Commit graph

4151 commits

Author SHA1 Message Date
Alex Pop
cf6fdd09af Show versions for inspec compliance profiles (#2143)
Signed-off-by: Alex Pop <apop@chef.io>
2017-09-13 17:52:45 -04:00
Chef Expeditor
be7f5ccde1 Bump version to 1.37.4 by Chef Expeditor 2017-09-13 20:53:43 +00:00
Alex Pop
35becd7e0f Support profile versions for automate profiles storage (#2128)
* Support profile versions for automate profiles storage

Signed-off-by: Alex Pop <apop@chef.io>

* Add unit tests for inspec-compliance bundle

Signed-off-by: Alex Pop <apop@chef.io>

* Refactor target_url method, fix tests, fix rubocop errors

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-13 16:53:36 -04:00
Chef Expeditor
18d9b74301 Bump version to 1.37.3 by Chef Expeditor 2017-09-13 12:41:17 +00:00
Adam Leff
7810051f0a package resource: assume a default Homebrew path (#2140)
* package resource: assume a default Homebrew path

Homebrew's `brew` script is installed to /usr/local/bin by default which
is usually not in a non-interactive PATH. We will now first check to see
if `brew` is in PATH, and if not, assume a default of `/usr/local/bin/brew`

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-13 08:41:09 -04:00
Chef Expeditor
9fa47f1a9e Bump version to 1.37.2 by Chef Expeditor 2017-09-13 12:16:58 +00:00
Adam Leff
d4790f7f5a Ignore linked container names when parsing docker containers (#2134)
* Ignore linked container names when parsing docker containers

If a container is linked to another container, the normal `docker ps` output
does not include this information. However, when pulling the `.Names` field
with `docker ps --format`, the linked container is listed in the name. This
is confusing for users trying to use InSpec to audit a container.

This change strips any linked container names from the actual container name.

Signed-off-by: Adam Leff <adam@leff.co>

* Linked container names aren't guaranteed to be last depending on how they were linked

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-13 08:16:53 -04:00
Adam Leff
7a3706a023 Add clarifying docs for mysql_conf resource (#2138)
The docs did not include examples for querying settings set within a named section.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-13 08:16:35 -04:00
Chef Expeditor
48f3cdc644 Bump version to 1.37.1 by Chef Expeditor 2017-09-13 12:15:15 +00:00
Rony Xavier
7d2da0c199 nginx resource: audit the nginx binary and how it was compiled (#1958)
* nginx base resource

Signed-off-by: Aaron Lippold <lippold@gmail.com>
Signed-off-by: Rony Xavier <rx294@gmail.com>
2017-09-13 08:15:09 -04:00
Chef Expeditor
dd1d0ca553 Bump version to 1.37.0 by Chef Expeditor 2017-09-11 15:37:45 +00:00
Adam Leff
10018139ef etc_fstab resource: test contents of the /etc/fstab file (#2131)
This commit/PR is to re-run the Expeditor actions for #2064 (changelog, automated build), etc.

While we would normally manually re-run the actions through our bot, the expeditor config
in the squashed commit for #2064 is not correct.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-11 11:37:40 -04:00
Adam Leff
dbf1d8a889 Fix merge_actions in expeditor config, add create_github_release (#2130)
merge_actions must now be an array rather than a hash. Also adding
the ability for Expeditor to create a GitHub Release entry when
an artifact is promoted to stable.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-11 11:28:09 -04:00
dromazmj
70548ab754 etc_fstab resource: test contents of the /etc/fstab file (#2064)
* Adding support for fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to docs of new resource etc_fstab

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Modifications to new resource etc_fstab

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
2017-09-11 15:55:03 +02:00
Jerry Aldrich III
a9d0d65c54 Add attributes file readability error handling (#2127)
* Add attributes file readability error handling

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-09-08 08:43:33 -04:00
Chef Expeditor
15d0a2244e Update CHANGELOG.md to reflect the promotion of 1.36.1 to stable 2017-09-07 17:49:10 +00:00
Tom Duffield
c1e5ed2c61 Update Expeditor config to meet 0.5.0 requirements (#2126)
Signed-off-by: Tom Duffield <tom@chef.io>
2017-09-06 18:14:33 -04:00
Chef Expeditor
29c80110a8 Bump version to 1.36.1 by Chef Expeditor 2017-09-06 12:22:38 +00:00
Adam Leff
be0939e111 Bump minor version (#2125)
The change in #2119 necessitates a minor bump.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-06 08:22:33 -04:00
Chef Expeditor
de2bd9aba3 Bump version to 1.35.5 by Chef Expeditor 2017-09-06 12:19:10 +00:00
Dominik Richter
19ab22f5e2 add nginx_conf accessors for http, servers, and locations (#2119)
* wip: extend nginx_conf for http+servers+locations

... well `http` entries really, but we couldnt just call it `https`.

the goal is to `nginx_conf.http` / `nginx_conf.servers` / `nginx_conf.locations` and then also have these calls cascaded down to simplify the access to these fields. the current pattern is rather tedious since we need to check for nil everywhere.

* add test for new nginx accessors

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* add docs for nginx-conf

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* fix all incorrect NGINX spellings in docs

* prevent edge-cases where nginx params are nil

for location, http, and servers

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* more descriptive to_s for nginx servers

as suggested by @adamleff, thank you!

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* add more descriptive to_s for nginx location

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-09-06 08:19:04 -04:00
Chef Expeditor
e2b528db20 Bump version to 1.35.4 by Chef Expeditor 2017-09-06 10:07:39 +00:00
Trevor Vaughan
fb011c1d10 Fix deep profile chaining (#2121)
Update to fix how multiple relative profile chaining functions.

Closes #2120

Signed-off-by: Trevor Vaughan <tvaughan@onyxpoint.com>
2017-09-06 12:06:55 +02:00
Adam Leff
8b8d240fe6 Remove test/resources directory, update README (#2124)
* Remove test/resources directory, update README

The test/resources directory is stale and no longer used. Rather, we
favor Test Kitchen-backed integration tests in test/integration.

This change removes the stale tests and updates the README accordingly.

Signed-off-by: Adam Leff <adam@leff.co>

* Remove resources tests from travis

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-06 12:05:25 +02:00
Chef Expeditor
dbb4311693 Bump version to 1.35.3 by Chef Expeditor 2017-09-05 12:37:41 +00:00
ChadScott
09b145122d Modify linux regular expression to handle process names with spaces (#2117)
* Modify linux regular expression to handle process names with spaces

Signed-off-by: Chad Scott <cscott@chadikins.com>

* Add mocks, tests, etc.

Signed-off-by: Chad Scott <cscott@chadikins.com>
2017-09-05 14:36:55 +02:00
Chef Expeditor
f3c3de241e Bump version to 1.35.2 by Chef Expeditor 2017-09-03 18:43:56 +00:00
Clinton Wolfe
f284962450 File Resource: add be_setgid, be_setuid, be_sticky matchers (#2104)
* Provisioner script to setup resource tests for setgid/setuid/sticky bit tests.  This appears to be the correct mechanism per docker_run, but I don't see any other provisioner scripts, so I suspect there is a different Chef-internal mechanism at play here.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* TDD Red for setgid/setuid/sticky File matchers

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add documentation for file resource sgid, sticky, and suid matchers

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add matchers to File for setgid, setuid, and sticky by aliasing existing predicates; TDD green

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rubocop prefers alias to alias_method.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Lint before pushing, of course

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Correct spelling of setgid and setuid matchers in docs

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add be_setgid, be_setuid, be_sticky matcher integration tests for File.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Revert "Provisioner script to setup resource tests for setgid/setuid/sticky bit tests.  This appears to be the correct mechanism per docker_run, but I don't see any other provisioner scripts, so I suspect there is a different Chef-internal mechanism at play here."

This reverts commit 42e672f3b1.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Revert "TDD Red for setgid/setuid/sticky File matchers"

This reverts commit a4f891fc7e.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-09-03 20:43:13 +02:00
Adam Leff
1a651f1741 Correct docs for the file resource (#2115)
The current docs refer to a method called `link_target` which does not
exist. `link_path` provides the functionality.

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-31 16:51:33 -04:00
Chef Expeditor
feb755933f Update CHANGELOG.md to reflect the promotion of 1.35.1 to stable 2017-08-31 18:45:48 +00:00
Mark Harrison
914fed115e Add with_toc_data option to markdown renderer (#2109)
This adds 'id="foo"' attributes to headers, which lets you link directly
to a specific section of the documentation.

Signed-off-by: Mark Harrison <mark@mivok.net>
2017-08-31 14:43:42 -04:00
Chef Expeditor
fd3dac23ce Bump version to 1.35.1 by Chef Expeditor 2017-08-31 13:55:32 +00:00
Adam Leff
4478172052 Bump to v1.35.x (#2112)
Changes since 1.34.1 include new features and enhancements, necessitating the bump

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-31 09:55:27 -04:00
Chef Expeditor
1e57537f54 Bump version to 1.34.10 by Chef Expeditor 2017-08-31 13:51:44 +00:00
dromazmj
cb5b475bb1 etc_hosts resource: test the contents of the /etc/hosts file (#2065)
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
2017-08-31 09:51:39 -04:00
Chef Expeditor
e7b6c31e11 Bump version to 1.34.9 by Chef Expeditor 2017-08-31 07:56:18 +00:00
Jonathan Morley
3e7d47505c Add support for XML files (#2107)
* Add support for XML files

Signed-off-by: Morley, Jonathan <jmorley@cvent.com>

* Use REXML instead of nokogiri

Signed-off-by: Morley, Jonathan <jmorley@cvent.com>
2017-08-31 09:56:14 +02:00
Chef Expeditor
d0f2e49970 Bump version to 1.34.8 by Chef Expeditor 2017-08-31 07:53:50 +00:00
Adam Leff
e2fa0b5e73 port resource: support ss instead of netstat (#2110)
* port resource: support ss instead of netstat

`netstat` is officially deprecated and is replaced with `ss`. This PR
changes the port resource to use `ss` if it's available on the target
system.

Signed-off-by: Adam Leff <adam@leff.co>

* Disable Metrics/ClassLength cop on the LinuxPorts class

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-31 09:53:08 +02:00
Chef Expeditor
0f19e40d3b Bump version to 1.34.7 by Chef Expeditor 2017-08-30 20:04:28 +00:00
Anthony Shaw
d5f33f0b99 pip resource: support non-default pip locations, such as virtualenvs (#2097)
* Update pip resource for #516 allow user to set path to pip executable

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* support virtualenv path, pip file exec and better logic

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* add tests for the change to the pip path and resource

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* tests are case sensitive, although command line is not

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* use a path verification method instead of a class method

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* use guard clauses instead of conditionals

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* change the control flow to return nil when commands are not available

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* fix the return values when custom pip path is not valid

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* Refactor pip path detection to fix unit tests

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-30 22:04:22 +02:00
Chef Expeditor
d93f623934 Bump version to 1.34.6 by Chef Expeditor 2017-08-30 20:02:50 +00:00
Adam Leff
c383175417 Support mixed-case group entries (#2101)
* Support mixed-case group entries

The `group` resource downcased the input parameter unless the target
was a Windows node. However, it's completely legitimate for a Unix-y
node to have mixed case group and passwd entries.

This change does have the potential to break people that did not carefully
match their case when searching for a group, but we're currently blocking
people from using the group resource properly if they have mixed-case
entries.

Signed-off-by: Adam Leff <adam@leff.co>

* Fix unit tests

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-30 22:02:45 +02:00
Chef Expeditor
151199b5fc Bump version to 1.34.5 by Chef Expeditor 2017-08-30 18:22:05 +00:00
Mark Harrison
ef42e2efd0 Use stored http resource response (if any) (#2108)
Currently, if you check two properties of a http resource, such as
status and body, two different http requests are made to the server.
However, the response is already stored in an instance variable, so this
change just checks to see if a response is already available and uses it
rather than making another http request.

Signed-off-by: Mark Harrison <mark@mivok.net>
2017-08-30 20:21:59 +02:00
Chef Expeditor
75b9ee8c39 Bump version to 1.34.4 by Chef Expeditor 2017-08-29 05:11:57 +00:00
Jennifer Burns
3b2bf52b1d auditd_rules resource: fix get_keys error on lines that have no keys (#2103)
* Added line to fix bug when no key in file rule and updated test to validate bug fix

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Updated to consider corner case

Signed-off-by: Jennifer Burns <jburns@mitre.org>
2017-08-29 07:11:14 +02:00
Chef Expeditor
7a41cec73f Bump version to 1.34.3 by Chef Expeditor 2017-08-25 20:21:54 +00:00
Kevin Formsma
94c2e8181c Add sensitive flag to resources to restrict logging output (#2017)
* Filter check output based on sensitive flag
-Updated check in formatters to filter check output during failures based on
sensitive metadata flag
-Added functional test of output filtering
-Updated documentation with blerb on usage
* Update output format for sensitive resources

Signed-off-by: Kevin Formsma <kevin.formsma@gmail.com>

* Update color output on new test

Update the color output to match the newly-expected non-color format if there are no tests that match.

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-25 16:21:49 -04:00
Chef Expeditor
3c07341ea0 Bump version to 1.34.2 by Chef Expeditor 2017-08-25 20:13:48 +00:00