Commit graph

2061 commits

Author SHA1 Message Date
J Burns
58eae32688 etc_fstab resource: properly namespace the resource, add nfs_file_systems documentation (#2190)
* Updated nfs_file_systems example in docs

Signed-off-by: Jennifer Burns <jburns@mitre.org>
2017-10-12 11:30:33 +01:00
Chef Expeditor
ed25975c2c Bump version to 1.41.4 by Chef Expeditor 2017-10-12 06:45:45 +00:00
Chef Expeditor
97b03b0bcf Bump version to 1.41.3 by Chef Expeditor 2017-10-11 13:31:54 +00:00
Nathen Harvey
05ac2724ec Update the profile tempate (#2238)
* Remove a broken link.

Signed-off-by: Nathen Harvey <nharvey@chef.io>

* It is now 2017

While the content in this file was actually written in 2015, this
example is meant to be overwritten and is generated by the user in the
current year.

Signed-off-by: Nathen Harvey <nharvey@chef.io>
2017-10-11 14:31:44 +01:00
Chef Expeditor
ca19ef5570 Bump version to 1.41.2 by Chef Expeditor 2017-10-10 09:37:06 +00:00
Adam Leff
5114173e50 Support PAX-formatted tar files, standardize file lists (#2225)
* Support PAX-formatted tar files, standardize file lists

When a tar file is generated in PAX format, the files have an additional
relative path prefix added to them. For example, instead of:

inspec.yml

... the file is listed as:

./inspec.yml

And the source reader plugin looks only for a "inspec.yml" file to
determine the profile format.

This change addresses this issue by normalizing the file paths in the
TarReader and accounting for the additional "./" prefix that may exist
whenever the tar file is walked looking for a file to read its content.

Signed-off-by: Adam Leff <adam@leff.co>

* Remove pax from unit test, will move to functional

Signed-off-by: Adam Leff <adam@leff.co>

* Add function test for the pax header tar file

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-10 10:36:57 +01:00
Chef Expeditor
4cf7c89460 Bump version to 1.41.1 by Chef Expeditor 2017-10-10 08:54:23 +00:00
Keith Walters
2a8d6e0e91 Uses netstat to detect open ports on AIX (#2210)
* Uses netstat to detect open ports on AIX

Signed-off-by: Keith Walters <keith.walters@cattywamp.us>

* Adds unit tests for AIX port resource

Signed-off-by: Keith Walters <keith.walters@cattywamp.us>
2017-10-10 10:54:18 +02:00
Chef Expeditor
ae486e50d2 Bump version to 1.41.0 by Chef Expeditor 2017-10-09 10:56:24 +00:00
Chef Expeditor
952dd09a29 Bump version to 1.40.13 by Chef Expeditor 2017-10-07 10:28:14 +00:00
Adam Leff
cbf58c7afa Enhance cmp matcher to work with symbols, fix file documentation (#2224)
* Enhance cmp matcher to work with symbols

The `cmp` matcher will now stringify symbol actual values if the
expected value was passed in as a string. This will help with the file
resource `type` method where Train returns the file type as a symbol.

Signed-off-by: Adam Leff <adam@leff.co>

* Fix documentation for file type character_device

Signed-off-by: Adam Leff <adam@leff.co>

* Fix docs for block_device

Signed-off-by: Adam Leff <adam@leff.co>

* Fix file mtime docs

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-07 12:28:07 +02:00
Chef Expeditor
c716790972 Bump version to 1.40.12 by Chef Expeditor 2017-10-06 17:38:29 +00:00
Jared Quick
f9e0aaadba ssl resource: properly raise error when unable to determine if port is enabled (#2205)
* Move raise condition for host into enabled method

This is related to #1205. This will fix the ssl resource for now until
we redo the exceptions. Still looking around the code and need to build
some unit tests for the ssl resource.

My fix here is to move the raise condition till later in the flow,
specifically the enabled? method. This lets the raise get caught
accordingly without killing the other tests.

Signed-off-by: Jared Quick <jquick@chef.io>

* Remove authors from ssl resource test

Signed-off-by: Jared Quick <jquick@chef.io>
2017-10-06 19:38:22 +02:00
Chef Expeditor
fe506037c6 Bump version to 1.40.11 by Chef Expeditor 2017-10-06 17:36:25 +00:00
Adam Leff
a54bc98087 Fix loading profile files when executing multiple profiles (#2223)
When running `inspec exec` with multiple profiles, such as:

inspec exec profile1 profile2

... profile1 control calls to `inspec.profile.file` will incorrectly
try to pull files from profile2 because the RuntimeProfile object
is stored on the backend object, and we share the backend object.

This change ensures each profile has a unique backend object to ensure
the RuntimeProfile instance is not overwritten.

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-06 19:36:13 +02:00
Chef Expeditor
b740c27163 Bump version to 1.40.10 by Chef Expeditor 2017-10-06 17:32:49 +00:00
Adam Leff
939ee5ecfc processes resource: support busybox ps (#2222)
This change enhances the processes resource to support the busybox
ps command which is common on Alpine, for example. The way we
map ps fields to the structs needed by FilterTable have also been
refactored to be more flexible so we can support multiple formats
in the future.

Also, the processes resource now allows the grep argument to be optional
thus allowing a user to query all resources without passing in a
match-all regex.

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-06 19:32:39 +02:00
Chef Expeditor
999d115fb8 Bump version to 1.40.9 by Chef Expeditor 2017-10-06 17:32:26 +00:00
Jared Quick
3d346e779d Update shell resource help to return what is defined (#2219)
This fixes #1664. I refactored the help of the resource to build the
output depending on what is available.

Signed-off-by: Jared Quick <jquick@chef.io>
2017-10-06 19:32:16 +02:00
Chef Expeditor
70ae199949 Bump version to 1.40.8 by Chef Expeditor 2017-10-06 17:24:37 +00:00
Adam Leff
9d8c53cf31 Support symbol keys in ObjectTraverser (#2221)
As detected in #2036, it is not possible to extract values from
a YAML file if the key is a symbol. This change refactors ObjectTraverser
to support symbol keys before attempting to stringify them.

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-06 19:24:31 +02:00
Chef Expeditor
b9fc73c42a Bump version to 1.40.7 by Chef Expeditor 2017-10-06 13:41:55 +00:00
Jared Quick
7bb7767dae Add nil check for sshd config file (#2217)
* Add nil check for sshd config file

This fixes #1778. There was a issue where if the user did not have read
permissions on /etc/ssh/sshd_config it would error out on the empty?
check. The fix here is to also look for nil on the file content. Along
with this I refactored the inspec file empty? check as it does not exist
and was also erroring during my testing.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add emptyfile test object and refactor tests

Signed-off-by: Jared Quick <jquick@chef.io>
2017-10-06 15:41:48 +02:00
Chef Expeditor
3d04127385 Bump version to 1.40.6 by Chef Expeditor 2017-10-05 23:18:54 +00:00
Chef Expeditor
6a395a0233 Bump version to 1.40.5 by Chef Expeditor 2017-10-04 20:44:17 +00:00
Adam Leff
21ba43d6a5 http resource: properly execute tests on remote target (#2209)
Currently, the http resource always executes locally, even when scanning
a remote machine with `--target` which leads to undesireable behavior.

This change adds the ability to remotely execute tests with curl. This
behavior is currently opt-in with the `enable_remote_worker` flag, but
will become the default behavior in InSpec 2.0. Deprecation warnings
are emitted if the user is scanning a remote target but has not opted
in to the new behavior.

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-04 22:44:09 +02:00
Chef Expeditor
4f091da9fa Bump version to 1.40.4 by Chef Expeditor 2017-10-04 20:43:26 +00:00
Chef Expeditor
400aac9350 Bump version to 1.40.3 by Chef Expeditor 2017-10-04 20:43:01 +00:00
Jared Quick
01d97498d1 Add output for port/protocol for host resource. (#2202)
* Added output for port/protocol for host resource.

Signed-off-by: Jared Quick <jquick@chef.io>

* refactor with explicit return

This fixes #2085. Port and protocol are now shown in output of the host
resource if defined.

Signed-off-by: Jared Quick <jquick@chef.io>

* refactor with string building return

Signed-off-by: Jared Quick <jquick@chef.io>
2017-10-04 22:42:56 +02:00
Chef Expeditor
d373487a05 Bump version to 1.40.2 by Chef Expeditor 2017-10-04 20:42:12 +00:00
Craig Barrett
67b123c4fd add bsd platform family to etc_hosts resource (#2192)
Signed-off-by: Craig Barrett <craig.barrett@outreach.io>
2017-10-04 22:42:05 +02:00
Chef Expeditor
fb52fd8770 Bump version to 1.40.1 by Chef Expeditor 2017-10-03 21:25:35 +00:00
Chef Expeditor
e181c1730c Bump version to 1.40.0 by Chef Expeditor 2017-09-27 12:05:42 +00:00
dromazmj
7fc7942ab1 firewalld resource: inspect the status and configuration of firewalld (#2074)
* New Resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resourec - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource firewalld

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Modifications to new resource - firewalld

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Changing firewalld_command method to prepend the command with 'firewall-cmd' to reduce code reuse.

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Modifications made
	* installed? method now tells by checking if firewall-cmd is a command on the system
	* The firewalld_command method now strips the stdout of the return
	* added another test for testing multiple active zones

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Fixing rake lint issue

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Fixing match and returning boolean for seeing if firewalld is running

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Fixing lint issues

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Empty commit to rerun.  Accidentally updated branch.

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Rerunning test, accidentally updated branch. needs sign off commit

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
2017-09-27 14:05:35 +02:00
Chef Expeditor
b4ed4c4a98 Bump version to 1.39.1 by Chef Expeditor 2017-09-25 21:21:24 +00:00
Chef Expeditor
e263582f86 Bump version to 1.39.0 by Chef Expeditor 2017-09-25 17:49:13 +00:00
dromazmj
b23a58b573 etc_hosts_allow and etc_hosts_deny resources: test the content of the tcpwrappers configuration files (#2073)
* New Resource-combined etc_hosts_allow etc_hosts_deny

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
2017-09-25 13:49:04 -04:00
Chef Expeditor
67d5d167d5 Bump version to 1.38.9 by Chef Expeditor 2017-09-25 17:09:30 +00:00
Matt Ray
e23249d635 windows_hotfix resource: test whether a Windows HotFix is installed (#2178)
* Add hotfix resource for Windows

Signed-off-by: Matt Ray <matthewhray@gmail.com>

* Renamed hotfix to windows_hotfix

Added additional unit test checking for KB that is not present on a box

Signed-off-by: Matt Ray <matthewhray@gmail.com>

* Integration test to spot-check for hotfixes

Queries the Windows operating system via Powershell for a list of all
installed hotfixes and spot-checks every 10th one with the
windows_hotfix resource. Checking hundreds is time-consuming. Also
checks to ensure a non-installed hotfix is not present.

Signed-off-by: Matt Ray <matthewhray@gmail.com>
2017-09-25 19:09:22 +02:00
Chef Expeditor
6722e03c94 Bump version to 1.38.8 by Chef Expeditor 2017-09-25 15:11:57 +00:00
Chef Expeditor
cab161c185 Bump version to 1.38.7 by Chef Expeditor 2017-09-23 07:27:12 +00:00
Adam Leff
d029f7f58c Properly return postgres query errors on failure (#2179)
When using the `query` method in the `postgres_session` resource, if
the query fails, the `query` method attempts to call `skip_resource`
with an error message. Not only does the `skip_resource` not properly
work, but it also returns a `String` object back to the test which is
probably going to try and call the `output` method on it to run the test.

This results in an error like this:

```
  Can't read
     ∅  undefined method `output' for "output":String
```

This change returns the full psql output as a Lines object to the
user, including stderr, so they can at least get the error in their
test output and avoids undefined method errors.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-23 09:27:05 +02:00
Chef Expeditor
75e1331618 Bump version to 1.38.6 by Chef Expeditor 2017-09-23 07:17:42 +00:00
Jerry Aldrich III
3d7244fb07 Add wildcard support to Utils::FindFiles (#2159)
Wildcards are evaluated prior to applying `sudo` permissions. This
means that running `sudo find /some/path/*.conf` will fail if the user
does not have read permissions on `/some/path/` because the wildcard
cannot expand before `sudo` is applied and `*.conf` isn't a file.

The solution for this is to run the command in a subshell that has the
proper permissions (e.g. `sudo sh -c 'find /some/path/*.conf'`).

This modifies `Utils::FindFiles` to use a subshell thus allowing
wildcard support.

This fixes #2157

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-09-23 09:17:34 +02:00
Chef Expeditor
bdb80591e3 Bump version to 1.38.5 by Chef Expeditor 2017-09-23 07:16:31 +00:00
Jerry Aldrich III
125e0915b2 Modify DirProvider to allow special characters (#2174)
This modifies `Inspec::DirProvider` to allow special characters in the
file glob by escaping those characters via `Shellwords.shellescape`.

This fixes #2111 (`inspec check` on path with special characters)

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-09-23 09:16:25 +02:00
Chef Expeditor
9f06ba0b0b Bump version to 1.38.4 by Chef Expeditor 2017-09-22 12:57:56 +00:00
Dominik Richter
e2004a436f forgiving default attributes (#2177)
* forgiving default attributes

When default attributes arent specified provide one that is much more forgiving.
See this https://github.com/chef/inspec/issues/2176

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-09-22 08:57:51 -04:00
Chef Expeditor
d2a47fa9fb Bump version to 1.38.3 by Chef Expeditor 2017-09-21 19:55:27 +00:00
Chef Expeditor
42fc9d70ca Bump version to 1.38.2 by Chef Expeditor 2017-09-21 16:21:39 +00:00
Jerry Aldrich III
cbcca9f39e Modify Upstart enabled check to use config file (#2163)
This modifies the enabled check for the `service` resource to use the
service's config file instead of `initctl show-config`.

`initctl show-config` does not accurately show the state of a service if
that service's config file is modified while the service is running.

This fixes #1834.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-09-21 12:21:34 -04:00
Chef Expeditor
2947532601 Bump version to 1.38.1 by Chef Expeditor 2017-09-21 16:18:23 +00:00
Adam Leff
e400b8dd4c Support false for attribute value (#2168)
The logic in `Inspec::Attribute` prohibited the use of `false` (FalseClass) as
a valid attribute. If the attribute value supplied was `false`, then it would fall
back to the default value.

This change properly allows the use of `false` as a value, adds the initial tests
for Inspec::Attribute, and also uses better attr_writer semantics for writing/storing
the value.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-21 12:17:44 -04:00
Chef Expeditor
4a71140052 Bump version to 1.38.0 by Chef Expeditor 2017-09-21 16:06:05 +00:00
Chef Expeditor
96b9527e46 Bump version to 1.37.13 by Chef Expeditor 2017-09-21 16:00:24 +00:00
Adam Leff
0b3aaee692 Update method in which Pry hooks are removed (#2170)
* Update method in which Pry hooks are removed

Pry 0.11 removed the clear_all method for removing all hooks. This change
updates the way we clear hooks for the events we care about.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-21 12:00:18 -04:00
Chef Expeditor
a614cc9598 Bump version to 1.37.12 by Chef Expeditor 2017-09-19 16:27:04 +00:00
Adam Leff
adf25ae783 Support array syntax for registry_key resource (#2160)
Users cannot query for registry keys that have periods in them because of
how rspec-its works. This change enables Array-style syntax for the
registry_key resource so users can use that as a workaround.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-19 18:26:53 +02:00
Chef Expeditor
e57977612e Bump version to 1.37.11 by Chef Expeditor 2017-09-18 19:49:26 +00:00
malovdm1
3e16a099c5 quote username and hostname in mssql_session (#2151)
Signed-off-by: Malovany, Dmytro (Ext) <dmytro.malovany@novartis.com>
2017-09-18 21:49:20 +02:00
Chef Expeditor
7ca1380ef9 Bump version to 1.37.10 by Chef Expeditor 2017-09-18 19:48:11 +00:00
Adam Leff
5297dc6ede Add deprecation warning to auditd_rules resource (#2156)
The auditd_rules resource has been replaced by the auditd resource.
We are planning on removing the auditd_rules resource in InSpec 2.0.
This change will provide a warning to any user using the old resource.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-18 21:48:04 +02:00
Chef Expeditor
c6703af02c Bump version to 1.37.9 by Chef Expeditor 2017-09-18 19:47:26 +00:00
Jennifer Burns
ec18dce62b auditd resource: test active auditd configuration against the audit daemon (#2133)
* Added auditd resource and documentation.

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Added unit tests for auditd resource and updated auditd_rules_test to match new entries in auditctl

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Removed all legacy code for audit < 2.3. Removed parens to create consistency.

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Updated method names and removed unnecessary content based on review

Signed-off-by: Jennifer Burns <jburns@mitre.org>
2017-09-18 21:47:18 +02:00
Chef Expeditor
85c02112b5 Bump version to 1.37.8 by Chef Expeditor 2017-09-15 20:38:05 +00:00
Jerry Aldrich III
9773e1cd94 Add wildcard/multiple server support to nginx_conf resource (#2141)
* Add wildcard/multiple server support to nginx_conf

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* separate the merge function for maps in nginx_conf

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-09-15 16:37:57 -04:00
Chef Expeditor
48b0e6a667 Bump version to 1.37.7 by Chef Expeditor 2017-09-14 19:16:35 +00:00
Chef Expeditor
4c6877f766 Bump version to 1.37.6 by Chef Expeditor 2017-09-14 17:09:04 +00:00
Chef Expeditor
c02e359fa2 Bump version to 1.37.5 by Chef Expeditor 2017-09-13 21:52:54 +00:00
Alex Pop
cf6fdd09af Show versions for inspec compliance profiles (#2143)
Signed-off-by: Alex Pop <apop@chef.io>
2017-09-13 17:52:45 -04:00
Chef Expeditor
be7f5ccde1 Bump version to 1.37.4 by Chef Expeditor 2017-09-13 20:53:43 +00:00
Alex Pop
35becd7e0f Support profile versions for automate profiles storage (#2128)
* Support profile versions for automate profiles storage

Signed-off-by: Alex Pop <apop@chef.io>

* Add unit tests for inspec-compliance bundle

Signed-off-by: Alex Pop <apop@chef.io>

* Refactor target_url method, fix tests, fix rubocop errors

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-13 16:53:36 -04:00
Chef Expeditor
18d9b74301 Bump version to 1.37.3 by Chef Expeditor 2017-09-13 12:41:17 +00:00
Adam Leff
7810051f0a package resource: assume a default Homebrew path (#2140)
* package resource: assume a default Homebrew path

Homebrew's `brew` script is installed to /usr/local/bin by default which
is usually not in a non-interactive PATH. We will now first check to see
if `brew` is in PATH, and if not, assume a default of `/usr/local/bin/brew`

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-13 08:41:09 -04:00
Chef Expeditor
9fa47f1a9e Bump version to 1.37.2 by Chef Expeditor 2017-09-13 12:16:58 +00:00
Adam Leff
d4790f7f5a Ignore linked container names when parsing docker containers (#2134)
* Ignore linked container names when parsing docker containers

If a container is linked to another container, the normal `docker ps` output
does not include this information. However, when pulling the `.Names` field
with `docker ps --format`, the linked container is listed in the name. This
is confusing for users trying to use InSpec to audit a container.

This change strips any linked container names from the actual container name.

Signed-off-by: Adam Leff <adam@leff.co>

* Linked container names aren't guaranteed to be last depending on how they were linked

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-13 08:16:53 -04:00
Adam Leff
7a3706a023 Add clarifying docs for mysql_conf resource (#2138)
The docs did not include examples for querying settings set within a named section.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-13 08:16:35 -04:00
Chef Expeditor
48f3cdc644 Bump version to 1.37.1 by Chef Expeditor 2017-09-13 12:15:15 +00:00
Rony Xavier
7d2da0c199 nginx resource: audit the nginx binary and how it was compiled (#1958)
* nginx base resource

Signed-off-by: Aaron Lippold <lippold@gmail.com>
Signed-off-by: Rony Xavier <rx294@gmail.com>
2017-09-13 08:15:09 -04:00
Chef Expeditor
dd1d0ca553 Bump version to 1.37.0 by Chef Expeditor 2017-09-11 15:37:45 +00:00
dromazmj
70548ab754 etc_fstab resource: test contents of the /etc/fstab file (#2064)
* Adding support for fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to docs of new resource etc_fstab

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Modifications to new resource etc_fstab

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
2017-09-11 15:55:03 +02:00
Jerry Aldrich III
a9d0d65c54 Add attributes file readability error handling (#2127)
* Add attributes file readability error handling

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-09-08 08:43:33 -04:00
Chef Expeditor
29c80110a8 Bump version to 1.36.1 by Chef Expeditor 2017-09-06 12:22:38 +00:00
Chef Expeditor
de2bd9aba3 Bump version to 1.35.5 by Chef Expeditor 2017-09-06 12:19:10 +00:00
Dominik Richter
19ab22f5e2 add nginx_conf accessors for http, servers, and locations (#2119)
* wip: extend nginx_conf for http+servers+locations

... well `http` entries really, but we couldnt just call it `https`.

the goal is to `nginx_conf.http` / `nginx_conf.servers` / `nginx_conf.locations` and then also have these calls cascaded down to simplify the access to these fields. the current pattern is rather tedious since we need to check for nil everywhere.

* add test for new nginx accessors

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* add docs for nginx-conf

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* fix all incorrect NGINX spellings in docs

* prevent edge-cases where nginx params are nil

for location, http, and servers

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* more descriptive to_s for nginx servers

as suggested by @adamleff, thank you!

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* add more descriptive to_s for nginx location

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-09-06 08:19:04 -04:00
Chef Expeditor
e2b528db20 Bump version to 1.35.4 by Chef Expeditor 2017-09-06 10:07:39 +00:00
Trevor Vaughan
fb011c1d10 Fix deep profile chaining (#2121)
Update to fix how multiple relative profile chaining functions.

Closes #2120

Signed-off-by: Trevor Vaughan <tvaughan@onyxpoint.com>
2017-09-06 12:06:55 +02:00
Chef Expeditor
dbb4311693 Bump version to 1.35.3 by Chef Expeditor 2017-09-05 12:37:41 +00:00
ChadScott
09b145122d Modify linux regular expression to handle process names with spaces (#2117)
* Modify linux regular expression to handle process names with spaces

Signed-off-by: Chad Scott <cscott@chadikins.com>

* Add mocks, tests, etc.

Signed-off-by: Chad Scott <cscott@chadikins.com>
2017-09-05 14:36:55 +02:00
Chef Expeditor
f3c3de241e Bump version to 1.35.2 by Chef Expeditor 2017-09-03 18:43:56 +00:00
Clinton Wolfe
f284962450 File Resource: add be_setgid, be_setuid, be_sticky matchers (#2104)
* Provisioner script to setup resource tests for setgid/setuid/sticky bit tests.  This appears to be the correct mechanism per docker_run, but I don't see any other provisioner scripts, so I suspect there is a different Chef-internal mechanism at play here.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* TDD Red for setgid/setuid/sticky File matchers

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add documentation for file resource sgid, sticky, and suid matchers

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add matchers to File for setgid, setuid, and sticky by aliasing existing predicates; TDD green

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rubocop prefers alias to alias_method.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Lint before pushing, of course

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Correct spelling of setgid and setuid matchers in docs

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add be_setgid, be_setuid, be_sticky matcher integration tests for File.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Revert "Provisioner script to setup resource tests for setgid/setuid/sticky bit tests.  This appears to be the correct mechanism per docker_run, but I don't see any other provisioner scripts, so I suspect there is a different Chef-internal mechanism at play here."

This reverts commit 42e672f3b1.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Revert "TDD Red for setgid/setuid/sticky File matchers"

This reverts commit a4f891fc7e.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-09-03 20:43:13 +02:00
Chef Expeditor
fd3dac23ce Bump version to 1.35.1 by Chef Expeditor 2017-08-31 13:55:32 +00:00
Chef Expeditor
1e57537f54 Bump version to 1.34.10 by Chef Expeditor 2017-08-31 13:51:44 +00:00
dromazmj
cb5b475bb1 etc_hosts resource: test the contents of the /etc/hosts file (#2065)
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
2017-08-31 09:51:39 -04:00
Chef Expeditor
e7b6c31e11 Bump version to 1.34.9 by Chef Expeditor 2017-08-31 07:56:18 +00:00
Jonathan Morley
3e7d47505c Add support for XML files (#2107)
* Add support for XML files

Signed-off-by: Morley, Jonathan <jmorley@cvent.com>

* Use REXML instead of nokogiri

Signed-off-by: Morley, Jonathan <jmorley@cvent.com>
2017-08-31 09:56:14 +02:00
Chef Expeditor
d0f2e49970 Bump version to 1.34.8 by Chef Expeditor 2017-08-31 07:53:50 +00:00
Adam Leff
e2fa0b5e73 port resource: support ss instead of netstat (#2110)
* port resource: support ss instead of netstat

`netstat` is officially deprecated and is replaced with `ss`. This PR
changes the port resource to use `ss` if it's available on the target
system.

Signed-off-by: Adam Leff <adam@leff.co>

* Disable Metrics/ClassLength cop on the LinuxPorts class

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-31 09:53:08 +02:00
Chef Expeditor
0f19e40d3b Bump version to 1.34.7 by Chef Expeditor 2017-08-30 20:04:28 +00:00
Anthony Shaw
d5f33f0b99 pip resource: support non-default pip locations, such as virtualenvs (#2097)
* Update pip resource for #516 allow user to set path to pip executable

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* support virtualenv path, pip file exec and better logic

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* add tests for the change to the pip path and resource

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* tests are case sensitive, although command line is not

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* use a path verification method instead of a class method

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* use guard clauses instead of conditionals

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* change the control flow to return nil when commands are not available

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* fix the return values when custom pip path is not valid

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* Refactor pip path detection to fix unit tests

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-30 22:04:22 +02:00
Chef Expeditor
d93f623934 Bump version to 1.34.6 by Chef Expeditor 2017-08-30 20:02:50 +00:00
Adam Leff
c383175417 Support mixed-case group entries (#2101)
* Support mixed-case group entries

The `group` resource downcased the input parameter unless the target
was a Windows node. However, it's completely legitimate for a Unix-y
node to have mixed case group and passwd entries.

This change does have the potential to break people that did not carefully
match their case when searching for a group, but we're currently blocking
people from using the group resource properly if they have mixed-case
entries.

Signed-off-by: Adam Leff <adam@leff.co>

* Fix unit tests

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-30 22:02:45 +02:00
Chef Expeditor
151199b5fc Bump version to 1.34.5 by Chef Expeditor 2017-08-30 18:22:05 +00:00
Mark Harrison
ef42e2efd0 Use stored http resource response (if any) (#2108)
Currently, if you check two properties of a http resource, such as
status and body, two different http requests are made to the server.
However, the response is already stored in an instance variable, so this
change just checks to see if a response is already available and uses it
rather than making another http request.

Signed-off-by: Mark Harrison <mark@mivok.net>
2017-08-30 20:21:59 +02:00
Chef Expeditor
75b9ee8c39 Bump version to 1.34.4 by Chef Expeditor 2017-08-29 05:11:57 +00:00
Jennifer Burns
3b2bf52b1d auditd_rules resource: fix get_keys error on lines that have no keys (#2103)
* Added line to fix bug when no key in file rule and updated test to validate bug fix

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Updated to consider corner case

Signed-off-by: Jennifer Burns <jburns@mitre.org>
2017-08-29 07:11:14 +02:00
Chef Expeditor
7a41cec73f Bump version to 1.34.3 by Chef Expeditor 2017-08-25 20:21:54 +00:00
Kevin Formsma
94c2e8181c Add sensitive flag to resources to restrict logging output (#2017)
* Filter check output based on sensitive flag
-Updated check in formatters to filter check output during failures based on
sensitive metadata flag
-Added functional test of output filtering
-Updated documentation with blerb on usage
* Update output format for sensitive resources

Signed-off-by: Kevin Formsma <kevin.formsma@gmail.com>

* Update color output on new test

Update the color output to match the newly-expected non-color format if there are no tests that match.

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-25 16:21:49 -04:00
Chef Expeditor
3c07341ea0 Bump version to 1.34.2 by Chef Expeditor 2017-08-25 20:13:48 +00:00
Jennifer Burns
2cef15aec3 aide_conf resource: test configuration of the AIDE file integrity tool (#2063)
* Added aide_conf resource and subsequent files

* Updated to match on all selection lines

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Changed to use CommentParser and fixed typo

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Fix typo in test file

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Updated to address PR feedback

Signed-off-by: Jennifer Burns <jburns@mitre.org>
2017-08-25 22:13:43 +02:00
Chef Expeditor
5440bb782e Bump version to 1.34.1 by Chef Expeditor 2017-08-23 14:32:42 +00:00
Chef Expeditor
f0711066e7 Bump version to 1.33.15 by Chef Expeditor 2017-08-23 14:30:19 +00:00
Adam Leff
6029a4b43d Refine the profile/test summary output of the CLI formatter (#2094)
* Refine the profile/test summary output of the CLI formatter

* The "Profile Summary" is misleading as it's not a summary of profile
  success/failure but rather the controls within the profile(s). Altered
  the output to be clear. I still like calling it the "profile summary"
  but wanted to add clarity that the numbers are about the controls.

* Made the colorized output dynamic. The success/failure will only be
  green/red if there are controls/tests that fall into that category.
  That way we are not printing red failure text when there are no
  actual failures. Fixes #1752.

* Cleaned up some grammar issues. ("1 failure" vs "1 failures")

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-23 10:29:09 -04:00
Chef Expeditor
e9fecc027d Bump version to 1.33.14 by Chef Expeditor 2017-08-21 21:40:40 +00:00
Chef Expeditor
d8da929ffe Bump version to 1.33.13 by Chef Expeditor 2017-08-21 13:36:27 +00:00
Chef Expeditor
6e806110e0 Bump version to 1.33.12 by Chef Expeditor 2017-08-18 15:35:36 +00:00
Chef Expeditor
4c2d85674b Bump version to 1.33.11 by Chef Expeditor 2017-08-18 15:29:28 +00:00
Adam Leff
367d42fb3a Properly handle held packages on dpkg-flavored OS (#2087)
* check the proper field for dpkg installation state fixes #2006

Signed-off-by: Mathieu Sauve-Frankel <msf@kisoku.net>

* Properly handle held packages on dpkg-flavored OS

InSpec was looking at the wrong field in `dpkg -s` output to determine
whether a package was installed or not. An installed, held package was
incorrectly reported as uninstalled.

This adds the proper unit tests and also adds a `be_held` matcher.

Thanks to @kisoku for the initial work in #2007.

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-18 17:29:23 +02:00
Chef Expeditor
443f1bf106 Bump version to 1.33.10 by Chef Expeditor 2017-08-17 14:48:51 +00:00
Stephan Renatus
bd165471e8 [docker_container] fix repo property (#2083)
With last weeks tag fix, `ourorg/container` ended up having its `repo` reported as `container`.
With this it'll be `ourorg/container` again.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
2017-08-17 16:48:46 +02:00
Chef Expeditor
4ce6e91544 Bump version to 1.33.9 by Chef Expeditor 2017-08-17 14:08:59 +00:00
Chef Expeditor
b28cc5ab35 Bump version to 1.33.8 by Chef Expeditor 2017-08-15 19:39:12 +00:00
Christoph Hartmann
4a3511b6ce fix case where skip is called for os_env (#2078)
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-08-15 21:32:21 +02:00
Chef Expeditor
48e20dbd1a Bump version to 1.33.7 by Chef Expeditor 2017-08-15 18:43:03 +00:00
Chef Expeditor
45e7a85ebb Bump version to 1.33.6 by Chef Expeditor 2017-08-15 17:46:20 +00:00
Christoph Hartmann
1a904ea7a5 Moves logic from os_env from initialize phase to runtime phase (#2072)
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-08-15 13:46:13 -04:00
Chef Expeditor
e6f89664bb Bump version to 1.33.5 by Chef Expeditor 2017-08-15 03:37:23 +00:00
Christoph Hartmann
b1aba69661 add mock support for os_env resource (#2070)
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-08-15 05:37:19 +02:00
Chef Expeditor
d60d95cec3 Bump version to 1.33.4 by Chef Expeditor 2017-08-14 18:57:56 +00:00
Christoph Hartmann
427f3e9ac7 Set the default cli tool for oracle db to sqlplus, during execution we will catch this missing cli but it prevents inspec check from failing if sqlplus is not available (#2057)
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-08-14 14:57:51 -04:00
Chef Expeditor
5252c7452f Bump version to 1.33.3 by Chef Expeditor 2017-08-14 17:07:20 +00:00
Chef Expeditor
9fa932ba46 Bump version to 1.33.2 by Chef Expeditor 2017-08-14 13:03:52 +00:00
Christoph Hartmann
69cf0514f2 In mock setups like inspec check the command resource was executed since inspec.os.name was “” instead of unknown. I changed to nil to catch that case. (#2056)
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-08-14 09:03:47 -04:00
Chef Expeditor
59c6c73572 Bump version to 1.33.1 by Chef Expeditor 2017-08-10 14:35:07 +00:00
Chef Expeditor
7f84e904fa Bump version to 1.32.3 by Chef Expeditor 2017-08-10 12:57:51 +00:00
Matt Kulka
0fc870de30 Fix docker_container.tag to properly fetch from image name (#2052)
Fixes #2051

Images with repos containing port numbers will have multiple colons.

Signed-off-by: Matt Kulka <mkulka@parchment.com>
2017-08-10 14:57:45 +02:00
Chef Expeditor
f579733205 Bump version to 1.32.2 by Chef Expeditor 2017-08-07 14:07:32 +00:00
Rony Xavier
041f64a87f New 'be_in' matcher for matching against values in a list (#2022)
* New matcher 'be_in'
Fixes #2018

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* small fixes to wording.

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Added code to use be_in for with the following use case:
describe nginx do
   its(module_list) { should be_in AUTHORIZED_MODULE_LIST }
end
Fixes #2018

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updates to the matcher
Fixes #2018

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added tests for the be_in matcher

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Requested updates completed

Signed-off-by: Rony Xavier <rx294@nyu.edu>
2017-08-07 16:05:22 +02:00
Chef Expeditor
d7a254a4e5 Bump version to 1.32.1 by Chef Expeditor 2017-08-03 18:19:40 +00:00
Chef Expeditor
ff72d54011 Bump version to 1.31.8 by Chef Expeditor 2017-08-02 14:44:02 +00:00
Chef Expeditor
91eb48e21f Bump version to 1.31.7 by Chef Expeditor 2017-08-02 13:29:31 +00:00
Simonas
da75f268bc Fix issue when xinetd.conf does not end in newline (#2040)
Add a newline symbol to the end of the parsed input.

Sample hexdump of a file deployed by xinetd cookbook:

$ hexdump -C /var/chef/cache/cookbooks/xinetd/templates/default/xinetd.conf.erb | tail -2
000000b0  72 20 2f 65 74 63 2f 78  69 6e 65 74 64 2e 64     |r /etc/xinetd.d|
000000bf

Signed-off-by: Simonas Kareiva <simonas@5grupe.lt>
2017-08-02 15:29:26 +02:00
Chef Expeditor
4ae34928ca Bump version to 1.31.6 by Chef Expeditor 2017-07-29 04:22:29 +00:00
Chef Expeditor
6949e9a8fb Bump version to 1.31.5 by Chef Expeditor 2017-07-27 22:41:47 +00:00
Chef Expeditor
6c6c2cbb1f Bump version to 1.31.4 by Chef Expeditor 2017-07-24 20:02:49 +00:00
Chef Expeditor
1acd8ad014 Bump version to 1.31.3 by Chef Expeditor 2017-07-24 16:37:17 +00:00
Dominik Richter
a4bd38915c bugfix: empty file strings from archive readers (#2027)
* bugfix: empty file strings from archive readers

Empty files in archives are sometimes possible (we just ran into this with TGZ), but is never a valid file to extract. So remove it and discount it altogether. Changed structure to support testing of these global calls.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* lint and rebuild

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-07-24 09:37:13 -07:00
Chef Expeditor
885a7e90ca Bump version to 1.31.2 by Chef Expeditor 2017-07-24 16:11:30 +00:00
Nicolas
332842ee48 Fix https://github.com/chef/inspec/issues/2019 (#2020)
Signed-off-by: Nicolas Rodriguez <nicoladmin@free.fr>
2017-07-18 08:28:56 -07:00
Adam Leff
9580732814 Source reader should not hand back files with nil contents (#2003)
If a profile has a data files directory that looks like this:

```
files/platforms/one/data.json
files/platforms/two/data.json
files/platforms/three/data.json
```

... the source reader will return the directories in the list of files but with
nil contents. This causes an issue when Inspec::Profile tries to create a sha256
checksum of the profile contents only to try to cast nil to a string when
building the null-delimited profile contents string.

Files that are empty will have an empty string as its contents, so it's safe to
assume that file entries with nil contents are actually a directory and have no
affect on the profile's checksum. Therefore, this change will eliminate any file
entries in responses from the source readers where the contents are nil.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-11 21:33:55 +02:00
Adam Leff
1ea06ac3ea Change host resource to use getent ahosts on Linux (#2002)
* Change host resource to use getent ahosts on Linux

In InSpec 1.31, we changed the `host` resource to use `dig` instead of `getent
hosts` for name resolution because `getent hosts` does not return all entries
(only the first v6 entry if it exists, then the first v4 entry) and we wanted to
keep the Darwin and Linux implementation as close as possible. Unfortunately,
this affected users' ability to do resolution checks for entried stored in their
/etc/hosts file.

This change goes back to using `getent` for Linux and changes to `getent ahosts`
which returns both v4 and v6 records. Additionally, the Darwin provider's dig
implementation was reordered to return v4 addresses before v6 addresses to be
consistent with how `getent ahosts` returns records.

Signed-off-by: Adam Leff <adam@leff.co>

* Update unit tests for resolve_with_getent with proper output

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-11 21:32:52 +02:00
Adam Leff
c29648a623 Release v1.31.1 (#1996)
Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 16:29:20 -04:00
Adam Leff
1fdea330d3 host resource: fix netcat detection (#1995)
The logic used to determine whether a viable netcat binary exists is wrong and
prevents Linux hosts from doing TCP reachability checks.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 16:23:57 -04:00
Adam Leff
dd3457537e Release v1.31.0 (#1994)
Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 14:07:16 -04:00
Adam Leff
3916d7aca2 Fix formatter when two profiles have the same name (#1991)
* Fix formatter when two profiles have the same name

In the event that an InSpec runner has two profiles that are named the same
(such as when InSpec generates a profile for the Flat source reader, and Test
Kitchen is running concurrently), InSpec could hand back a profile that does not
contain the example. This leads to nil control data and ugly NilClass errors
when TK runs concurrently.

This change modifies the method that finds the profile by control to not only
match on profile name but also match on example ID.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 13:30:37 -04:00
Adam Leff
7bba235014 Add support for ncat in host resource for CoreOS (#1993)
CoreOS is considered a member of the Linux family, and the `host` resource tries
to use `nc` on Linux hosts to test TCP reachability. Unfortunately, `nc` is not
available on CoreOS, but `ncat` is.

This change attempts to use `nc` first, then `ncat` if it's available.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 13:19:16 -04:00
Adam Leff
c280e9a816 Fix host resolution on Darwin, use dig wherever possible (#1986)
* Fix host resolution on Darwin, use dig wherever possible

The `host` and `dig` commands do not return non-zero if a query returns NXDOMAIN
or NOERROR, but the DarwinHostProvider was expecting it when deciding whether to
fall back to IPv4 if a IPv6 query failed. Therefore, the `host` resource would
not function properly when resolving hostnames on Darwin. The logic has been
changed to use `dig` short output and query for both v6 and v4 addresses.

Additionally, the LinuxHostProvider has been modified to prefer `dig` if it's
available to keep behavior similar between Darwin and Linux whenever possible.
This has the added benefit of providing v6 and v4 resolution if possible where
`getent hosts` only returns v6 if v6 records exist.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-05 10:45:30 -04:00
Aaron Lippold
cc7ed38d09 kernel_module resource: added blacklisting, enabled, disabled, docs and unit tests (#1798)
* Fix up methods, add command mock, do string matching in ruby instead of command

Fixes #1643
Fixes #1673

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-05 11:41:44 +02:00
Aaron Lippold
224935e9cf New postgres_hba_conf resource (#1964)
* Created pg_hba_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Created pg_hba_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Corrections

* updated to parse auth-options

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* updated `conf_path` instance var to `conf_file` for consistancy.

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* pg_hba_conf - updated the parse_line method
added test and doc files

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated few bugs on pg_hba_conf
updated test files and docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Made updates based on the reccomendations

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* PR commit

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* PR Commit

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Update Gemfile.lock

* PR Commit

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated doc file for postgres_hba_conf resource to use
'cmp' matcher instead of 'eq'

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Made requested changes, except for SimpleConfig - will address that later.

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-03 20:13:51 +02:00
Aaron Lippold
57864f1488 New postgres_ident_conf resource (#1963)
* Initial commit of pg_ident_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Initial commit of pg_ident_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Small updates to organization of code

Signed-off-by: Aaron Lippold <lippold@gmail.com>
Signed-off-by: Rony Xaiver <rx294@nyu.edu>

* updated `conf_path` instance var to `conf_file` since we are returning
a file.

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Updated few bugs on pg_ident_conf
added test files and docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added mock folders

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added mock folders

Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Added mock folders

Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Added OS check

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added mock file

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added mock folders

Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>

* added windows mock file

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Changed resource name from pg_ident_conf to postgres_ident_conf

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Completed corrections reccomended on PR

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* removed copyright information

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-03 20:01:40 +02:00
Aaron Lippold
1b58763aff updated postgres_session resource properly escape queries (#1939)
* fixed a small courner case in the error detection - error: vs error
fixed resource to use 'shellwords' module to escape the query
requested chances in method architecture for testing
added unit tests

Fixes: #1814

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* updated resource and tests with requested review changes

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* removed unneeded call to `escaped_query` in the `create_sql_cmd`.

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* removed license info

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-03 08:10:27 +02:00
Adam Leff
0d74a7dc50 Release v1.30.0 (#1978)
Signed-off-by: Adam Leff <adam@leff.co>
2017-06-29 15:19:16 -04:00
Christoph Hartmann
0839be50d6 oracle_session and mssql_session improvement (#1857)
* improve database parsing
* support sqlcli
* ensure headers are downcast
* externalize database helper
* use password as argument
* feedback from @adamleff
* inline docs update + linting
* stay backwards compatible
* implement tests
2017-06-29 11:01:32 -04:00
Adam Leff
a6582bea9b Remove any "All Rights Reserved" references (#1969)
* Remove any "All Rights Reserved" references

InSpec is licensed and released under the Apache 2.0 license. This
change removes all reference to legacy code files that still had
any Copyright or License lines referring to "All Rights Reserved".

Signed-off-by: Adam Leff <adam@leff.co>

* fix functional tests

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-06-28 04:14:19 -07:00
Jerry Aldrich III
cc6f1e90ca Add rpm_dbpath support to the package resource (#1960)
Signed-off-by: Jerry Aldrich III <jerry@chef.io>
2017-06-28 03:21:15 -07:00
Christoph Hartmann
50e762e492 fix mysql resource (#1971)
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-06-27 12:26:47 +02:00
Christoph Hartmann
8f247673e5 optimize for docker 1.13 (#1966)
Ensure docker resource works with docker 1.13+
2017-06-26 15:45:03 -04:00
Aaron Lippold
d6d9a58489 Small typo in the postgres.rb resource with a call to (#1962)
version_from_dir.

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-06-26 12:23:39 -04:00
Dominik Richter
56549aed82 add nginx_conf resource (#1889)
The resource itself only offers contents and params right now. It resolved
all include calls it can find and creates the aggregated config object.

This is limited in functionality. One last (set of) PR(s) is needed to
add an interface that makes querying this config file easier. It is due
to the file's inherent complexity that I want to explore which methods
are needed to be effective. In the meantime, this resource offers accessors
to the underlying data that are stable.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-26 06:37:41 -07:00
Christoph Hartmann
9ac36bca30 make postgres resource working in mock runner (for inspec check) (#1961)
* make postgres resource working in mock runner (for inspec check)

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>

* keep nil for empty states

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-06-26 15:16:09 +02:00
Aaron Lippold
3bb98fa1e8 Fixes the postgres_conf parsing of complex paramerters (#1938)
Fixes #1671

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-06-23 08:31:27 -07:00
Adam Leff
f7c8c646a9 Extract Compliance::API version parsing to separate method (#1931)
For cleanliness and ease of testing, I've moved the logic that
parses the server version from the compliance config to a
separate method.

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-23 08:29:50 -07:00
Richard Shade
1fbd4b57a2 Mysql socket (#1933)
* showing how to shellout in docs

Signed-off-by: Richard Shade <rshade@rightscale.com>

* adding basic example

Signed-off-by: Richard Shade <rshade@rightscale.com>

* cleanup

Signed-off-by: Richard Shade <rshade@rightscale.com>

* adding in mysql socket, as this doesn't work with non-default installs

Signed-off-by: Richard Shade <rshade@rightscale.com>

* updating per peer review to make socket not a req, and adding port

Signed-off-by: Richard Shade <rshade@rightscale.com>

* updating docs

Signed-off-by: Richard Shade <rshade@rightscale.com>
2017-06-23 08:28:15 -07:00
Adam Leff
b4f772546b Fix directory resource output and exists check (#1950)
* Fix to_s on directory resource

The `to_s` method on the `directory` resource is not defined
in the correct class, leading `directory` resources to be printed
as the parent resource (`file`) instead.

Signed-off-by: Adam Leff <adam@leff.co>

* Directory existence should check to see if it's a directory

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-23 07:44:15 -07:00
Adam Leff
81e617e1ad Release v1.29.0 (#1955)
Signed-off-by: Adam Leff <adam@leff.co>
2017-06-22 15:16:19 -04:00
Adam Leff
1601b23e8d Don't send HTTP headers that have nil values (#1948)
Net::HTTP does not gracefully handle HTTP options/headers
that have nil values. This updates Fetchers::Url to verify
that all headers we attempt to configure have non-nil,
non-empty values.

This originally surfaced via the audit cookbook with the
chef-automate fetcher in use without the data_collector
token being set.

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-21 19:09:13 -05:00
Dominik Richter
3f68835c74 reject nil as a command input (#1863)
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-19 11:07:36 -04:00
Aaron Lippold
e9371b2624 small typo in the resource with exist? function. (#1937)
Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-06-19 14:28:35 +02:00
Adam Leff
e6256a6c24 Release v1.28.1 (#1935)
Signed-off-by: Adam Leff <adam@leff.co>
2017-06-16 12:45:15 -04:00
Nolan Davidson
52cc27dd06 Adding toml resource (#1924)
* Adding toml resource

This adds a `toml` resource that inherits from the json resource and
behaves the same way as the JSON and YAML resources.

Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-06-15 16:54:12 -04:00
Adam Leff
3d4f1f8d39 Release 1.28.0 (#1930)
Signed-off-by: Adam Leff <adam@leff.co>
2017-06-15 14:52:03 -04:00
Justin Moy
45f3b8113c Host resource ping method should return stdout (#1927)
* Host resource ping method should return stdout

Signed-off-by: Justin Moy <justin.moy@sendgrid.com>

* output connection_output and socket_output

Signed-off-by: Justin Moy <justin.moy@sendgrid.com>

* lint

Signed-off-by: Justin Moy <justin.moy@sendgrid.com>

* remove output from method names / hash keys

Signed-off-by: Justin Moy <justin.moy@sendgrid.com>
2017-06-15 14:01:16 -04:00
Kristian Vlaardingerbroek
ced4ca1858 Add support for CoreOS to the service resource (#1928)
* s/package/service/ on service unit test descriptions

Signed-off-by: Kristian Vlaardingerbroek <kvlaardingerbroek@schubergphilis.com>

* Add support for CoreOS to the service resource

Signed-off-by: Kristian Vlaardingerbroek <kvlaardingerbroek@schubergphilis.com>
2017-06-15 13:19:58 -04:00
pete higgins
89e30f8d31 Reduce warnings (#1917)
* Remove some apparently unused test setup to remove some warnings.
* Initialize some instance variables before use to silence warnings.
* Remove an unused variable to remove a warning.
* Remove some indirection.
* Silence logger during tests.
* Check if an instance variable was defined before referencing to remove a warning.
* Define duplicated constant once in root rakefile.
* Initialize an instance variable to remove a warning.
* Remove PROJECT_DIR to reduce coupling.

Signed-off-by: Pete Higgins <pete@peterhiggins.org>
2017-06-15 12:10:47 -04:00
Justin Schuhmann
a69cd1efee Adds support for iis_app InSpec testing (#1905)
Signed-off-by: Justin Schuhmann <jmschu02@gmail.com>
2017-06-15 11:13:07 +02:00
Adam Leff
6668bf15ea Fix detection of Automate pre-0.8.x in Compliance::API (#1922)
The is_automate_server_pre_080? and is_automate_server_080_and_later?
methods needed some fixing. The Compliance configuration could have
a "version" key that was not nil but was an empty hash, indicating
that it came from a pre-0.8.x Automate server. What we really need
to look for is config['version']['version'] being nil?.

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-13 10:05:09 +02:00
Dominik Richter
9e3706aabe bugfix: enforce option values where needed (#1918)
Due to limitations in Thor it is not possible to set an argument to be both optional and its value to be mandatory. E.g. the user supplying the --password argument is optional and not always required, but whenever it is used, it requires a value. Handle options that were defined with mandatory values in a way that fails with an `ArgumentError` if the value is missing, i.e.:

```
> inspec exec examples/profile --password
ArgumentError: Please provide a value for --password. For example: --password=hello.
```

It works without `--password` or with `--password=arg`. Also handled for `--sudo-password`.

Fixes: https://github.com/chef/inspec/issues/1901
As suggested: https://github.com/chef/inspec/pull/1904

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-12 17:33:16 -04:00
Dominik Richter
d48b2d4096 bugfix: reading tgz files with binread (#1920)
This is currently failing because both `alias` and `alias_method` create method imprints in the FileProvider. This leads to a failure where the TarProvider assumes it doesn't implement `binread`, which in fact it does, since it just calls `read`.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-12 13:00:19 +02:00
Adam Leff
12a495c631 Add TCP reachability support on Linux for host resource (#1915)
* Add TCP reachability support on Linux for host resource

This enhances the `host` resource on Linux targets by using netcat
(if installed) to perform TCP reachability checks.

Signed-off-by: Adam Leff <adam@leff.co>

* documentation updates

Signed-off-by: Adam Leff <adam@leff.co>

* Appease rubocop

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-09 18:18:51 +02:00
Dominik Richter
3c1df959c5 bugfix: inspec archive for tgz files on windows (#1907)
On Windows, `inspec archive` would sometimes produce incorrect archive files. These would look fine, as tgz files, but would not execute correctly. This would lead to bewildering error messages like this one:

```
Unable to parse inspec.yml: line 1, control characters are not allowed
```

Fix it by treating the files as binary before writing them to get around any encoding issues, since the stream handler is a raw io object anyway.

Closely related to https://github.com/chef/inspec/pull/1906

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-08 10:19:21 +02:00
Dominik Richter
ffdce8ab5f bugfix: reading binary profile data on windows (#1906)
On Windows, we ran into the problem that the execution of inherited profiles would (sometimes) not work. This was due to the use of `File.read` and `File.write` and handling inside the file provider, which works in most cases (especially *nix systems), but does not behave as expected on Windows. A better and more correct way of treating these files is via binary read and write mode, which changes the underlying encoding of both strings that are passed along.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-08 10:19:09 +02:00
Takaaki Furukawa
4f34e3eb83 Add support for virtualization resource (#1803)
* Add support for virtualization resource

Signed-off-by: Takaaki Furukawa <takaaki.frkw@gmail.com>

* Add some methods and documentation

Signed-off-by: Takaaki Furukawa <takaaki.frkw@gmail.com>

* Refactor collect_data_linux method

Signed-off-by: Takaaki Furukawa <takaaki.frkw@gmail.com>

* Remove unnecessary hash from virtualization resource and update examples

Signed-off-by: Takaaki Furukawa <takaaki.frkw@gmail.com>
2017-06-07 14:10:29 +02:00
Dominik Richter
d051c8bdf1 bugfix: remove duplicate message in describe.one blocks
Generated duplicate messages due to the way that examples are aggregated in RSpec. Make sure we never show any duplicate test result messages, as they offer not value to any user.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-07 01:27:47 +02:00
Adam Leff
170fca3908
Release v1.27.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-06-06 11:46:54 -04:00
Dominik Richter
1c6fa01190 Merge pull request #1758 from aaronlippold/al/postgres-version-fix
funtion to get pgsql version, exposed version, cluster and fixed session
2017-06-06 15:38:27 +02:00
Juan Carlos Castillo Cano
1c98ff13f6 Support special cases for crontab resource
Signed-off-by: Juan Carlos Castillo Cano <jccastillocano@gmail.com>
2017-06-06 15:12:12 +02:00
Adam Leff
dda24b9f98 Fix compliance uploads when version is not present
The Compliance::API.version method could potentially return
a hash containing no "version" key but would return an empty
hash upon any expected failure. Downstream callers of the
Compliance::API.version method were looking for a "version"
key to always be present when, in some cases, it would not be.

This change ensures that if a version is not available, there
is no "version" key in the hash, and downstream callers of this
method have been changed to check for nil instead of empty.

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-06 14:49:25 +02:00
Dominik Richter
5fd558f247 Merge pull request #1850 from username-is-already-taken2/gb/fix_1839
Fix command exists check on Windows with full paths
2017-06-06 14:46:41 +02:00
Dominik Richter
871c6266c9 Merge pull request #1878 from username-is-already-taken2/gb/update_processes
Add windows support to the `processes` resource
2017-06-06 14:42:14 +02:00
Adam Leff
587cdf5bee Merge pull request #1860 from chef/ap/contain_duplicates_deprecation
Commenting the `contain_duplicates` deprecation until we have a good alternative
2017-06-06 08:05:09 -04:00