Commit graph

352 commits

Author SHA1 Message Date
Ryan Davis
e1061f41f2 Clean more requires
Signed-off-by: Ryan Davis <zenspider@chef.io>
2019-05-20 13:01:18 -07:00
Ryan Davis
e72f3f34aa Skip more_permissive_than? file_test because broken only on CI.
Trying to fix file_test failure that only happens on travis.

The "mock" file in question is supposed to have a stat of 644, but
actually has 664 but only on travis-ci.

Signed-off-by: Ryan Davis <zenspider@chef.io>
2019-05-17 03:19:46 -07:00
Ryan Davis
eead889325 Fix test framework contention.
RSpec is used internally. Minitest is used for our tests. They don't
really like each other. This fixes that and gets our tests
consistently running the correct number of tests (they were load-order
dependent before and each platform had its own different number of
tests it would run).

Signed-off-by: Ryan Davis <zenspider@chef.io>
2019-05-15 00:33:53 -07:00
Ryan Davis
6adf1d2560 Remove all byebug requires in code.
Please don't leave debugging remnants in the code.

Signed-off-by: Ryan Davis <zenspider@chef.io>
2019-05-14 23:24:14 -07:00
Miah Johnson
11b8da3283
Merge branch 'master' into mj/encoding 2019-05-08 12:59:55 -07:00
Miah Johnson
20bafdc4b2
Merge pull request #3988 from inspec/mj/coveralls
Add Coveralls.io support to InSpec
2019-05-08 12:58:00 -07:00
Miah Johnson
659b4b373a Remove # encoding: utf8 magic comments
Signed-off-by: Miah Johnson <miah@chia-pet.org>
2019-05-07 16:06:23 -07:00
Ryan Davis
476c6878b3 Modernize use of Minitest.
+ Turn off verbosity in Rakefile by default. Use `rake V=1` to turn back on.
+ MiniTest -> Minitest everywhere.
+ MiniTest::Unit::TestCase -> Minitest::Test everywhere.
+ Updated minitest doco urls to official and up-to-date site.
+ Normalize requires. Only needs "minitest/autorun" and "minitest/pride".

Signed-off-by: Ryan Davis <zenspider@chef.io>
2019-05-03 15:01:57 -07:00
Miah Johnson
b1d5091670 Add Coveralls.io support to InSpec
Tie coveralls into simplecov formatters
Add coveralls badge to README

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2019-04-26 13:37:55 -07:00
Clinton Wolfe
3d0b8dff2e
Merge pull request #3956 from inspec/cw/use-deprecation-everywhere-4-port
Use deprecation facility everywhere - v4 port
2019-04-17 17:12:24 -04:00
Clinton Wolfe
ba6d59dc66 Deprecation handler in unit test helper
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-04-16 16:27:56 -04:00
Matt Kulka
633cea6673 support address matchers on interface resource
Adds missing functionality to `interface`. Fixes #1830

```
describe interface("eth0") do
  its(ipv4_addresses) { should include 1.2.3.4 }
end
```

And so on... see diff/docs for additional matchers.

Signed-off-by: Matt Kulka <mkulka@parchment.com>
2019-04-12 08:24:13 -07:00
Jerry Aldrich
40031a9b83 Use deprecation facility throughout code
This converts all current deprecation warnings/TODOs to use the
`Inspec.deprecate()` deprecation facility.

This also modifies `Inspec.deprecate()` to only require 1 argument.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2019-04-11 19:15:01 -04:00
Keith Walters
c2bd0616fe Allow http resource to follow redirects
By specifying a `max_redirects` attribute, the `http` resource worker
will follow any HTTP Redirect response (301, 302, etc...) up to the
limit defined by this attribute. For a local worker, exceeding that
limit will raise a `FaradayMiddleware::RedirectLimitReached` exception.
For a remote worker, the curl command will exit without populating the
`status` and `body` properties.

Signed-off-by: Keith Walters <keith.walters@cattywamp.us>
2019-03-16 20:54:52 -04:00
Jerry Aldrich
66a343555b iis_app_pool: Fix PowerShell JSON parsing error
This works around a current bug in PowerShell where the output cannot be
parsed as JSON.

The `-Compress` flag does not affect the validity of the data but only
the appearance of the string.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2019-02-28 12:04:59 -08:00
Clinton Wolfe
5bbd4c16d6 Add size_kb, and correct Powershell code to return KB for both total size and free space, rather than total in GB and free space in bytes
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-02-06 14:01:04 -05:00
James Massardo
c1a9de7003 update helpers and mocks so tests run successfully
Signed-off-by: James Massardo <jmassardo@chef.io>
2019-02-06 14:01:04 -05:00
Clinton Wolfe
2186179061 Allow passing opts to mock Config; and use mock config in one more place in test helper
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-02-01 14:24:26 -05:00
Clinton Wolfe
102505a937 Use new config file system to read config
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-02-01 14:24:26 -05:00
Clinton Wolfe
ee76c5bb54
Merge pull request #3740 from inspec/ja/adopt-3419
iis_app_pool:  Fixes error with 'should not exist'
2019-01-25 11:56:10 -05:00
Jerry Aldrich
71eca8c4ed Add \n to @TheLonelyGhost's mocked command
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2019-01-22 15:08:25 -08:00
David Alexander
d5dbae2efd Updates stub for IIS App Pool unit test
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
2019-01-22 15:08:25 -08:00
Jerry Aldrich
3b8da7957d Mock missing_file in NGINX resource tests
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2019-01-22 13:09:17 -08:00
Jerry Aldrich
62cfcf0ebe Add mock command for oracledb_session
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2019-01-22 13:09:17 -08:00
Jerry Aldrich
4c0a582539 Mock mysql related command
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2019-01-22 13:09:17 -08:00
mhackethal
b67236e485 package: fix package detection on windows (#3607)
* Update package.rb to solve issue #3361

Update the windows package search regex.
According to issue #3361

* Update package.rb
Fix trailing spaces
* Update helper.rb

update sha for get-item-package. To fix the issue #3361
Signed-off-by: markus hackethal <mh@it31.de>
2018-11-27 13:21:25 -05:00
mhackethal
86cf55382b filesystem: improve Windows support (#3606)
* Improve filesystem.rb to support windows

improve filesystem.rb to support windows.
Split into 2 classes LinuxFileSystemResource / WindowsFileSystemResource
Add filesystem to verify a FS-type ( currently not for linux because missing test server )
Size on Windows is converted to GB - discussion about this welcome

update to reflect also windows os

* Create get-wmiobject-filesystem
* Delete get-wmiobject-filesystem

* Fix the testing code for filesystem.
Change its 'filesystem' to 'type' according to recommendation from @miah
Signed-off-by: Markus Hackethal <mh@it31.de>
2018-11-19 13:32:59 -05:00
Fernando Alexandre
8b089ea1e1 Fixes #3546 (#3592)
* When pty is used not having --no-pager makes inspec hang during the test
* Updated tests

Signed-off-by: Jose Alexandre <jose.alexandre@worldfirst.com>
2018-11-13 14:33:08 -05:00
mrshanahan
cebe044a68 Update iis_site bindingInformation construction and add tests. (#3490) (#3492)
Signed-off-by: Matt Shanahan <mrshanahan11235@gmail.com>
2018-11-08 13:42:59 -05:00
James Stocks
7c58285eb6 New resource to work with Windows security identifiers (SIDs) (#3405)
* Resource for a Windows Security Identifier (SID)
* Integration tests for security_identifier resource
* Address rubocop violations
* Improve security_identifier from PR feedback
* Update security_identifier tests
* Improve security_identifier unit tests
* Fix unit tests fpr security_identifier resource
* More security_identifier unit tests
* Add docs page for security_identifier resource
* Fix issues with documentation
* Improve docs
Link to Microsoft reference page, and use their term 'trustee' instead of 'entity' where applicable.

* Change exists to exist
* Test appveyor file changes.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-10-19 09:01:00 -04:00
Jared Quick
cb12ada2fe
Move compliance to v2 plugin (#3423)
* Move compliance pluging to v2 system.
* Update kitchen-inspec to test.
* Add legacy require patsh.
* Fix unit test

Signed-off-by: Jared Quick <jquick@chef.io>
2018-10-04 14:31:39 -04:00
Jonathan Hartman
7451917223 Support finding larger processes on Busybox (#3446)
For larger processes, Busybox's ps displays the vsz and rss columns in
megabytes or gigabytes, with no option I've found to override the behavior.

This change updates the process regex to account for that and converts
the values to kilobytes so they can still be cast as integers.

Signed-off-by: Jonathan Hartman <j@hartman.io>
2018-10-04 14:06:17 -04:00
Jonathan Hartman
08e3b90f2b Support the Busybox variant of netstat in the port resource (#3425)
Signed-off-by: Jonathan Hartman <j@hartman.io>
2018-09-25 22:40:05 -04:00
Jared Quick
40e024fa97
Move habitat to v2 plugin. (#3404)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-18 13:10:07 -04:00
Clinton Wolfe
50ff9f6a24
Plugins: Add support for 'bundles' migration (#3384)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-18 00:00:54 -04:00
Jared Quick
1c12a544c7
Add string impact options for controls (#3359)
* Add impact class which contains all cvss scores.
* Add testing for impact changes.
* Change symbols to strings for impact.
* Update error messages to be more clear.
* Fix test with new sha

Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-13 14:14:05 -04:00
Jerry Aldrich
9d031053ea Various improvements to vendor command (#3286)
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-09-06 23:28:08 -04:00
Josh Hudson
2d44b6e5e0 Cached profiles with Compliance Fetcher (#3221)
* Leverage existance check in Compliance::Fetcher.resolve to not re-download locally cached profiles
* Move logic from Compliance::API.exist? to Compliance::API.profiles to reuse code in cases where we need to access profiles' metadata directly.
* Declare @upstream_sha256 if target is a string
* Handle other fetchers that don't support upstream_sha256 within Inspec::CachedFetcher.initialize
* Add initialize for Compliance::Fetcher to not pollute Fetchers::Url with its logic
* Add Compliance::Fetcher.sha256 to leverage upstream_sha256 instead of relying on inherited method from Fetchers::Url
* Revert changes to cached fetcher that are unnecessary after refactor
* Pacify the god of ruby syntax
* Move Compliance::API.profiles filtering logic to end of method to leverage normalization of mapped_profiles
* Add and update unit tests to support caching with Compliance::Fetcher.upstream_sha256

Signed-off-by: Josh Hudson <jhudson@chef.io>
2018-08-28 09:11:38 -04:00
Vern Burton
a7ab4b8b5f Add cloudlinux under redhat family (#2935)
* adding cloudlinux into the mocker under the redhat family as it is found inside of train, and creating tests for cloudlinux that mirror the centos/redhat tests.
* adding cloudlinux under the select_service_mgmt method so that it can be matched.

Signed-off-by: Vern Burton <me@vernburton.com>
2018-08-22 15:58:38 -04:00
Robert Van Kleeck
5264cb5fdf add iis_app_pool resource (#2400)
* add iis_app_pool resource
* add sign off
* remove training whitespace
* code cleanup and simplify timeout checks
* add mock tests

Signed-off-by: Rob Van Kleeck <rvankleeck@salesforce.com>
2018-08-09 09:19:49 -04:00
Noel Georgi
9d3beb8d41 Adding docker plugin support (#3074)
* Fixing tests and squashing
* Updating as per some PR comments
* PR comments

Signed-off-by: Noel Georgi <18496730+frezbo@users.noreply.github.com>
2018-08-09 08:20:32 -04:00
Noel Georgi
b93da53237 Escaping package names for windows packages (#3259)
* Escaping package names for windows packages
* Fixing missed package_name ref
* Updating Mock SHA
* Removing unwanted file
* Linting fix

Signed-off-by: Noel Georgi <18496730+frezbo@users.noreply.github.com>
2018-08-02 14:40:14 -04:00
Jerry Aldrich
f2d64938b7 windows_feature resource: Add DISM support (#3224)
* windows_feature resource: Add DISM support

This modifies the `windows_feature` resource to fallback to DISM when
the `Get-WindowsFeature` command is not available.

* Allow specifying `:dism` or `:powershell`
* Replace stacktrace with smaller error message
* Add notes/todo about raise behavior
* Remove duplicated platform check

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-07-25 16:00:06 -04:00
Jerry Aldrich
c1d7b2cfa3 alpine resource: Fix small style issues (#3238)
* Constrain RuboCop disables to single method
* Add comment to Alpine package command
* Use single quotes for Alpine package command
* Change `it` statement to be readable

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-07-25 15:57:51 -04:00
Dan Webb
a0fffa5286 Add Alpine package provider (#3215)
- Add Alpine tests
- Stub apk grep command for alpine
- Resolve (disable for now) rubocop ABC/CyclomaticComplexity/PerceivedComplexity

Signed-off-by: Dan Webb <dan.webb@damacus.io>
2018-07-19 15:07:36 -04:00
Stanislav Voroniy
a16877f427 A number of bug fixes and new features for oracledb_session resource (#3170)
Signed-off-by: Stanislav Voroniy <stas@voroniy.com>
2018-07-09 13:57:45 -04:00
Jerry Aldrich
cf9ce1bfdc auditd resource: Add handling for sudo/no command (#3151)
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-06-20 21:27:53 -04:00
Jared Quick
06ff747cfc
Detect windows packages with trailing spaces. (#3106)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-06-01 10:39:26 -04:00
Dominik Richter
ebd1d36600 support local npm package searches (#3105)
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2018-06-01 10:52:46 +02:00
Tor Magnus Rakvåg
34b393ed3c mssql_session default port and local_mode (#3031)
* set port default to nil, introduce local_mode
* raise instead of warning
* restore default port, allow explicit nil

Signed-off-by: Tor Magnus Rakvåg <tm@intility.no>
2018-05-31 13:47:28 -04:00
Tor Magnus Rakvåg
71ba5018d2 Enhance groups resource with members property (#3029)
* implement members property
* flatten groups entry, extract flatten helper
* lints
* more idiomatic spec, add example of members testing

Signed-off-by: Tor Magnus Rakvåg <tm@intility.no>
2018-05-31 13:37:44 -04:00
Julian C. Dunn
1046a77027 Remove unneeded "-a" from the RPM query for performance improvement (#3077)
Signed-off-by: Julian C. Dunn <jdunn@chef.io>
2018-05-31 12:11:41 -04:00
Jerry Aldrich
9e8724ca6e nginx_conf resource: Fix include paths with quotes (#2726)
* nginx_conf resource: Fix include paths with quotes
* Move quote removal to `NginxParser`
* Add parsers/tests for quotes in quotes

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-05-03 09:53:20 -04:00
Henry Muru Paenga
a9e3b8d8d0 Amazon linux service mgmt detection (#2970)
Signed-off-by: Henry Muru Paenga <meringu@gmail.com>
2018-04-19 13:00:39 -04:00
David Alexander
3b97e16b97 New Resource: Chocolatey Package (#2793)
* Adds chocolatey package resource
* Adds docs for chocolatey_package resource
* Differentiate chocolatey package from windows feature

Suggested by @frezbo

Signed-off-by: David Alexander <opensource@thelonelyghost.com>
2018-04-05 08:54:27 -04:00
Paul Welch
d3b90a7c9f Pw/pip windows bug (#2883)
* Add python check for pip resource

When checking pip resources, we should skip resource if python is not
installed or we will fail with an error when trying to parse the path.

* Check pip command on windows

On Windows, if pip has a newer version available, it adds an error
message to stderr. Now checking if both stderr and stdout on windows
have values. If so, assume pip package is installed.

* Clean up powershell query command

- Make it easier to read what the powershell command is doing
- Make it easier to read what the cmd_successful method lokos for

Signed-off-by: Paul Welch <pwelch@chef.io>
2018-03-29 13:01:59 -04:00
Jerry Aldrich
2c4f041e9d powershell resource: Add support other OSs (#2894)
This adds `powershell` resource support for non-Windows OSs via `pwsh`
and Base64 encoded commands.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-03-29 11:57:15 -04:00
Omar J. Irizarry
ef8da475d3 registry_key resource was returning an incorrect value (#2871)
* registry_key resource was returning an incorrect value
when key value was greater than 2147483647
* added mock
* Fix issue with default reg key
(default) key was returning nil even when a value was present.

Signed-off-by: Omar Irizarry <irizarry_omar_j@network.lilly.com>
2018-03-26 15:44:31 -04:00
Trevor Bramble
bd8ef9d1d8
Remove obsolete mock (#2869)
This mock was a remenant of file reading tests that became obsolete with
the centralization of that code.

Signed-off-by: Trevor Bramble <tbramble@chef.io>
2018-03-22 14:06:53 -07:00
Trevor Bramble
be83af35c5
Revise /etc/hosts for correctness and clarity (#2863)
* Clean up test data, correct parse error handling
 * Use functional pipeline to avoid need for conditional clauses and clarify the intent of the comment parsing.
 * Extract magic strings to constants
 * Remove code and tests now covered by FileReader

Co-authored-by: Trevor Bramble <tbramble@chef.io>
Co-authored-by: Paul Welch <pwelch@chef.io>

Signed-off-by: Trevor Bramble <tbramble@chef.io>
2018-03-22 09:58:22 -07:00
João Vale
3e2450e703 Host resource: use bash over netcat in Linux (#2607)
* Add support to use bash in host resource

Netcat's presence is widely regarded as a security issue, and thus not
always available. This solution first tries to use bash builtins and
timeout (from coreutils), so is less likely to require installing
additional packages.

* Darwin UDP support in host resource
* Host: use netcat first if available

Signed-off-by: João Vale <jpvale@gmail.com>
2018-03-07 08:39:27 -05:00
Jerry Aldrich
e4e907624a iptables resource: Add support for other bin paths (#2783)
* iptables resource: Add support for other bin paths
* Use `%w{}` instead of `[]`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-03-06 08:56:15 -05:00
Christian Becker
b7687765f5 http resource: Support OPTIONS method (#2742)
Signed-off-by: Christian Becker <c.becker@mediaevent.services>
2018-02-27 12:59:53 -05:00
Jerry Aldrich
448eeb4637 package resource: Fix brew package detection (#2730)
* package resource: Fix `brew` package detection

This allows for package detection via `brew` to handle cases where a
particular package formula exists but is not installed.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-02-23 09:01:14 -05:00
Jared Quick
9930e40a76 Add new "reporter" system (replacement for "formatters"), support multiple reporters per run (#2464)
* Formatter and reporter refactor.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add exception and backtrace to json-min report.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add sha to json-min and include generator version for json profile.

Signed-off-by: Jared Quick <jquick@chef.io>

* Fix deprecated typo and add fallback for cli resource title.

Signed-off-by: Jared Quick <jquick@chef.io>

* Update to build json report and clean up cli logic.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add tests for json reporter.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add cli suppress_log_output? and a fallback for invalid reporter type.

Signed-off-by: Jared Quick <jquick@chef.io>

* Update suppress_log_output? to check if we are outputting to stdout.

Signed-off-by: Jared Quick <jquick@chef.io>

* Update reporter cli optoins to work with json_config.

Signed-off-by: Jared Quick <jquick@chef.io>

* Refactor some safe-navigation and variable names.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add thor banner to show reporter file output syntax.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-08 10:06:58 +01:00
Jerry Aldrich
d96a6affa7 packages resource: Add architectures support (#2469)
This adds support for `architectures` to the `packages` resource.

Example:

```
describe packages(/compat-libstdc++-33/) do
  its('architectures') { should include 'x86_64' }
  its('architectures') { should include 'i686' }
end
```

This also adds documentation for the `packages` resource

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-01-25 23:57:34 -08:00
Vern Burton
55abdebdc9 filesystem resource: inspect linux filesystems (#2441)
* adding df resource

Signed-off-by: Vern Burton <me@vernburton.com>

* adding unit tests and required mocks for them, created integration test

Signed-off-by: Vern Burton <me@vernburton.com>

* cleaning up skip test to include only the filename and not full path

Signed-off-by: Vern Burton <me@vernburton.com>

* adding docs

Signed-off-by: Vern Burton <me@vernburton.com>

* size makes more sense than space

Signed-off-by: Vern Burton <me@vernburton.com>

* removing unneeded author lines

Signed-off-by: Vern Burton <me@vernburton.com>

* as the command changed, changing mock to the new sha

Signed-off-by: Vern Burton <me@vernburton.com>

* updating to address comments from #2441

* removing author lines
* using attr_reader functions
* using ruby string functions rather than pipe to sed
* adding os family detection
* using ResourceFailed as the pattern already existed for OS family detection
* using if for future case support for unix and unix-like (FreeBSD)

Signed-off-by: Vern Burton <me@vernburton.com>

* adding supports to resource metadata, and adding tests that show that resource says that it is not supported on windows/unix.

Signed-off-by: Vern Burton <me@vernburton.com>

* focusing on linux os family and removing logic for assumed future cases

Signed-off-by: Vern Burton <me@vernburton.com>

* changing df to filesystem

Signed-off-by: Vern Burton <me@vernburton.com>
2018-01-25 09:29:31 -05:00
Jerry Aldrich
98546984ae service resource: attempt a SysV fallback if SystemD unit file is not found (#2473)
* service resource: Fix no `.service` + systemd bug

This modifies the `enabled?` check to fallback to `sysv_service` in the
event that a `.service` file cannot be found.

For example: On Debian 8.7 the stock apache2 package does not deploy a
`.service` file but deploys a SysV style service. This causes
`systemctl is-enabled` to fail when the service is in fact enabled.

* Remove `cmd_stderr` and clean up `cmd_exit_1`
* Clean up `stderr` assignment using ternary
2018-01-23 12:34:47 -08:00
ViolentOr
3c7bace964 Update security_policy resource to return Names, not SIDs (#2462)
* Added possibility to translate SID to human-readable name (using 'translate_sid: true' switch)

Signed-off-by: ViolentOr <github@violentor.me>

* fixed errors

Signed-off-by: ViolentOr <github@violentor.me>

* changed pars to opts

* renameg temp variable

Signed-off-by: ViolentOr <github@violentor.me>

* Required tests added

Signed-off-by: ViolentOr <github@violentor.me>

* fixed mistype

Signed-off-by: ViolentOr <github@violentor.me>

* should not copy-paste.

Signed-off-by: ViolentOr <github@violentor.me>

* replaced empty call with empty file

Signed-off-by: ViolentOr <github@violentor.me>

* tests fixed.

Signed-off-by: ViolentOr <github@violentor.me>

* grouped command mocks related to the security_policy resource

Signed-off-by: ViolentOr <github@violentor.me>

* bacgitend -> backend

Signed-off-by: ViolentOr <github@violentor.me>
2018-01-23 12:31:57 -08:00
Matt Kulka
c067798fc5 Docker Swarm service resource (#2456)
This change adds the `docker_service` resource for Docker swarm mode services. This
branches off some of the common elements (id, exists) into a `DockerObject` module along
with a utility function for parsing the image/repo string. That function was implemented
separately by `docker_image` and `docker_container`, now with a third resource, it made
sense to consolidate that into an included module. I used the most comprehensive
implementation. Existing classes had to be slightly modified for the genericization.

Signed-off-by: Matt Kulka <mkulka@parchment.com>
2018-01-23 12:30:14 -08:00
Jerry Aldrich
944dfdc987 grub_conf resource: fix menuentry detection (#2408)
* Fix `grub_conf` menuentry detection

This does the following:
  - Corrects Grub2 bug where last entry was always selected
  - Adds support for specifying a Grub2 menu entry by name
  - Adds support for using `GRUB_DEFAULT=saved` with Grub2
  - Adds more Unit tests

* Add error if menuentry name cannot be extracted
* Add handling for missing/unreadable grubenv
* Add defensive code for failed menuentry extraction
2018-01-18 13:20:48 -08:00
Vern Burton
175c3e1189 xml resource: support fetching attributes (#2423)
* adding database.xml with attributes to files and mocking it in the helper.rb

Signed-off-by: Vern Burton <me@vernburton.com>

* adding logic to test class returned by XPATH and using functions from respective classes to fill a array for return, and unit and integration tests to ensure functionality

Signed-off-by: Vern Burton <me@vernburton.com>

* updating docs to show how attributes are used

Signed-off-by: Vern Burton <me@vernburton.com>

* 'and' instead of 'or' makes more sense

Signed-off-by: Vern Burton <me@vernburton.com>

* adding default else for capturing unknown classes from REXML

Signed-off-by: Vern Burton <me@vernburton.com>

* removing extra newline

Signed-off-by: Vern Burton <me@vernburton.com>

* adding fail case with enough information to debug in future case

Signed-off-by: Vern Burton <me@vernburton.com>
2018-01-16 14:26:39 -08:00
Vern Burton
712ba520ad mssql_session resource: add port parameter (#2429)
* adding SQL 2012 SP1 for mssql_session testing

Signed-off-by: Vern Burton <me@vernburton.com>

* updating SHA to match new commands with ports in them

Signed-off-by: Vern Burton <me@vernburton.com>

* adding port, and a default value and moving from skip_resource to resource_fail

Signed-off-by: Vern Burton <me@vernburton.com>

* adding new sha for custom host

Signed-off-by: Vern Burton <me@vernburton.com>

* adding tests for hostname and migrating test that passed port in host to a dedicated port test

Signed-off-by: Vern Burton <me@vernburton.com>

* adding integration test

Signed-off-by: Vern Burton <me@vernburton.com>

* removing services as appveyor does not have integration testing running so it would be a waste of time to enable it

Signed-off-by: Vern Burton <me@vernburton.com>

* mock instance command

Signed-off-by: Vern Burton <me@vernburton.com>

* making instance readable

Signed-off-by: Vern Burton <me@vernburton.com>

* adding instance test

Signed-off-by: Vern Burton <me@vernburton.com>

* moving to ResourceSkipped as ResourceFailed is targeted for a major release

Signed-off-by: Vern Burton <me@vernburton.com>
2018-01-16 14:04:00 -08:00
Jerry Aldrich
c2a65942d9 Add support for Darwin Directory Service groups (#2403)
* Add support for Darwin Directory Service groups

This allows users to verify groups added by Chef on OS X.

The current method that `UnixGroup` uses is to check the contents of
`/etc/group`, but OS X adds groups to Directory Service and not
`/etc/group`. This modifies the `group` resource on Darwin to use
`dscacheutil` to get group info.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Clean up `select_group_manager`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Clean up DarwinGroup `groups` method

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-12-20 16:57:45 +01:00
Miah Johnson
e33f4959e1 Allow crontab resource to read crontab at user specified paths. (#2328)
* add a emulated /etc/cron.d/crondotd file to the mocking system.

* test that we handle incoming paths correctly by rendering to_s.

* We take in both users and a path, so lets call that destination.

* To make the test pass we'll determine if we are dealing with a path or
a user and return the correct string.

* we will need the ability to determine if we are dealing with a path when either calling the crontab command or reading the file directly, so break that out into a path? method.

* remove author field.

* test contents of our crondotd file.

* we have to explicitly make @destination a String to use include?.

* when we get a path we use inspec.file to get conents, otherwise we run the crontab command.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add documentation for example usage with file path.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Make path? and path_or_user private methods

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add missing username filed to crondotd mock file

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Pass argument as a hash when testing file paths

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Expected results should include usernames when testing file paths

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add special string `@yearly` test to crondotd mock file

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add user to existing cron tests

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Rubocop says I need spaces after/before curly brackets

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add user to crondotd file tests and add @yearly test

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Modify initialize to take options hash and be backwards compatible.

Change initialize default argument to create a hash by default, though
it is still possible to pass in a 'user' string argument.

@user gets set with the argument value unless its a hash, in which case
it tries to set the value of the user key, otherwise it becomes nil.

@file gets set with the value of the path key, unless it doesn't exist
in which case it becomes nil.

All hash keys are symbolized to ensure consistent access.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Check if @path is nil to determine if we run crontab command or parse
file.

path? was removed as we're not overloading a @destination variable
anymore.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* if @user is nil assume current user otherwise crontab for @user

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Change to complete if rather than ternary.

We have three possible cases, current user, other user, or file path.
This accounts for all of them.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add user to the crontab FilterTable

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Remove path? and path_or_user

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Move crontab parsing to two methods, parse_user_crontab and
parse_system_crontab

Because a command in a crontab file could have spaces we must parse user
and system crontabs differently.

When we parse user crontabs the user field will either be nil, or the requested user.

Both user and path parsers handle special strings (@yearly, @weekly,
etc). And also account for position of user in these files (or adds it
in user case)

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Update examples with user: and path:

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add spaces after : in example docs

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Disable rubocop ClassLength check

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Moved rubocop ClassLength metric next to class instead of above the
module.

Remove unnecessary braces.

Add is_system_crontab? and is_user_crontab helper methods and use them.

Add tests to see if error conditions are raised when the resource is
invoked with missing parameters (user, or path), and on a unsupported
os.

Change initialize to group all hash functions together and raise errors
when user and path is unset. Also raise errors on unsupported operating
systems.

Change order of ternary and use is_system_crontab? rather than
@path.nil?

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2017-12-07 13:50:07 +01:00
Jared Quick
31578de5e4 Fix inspec appveyor test with the new local train transport (#2376)
* test appveyor with ruby#File

Signed-off-by: Jared Quick <jquick@chef.io>

* Update inspec train to version 0.31.1

Signed-off-by: Jared Quick <jquick@chef.io>
2017-12-06 15:18:38 -05:00
Jared Quick
4b1c1b041f security_policy resource: use PID for filename instead of random (#2368)
* Update security policy export to use pid instead of random.

Signed-off-by: Jared Quick <jquick@chef.io>

* Update helper for the new train.

Signed-off-by: Jared Quick <jquick@chef.io>
2017-12-04 15:31:06 -05:00
Jared Quick
3f14e467b3 Unique export file for security policy resource (#2350)
* Add a unique export for security policy resource.

Signed-off-by: Jared Quick <jquick@chef.io>

* Remove skip resource on empty policy file.

Signed-off-by: Jared Quick <jquick@chef.io>
2017-11-29 15:16:40 +01:00
Adam Leff
98db74a466 http resource: properly support HEAD request with remote worker (#2340)
The existing method of adding `-X HEAD` to the curl command does not
work properly and can cause timeouts because curl doesn't properly
close the connection. The correct way is to use curl's own `--head`
flag.

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-27 18:17:39 +01:00
Seth Chisamore
396752ba26 Add basic param handling to remote HTTP worker (#2286)
http resource: Add basic param handling to remote HTTP worker
2017-11-16 12:16:23 -05:00
malovdm1
923e4abf21 sqlplus credentials could contain special symbols and need to be escaped (#2308)
Signed-off-by: Dmytro Malovany <dmytro.malovannyy@gmail.com>
2017-11-15 21:49:09 +01:00
Brett Delle Grazie
0bb318c2dc http resource: supply max-time option using read_timeout and open_timeout (#2289)
Curl doesn't distinguish between them so need to use the sum of both as
the overall timeout.

fixes #2288

Signed-off-by: Brett Delle Grazie <brett.dellegrazie@gmail.com>
2017-11-09 11:11:19 +01:00
Seth Chisamore
af8443d1ea Use proper syntax in curl header option (#2285)
`curl` expects a valid header per RFC 2616 when using the
`-H`/`--header` option. RFC 2616 declares header field/values
should be separated using a colon (`:`):
https://tools.ietf.org/html/rfc2616#section-4.2

Signed-off-by: Seth Chisamore <schisamo@chef.io>
2017-11-03 14:28:54 -04:00
Wei He
71ed5ef964 service resource: properly search for SysV Init S files (#2274)
* bug fix: Service resource

Signed-off-by: Wing924 <weihe924stephen@gmail.com>

* fix test case

Signed-off-by: Wing924 <weihe924stephen@gmail.com>
2017-11-02 15:03:51 +01:00
Markus Grobelin
221db7e132 mount resource: fix for Device-/Sharenames and Mountpoints including … (#2257)
* mount resource: fix for Device-/Sharenames and Mountpoints including whitespaces

Device-/Sharenames and Mountpoints on Linux may include whitespaces (\040), e.g. /etc/fstab entry like:

```//fileserver.corp.internal/Research\040&\040Development /mnt/Research\040&\040Development cifs OTHER_OPTS```

... results in a mount line like:

```//fileserver.corp.internal/Research & Development on /mnt/Research & Development type cifs (OTHER_OPTS)```

The Linux mount command replaces \040 with whitspace automatically, so this should be tributed.

I used a control like this:

```
    describe mount('/mnt/Research & Development') do
      it { should be_mounted }
      its('device') { should eq  '//fileserver.corp.internal/Research & Development' }
    end
```

Before:

```
  ×  whitespaces-1: Mount with whitespace within sharename and mountpoint. (1 failed)
     ✔  Mount /mnt/Research & Development should be mounted
     ×  Mount /mnt/Research & Development device should eq "//fileserver.corp.internal/Research & Development"

     expected: "//fileserver.corp.internal/Research & Development"
          got: "//fileserver.corp.internal/Research"

     (compared using ==)
```

After:

```
  ✔  whitespaces-01: Mount with whitespace within sharename and mountpoint.
     ✔  Mount /mnt/Research & Development should be mounted
     ✔  Mount /mnt/Research & Development device should eq "//fileserver.corp.internal/Research & Development"
```

Signed-off-by: Markus Grobelin <grobi@koppzu.de>

* mounts_with_whitespaces: make lint happy

Signed-off-by: Markus Grobelin <grobi@koppzu.de>

* mount resource: added parentheses as suggested by https://github.com/chef/inspec/pull/2257/files

Signed-off-by: Markus Grobelin <grobi@koppzu.de>

* mount resource: fix for Device-/Sharenames and Mountpoints including whitespaces
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
2017-11-01 12:01:21 +01:00
Markus Grobelin
2251270929 cran resource: check for R module installation (#2255)
* Added CRAN resource to check R modules

control 'cran-1' do
  impact 1.0
  desc '
    Ensure R module DBI is installed.
  '

  describe cpan('DBI') do
    it { should be_installed }
    its('version') { should cmp >= '3.0' }
  end
end

Signed-off-by: Markus Grobelin <grobi@koppzu.de>

* cran resource: made lint happy, added negative unit test, removed unused arg perl_lib_path

Signed-off-by: Markus Grobelin <grobi@koppzu.de>
2017-10-25 16:14:29 +02:00
Markus Grobelin
c626dfdbd9 cpan resource: check for Perl module installation (#2254)
* Added CPAN resource to check Perl modules

control 'cpan-1' do
  impact 1.0
  desc '
    Ensure Perl modules DBI and DBD::Pg are installed.
  '

  describe cpan('DBI') do
    it { should be_installed }
  end

  describe cpan('DBD::Pg') do
    it { should be_installed }
    its('version') { should cmp >= '3.0' }
  end
end

Signed-off-by: Markus Grobelin <grobi@koppzu.de>

* cpan resource: fixed unit test for non-installed module

Signed-off-by: Markus Grobelin <grobi@koppzu.de>
2017-10-25 16:01:26 +02:00
Adam Leff
8dc48533aa new resource: elasticsearch resource, test cluster/node state (#2261)
* new resource: elasticsearch resource, test cluster/node state

This is a new resource for testing an Elasticsearch cluster. It operates
by fetching the `_nodes` endpoint from a given Elasticsearch node and
collects data about each node in a cluster, even if there's only a
single node.

This work is based on inspiration from an initial PR #1956 submitted by
@rx294.

Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>
Signed-off-by: Adam Leff <adam@leff.co>

* Reduce mock data on non-default tests

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-20 17:28:48 -04:00
Matt Ray
c21ce063ab Replace WMI query with PowerShell cmdlet "get-hotfix" (#2252)
Signed-off-by: Matt Ray <matthewhray@gmail.com>
2017-10-18 12:24:11 +01:00
username-is-already-taken2
fd558b63ac Corrected some unit test warnings (#2242)
Signed-off-by: username-is-already-taken2 <gary.bright@niu-solutions.com>
2017-10-17 14:49:26 +02:00
Adam Leff
5114173e50 Support PAX-formatted tar files, standardize file lists (#2225)
* Support PAX-formatted tar files, standardize file lists

When a tar file is generated in PAX format, the files have an additional
relative path prefix added to them. For example, instead of:

inspec.yml

... the file is listed as:

./inspec.yml

And the source reader plugin looks only for a "inspec.yml" file to
determine the profile format.

This change addresses this issue by normalizing the file paths in the
TarReader and accounting for the additional "./" prefix that may exist
whenever the tar file is walked looking for a file to read its content.

Signed-off-by: Adam Leff <adam@leff.co>

* Remove pax from unit test, will move to functional

Signed-off-by: Adam Leff <adam@leff.co>

* Add function test for the pax header tar file

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-10 10:36:57 +01:00
Keith Walters
2a8d6e0e91 Uses netstat to detect open ports on AIX (#2210)
* Uses netstat to detect open ports on AIX

Signed-off-by: Keith Walters <keith.walters@cattywamp.us>

* Adds unit tests for AIX port resource

Signed-off-by: Keith Walters <keith.walters@cattywamp.us>
2017-10-10 10:54:18 +02:00
Adam Leff
939ee5ecfc processes resource: support busybox ps (#2222)
This change enhances the processes resource to support the busybox
ps command which is common on Alpine, for example. The way we
map ps fields to the structs needed by FilterTable have also been
refactored to be more flexible so we can support multiple formats
in the future.

Also, the processes resource now allows the grep argument to be optional
thus allowing a user to query all resources without passing in a
match-all regex.

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-06 19:32:39 +02:00
Jared Quick
7bb7767dae Add nil check for sshd config file (#2217)
* Add nil check for sshd config file

This fixes #1778. There was a issue where if the user did not have read
permissions on /etc/ssh/sshd_config it would error out on the empty?
check. The fix here is to also look for nil on the file content. Along
with this I refactored the inspec file empty? check as it does not exist
and was also erroring during my testing.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add emptyfile test object and refactor tests

Signed-off-by: Jared Quick <jquick@chef.io>
2017-10-06 15:41:48 +02:00
Adam Leff
21ba43d6a5 http resource: properly execute tests on remote target (#2209)
Currently, the http resource always executes locally, even when scanning
a remote machine with `--target` which leads to undesireable behavior.

This change adds the ability to remotely execute tests with curl. This
behavior is currently opt-in with the `enable_remote_worker` flag, but
will become the default behavior in InSpec 2.0. Deprecation warnings
are emitted if the user is scanning a remote target but has not opted
in to the new behavior.

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-04 22:44:09 +02:00
dromazmj
7fc7942ab1 firewalld resource: inspect the status and configuration of firewalld (#2074)
* New Resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resourec - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource - firewalld

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource firewalld

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Modifications to new resource - firewalld

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Changing firewalld_command method to prepend the command with 'firewall-cmd' to reduce code reuse.

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Modifications made
	* installed? method now tells by checking if firewall-cmd is a command on the system
	* The firewalld_command method now strips the stdout of the return
	* added another test for testing multiple active zones

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Fixing rake lint issue

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Fixing match and returning boolean for seeing if firewalld is running

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Fixing lint issues

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Empty commit to rerun.  Accidentally updated branch.

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Rerunning test, accidentally updated branch. needs sign off commit

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
2017-09-27 14:05:35 +02:00
dromazmj
b23a58b573 etc_hosts_allow and etc_hosts_deny resources: test the content of the tcpwrappers configuration files (#2073)
* New Resource-combined etc_hosts_allow etc_hosts_deny

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
2017-09-25 13:49:04 -04:00
Matt Ray
e23249d635 windows_hotfix resource: test whether a Windows HotFix is installed (#2178)
* Add hotfix resource for Windows

Signed-off-by: Matt Ray <matthewhray@gmail.com>

* Renamed hotfix to windows_hotfix

Added additional unit test checking for KB that is not present on a box

Signed-off-by: Matt Ray <matthewhray@gmail.com>

* Integration test to spot-check for hotfixes

Queries the Windows operating system via Powershell for a list of all
installed hotfixes and spot-checks every 10th one with the
windows_hotfix resource. Checking hundreds is time-consuming. Also
checks to ensure a non-installed hotfix is not present.

Signed-off-by: Matt Ray <matthewhray@gmail.com>
2017-09-25 19:09:22 +02:00
Jerry Aldrich III
3d7244fb07 Add wildcard support to Utils::FindFiles (#2159)
Wildcards are evaluated prior to applying `sudo` permissions. This
means that running `sudo find /some/path/*.conf` will fail if the user
does not have read permissions on `/some/path/` because the wildcard
cannot expand before `sudo` is applied and `*.conf` isn't a file.

The solution for this is to run the command in a subshell that has the
proper permissions (e.g. `sudo sh -c 'find /some/path/*.conf'`).

This modifies `Utils::FindFiles` to use a subshell thus allowing
wildcard support.

This fixes #2157

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-09-23 09:17:34 +02:00
Jerry Aldrich III
cbcca9f39e Modify Upstart enabled check to use config file (#2163)
This modifies the enabled check for the `service` resource to use the
service's config file instead of `initctl show-config`.

`initctl show-config` does not accurately show the state of a service if
that service's config file is modified while the service is running.

This fixes #1834.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-09-21 12:21:34 -04:00