Commit graph

1315 commits

Author SHA1 Message Date
Dominik Richter
d41d6ef4e0 add metadata from profile to summary 2016-03-18 02:42:53 +01:00
Dominik Richter
040b2eac8e add --format fulljson formatter 2016-03-18 02:42:53 +01:00
Dominik Richter
76fe4483d4 feature: add tags and refs 2016-03-18 01:42:26 +01:00
Dominik Richter
b7e438eabc add a mock fetcher 2016-03-17 23:37:09 +01:00
Dominik Richter
c1d2da5bf3 ensure fetchers test against strings 2016-03-17 23:37:09 +01:00
Adam Leff
0acd926dbd adding named resource registry classes 2016-03-17 15:58:20 +01:00
Dominik Richter
4676b5eedd dont generate pretty json by default
we have jq for that!
2016-03-17 15:41:57 +01:00
Victoria Jeffrey
08616f50d0 Add title, description, code, and source_location to example metadata 2016-03-17 15:22:57 +01:00
Dominik Richter
16c3c00482 bugfix: prevent duplicate loading of library files 2016-03-17 14:43:52 +01:00
Dominik Richter
f7c2fa4392 functional tests for inspec detect + version + exec 2016-03-17 10:21:38 +01:00
Dominik Richter
0218f1f3ca feature: --output on archive 2016-03-17 10:21:38 +01:00
Dominik Richter
e3991a2025 bugfix: inspec archive with profile path for inheritance 2016-03-16 20:32:02 +01:00
Dominik Richter
641572ec7f move CLI components to lib/inspec/cli
This makes it easier for other applications to include this component. require from bin/inspec just doesnt behave (or needs workarounds)
2016-03-16 08:17:04 +01:00
Victoria Jeffrey
7f27c33e1f add output stream to rspec configuration 2016-03-09 15:12:22 +01:00
Dominik Richter
f94330154e 0.15.0 2016-03-09 10:58:21 +01:00
Dominik Richter
24ffdf0478 descope calls to global File
This is just for simplicity. I expect other users to make the same mistake when using it, so I would rather our tests crash if we have this type of conflict again and prevent it in the first place. Renaming File to FileResource should take care of all important places
2016-03-09 10:48:54 +01:00
Dominik Richter
844580074d rename internal OS -> OSResource 2016-03-09 10:48:54 +01:00
Dominik Richter
387415859e rename internal File -> FileResource 2016-03-09 10:48:48 +01:00
Dominik Richter
9cb2bc5dec Merge pull request #526 from chef/adamleff/resource-namespace
Placing all resources in the Inspec::Resources namespace
2016-03-09 10:29:11 +01:00
Adam Leff
577688a3a0 Placing all resources in the Inspec::Resources namespace
Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix.

Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes.

I strongly recommend viewing this diff with `git diff --ignore-space-change`
to see the *real* changes. :)
2016-03-08 13:40:16 -05:00
Dominik Richter
e89738c5f7 0.14.9 2016-03-08 17:52:55 +01:00
Dominik Richter
ccf2694940 bugfix: inheritance of local profiles 2016-03-08 14:59:14 +01:00
Dominik Richter
90f2212ed5 add color output + make default 2016-03-07 22:21:31 +01:00
Dominik Richter
b831b62a90 make controls selectable 2016-03-06 23:54:28 +01:00
Dominik Richter
f6bd7ed3b8 unify exec options 2016-03-06 15:07:12 +01:00
Dominik Richter
ae08fe2f84 0.14.8 2016-03-04 16:50:51 +01:00
Dominik Richter
903b0597d9 expose control impacts in json 2016-03-04 16:30:10 +01:00
Christoph Hartmann
53a2333c20 0.14.7 2016-03-01 21:33:03 +01:00
Christoph Hartmann
d4554771da adds a insecure option for the compliance plugin to work with self-signed ssl 2016-03-01 20:51:23 +01:00
Christoph Hartmann
9605cfe3e8 0.14.6 2016-03-01 17:04:25 +01:00
Christoph Hartmann
bc2cde6b29 make supermarket command more robust 2016-03-01 13:26:36 +01:00
Alex Pop
051ac89376 make PROFILE required and update usage info 2016-03-01 10:27:22 +00:00
Christoph Hartmann
acdae94201 add missing supermarket loader 2016-02-29 19:28:53 +01:00
Christoph Hartmann
593df248b4 0.14.5 2016-02-29 13:47:55 +01:00
Dominik Richter
9449afcb3d 0.14.4 2016-02-26 17:42:06 +01:00
Dominik Richter
7cdb710e5e dont crash on empty metadata during finalize 2016-02-26 16:56:36 +01:00
Dominik Richter
e617f74bcd filter xinetd fields by regex 2016-02-26 14:46:51 +01:00
Dominik Richter
4a39275fc0 add xinetd_conf resource 2016-02-26 13:19:16 +01:00
Dominik Richter
3ae50adae9 feature: conditional OR via describe.one
```
describe.one do
  describe command("uname -r").stdout do
    it { should_not match /x86_64/ }
  end
  describe test_sth_for_x64_processors do
    ...
  end
end
```
2016-02-25 14:30:23 +01:00
Dominik Richter
4020229914 bugfix: standalone describe without block
i.e. make sure it doesnt crash just because no block was given due to source/line detection.

also return the result of the rule's delegated describe call and not the rule itself to the outer method. this is for consistency (and the following commits)
2016-02-25 11:03:53 +01:00
Dominik Richter
78d119beaf 0.14.3 2016-02-24 17:11:41 +01:00
Dominik Richter
40b3af86f8 bugfix: catch fetcher.abs_path(nil) 2016-02-24 16:07:00 +01:00
Dominik Richter
b75ba7d345 throw fetcher and reader errors in profile detection 2016-02-24 15:55:47 +01:00
Christoph Hartmann
681f817992 enable cmp matcher to catch the case where expected is a number string, and actual is a number 2016-02-23 22:18:16 +01:00
Dominik Richter
47b0d97313 0.14.2 2016-02-22 21:20:56 +01:00
Christoph Hartmann
9ea68471e5 fix cc upload 2016-02-22 21:14:50 +01:00
Dominik Richter
926023de91 load plugins in the same gem installation 2016-02-22 21:01:07 +01:00
Christoph Hartmann
a31da47791 0.14.1 2016-02-22 18:47:37 +01:00
Christoph Hartmann
0c02a30dc5 ignore pax_global_header as valid file 2016-02-22 18:16:07 +01:00
Dominik Richter
7c377a0ab0 0.14.0 2016-02-22 12:53:27 +01:00
Stephan Renatus
01d7d5bf8a fetchers/tar: slight simplification 2016-02-22 12:06:42 +01:00
Stephan Renatus
356995bd7b plugins/fetcher: remove attr_reader shadowing 2016-02-22 12:06:42 +01:00
Dominik Richter
33b2876d7c fix tests and lint 2016-02-22 12:06:42 +01:00
Dominik Richter
d44af5dcc7 bugfix: dont set ID for profile params too early 2016-02-22 12:06:42 +01:00
Dominik Richter
37ec3cf6f2 migrate load-path hooking for legacy modes 2016-02-22 12:06:42 +01:00
Dominik Richter
d065794d96 remove old target interface 2016-02-22 12:06:42 +01:00
Dominik Richter
82195d82d6 make url fetcher less restrictive on file-endings 2016-02-22 12:06:42 +01:00
Dominik Richter
5cabb7d273 migrate inspec-supermarket target to fetcher 2016-02-22 12:06:37 +01:00
Dominik Richter
9c3f336d06 migrate inspec-compliance target to fetcher 2016-02-22 11:24:36 +01:00
Dominik Richter
e4c3c9370b fix detection with new profile/runner scheme 2016-02-22 11:24:36 +01:00
Dominik Richter
07ae2afd3b bugfix: generate archive in current folder
instead of e.g. the rubygems location somewhere on the system
2016-02-22 11:24:36 +01:00
Dominik Richter
1e1e473cb0 replace target-helper with fetcher+reader 2016-02-22 11:24:35 +01:00
Dominik Richter
202a781f6a fail on incorrect metadata of url download 2016-02-22 11:24:35 +01:00
Dominik Richter
c79d9f7777 add flat source reader 2016-02-22 11:24:35 +01:00
Dominik Richter
c9d1272f49 add relative fetcher
This helps reduce any folder structures, weather on disk or in archives, to their relative root paths; i.e. ignore all file-prefixes that are given and go directly to the underlying files, relative to the common folders that contain it
2016-02-22 11:24:35 +01:00
Dominik Richter
f023d02bbb add inspec source reader 2016-02-22 11:24:35 +01:00
Dominik Richter
125ee53041 create source_reader plugin structure 2016-02-22 11:24:35 +01:00
Dominik Richter
1825fd1fef separate reusable plugin registry with sorting 2016-02-22 11:24:35 +01:00
Dominik Richter
d293550375 chain fetchers together 2016-02-22 11:24:35 +01:00
Dominik Richter
7b073fe153 add url fetcher 2016-02-22 11:24:35 +01:00
Dominik Richter
4e830ffc24 add tar fetcher 2016-02-22 11:24:35 +01:00
Dominik Richter
1c29667523 add zip fetcher 2016-02-22 11:24:35 +01:00
Dominik Richter
a83e29cc01 add local fetcher 2016-02-22 11:24:35 +01:00
Dominik Richter
27f7aa7796 create new fetcher system 2016-02-22 11:24:35 +01:00
Dominik Richter
ee82c3a2ff bugfix: handle edge-cases in upstart service
e.g. when a service could not be found and command outputs become empty / matchers dont hit'
2016-02-22 09:52:16 +01:00
Dominik Richter
1147d30679 bugfix: make sure version is always a string 2016-02-22 09:26:48 +01:00
Dominik Richter
c7312be8ec force encoding to utf-8 2016-02-22 05:18:41 +01:00
Christoph Hartmann
e466ec4e90 0.13.0 2016-02-19 14:50:03 +01:00
Dominik Richter
1e096c7181 add shadow resource for /etc/shadow 2016-02-19 14:26:04 +01:00
Christoph Hartmann
3f6b89e24d extend github url support 2016-02-19 09:12:25 +01:00
Christoph Hartmann
3a2488cade fix mime-type map 2016-02-19 09:11:38 +01:00
Christoph Hartmann
9e2dc30fb5 minor typo fix 2016-02-18 21:12:25 +01:00
Dominik Richter
1fa957c8ca ensure deprecated methods still work 2016-02-18 16:25:02 +01:00
Dominik Richter
83fcc35d2a expose all fields + deprecate singular accessors 2016-02-18 16:10:42 +01:00
Dominik Richter
d9427b3aac add filter to passwd 2016-02-18 16:10:42 +01:00
Christoph Hartmann
26276ca991 use ruby zip and tar for unit tests 2016-02-18 14:27:16 +01:00
Dominik Richter
17d4e1dc3c simplify url-construction of inspec-compliance 2016-02-18 14:25:55 +01:00
Dominik Richter
b872c04616 bugfix: url helper loading zip and tar 2016-02-18 14:25:55 +01:00
Dominik Richter
6bc57b2d92 bugfix: stop reading fro mzip when file is found 2016-02-18 14:25:55 +01:00
Dominik Richter
03bf732d82 add cmp for Arrays 2016-02-18 13:58:37 +01:00
Dominik Richter
2bbbb29a9b simplify cmp matcher checks 2016-02-18 12:07:40 +01:00
Stephan Renatus
453cd420fb fix service_ctl override logic 2016-02-17 12:55:09 +01:00
Stephan Renatus
d2469d9519 inspec-compliance: ensure file permissions when saving config 2016-02-17 10:46:06 +01:00
Dominik Richter
294db6744f 0.12.0 2016-02-15 11:54:14 +01:00
Christoph Hartmann
96d02ba4a2 add inspec profile as example 2016-02-14 21:27:40 +01:00
Christoph Hartmann
b967af3c89 rename generate to init 2016-02-14 21:26:37 +01:00
Christoph Hartmann
f281f9c351 implement generate cli command 2016-02-14 19:38:58 +01:00
Dominik Richter
36cbafc438 add runlevel helper object to services 2016-02-14 18:23:58 +01:00
Dominik Richter
0934948a1a support runlevels for system V + service matching
Bugfix: there were services that would get matched because of the way the regex was constructed, i.e. if the user inserted `.` or `*` or anything regexy. Even if the service only had part of the name you were interested in, it would match (e.g. `sshd` would find `my_sshdaemon`).

Apart from this, runlevels are now detected for SystemV. This is exposed in `#info`
2016-02-13 02:11:51 +01:00
Dominik Richter
2426d30870 bugfix: verify the resolver type first 2016-02-11 15:40:35 +01:00
Dominik Richter
137bee74ca add content resolver to dir helper 2016-02-10 23:46:55 +01:00
Dominik Richter
3efd0961f0 make sure archive resolvers return one file only 2016-02-10 22:49:51 +01:00
Dominik Richter
19a0a18db1 sync archive+tar+zip helpers to new dir-resolver 2016-02-10 22:30:13 +01:00
Dominik Richter
6bd757c585 improve documentation on target resolvers 2016-02-10 20:36:54 +01:00
Dominik Richter
d272024b01 rework resolver connection
I.e. we want to get access to the actual directory handler, with full exposure of the underlying directory resolver. e.g. Get the InspecProfileDirectory handler (which provides access to tests, metadata, libraries), but be able to get all data with that alone (e.g. an ArchiveHelper for ZIP which reads all files/folders from zip)
2016-02-10 20:36:43 +01:00
Dominik Richter
293b1a4c25 unify all directory resolvers 2016-02-10 12:20:28 +01:00
Dominik Richter
2d92e164c2 create plugin interface for directory resolvers 2016-02-10 11:15:08 +01:00
Stephan Renatus
ac2584f51d iptables: strip lines if iptables -S output
As it turns out, some of the lines on CentOS 6 had a trailing space in it.

Fixes #420.
2016-02-10 09:57:32 +01:00
Stephan Renatus
cdad6e63c3 iptables: some simplifications 2016-02-10 09:57:32 +01:00
Dominik Richter
d55aeddbdf 0.11.0 2016-02-09 17:54:38 +01:00
Christoph Hartmann
0f14ebb1d1 simplify value extraction for apache resource without any magic 2016-02-09 17:35:33 +01:00
Christoph Hartmann
a3eda1fcee implement method missing for apache_conf resource 2016-02-09 17:35:33 +01:00
Christoph Hartmann
796af68a69 Fix supermarket cli registration 2016-02-09 15:22:29 +01:00
Dominik Richter
971d651551 change version constraints
Move to a more mathematical representation of version numbers comparisons. The existing one is semantically correct, but may lead to slight confusion.
2016-02-09 11:51:52 +01:00
Stephan Renatus
e5b88fc486 auditd_rules: suppress warning for centos 5; improve docs wording 2016-02-09 11:51:52 +01:00
Stephan Renatus
405b3e3fa4 rubocop fixes 2016-02-09 11:51:52 +01:00
Stephan Renatus
4b6eced92a auditd_rules: access by key, tests + documentation 2016-02-09 11:51:52 +01:00
Stephan Renatus
cd5f47ed33 auditd_rules: unit tests, meet the real world 2016-02-09 11:51:52 +01:00
Stephan Renatus
664561aa80 auditd_rules: status querying (old/new) and unit tests
TODO: unit tests for the legacy format
2016-02-09 11:51:52 +01:00
Stephan Renatus
57db5a9414 unit test FilterArray, make retrieved values unique 2016-02-09 11:51:52 +01:00
Stephan Renatus
5270f21da9 move FilterArray to utils, add retrieving values 2016-02-09 11:51:52 +01:00
Stephan Renatus
4afb22565e auditd_rules: teach old dog new tricks 2016-02-09 11:51:52 +01:00
Stephan Renatus
2afc29e48f auditd_rules: stash legacy behaviour away 2016-02-09 11:51:52 +01:00
Dominik Richter
0421b6dc1a exit early 2016-02-09 11:04:50 +01:00
Dominik Richter
c966e94835 typos 2016-02-09 11:04:34 +01:00
Dominik Richter
e56321f6c7 semantics: rename CLI plugins registry -> subcommands
Basically make sure everyone understands these are only subcommands. we might consider adding plugins for options or existing commands instead of new subcommands. this just ensures everyone knows what registry is for
2016-02-09 01:20:38 +01:00
Dominik Richter
7ccf0fa364 avoid automatic plugin loading throughout the library
only load plugins through the binary, never through the library. This avoids issue we have in accidentally loading plugins in tests and integration work. They should only be loaded when users request them.
2016-02-09 00:55:02 +01:00
Dominik Richter
1ae0bc2e60 clarify the role of the plugin API at the moment 2016-02-09 00:25:25 +01:00
Christoph Hartmann
b33129fbf5 implement supermarket extension 2016-02-08 20:06:07 +01:00
Dominik Richter
dc028a3877 fix loading order of plugins 2016-02-07 23:47:10 +01:00
Christoph Hartmann
c6c9d0278c 0.10.1 2016-02-05 18:52:44 +01:00
Dominik Richter
bb264897f4 wrap basecli in inspec module
Take care of a rare error which has Inspec undefined
2016-02-05 18:25:40 +01:00
Christoph Hartmann
be7aa8f0c4 0.10.0 2016-02-05 17:18:07 +01:00
Christoph Hartmann
b7a88dbd7a fix linting and unit test 2016-02-05 16:57:51 +01:00
Christoph Hartmann
f826c07af5 minor improvements 2016-02-05 14:55:12 +01:00
Christoph Hartmann
7e88f56917 move plugin to bundles 2016-02-05 14:48:55 +01:00
Christoph Hartmann
a55a4869d9 extract base cli class 2016-02-05 14:20:32 +01:00
Christoph Hartmann
7494854c60 implement profile upload 2016-02-05 14:18:05 +01:00
Christoph Hartmann
368f6ed56a refactor compliance plugin 2016-02-05 14:18:05 +01:00
Christoph Hartmann
2cb3d6f90f bugfix: rescue url error in url target helper 2016-02-05 14:15:57 +01:00
Christoph Hartmann
6c1b9fff9d do not try to load a profile if we have no token available 2016-02-05 14:15:57 +01:00
Christoph Hartmann
7f57b12258 refactor cli 2016-02-05 14:15:57 +01:00
Christoph Hartmann
823e30e9cf re-introduce compliance exec 2016-02-05 14:14:34 +01:00
Christoph Hartmann
0958327f06 improve url target helper, match github url with trailing / 2016-02-05 14:14:34 +01:00
Christoph Hartmann
6cf8ecf304 add target helper for compliance plugin, extract API methods from CLI 2016-02-05 14:14:34 +01:00
Christoph Hartmann
0b59dab9ea initial version of compliance plugin 2016-02-05 14:13:22 +01:00
Christoph Hartmann
bab7eb1986 improve styling 2016-02-05 14:06:55 +01:00
Christoph Hartmann
589db0bcd0 add registry for cli plugins 2016-02-05 14:06:55 +01:00
Stephan Renatus
f63a8ad1d5 upstart_service: add version fallback, fix regexp
before this regexp change, a service called "running" (hello integration
tests) would always be "running" ;)
2016-02-05 13:49:18 +01:00
Christoph Hartmann
e6ff20f91e add metadata warnings in structured hash 2016-02-04 18:46:11 +01:00
Christoph Hartmann
d7cb5a9ae0 adapt unit tests 2016-02-04 18:05:40 +01:00
Christoph Hartmann
ea63a39b40 improve code style 2016-02-04 17:01:38 +01:00
Christoph Hartmann
14a3100e41 simplify result value from profile check 2016-02-04 16:47:33 +01:00
Christoph Hartmann
7e19c5eec6 fix ignore errors option use in archive method 2016-02-04 16:41:59 +01:00
Christoph Hartmann
1796c3271b generate hash output for check and use it in inspec cli 2016-02-04 16:41:14 +01:00
Christoph Hartmann
6b7e5818fb expose source location in rule 2016-02-04 16:38:57 +01:00
Christoph Hartmann
d50b634879 bugfix: fix control tests 2016-02-04 16:38:57 +01:00
Christoph Hartmann
826d059b19 optimize json logger for line delimited JSON 2016-02-04 16:38:57 +01:00
Christoph Hartmann
907a4e1f33 add json stream logger for inspec check 2016-02-04 16:38:57 +01:00
Dominik Richter
ecb78e3a19 establish plugin loading dock 2016-02-04 14:43:51 +01:00
Stephan Renatus
e8c7452acf Inspec::Profile: document that it always reads with ignore_supports 2016-02-03 16:47:52 +01:00
Stephan Renatus
828d6ad443 Inspec::Profile fix @metadata 2016-02-03 16:47:49 +01:00
Stephan Renatus
cc60fa1e23 tar/zip: return empty-string if an entry is empty; zip: return ref 2016-02-03 14:38:46 +01:00
Stephan Renatus
1510f330a9 read and return metadata from archives, too
Note that this adds `ref: some/where/in/tarball/file` to the file
contents hash; it wasn't there before but it may be useful for error
reporting nonetheless.
2016-02-03 14:38:46 +01:00
Stephan Renatus
f335865377 WIP: kill all the checks that fail with tarballs.
current output:

    $ inspec check test/unit/mock/profiles/complete-profile.tgz
    I, [2016-02-03T10:22:21.377650 #13207]  INFO -- : Checking profile in test/unit/mock/profiles/complete-profile.tgz
    I, [2016-02-03T10:22:21.377745 #13207]  INFO -- : Found 1 rules.
    I, [2016-02-03T10:22:21.377771 #13207]  INFO -- : Rule definitions OK.
2016-02-03 14:38:46 +01:00
Stephan Renatus
889be88543 remove stray require 2016-02-03 14:04:55 +01:00
Stephan Renatus
79d171fb2c rubocop 2016-02-03 14:04:55 +01:00
Stephan Renatus
45f0cbff03 inspec/rspec: decouple reporting and formatting
If reporting is requested, register a "reporting formatter", i.e.,
Inspec::RSpecReporter, that does the same things JsonFormatter does, but
suppresses output.

When the report is then requested, it returns the output hash that
JsonFormatter aggregates.
2016-02-03 14:04:55 +01:00
Stephan Renatus
6789e089d7 Inspec::Runner: provide a report 2016-02-03 14:04:55 +01:00
Stephan Renatus
ff682532cf fix warning in #find_files[_or_error] 2016-02-01 16:32:47 +01:00
Dominik Richter
34bc94d13f mock resource operating systems for tests 2016-01-29 21:55:08 +01:00
Dominik Richter
4c1b6f7509 remove os check exposure in file resource 2016-01-29 21:55:08 +01:00
Christoph Hartmann
9cfc69cf15 0.9.11 2016-01-29 18:34:12 +01:00
Stephan Renatus
6fbd28c2bb runit_service: fix resource, improve integration tests
Turns out using `/usr/bin/yes` to imitate a daemon process is a TERRIBLE idea.
2016-01-29 17:03:05 +01:00
Christoph Hartmann
317b0cae9d lint check in user resource 2016-01-28 21:11:13 +01:00
Christoph Hartmann
6ccfbe5e95 bugfix: use freebsd netstat parser instead of linux netstat parser for solaris 2016-01-28 21:08:52 +01:00
Christoph Hartmann
35899ebce6 optimize style in user resource 2016-01-28 18:30:39 +01:00
Christoph Hartmann
202190ea56 fix user resource unit test 2016-01-28 18:30:39 +01:00
Christoph Hartmann
ef3dbbb35c improvement: make port parsing on solaris more reliable 2016-01-28 18:30:38 +01:00
Christoph Hartmann
678ee2b473 parse port information on solaris 10 and 11 via netstat 2016-01-28 18:30:38 +01:00
Christoph Hartmann
59f3214817 use id -a for solaris 2016-01-28 18:30:38 +01:00
Christoph Hartmann
bd1e5e4085 service resource for solaris 10 and 11 2016-01-28 18:30:38 +01:00
Christoph Hartmann
913191fb9e package resource for solaris 10 and 11 2016-01-28 18:30:38 +01:00
Christoph Hartmann
dd59dd9a5a use os.linux and os.windows where possible 2016-01-28 18:30:38 +01:00
Christoph Hartmann
a5f526b368 use freebsd file permission checks for solaris 2016-01-28 18:30:38 +01:00
Christoph Hartmann
2fd6aea357 extend etc_group support for all unix systems 2016-01-28 18:30:38 +01:00
Christoph Hartmann
058ec27d64 0.9.10 2016-01-25 17:45:43 +01:00
Stephan Renatus
56f22a1d2a resource/postgres_session: add integration tests, change error handling
this makes it work (tested with default-ubuntu-1404), but doesn't
improve the error handling (i.e., the skip_resource doesn't really
prevent the failure)
2016-01-25 16:44:53 +01:00
Stephan Renatus
9821c4c754 resource/launchd_service: correctly match non-running services 2016-01-25 16:29:08 +01:00
Christoph Hartmann
5506319ad8 Merge pull request #389 from chef/dr/write-id-to-json
bugfix: write given ID to metadata json
2016-01-25 07:22:19 -08:00
Dominik Richter
88d2b26387 bugfix: write given ID to metadata json
Whenever the user provides an ID under which the profile is scoped, write it out to JSON during generation.
2016-01-25 15:48:56 +01:00
Christoph Hartmann
cc0db43813 optimize the error output for missing registry keys to nil 2016-01-25 13:55:47 +01:00
Christoph Hartmann
b30720f926 Merge pull request #380 from chef/sr/service-override
add service overrides for picking specific service managers, add runit_service
2016-01-21 13:35:23 +01:00
Stephan Renatus
ef77e01229 service resources: fix service_ctl default/override handling 2016-01-21 11:35:34 +01:00
Dominik Richter
d10207caca warn about legacy supports fields in metadata
I.e.: Prevent users from writing `supports: linux` and similar. These are deprecated and will be removed. Also improve the warning to indicate what the user should do instead. Finally add tests to make sure we get all these.
2016-01-21 11:05:26 +01:00
Stephan Renatus
492c7f8146 runit_service: cleanup; fix "non-running-runit-service" test + recipe 2016-01-21 09:05:29 +01:00
Stephan Renatus
c761b8b40d service resources: further simplifications, debian/centos handling
I've recovered the debian/centos special handling of the `service`
binary, although I doubt that it's necessary.
2016-01-21 08:22:04 +01:00
Dominik Richter
cac102aeac add profile tests (non-legacy) 2016-01-20 21:57:23 +01:00
Stephan Renatus
3f39b35502 add runit_service resource, fix service_ctl handling 2016-01-20 17:54:16 +01:00
Stephan Renatus
709e4ca9e0 some code simplifications 2016-01-20 16:05:20 +01:00
Stephan Renatus
0e410df69d add *_service overrides, allowing for different control binaries 2016-01-20 15:33:18 +01:00
Dominik Richter
20b138778e bugfix: expose tests for docker unit-tests 2016-01-19 15:48:06 +01:00
Dominik Richter
c713a0af87 lint 2016-01-19 15:48:06 +01:00
Dominik Richter
22c6fa871d add code docs to rspec runner 2016-01-19 15:48:06 +01:00
Dominik Richter
611487e956 clearly identify legacy profile tests and fix identification 2016-01-19 15:48:06 +01:00
Dominik Richter
8c464965c1 extract example group creation
and restore profile tests that had been completely mocked until now
2016-01-19 15:48:06 +01:00
Dominik Richter
dd2d93fd6f completely separate rspec runner parts 2016-01-19 15:48:06 +01:00
Dominik Richter
21a92a0c4e isolate rspec-dsl in profile context 2016-01-19 15:48:06 +01:00
Dominik Richter
b991dd03bb flatten creation of profile context 2016-01-19 15:48:06 +01:00
Dominik Richter
21d9ae7e1d move resource dsl creation to resource plugin 2016-01-19 15:48:06 +01:00
Jason Reed
1807c688b8 Fix typo 2016-01-19 09:07:24 -05:00
Dominik Richter
b0ffe684ab freeze those versions 2016-01-15 21:41:20 +01:00
Christoph Hartmann
e9b94d55d1 0.9.9 2016-01-15 15:20:04 -05:00
Dominik Richter
acbc345321 make metadata.rb legacy mode consistent for supports
Before introducing InSpec profiles in https://github.com/chef/inspec/pull/252 we had `metadata.rb` keep all information. This included an undisclosed field called `supports`. However, this field was never actually used in practice. So for legacy profiles, this means that `supports` was ignored. In order to keep old profiles running in exactly the way they were before, ignore this field when reading from metadata.rb
2016-01-15 18:58:18 +01:00
Christoph Hartmann
b9978b5606 new rubocop fixes 2016-01-14 23:15:10 -05:00
Christoph Hartmann
46d85c2cbc fail test if lsof is not available 2016-01-14 23:03:51 -05:00
Jeremy W. Chalfant
9e40e6d9f3 my rubocop is different 2016-01-14 23:03:26 -05:00
Jeremy W. Chalfant
0681562fcd rubocop is nuts 2016-01-14 23:03:26 -05:00
Jeremy W. Chalfant
98a7e6303e fix remaining rubocop complaints 2016-01-14 23:03:26 -05:00
Jeremy W. Chalfant
2fc8ba1b83 fix lint complaint 2016-01-14 23:03:26 -05:00
Jeremy W. Chalfant
2d8c892298 use formmated lsof output to ensure accuracy and consistency across platforms 2016-01-14 23:03:26 -05:00
Jeremy W. Chalfant
adbc5b8ef4 sanity check and AIX tests 2016-01-14 23:03:26 -05:00
Jeremy W. Chalfant
2e7ab9bad7 fix rubocop complaint 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
388937e9b4 add aix user support 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
3b87e385d7 my rubocop is different 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
6cd801fbb9 rubocop is nuts 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
94a286929f fix remaining rubocop complaints 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
420aef7cb9 fix lint complaint 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
c8c676e1d6 use formmated lsof output to ensure accuracy and consistency across platforms 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
f31a9f35b5 sanity check and AIX tests 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
5a6b1bbddf fix rubocop complaint 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
fbe79d1bc4 add aix user support 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
b167854c18 my rubocop is different 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
bbed0e7164 rubocop is nuts 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
88656c9ea8 fix remaining rubocop complaints 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
2aceba417c fix lint complaint 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
d5a7bad414 superflous chomp 2016-01-14 23:03:25 -05:00
Jeremy W. Chalfant
b6649dd581 use formmated lsof output to ensure accuracy and consistency across platforms 2016-01-14 23:03:24 -05:00
Jeremy W. Chalfant
55d7faec8a sanity check and AIX tests 2016-01-14 23:03:24 -05:00
Jeremy W. Chalfant
a0bbb175c2 AIX packages 2016-01-14 23:03:24 -05:00
Jeremy W. Chalfant
1d99afe623 fix rubocop complaint 2016-01-14 23:03:24 -05:00
Jeremy W. Chalfant
3168e4d100 add aix user support 2016-01-14 23:03:24 -05:00
Jeremy W. Chalfant
d51d86e6d8 disable cops 2016-01-14 23:03:24 -05:00
Jeremy W. Chalfant
6bdb06fbe9 move lsof parsing to seperate method 2016-01-14 23:03:24 -05:00
Jeremy W. Chalfant
c982daaf6e my rubocop is different 2016-01-14 23:03:24 -05:00
Jeremy W. Chalfant
3211071b9f simplify lsof call 2016-01-14 23:03:24 -05:00
Jeremy W. Chalfant
221d27423e rubocop is nuts 2016-01-14 23:03:24 -05:00
Jeremy W. Chalfant
f817840d38 fix remaining rubocop complaints 2016-01-14 23:03:24 -05:00
Jeremy W. Chalfant
3a90ea3a74 fix lint complaint 2016-01-14 23:03:23 -05:00
Jeremy W. Chalfant
2c5cb06990 superflous chomp 2016-01-14 23:03:23 -05:00
Jeremy W. Chalfant
b9ce468886 add AIX service support 2016-01-14 23:03:23 -05:00
Jeremy W. Chalfant
d855602efe use formmated lsof output to ensure accuracy and consistency across platforms 2016-01-14 23:03:23 -05:00
Jeremy W. Chalfant
aef7f6de39 sanity check and AIX tests 2016-01-14 23:00:10 -05:00
Jeremy W. Chalfant
bc503f080d rename etc_group to etc_group_spec and etc_group test success on AIX 2016-01-14 23:00:10 -05:00
Jeremy W. Chalfant
db43739951 AIX packages 2016-01-14 23:00:10 -05:00
Jeremy W. Chalfant
506b0ea996 fix rubocop complaint 2016-01-14 23:00:10 -05:00
Jeremy W. Chalfant
26afecf857 add aix user support 2016-01-14 23:00:09 -05:00
Mark Harrison
f5780b69a4 Correctly detect UDP ports on linux
netstat on UDP lines doesn't display a port state (e.g. LISTEN), so make this
field optional when parsing the netstat line.
2016-01-14 22:53:38 -05:00
Christoph Hartmann
454a7e466d bugfix: only skip regkey if required 2016-01-14 22:39:17 -05:00
Dominik Richter
375f65c903 casecmp == 0 if both entries are the same 2016-01-15 04:18:48 +01:00
Dominik Richter
4092691a78 lint 2016-01-15 04:07:25 +01:00
Stephan Renatus
5c17f8b643 regexp github url targets, add tests for Inspec::Targests::UrlHelper
replacing occuring http:// with https:// is probably ok, github
redirects to https anyways
2016-01-14 12:05:58 -05:00
Jacob McCann
f25ab3a373 Fix systemd service enabled check 2016-01-11 15:32:33 -06:00
Christoph Hartmann
ab88c23ab6 0.9.8 2016-01-11 12:48:36 -05:00
Stephan Renatus
ee62499fc0 bugfix: ignore supports when generating a profile's json representation
without this, `inspec json PATH` does never contain rules != {}, because
of the usage of the mock backend
2016-01-11 09:16:06 +01:00
Christoph Hartmann
a1ddbe4cf2 explicitly ignore supports for inspec check 2016-01-10 23:59:57 -05:00
Stephan Renatus
a26dbe146d fix reading profiles bug
For reading the profiles metadata, we're using the train mock backend
through Inspec::Runner. The new `supports` feature never agrees with the
mock backend.

Now, it we figure out if this is a mock class and then just say that it
supports whatever we're asking for.

Tl;dr: there's probably a more beautiful solution to this.

Added a test case, but it fails -- while the command line interface
works fine.
2016-01-07 15:16:49 -08:00
Stephan Renatus
3ce8cd7d16 support old "supports" field in metadata
current compliance-profiles still have

```yaml
supports:
  - linux
```

and we might want to be a little backwards compatible, too.
2016-01-05 22:50:56 +01:00
Dominik Richter
26c0cd0871 lint 2016-01-03 09:49:40 +01:00
Dominik Richter
8953278204 unfortunately Enumerator#last is not supported 2016-01-03 09:40:17 +01:00
Christoph Hartmann
e1d7d30919 add deprecation warning for serverspec users 2016-01-03 00:03:24 +01:00
Christoph Hartmann
a72ba94f10 handle mount results with multiple entries 2016-01-03 00:03:24 +01:00
Christoph Hartmann
9930773f37 restrict mount functionality to linux 2016-01-03 00:03:24 +01:00
Christoph Hartmann
a5acb03e49 add mount resource 2016-01-03 00:03:24 +01:00
Christoph Hartmann
772df929f6 implement be_mounted.with for file resources 2016-01-03 00:03:24 +01:00
Christoph Hartmann
19ed6be39f more fine-grained utils parser 2016-01-02 22:41:58 +01:00
Christoph Hartmann
3be9ea18cc use 1.8 syntax for dash key values to be compatible with older ruby versions 2016-01-02 22:29:31 +01:00
Christoph Hartmann
c11c36058a separate os check 2016-01-02 21:25:22 +01:00
Dominik Richter
d6f48d3534 catch empty support clause 2015-12-31 17:57:59 +01:00
Dominik Richter
af8e4e93ca add supports keyword to profiles 2015-12-31 17:54:13 +01:00
Dominik Richter
2e0da6e9e8 unify metadata resolution 2015-12-31 12:49:18 +01:00
Dominik Richter
3db2dd756d resolve metadata from profile targets 2015-12-31 12:49:18 +01:00
Dominik Richter
e7b7f166cf dry folder resolver 2015-12-31 12:49:18 +01:00
Dominik Richter
96c9794cbf bugfix: reload inspec DSL after loading libraries 2015-12-29 19:27:00 +01:00
Dominik Richter
526932584d fix metadata validation 2015-12-28 13:35:38 +01:00
Dominik Richter
cfa2b9a39c fix metadata reading and parsing 2015-12-28 13:16:09 +01:00
Dominik Richter
cdc95df5ca keep metadata checks in metadata.rb 2015-12-28 13:07:21 +01:00
Dominik Richter
aef0cabde8 fix method length in inspec.check 2015-12-28 13:01:27 +01:00
Christoph Hartmann
0ab46ff5b1 rename metadata.yml to inspec.yml 2015-12-28 12:53:42 +01:00
Christoph Hartmann
1d4295ee4d remove owner/name restriction 2015-12-28 12:53:42 +01:00
Christoph Hartmann
06c1265b38 add support for .tgz extension. Thanks @srenatus 2015-12-28 12:53:42 +01:00
Christoph Hartmann
31c8509092 lint profile implementation 2015-12-28 12:53:42 +01:00
Christoph Hartmann
27150e5341 feature: generate profile archive 2015-12-28 12:53:42 +01:00
Christoph Hartmann
9da0e32f3d bugfix: only add path to load path if the test is located on filesystem 2015-12-28 12:53:42 +01:00
Christoph Hartmann
ebe54efd67 feature: load tests from zip and tar.gz 2015-12-28 12:53:42 +01:00
Christoph Hartmann
43c778078c feature: add support for metadata.yml 2015-12-28 12:53:42 +01:00
Christoph Hartmann
9e8e64319e improvement: better detection of directory types 2015-12-28 12:53:42 +01:00
Christoph Hartmann
bb97044338 bugfix: fix profile check 2015-12-28 12:53:38 +01:00
Christoph Hartmann
9fda6d3e89 bugfix: use skip_control instead of skip_rule as default 2015-12-28 12:07:57 +01:00
Christoph Hartmann
e122e48ae5 change profile directory from 'test' to 'controls' 2015-12-28 12:07:57 +01:00
Dominik Richter
7473dea1f2 ignore auto-generated controls during verify check 2015-12-23 11:11:49 +01:00
Dominik Richter
b2e0fac625 change check errors on summary+title to warnings 2015-12-23 09:18:59 +01:00
Dominik Richter
d2509f745e reference correct fields from metadata in inspec check 2015-12-23 09:18:59 +01:00
Dominik Richter
25706b3612 0.9.7 2015-12-21 16:31:48 +01:00
Christoph Hartmann
ca33ac9288 Merge pull request #321 from jeremymv2/security_policy_fixes
Fixing issue with security policy always returning nil
2015-12-17 17:55:01 +01:00
Jeremy J. Miller
f1e8483cd8 Removed extra whitespace 2015-12-17 08:56:43 -05:00
Stephan Renatus
3a1dcb7669 teach cmp matcher octal tricks 2015-12-16 11:32:31 +01:00
Jeremy J. Miller
af55cb41d8 Added ensure block to always delete file 2015-12-15 14:40:57 -05:00
Jeremy J. Miller
652392918d Fixing issue with security policy always returning nil 2015-12-15 10:29:54 -05:00
Stephan Renatus
a5a780f920 reset rspec configuration when initializing Inspec::Runner
fixes https://github.com/chef/kitchen-inspec/issues/15
2015-12-15 14:00:53 +01:00
troyready
29f954f7f3 add release to el pkg version & catch missing linebreaks
Package release info (e.g. '19.el7') is often required to determine if
a system has been properly patched.

Lines like the following from rpm are messing up the version returned
by the package resource:
"...\nVersion     : 1.8.6p3                           Vendor: Red Hat, Inc.\n..."
Correcting this with a new conditional check.
2015-12-11 13:05:22 -08:00
Dominik Richter
cc67d8d4c0 0.9.6 2015-12-11 18:34:15 +01:00
Dominik Richter
494ed708d4 Merge pull request #318 from chef/chris-rock/cmp-matcher
matcher for less-restrictive comparison
2015-12-11 17:58:47 +01:00
Christoph Hartmann
0185751ff5 lint exception 2015-12-11 17:48:05 +01:00
Christoph Hartmann
52cd0b38d1 update style of float? detection 2015-12-11 17:26:46 +01:00
Christoph Hartmann
31f8863701 update failure message for cmp matcher 2015-12-11 17:19:28 +01:00
Christoph Hartmann
53728ee03a lint fix 2015-12-11 17:17:01 +01:00
Christoph Hartmann
9f0755be99 add new cmp matcher that eases the comparison for values 2015-12-11 17:02:48 +01:00
Christoph Hartmann
b2c457cf22 lint: remove redundant return 2015-12-11 15:39:49 +01:00
Christoph Hartmann
6badbf4dc9 bugfix: abort registry_key resource if the os is not supported 2015-12-11 15:39:49 +01:00
Christoph Hartmann
90e1eb9e39 bugfix: always ensure the script resource is properly initialized, even if the os is not supported 2015-12-11 15:39:49 +01:00
Christoph Hartmann
7422306ba7 lint fix 2015-12-11 14:34:28 +01:00
Christoph Hartmann
95c7ba8fe5 simplify prompt color setting 2015-12-11 14:29:31 +01:00
Christoph Hartmann
100df85b27 improve shell prompt and help 2015-12-11 14:03:36 +01:00
Stephan Renatus
652d51e9dc [resource/port] add port(addr, port) variant 2015-12-08 20:33:36 +01:00
Stephan Renatus
8532dd7034 [resource/port] change attribute names to plural, indicating arrays
see discussion in #256
2015-12-08 20:33:36 +01:00
Adam Leff
c146a76679 File permission checks should return false unless file exists
Currently, #readable?, #writeable?, and #executable? will incorrectly
return true if the file does not exist.

In addition, I took the opportunity to refactor the File resource to
make it easier to write unit tests and supplied a full unit test
suite for this resource.
2015-12-08 19:57:34 +01:00
Stephan Renatus
7a1cd660c3 [resources/processes] add users, states attribute; update docs
processes('bash').user does not actually make much sense for a resource
that is a list -- different entries can belong to different users.
Analogous for processes('bash').state.

The attributes 'users' and 'states' expose the unique values
corresponding to that property of entries in the process list.

Fixes #295.
2015-12-08 13:06:27 +01:00
Stephan Renatus
bf15c05f7f Merge pull request #299 from chef/chris-rock/os-resource
support string and symbol for os resource
2015-12-07 12:22:58 +01:00
Stephan Renatus
33f2fe3dde hide summary output when running interactively (inspec shell) 2015-12-07 11:12:41 +01:00
Stephan Renatus
17a80d32a9 remove second welcome 2015-12-07 11:12:41 +01:00
Stephan Renatus
c6fd8c5880 mention help [resource] 2015-12-07 11:12:41 +01:00
Christoph Hartmann
dcb09802d3 support string and symbol for os resource 2015-12-07 11:11:55 +01:00
Stephan Renatus
79f48afa6c [resources/apache_conf]: add tests, fix bug
before, the resource would throw an exception when include_files
returned nil (i.e., [].flatten!)

added basic unit tests capturing the include_files behaviour
2015-12-07 10:50:48 +01:00
Christoph Hartmann
7c393a1891 Merge pull request #291 from chef/sr/fix-find_files
revert to old find_files interface
2015-12-04 14:41:36 +01:00
Stephan Renatus
324ba14a6b fix optional type argument handling 2015-12-04 14:27:32 +01:00
Stephan Renatus
390e0fcca7 restore old find_files interface
- fixes #276
- basic test for find_files
2015-12-04 14:15:45 +01:00
Adam Leff
e0c356dae7 Adding support for Wind River Linux
WRL is used as the OS on Cisco Nexus devices and acts like a Red
Hat variant. These changes add support for WRL.
2015-12-03 17:41:11 -05:00
Christoph Hartmann
766fe47b87 add inline documentation 2015-12-01 10:56:47 +01:00
Christoph Hartmann
6a6cff1526 feature: add help command for resources 2015-12-01 10:56:47 +01:00
Christoph Hartmann
2c8a8ccb25 improvement: add etc_group support for centos and add integration test 2015-12-01 10:40:12 +01:00
Dominik Richter
762562b967 0.9.5 2015-11-25 15:43:31 +01:00
Dominik Richter
468159772f 0.9.4 2015-11-24 20:04:31 +01:00
Christoph Hartmann
a822dcee1a optimize code structure 2015-11-24 18:39:32 +01:00
Christoph Hartmann
0bd7f557d5 bugfix: do manual split of id result because we cannot use whitespace 2015-11-24 18:35:10 +01:00
Christoph Hartmann
be62b76dc2 improvement: add checks to ensure the requested file is available 2015-11-24 16:46:17 +01:00
Christoph Hartmann
60e2a3512f add init resource 2015-11-24 16:46:17 +01:00
Christoph Hartmann
0657525f4d lint json resource 2015-11-24 16:46:17 +01:00
Christoph Hartmann
62ecdf6a1f rewrite extraction of values 2015-11-24 16:46:17 +01:00
Christoph Hartmann
b70ba447b2 simplify method returns 2015-11-24 10:41:46 +01:00