Commit graph

4151 commits

Author SHA1 Message Date
Christoph Hartmann
75728f786c Merge pull request #1887 from chef/dr/fips
support FIPS 140-2 compliant digest calls
2017-06-03 16:28:19 +02:00
Dominik Richter
7d1f16d9bf support FIPS 140-2 compliant digest calls
Calling the `digest` library directly unfortunately causes issues in FIPS 140-2 mode:

    sha512.c(81): OpenSSL internal error, assertion failed: Low level API call to digest SHA512 forbidden in FIPS mode!

Switching to `OpenSSL` as the caller resolve these issues

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-03 02:17:24 +02:00
Adam Leff
6d735c3235 Merge pull request #1883 from chef/nls/fix-hab
Use RubyGems version for habitat plan
2017-06-01 18:09:23 -04:00
Nathan L Smith
8ede5556ba Use RubyGems version for habitat plan
In #1820 we made it so inspec would install the checked out source
version rather than the version from RubyGems.

This actually didn't work (though it wasn't apparent in a development
environment) because it used a relative path to bin/inspec that pointed
at /src/bin/inspec, which only exists if you're in a Habitat studio
started from the InSpec repo.

Revert back to getting the gem from RubyGems to avoid this problem and
have a working package.

Signed-off-by: Nathan L Smith <smith@chef.io>
2017-06-01 16:26:26 -05:00
Christoph Hartmann
be2453def6 Merge pull request #1875 from ndobson/fixrefreshtoken
Fix version method call for refresh token
2017-05-31 22:05:20 -05:00
Christoph Hartmann
99474c4b85 Merge pull request #1879 from chef/adamleff/fix-habitat-build-step
Fix release_habitat rake task
2017-05-31 17:06:22 -05:00
Adam Leff
bb66bb2193
Fix release_habitat rake task
A change made to how we generate the Gemfile during the Habitat build process
means we cannot have the PLAN_CONTEXT be the "habitat" directory but instead
need it to be the repo root itself.

Also changed to the preferred `hab pkg build` command instead of the original
`hab studio build` command.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-31 17:50:19 -04:00
Adam Leff
b7cc6c31b7 Merge pull request #1869 from seththoenen/fix-host-windows
Add warningaction to test-netconnection
2017-05-31 15:42:38 -04:00
Adam Leff
5d3abb0289 Merge pull request #1864 from chef/nls/http-option-docs
Add docs for http resource options
2017-05-31 14:56:26 -04:00
Adam Leff
f14ed844a9 Merge pull request #1856 from chef/chris-rock/1828
Fix parameters to `find` commands
2017-05-31 14:35:32 -04:00
Adam Leff
e254f79392 Merge pull request #1858 from chef/chris-rock/spdx
verifies that inspec.yml uses licenses in SPDX format
2017-05-31 14:28:18 -04:00
Nick Dobson
7a4ff97863 Fix version method call
Signed-off-by: Nick Dobson <nick.dobson@me.com>
2017-05-31 10:44:14 -05:00
Dominik Richter
199ad03318 Merge pull request #1874 from chef/adamleff/remove-chefconf-banner
Removing ChefConf banner from website
2017-05-31 08:39:21 -04:00
Adam Leff
efc6623168
Removing ChefConf banner from website
ChefConf 2017 has come and gone... time to remove
the banner.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-31 07:38:23 -04:00
Christoph Hartmann
687f1a5827 update unit tests
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-31 00:21:05 -05:00
Christoph Hartmann
a6ef98c896 verifies that inspec.yml uses licenses in SPDX format
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-31 00:21:05 -05:00
Christoph Hartmann
57097ea2a9 fix #1828
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-31 00:20:42 -05:00
Aaron Lippold
eacae80649 small syntax fix to interface resource.
addresses #1828

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-05-31 00:20:42 -05:00
Dominik Richter
3f7b049981 Merge pull request #1871 from chef/1.26.0
1.26.0
2017-05-31 01:06:12 -04:00
Christoph Hartmann
7498a74a82 1.26.0
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-30 23:38:38 -05:00
Dominik Richter
72f4d4be89 Merge pull request #1873 from chef/dr/fix-sudo-test
bugfix: adjust localhost+sudo test output to train update
2017-05-31 00:27:20 -04:00
Christoph Hartmann
91d95c878b update chef version for openssl cookbook
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-30 23:09:21 -05:00
Dominik Richter
84fe398e49 bugfix: adjust localhost+sudo test output to train update
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-30 22:40:05 -05:00
Christoph Hartmann
2dd05857cf Merge pull request #1870 from chef/dr/sudo-fx
bugfix: sudo-detection for target execution
2017-05-30 18:24:49 -05:00
Dominik Richter
e0e5aee6a4 bugfix: sudo-detection for target execution
When running `inspec exec` without the `target` option but against remote endpoints OR when executing it with the `localhost://` target AND having `--sudo` active it would abort the execution. `--target` is a helper to set the Train parameters for `backend`, `host`, `user`, `port`, and potentially `password`. The detection would fail on providing any of these separately without specifying `--target`. The same holds true for the `localhost` train backend or just `localhost://` target.

This type of detection has since moved to Train. The driving reason was to have this very useful check for localhost vs sudo run for any type of inspec (or for that matter: train) execution.

This PR depends on https://github.com/chef/train/pull/179 and the next release of train.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-30 18:15:44 -05:00
Christoph Hartmann
1f647e1100 Merge pull request #1865 from chef/dr/unsupported-os-powershell
bugfix: do not send nil to command on unsupported OS
2017-05-30 18:14:44 -05:00
Christoph Hartmann
58ec231868 Merge pull request #1861 from chef/dr/uri-fix
bugfix: non-url servers with compliance login
2017-05-30 18:13:28 -05:00
Seth Thoenen
868f4872fe Add warningaction to test-netconnection
Signed-off-by: Seth Thoenen <seththoenen@gmail.com>
2017-05-30 15:28:04 -05:00
Dominik Richter
ba149a9e1a bugfix: do not send nil to command on unsupported OS
Unsupported operating systems AND the mockloader when using inspec analysis tools may lead to powershell being called with the command being `nil`, because the resource skips during the initialize phase. Instead, propagate an empty string so that `command` has a valid input and then skip the resource.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-30 12:36:32 -04:00
Nathan L Smith
0f96c88d88 Add docs for http resource options
Signed-off-by: Nathan L Smith <smith@chef.io>
2017-05-30 11:33:59 -05:00
Dominik Richter
a0e8be2568 bugfix: non-url servers with compliance login
Non-url URIs may have lead to broader crashes than initially fixed. Overwrite all URL resolvers in the plugin to work with these non-schema URLs.

Fixes #1473

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-30 12:04:21 -04:00
username-is-already-taken2
b423e300ef Amended command.rb to resolve issue 1839
Signed-off-by: username-is-already-taken2 <gary.bright@niu-solutions.com>
2017-05-30 14:56:31 +01:00
Alex Pop
3171f46c7d Commenting out the contain_duplicates deprecation until we have a good alternative.
Signed-off-by: Alex Pop <apop@chef.io>
2017-05-30 13:41:44 +01:00
Christoph Hartmann
58baf5f378 Merge pull request #1838 from chef/adamleff/fix-docs-task
Allow docs Rake task to be run from outside www dir
2017-05-29 16:14:25 -04:00
Adam Leff
24e2ffb7e0 Allow docs Rake task to be run from outside www dir
The docs Rake task requires classes defined in the "shared"
Rake tasks file. However, only the www Rakefile includes the
"shared" tasks file.

Since the "docs" Rake task is what needs it, I'm adding a require
there to ensure it works from outside the www directory.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-29 16:00:19 -04:00
Christoph Hartmann
e87350da88 Merge pull request #1820 from chef/nls/hab-updates
Improvements to Habitat plan
2017-05-29 15:57:43 -04:00
Nathan L Smith
6324a6d289 Improvements to Habitat plan
These are kind of all over the place, but should improve things:

* Use the new `pkg_version` mechanism to set the version, and fail if
  the VERSION file is not present
* Use inspec.io for the upstream url
* Remove pkg_source and it's associated callbacks; they aren't required
  any more
* Alphabetize the deps list
* Remove duplicate coreutils from build deps
* Move environment variable setting to `do_prepare`
* Delete all binstubs in bin that aren't inspec
* Put the generated Gemfile in $CACHE_PATH so it doesn't stomp on the
  developer's Gemfile
* Insert the SSL_CERT_FILE env var in the binstub (Fixes #1582)
* Use install instead of cp to drop off Gemfile.lock
* Build using `path: '$SRC_PATH'` instead of `'= $pkg_version'` in the Gemfile
* Disable `do_strip` to decrease build time and because we don't need it

Works for me on Habitat 0.23.

Since all the "building" is done now in `do_install`, it would be
possible to define a `do_check` that runs `inspec exec` on profiles to
verify inspec is working by running inspec.

Signed-off-by: Nathan L Smith <smith@chef.io>
2017-05-29 15:41:26 -04:00
Christoph Hartmann
5038b29616 Merge pull request #1826 from chef/adamleff/no-more-stderr
Habitat Profiles: redirect stderr to stdout
2017-05-29 15:40:44 -04:00
Adam Leff
266f061b9e Habitat Profiles: redirect stderr to stdout
Due to habitat-sh/habitat#2395, we shouldn't try to log stderr output
to a file for now. While this makes for a less-than-awesome UX, it's
better than a process locking up due to a buffer filling up!

This change redirects stderr from InSpec to stdout and adds some
helpful troubleshooting messages. Should InSpec be able to generate
unique exit codes for when controls fail (vs. a Ruby eval failure)
then we can fix this up some more, too.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-29 15:31:26 -04:00
Christoph Hartmann
93f1c55782 Merge pull request #1833 from chef/adamleff/fix-interface-docs
Update interface resource docs
2017-05-29 15:30:53 -04:00
Adam Leff
333c7f15aa Updating docs to show the interface name is required
Signed-off-by: Adam Leff <adam@leff.co>
2017-05-29 15:20:50 -04:00
Adam Leff
9182ba8574 Update interface resource docs
The `interface` resource currently refers to methods that don't
yet exist. Fixing the docs for now and will add the features
later.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-29 15:20:50 -04:00
Christoph Hartmann
c9a7f65386 Merge pull request #1835 from chef/schisamo/http-resource-default-timeouts
Bump default timeouts for `http` resource
2017-05-29 15:20:11 -04:00
Seth Chisamore
798aebf672 Bump default timeouts for http resource
This changes the default read and open timeouts to be 60 seconds which
matches the defaults for `Net::HTTP` backend which Faraday uses by
default:
https://ruby-doc.org/stdlib-2.4.1/libdoc/net/http/rdoc/Net/HTTP.html#read_timeout-attribute-method
https://ruby-doc.org/stdlib-2.4.1/libdoc/net/http/rdoc/Net/HTTP.html#open_timeout-attribute-method

The current timeout values are too small which causes tests to be
flakey.

Signed-off-by: Seth Chisamore <schisamo@chef.io>
2017-05-29 15:07:49 -04:00
Christoph Hartmann
45afca2e98 Merge pull request #1844 from cattywampus/cattywampus/gem-not-installed
Fix assert that a gem is not installed
2017-05-29 15:06:36 -04:00
Dominik Richter
b1419b84bf Merge pull request #1851 from username-is-already-taken2/gb/patch_1571
Amended the processes resource to skip on windows
2017-05-28 10:35:29 -04:00
Christoph Hartmann
da0b98f4d2 Merge pull request #1852 from aaronlippold/dr/postgres
bugfix: postgres relative path includes
2017-05-27 19:35:22 -04:00
Dominik Richter
9b959b15f3 Merge pull request #1853 from chef/adamleff/raise-if-profile-url-is-bad
Raise exception if profile target URL cannot be parsed
2017-05-26 17:24:52 -05:00
Adam Leff
88581ae3dd
Raise exception if profile target URL cannot be parsed
When attempting to parse the profile out of the target URL, we
were not raising an exception if we failed to do so. Such a situation
could arise if a user's inspec config.json is incorrect either due to
manual editing or failure to re-login after an upgrade past Automate
0.8.0.

This change provides a clear exception if this occurs and also adds
tests for the compliance_profile_name method.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-26 14:30:37 -05:00
Aaron Lippold
dbd3b5c23d bugfix: postgres relative path includes
Postgres configuration doesnt always include absolute paths. When using relative paths it will fail!

Also: We treat the include as either a string or an array; when the first condition succeeds and you get a string and the second fails you get a array => ruby tries to add a string with an array and fails. This is now fixed as well.

Fixes: https://github.com/chef/inspec/issues/1780
Fixes: https://github.com/chef/inspec/issues/1738

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-05-26 14:49:24 -04:00