Commit graph

1777 commits

Author SHA1 Message Date
Adam Leff
81bfdf2d55
Fix is_automate_server_080_and_later? call
Method name was incorrect (missing `?`) and also was missing
the required config parameter.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-19 21:07:58 -04:00
Seth Thomas
9f30fe1726 Fixing typo on method name
Signed-off-by: Seth Thomas <sthomas@chef.io>
2017-05-19 19:58:46 -04:00
Christoph Hartmann
b0ab35d941
throw an error during inspec check if the version is not correct
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-18 09:13:37 -04:00
Adam Leff
87e3c6c3a9
Release InSpec 1.25.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-05-17 13:36:15 -04:00
Christoph Hartmann
1aa223c99b return version as json
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-17 15:21:40 +02:00
Christoph Hartmann
5cc288d5df support new automate 0.8.0
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-17 15:02:08 +02:00
Christoph Hartmann
8b015f521a Merge pull request #1816 from chef/dr/source
bugfix: read source code if profile is in tgz/zip
2017-05-16 13:32:13 +02:00
Dominik Richter
b23c197202 bugfix: read source code if profile is in tgz/zip
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-16 13:19:25 +02:00
Adam Leff
6ebb62dc10 Merge pull request #1727 from elliott-davis/fix_postgres_resource
Update postgresql conf resource to accept include_dir as a string as well as an array
2017-05-15 22:03:23 -04:00
Adam Leff
162b0d8cb8
Release v1.24.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-05-11 14:46:20 -04:00
Adam Leff
a5e5cc0dec Merge pull request #1714 from aaronlippold/postgres-session-update
updated the psql command so that it does not print the headers and ex…
2017-05-11 14:34:05 -04:00
echohack
b5d0012679 minor ui fix
Signed-off-by: echohack <echohack@users.noreply.github.com>
2017-05-11 11:10:01 -07:00
Aaron Lippold
684d81d4c2 psql doesn't print headers + extra output + cconfigurable host + docs
Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-05-11 08:58:55 -04:00
Dominik Richter
d44b751603 add sha256 checksum to json
Fixes https://github.com/chef/inspec/issues/1658

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-11 09:52:28 +02:00
Adam Leff
2fef5202fa Merge pull request #1791 from elliott-davis/elliott/fixup_hab_plan
Update hab exporter to use inspec in path over calling to hab sup
2017-05-10 07:38:56 -04:00
Dominik Richter
169268740d add platform info to json formatter
As part of https://github.com/chef/inspec/issues/1661

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-10 10:13:18 +02:00
Elliott Davis
31645968e2 Update hab exporter to use inspec in path over calling to hab sup
Signed-off-by: Elliott Davis <edavis@chef.io>
2017-05-09 20:09:33 -05:00
Dominik Richter
39d35dd99f Merge pull request #1779 from aaronlippold/al/mysql-session-update
Al/mysql session update
2017-05-09 21:28:17 +02:00
Aaron Lippold
8bad7d896f updated to have feature parity with other sql resources
Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-05-09 14:56:05 -04:00
Nolan Davidson
8f0756812c Add support for Windows auth in mssql_resourcet
This adds supports for connecting to MS SQL instances using Window
authentication rather than SQL authentication.  By leaving either the
user or password parameters blank causes the sqlcmd to leave off the -U
and -P params.  This will cause sqlcmd to authenticate as the current
Windows user.

Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-05-09 17:17:07 +02:00
Adam Leff
a21bdc4a04 Handle parse errors for attrs/secrets
Inspired by #1640, this change cleans up the logic used when
reading in secrets files, provides clearer warnings when the
secrets files can't be parsed, and adds tests for those methods.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-09 13:44:33 +02:00
Dominik Richter
00682eb2d2 Merge pull request #1751 from nsdavidson/add-oracle-session
Add an oracle_session resource
2017-05-09 13:21:53 +02:00
Nolan Davidson
ba6745444e Renaming oracle_session to oracledb_session
Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-05-05 13:11:07 -04:00
Nolan Davidson
55beed4bc8 Resolving rubucop issues
Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-05-05 10:11:53 -04:00
Nolan Davidson
fbe7b8ddf8 Refactor to options hash and add unit tests
Switched the oracle_session resource to take an option hash and allow
for configuring hostname, DB_SID, and sqlplus binary path.

Added unit tests.

Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-05-05 09:29:38 -04:00
Adam Leff
eef4a574d8
Release v1.23.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-05-04 15:08:53 -04:00
Nathan L Smith
e3c62ec0dc Add command-line completions for fish shell
Since the command to enable them is different, also make that change in
the output based on the shell used.

Signed-off-by: Nathan L Smith <smith@chef.io>
2017-05-04 11:42:13 -05:00
Dominik Richter
5d1765c9bb add inspec.profile.file(...) for profile files
Fixes https://github.com/chef/inspec/issues/1396

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-05-03 20:39:27 +02:00
Christoph Hartmann
3b8801116f Merge pull request #1749 from chef/adamleff/fix-no-color
Make the --no-color flag work for inspec exec
2017-05-02 22:07:40 +02:00
Christoph Hartmann
735b505ecc Merge pull request #1735 from chef/rhass/hab-fixes
Habitat profile bug fixes and improvements
2017-05-02 20:27:38 +02:00
Nolan Davidson
57731e1e50 Changing oracle_session back to using escaped query.
Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-05-02 11:03:45 -04:00
Adam Leff
04c43c6834
Make the --no-color flag work for inspec exec
The CLI formatter is not currently honoring the --no-color flag
when outputting CLI output. This change cleans up how we format
with color and properly support the flag for use cases where
color-encoding characters make the output difficult to use
(i.e. when someone redirects CLI output to a text file for
sharing with others).

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-02 09:52:01 -05:00
Nolan Davidson
9cd69ce4af Add an oracle_session resource
This adds an oracle_session resource similar to the existing resource
for MySQL and MSSQL.  It assumes the sqlplus tool is installed and in
the path of the user InSpec connects as.

Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-05-02 10:50:20 -04:00
Adam Leff
6ed5379134 Error and exit when using --sudo locally
Running `inspec exec` with --sudo locally produces unintended results
given that we cannot escalate local Ruby methods after we're already
running. --sudo is meant to only be used with remote targets. We do
not currently enforce that.

This change will print an error for the user if they attempt to use
--sudo with a local exec and exit non-zero.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-02 12:41:02 +02:00
Dominik Richter
0651a36346 Merge pull request #1746 from chef/adamleff/fix-xinetd
Fix xinetd resource failing when file cannot be read
2017-05-02 11:43:31 +02:00
Adam Leff
bc2458bf5a
Fix YAML resource documentation
The `yaml` resource documentation was missing many clues that users
need to successfully use the resource.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-01 16:16:00 -05:00
Adam Leff
6819940067
Fix xinetd resource failing when file cannot be read
The file resource's `#content` method will return nil if the file
cannot be read for permissions issues. If you try to run a profile
that uses the `xinetd` resource without sudo privileges, InSpec
would try to call `#empty` on nil.

This change fixes this issue by checking for nil before checking
for emptiness.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-01 15:59:07 -05:00
Ryan Hass
99ebae186b Fix exit status check in hab run hook generator.
The exit status would never return "InSpec run completed successfully"
since the value of $RC was always an integer which never was prefixed
with an "x". This checks the return directly since we currently do not
have any complex logic which warrants the need to check different
return status values where a prefixed return code is necessary.

Signed-off-by: Ryan Hass <rhass@users.noreply.github.com>
2017-04-28 11:54:13 -07:00
Ryan Hass
4622de7a28 Update habitat plan and hook generators
* Fixed bug with install step where profile would include the .hart
  files from previous builds.
* Updated the generated plan to support plan.sh syntax changes in
  habitat 0.21.0 and later by removing the `pkg_source` and the
  `do_download`, `do_verify`, and `do_unpack` overrides.
* Updated the generate run hook to leverage habitat to perform most of
  the origin, package name, and path variable interpolations.

Signed-off-by: Ryan Hass <rhass@users.noreply.github.com>
2017-04-28 09:31:11 -07:00
Christoph Hartmann
ed137ae052 Merge pull request #1737 from chef/dr/deprecation-messages
rename old deprecations that were meant for 1.0
2017-04-28 12:40:13 +02:00
Dominik Richter
144dede6eb rename old deprecations that were meant for 1.0
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-28 12:09:24 +02:00
Adam Leff
a1769cc01b
Update inspec.io references in docs/code
The website is now at https://www.inspec.io - updating all inspec.io
references accordingly. :)

Signed-off-by: Adam Leff <adam@leff.co>
2017-04-27 18:05:51 -04:00
Adam Leff
2c5668ef16
Release v1.22.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-04-27 17:27:58 -04:00
Elliott Davis
27d04b56d7 Update postgresql conf resource to accept include_dir as a string as well as an array
Even though I couldn't find any docs around include_dir accepting anything other than a string I left the existing functionality alone.
This forces include_dir to check multiple directories as well as single string directories for additional conf files.

Signed-off-by: Elliott Davis <edavis@chef.io>
2017-04-27 10:26:06 -05:00
Adam Leff
42797b4231 Add matchers help to shell, clean up help output
A new `help matchers` command will provide helpful examples on a few
of the standard matchers: be, cmp, include, etc.

I also cleaned up the formatting of the resources list and provided
better feedback if a user requests help for an unknown resource.

Resolves #1684

Signed-off-by: Adam Leff <adam@leff.co>
2017-04-27 01:16:39 +02:00
Dominik Richter
1dafe50bd9 rename SimpleConfig / parse_config / parse_config_file options
See https://github.com/chef/inspec/issues/1709
Fixes https://github.com/chef/inspec/issues/1709

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-26 23:18:40 +02:00
Dominik Richter
8e5fbb9e02 provide inspec.version information
as a friendly shortcut and a native call within profiles

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-26 13:07:32 +02:00
Dominik Richter
8b7ef09f85 provide the inspec keyword
Instead of my favorite shortcut of `os.inspec` just finally add it as a global keyword.

Preparation for https://github.com/chef/inspec/issues/1396

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-26 12:30:31 +02:00
Dominik Richter
50e1c76fce print and prettyprint the inspec backend class
This is always bothersome when debugging code and drilling down objects, since it will just a return a two-layer anonymous class with no help at all.
Instead print a nice name and even give a bit of information on pretty-printing (which pry does naturally)

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-26 12:04:01 +02:00
Dominik Richter
c5101e5ef0 pretty-print multiline control descriptions
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-25 17:12:30 +02:00
Dominik Richter
37a2e45cd1 bugfix: unindent description misbehaviors
Unindent has been misbehaving for control `desc`riptions by completely removing newlines. This is now fixed and the unindentation mechanism improved to behave as expected.

Removing empty lines at the beginning and end of string remains unchanged.
Tabs are not treated as multi-space indentations; supporting them as 8-space chars would require additional effort (please comment if this is important to you)

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-25 13:21:38 +02:00
Christoph Hartmann
b3cdc6ba04 handle json parse errors in docker resource
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-04-25 12:02:26 +02:00
Dominik Richter
37a778173d inspec control.to_ruby to respect newlines
I.e. instead of printing them as:

```
desc "hello\nworld"
```

it would instead do:

```
desc "hello
world"
```

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-25 10:34:45 +02:00
Adam Leff
e352deb6ef
Release 1.21.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-04-24 16:27:27 -04:00
Christoph Hartmann
218bda9c34 Docker resource (#1566)
* add docker, docker_container, and docker_image resources

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-04-24 10:47:03 -04:00
Dominik Richter
f731cbca92 bugfix: solve warn on uninitialized
@expectation was analyzed without initializeation, leading to ruby errors. fix it

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-22 12:35:56 +02:00
Christoph Hartmann
b03ee9d0ba Merge pull request #1681 from Happycoil/add-windows-user-groups
fetch user groups while building user object
2017-04-21 11:00:49 +02:00
Tor Magnus Rakvåg
1c5b35c890 you -> your
Obvious fix.
2017-04-20 17:43:33 +02:00
Tor Magnus Rakvåg
96bb596bc4 fetch user groups while building user object
Signed-off-by: Tor Magnus Rakvåg <tm@intility.no>
2017-04-20 16:02:21 +02:00
Tyler Ball
488ef492de Merge pull request #1663 from chef/ER-508/extending_http_resource
ER-508 Extended http resource to support no ssl verification
2017-04-18 14:25:10 -06:00
Adam Leff
0fe13fd0af Merge pull request #1668 from chef/chris-rock/fix-help-sshd-config
fix sshd config help
2017-04-18 15:04:07 -04:00
Adam Leff
6f57af7579 Merge pull request #1669 from chef/chris-rock/fix-web-reference
fix web reference url
2017-04-18 15:02:25 -04:00
Elizabeth Uselton
d376a6a881 ER-508 Extended http resource to support no ssl verification
We needed to be able to run inspec against endpoints with self signed certificates and this was the quickest way for us to get there.

Signed-off-by: Elizabeth Uselton <elizabeth.uselton@gmail.com>
2017-04-18 19:01:57 +02:00
Christoph Hartmann
b93aa0715b fix web reference url
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-04-18 12:04:59 +02:00
Christoph Hartmann
438a1c52ab fix sshd config help
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-04-18 12:01:55 +02:00
Adam Leff
7a71719f13 Move Habitat sleep time to config file
Because the sleep_time is not written to a config file but instead
only rendered into the run hook, hab-sup doesn't restart the running
process upon any config updates. This change moves the sleep_time to
a settings config file which is read in by the run hook. This will
allow Habitat to restart the InSpec process whenever a user changes
the sleep time.

I also cleaned up the non-zero exit error message to give the user
a better indication as to why the run may have "failed."

Signed-off-by: Adam Leff <adam@leff.co>
2017-04-14 12:01:25 -04:00
Adam Leff
17d611c053
Release 1.20.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-04-13 11:37:23 -04:00
Ryan Gerstenkorn
5e0cab08a0 Add OSX support for host resource (#1608)
* Add OSX support for host resource

Signed-off-by: Ryan Gerstenkorn <ryan_gerstenkorn@fastmail.fm>
2017-04-13 11:32:04 -04:00
Christoph Hartmann
effd0dd9f8 harmonize compliance profiles view with supermarket views (#1654)
* harmonize profiles view with supermarket plugin

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-04-13 11:24:17 -04:00
Adam Leff
9b472e1b59
Habitat packages should run as root
Many InSpec resources require root access to properly scan. Let's
default the run user to root until we need to accommodate different
options.

Signed-off-by: Adam Leff <adam@leff.co>
2017-04-13 10:34:47 -04:00
Adam Leff
c70824d0c8 Merge pull request #1647 from jeremymv2/jeremymv2/automate_dependency_profiles
allow Automate profile dependencies
2017-04-12 15:42:31 -04:00
Adam Leff
2376cba73f Merge pull request #1646 from jeremymv2/jeremymv2/fix_validate_backend_error
pass options hash sans target key
2017-04-12 15:41:58 -04:00
Christoph Hartmann
29e286fee6 Merge pull request #1639 from chef/dr/rabbitmq_config
add `rabbitmq_config` resource
2017-04-12 21:19:15 +02:00
Dominik Richter
02e435b6d0 add rabbitmq config resource
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-12 20:51:12 +02:00
Adam Leff
da56a08f74 Fix gem resource on Windows
RubyGems on windows comes with a batch file that wraps the `gem` command
so it executes correctly. This change uses that batch file for windows
for our `gem` resource, and also properly handles when we receive no output
from the command.

Signed-off-by: Adam Leff <adam@leff.co>
2017-04-12 17:34:16 +02:00
Christoph Hartmann
01eb102079 add support for hostname detection on macOS
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-04-12 12:57:45 +02:00
Christoph Hartmann
4c64bafb51 Merge pull request #1624 from supergicko/sni-power-for-ssl
Adding SNI utilization to ssl resource
2017-04-12 11:07:27 +02:00
Jeremy J. Miller
735b67ab8a allow Automate profile dependencies
Signed-off-by: Jeremy J. Miller <jm@chef.io>
2017-04-11 16:45:24 -04:00
Jeremy J. Miller
c73417e0ae pass options hash minus target key
Signed-off-by: Jeremy J. Miller <jm@chef.io>
2017-04-11 14:39:46 -04:00
Adam Leff
231698808c
Release 1.19.2 patch release
Signed-off-by: Adam Leff <adam@leff.co>
2017-04-07 10:36:38 -04:00
Adam Leff
a8ffe449ff
Add helper methods, tests for registry key path building
Broke out some of the conditional logic in the `#initialize`
method into helper methods and added tests.

Signed-off-by: Adam Leff <adam@leff.co>
2017-04-07 10:09:51 -04:00
Christoph Hartmann
6f6f3985a6 fix #1131 circumvent bug in powershell where string are not properly handled
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-04-07 10:57:02 +02:00
supergicko
e3c695e8e9 Adding SNI utilization to ssl resource
SSL resource now adds the servername option in client hello,
utilizing the the great work of @adamcaudill to support
SNI in sslshake [1]

[1] https://github.com/arlimus/sslshake/pull/5

Signed-off-by: Christoph Kappel <kappel.christoph@gmail.com>
2017-04-07 09:34:44 +02:00
Christoph Hartmann
90b985a7c1 fix #1268 and allows registry key resource with leading backslash
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-04-06 23:30:10 +02:00
Adam Leff
24ab12e5b5
Releasing v1.19.1
Signed-off-by: Adam Leff <adam@leff.co>
2017-04-04 15:22:16 -04:00
Adam Leff
5a2a20dc3e
Releasing v1.19.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-04-04 11:06:16 -04:00
Doc Walker
692e660140 Fix #1617 Add dh_params resource (#1618)
* Fix #1617 Add dh_params resource

Signed-off-by: Doc Walker <4-20ma@wvfans.net>
2017-04-04 10:34:09 -04:00
Adam Leff
73d46f9c49
Replace Nokogiri with REXML in the JUnit formatter
In #1454, we welcomed a newly-revamped JUnit formatter which has
a dependency on Nokogiri. Unfortunately, this had led us to problems
getting InSpec included in Chef omnibus builds (see chef/chef#5937)
because Chef is using Ruby 2.4.1 and the Nokogiri maintainers have
not yet released a windows binary gem that supports Ruby 2.4.x.
This has led to breaking builds in Chef's CI platform and would
block the acceptance of chef/chef#5937.

This change replaces Nokogiri use with REXML instead. While REXML
can be slower than Nokogiri, it does not require native extensions
and is supported on all Chef platforms.

Signed-off-by: Adam Leff <adam@leff.co>
2017-04-03 14:51:48 -04:00
Adam Leff
68a930f141 Merge pull request #1406 from carldjohnston/apache_conf-symlinks
Allow apache_conf to include symlinked configuration files
2017-04-03 10:38:22 -04:00
Adam Leff
76420432e0
Release v1.18.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-03-30 11:25:58 -04:00
Ryan Larson
0e187f6117 Feature/fix ability to pass in supermarket url (#1595)
* Enable customization of supermarket_url

It looks like this was originally supposed to work, but at some point
the default value was put in the method body rather than in the method
parameters.

This change allows you to configure the supermarket_url in test kitchen
like so:

```
verifier:
  inspec_tests:
  - name: linux-hardening
    supermarket: som3guy/apache-disa-stig
    supermarket_url: https://my.supermarket.com
```

Signed-off-by: Ryan Larson <ryan.mango.larson@gmail.com>
2017-03-29 12:42:24 -04:00
Adam Leff
7df9674e42 Remove method_missing, provide methods for repo metadata
Instead of method_missing, methods for each output item from
`yum repolist` are provided.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-29 10:42:25 +02:00
Adam Leff
1cf80737ad Yum resource fix for non-existent repos and repo info
If a repo did not exist, running matchers against it (such as `exist`)
were failing due to a bug in `#to_s` when fetching the repo name. The
`info` method would return nil and we'd still try to treat it as a hash.

This change ensures that info is always a hash, possibly empty if the
repo doesn't exist, and uses the repo name provided by the user rather
than shortening it to be consistent with our other resources which don't
manipulate the user input in the formatter.

Also added a method_missing to allow users to interrogate repo options,
such as baseurl or gpgcheck.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-29 10:42:25 +02:00
Adam Leff
96d18435a4 Update CLI output, adjust tests
The CLI output for the vendoring of profiles has been updated slightly
to be more clear, and the functional tests have been modified to match
as well.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-29 10:22:20 +02:00
Adam Leff
e1c664272e Break out profile vendor activities into separate class
Per PR feedback, `Inspec::ProfileVendor` is created to centralize
the logic and data of vendoring profile dependencies. The `BaseCLI`
class and the `Habitat::Profile` class have been modified to use it

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-29 10:22:20 +02:00
Adam Leff
8269d0da9e Support vendored profiles in Habitat-packaged profiles
This change adds support in Habitat-packaged profiles for
profiles that depend on other profiles. When `inspec habitat
profile create` or `inspec habitat profile upload` is run,
it will see if the profile's dependencies have been vendored
yet, and if not, it will vendor them before creating the
habitat artifact.

For the git and URL fetchers, more explicit creation of the
target directories for the vendored profiles is done. This
is implicitly done via normal CLI interactions a user may
go through, but in our case, we want to ensure those directories
are there before the fetchers try to write out content.

By adding this support, we also fix a bug experienced in Habitat
where a profile that was packaged before an `inspec exec` was run
for the profile would cause a failure in Habitat. This is caused
by `inspec exec` doing a vendor of the dependencies if necessary
and generating the inspec.lock file. In Habitat, the package dir
is not writable by the hab user and InSpec would fail to run due
to an inability to write out an inspec.lock.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-29 10:22:20 +02:00
Adam Leff
8e693a4ad9 Fix port resource for invalid IP address in netstat output
Netstat will sometimes output an IPv6 address that is not
formatted correctly; the address is either truncated or uses
or implies the `::` shorthand notation twice. This yields an
invalid IPv6 address and causes IPAddr.new to choke.

This change guards against invalid IP addresses and ensures they
do not end up in the port resource's entries list.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-29 08:33:50 +02:00
Adam Leff
90b0ce08c5 Remove errant puts in inspec habitat CLI command
Left a `puts` behind during some testing that made its way into
a PR. Removing it!

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-28 22:57:08 +02:00
joe.nuspl
1ab80ea052 Extend gem to take an optional gem_binary
Allows one to test whether gems are installed into an omnibus environment.

Signed-off-by: Joe Nuspl <nuspl@nvwls.com>
2017-03-24 22:28:42 -07:00
Adam Leff
73e3bfda7a Merge pull request #1544 from chef/adamleff/hash-values-in-simpleconfig
Provide a method-based accessor for SimpleConfig hashes
2017-03-22 15:46:58 -04:00
Christoph Hartmann
7c11ff9280 add tag object (#1590)
* add tag object

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>

* add tests for to_hash function in tag

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-03-22 13:41:44 -04:00
Christoph Hartmann
9de56d25f7 Merge pull request #1589 from mr-exz/yaml-bug-file-name
Support YAML attributes files ending in .yaml
2017-03-22 14:36:26 +01:00
Christoph Hartmann
d2f000e435 refactor x509 resources and rsa key
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-03-22 11:44:32 +01:00
Richard Nixon
f66f0b3a18 Initial support for x509_certificate and rsa_key
* Includes unit tests
* Includes 2 new resources
* Includes documentation

Signed-off-by: Richard Nixon <richard.nixon@btinternet.com>
2017-03-22 10:00:48 +01:00
Dominik Richter
738bae0db8 add inspec json schema validation to functional tests
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-03-22 09:42:36 +01:00
Dominik Richter
c620cbf69e add inspec min json generator 2017-03-22 09:42:36 +01:00
Dominik Richter
55daa24cbc add json schema and generator 2017-03-22 09:42:36 +01:00
mr.exz
38c9648eb4 add fix
Signed-off-by: mr.exz <root@exzec.ru>
2017-03-22 08:17:18 +03:00
Adam Leff
66095722c8 release 1.17.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-03-21 15:00:26 -04:00
John Kerry
d4a0ae4549 removing an unnecessary require of the rspec junit formatter
Signed-off-by: John Kerry <john@kerryhouse.net>
2017-03-19 22:07:19 -04:00
mr.exz
4647664d56 solve #1569 2017-03-19 00:00:49 +03:00
Adam Leff
ea7c0c493e Provide a method-based accessor for SimpleConfig hashes
When SimpleConfig parses a config file that has sections, such as a mysqld
config file, the values within that section are returned via a Hash. However,
we do not provide an easy way to write tests for those deep hash values:

```
describe mysql_conf('/tmp/my.cnf') do
  its('mysqld.expire_logs_days') { should cmp 10 }
end

  MySQL Configuration
     ∅  undefined method `expire_logs_days' for #<Hash:0x007fe463795a00>
```

This change provides a method-based accessor for Hashes that are built via
SimpleConfig.

```
describe mysql_conf('/tmp/my.cnf') do
  its('mysqld.expire_logs_days') { should cmp 10 }
end

  MySQL Configuration
     ✔  mysqld.expire_logs_days should cmp == 10
```

Fixes #1541 by changing the way the attributes are fetched.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-15 14:49:16 -05:00
Adam Leff
4f2b66302d Fix ObjectTraverser when accessing array values
When attempting to access array values via the `json` resource:

```
describe json('/tmp/test.json') do
      its(['array',0]) { should eq "zero" }
end
```

... the resulting data would be an array of the size of the original array
with all the values replaced with nils:

```
     expected: "zero"
          got: [nil, nil, nil]
```

This was due to a bug in the ObjectTraverser mixin that mapped array values
back through `extract_value` rather than properly handling the passed-in
key(s). This worked fine for the specific data format created by the `csv`
resource but did not work `json` or any other resource that subclassed the
`JsonConfig` resource.

This change fixes the logic when dealing with an array when it's encountered,
and fixes up the `csv` resource with its own `value` method.

This change also adds tests for ObjectTraverser.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-15 11:35:55 +01:00
Adam Leff
8155357d0a Add additional example for matching crontab commands
As raised in #1526, adding an additional example showing how
a user can use the `where` accessor to find commands matching
a pattern and write a test using the results.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-14 22:16:39 +01:00
Adam Leff
546486ff6a Merge pull request #1550 from chef/chris-rock/upstart-fallback
try to use sysv fallback if is not producing proper output
2017-03-09 17:25:29 -05:00
Adam Leff
dfce561276 Provide better error message when inspec.yml is invalid
Currently, if the inspec.yml for a profile is invalid (such as including
an improperly-defined multi-line string), InSpec will throw an exception
from the YAML parser that does not given a clear indication that the
issue was encountered while parsing the inspec.yml file.

This change introduces a better exception message to clue the user into
where the problem actually lies.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-09 18:03:01 +01:00
Christoph Hartmann
8b1619b60e try to use sysv fallback if is not producing proper output
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-03-08 21:52:52 +01:00
Adam Leff
037f08beb2 Fixing port check with v4 IPs in a v6 netstat line
On Linux, netstat may show a tcp6/udp6 protocol line but include a
v4 address. This happens with AF_INET6 sockets that can accept
both v4 and v6 traffic. The port check was not properly handling
this situation and trying to pass a v4 address to URI bracketed as
if it was a v6 address.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-06 22:03:41 -07:00
Adam Leff
45f242e122 releasing 1.16.1 with a bug fix and omnibus fix
Signed-off-by: Adam Leff <adam@leff.co>
2017-03-06 11:58:00 -07:00
Makoto Nozaki
f913b56ffc Avoid connection timeout of "inspec version" (#1538)
* Add open_timeout to NET::HTTP.start call
Signed-off-by: Makoto Nozaki <makoto.nozaki@twosigma.com>

* Code cleanup based on the discussion at #1538
Signed-off-by: Makoto Nozaki <makoto.nozaki@twosigma.com>
2017-03-06 09:23:42 -07:00
Adam Leff
9550137605 Write Habitat-driven InSpec output to svc_var directory
When running a InSpec profile built with Habitat, we now
write the formatter/reporter data to a JSON file in the
pkg.svc_var_path rather than STDOUT. This will allow for
programmatic collection of this data and future enhancements
to allow this data to be passed around a Habitat ring.

This also corrects an issue creating a Habitat profile if the
profile had never been in the local InSpec cache. By setting a
mock Backend when creating the profile object, similarly to what
the archivers do, this issue is avoided.

Signed-off-by: Adam Leff <adam@leff.co>
2017-03-02 17:45:16 -05:00
Adam Leff
7154b6b95f Merge pull request #1530 from chef/1.16.0
1.16.0
2017-03-02 15:39:34 -05:00
Adam Leff
14d6678c82 1.16.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-03-02 15:17:55 -05:00
Adam Leff
6bd66df014 Merge pull request #1511 from carldjohnston/oracle-linux-service-resource
Added oracle linux to rhel platform section of 'service' resource.
2017-03-02 07:00:56 -05:00
Christoph Hartmann
71cc62c757 use -- for description of inspec login_automate
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-03-02 12:30:33 +01:00
Carl Johnston
316c994cc5 Added oracle linux to rhel platform section.
Broken when chef/train was fixed to detect oracle linux correctly.

Signed-off-by: Carl Johnston <carldjohnston@gmail.com>
2017-03-02 22:07:16 +11:00
Christoph Hartmann
be529dcea6 Merge pull request #1513 from postgred/kernel_module_centos
Fix kernel_module for centos/redhat
2017-03-02 09:27:10 +01:00
Adam Leff
f4b1a350ce Merge pull request #1501 from jbenden/jbenden/freebsd-zfs
Add FreeBSD support for ZFS datasets and pools
2017-03-01 13:06:44 -05:00
Adam Leff
19f114deea Merge pull request #1454 from jkerry/FunctionalJUnitReporter
Functional JUnit reporter
2017-02-27 12:00:36 -05:00
Adam Leff
d3f7de3134 Merge pull request #1519 from chef/v1.15.0
1.15.0
2017-02-27 11:29:44 -05:00
Adam Leff
1485debdde 1.15.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-02-27 11:21:39 -05:00
John Kerry
e0ae7eb161 correcting a typo, anonymnous -> anonymous
Signed-off-by: John Kerry <john@kerryhouse.net>
2017-02-25 00:44:23 -05:00
jkerry
927a12c574 resolving old junit unit tests with the new format. Adding a skipped test node as a result 2017-02-25 00:44:23 -05:00
John Kerry
1f92268aa2 Converting the junit reporter to use nokogiri on top of the json reporter output hash 2017-02-25 00:44:23 -05:00
Adam Leff
91396d2029 Merge pull request #1488 from chef/adamleff/fix-multiple-flat-profiles
Generate default profile names, fix bug when using multiple flat profiles
2017-02-24 16:59:31 -05:00
Andrey Aleksandrov
70c33eb606
Remove os.family from kernel_module
Signed-off-by: Andrey Aleksandrov <postgred@gmail.com>
2017-02-24 23:30:00 +03:00
Christoph Hartmann
26dc4e7356 Merge pull request #1510 from trickyearlobe/fix_windows_output_formatting
Fix formatting and colors on Windows
2017-02-24 16:36:44 +01:00
Andrey Aleksandrov
82cf2baadd
fix syntax
Signed-off-by: Andrey Aleksandrov <postgred@gmail.com>
2017-02-24 16:55:20 +03:00
Andrey Aleksandrov
8fb6bd5c66
Fix kernel_module for centos/redhat
Signed-off-by: Andrey Aleksandrov <postgred@gmail.com>
2017-02-24 14:32:57 +03:00
Carl Johnston
efa1b951ab Merge remote-tracking branch 'origin/master' into apache_conf-symlinks 2017-02-24 16:07:02 +11:00
Richard Nixon
ee87dfb405 Fix formatting and colors on Windows
Fixes issue #1508

* Windows terminals don't support extended ANSI colours. Use basic + intensity
* Windows terminals don't support UTF-8 well so don't use special characters

Other OS'es get what they had before.

Signed-off-by: Richard Nixon <richard.nixon@btinternet.com>
2017-02-24 01:34:49 +00:00
Adam Leff
0342cca62e Adding a Habitat profile artifact creator
Two new commands have been created:

 * inspec habitat profile create /path/to/profile
 * inspec habitat profile upload /path/to/profile

The `create` command creates a Habitat artifact that contains the contents
of the Habitat profile found at the provided path. This will be used later
in some Habitat + InSpec integrations.

The `upload` command does the same create process but then uploads the
resulting artifact to the Habitat Depot.

Signed-off-by: Adam Leff <adam@leff.co>
2017-02-23 18:25:22 -05:00
Joseph Benden
1fdecc6680 Add FreeBSD support for ZFS datasets and pools
The following new resources have been added; however, they
presently only support FreeBSD and similar.

* `zfs_dataset`: tests if a named ZFS dataset is present
  and/or has certain properties.
* `zfs_pool`: tests if a named ZFS pool is present and/or
  has certain properties.

Additionally, the `mount` resource has been reworked to
include support for FreeBSD; while the existing class
was renamed to LinuxMountParser.

Unit-tests were added for all of the above.

Signed-off-by: Joseph Benden <joe@benden.us>
2017-02-22 10:29:49 -07:00
Adam Leff
bf07a58ed7 Merge pull request #1489 from chef/adamleff/doc-fix
Doc fix for SourceReaders::InspecReader
2017-02-15 09:28:39 -05:00
Alex Pop
88975bff2a Switch package resource to os.redhat detection and use two spaces as fileds delimited
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-15 11:07:10 +00:00
Alex Pop
fae96f6249 Add RedHat support for packages resource
Fix dpkg trimming of first line
Signed-off-by: Alex Pop <apop@chef.io>
2017-02-15 11:07:10 +00:00
Adam Leff
bc7db89d70 Provide target info on shell invocation
When in inspec shell, you need to type the `help` command to find out info
about your target system. This info would be super helpful right out of the
gate so users have confidence that they're targeting the correct system.

The target info is still available via the `help` command as it always has
been, as well.

Signed-off-by: Adam Leff <adam@leff.co>
2017-02-14 14:46:47 +01:00
Adam Leff
7e64c99738 Doc fix for SourceReaders::InspecReader
The inline docs for SourceReaders::InspecReader#new state that it takes
a SourceReader object for the target... but we're trying to create the
SourceReader object! It actually takes a FileProvider object that is
capabile of listing files for the given profile and reading them.

Signed-off-by: Adam Leff <adam@leff.co>
2017-02-13 13:19:22 -05:00
Adam Leff
d0bc085412 Generate default profile names, fix bug when using two-or-more flat profiles
When running InSpec with multiple profiles, and two or more of the profiles
are read in using the "Flat" SourceReader (i.e. they are not actual profiles
with a metadata file like inspec.yml, but rather just a folder containing
.rb files with controls and tests in them), InSpec would throw a NilClass
error when building the necessary objects for the formatter.

The cause was in `#profile_contains_example` in the formatter code which
checks to see if the profile name is the same as the profile_id in the given
example. However, if both of those were nil, it would potentially match the
wrong Flat-read profile.

This change fixes this in two ways: refusing to match if the profile name
or example profile ID is nil, and adding a default name to a profile if
it doesn't have a title or name. This will solve the matching issue and also
clean up the formatter output so users can more easily tell what tests
are from which profile/path.

Signed-off-by: Adam Leff <adam@leff.co>
2017-02-13 13:07:41 -05:00
Adam Leff
417b791baa Adding new crontab resource
The crontab resource parses a particular user's crontab file into
individual entries and allows the user to assert information about
each entry as needed.

Signed-off-by: Adam Leff <adam@leff.co>
2017-02-10 09:33:31 -05:00