* Adds alias for 'ListDirectory' permission
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Works with Ruby array of permissions as long as possible
Converts to PowerShell array just before use.
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Abstracts user-provided permissions to router method
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Adds FullControl as a specifiable permission
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Adds specific permission 'modify'
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Fixes#1743
Limits Windows' broad "read" permission to if it can read all of the
above, instead of just the first:
- File contents
- File attributes
- File extended attributes
- File permissions
This better aligns with how Windows names the permissions.
'read' -> Read instead of 'read' -> ReadData
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* 'Execute' Windows ACL has alias of 'Traverse'
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Adds 'Delete' permission
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Adds `should allow('perm').by_user('me')` matcher
Provides hooks for later use with Windows ACL matching
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Adds remaining Windows ACL hooks
Skips ReadAndExecute on intentionally since it just aliases the combo of
2 permissions into one new one.
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* [Rubocop] Reduces ABC / Cyclomatic complexity
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Reduces global scope with `allows()` -> `be_allowed()`
RSpec inferred matchers work nicely here. This changes the `by_user()`
and `by()` chained matchers to just be an options hash on the underlying
`allowed?()` method.
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Fixes integration tests with rename `allows()` -> `be_allowed()`
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
Introduces a new `inspec habitat profile setup` command
which will set up an existing profile repository with all
the files necessary to build a Habitat package. This will
prime a repository to be used by the Habitat Builder service.
Signed-off-by: Adam Leff <adam@leff.co>
* Fix `only_if` behavior when used outside controls
This renames `@skip_profile` to `@skip_file` and modifies the scope of
`only_if` (used outside of a control) to only apply to the control file
that contains it instead of the entire profile.
This does this by exposing `@skip_file` from the control context so that
it can be set back to `false` between loading control files in the
profile context.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Modify `get_checks` to accept a rule index
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Modify `only_if` to work regardless of location
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Disable Cyclomatic/Perceived Complexity in Rubocop
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Add comment for `skip_file` in `load_control_file`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Remove a broken link.
Signed-off-by: Nathen Harvey <nharvey@chef.io>
* It is now 2017
While the content in this file was actually written in 2015, this
example is meant to be overwritten and is generated by the user in the
current year.
Signed-off-by: Nathen Harvey <nharvey@chef.io>
* Terraform now requires init to fetch providers
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Rename env terraform command to workspace
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Pin Terraform version to reflect CLI updates
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
The `aws-sdk` will raise an error mentioning `ENV['AWS_REGION']` if you
omit `ENV['AWS_DEFAULT_REGION']`. This adds support for either via `||`.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Support PAX-formatted tar files, standardize file lists
When a tar file is generated in PAX format, the files have an additional
relative path prefix added to them. For example, instead of:
inspec.yml
... the file is listed as:
./inspec.yml
And the source reader plugin looks only for a "inspec.yml" file to
determine the profile format.
This change addresses this issue by normalizing the file paths in the
TarReader and accounting for the additional "./" prefix that may exist
whenever the tar file is walked looking for a file to read its content.
Signed-off-by: Adam Leff <adam@leff.co>
* Remove pax from unit test, will move to functional
Signed-off-by: Adam Leff <adam@leff.co>
* Add function test for the pax header tar file
Signed-off-by: Adam Leff <adam@leff.co>
* Uses netstat to detect open ports on AIX
Signed-off-by: Keith Walters <keith.walters@cattywamp.us>
* Adds unit tests for AIX port resource
Signed-off-by: Keith Walters <keith.walters@cattywamp.us>
* Updated so that the credentials file is only interogated if it exists
Fixes#39
Signed-off-by: Russell Seymour <russell.seymour@turtlesystems.co.uk>
* Made change to set credentials to nil as requested
Signed-off-by: Russell Seymour <russell.seymour@turtlesystems.co.uk>
Some object methods have been deprecated in v0.11.0 of the arm sdks.
This commit fixes the get_resources method by using the new resources
object instance method. We are also updating the Gemfile accordingly.
Signed-off-by: sanabriad <sanabria.d@gmail.com>
The resource is `aws_ec2`, not `ec2`
Instance IDs must be passed to the `aws_ec2` resource, not machine names
Signed-off-by: Nathen Harvey <nharvey@chef.io>
* Enhance cmp matcher to work with symbols
The `cmp` matcher will now stringify symbol actual values if the
expected value was passed in as a string. This will help with the file
resource `type` method where Train returns the file type as a symbol.
Signed-off-by: Adam Leff <adam@leff.co>
* Fix documentation for file type character_device
Signed-off-by: Adam Leff <adam@leff.co>
* Fix docs for block_device
Signed-off-by: Adam Leff <adam@leff.co>
* Fix file mtime docs
Signed-off-by: Adam Leff <adam@leff.co>
* Move raise condition for host into enabled method
This is related to #1205. This will fix the ssl resource for now until
we redo the exceptions. Still looking around the code and need to build
some unit tests for the ssl resource.
My fix here is to move the raise condition till later in the flow,
specifically the enabled? method. This lets the raise get caught
accordingly without killing the other tests.
Signed-off-by: Jared Quick <jquick@chef.io>
* Remove authors from ssl resource test
Signed-off-by: Jared Quick <jquick@chef.io>
When running `inspec exec` with multiple profiles, such as:
inspec exec profile1 profile2
... profile1 control calls to `inspec.profile.file` will incorrectly
try to pull files from profile2 because the RuntimeProfile object
is stored on the backend object, and we share the backend object.
This change ensures each profile has a unique backend object to ensure
the RuntimeProfile instance is not overwritten.
Signed-off-by: Adam Leff <adam@leff.co>
This change enhances the processes resource to support the busybox
ps command which is common on Alpine, for example. The way we
map ps fields to the structs needed by FilterTable have also been
refactored to be more flexible so we can support multiple formats
in the future.
Also, the processes resource now allows the grep argument to be optional
thus allowing a user to query all resources without passing in a
match-all regex.
Signed-off-by: Adam Leff <adam@leff.co>
