Steven Danna
7aa4c6da8e
Fix require_controls DSL method
...
Previous, require_controls was including all controls from the named
profile, despite the documented behavior being that it only includes
controls explicitly pulled in by the user. The cause was two-fold:
1) A previous refactor meant that we weren't removing the rule from the
correct context, and
2) We weren't descending down the dependency tree when filtering rules.
This commit fixes the require_controls DSL method and adds a test to
help prevent future regressions.
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-26 15:20:56 +02:00
Steven Danna
f23a0d1098
Bump lockfile version to 1.0
...
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-26 09:51:04 +01:00
Christoph Hartmann
dab8ff5c13
replace wmi win32_useraccount with adsi users
2016-09-26 01:31:44 +02:00
Alex Pop
13da437dcc
Show skip_message and correct title
2016-09-23 07:47:21 +01:00
Christoph Hartmann
f7ec24a337
implement filter table for group/groups resource
2016-09-23 00:53:24 +02:00
Steven Danna
d29e8768ca
Rename --no-write-lockfile to --no-create-lockfile
...
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-22 10:08:32 +02:00
Steven Danna
2f3a916080
Always write lockfiles for local top-level profiles
...
This commit threads through some state related to whether or not a
profile is "local", that is whether it is a directory on disk. If it
is, we then write out the lockfile to disk.
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-22 10:08:32 +02:00
Steven Danna
8d63db9a2b
Change :shasum key to :sha256 for future upgrade
...
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-21 10:51:04 +01:00
Steven Danna
6814d6ad2b
Fail if a remote source content doesn't match lockfile
...
If a URL based source does not match the shasum recorded in the
lockfile, it likely means a new version has been pushed to the remote
source. In this case, we fail to help ensure that when using a lockfile
we always run the same code as when the lockfile was created.
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-21 10:15:52 +01:00
David Pell
155995adfd
In ApacheConf#include_files, check for abs paths
...
If the path is absolute, just use what was passed, otherwise build an
absolute path using `@conf_dir`.
Fixes #1013
2016-09-20 09:11:09 -04:00
Alex Pop
e1faebd527
Include code description in the output of failed controls
2016-09-20 10:10:08 +01:00
Steven Danna
b2146d8758
Allow users to reference resources from dependencies
...
All resources from deps are added into the control_eval_context used by
the current profile. However, if there is a name conflict, the last
loaded resource wins. The new `require_resource` dsl method allows the
user to do the following:
require_resource(profile: 'profile_name',
resource: 'other',
as: 'renamed')
describe renamed do
...
end
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-19 19:08:43 +02:00
Christoph Hartmann
17ce99df7f
use Gem::Version instead of a regular expression for a test version bump
2016-09-19 18:58:30 +02:00
Dominik Richter
6792550f8c
adopt new json formatting
2016-09-19 13:45:03 +02:00
Dominik Richter
38f2680cf4
static keys in all json
2016-09-19 12:00:14 +02:00
Victoria Jeffrey
ecac8ae9cb
print profile summary and test summary
2016-09-18 21:53:16 -04:00
Steven Danna
be1a61f2e5
Process transitive dependencies from lock file
...
This is a regression introduced by the changes from string to symbol
keys in v0.34.0. It seems that our test cookbook that had a nested
dependency example wasn't actually wired up to run.
This adds a basic functional test and corrects the typo.
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-15 09:41:40 +02:00
Christoph Hartmann
5088795ffc
Merge pull request #1077 from chef/ssd/no-gpg-for-you
...
Don't gpg-sign commits during tests
2016-09-14 17:57:35 +02:00
Steven Danna
7fbb768fc7
Don't gpg-sign commits during tests
...
If you have gpg singing globally enabled, the tests would ask you for
your gpg pin. This is not fun.
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-14 17:50:37 +02:00
Christoph Hartmann
178156499f
Merge pull request #1076 from chef/ssd/issue-1074
...
Ensure resources are visible inside its blocks
2016-09-14 17:48:26 +02:00
Steven Danna
8024eea8b7
Ensure resources are visible inside its blocks
...
The recent changes to provide isolated views of the available resources
was not extended to Rspec::ExampleGroups. This ensures that
ExampleGroups have access to the same resources as the enclosing
Inspec::Rule.
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-14 16:27:59 +01:00
Steven Danna
f2e587f6d5
Skip controls from profile's that don't support the current platform
...
Any controls included from profiles that don't support our current
platform are now marked as skipped.
Fixes #1049
2016-09-14 09:57:53 +01:00
Steven Danna
8f10ee53c5
Provide inspec.yml shortcut syntax
...
- Allow users to elide the `name` attributes
- Assume a default source of supermarket
Fixes #1048
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-14 08:46:06 +02:00
Christoph Hartmann
9c7d06c167
use simple config for security policy resource
2016-09-12 12:20:57 +02:00
Steven Danna
b48b9edae9
Improve duplicate and cycle detection in resolver
...
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-12 10:57:55 +01:00
Christoph Hartmann
a2143b8249
identify enabled/disabled accounts for windows
2016-09-12 11:40:25 +02:00
Steven Danna
85cbe713d7
Add GitFetcher and rework Fetchers+SourceReaders
...
This adds a new git fetcher. In doing so, it also refactors how the
fetchers work a bit to better support fetchers that need to resolve
user-provided sources to fully specified sources appropriate for a
lockfile.
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-09 14:14:36 +01:00
Steven Danna
3777f06927
Remove some warnings during the test run
2016-09-09 14:14:36 +01:00
Christoph Hartmann
e61f71143d
add unit tests
2016-09-09 12:43:03 +02:00
Christoph Hartmann
78a47aa43b
improve windows implementation
2016-09-09 09:31:38 +02:00
Christoph Hartmann
94100d98b0
full implementation for filtable for linux and mac
2016-09-09 09:31:37 +02:00
Steven Danna
7e8f3f571e
Ensure simplecov starts before everything else
...
Before this change, simplecov was reporting
1864 / 5198 LOC (35.86%) covered
After this change it is reporting
4131 / 5275 LOC (78.31%) covered.
Keeping the require at the top of the file ensure that simplecov is
loaded before any of our application code.
2016-09-08 21:32:15 +01:00
Christoph Hartmann
1bd55f8cc4
allow direct access to iis configuration parameters
2016-09-07 11:19:34 +02:00
Steven Danna
74e712854e
Pass attributes from command line into profile context
...
We broke attributes with the dependency work. Minimally fix them. TODO:
Maximally fix them.
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-07 10:29:47 +02:00
Christoph Hartmann
0a34ffef5a
always display error message
2016-09-05 17:23:14 +02:00
Christoph Hartmann
73f93c2756
fix powershell based unit tests
2016-09-05 13:36:48 +02:00
Christoph Hartmann
c3c648eeb9
fix integration tests for usage with winrm v2
2016-09-05 13:36:48 +02:00
Christoph Hartmann
3ddcb4c418
fix integration tests for suse 11
2016-09-05 11:22:52 +02:00
Christoph Hartmann
3346d7e1a9
support /etc/init.d directory for run level configuration
2016-09-05 11:08:21 +02:00
Steven Danna
9bb65bd60c
Use per-profile execution contexts for library loading
...
Previously, libraries were loaded by instance_eval'ing them against
the same execution context used for control files. All resources were
registered against a single global registry when the `name` dsl method
was invoked. To obtain seperation of resources, we would mutate the
instance variable holding the globale registry and then change it back
at the end.
Now, we instance_eval library files inside an anonymous class. This
class has its own version of `Inspec.resource` that returns another
class with the resource DSL method and the profile-specific resource
registry.
2016-09-04 20:55:20 +02:00
Steven Danna
5fdf659df1
Load all dependent libraries, even if include_context isn't called
...
The goal of these changes is to ensure that the libraries from
dependencies are loaded even if their controls are never included. To
facilitate this, we break up the loading into seperate steps, and move
the loading code into the Profile which has acceess to the dependency
information.
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-04 20:55:20 +02:00
Steven Danna
384ccb610c
Initial attempt at isolating resources between dependencies
...
Previously, all resources were loaded into a single resource registry.
Now, each profile context has a resource registry, when a profile's
library is loaded into the profile context, we update the
profile-context-specific resource registry. This local registry is
then used to populate the execution context that the rules are
evaluated in.
Signed-off-by: Steven Danna <steve@chef.io>
2016-09-04 20:55:20 +02:00
Christoph Hartmann
a116406b4e
Merge pull request #1014 from jeremymv2/fix_apache_conf
...
Fix apache conf
2016-09-04 20:18:16 +02:00
Victoria Jeffrey
0667c334e9
fix inherited profile cli report for realz this time
2016-09-04 18:28:01 +02:00
Victoria Jeffrey
99ce09c4ac
fix inherited profile cli report
2016-09-04 18:28:01 +02:00
Jeremy J. Miller
d5b2e4bf53
removed testing artifact
2016-09-02 22:04:06 -04:00
Jeremy J. Miller
03cb244e84
removed superflous Listen 80
2016-09-02 22:02:47 -04:00
Jeremy J. Miller
c0d105671e
better description for tests
2016-09-02 22:00:12 -04:00
Jeremy J. Miller
1b92d15d8f
added unit tests
2016-09-02 21:55:28 -04:00
Victoria Jeffrey
5d5aa6354d
fix and add test
2016-09-01 20:39:52 -04:00
Martin Hegarty
ffee9bd2fc
Fix failing unit test
2016-08-31 16:56:23 +01:00
Alex Pop
fd676ceb5c
promote cmp usage as it provides results with octal mode
2016-08-30 18:23:47 +01:00
Jeremy J. Miller
3822b8ea3a
one more test for good measure
2016-08-29 19:50:03 -04:00
Jeremy J. Miller
0d817017bb
changed regex for integer to allow 0
2016-08-29 19:39:39 -04:00
Jeremy J. Miller
53dbaa9c3e
add test
2016-08-29 15:57:46 -04:00
Steven Danna
3a6e610de9
Allow functional tests to pass on OSX
...
A few minor issues were causing 3 functional test failures on OS X.
These were not program errors but where rather the result of the
profiles under test assuming a linux environment.
Since many of the developers who will work on this project in the future
will be running OS X, let's ensure they can run the functional tests
easily.
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-26 15:25:59 +02:00
Victoria Jeffrey
d6ee153aaa
print controls, then tests. print describe block header then each test
2016-08-26 10:12:56 +02:00
Christoph Hartmann
efb2e08a16
add tests for users with sid on windows
2016-08-26 09:40:24 +02:00
Christoph Hartmann
64a5a4d082
switch from os-hardening to ssh-hardening profile
2016-08-25 14:42:55 +02:00
Steven Danna
6034ece853
Initial control isolation support
...
The goal of this change is to provide an isolated view of the available
profiles when the user calls the include_controls or require_controls
APIs. Namely,
- A profile should only be able to reference profiles that are part of
its transitive dependency tree. That is, if the dependency tree for a
profile looks like the following:
A
|- B --> C
|
|- D --> E
Then profile B should only be able to see profile C and fail if it
tries to reference A, D, or E.
- The same profile should be include-able at different versions from
different parts of the tree without conflict. That is, if the
dependency tree for a profile looks like the following:
A
|- B --> C@1.0
|
|- D --> C@2.0
Then profile B should see the 1.0 version of C and profile D should
see the 2.0 profile C with respect to the included controls.
To achieve these goals we:
- Ensure that we construct ProfileContext objects with respect to the
correct dependencies in Inspec::DSL.
- Provide a method of accessing all transitively defined rules on a
ProfileContext without pushing all of the rules onto the same global
namespace.
This does not yet handle attributes or libraries.
2016-08-25 14:42:55 +02:00
Christoph Hartmann
1300900693
add unit test for local fetcher with windows path support
2016-08-24 16:23:27 +02:00
Annie Hedgpeth
fe5c7c49a4
Attempt at a bug fix to read backslashes as forward slashes in local fetcher
2016-08-24 15:11:20 +02:00
Christoph Hartmann
1989c25b2a
add integration test for package resource
2016-08-24 14:40:26 +02:00
Christoph Hartmann
956d3b7292
add unit test for new package resource
2016-08-24 14:40:26 +02:00
Anirudh Gupta
4041f1898e
can check windows service startup mode now
2016-08-24 02:01:10 +05:30
Kartik Null Cating-Subramanian
3415359ea2
Merge pull request #961 from chef/ssd/deps-resolver-replace
...
WIP: Replace Molinillo-based resolver
2016-08-23 10:52:41 -04:00
Christoph Hartmann
a381e406c4
add integration tests for file permissions on windows
2016-08-23 16:03:58 +02:00
Steven Danna
366e65b198
Add the start of tests for the Resolver class
...
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-23 14:50:12 +01:00
Kartik Null Cating-Subramanian
039c760545
Fixup behavior and add functional tests
2016-08-23 03:07:23 +02:00
Kartik Null Cating-Subramanian
33ae22d313
Support controls and describe blocks in InSpec shell
2016-08-19 19:07:23 +02:00
Christoph Hartmann
f72fddb114
fix functional test for compliance plugin
2016-08-19 17:16:19 +02:00
Christoph Hartmann
95029203cd
unique controls for dependency tests
2016-08-19 09:47:41 +02:00
Steven Danna
d779dd53ae
Move all dependency related classes into inspec/dependencies
...
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-19 09:47:40 +02:00
Steven Danna
2041a08aa2
Fetch deps based on urls
...
This extends the dependency feature to include support for url-based
dependencies. It takes some deviations from the current support for
URLs that we'll likely want to make more consistent.
By default, we store downloaded archives in the cache rather than the
unpacked archive. However, to facilitate debugging, we will prefer the
unpacked archive if we find it in the cache.
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-19 09:47:40 +02:00
Steven Danna
34ae3122e9
Fix recursive deps for path-based deps
...
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-18 16:02:16 +02:00
Christoph Hartmann
1d8f8bb3e3
restructure unit tests
2016-08-18 13:47:43 +02:00
Chris Evett
3df98b7a19
add iis_site tests and refactor post code review
2016-08-17 06:57:48 -04:00
Christoph Hartmann
c23263f3d0
handle xinetd config with only one entry
2016-08-16 17:23:22 +02:00
Steven Danna
b5cd64d16a
Ignore comment lines in /etc/passwd
...
Most passwd/shadow implementations treat lines that start with '#' as
comments. For example, the implementation in OS X:
if (buf[0] == '#') {
/* skip comments for Rhapsody. */
continue;
}
https://opensource.apple.com/source/remote_cmds/remote_cmds-41/rpc_yppasswdd.tproj/passwd.c
Fixes #725
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-16 10:54:52 +02:00
Victoria Jeffrey
6f198f539b
cleanup
2016-08-16 10:01:10 +02:00
Victoria Jeffrey
cf771ab967
ssh_config parse should be case insensitive
2016-08-16 10:01:10 +02:00
Dominik Richter
5f1d83f196
Merge pull request #912 from chef/ap/port-win-process
...
Windows ports with pid and process name
2016-08-12 20:59:28 +02:00
Alex Pop
353dcf10ec
make netstat default for getting ports and get only listening ones
2016-08-12 16:02:56 +01:00
Christoph Hartmann
97a9e67181
update messages for integration tests
2016-08-12 14:51:23 +02:00
Christoph Hartmann
57bdd3464c
add feature to fetch children from registry key
2016-08-12 14:51:23 +02:00
Christoph Hartmann
571bc14742
support hash params as options for registry key
2016-08-12 14:51:23 +02:00
Steven Danna
9957138909
Fix inheritance tests to account for dependency spike
...
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-11 16:41:09 +01:00
Christoph Hartmann
92d3702043
add integration test for windows file and directory
2016-08-10 21:41:32 +02:00
Steven Danna
9346f5dd34
travis experiment: lower docker concurrency
...
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-10 12:52:21 +01:00
Steven Danna
afddebaf3f
Add inspec env
command to configure shell tab-completion
...
This adds a new subcommand:
inspec env [SHELL]
which outputs a shell-appropriate completion script that the user can
source into their shell:
eval "$(inspec env SHELL)"
Currently, we provide completions for ZSH and Bash. The completion
scripts are generated from the data Thor collects.
If the user doesn't provide SHELL we attempt to detect what the user's
shell may be using a number of methods.
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-10 02:07:53 +01:00
Dominik Richter
16bd6a14d5
revert control_summary field in output
...
(1) The field is not yet optimal, the calculations are great!
(2) Changing this field should go together with all other breaking json changes, especially if https://github.com/chef/inspec/pull/811 results in a change.
2016-08-08 11:54:27 +02:00
Kartik Null Cating-Subramanian
470b7bb7d2
Merge pull request #860 from chef/vj/inspec-controls-count
...
Count controls in the summary output. Fix #852
2016-08-05 13:47:45 -04:00
Kartik Null Cating-Subramanian
8094add5b3
Test summary JSON schema
2016-08-05 13:27:30 -04:00
Steven Danna
dea19846a3
Explicitly require docker transport to avoid autoload bug
...
Ruby's autoload feature is not threadsafe. We are hoping requiring the
docker plugin early will fix odd failures we have been seeing.
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-05 17:58:20 +01:00
Kartik Null Cating-Subramanian
0f572df4be
Fix integration test
2016-08-05 10:01:29 -04:00
Steven Danna
13ebea48e1
Allow port to be specified as a string
...
This allows the user to write:
describe port(22) do
it { should be_listening }
end
as well as
describe port('22') do
it { should be_listening }
end
without hitting an error.
Fixes #867
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-05 14:01:08 +02:00
Christoph Hartmann
d9a1a500d0
add params and content method to parse_config
2016-08-05 12:13:56 +02:00
Christoph Hartmann
93a068b8fa
update kitchen container, activate all in travis
2016-08-05 10:52:03 +02:00
Christoph Hartmann
1c9d998afd
do not run runit and upstart in docker since chef run fails
2016-08-05 10:52:03 +02:00
Christoph Hartmann
bb5fb617d5
harmonize cookbooks for integration tests, update docs, remove i386 in vagrant
2016-08-05 10:52:03 +02:00
Steven Danna
57d7275857
Update inspec for os[:family] change in Train
...
Signed-off-by: Steven Danna <steve@chef.io>
2016-08-04 13:32:35 +01:00
Steven Danna
f76bc6b7b4
Be a bit louder when skipping an entire integration suite
2016-08-03 16:41:27 +01:00
Steven Danna
f30902211c
Use either /dev/kcore or /dev/core in tests
...
In many linux distributions a link to /proc/kcore is placed at
`/dev/core`. In TravisCI we see it at `/dev/kcore`. To avoid tests
failing for some developers locally, we support either location.
2016-08-02 14:14:49 +02:00
Dominik Richter
70dd639471
move base_cli to lib/inspec
...
It is not a disconnected library, but a core component of inspec. Fix its location.
2016-07-26 20:11:25 +02:00
Dominik Richter
c2f34932ad
add port resource for windows 2008
...
using `netstat -an`
2016-07-21 14:58:43 +02:00
Dominik Richter
68cf88f701
add suid sgid and sticky support for file resource
2016-07-10 23:08:42 +02:00
Dominik Richter
c6644ebdfe
check service running by ActiveState
...
See http://unix.stackexchange.com/questions/159174/differences-between-inactive-vs-disabled-and-active-vs-enabled-services
2016-07-06 12:57:04 +02:00
Dominik Richter
5da73db6a3
api: report source location with field identifiers
...
Mixing types in an array without specifying what these fields point to is not just confusing, but also causes issues with endpoints that may consume this data and dont process mixed types. We strive to have a stable api for 1.0 and this is a sin that was left after the major overhaul. Time to fix it.
2016-06-28 12:03:20 +02:00
Christoph Hartmann
9bdb01f1d5
improve wmi resource
2016-06-19 23:40:45 +02:00
Christoph Hartmann
f87f25fb07
add boolean support for cmp matcher
2016-06-18 20:33:08 +02:00
Dominik Richter
8660d5d81c
feedback round with @chris-rock
2016-06-16 20:37:51 +02:00
Dominik Richter
211a2e25fb
align inspec detect output
2016-06-16 13:00:09 +02:00
Dominik Richter
e3b20e88b7
provide target info in cli output
2016-06-16 12:26:46 +02:00
Dominik Richter
c34fd350cf
multi-profile reporting in cli formatter
2016-06-16 00:08:50 +02:00
Dominik Richter
4fbdee84cf
use utf-8 characters for default cli formatter
...
see https://github.com/chef/inspec/issues/532
2016-06-15 19:27:56 +02:00
Stephan Renatus
0a00d21113
integer?("0300") should not be true
2016-06-15 18:34:42 +02:00
Dominik Richter
f93084520f
introduce cli report formatter
2016-06-15 17:11:29 +02:00
Christoph Hartmann
f1faf47112
introduce secrets backend
2016-06-14 02:49:47 +02:00
Dominik Richter
2db8d83d56
support intra-libraries file referencing + loading
...
solves https://github.com/chef/inspec/issues/779
2016-06-03 22:54:35 +02:00
Dominik Richter
302a718b48
list arbitrary ports and query it
...
utilizing filter table to make port more flexible and useful.
2016-05-31 03:14:07 +02:00
Dominik Richter
02dae2c3c5
add simple style for filter table data
...
for quick flattening, filtering, and non-nil results. this also simplifies some interal calls and structure
2016-05-31 03:01:03 +02:00
Christoph Hartmann
e9ca7107b0
add tests for os resource
2016-05-31 00:01:26 +02:00
Dominik Richter
d6345ffd17
add resource to filter table blocks
...
i.e. get access to the original resource for more information and calls.
2016-05-30 23:31:14 +02:00
Christoph Hartmann
ba95e461d3
run integration tests in docker
2016-05-16 18:25:17 +02:00
Anirudh Gupta
4a9d9a4757
fixed 'it' statements under file_test
2016-05-16 19:24:14 +05:30
Dominik Richter
67f7a5936c
catch corner-case with symbols on test-objects
2016-05-13 20:39:17 +02:00
Dominik Richter
603e3e21b3
fix construction of ruby objects on string and array handlers
2016-05-13 19:07:43 +02:00
Dominik Richter
dde4433933
use struct for processes list
...
we know all the fields + struct is fully compatible to the curren hash implementation
2016-05-13 11:22:56 +02:00
Christoph Hartmann
1f470971d2
Revert "Add all_match to matchers"
...
This reverts commit 29cf4522e4
.
2016-05-11 23:47:24 +02:00
Christoph Hartmann
48d8694789
Revert "fix contain_match, add none_match"
...
This reverts commit 54b397f3a5
.
2016-05-11 23:47:24 +02:00
Christoph Hartmann
5939e5b2f9
Merge pull request #739 from chef/ap/port-not-nil
...
Return empty array instead of nil for port methods
2016-05-11 23:32:43 +02:00
Alex Pop
2a9d9b5481
return empty array instead of nil to be .each friendly
2016-05-11 22:21:22 +01:00
Christoph Hartmann
03b1ecfac5
Merge pull request #735 from tpcwang/escape-windows-osenv
...
Escape os_env command on Windows to handle env variables containing parentheses.
2016-05-11 23:09:34 +02:00
Alex Pop
54b397f3a5
fix contain_match, add none_match
...
update matchers doc and add more integration tests
allow non-string data types and non-arrays
2016-05-11 12:47:36 +01:00
tpcwang
c8d2991589
Escape os_env command on Windows to handle env variables containing parentheses.
...
Update the mock file to match the new command
2016-05-11 01:09:06 -07:00
Christoph Hartmann
9fd9f8aa69
Merge pull request #733 from chef/vj/add-label-for-processes
...
Expose label for processes only on linux
2016-05-10 22:39:02 +02:00
Victoria Jeffrey
1811eb6666
Expose label for processes only on linux
2016-05-10 13:59:13 -04:00
Victoria Jeffrey
29cf4522e4
Add all_match to matchers
2016-05-10 10:00:55 -04:00
Alex Pop
9ded3b8835
Provide service params as a mash, empty unless systemd for now
2016-05-09 14:54:09 +02:00
Christoph Hartmann
d2a8ba0022
add human-readable output for detect, as well as a --format json
2016-05-09 13:24:49 +02:00
Dominik Richter
5d925b2851
api: make processes return integers for pid/vsz/rss
2016-05-06 16:49:21 +02:00
Christoph Hartmann
6e905c8162
update functional tests
2016-05-06 13:47:22 +02:00
Alex Pop
c518b9edc2
expose systemd service properties via .info
2016-05-06 13:36:42 +02:00
Christoph Hartmann
8258d111ef
rename json to minijson and fulljson to json
2016-05-06 13:27:42 +02:00
Dominik Richter
b14495051a
prevent duplicate profile-loading
...
this happens when the profile is run (exec) and also interpreted (via profile.params). It will load 2 profile context calls (both via Runner) which in turn gets 2 rounds of interpreter+runner executions. This is an issue with auto-generated IDs, due to their random component, which changes in this case
2016-05-06 13:14:40 +02:00
Dominik Richter
20d08a63b5
inspec --format [json|fulljson|rspecjson] overhaul
...
Full rewrite of all formatters. Create a minimal JSON, a full JSON, and a fallback RSpec formatter. The latter is only needed for corner cases and should not really be used. The former 2 are for (1) running `inspec json` followed by `inspec exec` (`--format json`) and (2) running just `inspec exec --format fulljson`.
2016-05-06 13:14:40 +02:00
Dominik Richter
a809097d12
simplify full_id generation
2016-05-06 13:14:40 +02:00
Dominik Richter
fc718267c4
extend filter table to handle soft variable lookup
2016-05-04 15:27:58 +02:00
Dominik Richter
fb91b788a6
use filtertable with passwd resource
2016-05-04 15:27:58 +02:00
Alex Pop
f78afe0d75
Use only strings in resource examples, docs and tests
2016-05-03 23:27:18 +01:00
Anirudh Gupta
738ef69bcf
prefixed hpux to cmd file name
2016-05-03 21:38:39 +05:30
Anirudh Gupta
d839f218bf
hpux support for basic port properties
2016-05-03 14:30:59 +05:30
Alex Pop
56d856531b
support basename parameter and add tests
2016-04-29 13:40:32 -04:00
Dominik Richter
83b4dfbf4d
use the source_path instead of path for file internal reporting
2016-04-28 20:11:21 -04:00
Dominik Richter
0c8e891ee1
add #entries to filter table + remodel configuration
2016-04-28 22:46:39 +02:00
Dominik Richter
048a1584b9
encapsulated filters
2016-04-28 22:46:39 +02:00
Dominik Richter
652f10ad9a
use Inspec::Filter in xinetd resource
2016-04-28 22:46:39 +02:00
Dominik Richter
01caf05020
add cmd for executing calls against the inspec api
2016-04-27 06:31:01 -07:00
Christoph Hartmann
ab9f5f9c1a
Merge pull request #682 from Anirudh-Gupta/hpux
...
Hpux
2016-04-27 06:29:05 -07:00
Anirudh Gupta
045d8c6572
added file permission by user check for hp-ux
2016-04-26 15:08:01 +05:30
Anirudh Gupta
1330e09df5
added file permission by user check for hp-ux
2016-04-26 14:53:28 +05:30
Christoph Hartmann
2242790528
Merge pull request #678 from Anirudh-Gupta/hpux
...
added hpux user and package resource support
2016-04-25 07:22:19 -05:00
Dominik Richter
d0760662ce
bugfix: restore pax_global_header fetcher filter
...
The original tests were deactivated. Reactivate and fix the implementation.
TODO: verify that this matches expectations
2016-04-24 02:38:22 -04:00
Dominik Richter
bc724c81ff
fix legacy supports call
...
as reported by Jeremy Miller and Alex Pop
2016-04-22 11:15:57 -04:00
Anirudh Gupta
75534fdaa5
added hpux user and package resource support
2016-04-21 14:01:56 +05:30
Alex Pop
34a22a290e
add more cmp matcher tests
2016-04-20 11:57:31 -04:00
Dominik Richter
9da23f9cbc
remodel bash and shell wrappers
2016-04-18 11:48:42 -04:00
Dominik Richter
0631779412
configure command execution shells to sh/bash/zsh
2016-04-18 01:09:37 -04:00
Thomas Cate
0f8aff0b91
added default and per kernel checking
2016-04-17 10:46:35 -04:00
Thomas Cate
3051ead64d
added tests for grub_conf resource
2016-04-17 10:46:29 -04:00
Dominik Richter
2a0ccbfd76
fail on unsupported os/platform
2016-04-17 00:04:37 -04:00
Dominik Richter
f54195408f
simplify key symbolization in metadata
2016-04-16 18:47:59 -04:00
Dominik Richter
14995534cd
skip profiles if the platform isnt supported
2016-04-16 15:34:23 -04:00
Dominik Richter
a1188b26ce
add supports_runtime? to metadata
2016-04-16 15:25:59 -04:00
Dominik Richter
5d58fa267b
feature: cmp < / > / <= / >= / == / != sth
matcher
2016-04-15 19:19:15 -04:00
Christoph Hartmann
3007aef248
add function tests for compliance
command
2016-04-13 16:55:14 -04:00
Jacob McCann
9dbf5354e5
Add 'static' value as enabled to systemd service enabled check
2016-04-13 14:44:28 -05:00
Dominik Richter
046e6ce501
bugfix: non-profile execution with json formatter
2016-04-11 11:17:26 -04:00
Dominik Richter
fb54c4ea24
api: inspec.yml supports now adds tests w/o running
...
Instead of just removing all tests because of OS support, supports now acts by adding all tests to the execution context, but doesnt actually execute them. Instead tests are set to skip before they get to the actual execution context
2016-04-06 11:28:52 +02:00
Dominik Richter
c55fb0b587
prevent only_ifs from getting overwritten
2016-04-06 10:46:36 +02:00
Dominik Richter
a72fee6623
add only_if for controls
2016-04-06 10:46:36 +02:00
Dominik Richter
c73afd4c1c
overhault rule/control internals
...
instead of keeping them as flat variables, prefix all internals with `__` to create consistency. Also add accessors on the class-level to expose these values in all rules. This way we keep all variable-names in one location and get some safety on access.
2016-04-06 10:46:36 +02:00
Dominik Richter
598e8be07f
don't remove controls with only_if
...
instead mark them as skipped, but don't just remove them.
This also introduced a number of tests around only_if on the global level
2016-04-06 10:15:53 +02:00
Alex Pop
070c5bb0e9
update tests with 5 examples
2016-04-04 14:19:13 +01:00
Dominik Richter
2cad553de8
add advanced passwd filters (experimental)
2016-03-31 02:03:20 +02:00
Christoph Hartmann
bc3be2f302
fix functional tests
2016-03-28 01:15:48 +02:00
Christoph Hartmann
a0529075d3
add integration tests
2016-03-26 22:49:32 +01:00
Dominik Richter
ee170cc526
support --controls for json
2016-03-25 01:58:59 +01:00
Dominik Richter
17840e0299
split up functional tests
2016-03-25 01:32:03 +01:00
Christoph Hartmann
f4180780d1
document tags and refs
2016-03-25 00:58:27 +01:00
Alex Pop
53c7683ff7
update tests based on resource changes
2016-03-24 21:50:51 +01:00
Alex Pop
3c3d711dfd
bugfix: fix rare inspec shell missing all resources
...
In some instances, when running inspec shell, you dont get any resources inside of it. i.e. `inspec shell` and then `os` will lead to
```ruby
NameError: undefined local variable or method `os' for
from (pry):1:in `add_content'
```
This is because of instance_eval loading withing the given source/line
information and not attaching to the profile context which actually has
all the resources. Fix it by making sure that inspec shell always
attaches to the profile context with resources by providing nil for
source and line information.
2016-03-24 20:37:46 +01:00
Christoph Hartmann
cd57b26bd0
wmi unit test
2016-03-20 11:53:56 +01:00
Christoph Hartmann
7e7196db77
add wmi integration tests
2016-03-20 11:53:56 +01:00
Christoph Hartmann
4c5a3ed412
add vbscript unit test
2016-03-19 19:04:31 +01:00
Christoph Hartmann
e8aa426846
add vbscript integration test
2016-03-19 19:04:31 +01:00
Christoph Hartmann
f50255486b
add support for addresses in port resource
2016-03-19 11:48:14 +01:00
Dominik Richter
a9632d53d4
fix inspec shell and continuously test it
2016-03-19 09:13:23 +01:00
Christoph Hartmann
32a065239c
update unit test, add integration test
2016-03-18 15:47:00 +01:00
Christoph Hartmann
1d043bfebc
move kitchen integration tests to top-level
2016-03-18 11:30:54 +01:00
Christoph Hartmann
8433b55fc4
do not install postgres on ubuntu 15.10
2016-03-18 11:30:54 +01:00
Christoph Hartmann
ea085ef7c0
place empty iso in tmp directory
2016-03-18 11:30:54 +01:00
Dominik Richter
c78a7dfbde
add functional tests for fulljson
2016-03-18 02:42:53 +01:00
Dominik Richter
76fe4483d4
feature: add tags and refs
2016-03-18 01:42:26 +01:00
Dominik Richter
9e6e2bd4f7
add inspec exec tests with json formatter
2016-03-18 00:29:10 +01:00
Dominik Richter
b7e438eabc
add a mock fetcher
2016-03-17 23:37:09 +01:00
Dominik Richter
ca5f7b822b
add tests for resource plugin
2016-03-17 15:58:20 +01:00
Dominik Richter
f7c2fa4392
functional tests for inspec detect + version + exec
2016-03-17 10:21:38 +01:00
Dominik Richter
6853284e31
validate inspec json generation
2016-03-17 10:21:38 +01:00
Dominik Richter
bfd88df27a
verify that archive creates valid zip and tar files
2016-03-17 10:21:38 +01:00
Dominik Richter
0218f1f3ca
feature: --output on archive
2016-03-17 10:21:38 +01:00
Dominik Richter
e3991a2025
bugfix: inspec archive with profile path for inheritance
2016-03-16 20:32:02 +01:00
Dominik Richter
26c34c3487
WIP profile check on inheritance profiles
2016-03-16 20:32:02 +01:00
Dominik Richter
89d7f0b593
give them hell!
...
parallelize minitest runs for functional tests
2016-03-16 08:28:09 +01:00
Dominik Richter
0a4567d49f
add simple command tests for inspec check
2016-03-16 08:23:47 +01:00
Dominik Richter
387415859e
rename internal File
-> FileResource
2016-03-09 10:48:48 +01:00
Adam Leff
577688a3a0
Placing all resources in the Inspec::Resources namespace
...
Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix.
Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes.
I strongly recommend viewing this diff with `git diff --ignore-space-change`
to see the *real* changes. :)
2016-03-08 13:40:16 -05:00
Dominik Richter
ccf2694940
bugfix: inheritance of local profiles
2016-03-08 14:59:14 +01:00
Dominik Richter
e617f74bcd
filter xinetd fields by regex
2016-02-26 14:46:51 +01:00
Dominik Richter
4a39275fc0
add xinetd_conf resource
2016-02-26 13:19:16 +01:00
Dominik Richter
e9ffc85b53
test for empty global describe block
2016-02-25 14:30:27 +01:00
Dominik Richter
3ae50adae9
feature: conditional OR via describe.one
...
```
describe.one do
describe command("uname -r").stdout do
it { should_not match /x86_64/ }
end
describe test_sth_for_x64_processors do
...
end
end
```
2016-02-25 14:30:23 +01:00
Dominik Richter
2fc0994f4c
add cmp int->string tests
2016-02-23 22:31:10 +01:00
Christoph Hartmann
ee7adc24ec
add unit tests
2016-02-22 18:24:16 +01:00
Stephan Renatus
2da97df5f0
test: read mock-archives in binary mode
...
this doesn't hurt in *nix, but makes tests pass on windows.
2016-02-22 13:47:33 +01:00
Stephan Renatus
c891686d72
tests: create a temporary name, not a Tempfile
...
rubyzip also does use Tempfile under the hood, this causes trouble.
2016-02-22 13:41:12 +01:00
Stephan Renatus
c24a504cb6
tests: clarify kind_of's
2016-02-22 12:06:42 +01:00
Stephan Renatus
8d572934eb
tests: make this work on non-linux
2016-02-22 12:06:42 +01:00
Stephan Renatus
e67576b1cd
tests: make non-existant files explicit
2016-02-22 12:06:42 +01:00
Dominik Richter
33b2876d7c
fix tests and lint
2016-02-22 12:06:42 +01:00
Dominik Richter
d065794d96
remove old target interface
2016-02-22 12:06:42 +01:00
Dominik Richter
1e1e473cb0
replace target-helper with fetcher+reader
2016-02-22 11:24:35 +01:00
Dominik Richter
202a781f6a
fail on incorrect metadata of url download
2016-02-22 11:24:35 +01:00
Dominik Richter
c79d9f7777
add flat source reader
2016-02-22 11:24:35 +01:00
Dominik Richter
c9d1272f49
add relative fetcher
...
This helps reduce any folder structures, weather on disk or in archives, to their relative root paths; i.e. ignore all file-prefixes that are given and go directly to the underlying files, relative to the common folders that contain it
2016-02-22 11:24:35 +01:00
Dominik Richter
f023d02bbb
add inspec source reader
2016-02-22 11:24:35 +01:00
Dominik Richter
125ee53041
create source_reader plugin structure
2016-02-22 11:24:35 +01:00
Dominik Richter
d293550375
chain fetchers together
2016-02-22 11:24:35 +01:00
Dominik Richter
7b073fe153
add url fetcher
2016-02-22 11:24:35 +01:00
Dominik Richter
bd77602695
bugfix: prevent test helper from prematurely deleting tmp-files
2016-02-22 11:24:35 +01:00
Dominik Richter
4e830ffc24
add tar fetcher
2016-02-22 11:24:35 +01:00
Dominik Richter
1c29667523
add zip fetcher
2016-02-22 11:24:35 +01:00
Dominik Richter
a83e29cc01
add local fetcher
2016-02-22 11:24:35 +01:00
Dominik Richter
27f7aa7796
create new fetcher system
2016-02-22 11:24:35 +01:00
Dominik Richter
1e096c7181
add shadow resource for /etc/shadow
2016-02-19 14:26:04 +01:00
Christoph Hartmann
3f6b89e24d
extend github url support
2016-02-19 09:12:25 +01:00
Dominik Richter
1fa957c8ca
ensure deprecated methods still work
2016-02-18 16:25:02 +01:00
Dominik Richter
83fcc35d2a
expose all fields + deprecate singular accessors
2016-02-18 16:10:42 +01:00
Christoph Hartmann
26276ca991
use ruby zip and tar for unit tests
2016-02-18 14:27:16 +01:00
Dominik Richter
b8cce5d3c7
create zip for test helper in ruby
...
The zip command is not always there. (e.g. i dont have it on my box). just use the available zip library
2016-02-18 14:25:55 +01:00
Dominik Richter
b872c04616
bugfix: url helper loading zip and tar
2016-02-18 14:25:55 +01:00
Dominik Richter
509088ba5d
share test helpers for loading profile archives
2016-02-18 14:25:55 +01:00
Dominik Richter
e354854fc9
bugfix: dont skip url target unit test
2016-02-18 14:25:55 +01:00
Dominik Richter
03bf732d82
add cmp for Arrays
2016-02-18 13:58:37 +01:00
Stephan Renatus
476bd750b0
restrict service integration tests on centos to >= 6
2016-02-17 12:55:09 +01:00
Stephan Renatus
d5a6d1000f
integration tests for sysv runlevels
2016-02-17 11:41:34 +01:00
Dominik Richter
33f58b3348
add tests for runlevel testing
2016-02-14 18:37:20 +01:00
Dominik Richter
36cbafc438
add runlevel helper object to services
2016-02-14 18:23:58 +01:00
Dominik Richter
0934948a1a
support runlevels for system V + service matching
...
Bugfix: there were services that would get matched because of the way the regex was constructed, i.e. if the user inserted `.` or `*` or anything regexy. Even if the service only had part of the name you were interested in, it would match (e.g. `sshd` would find `my_sshdaemon`).
Apart from this, runlevels are now detected for SystemV. This is exposed in `#info`
2016-02-13 02:11:51 +01:00
Stephan Renatus
7815cefded
iptables: adapt integration tests
...
_Only_ CentOS 6 does not strip the quotes from comments.
2016-02-10 09:57:32 +01:00
Stephan Renatus
4ffc72bf93
iptables integration test: split according to platform
...
centos puts quotes where ubuntu drops them
2016-02-10 09:57:32 +01:00
Stephan Renatus
81f149fd14
iptables: add integration theses
2016-02-10 09:57:32 +01:00
Stephan Renatus
e184347c6d
iptables unit test: add comment examples
...
this is not broken; but it should stay not broken ;)
2016-02-10 09:57:32 +01:00
Christoph Hartmann
03856d6941
add apache cookbook to integration tests
2016-02-09 17:35:33 +01:00
Stephan Renatus
4b6eced92a
auditd_rules: access by key, tests + documentation
2016-02-09 11:51:52 +01:00
Stephan Renatus
cd5f47ed33
auditd_rules: unit tests, meet the real world
2016-02-09 11:51:52 +01:00
Stephan Renatus
07fb5caa9b
resources/auditd_rules: add integration tests
2016-02-09 11:51:52 +01:00
Stephan Renatus
664561aa80
auditd_rules: status querying (old/new) and unit tests
...
TODO: unit tests for the legacy format
2016-02-09 11:51:52 +01:00
Stephan Renatus
b18936d704
move simple_config_test.rb to utils/
2016-02-09 11:51:52 +01:00
Stephan Renatus
57db5a9414
unit test FilterArray, make retrieved values unique
2016-02-09 11:51:52 +01:00
Stephan Renatus
4afb22565e
auditd_rules: teach old dog new tricks
2016-02-09 11:51:52 +01:00
Stephan Renatus
2afc29e48f
auditd_rules: stash legacy behaviour away
2016-02-09 11:51:52 +01:00
Dominik Richter
ac6d7fb76f
fix unit tests for winrm 1.6.1 command scheme
2016-02-09 11:05:36 +01:00
Dominik Richter
e56321f6c7
semantics: rename CLI plugins registry -> subcommands
...
Basically make sure everyone understands these are only subcommands. we might consider adding plugins for options or existing commands instead of new subcommands. this just ensures everyone knows what registry is for
2016-02-09 01:20:38 +01:00
Christoph Hartmann
b7a88dbd7a
fix linting and unit test
2016-02-05 16:57:51 +01:00
Christoph Hartmann
f826c07af5
minor improvements
2016-02-05 14:55:12 +01:00
Christoph Hartmann
3d7ee9d95b
add unit test for cli plugin
2016-02-05 14:06:55 +01:00
Stephan Renatus
688709356c
upstart_service: add version mock for ubuntu
2016-02-05 13:49:18 +01:00
Stephan Renatus
eecb295377
add tests for upstart on centos
...
...which are failing
2016-02-05 13:49:18 +01:00
Alex Pop
dd02d5985f
ec2 name tag instances for easier cleanup
2016-02-05 13:26:37 +01:00
Christoph Hartmann
86ee6a1298
extend unit tests
2016-02-04 18:46:23 +01:00
Christoph Hartmann
d7cb5a9ae0
adapt unit tests
2016-02-04 18:05:40 +01:00
Christoph Hartmann
81de512fbf
fix order of logging messages
2016-02-03 22:20:02 +01:00
Stephan Renatus
828d6ad443
Inspec::Profile fix @metadata
2016-02-03 16:47:49 +01:00
Stephan Renatus
1c76d723ff
Update tests
2016-02-03 15:42:33 +01:00
Dominik Richter
34bc94d13f
mock resource operating systems for tests
2016-01-29 21:55:08 +01:00
Stephan Renatus
6fbd28c2bb
runit_service: fix resource, improve integration tests
...
Turns out using `/usr/bin/yes` to imitate a daemon process is a TERRIBLE idea.
2016-01-29 17:03:05 +01:00
Christoph Hartmann
52ed18f9d5
update ec2 kitchen yml
2016-01-29 13:20:39 +01:00
Christoph Hartmann
500ac1c41a
update integration tests
2016-01-28 18:30:39 +01:00
Christoph Hartmann
62844eee0c
add unit tests
2016-01-28 18:30:38 +01:00
Christoph Hartmann
678ee2b473
parse port information on solaris 10 and 11 via netstat
2016-01-28 18:30:38 +01:00
Stephan Renatus
56f22a1d2a
resource/postgres_session: add integration tests, change error handling
...
this makes it work (tested with default-ubuntu-1404), but doesn't
improve the error handling (i.e., the skip_resource doesn't really
prevent the failure)
2016-01-25 16:44:53 +01:00
Stephan Renatus
b69dac698b
resources/launchd_service: add test
...
indicating that parsing is broken for non-running enabled services
2016-01-25 16:29:08 +01:00
Dominik Richter
88d2b26387
bugfix: write given ID to metadata json
...
Whenever the user provides an ID under which the profile is scoped, write it out to JSON during generation.
2016-01-25 15:48:56 +01:00
Christoph Hartmann
b30720f926
Merge pull request #380 from chef/sr/service-override
...
add service overrides for picking specific service managers, add runit_service
2016-01-21 13:35:23 +01:00
Stephan Renatus
7a308806aa
unit tests: add systemd_service instance with overridden service_ctl
2016-01-21 11:41:48 +01:00
Dominik Richter
d10207caca
warn about legacy supports fields in metadata
...
I.e.: Prevent users from writing `supports: linux` and similar. These are deprecated and will be removed. Also improve the warning to indicate what the user should do instead. Finally add tests to make sure we get all these.
2016-01-21 11:05:26 +01:00
Stephan Renatus
21224abd10
integration tests: stop using alpine iso
2016-01-21 10:39:03 +01:00
Stephan Renatus
f2f2db120d
fix runit_service tests, replace socat with a proper mock daemon
2016-01-21 09:53:59 +01:00
Stephan Renatus
492c7f8146
runit_service: cleanup; fix "non-running-runit-service" test + recipe
2016-01-21 09:05:29 +01:00