Commit graph

2100 commits

Author SHA1 Message Date
Chef Expeditor
f0711066e7 Bump version to 1.33.15 by Chef Expeditor 2017-08-23 14:30:19 +00:00
Adam Leff
6029a4b43d Refine the profile/test summary output of the CLI formatter (#2094)
* Refine the profile/test summary output of the CLI formatter

* The "Profile Summary" is misleading as it's not a summary of profile
  success/failure but rather the controls within the profile(s). Altered
  the output to be clear. I still like calling it the "profile summary"
  but wanted to add clarity that the numbers are about the controls.

* Made the colorized output dynamic. The success/failure will only be
  green/red if there are controls/tests that fall into that category.
  That way we are not printing red failure text when there are no
  actual failures. Fixes #1752.

* Cleaned up some grammar issues. ("1 failure" vs "1 failures")

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-23 10:29:09 -04:00
Chef Expeditor
e9fecc027d Bump version to 1.33.14 by Chef Expeditor 2017-08-21 21:40:40 +00:00
Chef Expeditor
d8da929ffe Bump version to 1.33.13 by Chef Expeditor 2017-08-21 13:36:27 +00:00
Chef Expeditor
6e806110e0 Bump version to 1.33.12 by Chef Expeditor 2017-08-18 15:35:36 +00:00
Chef Expeditor
4c2d85674b Bump version to 1.33.11 by Chef Expeditor 2017-08-18 15:29:28 +00:00
Adam Leff
367d42fb3a Properly handle held packages on dpkg-flavored OS (#2087)
* check the proper field for dpkg installation state fixes #2006

Signed-off-by: Mathieu Sauve-Frankel <msf@kisoku.net>

* Properly handle held packages on dpkg-flavored OS

InSpec was looking at the wrong field in `dpkg -s` output to determine
whether a package was installed or not. An installed, held package was
incorrectly reported as uninstalled.

This adds the proper unit tests and also adds a `be_held` matcher.

Thanks to @kisoku for the initial work in #2007.

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-18 17:29:23 +02:00
Chef Expeditor
443f1bf106 Bump version to 1.33.10 by Chef Expeditor 2017-08-17 14:48:51 +00:00
Stephan Renatus
bd165471e8 [docker_container] fix repo property (#2083)
With last weeks tag fix, `ourorg/container` ended up having its `repo` reported as `container`.
With this it'll be `ourorg/container` again.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
2017-08-17 16:48:46 +02:00
Chef Expeditor
4ce6e91544 Bump version to 1.33.9 by Chef Expeditor 2017-08-17 14:08:59 +00:00
Chef Expeditor
b28cc5ab35 Bump version to 1.33.8 by Chef Expeditor 2017-08-15 19:39:12 +00:00
Christoph Hartmann
4a3511b6ce fix case where skip is called for os_env (#2078)
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-08-15 21:32:21 +02:00
Chef Expeditor
48e20dbd1a Bump version to 1.33.7 by Chef Expeditor 2017-08-15 18:43:03 +00:00
Chef Expeditor
45e7a85ebb Bump version to 1.33.6 by Chef Expeditor 2017-08-15 17:46:20 +00:00
Christoph Hartmann
1a904ea7a5 Moves logic from os_env from initialize phase to runtime phase (#2072)
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-08-15 13:46:13 -04:00
Chef Expeditor
e6f89664bb Bump version to 1.33.5 by Chef Expeditor 2017-08-15 03:37:23 +00:00
Christoph Hartmann
b1aba69661 add mock support for os_env resource (#2070)
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-08-15 05:37:19 +02:00
Chef Expeditor
d60d95cec3 Bump version to 1.33.4 by Chef Expeditor 2017-08-14 18:57:56 +00:00
Christoph Hartmann
427f3e9ac7 Set the default cli tool for oracle db to sqlplus, during execution we will catch this missing cli but it prevents inspec check from failing if sqlplus is not available (#2057)
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-08-14 14:57:51 -04:00
Chef Expeditor
5252c7452f Bump version to 1.33.3 by Chef Expeditor 2017-08-14 17:07:20 +00:00
Chef Expeditor
9fa932ba46 Bump version to 1.33.2 by Chef Expeditor 2017-08-14 13:03:52 +00:00
Christoph Hartmann
69cf0514f2 In mock setups like inspec check the command resource was executed since inspec.os.name was “” instead of unknown. I changed to nil to catch that case. (#2056)
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-08-14 09:03:47 -04:00
Chef Expeditor
59c6c73572 Bump version to 1.33.1 by Chef Expeditor 2017-08-10 14:35:07 +00:00
Chef Expeditor
7f84e904fa Bump version to 1.32.3 by Chef Expeditor 2017-08-10 12:57:51 +00:00
Matt Kulka
0fc870de30 Fix docker_container.tag to properly fetch from image name (#2052)
Fixes #2051

Images with repos containing port numbers will have multiple colons.

Signed-off-by: Matt Kulka <mkulka@parchment.com>
2017-08-10 14:57:45 +02:00
Chef Expeditor
f579733205 Bump version to 1.32.2 by Chef Expeditor 2017-08-07 14:07:32 +00:00
Rony Xavier
041f64a87f New 'be_in' matcher for matching against values in a list (#2022)
* New matcher 'be_in'
Fixes #2018

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* small fixes to wording.

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Added code to use be_in for with the following use case:
describe nginx do
   its(module_list) { should be_in AUTHORIZED_MODULE_LIST }
end
Fixes #2018

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updates to the matcher
Fixes #2018

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added tests for the be_in matcher

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Requested updates completed

Signed-off-by: Rony Xavier <rx294@nyu.edu>
2017-08-07 16:05:22 +02:00
Chef Expeditor
d7a254a4e5 Bump version to 1.32.1 by Chef Expeditor 2017-08-03 18:19:40 +00:00
Chef Expeditor
ff72d54011 Bump version to 1.31.8 by Chef Expeditor 2017-08-02 14:44:02 +00:00
Chef Expeditor
91eb48e21f Bump version to 1.31.7 by Chef Expeditor 2017-08-02 13:29:31 +00:00
Simonas
da75f268bc Fix issue when xinetd.conf does not end in newline (#2040)
Add a newline symbol to the end of the parsed input.

Sample hexdump of a file deployed by xinetd cookbook:

$ hexdump -C /var/chef/cache/cookbooks/xinetd/templates/default/xinetd.conf.erb | tail -2
000000b0  72 20 2f 65 74 63 2f 78  69 6e 65 74 64 2e 64     |r /etc/xinetd.d|
000000bf

Signed-off-by: Simonas Kareiva <simonas@5grupe.lt>
2017-08-02 15:29:26 +02:00
Chef Expeditor
4ae34928ca Bump version to 1.31.6 by Chef Expeditor 2017-07-29 04:22:29 +00:00
Chef Expeditor
6949e9a8fb Bump version to 1.31.5 by Chef Expeditor 2017-07-27 22:41:47 +00:00
Chef Expeditor
6c6c2cbb1f Bump version to 1.31.4 by Chef Expeditor 2017-07-24 20:02:49 +00:00
Chef Expeditor
1acd8ad014 Bump version to 1.31.3 by Chef Expeditor 2017-07-24 16:37:17 +00:00
Dominik Richter
a4bd38915c bugfix: empty file strings from archive readers (#2027)
* bugfix: empty file strings from archive readers

Empty files in archives are sometimes possible (we just ran into this with TGZ), but is never a valid file to extract. So remove it and discount it altogether. Changed structure to support testing of these global calls.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* lint and rebuild

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-07-24 09:37:13 -07:00
Chef Expeditor
885a7e90ca Bump version to 1.31.2 by Chef Expeditor 2017-07-24 16:11:30 +00:00
Nicolas
332842ee48 Fix https://github.com/chef/inspec/issues/2019 (#2020)
Signed-off-by: Nicolas Rodriguez <nicoladmin@free.fr>
2017-07-18 08:28:56 -07:00
Adam Leff
9580732814 Source reader should not hand back files with nil contents (#2003)
If a profile has a data files directory that looks like this:

```
files/platforms/one/data.json
files/platforms/two/data.json
files/platforms/three/data.json
```

... the source reader will return the directories in the list of files but with
nil contents. This causes an issue when Inspec::Profile tries to create a sha256
checksum of the profile contents only to try to cast nil to a string when
building the null-delimited profile contents string.

Files that are empty will have an empty string as its contents, so it's safe to
assume that file entries with nil contents are actually a directory and have no
affect on the profile's checksum. Therefore, this change will eliminate any file
entries in responses from the source readers where the contents are nil.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-11 21:33:55 +02:00
Adam Leff
1ea06ac3ea Change host resource to use getent ahosts on Linux (#2002)
* Change host resource to use getent ahosts on Linux

In InSpec 1.31, we changed the `host` resource to use `dig` instead of `getent
hosts` for name resolution because `getent hosts` does not return all entries
(only the first v6 entry if it exists, then the first v4 entry) and we wanted to
keep the Darwin and Linux implementation as close as possible. Unfortunately,
this affected users' ability to do resolution checks for entried stored in their
/etc/hosts file.

This change goes back to using `getent` for Linux and changes to `getent ahosts`
which returns both v4 and v6 records. Additionally, the Darwin provider's dig
implementation was reordered to return v4 addresses before v6 addresses to be
consistent with how `getent ahosts` returns records.

Signed-off-by: Adam Leff <adam@leff.co>

* Update unit tests for resolve_with_getent with proper output

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-11 21:32:52 +02:00
Adam Leff
c29648a623 Release v1.31.1 (#1996)
Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 16:29:20 -04:00
Adam Leff
1fdea330d3 host resource: fix netcat detection (#1995)
The logic used to determine whether a viable netcat binary exists is wrong and
prevents Linux hosts from doing TCP reachability checks.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 16:23:57 -04:00
Adam Leff
dd3457537e Release v1.31.0 (#1994)
Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 14:07:16 -04:00
Adam Leff
3916d7aca2 Fix formatter when two profiles have the same name (#1991)
* Fix formatter when two profiles have the same name

In the event that an InSpec runner has two profiles that are named the same
(such as when InSpec generates a profile for the Flat source reader, and Test
Kitchen is running concurrently), InSpec could hand back a profile that does not
contain the example. This leads to nil control data and ugly NilClass errors
when TK runs concurrently.

This change modifies the method that finds the profile by control to not only
match on profile name but also match on example ID.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 13:30:37 -04:00
Adam Leff
7bba235014 Add support for ncat in host resource for CoreOS (#1993)
CoreOS is considered a member of the Linux family, and the `host` resource tries
to use `nc` on Linux hosts to test TCP reachability. Unfortunately, `nc` is not
available on CoreOS, but `ncat` is.

This change attempts to use `nc` first, then `ncat` if it's available.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 13:19:16 -04:00
Adam Leff
c280e9a816 Fix host resolution on Darwin, use dig wherever possible (#1986)
* Fix host resolution on Darwin, use dig wherever possible

The `host` and `dig` commands do not return non-zero if a query returns NXDOMAIN
or NOERROR, but the DarwinHostProvider was expecting it when deciding whether to
fall back to IPv4 if a IPv6 query failed. Therefore, the `host` resource would
not function properly when resolving hostnames on Darwin. The logic has been
changed to use `dig` short output and query for both v6 and v4 addresses.

Additionally, the LinuxHostProvider has been modified to prefer `dig` if it's
available to keep behavior similar between Darwin and Linux whenever possible.
This has the added benefit of providing v6 and v4 resolution if possible where
`getent hosts` only returns v6 if v6 records exist.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-05 10:45:30 -04:00
Aaron Lippold
cc7ed38d09 kernel_module resource: added blacklisting, enabled, disabled, docs and unit tests (#1798)
* Fix up methods, add command mock, do string matching in ruby instead of command

Fixes #1643
Fixes #1673

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-05 11:41:44 +02:00
Aaron Lippold
224935e9cf New postgres_hba_conf resource (#1964)
* Created pg_hba_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Created pg_hba_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Corrections

* updated to parse auth-options

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* updated `conf_path` instance var to `conf_file` for consistancy.

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* pg_hba_conf - updated the parse_line method
added test and doc files

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated few bugs on pg_hba_conf
updated test files and docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Made updates based on the reccomendations

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* PR commit

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* PR Commit

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Update Gemfile.lock

* PR Commit

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated doc file for postgres_hba_conf resource to use
'cmp' matcher instead of 'eq'

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Made requested changes, except for SimpleConfig - will address that later.

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-03 20:13:51 +02:00
Aaron Lippold
57864f1488 New postgres_ident_conf resource (#1963)
* Initial commit of pg_ident_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Initial commit of pg_ident_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Small updates to organization of code

Signed-off-by: Aaron Lippold <lippold@gmail.com>
Signed-off-by: Rony Xaiver <rx294@nyu.edu>

* updated `conf_path` instance var to `conf_file` since we are returning
a file.

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Updated few bugs on pg_ident_conf
added test files and docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added mock folders

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added mock folders

Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Added mock folders

Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Added OS check

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added mock file

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added mock folders

Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>

* added windows mock file

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Changed resource name from pg_ident_conf to postgres_ident_conf

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Completed corrections reccomended on PR

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* removed copyright information

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-03 20:01:40 +02:00
Aaron Lippold
1b58763aff updated postgres_session resource properly escape queries (#1939)
* fixed a small courner case in the error detection - error: vs error
fixed resource to use 'shellwords' module to escape the query
requested chances in method architecture for testing
added unit tests

Fixes: #1814

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* updated resource and tests with requested review changes

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* removed unneeded call to `escaped_query` in the `create_sql_cmd`.

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* removed license info

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-03 08:10:27 +02:00
Adam Leff
0d74a7dc50 Release v1.30.0 (#1978)
Signed-off-by: Adam Leff <adam@leff.co>
2017-06-29 15:19:16 -04:00
Christoph Hartmann
0839be50d6 oracle_session and mssql_session improvement (#1857)
* improve database parsing
* support sqlcli
* ensure headers are downcast
* externalize database helper
* use password as argument
* feedback from @adamleff
* inline docs update + linting
* stay backwards compatible
* implement tests
2017-06-29 11:01:32 -04:00
Adam Leff
a6582bea9b Remove any "All Rights Reserved" references (#1969)
* Remove any "All Rights Reserved" references

InSpec is licensed and released under the Apache 2.0 license. This
change removes all reference to legacy code files that still had
any Copyright or License lines referring to "All Rights Reserved".

Signed-off-by: Adam Leff <adam@leff.co>

* fix functional tests

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-06-28 04:14:19 -07:00
Jerry Aldrich III
cc6f1e90ca Add rpm_dbpath support to the package resource (#1960)
Signed-off-by: Jerry Aldrich III <jerry@chef.io>
2017-06-28 03:21:15 -07:00
Christoph Hartmann
50e762e492 fix mysql resource (#1971)
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-06-27 12:26:47 +02:00
Christoph Hartmann
8f247673e5 optimize for docker 1.13 (#1966)
Ensure docker resource works with docker 1.13+
2017-06-26 15:45:03 -04:00
Aaron Lippold
d6d9a58489 Small typo in the postgres.rb resource with a call to (#1962)
version_from_dir.

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-06-26 12:23:39 -04:00
Dominik Richter
56549aed82 add nginx_conf resource (#1889)
The resource itself only offers contents and params right now. It resolved
all include calls it can find and creates the aggregated config object.

This is limited in functionality. One last (set of) PR(s) is needed to
add an interface that makes querying this config file easier. It is due
to the file's inherent complexity that I want to explore which methods
are needed to be effective. In the meantime, this resource offers accessors
to the underlying data that are stable.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-26 06:37:41 -07:00
Christoph Hartmann
9ac36bca30 make postgres resource working in mock runner (for inspec check) (#1961)
* make postgres resource working in mock runner (for inspec check)

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>

* keep nil for empty states

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-06-26 15:16:09 +02:00
Aaron Lippold
3bb98fa1e8 Fixes the postgres_conf parsing of complex paramerters (#1938)
Fixes #1671

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-06-23 08:31:27 -07:00
Adam Leff
f7c8c646a9 Extract Compliance::API version parsing to separate method (#1931)
For cleanliness and ease of testing, I've moved the logic that
parses the server version from the compliance config to a
separate method.

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-23 08:29:50 -07:00
Richard Shade
1fbd4b57a2 Mysql socket (#1933)
* showing how to shellout in docs

Signed-off-by: Richard Shade <rshade@rightscale.com>

* adding basic example

Signed-off-by: Richard Shade <rshade@rightscale.com>

* cleanup

Signed-off-by: Richard Shade <rshade@rightscale.com>

* adding in mysql socket, as this doesn't work with non-default installs

Signed-off-by: Richard Shade <rshade@rightscale.com>

* updating per peer review to make socket not a req, and adding port

Signed-off-by: Richard Shade <rshade@rightscale.com>

* updating docs

Signed-off-by: Richard Shade <rshade@rightscale.com>
2017-06-23 08:28:15 -07:00
Adam Leff
b4f772546b Fix directory resource output and exists check (#1950)
* Fix to_s on directory resource

The `to_s` method on the `directory` resource is not defined
in the correct class, leading `directory` resources to be printed
as the parent resource (`file`) instead.

Signed-off-by: Adam Leff <adam@leff.co>

* Directory existence should check to see if it's a directory

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-23 07:44:15 -07:00
Adam Leff
81e617e1ad Release v1.29.0 (#1955)
Signed-off-by: Adam Leff <adam@leff.co>
2017-06-22 15:16:19 -04:00
Adam Leff
1601b23e8d Don't send HTTP headers that have nil values (#1948)
Net::HTTP does not gracefully handle HTTP options/headers
that have nil values. This updates Fetchers::Url to verify
that all headers we attempt to configure have non-nil,
non-empty values.

This originally surfaced via the audit cookbook with the
chef-automate fetcher in use without the data_collector
token being set.

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-21 19:09:13 -05:00
Dominik Richter
3f68835c74 reject nil as a command input (#1863)
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-19 11:07:36 -04:00
Aaron Lippold
e9371b2624 small typo in the resource with exist? function. (#1937)
Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-06-19 14:28:35 +02:00
Adam Leff
e6256a6c24 Release v1.28.1 (#1935)
Signed-off-by: Adam Leff <adam@leff.co>
2017-06-16 12:45:15 -04:00
Nolan Davidson
52cc27dd06 Adding toml resource (#1924)
* Adding toml resource

This adds a `toml` resource that inherits from the json resource and
behaves the same way as the JSON and YAML resources.

Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-06-15 16:54:12 -04:00
Adam Leff
3d4f1f8d39 Release 1.28.0 (#1930)
Signed-off-by: Adam Leff <adam@leff.co>
2017-06-15 14:52:03 -04:00
Justin Moy
45f3b8113c Host resource ping method should return stdout (#1927)
* Host resource ping method should return stdout

Signed-off-by: Justin Moy <justin.moy@sendgrid.com>

* output connection_output and socket_output

Signed-off-by: Justin Moy <justin.moy@sendgrid.com>

* lint

Signed-off-by: Justin Moy <justin.moy@sendgrid.com>

* remove output from method names / hash keys

Signed-off-by: Justin Moy <justin.moy@sendgrid.com>
2017-06-15 14:01:16 -04:00
Kristian Vlaardingerbroek
ced4ca1858 Add support for CoreOS to the service resource (#1928)
* s/package/service/ on service unit test descriptions

Signed-off-by: Kristian Vlaardingerbroek <kvlaardingerbroek@schubergphilis.com>

* Add support for CoreOS to the service resource

Signed-off-by: Kristian Vlaardingerbroek <kvlaardingerbroek@schubergphilis.com>
2017-06-15 13:19:58 -04:00
pete higgins
89e30f8d31 Reduce warnings (#1917)
* Remove some apparently unused test setup to remove some warnings.
* Initialize some instance variables before use to silence warnings.
* Remove an unused variable to remove a warning.
* Remove some indirection.
* Silence logger during tests.
* Check if an instance variable was defined before referencing to remove a warning.
* Define duplicated constant once in root rakefile.
* Initialize an instance variable to remove a warning.
* Remove PROJECT_DIR to reduce coupling.

Signed-off-by: Pete Higgins <pete@peterhiggins.org>
2017-06-15 12:10:47 -04:00
Justin Schuhmann
a69cd1efee Adds support for iis_app InSpec testing (#1905)
Signed-off-by: Justin Schuhmann <jmschu02@gmail.com>
2017-06-15 11:13:07 +02:00
Adam Leff
6668bf15ea Fix detection of Automate pre-0.8.x in Compliance::API (#1922)
The is_automate_server_pre_080? and is_automate_server_080_and_later?
methods needed some fixing. The Compliance configuration could have
a "version" key that was not nil but was an empty hash, indicating
that it came from a pre-0.8.x Automate server. What we really need
to look for is config['version']['version'] being nil?.

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-13 10:05:09 +02:00
Dominik Richter
9e3706aabe bugfix: enforce option values where needed (#1918)
Due to limitations in Thor it is not possible to set an argument to be both optional and its value to be mandatory. E.g. the user supplying the --password argument is optional and not always required, but whenever it is used, it requires a value. Handle options that were defined with mandatory values in a way that fails with an `ArgumentError` if the value is missing, i.e.:

```
> inspec exec examples/profile --password
ArgumentError: Please provide a value for --password. For example: --password=hello.
```

It works without `--password` or with `--password=arg`. Also handled for `--sudo-password`.

Fixes: https://github.com/chef/inspec/issues/1901
As suggested: https://github.com/chef/inspec/pull/1904

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-12 17:33:16 -04:00
Dominik Richter
d48b2d4096 bugfix: reading tgz files with binread (#1920)
This is currently failing because both `alias` and `alias_method` create method imprints in the FileProvider. This leads to a failure where the TarProvider assumes it doesn't implement `binread`, which in fact it does, since it just calls `read`.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-12 13:00:19 +02:00
Adam Leff
12a495c631 Add TCP reachability support on Linux for host resource (#1915)
* Add TCP reachability support on Linux for host resource

This enhances the `host` resource on Linux targets by using netcat
(if installed) to perform TCP reachability checks.

Signed-off-by: Adam Leff <adam@leff.co>

* documentation updates

Signed-off-by: Adam Leff <adam@leff.co>

* Appease rubocop

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-09 18:18:51 +02:00
Dominik Richter
3c1df959c5 bugfix: inspec archive for tgz files on windows (#1907)
On Windows, `inspec archive` would sometimes produce incorrect archive files. These would look fine, as tgz files, but would not execute correctly. This would lead to bewildering error messages like this one:

```
Unable to parse inspec.yml: line 1, control characters are not allowed
```

Fix it by treating the files as binary before writing them to get around any encoding issues, since the stream handler is a raw io object anyway.

Closely related to https://github.com/chef/inspec/pull/1906

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-08 10:19:21 +02:00
Dominik Richter
ffdce8ab5f bugfix: reading binary profile data on windows (#1906)
On Windows, we ran into the problem that the execution of inherited profiles would (sometimes) not work. This was due to the use of `File.read` and `File.write` and handling inside the file provider, which works in most cases (especially *nix systems), but does not behave as expected on Windows. A better and more correct way of treating these files is via binary read and write mode, which changes the underlying encoding of both strings that are passed along.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-08 10:19:09 +02:00
Takaaki Furukawa
4f34e3eb83 Add support for virtualization resource (#1803)
* Add support for virtualization resource

Signed-off-by: Takaaki Furukawa <takaaki.frkw@gmail.com>

* Add some methods and documentation

Signed-off-by: Takaaki Furukawa <takaaki.frkw@gmail.com>

* Refactor collect_data_linux method

Signed-off-by: Takaaki Furukawa <takaaki.frkw@gmail.com>

* Remove unnecessary hash from virtualization resource and update examples

Signed-off-by: Takaaki Furukawa <takaaki.frkw@gmail.com>
2017-06-07 14:10:29 +02:00
Dominik Richter
d051c8bdf1 bugfix: remove duplicate message in describe.one blocks
Generated duplicate messages due to the way that examples are aggregated in RSpec. Make sure we never show any duplicate test result messages, as they offer not value to any user.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-07 01:27:47 +02:00
Adam Leff
170fca3908
Release v1.27.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-06-06 11:46:54 -04:00
Dominik Richter
1c6fa01190 Merge pull request #1758 from aaronlippold/al/postgres-version-fix
funtion to get pgsql version, exposed version, cluster and fixed session
2017-06-06 15:38:27 +02:00
Juan Carlos Castillo Cano
1c98ff13f6 Support special cases for crontab resource
Signed-off-by: Juan Carlos Castillo Cano <jccastillocano@gmail.com>
2017-06-06 15:12:12 +02:00
Adam Leff
dda24b9f98 Fix compliance uploads when version is not present
The Compliance::API.version method could potentially return
a hash containing no "version" key but would return an empty
hash upon any expected failure. Downstream callers of the
Compliance::API.version method were looking for a "version"
key to always be present when, in some cases, it would not be.

This change ensures that if a version is not available, there
is no "version" key in the hash, and downstream callers of this
method have been changed to check for nil instead of empty.

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-06 14:49:25 +02:00
Dominik Richter
5fd558f247 Merge pull request #1850 from username-is-already-taken2/gb/fix_1839
Fix command exists check on Windows with full paths
2017-06-06 14:46:41 +02:00
Dominik Richter
871c6266c9 Merge pull request #1878 from username-is-already-taken2/gb/update_processes
Add windows support to the `processes` resource
2017-06-06 14:42:14 +02:00
Adam Leff
587cdf5bee Merge pull request #1860 from chef/ap/contain_duplicates_deprecation
Commenting the `contain_duplicates` deprecation until we have a good alternative
2017-06-06 08:05:09 -04:00
Adam Leff
5f58450ccd
Remove commented-out deprecation warning
We can add it back in when we have a better solution and we actually
want to deprecate it.

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-06 07:25:04 -04:00
username-is-already-taken2
9d9baeb09f Added windows support to the processes resource
Signed-off-by: username-is-already-taken2 <digitalgaz@hotmail.com>
2017-06-05 23:41:02 +01:00
stubblyhead
ba0a1ea7a7 add bitbucket repo url handling (#1866)
* add bitbucket repo url handling

Signed-off-by: Mike Stevenson <Mike.Stevenson@us.logicalis.com>

* backout changes to .gitignore

* adding unit tests for bitbucket url transformers

Signed-off-by: Mike Stevenson <Mike.Stevenson@us.logicalis.com>

* fixing some indents

Signed-off-by: Mike Stevenson <Mike.Stevenson@us.logicalis.com>

* fix some indents

Signed-off-by: Mike Stevenson <Mike.Stevenson@us.logicalis.com>
2017-06-05 16:02:56 +02:00
Aaron Lippold
3c02de9e46 funtion to get pgsql version, exposed version, cluster and fixed session
included requested /var/lib/postgresql/data to cover #1673 as well

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-06-03 18:27:52 -04:00
Dominik Richter
562f6ad732 add the Nginx parser
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-03 17:25:00 +02:00
Dominik Richter
7d1f16d9bf support FIPS 140-2 compliant digest calls
Calling the `digest` library directly unfortunately causes issues in FIPS 140-2 mode:

    sha512.c(81): OpenSSL internal error, assertion failed: Low level API call to digest SHA512 forbidden in FIPS mode!

Switching to `OpenSSL` as the caller resolve these issues

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-03 02:17:24 +02:00
Christoph Hartmann
be2453def6 Merge pull request #1875 from ndobson/fixrefreshtoken
Fix version method call for refresh token
2017-05-31 22:05:20 -05:00
Adam Leff
b7cc6c31b7 Merge pull request #1869 from seththoenen/fix-host-windows
Add warningaction to test-netconnection
2017-05-31 15:42:38 -04:00
Adam Leff
f14ed844a9 Merge pull request #1856 from chef/chris-rock/1828
Fix parameters to `find` commands
2017-05-31 14:35:32 -04:00
Nick Dobson
7a4ff97863 Fix version method call
Signed-off-by: Nick Dobson <nick.dobson@me.com>
2017-05-31 10:44:14 -05:00
Christoph Hartmann
687f1a5827 update unit tests
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-31 00:21:05 -05:00
Christoph Hartmann
a6ef98c896 verifies that inspec.yml uses licenses in SPDX format
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-31 00:21:05 -05:00
Christoph Hartmann
57097ea2a9 fix #1828
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-31 00:20:42 -05:00
Aaron Lippold
eacae80649 small syntax fix to interface resource.
addresses #1828

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-05-31 00:20:42 -05:00
Christoph Hartmann
7498a74a82 1.26.0
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-30 23:38:38 -05:00
Dominik Richter
e0e5aee6a4 bugfix: sudo-detection for target execution
When running `inspec exec` without the `target` option but against remote endpoints OR when executing it with the `localhost://` target AND having `--sudo` active it would abort the execution. `--target` is a helper to set the Train parameters for `backend`, `host`, `user`, `port`, and potentially `password`. The detection would fail on providing any of these separately without specifying `--target`. The same holds true for the `localhost` train backend or just `localhost://` target.

This type of detection has since moved to Train. The driving reason was to have this very useful check for localhost vs sudo run for any type of inspec (or for that matter: train) execution.

This PR depends on https://github.com/chef/train/pull/179 and the next release of train.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-30 18:15:44 -05:00
Christoph Hartmann
1f647e1100 Merge pull request #1865 from chef/dr/unsupported-os-powershell
bugfix: do not send nil to command on unsupported OS
2017-05-30 18:14:44 -05:00
Seth Thoenen
868f4872fe Add warningaction to test-netconnection
Signed-off-by: Seth Thoenen <seththoenen@gmail.com>
2017-05-30 15:28:04 -05:00
Dominik Richter
ba149a9e1a bugfix: do not send nil to command on unsupported OS
Unsupported operating systems AND the mockloader when using inspec analysis tools may lead to powershell being called with the command being `nil`, because the resource skips during the initialize phase. Instead, propagate an empty string so that `command` has a valid input and then skip the resource.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-30 12:36:32 -04:00
Dominik Richter
a0e8be2568 bugfix: non-url servers with compliance login
Non-url URIs may have lead to broader crashes than initially fixed. Overwrite all URL resolvers in the plugin to work with these non-schema URLs.

Fixes #1473

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-30 12:04:21 -04:00
username-is-already-taken2
b423e300ef Amended command.rb to resolve issue 1839
Signed-off-by: username-is-already-taken2 <gary.bright@niu-solutions.com>
2017-05-30 14:56:31 +01:00
Alex Pop
3171f46c7d Commenting out the contain_duplicates deprecation until we have a good alternative.
Signed-off-by: Alex Pop <apop@chef.io>
2017-05-30 13:41:44 +01:00
Adam Leff
266f061b9e Habitat Profiles: redirect stderr to stdout
Due to habitat-sh/habitat#2395, we shouldn't try to log stderr output
to a file for now. While this makes for a less-than-awesome UX, it's
better than a process locking up due to a buffer filling up!

This change redirects stderr from InSpec to stdout and adds some
helpful troubleshooting messages. Should InSpec be able to generate
unique exit codes for when controls fail (vs. a Ruby eval failure)
then we can fix this up some more, too.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-29 15:31:26 -04:00
Adam Leff
9182ba8574 Update interface resource docs
The `interface` resource currently refers to methods that don't
yet exist. Fixing the docs for now and will add the features
later.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-29 15:20:50 -04:00
Seth Chisamore
798aebf672 Bump default timeouts for http resource
This changes the default read and open timeouts to be 60 seconds which
matches the defaults for `Net::HTTP` backend which Faraday uses by
default:
https://ruby-doc.org/stdlib-2.4.1/libdoc/net/http/rdoc/Net/HTTP.html#read_timeout-attribute-method
https://ruby-doc.org/stdlib-2.4.1/libdoc/net/http/rdoc/Net/HTTP.html#open_timeout-attribute-method

The current timeout values are too small which causes tests to be
flakey.

Signed-off-by: Seth Chisamore <schisamo@chef.io>
2017-05-29 15:07:49 -04:00
Christoph Hartmann
45afca2e98 Merge pull request #1844 from cattywampus/cattywampus/gem-not-installed
Fix assert that a gem is not installed
2017-05-29 15:06:36 -04:00
Dominik Richter
b1419b84bf Merge pull request #1851 from username-is-already-taken2/gb/patch_1571
Amended the processes resource to skip on windows
2017-05-28 10:35:29 -04:00
Christoph Hartmann
da0b98f4d2 Merge pull request #1852 from aaronlippold/dr/postgres
bugfix: postgres relative path includes
2017-05-27 19:35:22 -04:00
Adam Leff
88581ae3dd
Raise exception if profile target URL cannot be parsed
When attempting to parse the profile out of the target URL, we
were not raising an exception if we failed to do so. Such a situation
could arise if a user's inspec config.json is incorrect either due to
manual editing or failure to re-login after an upgrade past Automate
0.8.0.

This change provides a clear exception if this occurs and also adds
tests for the compliance_profile_name method.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-26 14:30:37 -05:00
Aaron Lippold
dbd3b5c23d bugfix: postgres relative path includes
Postgres configuration doesnt always include absolute paths. When using relative paths it will fail!

Also: We treat the include as either a string or an array; when the first condition succeeds and you get a string and the second fails you get a array => ruby tries to add a string with an array and fails. This is now fixed as well.

Fixes: https://github.com/chef/inspec/issues/1780
Fixes: https://github.com/chef/inspec/issues/1738

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-05-26 14:49:24 -04:00
username-is-already-taken2
f1057ac754 Amended the process resource to skip on windows
Signed-off-by: username-is-already-taken2 <gary.bright@niu-solutions.com>
2017-05-26 16:33:30 +01:00
gbright
b17f0de7cf Amended to resolve issue 1839
Signed-off-by: username-is-already-taken2 <gary.bright@niu-solutions.com>
2017-05-25 21:02:01 +01:00
Keith Walters
215ef38ee9 Fix installed? check for gem resource
The gem resource used to determine if a gem is installed based on the exit
status of the `gem` command, however that command will return zero
if the package was found or not. This patch checks to ensure that the
`gem list` command actually includes the gem name or is empty to
determine if the gem is in fact installed.

If the gem command returns something other than a `0` exit code, then
it'll skip the resource.

Signed-off-by: Keith Walters <keith.walters@cattywamp.us>
2017-05-22 15:34:01 -05:00
Adam Leff
e06359fc40
Release 1.25.1
Signed-off-by: Adam Leff <adam@leff.co>
2017-05-19 21:22:30 -04:00
Adam Leff
81bfdf2d55
Fix is_automate_server_080_and_later? call
Method name was incorrect (missing `?`) and also was missing
the required config parameter.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-19 21:07:58 -04:00
Seth Thomas
9f30fe1726 Fixing typo on method name
Signed-off-by: Seth Thomas <sthomas@chef.io>
2017-05-19 19:58:46 -04:00
Christoph Hartmann
b0ab35d941
throw an error during inspec check if the version is not correct
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-18 09:13:37 -04:00
Adam Leff
87e3c6c3a9
Release InSpec 1.25.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-05-17 13:36:15 -04:00
Christoph Hartmann
1aa223c99b return version as json
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-17 15:21:40 +02:00
Christoph Hartmann
5cc288d5df support new automate 0.8.0
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-17 15:02:08 +02:00
Christoph Hartmann
8b015f521a Merge pull request #1816 from chef/dr/source
bugfix: read source code if profile is in tgz/zip
2017-05-16 13:32:13 +02:00
Dominik Richter
b23c197202 bugfix: read source code if profile is in tgz/zip
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-16 13:19:25 +02:00
Adam Leff
6ebb62dc10 Merge pull request #1727 from elliott-davis/fix_postgres_resource
Update postgresql conf resource to accept include_dir as a string as well as an array
2017-05-15 22:03:23 -04:00
Adam Leff
162b0d8cb8
Release v1.24.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-05-11 14:46:20 -04:00
Adam Leff
a5e5cc0dec Merge pull request #1714 from aaronlippold/postgres-session-update
updated the psql command so that it does not print the headers and ex…
2017-05-11 14:34:05 -04:00
echohack
b5d0012679 minor ui fix
Signed-off-by: echohack <echohack@users.noreply.github.com>
2017-05-11 11:10:01 -07:00
Aaron Lippold
684d81d4c2 psql doesn't print headers + extra output + cconfigurable host + docs
Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-05-11 08:58:55 -04:00
Dominik Richter
d44b751603 add sha256 checksum to json
Fixes https://github.com/chef/inspec/issues/1658

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-11 09:52:28 +02:00
Adam Leff
2fef5202fa Merge pull request #1791 from elliott-davis/elliott/fixup_hab_plan
Update hab exporter to use inspec in path over calling to hab sup
2017-05-10 07:38:56 -04:00
Dominik Richter
169268740d add platform info to json formatter
As part of https://github.com/chef/inspec/issues/1661

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-10 10:13:18 +02:00
Elliott Davis
31645968e2 Update hab exporter to use inspec in path over calling to hab sup
Signed-off-by: Elliott Davis <edavis@chef.io>
2017-05-09 20:09:33 -05:00
Dominik Richter
39d35dd99f Merge pull request #1779 from aaronlippold/al/mysql-session-update
Al/mysql session update
2017-05-09 21:28:17 +02:00
Aaron Lippold
8bad7d896f updated to have feature parity with other sql resources
Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-05-09 14:56:05 -04:00
Nolan Davidson
8f0756812c Add support for Windows auth in mssql_resourcet
This adds supports for connecting to MS SQL instances using Window
authentication rather than SQL authentication.  By leaving either the
user or password parameters blank causes the sqlcmd to leave off the -U
and -P params.  This will cause sqlcmd to authenticate as the current
Windows user.

Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-05-09 17:17:07 +02:00
Adam Leff
a21bdc4a04 Handle parse errors for attrs/secrets
Inspired by #1640, this change cleans up the logic used when
reading in secrets files, provides clearer warnings when the
secrets files can't be parsed, and adds tests for those methods.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-09 13:44:33 +02:00
Dominik Richter
00682eb2d2 Merge pull request #1751 from nsdavidson/add-oracle-session
Add an oracle_session resource
2017-05-09 13:21:53 +02:00
Nolan Davidson
ba6745444e Renaming oracle_session to oracledb_session
Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-05-05 13:11:07 -04:00
Nolan Davidson
55beed4bc8 Resolving rubucop issues
Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-05-05 10:11:53 -04:00
Nolan Davidson
fbe7b8ddf8 Refactor to options hash and add unit tests
Switched the oracle_session resource to take an option hash and allow
for configuring hostname, DB_SID, and sqlplus binary path.

Added unit tests.

Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-05-05 09:29:38 -04:00
Adam Leff
eef4a574d8
Release v1.23.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-05-04 15:08:53 -04:00
Nathan L Smith
e3c62ec0dc Add command-line completions for fish shell
Since the command to enable them is different, also make that change in
the output based on the shell used.

Signed-off-by: Nathan L Smith <smith@chef.io>
2017-05-04 11:42:13 -05:00
Dominik Richter
5d1765c9bb add inspec.profile.file(...) for profile files
Fixes https://github.com/chef/inspec/issues/1396

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-03 20:39:27 +02:00
Christoph Hartmann
3b8801116f Merge pull request #1749 from chef/adamleff/fix-no-color
Make the --no-color flag work for inspec exec
2017-05-02 22:07:40 +02:00
Christoph Hartmann
735b505ecc Merge pull request #1735 from chef/rhass/hab-fixes
Habitat profile bug fixes and improvements
2017-05-02 20:27:38 +02:00
Nolan Davidson
57731e1e50 Changing oracle_session back to using escaped query.
Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-05-02 11:03:45 -04:00
Adam Leff
04c43c6834
Make the --no-color flag work for inspec exec
The CLI formatter is not currently honoring the --no-color flag
when outputting CLI output. This change cleans up how we format
with color and properly support the flag for use cases where
color-encoding characters make the output difficult to use
(i.e. when someone redirects CLI output to a text file for
sharing with others).

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-02 09:52:01 -05:00
Nolan Davidson
9cd69ce4af Add an oracle_session resource
This adds an oracle_session resource similar to the existing resource
for MySQL and MSSQL.  It assumes the sqlplus tool is installed and in
the path of the user InSpec connects as.

Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-05-02 10:50:20 -04:00
Adam Leff
6ed5379134 Error and exit when using --sudo locally
Running `inspec exec` with --sudo locally produces unintended results
given that we cannot escalate local Ruby methods after we're already
running. --sudo is meant to only be used with remote targets. We do
not currently enforce that.

This change will print an error for the user if they attempt to use
--sudo with a local exec and exit non-zero.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-02 12:41:02 +02:00
Dominik Richter
0651a36346 Merge pull request #1746 from chef/adamleff/fix-xinetd
Fix xinetd resource failing when file cannot be read
2017-05-02 11:43:31 +02:00
Adam Leff
bc2458bf5a
Fix YAML resource documentation
The `yaml` resource documentation was missing many clues that users
need to successfully use the resource.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-01 16:16:00 -05:00
Adam Leff
6819940067
Fix xinetd resource failing when file cannot be read
The file resource's `#content` method will return nil if the file
cannot be read for permissions issues. If you try to run a profile
that uses the `xinetd` resource without sudo privileges, InSpec
would try to call `#empty` on nil.

This change fixes this issue by checking for nil before checking
for emptiness.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-01 15:59:07 -05:00
Ryan Hass
99ebae186b Fix exit status check in hab run hook generator.
The exit status would never return "InSpec run completed successfully"
since the value of $RC was always an integer which never was prefixed
with an "x". This checks the return directly since we currently do not
have any complex logic which warrants the need to check different
return status values where a prefixed return code is necessary.

Signed-off-by: Ryan Hass <rhass@users.noreply.github.com>
2017-04-28 11:54:13 -07:00
Ryan Hass
4622de7a28 Update habitat plan and hook generators
* Fixed bug with install step where profile would include the .hart
  files from previous builds.
* Updated the generated plan to support plan.sh syntax changes in
  habitat 0.21.0 and later by removing the `pkg_source` and the
  `do_download`, `do_verify`, and `do_unpack` overrides.
* Updated the generate run hook to leverage habitat to perform most of
  the origin, package name, and path variable interpolations.

Signed-off-by: Ryan Hass <rhass@users.noreply.github.com>
2017-04-28 09:31:11 -07:00
Christoph Hartmann
ed137ae052 Merge pull request #1737 from chef/dr/deprecation-messages
rename old deprecations that were meant for 1.0
2017-04-28 12:40:13 +02:00
Dominik Richter
144dede6eb rename old deprecations that were meant for 1.0
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-28 12:09:24 +02:00
Adam Leff
a1769cc01b
Update inspec.io references in docs/code
The website is now at https://www.inspec.io - updating all inspec.io
references accordingly. :)

Signed-off-by: Adam Leff <adam@leff.co>
2017-04-27 18:05:51 -04:00
Adam Leff
2c5668ef16
Release v1.22.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-04-27 17:27:58 -04:00
Elliott Davis
27d04b56d7 Update postgresql conf resource to accept include_dir as a string as well as an array
Even though I couldn't find any docs around include_dir accepting anything other than a string I left the existing functionality alone.
This forces include_dir to check multiple directories as well as single string directories for additional conf files.

Signed-off-by: Elliott Davis <edavis@chef.io>
2017-04-27 10:26:06 -05:00
Adam Leff
42797b4231 Add matchers help to shell, clean up help output
A new `help matchers` command will provide helpful examples on a few
of the standard matchers: be, cmp, include, etc.

I also cleaned up the formatting of the resources list and provided
better feedback if a user requests help for an unknown resource.

Resolves #1684

Signed-off-by: Adam Leff <adam@leff.co>
2017-04-27 01:16:39 +02:00
Dominik Richter
1dafe50bd9 rename SimpleConfig / parse_config / parse_config_file options
See https://github.com/chef/inspec/issues/1709
Fixes https://github.com/chef/inspec/issues/1709

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-26 23:18:40 +02:00
Dominik Richter
8e5fbb9e02 provide inspec.version information
as a friendly shortcut and a native call within profiles

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-26 13:07:32 +02:00
Dominik Richter
8b7ef09f85 provide the inspec keyword
Instead of my favorite shortcut of `os.inspec` just finally add it as a global keyword.

Preparation for https://github.com/chef/inspec/issues/1396

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-26 12:30:31 +02:00
Dominik Richter
50e1c76fce print and prettyprint the inspec backend class
This is always bothersome when debugging code and drilling down objects, since it will just a return a two-layer anonymous class with no help at all.
Instead print a nice name and even give a bit of information on pretty-printing (which pry does naturally)

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-26 12:04:01 +02:00
Dominik Richter
c5101e5ef0 pretty-print multiline control descriptions
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-25 17:12:30 +02:00
Dominik Richter
37a2e45cd1 bugfix: unindent description misbehaviors
Unindent has been misbehaving for control `desc`riptions by completely removing newlines. This is now fixed and the unindentation mechanism improved to behave as expected.

Removing empty lines at the beginning and end of string remains unchanged.
Tabs are not treated as multi-space indentations; supporting them as 8-space chars would require additional effort (please comment if this is important to you)

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-25 13:21:38 +02:00
Christoph Hartmann
b3cdc6ba04 handle json parse errors in docker resource
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-04-25 12:02:26 +02:00
Dominik Richter
37a778173d inspec control.to_ruby to respect newlines
I.e. instead of printing them as:

```
desc "hello\nworld"
```

it would instead do:

```
desc "hello
world"
```

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-25 10:34:45 +02:00
Adam Leff
e352deb6ef
Release 1.21.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-04-24 16:27:27 -04:00
Christoph Hartmann
218bda9c34 Docker resource (#1566)
* add docker, docker_container, and docker_image resources

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-04-24 10:47:03 -04:00
Dominik Richter
f731cbca92 bugfix: solve warn on uninitialized
@expectation was analyzed without initializeation, leading to ruby errors. fix it

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-22 12:35:56 +02:00
Christoph Hartmann
b03ee9d0ba Merge pull request #1681 from Happycoil/add-windows-user-groups
fetch user groups while building user object
2017-04-21 11:00:49 +02:00
Tor Magnus Rakvåg
1c5b35c890 you -> your
Obvious fix.
2017-04-20 17:43:33 +02:00
Tor Magnus Rakvåg
96bb596bc4 fetch user groups while building user object
Signed-off-by: Tor Magnus Rakvåg <tm@intility.no>
2017-04-20 16:02:21 +02:00
Tyler Ball
488ef492de Merge pull request #1663 from chef/ER-508/extending_http_resource
ER-508 Extended http resource to support no ssl verification
2017-04-18 14:25:10 -06:00
Adam Leff
0fe13fd0af Merge pull request #1668 from chef/chris-rock/fix-help-sshd-config
fix sshd config help
2017-04-18 15:04:07 -04:00
Adam Leff
6f57af7579 Merge pull request #1669 from chef/chris-rock/fix-web-reference
fix web reference url
2017-04-18 15:02:25 -04:00
Elizabeth Uselton
d376a6a881 ER-508 Extended http resource to support no ssl verification
We needed to be able to run inspec against endpoints with self signed certificates and this was the quickest way for us to get there.

Signed-off-by: Elizabeth Uselton <elizabeth.uselton@gmail.com>
2017-04-18 19:01:57 +02:00
Christoph Hartmann
b93aa0715b fix web reference url
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-04-18 12:04:59 +02:00
Christoph Hartmann
438a1c52ab fix sshd config help
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-04-18 12:01:55 +02:00
Adam Leff
7a71719f13 Move Habitat sleep time to config file
Because the sleep_time is not written to a config file but instead
only rendered into the run hook, hab-sup doesn't restart the running
process upon any config updates. This change moves the sleep_time to
a settings config file which is read in by the run hook. This will
allow Habitat to restart the InSpec process whenever a user changes
the sleep time.

I also cleaned up the non-zero exit error message to give the user
a better indication as to why the run may have "failed."

Signed-off-by: Adam Leff <adam@leff.co>
2017-04-14 12:01:25 -04:00
Adam Leff
17d611c053
Release 1.20.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-04-13 11:37:23 -04:00
Ryan Gerstenkorn
5e0cab08a0 Add OSX support for host resource (#1608)
* Add OSX support for host resource

Signed-off-by: Ryan Gerstenkorn <ryan_gerstenkorn@fastmail.fm>
2017-04-13 11:32:04 -04:00
Christoph Hartmann
effd0dd9f8 harmonize compliance profiles view with supermarket views (#1654)
* harmonize profiles view with supermarket plugin

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-04-13 11:24:17 -04:00
Adam Leff
9b472e1b59
Habitat packages should run as root
Many InSpec resources require root access to properly scan. Let's
default the run user to root until we need to accommodate different
options.

Signed-off-by: Adam Leff <adam@leff.co>
2017-04-13 10:34:47 -04:00
Adam Leff
c70824d0c8 Merge pull request #1647 from jeremymv2/jeremymv2/automate_dependency_profiles
allow Automate profile dependencies
2017-04-12 15:42:31 -04:00
Adam Leff
2376cba73f Merge pull request #1646 from jeremymv2/jeremymv2/fix_validate_backend_error
pass options hash sans target key
2017-04-12 15:41:58 -04:00
Christoph Hartmann
29e286fee6 Merge pull request #1639 from chef/dr/rabbitmq_config
add `rabbitmq_config` resource
2017-04-12 21:19:15 +02:00
Dominik Richter
02e435b6d0 add rabbitmq config resource
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-12 20:51:12 +02:00
Adam Leff
da56a08f74 Fix gem resource on Windows
RubyGems on windows comes with a batch file that wraps the `gem` command
so it executes correctly. This change uses that batch file for windows
for our `gem` resource, and also properly handles when we receive no output
from the command.

Signed-off-by: Adam Leff <adam@leff.co>
2017-04-12 17:34:16 +02:00
Christoph Hartmann
01eb102079 add support for hostname detection on macOS
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-04-12 12:57:45 +02:00
Christoph Hartmann
4c64bafb51 Merge pull request #1624 from supergicko/sni-power-for-ssl
Adding SNI utilization to ssl resource
2017-04-12 11:07:27 +02:00
Jeremy J. Miller
735b67ab8a allow Automate profile dependencies
Signed-off-by: Jeremy J. Miller <jm@chef.io>
2017-04-11 16:45:24 -04:00
Jeremy J. Miller
c73417e0ae pass options hash minus target key
Signed-off-by: Jeremy J. Miller <jm@chef.io>
2017-04-11 14:39:46 -04:00
Adam Leff
231698808c
Release 1.19.2 patch release
Signed-off-by: Adam Leff <adam@leff.co>
2017-04-07 10:36:38 -04:00
Adam Leff
a8ffe449ff
Add helper methods, tests for registry key path building
Broke out some of the conditional logic in the `#initialize`
method into helper methods and added tests.

Signed-off-by: Adam Leff <adam@leff.co>
2017-04-07 10:09:51 -04:00
Christoph Hartmann
6f6f3985a6 fix #1131 circumvent bug in powershell where string are not properly handled
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-04-07 10:57:02 +02:00
supergicko
e3c695e8e9 Adding SNI utilization to ssl resource
SSL resource now adds the servername option in client hello,
utilizing the the great work of @adamcaudill to support
SNI in sslshake [1]

[1] https://github.com/arlimus/sslshake/pull/5

Signed-off-by: Christoph Kappel <kappel.christoph@gmail.com>
2017-04-07 09:34:44 +02:00
Christoph Hartmann
90b985a7c1 fix #1268 and allows registry key resource with leading backslash
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-04-06 23:30:10 +02:00
Adam Leff
24ab12e5b5
Releasing v1.19.1
Signed-off-by: Adam Leff <adam@leff.co>
2017-04-04 15:22:16 -04:00
Adam Leff
5a2a20dc3e
Releasing v1.19.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-04-04 11:06:16 -04:00
Doc Walker
692e660140 Fix #1617 Add dh_params resource (#1618)
* Fix #1617 Add dh_params resource

Signed-off-by: Doc Walker <4-20ma@wvfans.net>
2017-04-04 10:34:09 -04:00
Adam Leff
73d46f9c49
Replace Nokogiri with REXML in the JUnit formatter
In #1454, we welcomed a newly-revamped JUnit formatter which has
a dependency on Nokogiri. Unfortunately, this had led us to problems
getting InSpec included in Chef omnibus builds (see chef/chef#5937)
because Chef is using Ruby 2.4.1 and the Nokogiri maintainers have
not yet released a windows binary gem that supports Ruby 2.4.x.
This has led to breaking builds in Chef's CI platform and would
block the acceptance of chef/chef#5937.

This change replaces Nokogiri use with REXML instead. While REXML
can be slower than Nokogiri, it does not require native extensions
and is supported on all Chef platforms.

Signed-off-by: Adam Leff <adam@leff.co>
2017-04-03 14:51:48 -04:00
Adam Leff
68a930f141 Merge pull request #1406 from carldjohnston/apache_conf-symlinks
Allow apache_conf to include symlinked configuration files
2017-04-03 10:38:22 -04:00
Adam Leff
76420432e0
Release v1.18.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-03-30 11:25:58 -04:00
Ryan Larson
0e187f6117 Feature/fix ability to pass in supermarket url (#1595)
* Enable customization of supermarket_url

It looks like this was originally supposed to work, but at some point
the default value was put in the method body rather than in the method
parameters.

This change allows you to configure the supermarket_url in test kitchen
like so:

```
verifier:
  inspec_tests:
  - name: linux-hardening
    supermarket: som3guy/apache-disa-stig
    supermarket_url: https://my.supermarket.com
```

Signed-off-by: Ryan Larson <ryan.mango.larson@gmail.com>
2017-03-29 12:42:24 -04:00
Adam Leff
7df9674e42 Remove method_missing, provide methods for repo metadata
Instead of method_missing, methods for each output item from
`yum repolist` are provided.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-29 10:42:25 +02:00
Adam Leff
1cf80737ad Yum resource fix for non-existent repos and repo info
If a repo did not exist, running matchers against it (such as `exist`)
were failing due to a bug in `#to_s` when fetching the repo name. The
`info` method would return nil and we'd still try to treat it as a hash.

This change ensures that info is always a hash, possibly empty if the
repo doesn't exist, and uses the repo name provided by the user rather
than shortening it to be consistent with our other resources which don't
manipulate the user input in the formatter.

Also added a method_missing to allow users to interrogate repo options,
such as baseurl or gpgcheck.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-29 10:42:25 +02:00
Adam Leff
96d18435a4 Update CLI output, adjust tests
The CLI output for the vendoring of profiles has been updated slightly
to be more clear, and the functional tests have been modified to match
as well.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-29 10:22:20 +02:00
Adam Leff
e1c664272e Break out profile vendor activities into separate class
Per PR feedback, `Inspec::ProfileVendor` is created to centralize
the logic and data of vendoring profile dependencies. The `BaseCLI`
class and the `Habitat::Profile` class have been modified to use it

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-29 10:22:20 +02:00
Adam Leff
8269d0da9e Support vendored profiles in Habitat-packaged profiles
This change adds support in Habitat-packaged profiles for
profiles that depend on other profiles. When `inspec habitat
profile create` or `inspec habitat profile upload` is run,
it will see if the profile's dependencies have been vendored
yet, and if not, it will vendor them before creating the
habitat artifact.

For the git and URL fetchers, more explicit creation of the
target directories for the vendored profiles is done. This
is implicitly done via normal CLI interactions a user may
go through, but in our case, we want to ensure those directories
are there before the fetchers try to write out content.

By adding this support, we also fix a bug experienced in Habitat
where a profile that was packaged before an `inspec exec` was run
for the profile would cause a failure in Habitat. This is caused
by `inspec exec` doing a vendor of the dependencies if necessary
and generating the inspec.lock file. In Habitat, the package dir
is not writable by the hab user and InSpec would fail to run due
to an inability to write out an inspec.lock.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-29 10:22:20 +02:00
Adam Leff
8e693a4ad9 Fix port resource for invalid IP address in netstat output
Netstat will sometimes output an IPv6 address that is not
formatted correctly; the address is either truncated or uses
or implies the `::` shorthand notation twice. This yields an
invalid IPv6 address and causes IPAddr.new to choke.

This change guards against invalid IP addresses and ensures they
do not end up in the port resource's entries list.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-29 08:33:50 +02:00
Adam Leff
90b0ce08c5 Remove errant puts in inspec habitat CLI command
Left a `puts` behind during some testing that made its way into
a PR. Removing it!

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-28 22:57:08 +02:00
joe.nuspl
1ab80ea052 Extend gem to take an optional gem_binary
Allows one to test whether gems are installed into an omnibus environment.

Signed-off-by: Joe Nuspl <nuspl@nvwls.com>
2017-03-24 22:28:42 -07:00
Adam Leff
73e3bfda7a Merge pull request #1544 from chef/adamleff/hash-values-in-simpleconfig
Provide a method-based accessor for SimpleConfig hashes
2017-03-22 15:46:58 -04:00
Christoph Hartmann
7c11ff9280 add tag object (#1590)
* add tag object

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>

* add tests for to_hash function in tag

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-03-22 13:41:44 -04:00
Christoph Hartmann
9de56d25f7 Merge pull request #1589 from mr-exz/yaml-bug-file-name
Support YAML attributes files ending in .yaml
2017-03-22 14:36:26 +01:00
Christoph Hartmann
d2f000e435 refactor x509 resources and rsa key
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-03-22 11:44:32 +01:00
Richard Nixon
f66f0b3a18 Initial support for x509_certificate and rsa_key
* Includes unit tests
* Includes 2 new resources
* Includes documentation

Signed-off-by: Richard Nixon <richard.nixon@btinternet.com>
2017-03-22 10:00:48 +01:00
Dominik Richter
738bae0db8 add inspec json schema validation to functional tests
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-03-22 09:42:36 +01:00
Dominik Richter
c620cbf69e add inspec min json generator 2017-03-22 09:42:36 +01:00
Dominik Richter
55daa24cbc add json schema and generator 2017-03-22 09:42:36 +01:00
mr.exz
38c9648eb4 add fix
Signed-off-by: mr.exz <root@exzec.ru>
2017-03-22 08:17:18 +03:00
Adam Leff
66095722c8 release 1.17.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-03-21 15:00:26 -04:00
John Kerry
d4a0ae4549 removing an unnecessary require of the rspec junit formatter
Signed-off-by: John Kerry <john@kerryhouse.net>
2017-03-19 22:07:19 -04:00
mr.exz
4647664d56 solve #1569 2017-03-19 00:00:49 +03:00
Adam Leff
ea7c0c493e Provide a method-based accessor for SimpleConfig hashes
When SimpleConfig parses a config file that has sections, such as a mysqld
config file, the values within that section are returned via a Hash. However,
we do not provide an easy way to write tests for those deep hash values:

```
describe mysql_conf('/tmp/my.cnf') do
  its('mysqld.expire_logs_days') { should cmp 10 }
end

  MySQL Configuration
     ∅  undefined method `expire_logs_days' for #<Hash:0x007fe463795a00>
```

This change provides a method-based accessor for Hashes that are built via
SimpleConfig.

```
describe mysql_conf('/tmp/my.cnf') do
  its('mysqld.expire_logs_days') { should cmp 10 }
end

  MySQL Configuration
     ✔  mysqld.expire_logs_days should cmp == 10
```

Fixes #1541 by changing the way the attributes are fetched.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-15 14:49:16 -05:00
Adam Leff
4f2b66302d Fix ObjectTraverser when accessing array values
When attempting to access array values via the `json` resource:

```
describe json('/tmp/test.json') do
      its(['array',0]) { should eq "zero" }
end
```

... the resulting data would be an array of the size of the original array
with all the values replaced with nils:

```
     expected: "zero"
          got: [nil, nil, nil]
```

This was due to a bug in the ObjectTraverser mixin that mapped array values
back through `extract_value` rather than properly handling the passed-in
key(s). This worked fine for the specific data format created by the `csv`
resource but did not work `json` or any other resource that subclassed the
`JsonConfig` resource.

This change fixes the logic when dealing with an array when it's encountered,
and fixes up the `csv` resource with its own `value` method.

This change also adds tests for ObjectTraverser.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-15 11:35:55 +01:00
Adam Leff
8155357d0a Add additional example for matching crontab commands
As raised in #1526, adding an additional example showing how
a user can use the `where` accessor to find commands matching
a pattern and write a test using the results.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-14 22:16:39 +01:00
Adam Leff
546486ff6a Merge pull request #1550 from chef/chris-rock/upstart-fallback
try to use sysv fallback if is not producing proper output
2017-03-09 17:25:29 -05:00
Adam Leff
dfce561276 Provide better error message when inspec.yml is invalid
Currently, if the inspec.yml for a profile is invalid (such as including
an improperly-defined multi-line string), InSpec will throw an exception
from the YAML parser that does not given a clear indication that the
issue was encountered while parsing the inspec.yml file.

This change introduces a better exception message to clue the user into
where the problem actually lies.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-09 18:03:01 +01:00
Christoph Hartmann
8b1619b60e try to use sysv fallback if is not producing proper output
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-03-08 21:52:52 +01:00
Adam Leff
037f08beb2 Fixing port check with v4 IPs in a v6 netstat line
On Linux, netstat may show a tcp6/udp6 protocol line but include a
v4 address. This happens with AF_INET6 sockets that can accept
both v4 and v6 traffic. The port check was not properly handling
this situation and trying to pass a v4 address to URI bracketed as
if it was a v6 address.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-06 22:03:41 -07:00
Adam Leff
45f242e122 releasing 1.16.1 with a bug fix and omnibus fix
Signed-off-by: Adam Leff <adam@leff.co>
2017-03-06 11:58:00 -07:00
Makoto Nozaki
f913b56ffc Avoid connection timeout of "inspec version" (#1538)
* Add open_timeout to NET::HTTP.start call
Signed-off-by: Makoto Nozaki <makoto.nozaki@twosigma.com>

* Code cleanup based on the discussion at #1538
Signed-off-by: Makoto Nozaki <makoto.nozaki@twosigma.com>
2017-03-06 09:23:42 -07:00
Adam Leff
9550137605 Write Habitat-driven InSpec output to svc_var directory
When running a InSpec profile built with Habitat, we now
write the formatter/reporter data to a JSON file in the
pkg.svc_var_path rather than STDOUT. This will allow for
programmatic collection of this data and future enhancements
to allow this data to be passed around a Habitat ring.

This also corrects an issue creating a Habitat profile if the
profile had never been in the local InSpec cache. By setting a
mock Backend when creating the profile object, similarly to what
the archivers do, this issue is avoided.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-02 17:45:16 -05:00
Adam Leff
7154b6b95f Merge pull request #1530 from chef/1.16.0
1.16.0
2017-03-02 15:39:34 -05:00
Adam Leff
14d6678c82 1.16.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-03-02 15:17:55 -05:00
Adam Leff
6bd66df014 Merge pull request #1511 from carldjohnston/oracle-linux-service-resource
Added oracle linux to rhel platform section of 'service' resource.
2017-03-02 07:00:56 -05:00
Christoph Hartmann
71cc62c757 use -- for description of inspec login_automate
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-03-02 12:30:33 +01:00
Carl Johnston
316c994cc5 Added oracle linux to rhel platform section.
Broken when chef/train was fixed to detect oracle linux correctly.

Signed-off-by: Carl Johnston <carldjohnston@gmail.com>
2017-03-02 22:07:16 +11:00
Christoph Hartmann
be529dcea6 Merge pull request #1513 from postgred/kernel_module_centos
Fix kernel_module for centos/redhat
2017-03-02 09:27:10 +01:00
Adam Leff
f4b1a350ce Merge pull request #1501 from jbenden/jbenden/freebsd-zfs
Add FreeBSD support for ZFS datasets and pools
2017-03-01 13:06:44 -05:00
Adam Leff
19f114deea Merge pull request #1454 from jkerry/FunctionalJUnitReporter
Functional JUnit reporter
2017-02-27 12:00:36 -05:00
Adam Leff
d3f7de3134 Merge pull request #1519 from chef/v1.15.0
1.15.0
2017-02-27 11:29:44 -05:00
Adam Leff
1485debdde 1.15.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-02-27 11:21:39 -05:00
John Kerry
e0ae7eb161 correcting a typo, anonymnous -> anonymous
Signed-off-by: John Kerry <john@kerryhouse.net>
2017-02-25 00:44:23 -05:00
jkerry
927a12c574 resolving old junit unit tests with the new format. Adding a skipped test node as a result 2017-02-25 00:44:23 -05:00
John Kerry
1f92268aa2 Converting the junit reporter to use nokogiri on top of the json reporter output hash 2017-02-25 00:44:23 -05:00
Adam Leff
91396d2029 Merge pull request #1488 from chef/adamleff/fix-multiple-flat-profiles
Generate default profile names, fix bug when using multiple flat profiles
2017-02-24 16:59:31 -05:00
Andrey Aleksandrov
70c33eb606
Remove os.family from kernel_module
Signed-off-by: Andrey Aleksandrov <postgred@gmail.com>
2017-02-24 23:30:00 +03:00
Christoph Hartmann
26dc4e7356 Merge pull request #1510 from trickyearlobe/fix_windows_output_formatting
Fix formatting and colors on Windows
2017-02-24 16:36:44 +01:00
Andrey Aleksandrov
82cf2baadd
fix syntax
Signed-off-by: Andrey Aleksandrov <postgred@gmail.com>
2017-02-24 16:55:20 +03:00
Andrey Aleksandrov
8fb6bd5c66
Fix kernel_module for centos/redhat
Signed-off-by: Andrey Aleksandrov <postgred@gmail.com>
2017-02-24 14:32:57 +03:00
Carl Johnston
efa1b951ab Merge remote-tracking branch 'origin/master' into apache_conf-symlinks 2017-02-24 16:07:02 +11:00
Richard Nixon
ee87dfb405 Fix formatting and colors on Windows
Fixes issue #1508

* Windows terminals don't support extended ANSI colours. Use basic + intensity
* Windows terminals don't support UTF-8 well so don't use special characters

Other OS'es get what they had before.

Signed-off-by: Richard Nixon <richard.nixon@btinternet.com>
2017-02-24 01:34:49 +00:00
Adam Leff
0342cca62e Adding a Habitat profile artifact creator
Two new commands have been created:

 * inspec habitat profile create /path/to/profile
 * inspec habitat profile upload /path/to/profile

The `create` command creates a Habitat artifact that contains the contents
of the Habitat profile found at the provided path. This will be used later
in some Habitat + InSpec integrations.

The `upload` command does the same create process but then uploads the
resulting artifact to the Habitat Depot.

Signed-off-by: Adam Leff <adam@leff.co>
2017-02-23 18:25:22 -05:00
Joseph Benden
1fdecc6680 Add FreeBSD support for ZFS datasets and pools
The following new resources have been added; however, they
presently only support FreeBSD and similar.

* `zfs_dataset`: tests if a named ZFS dataset is present
  and/or has certain properties.
* `zfs_pool`: tests if a named ZFS pool is present and/or
  has certain properties.

Additionally, the `mount` resource has been reworked to
include support for FreeBSD; while the existing class
was renamed to LinuxMountParser.

Unit-tests were added for all of the above.

Signed-off-by: Joseph Benden <joe@benden.us>
2017-02-22 10:29:49 -07:00
Adam Leff
bf07a58ed7 Merge pull request #1489 from chef/adamleff/doc-fix
Doc fix for SourceReaders::InspecReader
2017-02-15 09:28:39 -05:00
Alex Pop
88975bff2a Switch package resource to os.redhat detection and use two spaces as fileds delimited
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-15 11:07:10 +00:00
Alex Pop
fae96f6249 Add RedHat support for packages resource
Fix dpkg trimming of first line
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-15 11:07:10 +00:00
Adam Leff
bc7db89d70 Provide target info on shell invocation
When in inspec shell, you need to type the `help` command to find out info
about your target system. This info would be super helpful right out of the
gate so users have confidence that they're targeting the correct system.

The target info is still available via the `help` command as it always has
been, as well.

Signed-off-by: Adam Leff <adam@leff.co>
2017-02-14 14:46:47 +01:00
Adam Leff
7e64c99738 Doc fix for SourceReaders::InspecReader
The inline docs for SourceReaders::InspecReader#new state that it takes
a SourceReader object for the target... but we're trying to create the
SourceReader object! It actually takes a FileProvider object that is
capabile of listing files for the given profile and reading them.

Signed-off-by: Adam Leff <adam@leff.co>
2017-02-13 13:19:22 -05:00
Adam Leff
d0bc085412 Generate default profile names, fix bug when using two-or-more flat profiles
When running InSpec with multiple profiles, and two or more of the profiles
are read in using the "Flat" SourceReader (i.e. they are not actual profiles
with a metadata file like inspec.yml, but rather just a folder containing
.rb files with controls and tests in them), InSpec would throw a NilClass
error when building the necessary objects for the formatter.

The cause was in `#profile_contains_example` in the formatter code which
checks to see if the profile name is the same as the profile_id in the given
example. However, if both of those were nil, it would potentially match the
wrong Flat-read profile.

This change fixes this in two ways: refusing to match if the profile name
or example profile ID is nil, and adding a default name to a profile if
it doesn't have a title or name. This will solve the matching issue and also
clean up the formatter output so users can more easily tell what tests
are from which profile/path.

Signed-off-by: Adam Leff <adam@leff.co>
2017-02-13 13:07:41 -05:00
Adam Leff
417b791baa Adding new crontab resource
The crontab resource parses a particular user's crontab file into
individual entries and allows the user to assert information about
each entry as needed.

Signed-off-by: Adam Leff <adam@leff.co>
2017-02-10 09:33:31 -05:00
Dominik Richter
4daa4d06c0 1.14.1 2017-02-10 14:13:12 +01:00
Alex Pop
ce927e657a Skip packages resource for unsupported OS
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-10 10:34:01 +00:00
Dominik Richter
ddaa4c96cf 1.14.0 2017-02-09 00:39:04 +01:00
Dominik Richter
b86201d6df Merge pull request #1478 from chef/tduffield/relax-rubocop-pin
Use RuboCop 0.39.0 (same as chefstyle)
2017-02-09 00:09:48 +01:00
Tom Duffield
1ea83f526c Address rubocop violations
Signed-off-by: Tom Duffield <tom@chef.io>
2017-02-08 16:49:16 -06:00
Dominik Richter
d4243b3558 map url to https for compliance plugin
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-02-08 23:29:58 +01:00
Dominik Richter
8c48e81b10 bugfix: warn users about insecure login requirements
Fixes https://github.com/chef/inspec/issues/1469

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-02-08 08:47:31 +01:00
Adam Leff
c28d3bccbe Add support for "inspec -v" showing the version
The other Chef tooling (chef-client, chef, kitchen, berks, etc.)
support a `-v` flag to display the version. Currently, inspec
errors out with the following error:

```
Could not find command "_v".
```

This adds a Thor map so that `-v` executes the `version` command.

Signed-off-by: Adam Leff <adam@leff.co>
2017-02-07 15:28:39 -05:00
Dominik Richter
64ee82195d 1.13.0 2017-02-07 15:01:47 +01:00
jtimberman
d7fad68541 add "packages" resource
This pull request adds a packages resource so that we can check for pattern matches against all the packages on a system. This initially implements only dpkg support for debian-based platforms so we can cover this use case:

```ruby
describe packages(/^xserver-xorg.*/) do
  its("list") { should be_empty }
end
```

This uses FilterTable so we can supply additional queries, too.

```ruby
describe packages(/vi.+/).where { status != 'installed' } do
  its('statuses') { should be_empty }
end
```

Users can specify the name as a string or a regular expression. If it is a string, we will escape it and convert it to a regular expression to use in matching against the full returned list of packages. If it is a regular expression, we take that as is and use it to filter the results.

While some package management systems such as `dpkg` can take a shell glob argument to filter their results, we eschew this and require a regular expression to match multiple package names because we will need this to work across other platforms in the future. This means that the following:

```ruby
packages("vim")
```

Will return *all* the "vim" packages on the system. The `packages` resource will take `"vim"`, turn it into `/vim/`, and greedily match anything with "vim" in the name. To match only a single package named `vim`, it needs to be an anchored regular expression.

```ruby
packages(/^vim$/)
```

Signed-off-by: Joshua Timberman <joshua@chef.io>

Use entries instead of list

Added a few more tests and non installed package in output
Signed-off-by: Alex Pop <apop@chef.io>

fix lint

Signed-off-by: Alex Pop <apop@chef.io>

Signed-off-by: Joshua Timberman <joshua@chef.io>
2017-02-07 10:29:11 +00:00
Alex Pop
52842de552 Provide a way to force it vs its for any argument
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-03 19:26:02 +00:00
Dominik Richter
2fa8039f60 1.12.0 2017-02-03 17:36:43 +01:00
Alex Pop
920ff068e6 Allow setting of the tests array
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-03 15:03:09 +00:00
Alex Pop
eb450c08a6 deprecate .list
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-03 08:28:46 +00:00
Alex Pop
92454f96c3 Add FilterTable for processes
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-03 08:28:46 +00:00
Christoph Hartmann
58585e3455 switch to faraday as http backend
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-02-02 22:13:36 +01:00
Christoph Hartmann
283bbda0c6 1.11.0 2017-02-01 14:07:32 +01:00
Alex Pop
495185b581 derive xinetd protocol from socket_type when not defined in the config file
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-01 11:19:24 +00:00
Alex Pop
a3de32ad04 Fix xinetd parsing of services from the same file. Expose resource.protocols
Signed-off-by: Alex Pop <apop@chef.io>
2017-01-31 12:40:29 +00:00
Alex Pop
80ad877e02 Wrap regex in parenthesis no matter of the matcher used, ex: match, cmp
Signed-off-by: Alex Pop <apop@chef.io>
2017-01-30 11:51:06 +00:00
Alex Pop
11429a54d3 Add Inspec::Variable test to a control
Signed-off-by: Alex Pop <apop@chef.io>
2017-01-30 11:01:02 +00:00
Alex Pop
660b997342 Add negate! support for the describe.one object
Signed-off-by: Alex Pop <apop@chef.io>
2017-01-30 11:01:02 +00:00
Christoph Hartmann
78b7a2c680 Merge pull request #1435 from postgred/kernel_module_version
Version method for kernel_module
2017-01-27 17:49:23 +01:00
Andrey Aleksandrov
4caa8c50d1
Minor improvements
Signed-off-by: Andrey Aleksandrov <postgred@gmail.com>
2017-01-27 13:51:45 +03:00
Andrey Aleksandrov
3783357e50
Add version method to kernel_module
Signed-off-by: Andrey Aleksandrov <postgred@gmail.com>
2017-01-27 13:33:41 +03:00
Christoph Hartmann
fa707dfcab 1.10.0
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-01-26 17:46:05 +01:00
Christoph Hartmann
976e5d85e4 improve http header handling
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-01-26 17:16:37 +01:00
Christoph Hartmann
440c09ea38 Merge pull request #1416 from brentm5/bm-add-refresh-token
Updated compliance api requests to actually use refresh token correctly
2017-01-26 14:27:57 +01:00
Guilhem Lettron
51ca98c468 Add an http test method
Signed-off-by: Guilhem Lettron <g.lettron@criteo.com>
2017-01-26 12:02:54 +01:00
Montague, Brent
463f3ff09f Refactor after revisions requested from @chris-rock
Signed-off-by: Montague, Brent <brent@bmontague.com>
2017-01-25 14:33:34 -05:00
Montague, Brent
caa554b467 Updated compliance api requests to actually use refresh token correctly
We do not store a token in the config file but rather generate one on
each commmand.  This is just a first pass and needs some work.

Signed-off-by: Montague, Brent <brent@bmontague.com>
2017-01-25 14:33:34 -05:00
Nathen Harvey
2eda02932f
'execution' is spelled correctly
Fixes a minor typo. The correct spelling is 'execution', not
'executation'

Signed-off-by: Nathen Harvey <nharvey@chef.io>
2017-01-24 23:19:30 -05:00
Carl Johnston
0e3d8da16b Allow apache_conf to include symlinked configuration files
Signed-off-by: Carl Johnston <carldjohnston@gmail.com>
2017-01-08 10:54:00 +11:00
Christoph Hartmann
f2efaaded1 1.9.0 2017-01-06 18:34:44 +01:00
Christoph Hartmann
8015f1191c implement download of profiles
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-01-05 13:31:36 +01:00
Christoph Hartmann
efab62ef00 optimize regular expression for postgres config parsing
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-01-05 13:16:47 +01:00
Wei, He
370269c2dd Yum.repo should show correct name
https://github.com/chef/inspec/issues/1390

Signed-off-by: Wei, He <weihe924stephen@gmail.com>
2017-01-04 11:10:38 +09:00
Dominik Richter
a15749f328 bugfix: expose postgres_conf parameters via its
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-01-03 16:17:36 +01:00
Christoph Hartmann
08e182843b fixes brew json parsing
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-01-03 12:24:57 +01:00
Christoph Hartmann
f0cdad800f display if inspec version is outdated
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-01-03 12:10:43 +01:00
Makoto Nozaki
9834e3f8f9 Make "permission denied" condition match that of Train
Signed-off-by: Makoto Nozaki <makoto.nozaki@twosigma.com>
2016-12-28 22:20:40 -05:00
Christoph Hartmann
fc6ab8d6f9 print name for supermarket profiles 2016-12-22 09:48:53 +01:00
Christoph Hartmann
10bb08b691 1.8.0 2016-12-16 17:49:51 +01:00
Christoph Hartmann
7a0b0803bd add fallback syntax for serverspec tests
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2016-12-15 16:16:17 +01:00
Christoph Hartmann
6e2b21e1f8 Merge pull request #1366 from makotots/mn/json-variable-name-fix
JSON resource's error message is missing filename when file is not found
2016-12-15 15:17:28 +01:00
Makoto Nozaki
42cffeea61 Fix variable name. Add test.
Signed-off-by: Makoto Nozaki <makoto.nozaki@twosigma.com>
2016-12-15 08:00:56 -05:00
Jeremy J. Miller
6481f00454 cmp better support for version ops
Signed-off-by: Jeremy J. Miller <jm@chef.io>
2016-12-14 23:45:38 -05:00
Franklin Webber
ad82ac48c8 Removes profiles reader and replaces with ivar
The profiles method was never public and the @profiles is clearer.

Signed-off-by: Franklin Webber <franklin@chef.io>
2016-12-14 13:34:53 -06:00
Franklin Webber
0a0431ac29 Privatizes more methods within the Formatter
Based on some feedback from @arlimus there were some methods that
were not part of the public inteface that I moved to private.

I changed the examples collection from a delete from the output_hash
to retrieve the controls.

Created a helper for the all_unique_controls which was used in two helper
methods.

Signed-off-by: Franklin Webber <franklin@chef.io>
2016-12-14 13:34:53 -06:00
Franklin Webber
eb495e9675 Fixes to address Rubocop issues and privacy
The class size is too big and Rubocop is right. There are a few
more classes in there that could be extracted but I am going to
ignore it. The other issues that it presented were fair.

Signed-off-by: Franklin Webber <franklin@chef.io>
2016-12-14 13:34:53 -06:00
Franklin Webber
d8c7347ee9 Updates the Formatter's Control summary calcuation
* Moved things around for better understanding of the class
* Used `private` to denote what was on the public interface
* Solved the ugly TODO which was calculating the state of the control's
  summary
* Used `#examples` instead of `res = control[:results]` throughout the
  #summary and #title methods

Signed-off-by: Franklin Webber <franklin@chef.io>
2016-12-14 13:34:53 -06:00
Franklin Webber
4695c9e7be Fixes for functional tests and better displaying dep. profiles
* Fixes an issue when specifying no profile
* Fixes an issue when displaying a profile that has included/required profiels
* Fixes an issue when specifying profiles with only metadata
* Fixes formatting for spacing to ensure it adheres to previous alignment
* Fixes issue with the Control object and the rolling up of failed
  and skipped examples.

Signed-off-by: Franklin Webber <franklin@chef.io>
2016-12-14 13:34:53 -06:00
Franklin Webber
fa45c3993d Updates RSpec CLI Formater to print profiles correctly
The profiles will display  the controls with their results and
then display the examples not associated with any control but
within the profile.

Signed-off-by: Franklin Webber <franklin@chef.io>
2016-12-14 13:34:53 -06:00
Franklin Webber
914c8384c0 Adds CurrentControl class to Cli RSpecJSONFormatter
A lot of the work in #flush_current_control is acting on the control.
I am starting the flip of the control and bringing those messages being
sent originating from a control class itself.

Signed-off-by: Franklin Webber <franklin@chef.io>
2016-12-14 13:34:53 -06:00
Franklin Webber
7627add552 Refactors JSON / CLI formatter
Cleans up the #stop action on the JSON formatter by creating more
methods that memoize values or provide values through a method
interface.

There is still more that can be done with the whole mapping
examples to controls through profiles.

Signed-off-by: Franklin Webber <franklin@chef.io>
2016-12-14 13:34:53 -06:00
Franklin Webber
a8a949d996 Removes start stage from Json Formatter
The full JSON formatter was using the start step to setup the profiles_info.
I moved that to a memozied method so that the first time it is called it will
be created.

Signed-off-by: Franklin Webber <franklin@chef.io>
2016-12-14 13:34:52 -06:00
Victoria Jeffrey
b30a5dc165 add in some comments, etc 2016-12-14 13:34:52 -06:00
Victoria Jeffrey
37e60e929d wip: remove some global variable usage 2016-12-14 13:34:52 -06:00
Lee Briggs
4b28c9b342 Add profile version to archive
Signed-off-by: Lee Briggs <lbriggs@apptio.com>
2016-12-14 16:14:20 +00:00
Christoph Hartmann
a02bc81b19 1.7.2 2016-12-08 12:38:22 +00:00
Christoph Hartmann
7a0aa49986 use cached profile for compliance dependencies if vendored
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2016-12-08 10:11:55 +00:00
Christoph Hartmann
9fbe6d0347 1.7.1 2016-12-03 10:22:26 +01:00
Alex Pop
76c4e26580 remove check and json logging for now
Signed-off-by: Alex Pop <apop@chef.io>
2016-12-02 18:06:51 +00:00
Christoph Hartmann
c1e7fc50b1 1.7.0 2016-12-02 12:59:10 +01:00
Victoria Jeffrey
0991cd142f move vendor_deps to base_cli
Signed-off-by: Victoria Jeffrey <vjeffrey@chef.io>
2016-12-01 15:29:47 +01:00
Victoria Jeffrey
b110c1fba5 Vendor profile when uploading to chef-compliance
Signed-off-by: Victoria Jeffrey <vjeffrey@chef.io>
2016-11-30 18:24:12 +01:00
Victoria Jeffrey
d8b512ec8c refactor headers retrieval into get_headers method
Signed-off-by: Victoria Jeffrey <vjeffrey@chef.io>
2016-11-30 18:10:33 +01:00
Victoria Jeffrey
60009b292b address comments
Signed-off-by: Victoria Jeffrey <vjeffrey@chef.io>
2016-11-30 13:27:50 +01:00
Victoria Jeffrey
bdf5eae15e Extend inspec compliance cli to support automate backend
Signed-off-by: Victoria Jeffrey <vjeffrey@chef.io>
2016-11-30 13:27:50 +01:00
Christoph Hartmann
d07e597f68 Merge pull request #1336 from burtlo/burtlo/add_junit_help
Adds junit to the inspec help exec
2016-11-30 10:14:17 +01:00
Christoph Hartmann
8346d2acfd Merge pull request #1333 from Wing924/fix_regexp_in_processes
fix bug: RegExp in processes resource can't match long-run process #1332
2016-11-30 10:13:38 +01:00
Franklin Webber
9d30628213 Adds junit to the inspec help exec
While rebasing the branch where I was working on the cli formatter I
noticed the addition of junit. However, it was not in the help.

Signed-off-by: Franklin Webber <franklin@chef.io>
2016-11-30 01:17:44 -06:00
Alex Pop
4c60a69eae Provide inspec.lock for archives as well
Signed-off-by: Alex Pop <apop@chef.io>
2016-11-29 23:59:39 +01:00
Christoph Hartmann
5bfc9745e3 move default cache creation to profile implementation
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2016-11-29 14:28:03 +01:00
Alex Pop
b01440b7c8 pass default cache path to for_target, enable log change
Signed-off-by: Alex Pop <apop@chef.io>
2016-11-29 12:35:56 +01:00
Juan Carlos Castillo Cano
58ef61f1f4 Show process name during inspec output
Signed-off-by: Juan Carlos Castillo Cano <jccastillocano@gmail.com>
2016-11-29 11:00:43 +00:00
Wei, He
861856fbd9 fix bug: RegExp in processes resource can't match long-run process #1332
Signed-off-by: Wei, He <weihe924stephen@gmail.com>
2016-11-29 17:01:03 +09:00