dominik Richter
be1cead58e improvement: always give a title to spec files
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 16:27:32 -07:00
Dominik Richter
5b0f5252c6 shorten anonymous describe IDs
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 15:17:18 -07:00
Dominik Richter
116a9b46d8 run multiple files by aggregating results
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 15:16:50 -07:00
Dominik Richter
360da9a7ba feature: configure ssh+winrm targets on CLI-runner
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 14:19:44 -07:00
Dominik Richter
33043dd6a1 feature: run tests from cli
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-08-12 12:03:41 -07:00
Your Name
f6509b7f81 add method_source gem for getting source code
Signed-off-by: Your Name <your.name@email.com>
2015-08-10 00:01:11 +00:00
Your Name
0108ab2c75 simplify ruby source block detection
Signed-off-by: Your Name <your.name@email.com>
2015-08-09 20:31:51 +00:00
Your Name
39343367c2 feature: include rule code in json
Signed-off-by: Your Name <your.name@email.com>
2015-08-09 18:29:59 +00:00
Dominik Richter
5e8af49561 runtime bugfixes
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 23:39:43 -07:00
Dominik Richter
61f5f95147 make sure etc group values in where clause are strings
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 20:49:55 -07:00
Dominik Richter
b72ba08c06 trip whitespace
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 20:37:58 -07:00
Dominik Richter
a48d032cec double-check if data is read from conf apache/postgres/mysql
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 20:35:18 -07:00
Dominik Richter
df8be769af skip apache conf if file doesn't exist
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 20:28:32 -07:00
Dominik Richter
9621b1c9e9 skip postgres+mysql conf if file doesn't exist
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 20:27:34 -07:00
Dominik Richter
93065b9dda use FindFiles for postgres conf
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 20:17:07 -07:00
Dominik Richter
c733a577da improvement: unify FindFiles
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 20:11:01 -07:00
Dominik Richter
e9ee17c176 bugfix: find included files on remote host
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 19:50:49 -07:00
Dominik Richter
178ca83a4b specify inetd_conf path
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 19:34:24 -07:00
Dominik Richter
07edef95ad flatten users of groups
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 18:56:14 -07:00
Dominik Richter
3682a8279d make sure to get conditions as symbols
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 18:49:05 -07:00
Dominik Richter
e0b0b52af3 feature: etc_group with where-function overhaul
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 18:42:05 -07:00
Dominik Richter
53112f4156 move resource methods to respective library files
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 17:40:08 -07:00
Dominik Richter
42c3f95b41 move local parseconfig resources to library file
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 17:25:27 -07:00
Dominik Richter
6faf07aa7d rename parse_config back to parse_config_file
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-02 17:24:15 -07:00
Dominik Richter
1344fba629 configurable limits_conf path
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-01 09:52:55 +02:00
Dominik Richter
70a6130335 move ssh_config + sshd_config with paths to the resource file
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-01 09:43:38 +02:00
Dominik Richter
cc28749adf configurable paths for postgres + mysql confs
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-01 09:38:52 +02:00
Dominik Richter
700e2bab26 feature: add mysql resource
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-01 09:31:57 +02:00
Dominik Richter
7e9c8fe289 bugfix: get comment_char for simple_config
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-01 09:23:52 +02:00
Dominik Richter
f2fed3fa6d api: change default of multiple_values true -> false in SimpleConfig
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-01 09:23:02 +02:00
Dominik Richter
9bf968838c rename conf_ssh -> ssh_config
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-01 09:22:25 +02:00
Dominik Richter
0c5a28431d feature: postgres information based on OS
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-08-01 09:21:32 +02:00
Dominik Richter
f51e89d3b1 shorten mysql and postgres session resources
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-07-30 18:28:57 +02:00
Christoph Hartmann
378a98797e rename config_file resource 2015-07-27 23:26:10 +02:00
Christoph Hartmann
44f5ecef77 add apache config parser 2015-07-27 23:26:10 +02:00
Dominik Richter
252a88c24f improvement: warn on minor missing entries, error on major ones
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-07-27 17:31:17 +02:00
Christoph Hartmann
bd6a294ac5 bugfix: add toString method for resources 2015-07-26 22:45:44 +02:00
Christoph Hartmann
345d7fb5cb improvement: parse config can be configured 2015-07-26 22:45:18 +02:00
Christoph Hartmann
d926a67596 feature: resource for ntp configuration 2015-07-26 22:44:33 +02:00
Christoph Hartmann
24e9210160 feature: resources for audit daemon 2015-07-26 22:44:01 +02:00
Christoph Hartmann
34b8ab5f2a refactor audit policy 2015-07-26 22:43:24 +02:00
Christoph Hartmann
32c4575642 add inetd resource 2015-07-26 12:53:29 +02:00
Christoph Hartmann
17476fd634 add limits.conf resource 2015-07-26 12:30:46 +02:00
Christoph Hartmann
8e16decccd refactor types 2015-07-26 12:30:12 +02:00
Dominik Richter
35d3ee6b19 bugfix: ensure pseudo pty on remote
This first came up when scanning a RHEL6 EC2 box. Serverspec throws this error when the channel doesn't support a stdin.

Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-07-21 12:59:52 +02:00
Christoph Hartmann
5d4e44872c remove puts 2015-07-16 01:51:26 +02:00
Christoph Hartmann
fe7758a9a6 remove puts 2015-07-16 01:48:09 +02:00
Christoph Hartmann
fd4bb5f467 bugfix: fix id 2015-07-16 01:40:37 +02:00
Christoph Hartmann
0268d44052 add types 2015-07-16 01:09:54 +02:00
Christoph Hartmann
db8ff02313 add logindef and parse_config type 2015-07-15 16:33:39 +02:00
Christoph Hartmann
4809c33f93 add duplicate check matcher for arrays 2015-07-15 15:16:28 +02:00
Christoph Hartmann
018601480d add etc_group implementation 2015-07-15 15:16:10 +02:00
Christoph Hartmann
dc94f2c2b5 add description for passwd file format 2015-07-15 15:15:53 +02:00
Christoph Hartmann
37f0ea7d6a update copyright header 2015-07-15 15:15:18 +02:00
Christoph Hartmann
6ab07121de add line feed 2015-07-15 00:50:42 +02:00
Christoph Hartmann
f9867b4c8d add helper matcher 2015-07-15 00:50:34 +02:00
Christoph Hartmann
dbbad50c09 add passwd extraction of passwords 2015-07-15 00:50:19 +02:00
Christoph Hartmann
8c17ab29a5 add passwd support 2015-07-15 00:47:17 +02:00
Christoph Hartmann
4ff1687f6e add env support 2015-07-15 00:47:04 +02:00
Christoph Hartmann
d7d79d3d5b bugfix: remove winrm timeout 2015-06-28 10:09:04 +02:00
Christoph Hartmann
a25925057e bugfix: remove debug output 2015-06-28 00:07:02 +02:00
Christoph Hartmann
1e80a197c4 feature: switch winrm port based on protocol 2015-06-27 23:03:43 +02:00
Christoph Hartmann
5714395232 feature: add ssl support for winrm 2015-06-27 21:30:21 +02:00
Christoph Hartmann
f165e51e1f return nil, if we haven't received a value 2015-06-27 21:29:57 +02:00
Dominik Richter
8dd5ad2979 bugfix: prevent entries in known hosts files
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-27 15:49:54 +02:00
Dominik Richter
2e827fd699 bugfix: prevent any auth-method that is not configured + prevent interactive password login
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-27 15:47:45 +02:00
Dominik Richter
34bc6a387c feature: add configurable profile_id field
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-25 17:45:46 +02:00
Dominik Richter
3440f6f69e bugfix scope
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 18:21:09 +02:00
Dominik Richter
8d0976a4cc bugfix: scoping for ubuntu's ruby version
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 17:57:07 +02:00
Dominik Richter
e832a1f2c8 bugfix: typo
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 17:27:05 +02:00
Dominik Richter
6b8cd1078a bugfix: mysql dynamic describe
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 16:33:22 +02:00
Dominik Richter
b3495e9fc5 bugfix: mysql resouce skipping and checking
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 16:18:40 +02:00
Dominik Richter
40ed9799b7 feature: mysql config resource updated
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 15:51:44 +02:00
Dominik Richter
232de91d9a feature: mysql resource with debian login + skipping policy
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 15:24:35 +02:00
Dominik Richter
ff0020ac73 bugfix: enforce utf-8 encoding
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-22 08:56:13 +02:00
Dominik Richter
1b9997b204 bugfix: work around embedded only_if conditionals
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 22:52:40 +02:00
Dominik Richter
8294641b1e bugfix: allow json/check methods to run despite only_if in profile
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 22:36:38 +02:00
Dominik Richter
cb3e067a1f feature: helper method to check if a default command exists
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 18:19:04 +02:00
Dominik Richter
5d5b945933 feature: only_if for profiles added
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 18:07:35 +02:00
Dominik Richter
cceefa54cf add base resource
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 17:06:04 +02:00
Dominik Richter
7a721dba7e feature: skip ssh config if file isn't readable/found
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 16:33:08 +02:00
Dominik Richter
8026915ce5 feature: support skipping rules via resources
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 16:32:42 +02:00
Dominik Richter
e0e7fb8996 bugfix: indicate that file resource is really working with paths
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 11:23:30 +02:00
Dominik Richter
9e79b49f43 improvement: file permission matchers add full description 2015-06-21 11:06:39 +02:00
Dominik Richter
b942a1a103 bugfix: run without profile ID defined
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-21 10:28:13 +02:00
Dominik Richter
1abfdae264 bugfix: use fully qualified profile IDs
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-20 02:21:08 +02:00
Dominik Richter
1d6a0decad make json-builder work again with new rule-tree 2015-06-20 01:41:48 +02:00
Dominik Richter
83dc0a6425 make check work again with new rule-tree
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-20 01:36:59 +02:00
Dominik Richter
5e83779fb4 api: separate name from title in metadata
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-20 01:04:05 +02:00
Dominik Richter
ef4471d20b feature: allow to skip rules
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-20 00:20:44 +02:00
Dominik Richter
2e1106b933 feature: add rule hierarchy with include and require rules
include_rules 'vulcanosec/ssh'

this will include all rules defined in vulcanosec/ssh

    require_rules 'vulcanosec/linux'

this will not include any rules yet, but you may choose what you want to pull in.

both have a block attached which will allow you to choose rules (for require_rules) and redefined/change existing rules as you like. small example:

    require_rules 'vulcanosec/linux' do
      rule fs-3 do
        impact 1.0
      end
    end

Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-20 00:00:53 +02:00
Dominik Richter
a6748e2418 load rules from a spec file into a profile context 2015-06-19 22:23:07 +02:00
Dominik Richter
7649d1459c simplify global vs embedded rule handling
i.e. one executes directly, the other just registers. this change makes such a distinction much easier

Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-19 21:52:57 +02:00
Dominik Richter
da71e1e826 move DSL helper methods out of local DSL space
to avoid potential collissions

Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-19 21:43:04 +02:00
Dominik Richter
8181ee038e move rule execution and ID-fixing out
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-19 21:17:56 +02:00
Dominik Richter
f64f15ee6b make syntax binding to scope programmable
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-19 20:11:26 +02:00
Dominik Richter
2c912d2fbe initialize vulcano module + version first
Signed-off-by: Dominik Richter <dominik@vulcanosec.com>
2015-06-19 18:45:38 +02:00
Dominik Richter
e689afb4b8 improvement: split vulcano core library from verification 2015-06-19 16:45:36 +02:00
Dominik Richter
aebed6cb55 bugfix: only call rule blocks if they are given
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-19 16:32:11 +02:00
Dominik Richter
6f4a1fc092 move log out of bin/vulcano; it's not used there
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-19 15:06:44 +02:00
Dominik Richter
1b36802589 feature: include other rules
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-18 17:32:40 +02:00
Dominik Richter
243c7b9892 feature: sudo configuration
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-17 10:49:25 +02:00
Dominik Richter
1a05865d6e feature: print number of rules checked
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-16 23:33:27 +02:00
Dominik Richter
1247dd7bc7 api: change check -> rule
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-16 23:30:08 +02:00
Dominik Richter
e86cd978eb bugfix: create check structure with meta-info
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-12 12:32:10 +02:00
Dominik Richter
9f02a88e54 improvement: separate checking information from processing
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:53:25 +02:00
Dominik Richter
3013bdcc46 feature: add pry for development consoles
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:40:16 +02:00
Dominik Richter
c329b6743a bugfix: add resources to rules
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:37:51 +02:00
Dominik Richter
0c0be4b09e bugfix: don't evaluate nil impact
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:36:30 +02:00
Dominik Richter
b5fb4c46c0 improvement: print file which has error
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:26:29 +02:00
Dominik Richter
fb9d09af49 bugfix: gsub on empty desciption
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:23:36 +02:00
Dominik Richter
beee62fabd improvement: separate specfile sanitize vs check
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:21:03 +02:00
Dominik Richter
1833ff9aa0 bugfix: call lambda correctly
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:16:05 +02:00
Dominik Richter
5ba7fb0386 bugfix: recognize empty title as title==id
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:15:26 +02:00
Dominik Richter
4ab30252fb feature: vulcano check
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-10 17:03:12 +02:00
Dominik Richter
08035d7b61 bugfix: don't let dummy resources overwrite library files
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-07 23:05:00 +02:00
Dominik Richter
7a022f9c0a change json syntax to: map[string]check
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-07 22:24:53 +02:00
Dominik Richter
e9d642fc61 feature: replace vcheck
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-07 21:41:54 +02:00
Dominik Richter
44d1f88dda add version
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-07 19:49:55 +02:00
Dominik Richter
f56618f364 bugfix: cascade IDs to child describe-blocks (from :its)
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-07 19:20:16 +02:00
Dominik Richter
64d90c326f feature: add rules with IDs
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-06-07 17:09:02 +02:00
Dominik Richter
483c12edc7 feature: run specs on different port
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-05-14 18:30:50 +02:00
Dominik Richter
14eebb88e0 capitalize ssh conf name
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-05-14 18:30:38 +02:00
Dominik Richter
18277ddfad bugfix: postgres connection error detection fixed
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-05-14 18:29:55 +02:00
Dominik Richter
21d604820a feature: add windows resources
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-04-17 15:37:17 +02:00
Dominik Richter
e87af25d07 bugfix: ssh is simpleconf w/o multiassignemnt
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-04-17 15:36:55 +02:00
Dominik Richter
6875d373e8 feature: winrm specs
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-04-17 15:36:34 +02:00
Dominik Richter
c1522ed98c feature: multi-assignments for simpleconfig
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-04-17 15:36:18 +02:00
Dominik Richter
985552731a import resources
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-04-09 22:01:23 +02:00