Commit graph

427 commits

Author SHA1 Message Date
James Stocks
7c58285eb6 New resource to work with Windows security identifiers (SIDs) (#3405)
* Resource for a Windows Security Identifier (SID)
* Integration tests for security_identifier resource
* Address rubocop violations
* Improve security_identifier from PR feedback
* Update security_identifier tests
* Improve security_identifier unit tests
* Fix unit tests fpr security_identifier resource
* More security_identifier unit tests
* Add docs page for security_identifier resource
* Fix issues with documentation
* Improve docs
Link to Microsoft reference page, and use their term 'trustee' instead of 'entity' where applicable.

* Change exists to exist
* Test appveyor file changes.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-10-19 09:01:00 -04:00
Miah Johnson
7a6119e7a6 Add missing tests for groups resource, document members property, and assorted fixes. (#3467)
* Add missing tests for groups resource, document members propery, and assorted fixes.

Update existing documentation for group resource.
Add documentation for groups resource.
Update group resource tests to test members property.
Change groups resource members property to have simple style. (this
ensures members is a single array)
remove deprecated have_gid propery.
change `if !` to `unless`
Remove early return from members method. This prevented members from
working correctly on any OS other than Windows.
Add missing tests for the groups resource.
remove tests for has_gid

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Fix comments

Signed-off-by: Jared Quick <jquick@chef.io>
2018-10-18 16:48:30 -04:00
Jerry Aldrich
7313eb7819 style: Fix quotes/style on the docker resource (#3516)
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-10-17 09:14:19 -04:00
Jared Quick
2bbcdbde9b
Inspec 3.0 (#3512)
* Remove deprecated yumrepo. (#3435)

* Remove deprecations for cli `--format` and metadata.rb (#3452)

* Remove deprecated database_helpers stderr/stdout methods.
Update deprecation text for processes/apache.

* Remove deprecations for `--format` and metadata.rb
Remove deprecated `format` code.
Remove deprecated code test and change json-config format test to use
reporter.
Remove deprecated metadata.rb code
Remove deprecation notice for old supports syntax.
Deprecate metadata.rb from source_reader
Remove rubocop disables as they are no longer required for this code block.
Remove deprecated legacy metadata.rb mock profiles.
Remove deprecated metadata.rb profile tests.
Remove deprecated yumrepo test.

* Allow inspec-3.0 branch to be tested.
* Allow appveyor to test inspec-3.0 branch
* Change runner tests to use reporter rather than format.
Remove deprecated `supports: linux` tests.

* Remove skip from inherited profiles from showing up in reporting (breaking change) (#3332)

* Skip loading dependency profiles if they are unsupported on the current
platform.

Skip loading dependencies if they are unsupported on the current
platform.

Wrap our log and next in a conditional checking if the platform is
supported.

Change a `if !` into a `unless`

Check if the backend is a Train Mock Connection and if so say that the
profile does support the platform.

While iterating through tests being loaded skip when the platform is
unsupported.

We now log a WARN when a profile is skipped due to unsupported platform,
so lets check that.

Modified existing test to log that there are 0 skipped tests, instead of
2.

Add functional test that loads profile-support-skip with a json reporter
to check that our controls are not loaded and that stderr contains our
warning.

* Rather than iterating through each test return before recursion if the platform is
unsupported.

* Resolve tests using a supported platform different from testing platform

Add a control to `test/unit/mock/profiles/complete-profile` that would
work on any OS with a Internet connection. This allows the profile
to execute on any OS with success. `filesystem_spec.rb` was a control
that would only work on Linux and some BSD's.

We want profile tests to consistently work across development and testing
platforms, and not get 'skipped' in some cases.  Travis-CI tests on Linux,
Inspec Dev team uses Linux and MacOS, Appveyor tests on Windows

Also Updated `file_provider_test.rb` for `complete-profile` content changes.

If you `MockLoader.load_profile` on a unsupported platform you might not
hit the usual skip. Lets handle situations where the tests array in
Profile#load_checks_params could be nil.

* Use safe navigation rather than checking if tests is nil.
Update tests to point to unsupported_inspec and account for WARN changes.
Make unsupported_inspec profile support os-family 'unsupported_inspec'

* Fix skip bug when using include/require controls. (#3487)

* Fix skip bug when using include/require controls.
* fix test and feedback.

* Remove need for UUID detection for Automate report (#3507)
* Add json metadata for skipped profiles (#3495)

* Add skip metadata to json reports
* Unify skip messages.
* Update with status field.
* Add testing.
* Fix tests.
* lint
* Add skip exit codes for profile skips.
* Update website for 3.0 launch

Add `plugins` to sidebar.
Change 2.0 -> 3.0 in slim files.
Update 3.0 features list.
* Fix comments
* Update float to numeric.
* Change Float to numeric.
* updated feature list and impact doc
* Change "What's new in InSpec 3.0" -> "Announcing InSpec 3.0"
* Bump VERSION to 3.0.0 (#3511)

* Remove 3.0 testing checks.

* Fix azure link.
2018-10-15 18:25:27 -04:00
Jerry Aldrich
0b0a0a4d48 Change Inspec to InSpec where appropriate (#3494)
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-10-15 12:09:46 -04:00
Jonathan Hartman
7451917223 Support finding larger processes on Busybox (#3446)
For larger processes, Busybox's ps displays the vsz and rss columns in
megabytes or gigabytes, with no option I've found to override the behavior.

This change updates the process regex to account for that and converts
the values to kilobytes so they can still be cast as integers.

Signed-off-by: Jonathan Hartman <j@hartman.io>
2018-10-04 14:06:17 -04:00
Jonathan Hartman
08e3b90f2b Support the Busybox variant of netstat in the port resource (#3425)
Signed-off-by: Jonathan Hartman <j@hartman.io>
2018-09-25 22:40:05 -04:00
James Massardo
2af1535f7c Add new resource: aws_ebs_volume (#3381)
* Added support for basic AWS EBS volume testing
* Fix error in exists matcher
* Added EBS resource documentation and requested changes

Signed-off-by: James Massardo <jmassardo@chef.io>
2018-09-21 11:49:28 -04:00
Martin Logan
242bee9ce6 Update AWS Security Group to work with IPV6 rules. (#3394)
Add inbound_rules_count and outbound_rules_count for total variants

Signed-off-by: Martin Logan <martinloganzz@gmail.com>
2018-09-18 16:21:41 -04:00
Jared Quick
94c7ef0df8
Fix gem tests from recent merge. (#3409)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-18 15:00:26 -04:00
Ben Abrams
0b33644819 adding versions to the gem resource (#3398)
This is useful when you have multiple versions of the same gem installed. It can be leveraged like so:
```
describe gem('rest-client') do
  its('versions') { should include /1.8\.\d+/ }
  its('versions') { should include /2.0\.\d+/ }
  its('versions.count') { should_be eq 2 }
end
```

Signed-off-by: Ben Abrams <me@benabrams.it>
2018-09-18 13:17:10 -04:00
Clinton Wolfe
50ff9f6a24
Plugins: Add support for 'bundles' migration (#3384)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-18 00:00:54 -04:00
Vern Burton
a7ab4b8b5f Add cloudlinux under redhat family (#2935)
* adding cloudlinux into the mocker under the redhat family as it is found inside of train, and creating tests for cloudlinux that mirror the centos/redhat tests.
* adding cloudlinux under the select_service_mgmt method so that it can be matched.

Signed-off-by: Vern Burton <me@vernburton.com>
2018-08-22 15:58:38 -04:00
Robert Van Kleeck
5264cb5fdf add iis_app_pool resource (#2400)
* add iis_app_pool resource
* add sign off
* remove training whitespace
* code cleanup and simplify timeout checks
* add mock tests

Signed-off-by: Rob Van Kleeck <rvankleeck@salesforce.com>
2018-08-09 09:19:49 -04:00
Henry Muru Paenga
f605051f53 Add new resource: aws_ecs_cluster (#3213)
Signed-off-by: Henry Muru Paenga <meringu@gmail.com>
2018-08-09 09:19:27 -04:00
Noel Georgi
9d3beb8d41 Adding docker plugin support (#3074)
* Fixing tests and squashing
* Updating as per some PR comments
* PR comments

Signed-off-by: Noel Georgi <18496730+frezbo@users.noreply.github.com>
2018-08-09 08:20:32 -04:00
Ksenia
d2ae5c0d68 Fix issue#3269. Add 17 hexadecimal characters support aws_route_table (#3277)
Add support in aws_route_table to allow 17 hexadecimal characters
2018-08-09 08:16:03 -04:00
Jerry Aldrich
f2d64938b7 windows_feature resource: Add DISM support (#3224)
* windows_feature resource: Add DISM support

This modifies the `windows_feature` resource to fallback to DISM when
the `Get-WindowsFeature` command is not available.

* Allow specifying `:dism` or `:powershell`
* Replace stacktrace with smaller error message
* Add notes/todo about raise behavior
* Remove duplicated platform check

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-07-25 16:00:06 -04:00
Jerry Aldrich
c1d7b2cfa3 alpine resource: Fix small style issues (#3238)
* Constrain RuboCop disables to single method
* Add comment to Alpine package command
* Use single quotes for Alpine package command
* Change `it` statement to be readable

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-07-25 15:57:51 -04:00
Dan Webb
a0fffa5286 Add Alpine package provider (#3215)
- Add Alpine tests
- Stub apk grep command for alpine
- Resolve (disable for now) rubocop ABC/CyclomaticComplexity/PerceivedComplexity

Signed-off-by: Dan Webb <dan.webb@damacus.io>
2018-07-19 15:07:36 -04:00
Miah Johnson
bfd569fe99 Ensure resources fail that target something that isn't supported (#3231)
* Use fail_resource rather than skip_resource when the platform is not
supported by the resource.

* Update tests to handle failing on unsupported platforms.
Update functional tests.

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-07-19 08:16:54 -04:00
Jerry Aldrich
706493f2f3 command resource: Allow redacting #to_s (#3207)
* command resource: Allow redacting `#to_s`
* Respond to feedback

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-07-16 08:20:57 -04:00
Jerry Aldrich
737df411ef apache_conf resource: Strip quotes from values (#3142)
* apache_conf resource: Strip quotes from values
* Update regex to capture all vars between quotes
* Change `x` and `y` to proper variable names

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-06-26 07:48:48 -04:00
Clinton Wolfe
44c0fd2e4f
Accept symbols and downcased criteria in aws_iam_policy have_statement matcher (#3129)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-21 14:19:56 -04:00
Clinton Wolfe
7aa60852e6 Add list properties back to shadow (#3140)
* Un-deprecate plural properties on shadow; deprecate the singular versions
* Update filtertable interface to current
* A weak attempt at making the docs coherent
* Doc feedback per Jerry

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-14 13:42:00 -04:00
Clinton Wolfe
6f46d52242
Add aws_elb and aws_elbs resources (#3079)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-07 15:06:05 -04:00
Miah Johnson
ab32446213 Adds a aws_flow_log resource with unit and integration testing. (#2906)
Signed-off-by: Miah Johnson <miah@chia-pet.org>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-07 14:41:46 -04:00
Clinton Wolfe
f9dd82f2f6
Add common methods to FilterTable automatically (#3104)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-05 22:35:09 -04:00
Jared Quick
06ff747cfc
Detect windows packages with trailing spaces. (#3106)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-06-01 10:39:26 -04:00
Dominik Richter
ebd1d36600 support local npm package searches (#3105)
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2018-06-01 10:52:46 +02:00
Tor Magnus Rakvåg
34b393ed3c mssql_session default port and local_mode (#3031)
* set port default to nil, introduce local_mode
* raise instead of warning
* restore default port, allow explicit nil

Signed-off-by: Tor Magnus Rakvåg <tm@intility.no>
2018-05-31 13:47:28 -04:00
Tor Magnus Rakvåg
71ba5018d2 Enhance groups resource with members property (#3029)
* implement members property
* flatten groups entry, extract flatten helper
* lints
* more idiomatic spec, add example of members testing

Signed-off-by: Tor Magnus Rakvåg <tm@intility.no>
2018-05-31 13:37:44 -04:00
Clinton Wolfe
af72574b34 Skeletal aws_ec2_instances resource (#3023)
* Add integration and unit tests for aws_ec2_instances
* Basic docs for aws_ec2_instances
* Add basic aws_ec2_instances resource

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-05-10 14:54:33 -04:00
Jeremy
1407e681fc #2810 - Add check if aws s3 bucket is encrypted. (#2937)
* Add check if aws s3 bucket is encrypted.
Required terraform aws provider >= 1.6
Fix indentation issue in aws_s3_bucket.rb

* Implement most changes recommended by @TrevorBramble, and refactored other methods to align with recommendations (except Terraform nitpick; preference is to keep coding style consistent until full refactor).

Signed-off-by: Jeremy Phillips <github@uranusbytes.com>
2018-05-03 09:55:29 -04:00
Jerry Aldrich
9e8724ca6e nginx_conf resource: Fix include paths with quotes (#2726)
* nginx_conf resource: Fix include paths with quotes
* Move quote removal to `NginxParser`
* Add parsers/tests for quotes in quotes

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-05-03 09:53:20 -04:00
David Alexander
72925a7145 Makes JSON resource enumerable, despite method_missing magic (#2910)
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
2018-04-26 11:54:16 -04:00
Miah Johnson
709647c7c7 The #to_s method should return the @path rather than a hardcoded /etc/shadow. (#2978)
Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-04-26 08:53:42 -04:00
Clinton Wolfe
8934352935 Make names for AWS Config service objects optional (#2928)
* Update tests and docs to assume one recorder per region
* Config recorder supports singleton fetch
* Docs and tests for singleton mode delivery_channel
* Implementation for singleton delivery channel, and some other code cleanup
* Implement some feedback, and fix a bug in traversing the struct in looking for empty results

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-19 13:08:16 -04:00
Henry Muru Paenga
a9e3b8d8d0 Amazon linux service mgmt detection (#2970)
Signed-off-by: Henry Muru Paenga <meringu@gmail.com>
2018-04-19 13:00:39 -04:00
Clinton Wolfe
73b7b6942c
Inline and attached policies for aws_iam_user and aws_iam_users (#2947)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-17 13:22:28 -04:00
Clinton Wolfe
146b60556d
Policy statement search: don't stacktrace on missing field (#2962)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-17 13:21:29 -04:00
Clinton Wolfe
6853f232fa aws_iam_policy statement search fix for degenerate policies (#2958)
* Bug replication tests, unit and integration
* Fixes statement_count
* Fixes statement_count and have_statement
* rubocop trim whitespace

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-16 10:04:00 -04:00
Clinton Wolfe
745ff32c80 Basic fields for aws_vpcs (#2930)
* Update singular implementation to avoid use of inner object
* Update docs and tests for 3 new filters and properties on aws_vpcs
* Implement new filters and properties; one failing test due to odd FilterTable behavior
* changes to avoid bug 2929

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-12 15:48:55 -04:00
Miah Johnson
b40e553f15 Ensure @params in shadow resource always has a valid value. (#2939)
* Add tests for method chained shadow resource with readable and
unreadable shadow files.

Ensure @params always has a safe value, otherwise we may stacktrace when
unable to read /etc/shadow and invoked with method chaining.

* Wrap deprecation notices with a proc/must_output to clean up test
output.

Added some missing newlines.

Catch deprecation notice on `lines`.

* Resolve the majority of the issues pointed out by @tbramble.

Deprecate `lines`; its really only used internally but it was 'exposed'
through tests and who knows if there is external use. `lines` is not
documented as a property at least..

`#set_params` is much better now =)

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-04-12 15:37:22 -04:00
Clinton Wolfe
7130a77c06
Policy Statement Search capability for aws_iam_policy (#2918)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-12 14:31:02 -04:00
Clinton Wolfe
4200fdd779 AWS Security Group Rules properties and matchers (#2876)
Provides low-, and mid-level properties and matchers for examining rules on aws_security_group.

* Second draft of docs for SG rules interface; need to clarify semantics of reject
* First cut at unit tests
* Cleanup test fixtures
* Implementation for allow, with plausible unit tests
* Doc updates based on reality
* Add integration tests; move allow to allow_ / out; several docs updates
* Add be_open_to_the_world and be_open_to_the_world_on_port
* Update docs to reflect adding allow_only
* Update docs to reflect use of position to allow multiple rules with 'only'
* Implement allow_only with unit tests; still need integration tests
* Add integration tests for allow_only

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-06 14:22:25 -04:00
Matthew Dromazos
b5a0007851 aws_cloudtrail_trail feature: test how many days ago logs were delivered (#2887)
* * Adds new property to test how many days ago the CloudTrail delivered logs to the CloudWatch Logs.

* * Changes query for selected cloud trail in unit test
* Changes uses Time.now explicitly instead of making a variable in the unit test

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-04-06 14:04:57 -04:00
Matthew Dromazos
74076bc44a aws_iam_group feature: test users in an iam group (#2888)
* Adds new property to test the users in an aws_iam_group
* Adds terraform code to add the recall_hit user to the administrator group

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-04-06 14:04:13 -04:00
Matthew Dromazos
c04a98c9f8 New Skeletal Resource aws_route_tables (#2643)
* Initial commit of skeletal resource aws_route_tables
* Fixes issues with documentation
* Renames route table terraform resources to be more conventional
* Removes tags terraform resources
* Changes aws_route_table and aws_route_tables integration tests to use new terraform names
* Removes unneeded data given in unit tests

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-04-05 12:51:22 -04:00
Matthew Dromazos
0df67fc7d0 New Skeletal Resource aws_s3_buckets (#2653)
* Initial commit of skeletal resource aws_s3_buckets
* Add fixes to documents
* Removes property 'creation_date' for there is no use case as of right now
* Rebases on master and moves aws_s3_buckets integration test to the correct location
* Adds test on unit test for false exists

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-04-05 12:49:30 -04:00
David Alexander
3b97e16b97 New Resource: Chocolatey Package (#2793)
* Adds chocolatey package resource
* Adds docs for chocolatey_package resource
* Differentiate chocolatey package from windows feature

Suggested by @frezbo

Signed-off-by: David Alexander <opensource@thelonelyghost.com>
2018-04-05 08:54:27 -04:00
Paul Welch
27203110cd Add AWS hardware MFA matcher (#2892)
* Add AWS hardware MFA matcher
Adding a hardware as well as a virtual MFA matcher for aws_iam_root_user
resource

* Add New AWS Root Matcher Docs
- Add documentation for new root MFA matchers
- Fix logic for checking MFA devices from feedback on PR

* Add Integration tests for MFA matchers
- Add integration tests for virtual and hardware MFA matchers
- Clean up logic for has_virtual_mfa_enabled? method

Signed-off-by: Paul Welch <pwelch@chef.io>
2018-04-03 09:13:52 -04:00
Trevor Bramble
a40f857e2b Change route_table_id regexp for correctness (#2885)
Without the terminating character ($), it just accepted any characters
at all after the initial matching set.

Also add some tests to assure we're raising appropriately.

Co-authored-by: Trevor Bramble <tbramble@chef.io>
Co-authored-by: Joshua Padgett <jpadgett@chef.io>

Signed-off-by: Trevor Bramble <tbramble@chef.io>
2018-03-29 12:50:40 -04:00
Jerry Aldrich
2c4f041e9d powershell resource: Add support other OSs (#2894)
This adds `powershell` resource support for non-Windows OSs via `pwsh`
and Base64 encoded commands.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-03-29 11:57:15 -04:00
Mo Shark
fc3f1708c4 Porting over the singular rds resource from the aws-inspec git repo (#2866)
Signed-off-by: HackerShark <melsharkawi@mitre.org>
2018-03-28 11:23:44 -04:00
eramoto
53a53820cf Mitigate trivial warning output on test (#2872)
* Mitigate trivial warning on test by initializing
Also fixes passing a ambiguous argument.
* Mitigate trivial warning by removing redundant method

Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
2018-03-28 11:22:01 -04:00
Matthew Dromazos
603bef6f29 New Skeletal Resource aws_kms_key (#2746)
* Initial commit of skeletal resource aws_kms_key
* * Adds comments to rerun travis
* * Clarifies some parts of the doc.
* Changes matcher have_aws_key_manager to manged_by_aws
* Fixes copypasta
* Adds clarification to property names
* Fixes rescueing exceptions from the api
* raises exceptions in the unit tests

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-03-23 08:29:45 -04:00
Matthew Dromazos
9077a7b17b New Skeletal Resource aws_sns_subscription (#2697)
* Initial commit of skeletal resource aws_sns_subscription
* Fixes errors in documentation
* Clarifies documentation
* Wraps calls to aws api in catch_aws_errors metho
* Fixes integration tests

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-03-22 13:38:40 -04:00
Trevor Bramble
be83af35c5
Revise /etc/hosts for correctness and clarity (#2863)
* Clean up test data, correct parse error handling
 * Use functional pipeline to avoid need for conditional clauses and clarify the intent of the comment parsing.
 * Extract magic strings to constants
 * Remove code and tests now covered by FileReader

Co-authored-by: Trevor Bramble <tbramble@chef.io>
Co-authored-by: Paul Welch <pwelch@chef.io>

Signed-off-by: Trevor Bramble <tbramble@chef.io>
2018-03-22 09:58:22 -07:00
Matthew Dromazos
1bb565c708 New Skeletal Resource aws_sns_topics (#2696)
* Initial commit of skeletal resource aws_sns_topics
* Adds clarification in documentation
* Adds functionality for calling the next token returned from aws api.
* Wraps api calls in the catch_aws_errs method

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-03-22 12:55:23 -04:00
eramoto
c7e87ca3e3 Unify method in which file content is read across all resources (#2359)
* Create file-check functionality into utility file

There are the similar issues as PR #2302. Almost resources return false
positives when a file does not exist or is not read.

* Replace to file-check functionality
* Fix dh_params and x509_certificate resources

If a file is empty, OpenSSL::PKey::DH and OpenSSL::X509::Certificate have
raised an exception and have skipped the inspection. Thus x509_certificate
and dh_params resources are not allowed to read a empty file.

* to_s of shadow expects filters is not nil
* Remove workaround of sshd_config

Removes the workaround of sshd_config since Travis CI fails due to a bug
of dev-sec/ssh-baseline and the PR #100 will fix it.

* Use init block variable in methods

Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
2018-03-22 08:25:45 -04:00
Matthew Dromazos
555de72912 Skelatal resource: aws_s3_bucket_object (#2620)
* Initial commit of new resource
* Makes changes to docs to match changes to the resources.
* Adds clarifications in docs and changes it to be an erb file.
* Simplifies some unit tests
* Wraps calls to the api in a aws_catch_errors method
* Removes provisioner terraform code

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-03-19 13:10:17 -04:00
Jared Quick
fafa681f5c
Set backend cache to defualt true. (#2827)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-03-15 15:08:34 -04:00
Tom Hodder
eeeeda18d8 quote password when generating mysql command string (#2685)
* quote password when generating mysql command string
* added a test for mysql_session, added shellwords escaping to mysql_session resource
* changed the name of the escape method
* clarified test conditions

Signed-off-by: Tom Hodder <tom@limepepper.co.uk>
2018-03-09 08:41:21 -05:00
Miah Johnson
75f39e74f2 Refine deprecated methods to be consisten with supported fields in (#2801)
shadow file.

After much thought the deprecations from #2642 were for the wrong methods.

Plural method names feel much more natural when working with this
resource because you can have more than a single result.

Consider a match like `shadow.user(/^www/)`, this could return multiple
users, so `shadow.users` feels more natural here.

The problem is that the fields we're matching in the shadow file itself
are singular. Each entry is for a user, which has a password, and some
other fields. A user never has `passwords` in the shadow file, only a
`password`.

This is made more obvious when you use the `filter` method.

When we use this filter: `shadow.filter(min_days: 20, max_days: 30)` we
are matching fields in the shadow file and not using our matcher
methods. This means that if there is a discrepancy between our matcher
methods, and the shadow fields the user could end up confused. Like I did =)

This PR changes:

Changed matchers to match shadow fields.
Updated documentation to reflect changes.
Updated tests to reflect changes.
Re-add `filter` method, and add a test for it.
Renamed variable for FilterTable to be less confusing.
Renamed query argument for methods to be consistent.
Cleanup docs based on comments from @jerryaldrichiii
Make Rubocop happy <3

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-03-08 17:26:08 -05:00
Miah Johnson
5fee525be8 Remove os checks from initialize as this is provided by platform (#2797)
Removes skip_resource and raise .. if InSpec.os stuff from initialize as this is covered by platform support.

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-03-08 16:01:50 -05:00
Wei He
a3898db2fe Fix http with connection error (#2770)
* fix: http resource handle connection failed (ex. port is not open)
* add test case

Signed-off-by: Wing924 <weihe924stephen@gmail.com>
2018-03-07 23:04:26 -05:00
Miah Johnson
f6db0e345a Update shadow resource to use FilterTable (#2642)
* Change shadow resource to use FilterTable rather than custom filter
implementation.

Add tests for singluar aliased methods and other minor changes to work
with FilterTable output.
Coverage is at 100%

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* merge master

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-03-07 15:31:30 +01:00
João Vale
3e2450e703 Host resource: use bash over netcat in Linux (#2607)
* Add support to use bash in host resource

Netcat's presence is widely regarded as a security issue, and thus not
always available. This solution first tries to use bash builtins and
timeout (from coreutils), so is less likely to require installing
additional packages.

* Darwin UDP support in host resource
* Host: use netcat first if available

Signed-off-by: João Vale <jpvale@gmail.com>
2018-03-07 08:39:27 -05:00
Richard Nixon
47e4c578e0 Fix aws-iam-users pagination (#2761)
* Fix aws-iam-users pagination

PROBLEM: aws-iam-users resource only retrieves 100 records due to pagination
in the AWS IAM list_users function.

FIX: Iterate over all the pages using the AWS pagination variables `marker`
and `is_truncated`

Signed-off-by: Richard Nixon <richard.nixon@btinternet.com>
2018-03-02 09:14:05 -05:00
Jerry Aldrich
4631306ef1 virtualization_resource: Fix NoMethodError on nil:NilClass (#2603)
* Move instance variable to avoid `NoMethodError`

Methods for `role` and `system` properties are dynamically generated and
return values from the `@virtualization_data` Mash. Therefor, we must
ensure `@virtualization_data` exists before calling these methods.

* Move supports logic to `supports platform: linux`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-02-28 14:22:55 -05:00
Matthew Dromazos
4394c5efc8 New Resource aws_config_recorder (#2635)
* Initial commit of new resource
* Removes deprecated matcher in example
* Adds a new terraform file for config resources
* Fixes and clarifies documentation
* Wraps calls to api in catch_aws_errors method
* Changes the names of two matchers

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-02-27 13:15:04 -05:00
Christian Becker
b7687765f5 http resource: Support OPTIONS method (#2742)
Signed-off-by: Christian Becker <c.becker@mediaevent.services>
2018-02-27 12:59:53 -05:00
Jerry Aldrich
448eeb4637 package resource: Fix brew package detection (#2730)
* package resource: Fix `brew` package detection

This allows for package detection via `brew` to handle cases where a
particular package formula exists but is not installed.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-02-23 09:01:14 -05:00
Jared Quick
db96ee9e85
Prevent resources from loading if supports check fails (#2665)
* Prevent resources from loading if supports fail.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-16 15:15:53 -05:00
Clinton Wolfe
6c0422fbf0
Improvements and matcher renaming on aws_iam_password_policy (#2638)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-14 15:59:57 -05:00
Clinton Wolfe
33787124a7 Two deprecations in aws_ec2_instance (#2637)
* Drop deprecation warning for old name of aws_ec2

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-14 15:08:34 -05:00
Clinton Wolfe
2708a73e11 Merge branch 'aws-core-onramp' into aws-merge 2018-02-09 00:56:28 -05:00
Clinton Wolfe
d696c8b83f Merge branch 'cw/rename-resources' into core-onramp 2018-02-08 17:00:49 -05:00
Clinton Wolfe
dfc73a52f0 Merge branch 'release-2.0' into aws-merge-release-merge-try
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-08 10:44:11 -05:00
Clinton Wolfe
6aaab8691c Merge branch 'aws-merge-prep' into aws-merge
Includes train aws:// targeting and some new resources

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-08 10:09:57 -05:00
Jerry Aldrich
84817366a1 Remove deprecations for InSpec 2.0 (#2506)
* Add `release-2.0` target branch to AppVeyor/Travis (#2510)

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* simpleconfig: Remove deprecated config keys

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* cli (exec): Remove `--cache` command line argument

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* platform: Remove lowercase os name protection

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* matcher: Remove `contain_legacy_plus` matcher

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* matcher: Remove `contain_match` matcher

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* matcher: Remove `with_version` matcher

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* matcher: Remove `belong_to_group` matcher

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* matcher: Remove `belong_to_primary_group` matcher

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* matcher: Remove `contain` matcher

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* passwd: Remove deprecated properties

This removes:
  - `passwd.count`
  - `passwd.username`
  - `passwd.usernames`
  - `passwd.uid`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* auditd_rules: Remove in favor of `auditd` resource

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* cli: Remove `login_automate` command

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Remove `resource_skipped` message method

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-02-08 11:05:21 +01:00
Clinton Wolfe
a0b6bac87b
Use train for AWS connection (#219)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-07 23:26:37 -05:00
Clinton Wolfe
4e07508317 Rename classes and resource names in files
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-07 23:23:05 -05:00
Clinton Wolfe
162335aa60 Move files for rename
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-07 22:56:45 -05:00
Clinton Wolfe
4d8eb48855
Skeletal aws_vpc_subnets resource (#228)
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-07 20:12:02 -05:00
Clinton Wolfe
0ca012891b Rely on unit test helper to load resources, not individual AWS tests
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-07 12:09:08 -05:00
Miah Johnson
046b2ef419 Skeletal Resource: aws_route_table (#217)
Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-02-07 10:48:55 -05:00
Matthew Dromazos
16fee68c88 Skeletal Resource: aws_vpc_subnet (#209)
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-02-07 10:03:11 -05:00
Clinton Wolfe
f7a11ee2df Merge branch 'aws-merge-prep' into aws-merge
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-07 09:53:21 -05:00
Sam Cornwell
14efd94050 Skeletal aws_iam_group resource (#221)
Signed-off-by: Sam Cornwell <14048146+samcornwell@users.noreply.github.com>
2018-02-01 15:55:53 -05:00
Sam Cornwell
d722827ebd Skeletal aws_iam_groups resource (#208)
Signed-off-by: Sam Cornwell <14048146+samcornwell@users.noreply.github.com>
2018-02-01 13:09:48 -05:00
Rony Xavier
23b57ab591 Add have_access_logging_enabled matcher to aws_s3_bucket (#212)
Signed-off-by: Rony Xavier <rx294@nyu.edu>
2018-02-01 11:50:38 -05:00
Rony Xavier
7d53056751 Password usage properties for aws_iam_users (#213)
Signed-off-by: Rony Xavier <rx294@nyu.edu>
2018-02-01 11:23:25 -05:00
Clinton Wolfe
e2e9915aa4 Skeletal aws_kms_keys resource
Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-01 10:21:54 -05:00
Rony Xavier
6ae80ad6f7 skeletal aws_iam_ policies resource (#193)
Signed-off-by: Rony Xavier <rx294@nyu.edu>
2018-01-31 22:45:02 -05:00
Rony Xavier
1b170dcfb6 aws_iam_access_keys incorrectly populates created_date (#215)
Signed-off-by: Rony Xavier <rx294@nyu.edu>
2018-01-31 22:16:30 -05:00
Clinton Wolfe
032eda1063
Silence some test warnings (#140)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-01-31 21:54:47 -05:00
Clinton Wolfe
b645f093e9
Remove accidentally committed notes file (#194)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-01-31 21:52:28 -05:00
Rony Xavier
f09d4f5266 aws_iam_policy resource (#184)
Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-01-26 15:21:49 -05:00