* Resource for a Windows Security Identifier (SID)
* Integration tests for security_identifier resource
* Address rubocop violations
* Improve security_identifier from PR feedback
* Update security_identifier tests
* Improve security_identifier unit tests
* Fix unit tests fpr security_identifier resource
* More security_identifier unit tests
* Add docs page for security_identifier resource
* Fix issues with documentation
* Improve docs
Link to Microsoft reference page, and use their term 'trustee' instead of 'entity' where applicable.
* Change exists to exist
* Test appveyor file changes.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add missing tests for groups resource, document members propery, and assorted fixes.
Update existing documentation for group resource.
Add documentation for groups resource.
Update group resource tests to test members property.
Change groups resource members property to have simple style. (this
ensures members is a single array)
remove deprecated have_gid propery.
change `if !` to `unless`
Remove early return from members method. This prevented members from
working correctly on any OS other than Windows.
Add missing tests for the groups resource.
remove tests for has_gid
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Fix comments
Signed-off-by: Jared Quick <jquick@chef.io>
* Remove deprecated yumrepo. (#3435)
* Remove deprecations for cli `--format` and metadata.rb (#3452)
* Remove deprecated database_helpers stderr/stdout methods.
Update deprecation text for processes/apache.
* Remove deprecations for `--format` and metadata.rb
Remove deprecated `format` code.
Remove deprecated code test and change json-config format test to use
reporter.
Remove deprecated metadata.rb code
Remove deprecation notice for old supports syntax.
Deprecate metadata.rb from source_reader
Remove rubocop disables as they are no longer required for this code block.
Remove deprecated legacy metadata.rb mock profiles.
Remove deprecated metadata.rb profile tests.
Remove deprecated yumrepo test.
* Allow inspec-3.0 branch to be tested.
* Allow appveyor to test inspec-3.0 branch
* Change runner tests to use reporter rather than format.
Remove deprecated `supports: linux` tests.
* Remove skip from inherited profiles from showing up in reporting (breaking change) (#3332)
* Skip loading dependency profiles if they are unsupported on the current
platform.
Skip loading dependencies if they are unsupported on the current
platform.
Wrap our log and next in a conditional checking if the platform is
supported.
Change a `if !` into a `unless`
Check if the backend is a Train Mock Connection and if so say that the
profile does support the platform.
While iterating through tests being loaded skip when the platform is
unsupported.
We now log a WARN when a profile is skipped due to unsupported platform,
so lets check that.
Modified existing test to log that there are 0 skipped tests, instead of
2.
Add functional test that loads profile-support-skip with a json reporter
to check that our controls are not loaded and that stderr contains our
warning.
* Rather than iterating through each test return before recursion if the platform is
unsupported.
* Resolve tests using a supported platform different from testing platform
Add a control to `test/unit/mock/profiles/complete-profile` that would
work on any OS with a Internet connection. This allows the profile
to execute on any OS with success. `filesystem_spec.rb` was a control
that would only work on Linux and some BSD's.
We want profile tests to consistently work across development and testing
platforms, and not get 'skipped' in some cases. Travis-CI tests on Linux,
Inspec Dev team uses Linux and MacOS, Appveyor tests on Windows
Also Updated `file_provider_test.rb` for `complete-profile` content changes.
If you `MockLoader.load_profile` on a unsupported platform you might not
hit the usual skip. Lets handle situations where the tests array in
Profile#load_checks_params could be nil.
* Use safe navigation rather than checking if tests is nil.
Update tests to point to unsupported_inspec and account for WARN changes.
Make unsupported_inspec profile support os-family 'unsupported_inspec'
* Fix skip bug when using include/require controls. (#3487)
* Fix skip bug when using include/require controls.
* fix test and feedback.
* Remove need for UUID detection for Automate report (#3507)
* Add json metadata for skipped profiles (#3495)
* Add skip metadata to json reports
* Unify skip messages.
* Update with status field.
* Add testing.
* Fix tests.
* lint
* Add skip exit codes for profile skips.
* Update website for 3.0 launch
Add `plugins` to sidebar.
Change 2.0 -> 3.0 in slim files.
Update 3.0 features list.
* Fix comments
* Update float to numeric.
* Change Float to numeric.
* updated feature list and impact doc
* Change "What's new in InSpec 3.0" -> "Announcing InSpec 3.0"
* Bump VERSION to 3.0.0 (#3511)
* Remove 3.0 testing checks.
* Fix azure link.
For larger processes, Busybox's ps displays the vsz and rss columns in
megabytes or gigabytes, with no option I've found to override the behavior.
This change updates the process regex to account for that and converts
the values to kilobytes so they can still be cast as integers.
Signed-off-by: Jonathan Hartman <j@hartman.io>
This is useful when you have multiple versions of the same gem installed. It can be leveraged like so:
```
describe gem('rest-client') do
its('versions') { should include /1.8\.\d+/ }
its('versions') { should include /2.0\.\d+/ }
its('versions.count') { should_be eq 2 }
end
```
Signed-off-by: Ben Abrams <me@benabrams.it>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
Signed-off-by: Jared Quick <jquick@chef.io>
* adding cloudlinux into the mocker under the redhat family as it is found inside of train, and creating tests for cloudlinux that mirror the centos/redhat tests.
* adding cloudlinux under the select_service_mgmt method so that it can be matched.
Signed-off-by: Vern Burton <me@vernburton.com>
* windows_feature resource: Add DISM support
This modifies the `windows_feature` resource to fallback to DISM when
the `Get-WindowsFeature` command is not available.
* Allow specifying `:dism` or `:powershell`
* Replace stacktrace with smaller error message
* Add notes/todo about raise behavior
* Remove duplicated platform check
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Constrain RuboCop disables to single method
* Add comment to Alpine package command
* Use single quotes for Alpine package command
* Change `it` statement to be readable
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Use fail_resource rather than skip_resource when the platform is not
supported by the resource.
* Update tests to handle failing on unsupported platforms.
Update functional tests.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* apache_conf resource: Strip quotes from values
* Update regex to capture all vars between quotes
* Change `x` and `y` to proper variable names
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Un-deprecate plural properties on shadow; deprecate the singular versions
* Update filtertable interface to current
* A weak attempt at making the docs coherent
* Doc feedback per Jerry
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* set port default to nil, introduce local_mode
* raise instead of warning
* restore default port, allow explicit nil
Signed-off-by: Tor Magnus Rakvåg <tm@intility.no>
* implement members property
* flatten groups entry, extract flatten helper
* lints
* more idiomatic spec, add example of members testing
Signed-off-by: Tor Magnus Rakvåg <tm@intility.no>
* Add integration and unit tests for aws_ec2_instances
* Basic docs for aws_ec2_instances
* Add basic aws_ec2_instances resource
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add check if aws s3 bucket is encrypted.
Required terraform aws provider >= 1.6
Fix indentation issue in aws_s3_bucket.rb
* Implement most changes recommended by @TrevorBramble, and refactored other methods to align with recommendations (except Terraform nitpick; preference is to keep coding style consistent until full refactor).
Signed-off-by: Jeremy Phillips <github@uranusbytes.com>
* nginx_conf resource: Fix include paths with quotes
* Move quote removal to `NginxParser`
* Add parsers/tests for quotes in quotes
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Update tests and docs to assume one recorder per region
* Config recorder supports singleton fetch
* Docs and tests for singleton mode delivery_channel
* Implementation for singleton delivery channel, and some other code cleanup
* Implement some feedback, and fix a bug in traversing the struct in looking for empty results
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Bug replication tests, unit and integration
* Fixes statement_count
* Fixes statement_count and have_statement
* rubocop trim whitespace
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Update singular implementation to avoid use of inner object
* Update docs and tests for 3 new filters and properties on aws_vpcs
* Implement new filters and properties; one failing test due to odd FilterTable behavior
* changes to avoid bug 2929
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add tests for method chained shadow resource with readable and
unreadable shadow files.
Ensure @params always has a safe value, otherwise we may stacktrace when
unable to read /etc/shadow and invoked with method chaining.
* Wrap deprecation notices with a proc/must_output to clean up test
output.
Added some missing newlines.
Catch deprecation notice on `lines`.
* Resolve the majority of the issues pointed out by @tbramble.
Deprecate `lines`; its really only used internally but it was 'exposed'
through tests and who knows if there is external use. `lines` is not
documented as a property at least..
`#set_params` is much better now =)
Signed-off-by: Miah Johnson <miah@chia-pet.org>
Provides low-, and mid-level properties and matchers for examining rules on aws_security_group.
* Second draft of docs for SG rules interface; need to clarify semantics of reject
* First cut at unit tests
* Cleanup test fixtures
* Implementation for allow, with plausible unit tests
* Doc updates based on reality
* Add integration tests; move allow to allow_ / out; several docs updates
* Add be_open_to_the_world and be_open_to_the_world_on_port
* Update docs to reflect adding allow_only
* Update docs to reflect use of position to allow multiple rules with 'only'
* Implement allow_only with unit tests; still need integration tests
* Add integration tests for allow_only
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* * Adds new property to test how many days ago the CloudTrail delivered logs to the CloudWatch Logs.
* * Changes query for selected cloud trail in unit test
* Changes uses Time.now explicitly instead of making a variable in the unit test
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
* Adds new property to test the users in an aws_iam_group
* Adds terraform code to add the recall_hit user to the administrator group
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
* Initial commit of skeletal resource aws_route_tables
* Fixes issues with documentation
* Renames route table terraform resources to be more conventional
* Removes tags terraform resources
* Changes aws_route_table and aws_route_tables integration tests to use new terraform names
* Removes unneeded data given in unit tests
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
* Initial commit of skeletal resource aws_s3_buckets
* Add fixes to documents
* Removes property 'creation_date' for there is no use case as of right now
* Rebases on master and moves aws_s3_buckets integration test to the correct location
* Adds test on unit test for false exists
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
* Adds chocolatey package resource
* Adds docs for chocolatey_package resource
* Differentiate chocolatey package from windows feature
Suggested by @frezbo
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Add AWS hardware MFA matcher
Adding a hardware as well as a virtual MFA matcher for aws_iam_root_user
resource
* Add New AWS Root Matcher Docs
- Add documentation for new root MFA matchers
- Fix logic for checking MFA devices from feedback on PR
* Add Integration tests for MFA matchers
- Add integration tests for virtual and hardware MFA matchers
- Clean up logic for has_virtual_mfa_enabled? method
Signed-off-by: Paul Welch <pwelch@chef.io>
Without the terminating character ($), it just accepted any characters
at all after the initial matching set.
Also add some tests to assure we're raising appropriately.
Co-authored-by: Trevor Bramble <tbramble@chef.io>
Co-authored-by: Joshua Padgett <jpadgett@chef.io>
Signed-off-by: Trevor Bramble <tbramble@chef.io>
This adds `powershell` resource support for non-Windows OSs via `pwsh`
and Base64 encoded commands.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Mitigate trivial warning on test by initializing
Also fixes passing a ambiguous argument.
* Mitigate trivial warning by removing redundant method
Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
* Initial commit of skeletal resource aws_kms_key
* * Adds comments to rerun travis
* * Clarifies some parts of the doc.
* Changes matcher have_aws_key_manager to manged_by_aws
* Fixes copypasta
* Adds clarification to property names
* Fixes rescueing exceptions from the api
* raises exceptions in the unit tests
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
* Clean up test data, correct parse error handling
* Use functional pipeline to avoid need for conditional clauses and clarify the intent of the comment parsing.
* Extract magic strings to constants
* Remove code and tests now covered by FileReader
Co-authored-by: Trevor Bramble <tbramble@chef.io>
Co-authored-by: Paul Welch <pwelch@chef.io>
Signed-off-by: Trevor Bramble <tbramble@chef.io>
* Initial commit of skeletal resource aws_sns_topics
* Adds clarification in documentation
* Adds functionality for calling the next token returned from aws api.
* Wraps api calls in the catch_aws_errs method
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
* Create file-check functionality into utility file
There are the similar issues as PR #2302. Almost resources return false
positives when a file does not exist or is not read.
* Replace to file-check functionality
* Fix dh_params and x509_certificate resources
If a file is empty, OpenSSL::PKey::DH and OpenSSL::X509::Certificate have
raised an exception and have skipped the inspection. Thus x509_certificate
and dh_params resources are not allowed to read a empty file.
* to_s of shadow expects filters is not nil
* Remove workaround of sshd_config
Removes the workaround of sshd_config since Travis CI fails due to a bug
of dev-sec/ssh-baseline and the PR #100 will fix it.
* Use init block variable in methods
Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
* Initial commit of new resource
* Makes changes to docs to match changes to the resources.
* Adds clarifications in docs and changes it to be an erb file.
* Simplifies some unit tests
* Wraps calls to the api in a aws_catch_errors method
* Removes provisioner terraform code
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
* quote password when generating mysql command string
* added a test for mysql_session, added shellwords escaping to mysql_session resource
* changed the name of the escape method
* clarified test conditions
Signed-off-by: Tom Hodder <tom@limepepper.co.uk>
shadow file.
After much thought the deprecations from #2642 were for the wrong methods.
Plural method names feel much more natural when working with this
resource because you can have more than a single result.
Consider a match like `shadow.user(/^www/)`, this could return multiple
users, so `shadow.users` feels more natural here.
The problem is that the fields we're matching in the shadow file itself
are singular. Each entry is for a user, which has a password, and some
other fields. A user never has `passwords` in the shadow file, only a
`password`.
This is made more obvious when you use the `filter` method.
When we use this filter: `shadow.filter(min_days: 20, max_days: 30)` we
are matching fields in the shadow file and not using our matcher
methods. This means that if there is a discrepancy between our matcher
methods, and the shadow fields the user could end up confused. Like I did =)
This PR changes:
Changed matchers to match shadow fields.
Updated documentation to reflect changes.
Updated tests to reflect changes.
Re-add `filter` method, and add a test for it.
Renamed variable for FilterTable to be less confusing.
Renamed query argument for methods to be consistent.
Cleanup docs based on comments from @jerryaldrichiii
Make Rubocop happy <3
Signed-off-by: Miah Johnson <miah@chia-pet.org>
Removes skip_resource and raise .. if InSpec.os stuff from initialize as this is covered by platform support.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Change shadow resource to use FilterTable rather than custom filter
implementation.
Add tests for singluar aliased methods and other minor changes to work
with FilterTable output.
Coverage is at 100%
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* merge master
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add support to use bash in host resource
Netcat's presence is widely regarded as a security issue, and thus not
always available. This solution first tries to use bash builtins and
timeout (from coreutils), so is less likely to require installing
additional packages.
* Darwin UDP support in host resource
* Host: use netcat first if available
Signed-off-by: João Vale <jpvale@gmail.com>
* Fix aws-iam-users pagination
PROBLEM: aws-iam-users resource only retrieves 100 records due to pagination
in the AWS IAM list_users function.
FIX: Iterate over all the pages using the AWS pagination variables `marker`
and `is_truncated`
Signed-off-by: Richard Nixon <richard.nixon@btinternet.com>
* Move instance variable to avoid `NoMethodError`
Methods for `role` and `system` properties are dynamically generated and
return values from the `@virtualization_data` Mash. Therefor, we must
ensure `@virtualization_data` exists before calling these methods.
* Move supports logic to `supports platform: linux`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Initial commit of new resource
* Removes deprecated matcher in example
* Adds a new terraform file for config resources
* Fixes and clarifies documentation
* Wraps calls to api in catch_aws_errors method
* Changes the names of two matchers
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
* package resource: Fix `brew` package detection
This allows for package detection via `brew` to handle cases where a
particular package formula exists but is not installed.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
This adds support for `architectures` to the `packages` resource.
Example:
```
describe packages(/compat-libstdc++-33/) do
its('architectures') { should include 'x86_64' }
its('architectures') { should include 'i686' }
end
```
This also adds documentation for the `packages` resource
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* adding df resource
Signed-off-by: Vern Burton <me@vernburton.com>
* adding unit tests and required mocks for them, created integration test
Signed-off-by: Vern Burton <me@vernburton.com>
* cleaning up skip test to include only the filename and not full path
Signed-off-by: Vern Burton <me@vernburton.com>
* adding docs
Signed-off-by: Vern Burton <me@vernburton.com>
* size makes more sense than space
Signed-off-by: Vern Burton <me@vernburton.com>
* removing unneeded author lines
Signed-off-by: Vern Burton <me@vernburton.com>
* as the command changed, changing mock to the new sha
Signed-off-by: Vern Burton <me@vernburton.com>
* updating to address comments from #2441
* removing author lines
* using attr_reader functions
* using ruby string functions rather than pipe to sed
* adding os family detection
* using ResourceFailed as the pattern already existed for OS family detection
* using if for future case support for unix and unix-like (FreeBSD)
Signed-off-by: Vern Burton <me@vernburton.com>
* adding supports to resource metadata, and adding tests that show that resource says that it is not supported on windows/unix.
Signed-off-by: Vern Burton <me@vernburton.com>
* focusing on linux os family and removing logic for assumed future cases
Signed-off-by: Vern Burton <me@vernburton.com>
* changing df to filesystem
Signed-off-by: Vern Burton <me@vernburton.com>
* service resource: Fix no `.service` + systemd bug
This modifies the `enabled?` check to fallback to `sysv_service` in the
event that a `.service` file cannot be found.
For example: On Debian 8.7 the stock apache2 package does not deploy a
`.service` file but deploys a SysV style service. This causes
`systemctl is-enabled` to fail when the service is in fact enabled.
* Remove `cmd_stderr` and clean up `cmd_exit_1`
* Clean up `stderr` assignment using ternary
This change adds the `docker_service` resource for Docker swarm mode services. This
branches off some of the common elements (id, exists) into a `DockerObject` module along
with a utility function for parsing the image/repo string. That function was implemented
separately by `docker_image` and `docker_container`, now with a third resource, it made
sense to consolidate that into an included module. I used the most comprehensive
implementation. Existing classes had to be slightly modified for the genericization.
Signed-off-by: Matt Kulka <mkulka@parchment.com>
* Fix `grub_conf` menuentry detection
This does the following:
- Corrects Grub2 bug where last entry was always selected
- Adds support for specifying a Grub2 menu entry by name
- Adds support for using `GRUB_DEFAULT=saved` with Grub2
- Adds more Unit tests
* Add error if menuentry name cannot be extracted
* Add handling for missing/unreadable grubenv
* Add defensive code for failed menuentry extraction
* http resource: make header keys case insensitive
HTTP header keys are currently case-sensitive, and the local and remote
workers currently store the keys in different formats due to the
different tools generating them.
This change ensures the ability to fetch headers by key is
case-insensitive and adds a deprecation to inform the user that future
fetches should use all lowercase.
Signed-off-by: Adam Leff <adam@leff.co>
* Remove deprecation treatment
HTTP header keys are case insensitive anyways. There's no reason to make
things harder for our users.
Signed-off-by: Adam Leff <adam@leff.co>
* Fix `nil:NilClass` error for `package` resource
This modifies `.info` to return `{}` in cases where the package manager
cannot be determined. This matches the behavior of `@pkgman.info`.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Change `must_be_empty` to `must_equal({})`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* adding database.xml with attributes to files and mocking it in the helper.rb
Signed-off-by: Vern Burton <me@vernburton.com>
* adding logic to test class returned by XPATH and using functions from respective classes to fill a array for return, and unit and integration tests to ensure functionality
Signed-off-by: Vern Burton <me@vernburton.com>
* updating docs to show how attributes are used
Signed-off-by: Vern Burton <me@vernburton.com>
* 'and' instead of 'or' makes more sense
Signed-off-by: Vern Burton <me@vernburton.com>
* adding default else for capturing unknown classes from REXML
Signed-off-by: Vern Burton <me@vernburton.com>
* removing extra newline
Signed-off-by: Vern Burton <me@vernburton.com>
* adding fail case with enough information to debug in future case
Signed-off-by: Vern Burton <me@vernburton.com>
* adding control statement to add rule in front of string as long as it doesn't already contain rule.
Correcting resource name in firewalld from etc_hosts_deny
adding tests for both branches of the statement created in firewalld
Signed-off-by: Vern Burton <me@vernburton.com>
* moving to unless with a start_with
Signed-off-by: Vern Burton <me@vernburton.com>
* adding documentation that states that it is not needed to add `rule` string
Signed-off-by: Vern Burton <me@vernburton.com>
* adding SQL 2012 SP1 for mssql_session testing
Signed-off-by: Vern Burton <me@vernburton.com>
* updating SHA to match new commands with ports in them
Signed-off-by: Vern Burton <me@vernburton.com>
* adding port, and a default value and moving from skip_resource to resource_fail
Signed-off-by: Vern Burton <me@vernburton.com>
* adding new sha for custom host
Signed-off-by: Vern Burton <me@vernburton.com>
* adding tests for hostname and migrating test that passed port in host to a dedicated port test
Signed-off-by: Vern Burton <me@vernburton.com>
* adding integration test
Signed-off-by: Vern Burton <me@vernburton.com>
* removing services as appveyor does not have integration testing running so it would be a waste of time to enable it
Signed-off-by: Vern Burton <me@vernburton.com>
* mock instance command
Signed-off-by: Vern Burton <me@vernburton.com>
* making instance readable
Signed-off-by: Vern Burton <me@vernburton.com>
* adding instance test
Signed-off-by: Vern Burton <me@vernburton.com>
* moving to ResourceSkipped as ResourceFailed is targeted for a major release
Signed-off-by: Vern Burton <me@vernburton.com>
* Testing train downcase platform names.
* Added NameCleaned tests and fixed some formatting.
* Clean up tests with helper method.
* Update to new gemfile and platform resource.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add platform resource and platform supports.
Signed-off-by: Jared Quick <jquick@chef.io>
* Cache platform and inspec checks and implement inspec_version.
Signed-off-by: Jared Quick <jquick@chef.io>
* Deprecate current inspec support in favor of inspec_version.
Signed-off-by: Jared Quick <jquick@chef.io>
* Update resource/profile skip messages.
Signed-off-by: Jared Quick <jquick@chef.io>
* Update load_resource to use platform instead of os.
Signed-off-by: Jared Quick <jquick@chef.io>
* Update platform example.
Signed-off-by: Jared Quick <jquick@chef.io>
* Update apache_conf test to check for ServerAlias values.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add ServerAlias key and values to mock apache conf which includes
trailing whitespace.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Updated test to reflect all ServerAlias values being put into a single
array item. This is expected as we do not override the key_values
default setting of '1' when passing the raw configuration to
SimpleConfig.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Update the regular expression to include a conditional with positive
lookahead that checks if the line ends with one or more spaces. If the
lookahead succeeds we non-greedily capture, and when it fails we
greedily capture.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add mode method to test the value of Bonding Mode
Signed-off-by: Eammon Hanlon <eammon.hanlon@microsoft.com>
* Add test for bonding mode in bond unit test
Signed-off-by: Eammon Hanlon <eammon.hanlon@microsoft.com>
* Add documentation on mode matcher for bond resource
Signed-off-by: Eammon Hanlon <eammon.hanlon@microsoft.com>
* Update example for 'Test parameters for bond0'
Signed-off-by: Eammon Hanlon <eammon.hanlon@microsoft.com>
* Enhance `package` resource error handling
This does the following:
- Modifies `info` to return an empty hash instead of `nil`
- Adds a failure case if package name is not specified
- Adds a skip case if no package manager can be found
- Changes `skip_resource` to use the `ResourceSkipped` exception
- Raises an error if JSON parsing fails for Windows/MacOS/Darwin
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Make RuboCop happy
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Change missing argument behavior
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Remove unnecessary boolean check
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Constructor unit tests
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Constructor tests pass, all others gutted
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Basic 'where' test in place, no criteria
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Wired up filter table to backend list users
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Unit testing for has_mfa_enabled and has_console_password
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Simple AWS client implementation for Users
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Rework resource parameters and validation; copy in code from #121
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add constructor tests
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add search/recall tests
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Recall unit tests pass
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Failing unit tests for username and has_console_password
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* has_console_password works in unit tests
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* has_mfa_enabled failing unit tests
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* has_mfa_enabled passes unit tests
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Failing unit tests for Access Keys
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* CLean up bad rebase commit
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Access keys property works, as an uncooked AWS response
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* De-linting
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Integration tests work
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Remove provider support libraries
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Integration tests pass for users resource
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* De-lint
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Remove aws connection load from user
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Adapt aws_iam_user to rely on AwsResourceMixin
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* add a emulated /etc/cron.d/crondotd file to the mocking system.
* test that we handle incoming paths correctly by rendering to_s.
* We take in both users and a path, so lets call that destination.
* To make the test pass we'll determine if we are dealing with a path or
a user and return the correct string.
* we will need the ability to determine if we are dealing with a path when either calling the crontab command or reading the file directly, so break that out into a path? method.
* remove author field.
* test contents of our crondotd file.
* we have to explicitly make @destination a String to use include?.
* when we get a path we use inspec.file to get conents, otherwise we run the crontab command.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add documentation for example usage with file path.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Make path? and path_or_user private methods
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add missing username filed to crondotd mock file
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Pass argument as a hash when testing file paths
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Expected results should include usernames when testing file paths
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add special string `@yearly` test to crondotd mock file
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add user to existing cron tests
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Rubocop says I need spaces after/before curly brackets
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add user to crondotd file tests and add @yearly test
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Modify initialize to take options hash and be backwards compatible.
Change initialize default argument to create a hash by default, though
it is still possible to pass in a 'user' string argument.
@user gets set with the argument value unless its a hash, in which case
it tries to set the value of the user key, otherwise it becomes nil.
@file gets set with the value of the path key, unless it doesn't exist
in which case it becomes nil.
All hash keys are symbolized to ensure consistent access.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Check if @path is nil to determine if we run crontab command or parse
file.
path? was removed as we're not overloading a @destination variable
anymore.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* if @user is nil assume current user otherwise crontab for @user
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Change to complete if rather than ternary.
We have three possible cases, current user, other user, or file path.
This accounts for all of them.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add user to the crontab FilterTable
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Remove path? and path_or_user
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Move crontab parsing to two methods, parse_user_crontab and
parse_system_crontab
Because a command in a crontab file could have spaces we must parse user
and system crontabs differently.
When we parse user crontabs the user field will either be nil, or the requested user.
Both user and path parsers handle special strings (@yearly, @weekly,
etc). And also account for position of user in these files (or adds it
in user case)
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Update examples with user: and path:
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add spaces after : in example docs
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Disable rubocop ClassLength check
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Moved rubocop ClassLength metric next to class instead of above the
module.
Remove unnecessary braces.
Add is_system_crontab? and is_user_crontab helper methods and use them.
Add tests to see if error conditions are raised when the resource is
invoked with missing parameters (user, or path), and on a unsupported
os.
Change initialize to group all hash functions together and raise errors
when user and path is unset. Also raise errors on unsupported operating
systems.
Change order of ternary and use is_system_crontab? rather than
@path.nil?
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Update security policy export to use pid instead of random.
Signed-off-by: Jared Quick <jquick@chef.io>
* Update helper for the new train.
Signed-off-by: Jared Quick <jquick@chef.io>
* Standardize requires in unit tests
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Standardize requires in resources
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Move AWS connection hook into non-resource library area
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add an AWS resource mixin, pushing constructor out to it
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Push resource param name recognition into mixin
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Push exists predicate up to mixin
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Rename base.rb to be resource_mixin for clarity
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Separate the backend from its factory, and push it out into a class mixin
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Push BackendFactory up into the resource mixin
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* De-linting
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Remove aws_conn require from LMF and CloudWatch Alarm filters
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Use resource mixin for Cloudwatch Alarm
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Rework LMF to use the resource mixin
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Rubocop.
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Remove SDK load from connection.rb; that happens in aws.rb now
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Mixin should default to allowing empty resource params
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Update LMF to enforce params being required
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
When supplying a docker image that contains a registry with a port number,
such as `localhost:5000/chef/inspec:1.46.3`, the docker_image resource
was unable to locate the image in question due to incorrect parsing
of the repository and tag.
Signed-off-by: Adam Leff <adam@leff.co>
When the JSON resource (and those that subclass off of it) were modified
to properly throw exceptions in the event of failure, this caused the
`params` method to return nil instead of what it used to be, an empty
hash.
This is fine in the case of a describe block, but it's not okay when used
outside of a describe, as it will cause users trying to pluck from the
hash to throw a dreaded-and-unhelpful NilClass error.
This change pre-populates the params to be an empty hash, and if the
read/parse steps fail, it will still be one.
Signed-off-by: Adam Leff <adam@leff.co>
* Add a unique export for security policy resource.
Signed-off-by: Jared Quick <jquick@chef.io>
* Remove skip resource on empty policy file.
Signed-off-by: Jared Quick <jquick@chef.io>
The existing method of adding `-X HEAD` to the curl command does not
work properly and can cause timeouts because curl doesn't properly
close the connection. The correct way is to use curl's own `--head`
flag.
Signed-off-by: Adam Leff <adam@leff.co>
* json resource (et. al.): allow inspec check to succeed when using command
When using the `json` resource (or any of the resources that subclass
JsonConfig), `inspec check` would fail if the content was supplied with
the `command` option. This is because the `command` resource is mocked
and an empty string would be returned for `stdout`. That content would
be blindly passed to the `parse` method would which raise an exception
and cause `inspec check` to fail.
This change refactors JsonConfig to be a bit cleaner and use some helper
methods. Additionally, we use the new Exceptions to properly raise errors
which are naturally caught by Inspec::Profile, etc.
Signed-off-by: Adam Leff <adam@leff.co>
* Make `resource_base_name` method private
Signed-off-by: Adam Leff <adam@leff.co>
* Full docs, first draft; integration tests; started on unit tests
* Integration tests pass
* Docs update
* More consistent syntax in examples
* Alter fetch phase to perform fetch, handle results, and unpack into instance vars, more like other resources
* Docs first draft, integration tests, and constructor unit tests for SNS topic
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Skeleton of SNS topic
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Constructor arg validation works
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Passing unit tests for recall
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Subscription Count property, works
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Subscription, not subscriber
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Integration tests pass; also wildard ARNs are not allowed
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Rubocop changes
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Doc updates per kagarmoe
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
'etc_group' resource stores 'gid' as integer but the 'where' method
compares 'gid' as string.
By this fix, the 'where' method always converts the stored data to string
when comparing. And it can also look for groups without members.
Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
* Bumping train to 0.29
Train 0.29 includes some bug fixes and a refactor of the File classes
Signed-off-by: Adam Leff <adam@leff.co>
* Correct unit test for undefined platform
Train requires that a hash is supplied when mocking an OS. Because
an OS of "unsupported" rather than "undefined" was chosen in a unit
test, a nil was passed to train and it caused a failure.
Signed-off-by: Adam Leff <adam@leff.co>
* Ensure 0.29.1 or later gets picked up, but 0.30 is also acceptable
Signed-off-by: Adam Leff <adam@leff.co>
* Add non-halting exception support to resources
This adds two `Inspec::Exceptions` that can be used within resources to
either skip or fail a test without halting execution.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* mount resource: fix for Device-/Sharenames and Mountpoints including whitespaces
Device-/Sharenames and Mountpoints on Linux may include whitespaces (\040), e.g. /etc/fstab entry like:
```//fileserver.corp.internal/Research\040&\040Development /mnt/Research\040&\040Development cifs OTHER_OPTS```
... results in a mount line like:
```//fileserver.corp.internal/Research & Development on /mnt/Research & Development type cifs (OTHER_OPTS)```
The Linux mount command replaces \040 with whitspace automatically, so this should be tributed.
I used a control like this:
```
describe mount('/mnt/Research & Development') do
it { should be_mounted }
its('device') { should eq '//fileserver.corp.internal/Research & Development' }
end
```
Before:
```
× whitespaces-1: Mount with whitespace within sharename and mountpoint. (1 failed)
✔ Mount /mnt/Research & Development should be mounted
× Mount /mnt/Research & Development device should eq "//fileserver.corp.internal/Research & Development"
expected: "//fileserver.corp.internal/Research & Development"
got: "//fileserver.corp.internal/Research"
(compared using ==)
```
After:
```
✔ whitespaces-01: Mount with whitespace within sharename and mountpoint.
✔ Mount /mnt/Research & Development should be mounted
✔ Mount /mnt/Research & Development device should eq "//fileserver.corp.internal/Research & Development"
```
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* mounts_with_whitespaces: make lint happy
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* mount resource: added parentheses as suggested by https://github.com/chef/inspec/pull/2257/files
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* mount resource: fix for Device-/Sharenames and Mountpoints including whitespaces
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* Rename EC2-instance resources
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Add interim updates
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* testing for issue 82
Signed-off-by: Simon Varlow <simon.varlow@d2l.com>
* completed integration for EC2 roles
Signed-off-by: Simon Varlow <simon.varlow@d2l.com>
* adding in the beginning of the unit test for issue 82
Signed-off-by: Simon Varlow <simon.varlow@d2l.com>
* Fix unit tests
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Add has_roles? examples
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Remove redundant gsub
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* corrected OpenStruct format
Signed-off-by: Simon Varlow <simon.varlow@d2l.com>
* setting up variable for InstanceProfile
Signed-off-by: Simon Varlow <simon.varlow@d2l.com>
* Updated the unit test so all variables are at the top
Signed-off-by: Simon Varlow <simon.varlow@d2l.com>
* Fixed Rubocop issues that were detected
Signed-off-by: Simon Varlow <simon.varlow@d2l.com>
* Updating README.md to include changes to aws_ec2
Signed-off-by: Simon Varlow <simon.varlow@d2l.com>
* Add failing IT for has_roles?
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Add negative IT and fix uncovered issue
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Fix Rubocop issue
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Fix integration test
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Fix Rubocop issues and unit tests
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Pin AWS dependency to '~> 2'
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Initial Commit
Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
* aws_iam_user uses lazy loading
Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
* Disassociates convert call from list_users
Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
* A real-world working AwsIamUsers (#71)
* Add aws_iam_users
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Adding Filter table and Collect User Details to aws_iam_users.rb
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Adding Filter table and Collect User Details to aws_iam_users.rb
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Adding Filter table and Collect User Details to aws_iam_users.rb
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Get an aws_iam_users integration test to pass
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Fix RuboCop issues and tests
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Improving code based on PR feedback
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* AWS IAM Users unit tests work with new lazy loading feature
Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
* Fixes tests
Signed-off-by: aduric <adnan.duric@d2l.com>
* Users should only hold the returned user references, transfering responsibility to each user to fetch any details
Signed-off-by: aduric <adnan.duric@d2l.com>
* Create user details provider class
Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
* Using details provider factory to delegate creation of detail providers, and updates tests
Signed-off-by: aduric <adnan.duric@d2l.com>
* Rubocop fixes
Signed-off-by: aduric <adnan.duric@d2l.com>
* Rename user details provider factory to initializer, and remove unnecessary instance variables
Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
* Added CRAN resource to check R modules
control 'cran-1' do
impact 1.0
desc '
Ensure R module DBI is installed.
'
describe cpan('DBI') do
it { should be_installed }
its('version') { should cmp >= '3.0' }
end
end
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* cran resource: made lint happy, added negative unit test, removed unused arg perl_lib_path
Signed-off-by: Markus Grobelin <grobi@koppzu.de>