Moved exec_inspec to inspec_path.
Added new exec_inspec that invokes ruby w/ -Ilib (expanded).
Decouples from bundler and/or needing inspec-bin to be installed.
Signed-off-by: Ryan Davis <zenspider@chef.io>
This changes the error message from using a bad reference in
`include_controls` from:
```
NoMethodError: undefined method `profile' for nil:NilClass
```
To one detailing that the profile cannot be loaded since it isn't listed
as a dependency.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
This ensures that all the following result in the same CLI output:
- `inspec`
- `inspec help`
- `inspec --help`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
This PR adds 5 closely related plugin types, which allow a plugin to implement new DSL methods / keywords. The mechanism to activate the plugins are all very similar - basically, in a particular location in the code, `method_missing` is implemented, and is used to activate the particular type of DSL being requested.
4 of the DSL plugin types relate to code that could appear in a profile control file.
* outer_profile_dsl plugins allow you to extend the code in profile Ruby files that appear outside `control` or `describe` blocks.
* control_dsl plugins allow you to extend the code within `control` blocks.
* describe_dsl plugins allow you to extend the code within `describe` blocks.
* test_dsl plugins allow you to extend the code within `it`/`its` blocks.
Finally, the `resource_dsl` plugin allows you to extend the code used within custom resources.
Basic unit tests are provided to prove that the plugin types are properly defined.
A simple plugin fixture defining DSL hooks (based on favorite foods) is included, and is exercised through a set of functional tests.
The plugin developer docs are updated to describe the 5 DSLs.
*Note*: Implementing a plugin using any of the DSL plugin types is experimental. The contexts that are exposed to the DSL methods are private and poorly documented. The InSpec project does not claim the APIs used by these plugin types are covered by SemVer. Plugin authors are encouraged to pin tightly to the `inspec` gem in their gemspecs.
Motivation for this plugin comes from the desire to allow passionate community members to implement things like "2 out of 3" tests, example groups, improved serverspec compatibility, "they/their" and other "fluency" changes, as well as make it possible for future work by the InSpec team to be implemented as a core plugin, rather than a direct change to the main codebase.
* Revert "Silence RSpec 'should' Warning (#3560)"
This reverts commit 7c611a4c24.
* Add comment with link to reverted fix
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add run_inspec_process, with JSON handling, to functional helper
* Add ability to run a plugin to functional helper
* CWD fix for run_inspec_process
* Add support for running a plugin within a functional test
* Move plugin functional helper code to main func helper file
* FuncHelper: Do not send reporter or lock options if command is not exec
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* unit tests for plugin conf file class, all skip
* File path stuff works
* Validation works
* Add works
* Added remove_entry
* Save works - ready to refactor others
* Rework Loader to use ConfigFile
* Modify loader and installer to use the config file class
* linting
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add support for `git@` and HTTP basic auth
This adds support for the following:
```
inspec exec git@github.com:private/example_profile
inspec exec https://username:token@github.com/private/example_profile
inspec exec https://username:password@webserver/private/example_profile
```
This also uses the Git fetcher when the URL ends in `.git`. Example:
```
git config credential.helper cache
git ls-remote https://github.com/private/example_profile.git
inspec exec https://github.com/private/example_profile.git
```
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Add documentation for `inspec exec` usage
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Add tests for Git fetcher and `inspec exec`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Add `opts` to branch of Git fetcher resolve logic
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Modify Git example comments
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Force `parse_uri` to attempt a parse
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Failing functional test for RSpec should deprecation
* Configure RSpec to allow .should calls
* Remove cruft from test files where we needed to filter deprecation warning
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Fixes (some) ruby warnings related to functional tests
* Removes unneeded `Dir.tmpdir` from test
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* ✓ adds additional checks for vendored profiles
This PR adds additional checks to verify if:
- inspec.yml and inspec.lock dependencies are out-of-sync
- complains about a missing lock file if we have dependencies defined
* skip if legacy profile path is used
* Fix unit tests.
* Force static sha256 for lock files and protect from unnamed depends.
* Add vendor profiles for checks. Windows downloads with different sha256.
* Adding inspec init profile for GCP.
* Adding final newline, thanks rubocop.
* Ensure README headings are at the same level.
* Move OS-specific default profile to new location
* Enforce os-platform restriction on default profile template
* Use profile templates in subdirs.
* Updates to address PR feedback after rebasing from #3491.
* Alter test setup to properly use YAML
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Allow strings or symbols to be used interchangeably in filtertable criteria; improve error message
* rubocop
* Update test count
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Remove deprecated yumrepo. (#3435)
* Remove deprecations for cli `--format` and metadata.rb (#3452)
* Remove deprecated database_helpers stderr/stdout methods.
Update deprecation text for processes/apache.
* Remove deprecations for `--format` and metadata.rb
Remove deprecated `format` code.
Remove deprecated code test and change json-config format test to use
reporter.
Remove deprecated metadata.rb code
Remove deprecation notice for old supports syntax.
Deprecate metadata.rb from source_reader
Remove rubocop disables as they are no longer required for this code block.
Remove deprecated legacy metadata.rb mock profiles.
Remove deprecated metadata.rb profile tests.
Remove deprecated yumrepo test.
* Allow inspec-3.0 branch to be tested.
* Allow appveyor to test inspec-3.0 branch
* Change runner tests to use reporter rather than format.
Remove deprecated `supports: linux` tests.
* Remove skip from inherited profiles from showing up in reporting (breaking change) (#3332)
* Skip loading dependency profiles if they are unsupported on the current
platform.
Skip loading dependencies if they are unsupported on the current
platform.
Wrap our log and next in a conditional checking if the platform is
supported.
Change a `if !` into a `unless`
Check if the backend is a Train Mock Connection and if so say that the
profile does support the platform.
While iterating through tests being loaded skip when the platform is
unsupported.
We now log a WARN when a profile is skipped due to unsupported platform,
so lets check that.
Modified existing test to log that there are 0 skipped tests, instead of
2.
Add functional test that loads profile-support-skip with a json reporter
to check that our controls are not loaded and that stderr contains our
warning.
* Rather than iterating through each test return before recursion if the platform is
unsupported.
* Resolve tests using a supported platform different from testing platform
Add a control to `test/unit/mock/profiles/complete-profile` that would
work on any OS with a Internet connection. This allows the profile
to execute on any OS with success. `filesystem_spec.rb` was a control
that would only work on Linux and some BSD's.
We want profile tests to consistently work across development and testing
platforms, and not get 'skipped' in some cases. Travis-CI tests on Linux,
Inspec Dev team uses Linux and MacOS, Appveyor tests on Windows
Also Updated `file_provider_test.rb` for `complete-profile` content changes.
If you `MockLoader.load_profile` on a unsupported platform you might not
hit the usual skip. Lets handle situations where the tests array in
Profile#load_checks_params could be nil.
* Use safe navigation rather than checking if tests is nil.
Update tests to point to unsupported_inspec and account for WARN changes.
Make unsupported_inspec profile support os-family 'unsupported_inspec'
* Fix skip bug when using include/require controls. (#3487)
* Fix skip bug when using include/require controls.
* fix test and feedback.
* Remove need for UUID detection for Automate report (#3507)
* Add json metadata for skipped profiles (#3495)
* Add skip metadata to json reports
* Unify skip messages.
* Update with status field.
* Add testing.
* Fix tests.
* lint
* Add skip exit codes for profile skips.
* Update website for 3.0 launch
Add `plugins` to sidebar.
Change 2.0 -> 3.0 in slim files.
Update 3.0 features list.
* Fix comments
* Update float to numeric.
* Change Float to numeric.
* updated feature list and impact doc
* Change "What's new in InSpec 3.0" -> "Announcing InSpec 3.0"
* Bump VERSION to 3.0.0 (#3511)
* Remove 3.0 testing checks.
* Fix azure link.
* Move compliance pluging to v2 system.
* Update kitchen-inspec to test.
* Add legacy require patsh.
* Fix unit test
Signed-off-by: Jared Quick <jquick@chef.io>
* Unit tests passing for loading Train plugins
* detect works with a train test fixture
* Update fixture install of train-fixture-plugin
* Add functional tests for detect and shell when talking to a train plugin backend
* Update docs to reflect availability of Train plugins
* Functional test for install train plugin from path
* Working install train plugin from path, more tests for installing from odd locations
* PR Feedback
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add support for multiple descriptions for controls
This adds the ability to specify multiple descriptions in controls.
Example:
```ruby
control 'my-control' do
impact 1.0
title 'My control'
desc 'A default description'
desc 'rational', 'I need an example'
describe file('/tmp') do
it { should be_directory }
end
end
```
Many thanks to @jquick for helping me with the unit tests.
* Remove unused `descriptions` method
* Remove unused profile from test mocks
* Respond to feedback
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Functional test for usage messaging
* Activate v2 commands on empty CLI invocation for usage messaging
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Move inspec init to v2 plugins.
* Revert inspec run command env change.
* Allow prefix and env for run_inspec_process.
* Update unit tests to use new functionality.
Signed-off-by: Jared Quick <jquick@chef.io>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
Signed-off-by: Jared Quick <jquick@chef.io>
* Fix profile vendoring on Windows
This fixes vendoring on Windows by doing the following:
- Expanding relative paths (handles `\\`)
- Ensuring archives after closed after reading (prevents locking)
This also does the following:
- Removes extra file from testing tar archive
- Ensures fetching dirs/archives in the local fetcher behaves the same
* Fix profile vendoring on Windows
This fixes vendoring on Windows by doing the following:
- Expanding relative paths (handles `\\`)
- Ensuring archives after closed after reading (prevents locking)
This also does the following:
- Removes extra file from testing tar archive
- Ensures fetching dirs/archives in the local fetcher behaves the same
* Add vendoring to fuctional testing and fix the tmp path for windows
* Add tests for relative paths and backslashes
* Remove backslashes support in filenames on Linux
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Add impact class which contains all cvss scores.
* Add testing for impact changes.
* Change symbols to strings for impact.
* Update error messages to be more clear.
* Fix test with new sha
Signed-off-by: Jared Quick <jquick@chef.io>
* Add windows functional tests.
* Fix tests for 2012 server.
* Fix windows build script
* Add more functional tests for windows.
* Update comment with TODO.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add yml attribute option.
* Add type matching.
* Add testing profile for global attributes testing all types.
* Allow attributes to be called within a control block.
* Fix attribut test issues and allow value to be set at runtime.
* Allow setting attr value after creation.
* Move attributes to global namespace.
* Move attributes to a singleton object.
* Add unit and updated functional testing.
* Rename attributes to attributes_test so the testhelper picks it up.
* Add attribute object tests and error types.
* Update with feedback changes.
* Remove extra line.
* Move attribute registry class file.
* Add documentation for attributes
* Rename rspec_extensions.
* Add some failing functional tests.
* Update docs and fix typos.
Signed-off-by: Jared Quick <jquick@chef.io>
* Allow uuid passthrough
* Update flag to be target-id.
* Updated to use proper formatting for header.
* Fix empty line after cli banner.
Signed-off-by: Jared Quick <jquick@chef.io>
* Functional tests for userdir option
* Accepts --config-dir CLI option
* Actually loads a config file from the config dir, more cases to test
* Able to load config and verify contents from config-dir
* Functional tests to ensure precedence for config options
* Enable setting config dir via env var
* .inspec, not .inspec.d
* Begin converting PluginCtl to PluginLoader/Registry
* Able to load and partially validate the plugins.json file
* More work on the plugin loader
* Break the world, move next gen stuff to plugin/
* Be sure to require base cli in bundled plugins
* Move test file
* Revert changes to v1 plugin, so we can have a separate one
* Checkpoint commit
* Move v2 plugin work to v2 area
* Move plugins v1 code into an isolated directory
* rubocop fixes
* Rip out the stuff about a user-dir config file, just use a plugin file
* Two psuedocode test file
* Working base API, moock plugin type, and loader.
* Adjust load path to be more welcoming
* Silence circular depencency warning, which was breaking a unit test
* Linting
* Fix plugin type registry, add tests to cover
* Feedback from Jerry
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Error cleanly if a reporter error while rendering.
* Add functional test for automate reporter.
* Remove authors.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add --vendor-cache flag for archive, check, and json commands.
* Remove unused ignore_supports flag for Inspec::Runner.
This flag was only set in two code paths that did not call
Inspec::Runner so setting it did not have any effect.
Signed-off-by: Pete Higgins <pete@peterhiggins.org>
* Use fail_resource rather than skip_resource when the platform is not
supported by the resource.
* Update tests to handle failing on unsupported platforms.
Update functional tests.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Functional tests for regex control selection
* Implementation for regex-based control filtering
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
profile name. eg "with/slash" would result in a profile created in the
"with" directory named "slash"
Add test for inspec init, and updated other for new output.
Clean up profiles created during testing and place them in temporary
directories.
Describe our test a bit better.
Check that the profile was created in the right location.
Check that the profile is named correctly.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Updating inspec with bastion options as per https://github.com/inspec/train/pull/310
* Updating train pin
* Adding --password to pass the test
* Revert "Updating train pin"
* PR changes
Signed-off-by: Noel Georgi <18496730+frezbo@users.noreply.github.com>
* Sort `Dir.entries` in functional test
Ruby's `Dir.entries` differs between OS's. This ensures the same order
is used when comparing two arrays.
* Remove unused variable `exec_out`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Add long description to inspec exec command, mentioning exit codes
* Modify website doc builder code to use long description if available
* Functional test for --distinct-exit flag
* Implement --distinct-exit option
* Inspec shell also needs the option
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* A functional test for attributes
* Add tests for nested attrs in yaml
* remove commented-out tests
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Fix the control merging issues when overriding child controls.
* Fix rubocop issue and vendor compression.
* Add in lock file for vendor profile
Signed-off-by: Jared Quick <jquick@chef.io>
* Change `skip_resource` to use raise
* Add `supports` lines to example resource
* Change to rescue `StandardError` vs `Exception`
* Change raise to use `e.message` vs `$!`
* Remove redundant returns
* Change `File.exists?` to `File.exist?`
* Update shasum in tests
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Create file-check functionality into utility file
There are the similar issues as PR #2302. Almost resources return false
positives when a file does not exist or is not read.
* Replace to file-check functionality
* Fix dh_params and x509_certificate resources
If a file is empty, OpenSSL::PKey::DH and OpenSSL::X509::Certificate have
raised an exception and have skipped the inspection. Thus x509_certificate
and dh_params resources are not allowed to read a empty file.
* to_s of shadow expects filters is not nil
* Remove workaround of sshd_config
Removes the workaround of sshd_config since Travis CI fails due to a bug
of dev-sec/ssh-baseline and the PR #100 will fix it.
* Use init block variable in methods
Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
* return 1 as exit code for commands that are not available
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
* update tests
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
This does the following to `inspec detect`:
- Modifies it to use the `platform` resource
- Changes the output to mention Platform and show the family hierarchy
- Changes the JSON output by changing `family` to `families`
- Adds better error messaging (no more stacktraces!)
- Adds support for APIs such as AWS/Azure
- Hides Arch from API platforms (not applicable)
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Formatter and reporter refactor.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add exception and backtrace to json-min report.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add sha to json-min and include generator version for json profile.
Signed-off-by: Jared Quick <jquick@chef.io>
* Fix deprecated typo and add fallback for cli resource title.
Signed-off-by: Jared Quick <jquick@chef.io>
* Update to build json report and clean up cli logic.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add tests for json reporter.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add cli suppress_log_output? and a fallback for invalid reporter type.
Signed-off-by: Jared Quick <jquick@chef.io>
* Update suppress_log_output? to check if we are outputting to stdout.
Signed-off-by: Jared Quick <jquick@chef.io>
* Update reporter cli optoins to work with json_config.
Signed-off-by: Jared Quick <jquick@chef.io>
* Refactor some safe-navigation and variable names.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add thor banner to show reporter file output syntax.
Signed-off-by: Jared Quick <jquick@chef.io>
* Move cache cli command to vendor-cache.
Signed-off-by: Jared Quick <jquick@chef.io>
* Rename DEPRECATION to DEPRECATED for cache flag.
Signed-off-by: Jared Quick <jquick@chef.io>
* Allow `inspec check` to ignore `only_if`
When using `inspec check` a mock Train backend is created. This means
that the following would raise an error because `os.name` is `nil`
```
only_if { os.name.include?('anything') }
```
Since `inspec check` isn't concerned with the evaluation of `only_if`
this skips those checks if the block given raises an error.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Remove unnecessary `e` in rescue
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Modify implementation to use `check_mode`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Move `check_mode` concept to the Profile scope
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Fix lint after rubocop upgrade
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Add comment for mocked ControlEvalContext options
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Enable caching for command and file calls to train
* Moved transport conn to connection and refactored tests
* Update caching flag to use train caching.
* Move caching flag to cli option.
* Add backed cache default from thor.
* Add hard disable for cache option and remove all cache from debug shell.
* Add comment to caching settings conditional.
* Force file cache on when caching enabled.
* Update gemspec for train 0.30.0.
Signed-off-by: Jared Quick <jquick@chef.io>
* Allow skipping/failing resources in FilterTable
`FilterTable` is commonly used in the class body of a resource and is
evaluated during an `instance_eval`. This means that if you raise an
exception (e.g. SkipResource) it will halt `inspec exec` and
`inspec check`.
This adds an `ExceptionCatcher` class that will postpone evaluation
until test execution.
This allows `inspec check` and `inspec exec` to perform as intended when
skipping/failing a resource in `FilterTable`
Huge thanks to @adamleff for providing the starting code/ideas!
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Comment why `ExceptionCatcher` doesn't raise
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Remove `accessor` from `ExceptionCatcher`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Return the existing ExceptionCatcher object rather than creating new
Signed-off-by: Adam Leff <adam@leff.co>
* Fix classname in JUnit formatter
The JUnit formatter currently incorrectly uses `class` instead of
`classname` as an attribute.
Signed-off-by: Adam Leff <adam@leff.co>
* Prefixing classname with profile name, fix functional tests
Signed-off-by: Adam Leff <adam@leff.co>
* Add failing unit test for deprecation warning on profiles with slashes in their name
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Issue warning during validation if name contains a slash
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Slug profile names generated from target paths to prevent breaking unit tests
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Rubocop whinges
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Update functional test watching for default profile name
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Make deprecation warning more descriptive
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Rubocop whinges
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Set title with original test path if no profile name or title provided
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Rubocop whinges
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Merge `login` and `login_automate` commands
This provides a single interface for logging into either Chef Automate
or Chef Compliance servers. Server type is evaluated at run time via
HTTP responses from designated endpoints.
This also moves the login logic from `Compliance::ComplianceCLI` to a
separate set of modules in `Compliance::API`. This removes logic from
Thor and allows for more in depth Unit testing.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Remove empty line below class definition
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Add message to `raise CannotDetermineServerType`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Refactor `token_info` assignment
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Remove unnecessary rubocop disable
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Modify `Login` module namespacing
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Remove mentions of login_automate and --usertoken
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Modify `determine_server_type` to return a symbol
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Add support for `login_automate` and `--usertoken`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Fix encoding typo
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Address PR feedback
This does the following:
- Moves `CannotDetermineServerType` error to `.login`
- Changes methods that store configuration to return the configuration
- Moves user output to one location in `.login`
- Makes other small improvements
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Support PAX-formatted tar files, standardize file lists
When a tar file is generated in PAX format, the files have an additional
relative path prefix added to them. For example, instead of:
inspec.yml
... the file is listed as:
./inspec.yml
And the source reader plugin looks only for a "inspec.yml" file to
determine the profile format.
This change addresses this issue by normalizing the file paths in the
TarReader and accounting for the additional "./" prefix that may exist
whenever the tar file is walked looking for a file to read its content.
Signed-off-by: Adam Leff <adam@leff.co>
* Remove pax from unit test, will move to functional
Signed-off-by: Adam Leff <adam@leff.co>
* Add function test for the pax header tar file
Signed-off-by: Adam Leff <adam@leff.co>
This modifies `Inspec::DirProvider` to allow special characters in the
file glob by escaping those characters via `Shellwords.shellescape`.
This fixes#2111 (`inspec check` on path with special characters)
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Filter check output based on sensitive flag
-Updated check in formatters to filter check output during failures based on
sensitive metadata flag
-Added functional test of output filtering
-Updated documentation with blerb on usage
* Update output format for sensitive resources
Signed-off-by: Kevin Formsma <kevin.formsma@gmail.com>
* Update color output on new test
Update the color output to match the newly-expected non-color format if there are no tests that match.
Signed-off-by: Adam Leff <adam@leff.co>
* Refine the profile/test summary output of the CLI formatter
* The "Profile Summary" is misleading as it's not a summary of profile
success/failure but rather the controls within the profile(s). Altered
the output to be clear. I still like calling it the "profile summary"
but wanted to add clarity that the numbers are about the controls.
* Made the colorized output dynamic. The success/failure will only be
green/red if there are controls/tests that fall into that category.
That way we are not printing red failure text when there are no
actual failures. Fixes#1752.
* Cleaned up some grammar issues. ("1 failure" vs "1 failures")
Signed-off-by: Adam Leff <adam@leff.co>
* Remove any "All Rights Reserved" references
InSpec is licensed and released under the Apache 2.0 license. This
change removes all reference to legacy code files that still had
any Copyright or License lines referring to "All Rights Reserved".
Signed-off-by: Adam Leff <adam@leff.co>
* fix functional tests
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
Due to limitations in Thor it is not possible to set an argument to be both optional and its value to be mandatory. E.g. the user supplying the --password argument is optional and not always required, but whenever it is used, it requires a value. Handle options that were defined with mandatory values in a way that fails with an `ArgumentError` if the value is missing, i.e.:
```
> inspec exec examples/profile --password
ArgumentError: Please provide a value for --password. For example: --password=hello.
```
It works without `--password` or with `--password=arg`. Also handled for `--sudo-password`.
Fixes: https://github.com/chef/inspec/issues/1901
As suggested: https://github.com/chef/inspec/pull/1904
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
Generated duplicate messages due to the way that examples are aggregated in RSpec. Make sure we never show any duplicate test result messages, as they offer not value to any user.
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
The CLI formatter is not currently honoring the --no-color flag
when outputting CLI output. This change cleans up how we format
with color and properly support the flag for use cases where
color-encoding characters make the output difficult to use
(i.e. when someone redirects CLI output to a text file for
sharing with others).
Signed-off-by: Adam Leff <adam@leff.co>
Running `inspec exec` with --sudo locally produces unintended results
given that we cannot escalate local Ruby methods after we're already
running. --sudo is meant to only be used with remote targets. We do
not currently enforce that.
This change will print an error for the user if they attempt to use
--sudo with a local exec and exit non-zero.
Signed-off-by: Adam Leff <adam@leff.co>
A new `help matchers` command will provide helpful examples on a few
of the standard matchers: be, cmp, include, etc.
I also cleaned up the formatting of the resources list and provided
better feedback if a user requests help for an unknown resource.
Resolves#1684
Signed-off-by: Adam Leff <adam@leff.co>
In #1454, we welcomed a newly-revamped JUnit formatter which has
a dependency on Nokogiri. Unfortunately, this had led us to problems
getting InSpec included in Chef omnibus builds (see chef/chef#5937)
because Chef is using Ruby 2.4.1 and the Nokogiri maintainers have
not yet released a windows binary gem that supports Ruby 2.4.x.
This has led to breaking builds in Chef's CI platform and would
block the acceptance of chef/chef#5937.
This change replaces Nokogiri use with REXML instead. While REXML
can be slower than Nokogiri, it does not require native extensions
and is supported on all Chef platforms.
Signed-off-by: Adam Leff <adam@leff.co>
The CLI output for the vendoring of profiles has been updated slightly
to be more clear, and the functional tests have been modified to match
as well.
Signed-off-by: Adam Leff <adam@leff.co>
When in inspec shell, you need to type the `help` command to find out info
about your target system. This info would be super helpful right out of the
gate so users have confidence that they're targeting the correct system.
The target info is still available via the `help` command as it always has
been, as well.
Signed-off-by: Adam Leff <adam@leff.co>
When running InSpec with multiple profiles, and two or more of the profiles
are read in using the "Flat" SourceReader (i.e. they are not actual profiles
with a metadata file like inspec.yml, but rather just a folder containing
.rb files with controls and tests in them), InSpec would throw a NilClass
error when building the necessary objects for the formatter.
The cause was in `#profile_contains_example` in the formatter code which
checks to see if the profile name is the same as the profile_id in the given
example. However, if both of those were nil, it would potentially match the
wrong Flat-read profile.
This change fixes this in two ways: refusing to match if the profile name
or example profile ID is nil, and adding a default name to a profile if
it doesn't have a title or name. This will solve the matching issue and also
clean up the formatter output so users can more easily tell what tests
are from which profile/path.
Signed-off-by: Adam Leff <adam@leff.co>
* Fixes an issue when specifying no profile
* Fixes an issue when displaying a profile that has included/required profiels
* Fixes an issue when specifying profiles with only metadata
* Fixes formatting for spacing to ensure it adheres to previous alignment
* Fixes issue with the Control object and the rolling up of failed
and skipped examples.
Signed-off-by: Franklin Webber <franklin@chef.io>
Previous, require_controls was including all controls from the named
profile, despite the documented behavior being that it only includes
controls explicitly pulled in by the user. The cause was two-fold:
1) A previous refactor meant that we weren't removing the rule from the
correct context, and
2) We weren't descending down the dependency tree when filtering rules.
This commit fixes the require_controls DSL method and adds a test to
help prevent future regressions.
Signed-off-by: Steven Danna <steve@chef.io>
This commit threads through some state related to whether or not a
profile is "local", that is whether it is a directory on disk. If it
is, we then write out the lockfile to disk.
Signed-off-by: Steven Danna <steve@chef.io>
All resources from deps are added into the control_eval_context used by
the current profile. However, if there is a name conflict, the last
loaded resource wins. The new `require_resource` dsl method allows the
user to do the following:
require_resource(profile: 'profile_name',
resource: 'other',
as: 'renamed')
describe renamed do
...
end
Signed-off-by: Steven Danna <steve@chef.io>
This is a regression introduced by the changes from string to symbol
keys in v0.34.0. It seems that our test cookbook that had a nested
dependency example wasn't actually wired up to run.
This adds a basic functional test and corrects the typo.
Signed-off-by: Steven Danna <steve@chef.io>
This adds a new git fetcher. In doing so, it also refactors how the
fetchers work a bit to better support fetchers that need to resolve
user-provided sources to fully specified sources appropriate for a
lockfile.
Signed-off-by: Steven Danna <steve@chef.io>
A few minor issues were causing 3 functional test failures on OS X.
These were not program errors but where rather the result of the
profiles under test assuming a linux environment.
Since many of the developers who will work on this project in the future
will be running OS X, let's ensure they can run the functional tests
easily.
Signed-off-by: Steven Danna <steve@chef.io>
(1) The field is not yet optimal, the calculations are great!
(2) Changing this field should go together with all other breaking json changes, especially if https://github.com/chef/inspec/pull/811 results in a change.
Mixing types in an array without specifying what these fields point to is not just confusing, but also causes issues with endpoints that may consume this data and dont process mixed types. We strive to have a stable api for 1.0 and this is a sin that was left after the major overhaul. Time to fix it.
this happens when the profile is run (exec) and also interpreted (via profile.params). It will load 2 profile context calls (both via Runner) which in turn gets 2 rounds of interpreter+runner executions. This is an issue with auto-generated IDs, due to their random component, which changes in this case
Full rewrite of all formatters. Create a minimal JSON, a full JSON, and a fallback RSpec formatter. The latter is only needed for corner cases and should not really be used. The former 2 are for (1) running `inspec json` followed by `inspec exec` (`--format json`) and (2) running just `inspec exec --format fulljson`.
Instead of just removing all tests because of OS support, supports now acts by adding all tests to the execution context, but doesnt actually execute them. Instead tests are set to skip before they get to the actual execution context