Commit graph

689 commits

Author SHA1 Message Date
Steven Danna
7e8f3f571e
Ensure simplecov starts before everything else
Before this change, simplecov was reporting

    1864 / 5198 LOC (35.86%) covered

After this change it is reporting

    4131 / 5275 LOC (78.31%) covered.

Keeping the require at the top of the file ensure that simplecov is
loaded before any of our application code.
2016-09-08 21:32:15 +01:00
Christoph Hartmann
1bd55f8cc4 allow direct access to iis configuration parameters 2016-09-07 11:19:34 +02:00
Steven Danna
74e712854e Pass attributes from command line into profile context
We broke attributes with the dependency work. Minimally fix them. TODO:
Maximally fix them.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-07 10:29:47 +02:00
Christoph Hartmann
0a34ffef5a always display error message 2016-09-05 17:23:14 +02:00
Christoph Hartmann
73f93c2756 fix powershell based unit tests 2016-09-05 13:36:48 +02:00
Christoph Hartmann
c3c648eeb9 fix integration tests for usage with winrm v2 2016-09-05 13:36:48 +02:00
Christoph Hartmann
3ddcb4c418 fix integration tests for suse 11 2016-09-05 11:22:52 +02:00
Christoph Hartmann
3346d7e1a9 support /etc/init.d directory for run level configuration 2016-09-05 11:08:21 +02:00
Steven Danna
9bb65bd60c Use per-profile execution contexts for library loading
Previously, libraries were loaded by instance_eval'ing them against
the same execution context used for control files.  All resources were
registered against a single global registry when the `name` dsl method
was invoked.  To obtain seperation of resources, we would mutate the
instance variable holding the globale registry and then change it back
at the end.

Now, we instance_eval library files inside an anonymous class.  This
class has its own version of `Inspec.resource` that returns another
class with the resource DSL method and the profile-specific resource
registry.
2016-09-04 20:55:20 +02:00
Steven Danna
5fdf659df1 Load all dependent libraries, even if include_context isn't called
The goal of these changes is to ensure that the libraries from
dependencies are loaded even if their controls are never included.  To
facilitate this, we break up the loading into seperate steps, and move
the loading code into the Profile which has acceess to the dependency
information.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-04 20:55:20 +02:00
Steven Danna
384ccb610c Initial attempt at isolating resources between dependencies
Previously, all resources were loaded into a single resource registry.
Now, each profile context has a resource registry, when a profile's
library is loaded into the profile context, we update the
profile-context-specific resource registry.  This local registry is
then used to populate the execution context that the rules are
evaluated in.

Signed-off-by: Steven Danna <steve@chef.io>
2016-09-04 20:55:20 +02:00
Christoph Hartmann
a116406b4e Merge pull request #1014 from jeremymv2/fix_apache_conf
Fix apache conf
2016-09-04 20:18:16 +02:00
Victoria Jeffrey
0667c334e9 fix inherited profile cli report for realz this time 2016-09-04 18:28:01 +02:00
Victoria Jeffrey
99ce09c4ac fix inherited profile cli report 2016-09-04 18:28:01 +02:00
Jeremy J. Miller
d5b2e4bf53 removed testing artifact 2016-09-02 22:04:06 -04:00
Jeremy J. Miller
03cb244e84 removed superflous Listen 80 2016-09-02 22:02:47 -04:00
Jeremy J. Miller
c0d105671e better description for tests 2016-09-02 22:00:12 -04:00
Jeremy J. Miller
1b92d15d8f added unit tests 2016-09-02 21:55:28 -04:00
Victoria Jeffrey
5d5aa6354d fix and add test 2016-09-01 20:39:52 -04:00
Martin Hegarty
ffee9bd2fc Fix failing unit test 2016-08-31 16:56:23 +01:00
Alex Pop
fd676ceb5c promote cmp usage as it provides results with octal mode 2016-08-30 18:23:47 +01:00
Jeremy J. Miller
3822b8ea3a one more test for good measure 2016-08-29 19:50:03 -04:00
Jeremy J. Miller
0d817017bb changed regex for integer to allow 0 2016-08-29 19:39:39 -04:00
Jeremy J. Miller
53dbaa9c3e add test 2016-08-29 15:57:46 -04:00
Steven Danna
3a6e610de9 Allow functional tests to pass on OSX
A few minor issues were causing 3 functional test failures on OS X.
These were not program errors but where rather the result of the
profiles under test assuming a linux environment.

Since many of the developers who will work on this project in the future
will be running OS X, let's ensure they can run the functional tests
easily.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-26 15:25:59 +02:00
Victoria Jeffrey
d6ee153aaa print controls, then tests. print describe block header then each test 2016-08-26 10:12:56 +02:00
Christoph Hartmann
efb2e08a16 add tests for users with sid on windows 2016-08-26 09:40:24 +02:00
Christoph Hartmann
64a5a4d082 switch from os-hardening to ssh-hardening profile 2016-08-25 14:42:55 +02:00
Steven Danna
6034ece853 Initial control isolation support
The goal of this change is to provide an isolated view of the available
profiles when the user calls the include_controls or require_controls
APIs.  Namely,

- A profile should only be able to reference profiles that are part of
  its transitive dependency tree. That is, if the dependency tree for a
  profile looks like the following:

  A
  |- B --> C
  |
  |- D --> E

  Then profile B should only be able to see profile C and fail if it
  tries to reference A, D, or E.

- The same profile should be include-able at different versions from
  different parts of the tree without conflict.  That is, if the
  dependency tree for a profile looks like the following:

  A
  |- B --> C@1.0
  |
  |- D --> C@2.0

  Then profile B should see the 1.0 version of C and profile D should
  see the 2.0 profile C with respect to the included controls.

To achieve these goals we:

- Ensure that we construct ProfileContext objects with respect to the
  correct dependencies in Inspec::DSL.

- Provide a method of accessing all transitively defined rules on a
  ProfileContext without pushing all of the rules onto the same global
  namespace.

This does not yet handle attributes or libraries.
2016-08-25 14:42:55 +02:00
Christoph Hartmann
1300900693 add unit test for local fetcher with windows path support 2016-08-24 16:23:27 +02:00
Annie Hedgpeth
fe5c7c49a4 Attempt at a bug fix to read backslashes as forward slashes in local fetcher 2016-08-24 15:11:20 +02:00
Christoph Hartmann
1989c25b2a add integration test for package resource 2016-08-24 14:40:26 +02:00
Christoph Hartmann
956d3b7292 add unit test for new package resource 2016-08-24 14:40:26 +02:00
Anirudh Gupta
4041f1898e can check windows service startup mode now 2016-08-24 02:01:10 +05:30
Kartik Null Cating-Subramanian
3415359ea2 Merge pull request #961 from chef/ssd/deps-resolver-replace
WIP: Replace Molinillo-based resolver
2016-08-23 10:52:41 -04:00
Christoph Hartmann
a381e406c4 add integration tests for file permissions on windows 2016-08-23 16:03:58 +02:00
Steven Danna
366e65b198
Add the start of tests for the Resolver class
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-23 14:50:12 +01:00
Kartik Null Cating-Subramanian
039c760545 Fixup behavior and add functional tests 2016-08-23 03:07:23 +02:00
Kartik Null Cating-Subramanian
33ae22d313 Support controls and describe blocks in InSpec shell 2016-08-19 19:07:23 +02:00
Christoph Hartmann
f72fddb114 fix functional test for compliance plugin 2016-08-19 17:16:19 +02:00
Christoph Hartmann
95029203cd unique controls for dependency tests 2016-08-19 09:47:41 +02:00
Steven Danna
d779dd53ae Move all dependency related classes into inspec/dependencies
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-19 09:47:40 +02:00
Steven Danna
2041a08aa2 Fetch deps based on urls
This extends the dependency feature to include support for url-based
dependencies.  It takes some deviations from the current support for
URLs that we'll likely want to make more consistent.

By default, we store downloaded archives in the cache rather than the
unpacked archive. However, to facilitate debugging, we will prefer the
unpacked archive if we find it in the cache.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-19 09:47:40 +02:00
Steven Danna
34ae3122e9 Fix recursive deps for path-based deps
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-18 16:02:16 +02:00
Christoph Hartmann
1d8f8bb3e3 restructure unit tests 2016-08-18 13:47:43 +02:00
Chris Evett
3df98b7a19 add iis_site tests and refactor post code review 2016-08-17 06:57:48 -04:00
Christoph Hartmann
c23263f3d0 handle xinetd config with only one entry 2016-08-16 17:23:22 +02:00
Steven Danna
b5cd64d16a Ignore comment lines in /etc/passwd
Most passwd/shadow implementations treat lines that start with '#' as
comments. For example, the implementation in OS X:

     if (buf[0] == '#') {
          /* skip comments for Rhapsody. */
          continue;
     }

https://opensource.apple.com/source/remote_cmds/remote_cmds-41/rpc_yppasswdd.tproj/passwd.c

Fixes #725

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-16 10:54:52 +02:00
Victoria Jeffrey
6f198f539b cleanup 2016-08-16 10:01:10 +02:00
Victoria Jeffrey
cf771ab967 ssh_config parse should be case insensitive 2016-08-16 10:01:10 +02:00
Dominik Richter
5f1d83f196 Merge pull request #912 from chef/ap/port-win-process
Windows ports with pid and process name
2016-08-12 20:59:28 +02:00
Alex Pop
353dcf10ec make netstat default for getting ports and get only listening ones 2016-08-12 16:02:56 +01:00
Christoph Hartmann
97a9e67181 update messages for integration tests 2016-08-12 14:51:23 +02:00
Christoph Hartmann
57bdd3464c add feature to fetch children from registry key 2016-08-12 14:51:23 +02:00
Christoph Hartmann
571bc14742 support hash params as options for registry key 2016-08-12 14:51:23 +02:00
Steven Danna
9957138909
Fix inheritance tests to account for dependency spike
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-11 16:41:09 +01:00
Christoph Hartmann
92d3702043 add integration test for windows file and directory 2016-08-10 21:41:32 +02:00
Steven Danna
9346f5dd34
travis experiment: lower docker concurrency
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-10 12:52:21 +01:00
Steven Danna
afddebaf3f
Add inspec env command to configure shell tab-completion
This adds a new subcommand:

   inspec env [SHELL]

which outputs a shell-appropriate completion script that the user can
source into their shell:

   eval "$(inspec env SHELL)"

Currently, we provide completions for ZSH and Bash. The completion
scripts are generated from the data Thor collects.

If the user doesn't provide SHELL we attempt to detect what the user's
shell may be using a number of methods.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-10 02:07:53 +01:00
Dominik Richter
16bd6a14d5 revert control_summary field in output
(1) The field is not yet optimal, the calculations are great!
(2) Changing this field should go together with all other breaking json changes, especially if https://github.com/chef/inspec/pull/811 results in a change.
2016-08-08 11:54:27 +02:00
Kartik Null Cating-Subramanian
470b7bb7d2 Merge pull request #860 from chef/vj/inspec-controls-count
Count controls in the summary output. Fix #852
2016-08-05 13:47:45 -04:00
Kartik Null Cating-Subramanian
8094add5b3 Test summary JSON schema 2016-08-05 13:27:30 -04:00
Steven Danna
dea19846a3
Explicitly require docker transport to avoid autoload bug
Ruby's autoload feature is not threadsafe.  We are hoping requiring the
docker plugin early will fix odd failures we have been seeing.

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-05 17:58:20 +01:00
Kartik Null Cating-Subramanian
0f572df4be Fix integration test 2016-08-05 10:01:29 -04:00
Steven Danna
13ebea48e1 Allow port to be specified as a string
This allows the user to write:

   describe port(22) do
     it { should be_listening }
   end

as well as

   describe port('22') do
     it { should be_listening }
   end

without hitting an error.

Fixes #867

Signed-off-by: Steven Danna <steve@chef.io>
2016-08-05 14:01:08 +02:00
Christoph Hartmann
d9a1a500d0 add params and content method to parse_config 2016-08-05 12:13:56 +02:00
Christoph Hartmann
93a068b8fa update kitchen container, activate all in travis 2016-08-05 10:52:03 +02:00
Christoph Hartmann
1c9d998afd do not run runit and upstart in docker since chef run fails 2016-08-05 10:52:03 +02:00
Christoph Hartmann
bb5fb617d5 harmonize cookbooks for integration tests, update docs, remove i386 in vagrant 2016-08-05 10:52:03 +02:00
Steven Danna
57d7275857
Update inspec for os[:family] change in Train
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-04 13:32:35 +01:00
Steven Danna
f76bc6b7b4
Be a bit louder when skipping an entire integration suite 2016-08-03 16:41:27 +01:00
Steven Danna
f30902211c Use either /dev/kcore or /dev/core in tests
In many linux distributions a link to /proc/kcore is placed at
`/dev/core`. In TravisCI we see it at `/dev/kcore`. To avoid tests
failing for some developers locally, we support either location.
2016-08-02 14:14:49 +02:00
Dominik Richter
70dd639471 move base_cli to lib/inspec
It is not a disconnected library, but a core component of inspec. Fix its location.
2016-07-26 20:11:25 +02:00
Dominik Richter
c2f34932ad add port resource for windows 2008
using `netstat -an`
2016-07-21 14:58:43 +02:00
Dominik Richter
68cf88f701 add suid sgid and sticky support for file resource 2016-07-10 23:08:42 +02:00
Dominik Richter
c6644ebdfe check service running by ActiveState
See http://unix.stackexchange.com/questions/159174/differences-between-inactive-vs-disabled-and-active-vs-enabled-services
2016-07-06 12:57:04 +02:00
Dominik Richter
5da73db6a3 api: report source location with field identifiers
Mixing types in an array without specifying what these fields point to is not just confusing, but also causes issues with endpoints that may consume this data and dont process mixed types. We strive to have a stable api for 1.0 and this is a sin that was left after the major overhaul. Time to fix it.
2016-06-28 12:03:20 +02:00
Christoph Hartmann
9bdb01f1d5 improve wmi resource 2016-06-19 23:40:45 +02:00
Christoph Hartmann
f87f25fb07 add boolean support for cmp matcher 2016-06-18 20:33:08 +02:00
Dominik Richter
8660d5d81c feedback round with @chris-rock 2016-06-16 20:37:51 +02:00
Dominik Richter
211a2e25fb align inspec detect output 2016-06-16 13:00:09 +02:00
Dominik Richter
e3b20e88b7 provide target info in cli output 2016-06-16 12:26:46 +02:00
Dominik Richter
c34fd350cf multi-profile reporting in cli formatter 2016-06-16 00:08:50 +02:00
Dominik Richter
4fbdee84cf use utf-8 characters for default cli formatter
see https://github.com/chef/inspec/issues/532
2016-06-15 19:27:56 +02:00
Stephan Renatus
0a00d21113 integer?("0300") should not be true 2016-06-15 18:34:42 +02:00
Dominik Richter
f93084520f introduce cli report formatter 2016-06-15 17:11:29 +02:00
Christoph Hartmann
f1faf47112 introduce secrets backend 2016-06-14 02:49:47 +02:00
Dominik Richter
2db8d83d56 support intra-libraries file referencing + loading
solves https://github.com/chef/inspec/issues/779
2016-06-03 22:54:35 +02:00
Dominik Richter
302a718b48 list arbitrary ports and query it
utilizing filter table to make port more flexible and useful.
2016-05-31 03:14:07 +02:00
Dominik Richter
02dae2c3c5 add simple style for filter table data
for quick flattening, filtering, and non-nil results. this also simplifies some interal calls and structure
2016-05-31 03:01:03 +02:00
Christoph Hartmann
e9ca7107b0 add tests for os resource 2016-05-31 00:01:26 +02:00
Dominik Richter
d6345ffd17 add resource to filter table blocks
i.e. get access to the original resource for more information and calls.
2016-05-30 23:31:14 +02:00
Christoph Hartmann
ba95e461d3 run integration tests in docker 2016-05-16 18:25:17 +02:00
Anirudh Gupta
4a9d9a4757 fixed 'it' statements under file_test 2016-05-16 19:24:14 +05:30
Dominik Richter
67f7a5936c catch corner-case with symbols on test-objects 2016-05-13 20:39:17 +02:00
Dominik Richter
603e3e21b3 fix construction of ruby objects on string and array handlers 2016-05-13 19:07:43 +02:00
Dominik Richter
dde4433933 use struct for processes list
we know all the fields + struct is fully compatible to the curren hash implementation
2016-05-13 11:22:56 +02:00
Christoph Hartmann
1f470971d2 Revert "Add all_match to matchers"
This reverts commit 29cf4522e4.
2016-05-11 23:47:24 +02:00
Christoph Hartmann
48d8694789 Revert "fix contain_match, add none_match"
This reverts commit 54b397f3a5.
2016-05-11 23:47:24 +02:00
Christoph Hartmann
5939e5b2f9 Merge pull request #739 from chef/ap/port-not-nil
Return empty array instead of nil for port methods
2016-05-11 23:32:43 +02:00
Alex Pop
2a9d9b5481 return empty array instead of nil to be .each friendly 2016-05-11 22:21:22 +01:00
Christoph Hartmann
03b1ecfac5 Merge pull request #735 from tpcwang/escape-windows-osenv
Escape os_env command on Windows to handle env variables containing parentheses.
2016-05-11 23:09:34 +02:00
Alex Pop
54b397f3a5 fix contain_match, add none_match
update matchers doc and add more integration tests
allow non-string data types and non-arrays
2016-05-11 12:47:36 +01:00
tpcwang
c8d2991589 Escape os_env command on Windows to handle env variables containing parentheses.
Update the mock file to match the new command
2016-05-11 01:09:06 -07:00
Christoph Hartmann
9fd9f8aa69 Merge pull request #733 from chef/vj/add-label-for-processes
Expose label for processes only on linux
2016-05-10 22:39:02 +02:00
Victoria Jeffrey
1811eb6666 Expose label for processes only on linux 2016-05-10 13:59:13 -04:00
Victoria Jeffrey
29cf4522e4 Add all_match to matchers 2016-05-10 10:00:55 -04:00
Alex Pop
9ded3b8835 Provide service params as a mash, empty unless systemd for now 2016-05-09 14:54:09 +02:00
Christoph Hartmann
d2a8ba0022 add human-readable output for detect, as well as a --format json 2016-05-09 13:24:49 +02:00
Dominik Richter
5d925b2851 api: make processes return integers for pid/vsz/rss 2016-05-06 16:49:21 +02:00
Christoph Hartmann
6e905c8162 update functional tests 2016-05-06 13:47:22 +02:00
Alex Pop
c518b9edc2 expose systemd service properties via .info 2016-05-06 13:36:42 +02:00
Christoph Hartmann
8258d111ef rename json to minijson and fulljson to json 2016-05-06 13:27:42 +02:00
Dominik Richter
b14495051a prevent duplicate profile-loading
this happens when the profile is run (exec) and also interpreted (via profile.params). It will load 2 profile context calls (both via Runner) which in turn gets 2 rounds of interpreter+runner executions. This is an issue with auto-generated IDs, due to their random component, which changes in this case
2016-05-06 13:14:40 +02:00
Dominik Richter
20d08a63b5 inspec --format [json|fulljson|rspecjson] overhaul
Full rewrite of all formatters. Create a minimal JSON, a full JSON, and a fallback RSpec formatter. The latter is only needed for corner cases and should not really be used. The former 2 are for (1) running `inspec json` followed by `inspec exec` (`--format json`) and (2) running just `inspec exec --format fulljson`.
2016-05-06 13:14:40 +02:00
Dominik Richter
a809097d12 simplify full_id generation 2016-05-06 13:14:40 +02:00
Dominik Richter
fc718267c4 extend filter table to handle soft variable lookup 2016-05-04 15:27:58 +02:00
Dominik Richter
fb91b788a6 use filtertable with passwd resource 2016-05-04 15:27:58 +02:00
Alex Pop
f78afe0d75 Use only strings in resource examples, docs and tests 2016-05-03 23:27:18 +01:00
Anirudh Gupta
738ef69bcf prefixed hpux to cmd file name 2016-05-03 21:38:39 +05:30
Anirudh Gupta
d839f218bf hpux support for basic port properties 2016-05-03 14:30:59 +05:30
Alex Pop
56d856531b support basename parameter and add tests 2016-04-29 13:40:32 -04:00
Dominik Richter
83b4dfbf4d use the source_path instead of path for file internal reporting 2016-04-28 20:11:21 -04:00
Dominik Richter
0c8e891ee1 add #entries to filter table + remodel configuration 2016-04-28 22:46:39 +02:00
Dominik Richter
048a1584b9 encapsulated filters 2016-04-28 22:46:39 +02:00
Dominik Richter
652f10ad9a use Inspec::Filter in xinetd resource 2016-04-28 22:46:39 +02:00
Dominik Richter
01caf05020 add cmd for executing calls against the inspec api 2016-04-27 06:31:01 -07:00
Christoph Hartmann
ab9f5f9c1a Merge pull request #682 from Anirudh-Gupta/hpux
Hpux
2016-04-27 06:29:05 -07:00
Anirudh Gupta
045d8c6572 added file permission by user check for hp-ux 2016-04-26 15:08:01 +05:30
Anirudh Gupta
1330e09df5 added file permission by user check for hp-ux 2016-04-26 14:53:28 +05:30
Christoph Hartmann
2242790528 Merge pull request #678 from Anirudh-Gupta/hpux
added hpux user and package resource support
2016-04-25 07:22:19 -05:00
Dominik Richter
d0760662ce bugfix: restore pax_global_header fetcher filter
The original tests were deactivated. Reactivate and fix the implementation.

TODO: verify that this matches expectations
2016-04-24 02:38:22 -04:00
Dominik Richter
bc724c81ff fix legacy supports call
as reported by Jeremy Miller and Alex Pop
2016-04-22 11:15:57 -04:00
Anirudh Gupta
75534fdaa5 added hpux user and package resource support 2016-04-21 14:01:56 +05:30
Alex Pop
34a22a290e add more cmp matcher tests 2016-04-20 11:57:31 -04:00
Dominik Richter
9da23f9cbc remodel bash and shell wrappers 2016-04-18 11:48:42 -04:00
Dominik Richter
0631779412 configure command execution shells to sh/bash/zsh 2016-04-18 01:09:37 -04:00
Thomas Cate
0f8aff0b91 added default and per kernel checking 2016-04-17 10:46:35 -04:00
Thomas Cate
3051ead64d added tests for grub_conf resource 2016-04-17 10:46:29 -04:00
Dominik Richter
2a0ccbfd76 fail on unsupported os/platform 2016-04-17 00:04:37 -04:00
Dominik Richter
f54195408f simplify key symbolization in metadata 2016-04-16 18:47:59 -04:00
Dominik Richter
14995534cd skip profiles if the platform isnt supported 2016-04-16 15:34:23 -04:00
Dominik Richter
a1188b26ce add supports_runtime? to metadata 2016-04-16 15:25:59 -04:00
Dominik Richter
5d58fa267b feature: cmp < / > / <= / >= / == / != sth matcher 2016-04-15 19:19:15 -04:00
Christoph Hartmann
3007aef248 add function tests for compliance command 2016-04-13 16:55:14 -04:00
Jacob McCann
9dbf5354e5 Add 'static' value as enabled to systemd service enabled check 2016-04-13 14:44:28 -05:00
Dominik Richter
046e6ce501 bugfix: non-profile execution with json formatter 2016-04-11 11:17:26 -04:00
Dominik Richter
fb54c4ea24 api: inspec.yml supports now adds tests w/o running
Instead of just removing all tests because of OS support, supports now acts by adding all tests to the execution context, but doesnt actually execute them. Instead tests are set to skip before they get to the actual execution context
2016-04-06 11:28:52 +02:00
Dominik Richter
c55fb0b587 prevent only_ifs from getting overwritten 2016-04-06 10:46:36 +02:00
Dominik Richter
a72fee6623 add only_if for controls 2016-04-06 10:46:36 +02:00