* Initial commit to extend backward compatibilty support of waiver with chef client
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Changes in conditional checks using if instead of unless
Signed-off-by: Nik08 <nikita.mathur@progress.com>
---------
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Reorganize reusable text files
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* Update text
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* update archetype
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* Use text file
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
---------
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* ssh_key resource file
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Initial commit for unit test for ssh_key resource
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Fix linting and added resource in resources file
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* extend the ssh key resource to use file resource properties
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Updates the ssh_key resource to get length and type of key.
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Updates unit test for ssh_key resource.
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* ADDS Docs for ssh_key resource
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Fix Review: Empty file handling
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Fixed review comments and few code refactoring for ssh_key resource
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Doc edits
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* Updates test
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
---------
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
Co-authored-by: Ian Maddaus <ian.maddaus@progress.com>
* Skip functional tests to match exit code for mandatory profile signing error in windows
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Addded comment to clarify skipping exit code matching test in windows
Signed-off-by: Nik08 <nikita.mathur@progress.com>
---------
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Update docs and introduce test for file content
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* TEST: Fix broken test due to changes in fixture
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
---------
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* Remove pinning of version for dependencies in test environment
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Remove version pinning of minitest and html-proofer
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* html-proofer still breaks the 3.0 ruby verify pipeline so reverting the removal of version pinning for html-proofer
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Revert "Remove version pinning of minitest and html-proofer"
This reverts commit f816289f39.
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Remove the dependency on html-proofer gem as it's only used in single test.
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
---------
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Document where to look up the platform list
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Update docs-chef-io/content/inspec/profiles.md
Signed-off-by: "clintoncwolfe@gmail.com"
Co-authored-by: Ian Maddaus <IanMadd@users.noreply.github.com>
---------
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Co-authored-by: Ian Maddaus <IanMadd@users.noreply.github.com>
* Adds cli options to enable audit log and configure the audit log
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Updated code to validate the audit log options. Audit log options are only valid for inspec exec and inspec shell command as those commands use the backend to execute commands and for file operations
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Updates cli options documentation for audit log options
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Disable audit log in test environment unless and until explicitly --enable-audit-log option is provided in test
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Rename enable-audit-log cli option to disable-audit-log
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* CHEF-8210 Enables feature preview flag for audit logging
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Revert "Disable audit log in test environment unless and until explicitly --enable-audit-log option is provided in test"
This reverts commit 50a42f0b44cf2fde6d927a00e444370cdd288a5d.
* Adds functional test for audit logging feature
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Updates cli doc for audit loggin feature flag
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Debug why audit log functional test fails in ci environment
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Revert "Rename enable-audit-log cli option to disable-audit-log"
This reverts commit d5169ec705.
* Revert "Debug why audit log functional test fails in ci environment"
This reverts commit 6f43898ad0.
* Removes the --enable-audit-log option from cli as feature flag will handle the enabling and disabling of audit log feature. And introduces few code changes after reverting renaming of --enable-audit-log option
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Updates the functional test for audit log
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* REVERT THIS ONCE THE TEST IS GREEN: This is just to test implementation of audit log against the train changes made for audit log
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Removes the right one
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Documentation for inspec audit logging feature
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Renames inspec audit log file
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Edits to audit log docs
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Remove --audit-log-rotation and --audit-log-size option to set from CLI
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Make sure we delete audit log file before running each test
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Appends timestamp and process id to generate audit log file per invocation/execution
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Updates functional test for audit logging feature
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Fix typo in audit logging docs
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Appends the timestamp and process id to user provided audit log file so that unique audit log file created per invocation
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Updates the audit log functional test
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Minor code improvements
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Adds exception class for invalid audit log options
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Revert "REVERT THIS ONCE THE TEST IS GREEN: This is just to test implementation of audit log against the train changes made for audit log"
This reverts commit a66137e70b.
* Upgrade train-core version pinning
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Docs review
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* Fix titles
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* Update the signature for features.yaml file
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
---------
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
Co-authored-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Co-authored-by: Ian Maddaus <ian.maddaus@progress.com>
* Updated exec option to allow unsigned profiles run
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Added method to verify signed profile and to check for signed profile
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Invoked logic on each run to verify profiles if signed else raise sig req error
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Tests cases added to validate behaviour of inspec exec with signed and unsigned profiles with --chef-allow-unsigned flag
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Refactored and moved delete_signing_keys to common helper library for tests
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Updated code comments for more information and clarity on security update of signed profiles inspec exec
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Test cases to validate inspec run with combination of signed and unsigned profiles
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Documented usage of flag --chef-allow-unsigned
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Renamed the flag to run unsigned profiles to --allow-unsigned
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Refactored logic on profile level for profile signing verification
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Renaming the argument variable - from runner_call to silent
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Added profile mandate check for other inspec commands running profile evaluation
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Updated error message for profile sign requirement
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Updated test helper to fix inspec json test
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Fixed inspec json ability to use cli options successfully
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Documentation added for signed profiles mandatory usage with CLI commands
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Flow changes of raising exception when unsigned instead of direct exit
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Renamed unsigned profile flags
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Extracted out allow unsigned condition to config and modified comment info
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Doc update on consent of using signed and unsigned profiles
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Fix in signing mandatin check and added additional check on runner for better error UI for exec command
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Removed repeated allow-unsigned-profile defination from exec_options
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Test fixes
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Enabled feature preview flag for mandatory signing
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Test fixes after feature flag usage for mandatory signing
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Doc changes using feature preview flag for mandatory signing feature
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Inspec exec tests fixes for ENV values and parallel test fix using default option --allow-unsigned-profile false
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Kitchen fix while using signed profiles with inspec
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Unit test fix for profile resource exception
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Virtual profile detection improved
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Move mandatory profile sigining info to sigining page
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Renamed flag from --allow-unsigned-profile to --allow-unsigned-profiles
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Typo fix in signing doc
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Trim note in cli.md about mandatory profile signing
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Docs changes
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* Correct docs regarding exit code 5
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
---------
Signed-off-by: Nik08 <nikita.mathur@progress.com>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
Co-authored-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Co-authored-by: Ian Maddaus <ian.maddaus@progress.com>
